Dockerfile: rename user to _gitea instead of git

Merge pull request '[SEMVER] 6.0.8+0-gitea-1.21.8' (#2720 ) from earl-warren/forgejo:wip-v1.21-semver into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2720
2024-03-23 17:43:02 -03:00 · 2024-03-22 08:32:31 +00:00 · 2024-03-22 07:41:50 +00:00 · 2024-03-22 08:00:05 +01:00 · 2024-03-21 17:28:36 +01:00 · 2024-03-21 17:09:50 +01:00
875 changed files with 20727 additions and 5463 deletions
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@ -743,7 +743,7 @@ rules:
  wc/no-constructor-params: [2]
  wc/no-constructor: [2]
  wc/no-customized-built-in-elements: [2]
-  wc/no-exports-with-element: [2]
+  wc/no-exports-with-element: [0]
  wc/no-invalid-element-name: [2]
  wc/no-invalid-extends: [2]
  wc/no-method-prefixed-with-on: [2]
--- a/.forgejo/actions/build-release/action.yml
+++ b/.forgejo/actions/build-release/action.yml
@ -0,0 +1,154 @@
+name: 'Build release'
+author: 'Forgejo authors'
+description: |
+  Build release
+
+inputs:
+  forgejo:
+    description: 'URL of the Forgejo instance where the release is uploaded'
+    required: true
+  owner:
+    description: 'User or organization where the release is uploaded, relative to the Forgejo instance'
+    required: true
+  repository:
+    description: 'Repository where the release is uploaded, relative to the owner'
+    required: true
+  doer:
+    description: 'Name of the user authoring the release'
+    required: true
+  tag-version:
+    description: 'Version of the release derived from the tag withint the leading v'
+    required: true
+  suffix:
+    description: 'Suffix to add to the image tag'
+  token:
+    description: 'token'
+    required: true
+  dockerfile:
+    description: 'path to the dockerfile'
+    default: 'Dockerfile'
+  platforms:
+    description: 'Coma separated list of platforms'
+    default: 'linux/amd64,linux/arm64'
+  release-notes:
+    description: 'Full text of the release notes'
+    default: 'Release notes placeholder'
+  binary-name:
+    description: 'Name of the binary'
+  binary-path:
+    description: 'Path of the binary within the container to extract into binary-name'
+  verbose:
+    description: 'Increase the verbosity level'
+    default: 'false'
+
+runs:
+  using: "composite"
+  steps:
+    - run: echo "${{ github.action_path }}" >> $GITHUB_PATH
+      shell: bash
+
+    - name: Install dependencies
+      run: |
+        apt-get install -y -qq xz-utils
+
+    - name: set -x if verbose is required
+      id: verbose
+      run: |
+        if ${{ inputs.verbose }} ; then
+          echo "shell=set -x" >> "$GITHUB_OUTPUT"
+        fi
+
+    - name: Create the insecure and buildx-config variables for the container registry
+      id: registry
+      run: |
+        ${{ steps.verbose.outputs.shell }}
+        url="${{ inputs.forgejo }}"
+        hostport=${url##http*://}
+        hostport=${hostport%%/}
+        echo "host-port=${hostport}" >> "$GITHUB_OUTPUT"
+        if ! [[ $url =~ ^http:// ]] ; then
+           exit 0
+        fi
+        cat >> "$GITHUB_OUTPUT" <<EOF
+        insecure=true
+        buildx-config<<ENDVAR
+        [registry."${hostport}"]
+          http = true
+        ENDVAR
+        EOF
+
+    - name: Allow docker pull/push to forgejo
+      if: ${{ steps.registry.outputs.insecure }}
+      run: |-
+        mkdir -p /etc/docker
+        cat > /etc/docker/daemon.json <<EOF
+          {
+            "insecure-registries" : ["${{ steps.registry.outputs.host-port }}"],
+            "bip": "172.26.0.1/16"
+          }
+        EOF
+
+    - name: Install docker
+      run: |
+        echo deb http://deb.debian.org/debian bullseye-backports main | tee /etc/apt/sources.list.d/backports.list && apt-get -qq update
+        DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y -t bullseye-backports docker.io
+
+    - uses: https://github.com/docker/setup-buildx-action@v2
+      with:
+        config-inline: |
+         ${{ steps.registry.outputs.buildx-config }}
+
+    - name: Login to the container registry
+      run: |
+        BASE64_AUTH=`echo -n "${{ inputs.doer }}:${{ inputs.token }}" | base64 -w0`
+        mkdir -p ~/.docker
+        echo "{\"auths\": {\"$CI_REGISTRY\": {\"auth\": \"$BASE64_AUTH\"}}}" > ~/.docker/config.json
+      env:
+        CI_REGISTRY: "${{ steps.registry.outputs.host-port }}"
+
+    - name: Build the container image for each architecture
+      uses: https://github.com/docker/build-push-action@v4
+      # workaround until https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba is in @v4 or @v5 is released
+      env:
+        ACTIONS_RUNTIME_TOKEN: ''
+      with:
+        context: .
+        push: true
+        file: ${{ inputs.dockerfile }}
+        platforms: ${{ inputs.platforms }}
+        tags: ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ inputs.tag-version }}${{ inputs.suffix }}
+
+    - name: Extract the binary from the container images into the release directory
+      if: inputs.binary-name != ''
+      run: |
+        ${{ steps.verbose.outputs.shell }}
+        mkdir -p release
+        cd release
+        for platform in $(echo ${{ inputs.platforms }} | tr ',' ' '); do
+          arch=$(echo $platform | sed -e 's|linux/||g' -e 's|arm/v6|arm-6|g')
+          docker create --platform $platform --name forgejo-$arch ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ inputs.tag-version }}${{ inputs.suffix }}
+          binary="${{ inputs.binary-name }}-${{ inputs.tag-version }}-linux"
+          docker cp forgejo-$arch:${{ inputs.binary-path }} $binary-$arch
+          chmod +x $binary-$arch
+          # the displayed version has a + instead of the first -, deal with it
+          pattern=$(echo "${{ inputs.tag-version }}" | tr - .)
+          if ! ./$binary-$arch --version | grep "$pattern" ; then
+            echo "ERROR: expected version pattern $pattern not found in the output of $binary-$arch --version"
+            ./$binary-$arch --version
+            exit 1
+          fi
+          xz --keep -9 $binary-$arch
+          shasum -a 256 $binary-$arch > $binary-$arch.sha256
+          shasum -a 256 $binary-$arch.xz > $binary-$arch.xz.sha256
+          docker rm forgejo-$arch
+        done
+
+    - name: publish release
+      if: inputs.binary-name != ''
+      uses: https://code.forgejo.org/actions/forgejo-release@v1
+      with:
+        direction: upload
+        release-dir: release
+        release-notes: "${{ inputs.release-notes }}"
+        token: ${{ inputs.token }}
+        verbose: ${{ steps.verbose.outputs.value }}
--- a/.forgejo/actions/publish-release/action.yml
+++ b/.forgejo/actions/publish-release/action.yml
@ -0,0 +1,110 @@
+name: 'Publish release'
+author: 'Forgejo authors'
+description: |
+  Publish release
+
+inputs:
+  forgejo:
+    description: 'URL of the Forgejo instance where the release is uploaded (e.g. https://codeberg.org)'
+    required: true
+  from-owner:
+    description: 'the owner from which a release is to be copied (e.g forgejo-integration)'
+    required: true
+  to-owner:
+    description: 'the owner to which a release is to be copied (e.g. forgejo-experimental). It has be an organization in which doer has the required permissions. Or be the same as the doer'
+    required: true
+  repo:
+    description: 'the repository from which a release is to be copied relative to from-owner and to-owner'
+    default: 'forgejo'
+  ref-name:
+    description: 'ref_name of the tag of the release to be copied (e.g. github.ref_name)'
+    required: true
+  doer:
+    description: 'Name of the user authoring the release (e.g. release-team). The user must be authorized to create packages in to-owner and releases in to-owner/repo'
+    required: true
+  token:
+    description: 'application token created on forgejo by the doer, with a scope allowing it to create packages in to-owner and releases in to-owner/repo'
+    required: true
+  gpg-private-key:
+    description: 'GPG Private Key to sign the release artifacts'
+  gpg-passphrase:
+    description: 'Passphrase of the GPG Private Key'
+  verbose:
+    description: 'Increase the verbosity level'
+    default: 'false'
+
+runs:
+  using: "composite"
+  steps:
+    - id: hostport
+      run: |
+         url="${{ inputs.forgejo }}"
+         hostport=${url##http*://}
+         hostport=${hostport%%/}
+         echo "value=$hostport" >> "$GITHUB_OUTPUT"    
+
+    - id: tag-version
+      run: |
+        version="${{ inputs.ref-name }}"
+        version=${version##*v}
+        echo "value=$version" >> "$GITHUB_OUTPUT"
+
+    - name: Create the release notes
+      id: release-notes
+      run: |
+          anchor=${{ steps.tag-version.outputs.value }}
+          anchor=${anchor//./-}
+          cat >> "$GITHUB_OUTPUT" <<EOF
+          value<<ENDVAR
+          See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor
+          ENDVAR
+          EOF
+
+    - name: apt-get install docker.io
+      run: |
+        DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y docker.io
+
+    - name: download release
+      uses: https://code.forgejo.org/actions/forgejo-release@v1
+      with:
+        url: ${{ inputs.forgejo }}
+        repo: ${{ inputs.from-owner }}/${{ inputs.repo }}
+        direction: download
+        release-dir: release
+        download-retry: 60
+        token: ${{ inputs.token }}
+        verbose: ${{ inputs.verbose }}
+
+    - name: upload release
+      uses: https://code.forgejo.org/actions/forgejo-release@v1
+      with:
+        url: ${{ inputs.forgejo }}
+        repo: ${{ inputs.to-owner }}/${{ inputs.repo }}
+        direction: upload
+        release-dir: release
+        release-notes: ${{ steps.release-notes.outputs.value }}
+        token: ${{ inputs.token }}
+        gpg-private-key: ${{ inputs.gpg-private-key }}
+        gpg-passphrase: ${{ inputs.gpg-passphrase }}
+        verbose: ${{ inputs.verbose }}
+
+    - name: login to the registry
+      uses: https://github.com/docker/login-action@v2
+      with:
+          registry: ${{ steps.hostport.outputs.value }}
+          username: ${{ inputs.doer }}
+          password: ${{ inputs.token }}
+
+    - uses: https://code.forgejo.org/forgejo/forgejo-container-image@v1
+      env:
+        VERIFY: 'false'
+      with:
+        url: https://${{ steps.hostport.outputs.value }}
+        destination-owner: ${{ inputs.to-owner }}
+        owner: ${{ inputs.from-owner }}
+        suffixes: '-rootless'
+        project: ${{ inputs.repo }}
+        tag: ${{ steps.tag-version.outputs.value }}
+        doer: ${{ inputs.doer }}
+        token: ${{ inputs.token }}
+        verbose: ${{ inputs.verbose }}
--- a/.forgejo/testdata/build-release/Dockerfile
+++ b/.forgejo/testdata/build-release/Dockerfile
@ -0,0 +1,3 @@
+FROM public.ecr.aws/docker/library/alpine:3.18
+RUN mkdir -p /app/gitea
+RUN ( echo '#!/bin/sh' ; echo "echo forgejo v1.2.3" ) > /app/gitea/gitea ; chmod +x /app/gitea/gitea
--- a/.forgejo/testdata/build-release/Makefile
+++ b/.forgejo/testdata/build-release/Makefile
@ -0,0 +1,5 @@
+VERSION ?= $(shell cat VERSION 2>/dev/null)
+sources-tarbal:
+	mkdir -p dist/release
+	echo $(VERSION) > VERSION
+	sources=forgejo-src-$(VERSION).tar.gz ; tar --transform 's|^./|forgejo-src-$(VERSION)/|' -czf dist/release/forgejo-src-$(VERSION).tar.gz . ; cd dist/release ; shasum -a 256 $$sources > $$sources.sha256
--- a/.forgejo/testdata/build-release/modules/public/bindata.go
+++ b/.forgejo/testdata/build-release/modules/public/bindata.go
--- a/.forgejo/testdata/build-release/public/assets/css/placeholder
+++ b/.forgejo/testdata/build-release/public/assets/css/placeholder
--- a/.forgejo/testdata/build-release/public/assets/fonts/placeholder
+++ b/.forgejo/testdata/build-release/public/assets/fonts/placeholder
--- a/.forgejo/testdata/build-release/public/assets/js/placeholder
+++ b/.forgejo/testdata/build-release/public/assets/js/placeholder
--- a/.forgejo/upgrades/default-app.ini
+++ b/.forgejo/upgrades/default-app.ini
@ -0,0 +1,30 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/data
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+PATH = ${WORK_PATH}/forgejo.db
+
+[log]
+MODE = file
+LEVEL = trace
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[actions]
+ENABLED = true
--- a/.forgejo/upgrades/fixtures.sh
+++ b/.forgejo/upgrades/fixtures.sh
@ -0,0 +1,187 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+
+#ONEPIXEL="iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mP8z8BQDwAEhQGAhKmMIQAAAABJRU5ErkJggg=="
+#
+# one pixel scaled to 290x290 because that's what versions lower or equal to v1.19.4-0 want
+# by default and any other size will be transformed which make it difficult to compare.
+#
+ONEPIXEL="iVBORw0KGgoAAAANSUhEUgAAASIAAAEiCAYAAABdvt+2AAADrElEQVR4nOzUMRHAMADEsL9eeQd6AsOLhMCT/7udAYS+OgDAiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDuBQAA//+4jAPFe1H1tgAAAABJRU5ErkJggg=="
+
+function fixture_get_paths_s3() {
+    local path=$1
+
+    (
+        echo -n $path/
+        mc ls --quiet --recursive testS3/$path | sed -e 's/.* //'
+    ) > $DIR/path
+}
+
+function fixture_get_paths_local() {
+    local path=$1
+    local work_path=$DIR/forgejo-work-path
+
+    ( cd $work_path ; find $path -type f) > $DIR/path
+}
+
+function fixture_get_one_path() {
+    local storage=$1
+    local path=$2
+
+    fixture_get_paths_$storage $path
+
+    if test $(wc -l < $DIR/path) != 1 ; then
+        echo expected one path but got
+        cat $DIR/path
+        return 1
+    fi
+    cat $DIR/path
+}
+
+function fixture_repo_archive_create() {
+    retry curl -f -sS http://${HOST_PORT}/root/fixture/archive/main.zip -o /dev/null
+}
+
+function fixture_repo_archive_assert_s3() {
+    mc ls --recursive testS3/forgejo/repo-archive | grep --quiet '.zip$'
+}
+
+function fixture_repo_archive_assert_local() {
+    local path=$1
+    local work_path=$DIR/forgejo-work-path
+
+    find $work_path/$path | grep --quiet '.zip$'
+}
+
+function fixture_lfs_create() {
+    (
+        cd $DIR/fixture
+        git lfs track "*.txt"
+        echo CONTENT > file.txt
+        git add .
+        git commit -m 'lfs files'
+        git push
+    )
+}
+
+function fixture_lfs_assert_s3() {
+    local content=$(mc cat testS3/forgejo/lfs/d6/1e/5fa787e50330288923bd0c9866b44643925965144262288447cf52f9f9b7)
+    test "$content" = CONTENT
+}
+
+function fixture_lfs_assert_local() {
+    local path=$1
+    local work_path=$DIR/forgejo-work-path
+
+    local content=$(mc cat $work_path/$path/d6/1e/5fa787e50330288923bd0c9866b44643925965144262288447cf52f9f9b7)
+    test "$content" = CONTENT
+}
+
+function fixture_packages_create() {
+    echo PACKAGE_CONTENT > $DIR/fixture/package
+    $work_path/forgejo-api -X DELETE http://${HOST_PORT}/api/packages/${FORGEJO_USER}/generic/test_package/1.0.0/file.txt || true
+    $work_path/forgejo-api --upload-file $DIR/fixture/package http://${HOST_PORT}/api/packages/${FORGEJO_USER}/generic/test_package/1.0.0/file.txt
+}
+
+function fixture_packages_assert_s3() {
+    local content=$(mc cat testS3/forgejo/packages/aa/cf/aacf02e660d813e95d2854e27926ba1ad5c87299dc5f7661d5f08f076c6bbc17)
+    test "$content" = PACKAGE_CONTENT
+}
+
+function fixture_packages_assert_local() {
+    local path=$1
+
+    local content=$(cat $work_path/$path/aa/cf/aacf02e660d813e95d2854e27926ba1ad5c87299dc5f7661d5f08f076c6bbc17)
+    test "$content" = PACKAGE_CONTENT
+}
+
+function fixture_avatars_create() {
+    echo -n $ONEPIXEL | base64 --decode > $DIR/avatar.png
+    $work_path/forgejo-client --form avatar=@$DIR/avatar.png http://${HOST_PORT}/user/settings/avatar
+}
+
+function fixture_avatars_assert_s3() {
+    local filename=$(fixture_get_one_path s3 forgejo/avatars)
+    local content=$(mc cat testS3/$filename | base64 -w0)
+    test "$content" = "$ONEPIXEL"
+}
+
+function fixture_avatars_assert_local() {
+    local path=$1
+
+    local filename=$(fixture_get_one_path local $path)
+    local content=$(cat $work_path/$filename | base64 -w0)
+    test "$content" = "$ONEPIXEL"
+}
+
+function fixture_repo_avatars_create() {
+    echo -n $ONEPIXEL | base64 --decode > $DIR/repo-avatar.png
+    $work_path/forgejo-client --form avatar=@$DIR/repo-avatar.png http://${HOST_PORT}/${FORGEJO_USER}/${FORGEJO_REPO}/settings/avatar
+    # v1.21 only
+    #$work_path/forgejo-api -X POST --data-raw '{"body":"'$avatar'"}' http://${HOST_PORT}/api/v1/repos/${FORGEJO_USER}/${FORGEJO_REPO}/avatar
+}
+
+function fixture_repo_avatars_assert_s3() {
+    local filename=$(fixture_get_one_path s3 forgejo/repo-avatars)
+    local content=$(mc cat testS3/$filename | base64 -w0)
+    test "$content" = "$ONEPIXEL"
+}
+
+function fixture_repo_avatars_assert_local() {
+    local path=$1
+
+    local filename=$(fixture_get_one_path local $path)
+    local content=$(cat $work_path/$filename | base64 -w0)
+    test "$content" = "$ONEPIXEL"
+}
+
+function fixture_attachments_create_1_18() {
+    echo -n $ONEPIXEL | base64 --decode > $DIR/attachment.png
+    $work_path/forgejo-client --trace-ascii - --form file=@$DIR/attachment.png http://${HOST_PORT}/${FORGEJO_USER}/${FORGEJO_REPO}/issues/attachments
+}
+
+function fixture_attachments_create() {
+    if $work_path/forgejo-api http://${HOST_PORT}/api/v1/version | grep --quiet --fixed-strings 1.18. ; then
+        fixture_attachments_create_1_18
+        return
+    fi
+    id=$($work_path/forgejo-api --data-raw '{"title":"TITLE"}' http://${HOST_PORT}/api/v1/repos/${FORGEJO_USER}/${FORGEJO_REPO}/issues | jq .id)
+    echo -n $ONEPIXEL | base64 --decode > $DIR/attachment.png
+    $work_path/forgejo-client -H @$DIR/forgejo-work-path/forgejo-header --form name=attachment.png --form attachment=@$DIR/attachment.png http://${HOST_PORT}/api/v1/repos/${FORGEJO_USER}/${FORGEJO_REPO}/issues/$id/assets
+}
+
+function fixture_attachments_assert_s3() {
+    local filename=$(fixture_get_one_path s3 forgejo/attachments)
+    local content=$(mc cat testS3/$filename | base64 -w0)
+    test "$content" = "$ONEPIXEL"
+}
+
+function fixture_attachments_assert_local() {
+    local path=$1
+
+    local filename=$(fixture_get_one_path local $path)
+    local content=$(cat $work_path/$filename | base64 -w0)
+    test "$content" = "$ONEPIXEL"
+}
+
+function fixture_create() {
+    local work_path=$DIR/forgejo-work-path
+
+    rm -fr $DIR/fixture
+    mkdir -p $DIR/fixture
+    (
+        cd $DIR/fixture
+        git init
+        git checkout -b main
+        git remote add origin http://${FORGEJO_USER}:${FORGEJO_PASSWORD}@${HOST_PORT}/${FORGEJO_USER}/${FORGEJO_REPO}
+        git config user.email root@example.com
+        git config user.name username
+        echo SOMETHING > README
+        git add README
+        git commit -m 'initial commit'
+        git push --set-upstream --force origin main
+    )
+    for fun in ${STORAGE_FUN} ; do
+        fixture_${fun}_create
+    done
+}
--- a/.forgejo/upgrades/legagy-relative-app.ini
+++ b/.forgejo/upgrades/legagy-relative-app.ini
@ -0,0 +1,32 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/data
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+LFS_CONTENT_PATH = relative-lfs
+
+[database]
+DB_TYPE = sqlite3
+PATH = ${WORK_PATH}/forgejo.db
+
+[log]
+MODE = file
+LEVEL = debug
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[picture]
+AVATAR_UPLOAD_PATH = relative-avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = relative-repo-avatars
--- a/.forgejo/upgrades/merged-app.ini
+++ b/.forgejo/upgrades/merged-app.ini
@ -0,0 +1,32 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/data
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+
+[log]
+MODE = file
+LEVEL = debug
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[actions]
+ENABLED = true
+
+[storage]
+PATH = ${WORK_PATH}/merged
--- a/.forgejo/upgrades/misplace-app.ini
+++ b/.forgejo/upgrades/misplace-app.ini
@ -0,0 +1,59 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/elsewhere
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+
+[log]
+MODE = file
+LEVEL = debug
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[actions]
+ENABLED = true
+
+[attachment]
+
+[storage.attachments]
+PATH = ${WORK_PATH}/data/attachments
+
+[lfs]
+
+[storage.lfs]
+PATH = ${WORK_PATH}/data/lfs
+
+[avatar]
+
+[storage.avatars]
+PATH = ${WORK_PATH}/data/avatars
+
+[repo-avatar]
+
+[storage.repo-avatars]
+PATH = ${WORK_PATH}/data/repo-avatars
+
+[repo-archive]
+
+[storage.repo-archive]
+PATH = ${WORK_PATH}/data/repo-archive
+
+[packages]
+
+[storage.packages]
+PATH = ${WORK_PATH}/data/packages
--- a/.forgejo/upgrades/misplace-s3-app.ini
+++ b/.forgejo/upgrades/misplace-s3-app.ini
@ -0,0 +1,89 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/elsewhere
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+
+[log]
+MODE = file
+LEVEL = debug
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[actions]
+ENABLED = true
+
+[attachment]
+STORAGE_TYPE = minio
+SERVE_DIRECT = false
+MINIO_ENDPOINT = 127.0.0.1:9000
+MINIO_ACCESS_KEY_ID = 123456
+MINIO_SECRET_ACCESS_KEY = 12345678
+MINIO_BUCKET = forgejo
+MINIO_LOCATION = us-east-1
+MINIO_USE_SSL = false
+
+[lfs]
+STORAGE_TYPE = minio
+SERVE_DIRECT = false
+MINIO_ENDPOINT = 127.0.0.1:9000
+MINIO_ACCESS_KEY_ID = 123456
+MINIO_SECRET_ACCESS_KEY = 12345678
+MINIO_BUCKET = forgejo
+MINIO_LOCATION = us-east-1
+MINIO_USE_SSL = false
+
+[repo-avatar]
+STORAGE_TYPE = minio
+SERVE_DIRECT = false
+MINIO_ENDPOINT = 127.0.0.1:9000
+MINIO_ACCESS_KEY_ID = 123456
+MINIO_SECRET_ACCESS_KEY = 12345678
+MINIO_BUCKET = forgejo
+MINIO_LOCATION = us-east-1
+MINIO_USE_SSL = false
+
+[avatar]
+STORAGE_TYPE = minio
+SERVE_DIRECT = false
+MINIO_ENDPOINT = 127.0.0.1:9000
+MINIO_ACCESS_KEY_ID = 123456
+MINIO_SECRET_ACCESS_KEY = 12345678
+MINIO_BUCKET = forgejo
+MINIO_LOCATION = us-east-1
+MINIO_USE_SSL = false
+
+[repo-archive]
+STORAGE_TYPE = minio
+SERVE_DIRECT = false
+MINIO_ENDPOINT = 127.0.0.1:9000
+MINIO_ACCESS_KEY_ID = 123456
+MINIO_SECRET_ACCESS_KEY = 12345678
+MINIO_BUCKET = forgejo
+MINIO_LOCATION = us-east-1
+MINIO_USE_SSL = false
+
+[packages]
+STORAGE_TYPE = minio
+SERVE_DIRECT = false
+MINIO_ENDPOINT = 127.0.0.1:9000
+MINIO_ACCESS_KEY_ID = 123456
+MINIO_SECRET_ACCESS_KEY = 12345678
+MINIO_BUCKET = forgejo
+MINIO_LOCATION = us-east-1
+MINIO_USE_SSL = false
--- a/.forgejo/upgrades/relative-app.ini
+++ b/.forgejo/upgrades/relative-app.ini
@ -0,0 +1,44 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/data
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+
+[log]
+MODE = file
+LEVEL = debug
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[attachment]
+PATH = relative-attachments
+
+[lfs]
+PATH = relative-lfs
+
+[avatar]
+PATH = relative-avatars
+
+[repo-avatar]
+PATH = relative-repo-avatars
+
+[repo-archive]
+PATH = relative-repo-archive
+
+[packages]
+PATH = relative-packages
--- a/.forgejo/upgrades/specific-app.ini
+++ b/.forgejo/upgrades/specific-app.ini
@ -0,0 +1,47 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/elsewhere
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+
+[log]
+MODE = file
+LEVEL = debug
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[actions]
+ENABLED = true
+
+[attachment]
+PATH = ${WORK_PATH}/data/attachments
+
+[lfs]
+PATH = ${WORK_PATH}/data/lfs
+
+[avatar]
+PATH = ${WORK_PATH}/data/avatars
+
+[repo-avatar]
+PATH = ${WORK_PATH}/data/repo-avatars
+
+[repo-archive]
+PATH = ${WORK_PATH}/data/repo-archive
+
+[packages]
+PATH = ${WORK_PATH}/data/packages
--- a/.forgejo/upgrades/stable-s3-app.ini
+++ b/.forgejo/upgrades/stable-s3-app.ini
@ -0,0 +1,39 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/elsewhere
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+
+[log]
+MODE = file
+LEVEL = debug
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[actions]
+ENABLED = true
+
+[storage]
+STORAGE_TYPE = minio
+SERVE_DIRECT = false
+MINIO_ENDPOINT = 127.0.0.1:9000
+MINIO_ACCESS_KEY_ID = 123456
+MINIO_SECRET_ACCESS_KEY = 12345678
+MINIO_BUCKET = forgejo
+MINIO_LOCATION = us-east-1
+MINIO_USE_SSL = false
--- a/.forgejo/upgrades/storage-relative-app.ini
+++ b/.forgejo/upgrades/storage-relative-app.ini
@ -0,0 +1,44 @@
+RUN_MODE = prod
+WORK_PATH = ${WORK_PATH}
+
+[server]
+APP_DATA_PATH = ${WORK_PATH}/data
+HTTP_PORT = 3000
+SSH_LISTEN_PORT = 2222
+LFS_START_SERVER = true
+
+[database]
+DB_TYPE = sqlite3
+
+[log]
+MODE = file
+LEVEL = debug
+ROUTER = file
+
+[log.file]
+FILE_NAME = forgejo.log
+
+[security]
+INSTALL_LOCK = true
+
+[repository]
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[storage.attachments]
+PATH = relative-attachments
+
+[storage.lfs]
+PATH = relative-lfs
+
+[storage.avatars]
+PATH = relative-avatars
+
+[storage.repo-avatars]
+PATH = relative-repo-avatars
+
+[storage.repo-archive]
+PATH = relative-repo-archive
+
+[storage.packages]
+PATH = relative-packages
--- a/.forgejo/upgrades/test-upgrade.sh
+++ b/.forgejo/upgrades/test-upgrade.sh
@ -0,0 +1,629 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+
+#
+# Debug loop from the source tree:
+#
+# ./.forgejo/upgrades/test-upgrade.sh dependencies
+# ./.forgejo/upgrades/test-upgrade.sh build_all
+# VERBOSE=true ./.forgejo/upgrades/test-upgrade.sh test_downgrade_1.20.2_fails
+#
+# Everything happens in /tmp/forgejo-upgrades
+#
+
+PREFIX===============
+HOST_PORT=0.0.0.0:3000
+STORAGE_PATHS="attachments avatars lfs packages repo-archive repo-avatars"
+STORAGE_FUN="attachments avatars lfs packages repo_archive repo_avatars"
+DIR=/tmp/forgejo-upgrades
+if ${VERBOSE:-false} ; then
+    set -ex
+    PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}:  '
+else
+    set -e
+fi
+SELF_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+: ${FORGEJO_USER:=root}
+: ${FORGEJO_REPO:=fixture}
+: ${FORGEJO_PASSWORD:=admin1234}
+
+source $SELF_DIR/fixtures.sh
+
+function maybe_sudo() {
+    if test $(id -u) != 0 ; then
+        SUDO=sudo
+    fi
+}
+
+function log_info() {
+    echo "$PREFIX $@"
+}
+
+function dependencies() {
+    maybe_sudo
+    if ! which curl daemon jq git-lfs > /dev/null ; then
+        $SUDO apt-get install -y -qq curl daemon git-lfs jq sqlite3
+    fi
+
+    if ! test -f /usr/local/bin/mc || ! test -f /usr/local/bin/minio  > /dev/null ; then
+        $SUDO curl --fail -sS https://dl.min.io/client/mc/release/linux-amd64/mc -o /usr/local/bin/mc
+        $SUDO curl --fail -sS https://dl.min.io/server/minio/release/linux-amd64/minio -o /usr/local/bin/minio
+    fi
+    if ! test -x /usr/local/bin/mc || ! test -x /usr/local/bin/minio  > /dev/null ; then
+        $SUDO chmod +x /usr/local/bin/mc
+        $SUDO chmod +x /usr/local/bin/minio
+    fi
+
+    if ! test -f /usr/local/bin/garage > /dev/null ; then
+        $SUDO curl --fail -sS https://garagehq.deuxfleurs.fr/_releases/v0.8.2/x86_64-unknown-linux-musl/garage -o /usr/local/bin/garage
+    fi
+    if ! test -x /usr/local/bin/garage  > /dev/null ; then
+        $SUDO chmod +x /usr/local/bin/garage
+    fi
+}
+
+function build() {
+    local version=$1
+    local semver=$2
+
+    if ! test -f $DIR/forgejo-$version ; then
+        mkdir -p $DIR
+        make VERSION=v$version GITEA_VERSION=v$version FORGEJO_VERSION=$semver TAGS='bindata sqlite sqlite_unlock_notify' generate gitea
+        mv gitea $DIR/forgejo-$version
+    fi
+}
+
+function build_all() {
+    test -f Makefile
+    build 1.21.0-0 6.0.0+0-gitea-1.21.0
+}
+
+function retry() {
+    rm -f $DIR/wait-for.out
+    success=false
+    for delay in 1 1 5 5 15 ; do
+        if "$@" >> $DIR/wait-for.out 2>&1 ; then
+            success=true
+            break
+        fi
+        cat $DIR/wait-for.out
+        echo waiting $delay
+        sleep $delay
+    done
+    if test $success = false ; then
+        cat $DIR/wait-for.out
+        return 1
+    fi
+}
+
+function download() {
+    local version=$1
+
+    if ! test -f $DIR/forgejo-$version ; then
+        mkdir -p $DIR
+	for owner in forgejo forgejo-experimental forgejo-integration ; do
+            if wget -O $DIR/forgejo-$version --quiet https://codeberg.org/$owner/forgejo/releases/download/v$version/forgejo-$version-linux-amd64 ; then
+		break
+	    fi
+	done
+        chmod +x $DIR/forgejo-$version
+    fi
+}
+
+function cleanup_logs() {
+    local work_path=$DIR/forgejo-work-path
+
+    rm -f $DIR/*.log
+    rm -f $work_path/log/*.log
+}
+
+function clobber() {
+    rm -fr /tmp/forgejo-upgrades
+}
+
+function start_forgejo() {
+    local version=$1
+
+    download $version
+    local work_path=$DIR/forgejo-work-path
+    daemon --chdir=$DIR --unsafe --env="TERM=$TERM" --env="HOME=$HOME" --env="PATH=$PATH" --pidfile=$DIR/forgejo-pid --errlog=$DIR/forgejo-err.log --output=$DIR/forgejo-out.log -- $DIR/forgejo-$version --config $work_path/app.ini --work-path $work_path
+    if ! retry grep 'Starting server on' $work_path/log/forgejo.log ; then
+        cat $DIR/*.log
+        cat $work_path/log/*.log
+        return 1
+    fi
+    create_user $version
+}
+
+function start_minio() {
+    mkdir -p $DIR/minio
+    daemon --chdir=$DIR --unsafe \
+           --env="PATH=$PATH" \
+           --env=MINIO_ROOT_USER=123456 \
+           --env=MINIO_ROOT_PASSWORD=12345678 \
+           --env=MINIO_VOLUMES=$DIR/minio \
+           --pidfile=$DIR/minio-pid --errlog=$DIR/minio-err.log --output=$DIR/minio-out.log -- /usr/local/bin/minio server
+    retry mc alias set testS3 http://127.0.0.1:9000 123456 12345678
+}
+
+function start_garage() {
+    mkdir -p $DIR/garage/{data,meta}
+    cat > $DIR/garage/garage.toml <<EOF
+metadata_dir = "$DIR/garage/meta"
+data_dir = "$DIR/garage/data"
+db_engine = "lmdb"
+
+replication_mode = "none"
+
+rpc_bind_addr = "127.0.0.1:3901"
+rpc_public_addr = "127.0.0.1:3901"
+rpc_secret = "$(openssl rand -hex 32)"
+
+[s3_api]
+s3_region = "us-east-1"
+api_bind_addr = "127.0.0.1:9000"
+root_domain = ".s3.garage.localhost"
+
+[s3_web]
+bind_addr = "127.0.0.1:3902"
+root_domain = ".web.garage.localhost"
+index = "index.html"
+
+[k2v_api]
+api_bind_addr = "127.0.0.1:3904"
+
+[admin]
+api_bind_addr = "127.0.0.1:3903"
+admin_token = "$(openssl rand -base64 32)"
+EOF
+
+    daemon --chdir=$DIR --unsafe \
+           --env="PATH=$PATH" \
+           --env=RUST_LOG=garage_api=debug \
+           --pidfile=$DIR/garage-pid --errlog=$DIR/garage-err.log --output=$DIR/garage-out.log -- /usr/local/bin/garage -c $DIR/garage/garage.toml server
+
+    retry garage -c $DIR/garage/garage.toml status
+    garage -c $DIR/garage/garage.toml layout assign -z dc1 -c 1 $(garage -c $DIR/garage/garage.toml status | tail -1 | grep -o '[0-9a-z]*' | head -1)
+    ver=$(garage -c $DIR/garage/garage.toml layout show | grep -oP '(?<=Current cluster layout version: )\d+')
+    garage -c $DIR/garage/garage.toml layout apply --version $((ver+1))
+    garage -c $DIR/garage/garage.toml key info test || garage -c $DIR/garage/garage.toml key import -n test 123456 12345678
+    garage -c $DIR/garage/garage.toml key allow --create-bucket test
+    retry mc alias set testS3 http://127.0.0.1:9000 123456 12345678
+}
+
+function start_s3() {
+    local s3_backend=$1
+
+    start_$s3_backend
+}
+
+function start() {
+    local version=$1
+    local s3_backend=${2:-minio}
+
+    start_s3 $s3_backend
+    start_forgejo $version
+}
+
+function create_user() {
+    local version=$1
+
+    local work_path=$DIR/forgejo-work-path
+
+    if test -f $work_path/forgejo-token; then
+        return
+    fi
+
+    local cli="$DIR/forgejo-$version --config $work_path/app.ini --work-path $work_path"
+    $cli admin user create --admin --username "$FORGEJO_USER" --password "$FORGEJO_PASSWORD" --email "$FORGEJO_USER@example.com"
+    local scopes="--scopes all"
+    if echo $version | grep --quiet 1.18. ; then
+        scopes=""
+    fi
+
+    #
+    # forgejo-cli is to use with api/v1 enpoints
+    #
+    # tail -1 is because there are logs creating noise in the output in v1.19.4-0
+    #
+    $cli admin user generate-access-token -u $FORGEJO_USER --raw $scopes | tail -1 > $work_path/forgejo-token
+    ( echo -n 'Authorization: token ' ; cat $work_path/forgejo-token ) > $work_path/forgejo-header
+    ( echo "#!/bin/sh" ; echo 'curl -f -sS -H "Content-Type: application/json" -H @'$work_path/forgejo-header' "$@"' ) > $work_path/forgejo-api && chmod +x $work_path/forgejo-api
+    $work_path/forgejo-api http://${HOST_PORT}/api/v1/version
+
+    #
+    # forgejo-client is to use with web endpoints
+    #
+    #
+    # login and obtain a CSRF, all stored in the cookie file
+    #
+    ( echo "#!/bin/sh" ; echo 'curl --cookie-jar '$DIR/cookies' --cookie '$DIR/cookies' -f -sS "$@"' ) > $work_path/forgejo-client-update-cookies && chmod +x $work_path/forgejo-client-update-cookies
+    $work_path/forgejo-client-update-cookies http://${HOST_PORT}/user/login -o /dev/null
+    $work_path/forgejo-client-update-cookies --verbose -X POST --data user_name=${FORGEJO_USER} --data password=${FORGEJO_PASSWORD} http://${HOST_PORT}/user/login >& $DIR/login.html
+    $work_path/forgejo-client-update-cookies http://${HOST_PORT}/user/login -o /dev/null
+    local csrf=$(sed -n -e '/csrf/s/.*csrf\t//p' $DIR/cookies)
+    #
+    # use the cookie file but do not modify it
+    #
+    ( echo "#!/bin/sh" ; echo 'curl --cookie '$DIR/cookies' -H "X-Csrf-Token: '$csrf'" -f -sS "$@"' ) > $work_path/forgejo-client && chmod +x $work_path/forgejo-client
+}
+
+function stop_daemon() {
+    local daemon=$1
+
+    if test -f $DIR/$daemon-pid ; then
+        local pid=$(cat $DIR/$daemon-pid)
+        kill -TERM $pid
+        pidwait $pid || true
+        for delay in 1 1 2 2 5 5 ; do
+            if ! test -f $DIR/$daemon-pid ; then
+                break
+            fi
+            sleep $delay
+        done
+        ! test -f $DIR/$daemon-pid
+    fi
+}
+
+function stop() {
+    stop_daemon forgejo
+    stop_daemon minio
+    stop_daemon garage
+
+    cleanup_logs
+}
+
+function reset_forgejo() {
+    local config=$1
+    local work_path=$DIR/forgejo-work-path
+    rm -fr $work_path
+    mkdir -p $work_path
+    WORK_PATH=$work_path envsubst < $SELF_DIR/$config-app.ini > $work_path/app.ini
+}
+
+function reset_minio() {
+    rm -fr $DIR/minio
+}
+
+function reset_garage() {
+    rm -fr $DIR/garage
+}
+
+function reset() {
+    local config=$1
+    reset_forgejo $config
+    reset_minio
+    reset_garage
+}
+
+function verify_storage() {
+    local work_path=$DIR/forgejo-work-path
+
+    for path in ${STORAGE_PATHS} ; do
+        test -d $work_path/data/$path
+    done
+}
+
+function cleanup_storage() {
+    local work_path=$DIR/forgejo-work-path
+
+    for path in ${STORAGE_PATHS} ; do
+        rm -fr $work_path/data/$path
+    done
+}
+
+function test_downgrade_1.20.2_fails() {
+    local work_path=$DIR/forgejo-work-path
+
+    log_info "See also https://codeberg.org/forgejo/forgejo/pulls/1225"
+
+    log_info "downgrading from 1.20.3-0 to 1.20.2-0 fails"
+    stop
+    reset default
+    start 1.20.3-0
+    stop
+    download 1.20.2-0
+    timeout 60 $DIR/forgejo-1.20.2-0 --config $work_path/app.ini --work-path $work_path || true
+    if ! grep --fixed-strings --quiet 'use the newer database' $work_path/log/forgejo.log ; then
+        cat $work_path/log/forgejo.log
+        return 1
+    fi
+}
+
+function test_bug_storage_merged() {
+    local work_path=$DIR/forgejo-work-path
+
+    log_info "See also https://codeberg.org/forgejo/forgejo/pulls/1225"
+
+    log_info "using < 1.20.3-0 and [storage].PATH merge all storage"
+    for version in 1.18.5-0 1.19.4-0 1.20.2-0 ; do
+        stop
+        reset merged
+        start $version
+        for path in ${STORAGE_PATHS} ; do
+            ! test -d $work_path/data/$path
+        done
+        for path in ${STORAGE_PATHS} ; do
+            ! test -d $work_path/merged/$path
+        done
+        test -d $work_path/merged
+    done
+    stop
+
+    log_info "upgrading from 1.20.2-0 with [storage].PATH fails"
+    download 1.20.3-0
+    timeout 60 $DIR/forgejo-1.20.3-0 --config $work_path/app.ini --work-path $work_path || true
+    if ! grep --fixed-strings --quiet '[storage].PATH is set and may create storage issues' $work_path/log/forgejo.log ; then
+        cat $work_path/log/forgejo.log
+        return 1
+    fi
+}
+
+function test_bug_storage_relative_path() {
+    local work_path=$DIR/forgejo-work-path
+
+    log_info "using < 1.20.3-0 legacy [server].XXXX and [picture].XXXX are relative to WORK_PATH"
+    for version in 1.18.5-0 1.19.4-0 1.20.2-0 ; do
+        stop
+        reset legagy-relative
+        start $version
+        test -d $work_path/relative-lfs
+        test -d $work_path/relative-avatars
+        test -d $work_path/relative-repo-avatars
+    done
+
+    log_info "using >= 1.20.3-0 legacy [server].XXXX and [picture].XXXX are relative to APP_DATA_PATH"
+    for version in 1.20.3-0 1.21.0-0 ; do
+        stop
+        reset legagy-relative
+        start $version
+        test -d $work_path/data/relative-lfs
+        test -d $work_path/data/relative-avatars
+        test -d $work_path/data/relative-repo-avatars
+    done
+
+    log_info "using >= 1.20.3-0 relative [storage.XXXX].PATHS are relative to APP_DATA_PATH"
+    for version in 1.20.3-0 1.21.0-0 ; do
+        stop
+        reset storage-relative
+        start $version
+        for path in ${STORAGE_PATHS} ; do
+            test -d $work_path/data/relative-$path
+        done
+    done
+
+    log_info "using 1.20.[12]-0 relative [storage.XXXX].PATHS are inconsistent"
+    for version in 1.20.2-0 ; do
+        stop
+        reset storage-relative
+        start $version
+        test -d $work_path/data/packages
+        test -d $work_path/relative-repo-archive
+        test -d $work_path/relative-attachments
+        test -d $work_path/relative-lfs
+        test -d $work_path/data/avatars
+        test -d $work_path/data/repo-avatars
+    done
+
+    log_info "using < 1.20 relative [storage.XXXX].PATHS are inconsistent"
+    for version in 1.18.5-0 1.19.4-0 ; do
+        stop
+        reset storage-relative
+        start $version
+        test -d $work_path/relative-packages
+        test -d $work_path/relative-repo-archive
+        test -d $work_path/relative-attachments
+        test -d $work_path/data/lfs
+        test -d $work_path/data/avatars
+        test -d $work_path/data/repo-avatars
+    done
+
+    log_info "using < 1.20.3-0 relative [XXXX].PATHS are relative to WORK_PATH"
+    for version in 1.18.5-0 1.19.4-0 1.20.2-0 ; do
+        stop
+        reset relative
+        start $version
+        for path in ${STORAGE_PATHS} ; do
+            test -d $work_path/relative-$path
+        done
+    done
+
+    log_info "using >= 1.20.3-0 relative [XXXX].PATHS are relative to APP_DATA_PATH"
+    for version in 1.20.3-0 1.21.0-0 ; do
+        stop
+        reset relative
+        start $version
+        for path in ${STORAGE_PATHS} ; do
+            test -d $work_path/data/relative-$path
+        done
+    done
+
+    stop
+}
+
+function test_bug_storage_s3_misplace() {
+    local work_path=$DIR/forgejo-work-path
+    local s3_backend=${2:-minio}
+
+    log_info "See also https://codeberg.org/forgejo/forgejo/issues/1338"
+
+    for version in 1.20.2-0 1.20.3-0 ; do
+        log_info "Forgejo $version & $s3_backend"
+        stop
+        reset misplace-s3
+        start $version $s3_backend
+        fixture_create
+        for fun in ${STORAGE_FUN} ; do
+            fixture_${fun}_assert_s3
+        done
+    done
+
+    for version in 1.18.5-0 1.19.4-0 ; do
+        log_info "Forgejo $version & $s3_backend"
+        stop
+        reset misplace-s3
+        start $version $s3_backend
+        fixture_create
+        #
+        # some storage are in S3
+        #
+        fixture_attachments_assert_s3
+        fixture_lfs_assert_s3
+        #
+        # others are in local
+        #
+        fixture_repo_archive_assert_local elsewhere/repo-archive
+        fixture_avatars_assert_local elsewhere/avatars
+        fixture_packages_assert_local elsewhere/packages
+        fixture_repo_avatars_assert_local elsewhere/repo-avatars
+    done
+}
+
+function test_storage_stable_s3() {
+    local work_path=$DIR/forgejo-work-path
+    local s3_backend=${1:-minio}
+
+    log_info "See also https://codeberg.org/forgejo/forgejo/issues/1338"
+
+    for version in 1.18.5-0 1.19.4-0 1.20.2-0 1.20.3-0 ; do
+        log_info "Forgejo $version & $s3_backend"
+        stop
+        reset stable-s3
+        start $version $s3_backend
+        fixture_create
+        for fun in ${STORAGE_FUN} ; do
+            fixture_${fun}_assert_s3
+        done
+    done
+}
+
+function test_bug_storage_misplace() {
+    local work_path=$DIR/forgejo-work-path
+
+    log_info "See also https://codeberg.org/forgejo/forgejo/pulls/1225"
+
+    log_info "using < 1.20 and conflicting sections misplace storage"
+    for version in 1.18.5-0 1.19.4-0 ; do
+        stop
+        reset misplace
+        start $version
+        #
+        # some storage are where they should be
+        #
+        test -d $work_path/data/packages
+        test -d $work_path/data/repo-archive
+        test -d $work_path/data/attachments
+        #
+        # others are under APP_DATA_PATH
+        #
+        test -d $work_path/elsewhere/lfs
+        test -d $work_path/elsewhere/avatars
+        test -d $work_path/elsewhere/repo-avatars
+    done
+
+    log_info "using < 1.20.[12]-0 and conflicting sections ignores [storage.*]"
+    for version in 1.20.2-0 ; do
+        stop
+        reset misplace
+        start $version
+        for path in ${STORAGE_PATHS} ; do
+            test -d $work_path/elsewhere/$path
+        done
+    done
+
+    stop
+
+    log_info "upgrading from 1.20.2-0 with conflicting sections fails"
+    download 1.20.3-0
+    timeout 60 $DIR/forgejo-1.20.3-0 --config $work_path/app.ini --work-path $work_path || true
+    for path in ${STORAGE_PATHS} ; do
+        if ! grep --fixed-strings --quiet "[storage.$path] may conflict" $work_path/log/forgejo.log ; then
+            cat $work_path/log/forgejo.log
+            return 1
+        fi
+    done
+}
+
+function test_successful_upgrades() {
+    for config in default specific ; do
+        log_info "using $config app.ini"
+        reset $config
+
+        for version in 1.18.5-0 1.19.4-0 1.20.2-0 1.20.3-0 1.21.0-0 ; do
+            log_info "run $version"
+            cleanup_storage
+            start $version
+            verify_storage
+            stop
+        done
+    done
+}
+
+function test_forgejo_database_version() {
+    local expected_version=$1
+    local work_path=$DIR/forgejo-work-path
+
+    actual_version=$(sqlite3 $work_path/forgejo.db "select version from forgejo_version")
+    test "$expected_version" = "$actual_version"
+}
+
+function test_forgejo_database_v3_upgrades_list_table() {
+    local table=$1
+    local work_path=$DIR/forgejo-work-path
+
+    sqlite3 $work_path/forgejo.db  ".tables $table"  .exit | grep --quiet $table
+}
+
+function test_forgejo_database_v3_upgrades() {
+    local table=forgejo_auth_token
+
+    stop
+
+    reset default
+    log_info "run 1.20.4-1"
+    start 1.20.4-1
+    stop
+    ! test_forgejo_database_v3_upgrades_list_table $table
+    test_forgejo_database_version 2
+
+    log_info "run 1.20.5-0"
+    start 1.20.5-0
+    stop
+    test_forgejo_database_v3_upgrades_list_table $table
+    test_forgejo_database_version 3
+}
+
+function run() {
+    local fun=$1
+    shift
+
+    echo Start running $fun
+    mkdir -p $DIR
+    > $DIR/$fun.out
+    tail --follow $DIR/$fun.out | sed --unbuffered -n -e "/^$PREFIX/s/^$PREFIX //p" &
+    pid=$!
+    if ! VERBOSE=true ${BASH_SOURCE[0]} $fun "$@" >& $DIR/$fun.out ; then
+        kill $pid
+        cat $DIR/$fun.out
+        echo Failure running $fun
+        return 1
+    fi
+    kill $pid
+    echo Success running $fun
+}
+
+function test_upgrades() {
+    run stop
+    run dependencies
+    run build_all
+    run test_successful_upgrades
+    run test_bug_storage_misplace
+    run test_bug_storage_merged
+    run test_downgrade_1.20.2_fails
+    run test_bug_storage_s3_misplace
+    run test_storage_stable_s3 minio
+    run test_storage_stable_s3 garage
+    run test_forgejo_database_v3_upgrades
+}
+
+"$@"
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@ -0,0 +1,99 @@
+name: Integration tests for the release process
+
+on:
+  push:
+    paths:
+      - Makefile
+      - Dockerfile
+      - Dockerfile.rootless
+      - docker/**
+      - .forgejo/actions/build-release/action.yml
+      - .forgejo/workflows/build-release.yml
+      - .forgejo/workflows/build-release-integration.yml
+
+jobs:
+  release-simulation:
+    runs-on: self-hosted
+    if: secrets.ROLE != 'forgejo-integration' && secrets.ROLE != 'forgejo-experimental' && secrets.ROLE != 'forgejo-release'
+    steps:
+      - uses: actions/checkout@v3
+
+      - id: forgejo
+        uses: https://code.forgejo.org/actions/setup-forgejo@v1
+        with:
+          user: root
+          password: admin1234
+          image-version: 1.19
+          lxc-ip-prefix: 10.0.9
+
+      - name: publish the forgejo release
+        run: |
+          set -x
+
+          version=1.2.3
+          cat > /etc/docker/daemon.json <<EOF
+            {
+              "insecure-registries" : ["${{ steps.forgejo.outputs.host-port }}"]
+            }
+          EOF
+          systemctl restart docker
+
+          apt-get install -qq -y xz-utils
+
+          dir=$(mktemp -d)
+          trap "rm -fr $dir" EXIT
+
+          url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }}
+          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"
+
+          #
+          # Create a new project with a fake forgejo and the release workflow only
+          #
+          cp -a .forgejo/testdata/build-release/* $dir
+          mkdir -p $dir/.forgejo/workflows
+          cp .forgejo/workflows/build-release.yml $dir/.forgejo/workflows
+          cp -a .forgejo/actions $dir/.forgejo/actions
+          cp $dir/Dockerfile $dir/Dockerfile.rootless
+
+          forgejo-test-helper.sh push $dir $url root forgejo
+          sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo main)
+
+          #
+          # Push a tag to trigger the release workflow and wait for it to complete
+          #
+          forgejo-curl.sh api_json --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}' $url/api/v1/repos/root/forgejo/tags
+          LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha
+
+          #
+          # uncomment to see the logs even when everything is reported to be working ok
+          #
+          #cat $FORGEJO_RUNNER_LOGS
+
+          #
+          # Minimal sanity checks. e2e test is for the setup-forgejo
+          # action and the infrastructure playbook. Since the binary
+          # is a script shell it does not test the sanity of the cross
+          # build, only the sanity of the naming of the binaries.
+          #
+          for arch in amd64 arm64 arm-6 ; do
+            binary=forgejo-$version-linux-$arch
+            for suffix in '' '.xz' ; do
+              curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix > $binary$suffix
+              if test "$suffix" = .xz ; then
+                 unxz --keep $binary$suffix
+              fi
+              chmod +x $binary
+              ./$binary --version | grep $version
+              curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256
+              shasum -a 256 --check $binary$suffix.sha256
+              rm $binary$suffix
+            done
+          done
+
+          sources=forgejo-src-$version.tar.gz
+          curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources > $sources
+          curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources.sha256 > $sources.sha256
+          shasum -a 256 --check $sources.sha256
+
+          docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version
+          docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version-rootless
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@ -0,0 +1,190 @@
+name: Build release
+
+on:
+  push:
+    tags: 'v*'
+
+jobs:
+  release:
+    runs-on: self-hosted
+    # root is used for testing, allow it
+    if: secrets.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Increase the verbosity when there are no secrets
+        id: verbose
+        run: |
+          if test -z "${{ secrets.TOKEN }}"; then
+            value=true
+          else
+            value=false
+          fi
+          echo "value=$value" >> "$GITHUB_OUTPUT"
+
+      - name: Sanitize the name of the repository
+        id: repository
+        run: |
+          set -x # comment out
+          repository="${{ github.repository }}"
+          echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
+
+      - name: When in a test environment, create a token
+        id: token
+        if: ${{ secrets.TOKEN == '' }}
+        run: |
+          apt-get -qq install -y jq
+          url="${{ env.GITHUB_SERVER_URL }}"
+          hostport=${url##http*://}
+          hostport=${hostport%%/}
+          doer=root
+          api=http://$doer:admin1234@$hostport/api/v1/users/$doer/tokens
+          curl -sS -X DELETE $api/release
+          token=$(curl -sS -X POST -H 'Content-Type: application/json' --data-raw '{"name": "release", "scopes": ["all"]}' $api | jq --raw-output .sha1)
+          echo "value=${token}" >> "$GITHUB_OUTPUT"
+
+      - uses: https://code.forgejo.org/actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: ">=1.20"
+          check-latest: true
+
+      - name: Create the version from ref_name
+        id: tag-version
+        run: |
+          version="${{ github.ref_name }}"
+          version=${version##*v}
+          echo "value=$version" >> "$GITHUB_OUTPUT"
+
+      - name: Create the release notes
+        id: release-notes
+        run: |
+          cat >> "$GITHUB_OUTPUT" <<EOF
+          value<<ENDVAR
+          See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#${{ steps.tag-version.outputs.value }}
+          ENDVAR
+          EOF
+
+      - name: Build sources
+        run: |
+          set -x
+          apt-get -qq install -y make
+          version=${{ steps.tag-version.outputs.value }}
+          #
+          # Make sure all files are owned by the current user.
+          # When run as root `npx webpack` will assume the identity
+          # of the owner of the current working directory and may
+          # fail to create files if some sub-directories are not owned
+          # by the same user.
+          #
+          #   Binaries:
+          #   Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
+          #   npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
+          # Packages:
+          #   add-asset-webpack-plugin: 2.0.1 => 2.0.1
+          #   css-loader: 6.8.1 => 6.8.1
+          #   esbuild-loader: 3.0.1 => 3.0.1
+          #   license-checker-webpack-plugin: 0.2.1 => 0.2.1
+          #   monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
+          #   vue-loader: 17.2.2 => 17.2.2
+          #   webpack: 5.87.0 => 5.87.0
+          #   webpack-cli: 5.1.4 => 5.1.4
+          #
+          chown -R $(id -u) .
+          make VERSION=$version TAGS=bindata sources-tarbal
+          mv dist/release release
+
+          (
+            tmp=$(mktemp -d)
+            tar --directory $tmp -zxvf release/*$version*.tar.gz
+            cd $tmp/*
+            #
+            # Verify `make frontend` files are available
+            #
+            test -d public/assets/css
+            test -d public/assets/fonts
+            test -d public/assets/js
+            #
+            # Verify `make generate` files are available
+            #
+            test -f modules/public/bindata.go
+            #
+            # Sanity check to verify that the source tarbal knows the
+            # version and is able to rebuild itself from it.
+            #
+            # When in sources the version is determined with git.
+            # When in the tarbal the version is determined from a VERSION file.
+            #
+            make sources-tarbal
+            tarbal=$(echo dist/release/*$version*.tar.gz)
+            if ! test -f $tarbal ; then
+              echo $tarbal does not exist
+              find dist release
+              exit 1
+            fi
+          )
+
+      - name: build container & release (when TOKEN secret is not set)
+        if: ${{ secrets.TOKEN == '' }}
+        uses: ./.forgejo/actions/build-release
+        with:
+          forgejo: "${{ env.GITHUB_SERVER_URL }}"
+          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
+          repository: "${{ steps.repository.outputs.value }}"
+          doer: root
+          tag-version: "${{ steps.tag-version.outputs.value }}"
+          token: ${{ steps.token.outputs.value }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v6
+          release-notes: "${{ steps.release-notes.outputs.value }}"
+          binary-name: forgejo
+          binary-path: /app/gitea/gitea
+          verbose: ${{ steps.verbose.outputs.value }}
+
+      - name: build rootless container (when TOKEN secret is not set)
+        if: ${{ secrets.TOKEN == '' }}
+        uses: ./.forgejo/actions/build-release
+        with:
+          forgejo: "${{ env.GITHUB_SERVER_URL }}"
+          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
+          repository: "${{ steps.repository.outputs.value }}"
+          doer: root
+          tag-version: "${{ steps.tag-version.outputs.value }}"
+          token: ${{ steps.token.outputs.value }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v6
+          suffix: -rootless
+          dockerfile: Dockerfile.rootless
+          verbose: ${{ steps.verbose.outputs.value }}
+
+      - name: build container & release (when TOKEN secret is set)
+        if: ${{ secrets.TOKEN != '' }}
+        uses: ./.forgejo/actions/build-release
+        with:
+          forgejo: "${{ env.GITHUB_SERVER_URL }}"
+          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
+          repository: "${{ steps.repository.outputs.value }}"
+          doer: "${{ secrets.DOER }}"
+          tag-version: "${{ steps.tag-version.outputs.value }}"
+          token: "${{ secrets.TOKEN }}"
+          platforms: linux/amd64,linux/arm64,linux/arm/v6
+          release-notes: "${{ steps.release-notes.outputs.value }}"
+          binary-name: forgejo
+          binary-path: /app/gitea/gitea
+          verbose: ${{ steps.verbose.outputs.value }}
+
+      - name: build rootless container (when TOKEN secret is set)
+        if: ${{ secrets.TOKEN != '' }}
+        uses: ./.forgejo/actions/build-release
+        with:
+          forgejo: "${{ env.GITHUB_SERVER_URL }}"
+          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
+          repository: "${{ steps.repository.outputs.value }}"
+          doer: "${{ secrets.DOER }}"
+          tag-version: "${{ steps.tag-version.outputs.value }}"
+          token: "${{ secrets.TOKEN }}"
+          platforms: linux/amd64,linux/arm64,linux/arm/v6
+          suffix: -rootless
+          dockerfile: Dockerfile.rootless
+          verbose: ${{ steps.verbose.outputs.value }}
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@ -0,0 +1,72 @@
+# SPDX-License-Identifier: MIT
+#
+# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
+#
+# https://codeberg.org/forgejo-experimental/forgejo
+#
+#  Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
+#
+#  ROLE: forgejo-experimental
+#  FORGEJO: https://codeberg.org
+#  FROM_OWNER: forgejo-integration
+#  TO_OWNER: forgejo-experimental
+#  DOER: forgejo-experimental-ci
+#  TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
+#
+# http://private.forgejo.org/forgejo/forgejo
+#
+#  Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
+#
+#  ROLE: forgejo-release
+#  FORGEJO: https://codeberg.org
+#  FROM_OWNER: forgejo-integration
+#  TO_OWNER: forgejo
+#  DOER: release-team
+#  TOKEN: <generated from codeberg.org/release-team>
+#  GPG_PRIVATE_KEY: <XYZ>
+#  GPG_PASSPHRASE: <ABC>
+#
+name: Pubish release
+
+on: 
+  push:
+    tags: 'v*'
+
+jobs:
+  publish:
+    runs-on: self-hosted
+    if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != ''
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: copy & sign binaries and container images from one owner to another
+        uses: ./.forgejo/actions/publish-release
+        with:
+          forgejo: ${{ secrets.FORGEJO }}
+          from-owner: ${{ secrets.FROM_OWNER }}
+          to-owner: ${{ secrets.TO_OWNER }}
+          ref-name: ${{ github.ref_name }}
+          doer: ${{ secrets.DOER }}
+          token: ${{ secrets.TOKEN }}
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          verbose: ${{ secrets.VERBOSE }}
+
+
+      - name: set up go for the DNS update below
+        uses: https://code.forgejo.org/actions/setup-go@v4
+        if: secrets.ROLE == 'forgejo-experimental'
+        with:
+          go-version: "1.21"
+          check-latest: true
+      - name: update the _release.experimental DNS record
+        if: secrets.ROLE == 'forgejo-experimental'
+        uses: https://code.forgejo.org/actions/ovh-dns-update@v1
+        with:
+          subdomain: _release.experimental
+          domain: forgejo.com # there is a CNAME from .org to .com (for security reasons)
+          record-id: 5283602601
+          value: v=${{ github.ref_name }}
+          ovh-app-key: ${{ secrets.OVH_APP_KEY }}
+          ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
+          ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@ -0,0 +1,189 @@
+name: testing
+
+on:
+  pull_request:
+  push:
+    branches:
+      - 'forgejo*'
+      - 'v*/forgejo*'
+
+jobs:
+  lint-backend:
+    runs-on: docker
+    container:
+      image: 'docker.io/node:20-bookworm'
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.21"
+          check-latest: true
+      - run: make deps-backend deps-tools
+      - run: make lint-backend
+        env:
+          TAGS: bindata sqlite sqlite_unlock_notify
+  checks-backend:
+    runs-on: docker
+    container:
+      image: 'docker.io/node:20-bookworm'
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.21"
+          check-latest: true
+      - run: make deps-backend deps-tools
+      - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
+  test-unit:
+    runs-on: docker
+    needs: [lint-backend, checks-backend]
+    container:
+      image: 'docker.io/node:20-bookworm'
+    services:
+      minio:
+        image: 'docker.io/bitnami/minio:2023.8.31'
+        env:
+          MINIO_ROOT_USER: 123456
+          MINIO_ROOT_PASSWORD: 12345678
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.21"
+      - run: |
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          chown -R forgejo:forgejo .
+      - run: |
+          su forgejo -c 'make deps-backend'
+      - run: |
+          su forgejo -c 'make backend'
+        env:
+          TAGS: bindata
+      - run: |
+          su forgejo -c 'make unit-test-coverage test-check'
+        timeout-minutes: 50
+        env:
+          RACE_ENABLED: 'true'
+          TAGS: bindata
+  test-mysql:
+    runs-on: docker
+    needs: [lint-backend, checks-backend]
+    container:
+      image: 'docker.io/node:20-bookworm'
+    services:
+      mysql8:
+        image: mysql:8-debian
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
+          MYSQL_DATABASE: testgitea
+        #
+        # See also https://codeberg.org/forgejo/forgejo/issues/976
+        #
+        cmd: ['mysqld', '--innodb-adaptive-flushing=OFF', '--innodb-buffer-pool-size=4G', '--innodb-log-buffer-size=128M', '--innodb-flush-log-at-trx-commit=0', '--innodb-flush-log-at-timeout=30', '--innodb-flush-method=nosync', '--innodb-fsync-threshold=1000000000']
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.21"
+      - name: install dependencies
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update -qq
+          apt-get install --no-install-recommends -qq -y git-lfs
+      - name: setup user and permissions
+        run: |
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          chown -R forgejo:forgejo .
+      - run: |
+          su forgejo -c 'make deps-backend'
+      - run: |
+          su forgejo -c 'make backend'
+        env:
+          TAGS: bindata
+      - run: |
+          su forgejo -c 'make test-mysql8-migration test-mysql8'
+        timeout-minutes: 50
+        env:
+          TAGS: bindata
+          USE_REPO_TEST_DIR: 1
+  test-pgsql:
+    runs-on: docker
+    needs: [lint-backend, checks-backend]
+    container:
+      image: 'docker.io/node:20-bookworm'
+    services:
+      minio:
+        image: bitnami/minio:2021.3.17
+        env:
+          MINIO_ACCESS_KEY: 123456
+          MINIO_SECRET_KEY: 12345678
+      pgsql:
+        image: 'docker.io/postgres:15'
+        env:
+          POSTGRES_DB: test
+          POSTGRES_PASSWORD: postgres
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.21"
+      - name: install dependencies
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update -qq
+          apt-get install --no-install-recommends -qq -y git-lfs
+      - name: setup user and permissions
+        run: |
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          chown -R forgejo:forgejo .
+      - run: |
+          su forgejo -c 'make deps-backend'
+      - run: |
+          su forgejo -c 'make backend'
+        env:
+          TAGS: bindata
+      - run: |
+          su forgejo -c 'make test-pgsql-migration test-pgsql'
+        timeout-minutes: 50
+        env:
+          TAGS: bindata gogit
+          RACE_ENABLED: true
+          TEST_TAGS: gogit
+          USE_REPO_TEST_DIR: 1
+  test-sqlite:
+    runs-on: docker
+    needs: [lint-backend, checks-backend]
+    container:
+      image: 'docker.io/node:20-bookworm'
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.21"
+      - name: install dependencies
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update -qq
+          apt-get install --no-install-recommends -qq -y git-lfs
+      - name: setup user and permissions
+        run: |
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          chown -R forgejo:forgejo .
+      - run: |
+          su forgejo -c 'make deps-backend'
+      - run: |
+          su forgejo -c 'make backend'
+        env:
+          TAGS: bindata gogit sqlite sqlite_unlock_notify
+      - run: |
+          su forgejo -c 'make test-sqlite-migration test-sqlite'
+        timeout-minutes: 50
+        env:
+          TAGS: bindata gogit sqlite sqlite_unlock_notify
+          RACE_ENABLED: true
+          TEST_TAGS: gogit sqlite sqlite_unlock_notify
+          USE_REPO_TEST_DIR: 1
--- a/.gitattributes
+++ b/.gitattributes
@ -1,5 +1,5 @@
 * text=auto eol=lf
-*.tmpl linguist-language=Handlebars
+*.tmpl linguist-language=go-html-template
 /assets/*.json linguist-generated
 /public/assets/img/svg/*.svg linguist-generated
 /templates/swagger/v1_json.tmpl linguist-generated
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@ -1,42 +0,0 @@
-<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
-
-<!--
-    1. Please speak English, this is the language all maintainers can speak and write.
-    2. Please ask questions or configuration/deploy problems on our Discord
-       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-    3. Please take a moment to check that your issue doesn't already exist.
-    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
-    5. Please give all relevant information below for bug reports, because
-       incomplete details will be handled as an invalid report.
-->
-
- Gitea version (or commit ref):
- Git version:
- Operating system:
-  <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package -->
-  <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. --->
-  <!-- If you are using a package or systemd tell us what distribution you are using -->
- Database (use `[x]`):
-  - [ ] PostgreSQL
-  - [ ] MySQL
-  - [ ] MSSQL
-  - [ ] SQLite
- Can you reproduce the bug at https://try.gitea.io:
-  - [ ] Yes (provide example URL)
-  - [ ] No
- Log gist:
-<!-- It really is important to provide pertinent logs -->
-<!-- Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help -->
-<!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->
-
-## Description
-<!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please
-     disable the proxy/CDN fully and connect to gitea directly to confirm
-     the issue still persists without those services. -->
-
-...
-
-
-## Screenshots
-
-<!-- **If this issue involves the Web Interface, please include a screenshot** -->
--- a/.gitea/issue_template/bug-report-ui.yaml
+++ b/.gitea/issue_template/bug-report-ui.yaml
@ -0,0 +1,63 @@
+name: 🦋 Bug Report (web interface / frontend)
+description: Something doesn't look quite as it should?  Report it here!
+title: "[BUG] "
+labels: ["bug", "forgejo/ui"]
+body:
+- type: markdown
+  attributes:
+    value: |
+      **NOTE: If your issue is a security concern, please email <security@forgejo.org> (GPG: `A4676E79`) instead of opening a public issue.**
+- type: markdown
+  attributes:
+    value: |
+      - Please speak English, as this is the language all maintainers can speak and write.
+      - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way.
+      - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+      - Please make sure you are using the latest release of Forgejo and take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137).
+      - Please give all relevant information below for bug reports, as incomplete details may result in the issue not being considered.
+- type: textarea
+  id: description
+  attributes:
+    label: Description
+    description: |
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below).
+      If you think this is a JavaScript error, show us the JavaScript console.
+      If the error appears to relate to Forgejo the server, please also give us `DEBUG` level logs. (See https://forgejo.org/docs/latest/admin/logging-documentation/)
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: Please provide at least one screenshot showing the issue.
+  validations:
+    required: true
+- type: input
+  id: forgejo-ver
+  attributes:
+    label: Forgejo Version
+    description: Forgejo version (or commit reference) your instance is running
+  validations:
+    required: true
+- type: dropdown
+  id: can-reproduce
+  attributes:
+    label: Can you reproduce the bug on Forgejo Next?
+    description: |
+      Please try reproducing your issue at [Forgejo Next](https://next.forgejo.org).
+      If you can reproduce it, please provide a URL in the Description field.
+    options:
+    - "Yes"
+    - "No"
+  validations:
+    required: true
+- type: input
+  id: browser-ver
+  attributes:
+    label: Browser Version
+    description: The browser and version that you are using to access Forgejo
+  validations:
+    required: true
+- type: input
+  id: os-ver
+  attributes:
+    label: Operating System
+    description: The operating system you are using to access Forgejo
--- a/.gitea/issue_template/bug-report.yaml
+++ b/.gitea/issue_template/bug-report.yaml
@ -0,0 +1,90 @@
+name: 🐛 Bug Report (server / backend)
+description: Found something you weren't expecting? Report it here!
+title: "[BUG] "
+labels: bug
+body:
+- type: markdown
+  attributes:
+    value: |
+      **NOTE: If your issue is a security concern, please email <security@forgejo.org> (GPG: `A4676E79`) instead of opening a public issue.**
+- type: markdown
+  attributes:
+    value: |
+      - Please speak English, as this is the language all maintainers can speak and write.
+      - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way.
+      - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+      - Please make sure you are using the latest release of Forgejo and take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137).
+      - Please give all relevant information below for bug reports, as incomplete details may result in the issue not being considered.
+- type: textarea
+  id: description
+  attributes:
+    label: Description
+    description: |
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below).
+  validations:
+    required: true
+- type: input
+  id: forgejo-ver
+  attributes:
+    label: Forgejo Version
+    description: Forgejo version (or commit reference) of your instance
+  validations:
+    required: true
+- type: dropdown
+  id: can-reproduce
+  attributes:
+    label: Can you reproduce the bug on Forgejo Next?
+    description: |
+      Please try reproducing your issue at [Forgejo Next](https://next.forgejo.org).
+      If you can reproduce it, please provide a URL in the Description field.
+    options:
+    - "Yes"
+    - "No"
+  validations:
+    required: true
+- type: textarea
+  id: logs
+  attributes:
+    label: Logs
+    description: |
+      It's really important to provide pertinent logs. You must give us `DEBUG` level logs.
+      Please read https://forgejo.org/docs/latest/admin/logging-documentation/.
+      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of `app.ini`.
+
+      Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden.
+      You can wrap your logs in `<details>...</details>` tags so it doesn't take up too much space in the issue.
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: If this issue involves the Web Interface, please provide one or more screenshots
+- type: input
+  id: git-ver
+  attributes:
+    label: Git Version
+    description: The version of git running on the server
+- type: input
+  id: os-ver
+  attributes:
+    label: Operating System
+    description: The operating system you are using to run Forgejo
+- type: textarea
+  id: run-info
+  attributes:
+    label: How are you running Forgejo?
+    description: |
+      Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
+      Please also tell us how you are running Forgejo, e.g. if it is being run from docker, a command-line, systemd etc.
+      If you are using a package or systemd tell us what distribution you are using.
+  validations:
+    required: true
+- type: dropdown
+  id: database
+  attributes:
+    label: Database
+    description: What database system are you running?
+    options:
+    - SQLite
+    - PostgreSQL
+    - MySQL
+    - MSSQL
--- a/.gitea/issue_template/config.yml
+++ b/.gitea/issue_template/config.yml
@ -0,0 +1,17 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 🔓 Security Reports
+    url: mailto:security@forgejo.org
+    about: "Please email <security@forgejo.org> (GPG: `A4676E79`) instead of opening a public issue."
+  - name: 💬 Matrix Chat Room
+    url: https://matrix.to/#/#forgejo-chat:matrix.org
+    about: Please ask questions and discuss configuration or deployment problems here.
+  - name: 💬 Matrix Space
+    url: https://matrix.to/#/#forgejo:matrix.org
+    about: A collection of Matrix rooms relating to Forgejo in addition to the main chat room.
+  - name: 📚 Documentation
+    url: https://forgejo.org/docs/latest/
+    about: Documentation about Forgejo.
+  - name: ❓ Frequently Asked Questions
+    url: https://forgejo.org/faq/
+    about: Please check if your question is mentioned here.
--- a/.gitea/issue_template/feature-request.yaml
+++ b/.gitea/issue_template/feature-request.yaml
@ -0,0 +1,31 @@
+name: 💡 Feature Request
+description: Got an idea for a feature that Forgejo doesn't have yet? Suggest it here!
+title: "[FEAT] "
+labels: ["enhancement/feature"]
+body:
+- type: markdown
+  attributes:
+    value: |
+      - Please speak English, as this is the language all maintainers can speak and write.
+      - Be as clear and concise as possible. A very verbose request is harder to interpret in a concrete way.
+      - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+      - Please make sure you are using the latest release of Forgejo and take a moment to [check that your feature hasn't already been suggested](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78139).
+- type: textarea
+  id: needs-benefits
+  attributes:
+    label: Needs and benefits
+    description: As concisely as possible, describe the benefits your feture request will provide or the problems it will try to solve.
+  validations:
+    required: true
+- type: textarea
+  id: description
+  attributes:
+    label: Feature Description
+    description: As concisely as possible, describe the feature you would like to see added or the changes you would like to see made to Forgejo.
+  validations:
+    required: true
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: If you can, provide screenshots of an implementation on another site, e.g. GitHub.
--- a/.gitea/pull_request_template.md
+++ b/.gitea/pull_request_template.md
@ -0,0 +1,4 @@
+<!--
+Before submitting a PR, please read the contributing guidelines:
+https://codeberg.org/forgejo/forgejo/src/branch/main/CONTRIBUTING.md
+-->
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,2 +0,0 @@
-open_collective: gitea
-custom: https://www.bountysource.com/teams/gitea
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@ -1,91 +0,0 @@
-name: Bug Report
-description: Found something you weren't expecting? Report it here!
-labels: ["kind/bug"]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
-  - type: markdown
-    attributes:
-      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-        3. Make sure you are using the latest release and
-           take a moment to check that your issue hasn't been reported before.
-        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
-        5. It's really important to provide pertinent details and logs (https://docs.gitea.com/help/support),
-           incomplete details will be handled as an invalid report.
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: |
-        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-        If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
-  - type: input
-    id: gitea-ver
-    attributes:
-      label: Gitea Version
-      description: Gitea version (or commit reference) of your instance
-    validations:
-      required: true
-  - type: dropdown
-    id: can-reproduce
-    attributes:
-      label: Can you reproduce the bug on the Gitea demo site?
-      description: |
-        If so, please provide a URL in the Description field
-        URL of Gitea demo: https://try.gitea.io
-      options:
-        - "Yes"
-        - "No"
-    validations:
-      required: true
-  - type: markdown
-    attributes:
-      value: |
-        It's really important to provide pertinent logs
-        Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help
-        In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
-  - type: input
-    id: logs
-    attributes:
-      label: Log Gist
-      description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      description: If this issue involves the Web Interface, please provide one or more screenshots
-  - type: input
-    id: git-ver
-    attributes:
-      label: Git Version
-      description: The version of git running on the server
-  - type: input
-    id: os-ver
-    attributes:
-      label: Operating System
-      description: The operating system you are using to run Gitea
-  - type: textarea
-    id: run-info
-    attributes:
-      label: How are you running Gitea?
-      description: |
-        Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
-        Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
-        If you are using a package or systemd tell us what distribution you are using
-    validations:
-      required: true
-  - type: dropdown
-    id: database
-    attributes:
-      label: Database
-      description: What database system are you running?
-      options:
-        - PostgreSQL
-        - MySQL/MariaDB
-        - MSSQL
-        - SQLite
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,17 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Security Concern
-    url: https://tinyurl.com/security-gitea
-    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
-  - name: Discord Server
-    url: https://discord.gg/Gitea
-    about: Please ask questions and discuss configuration or deployment problems here.
-  - name: Discourse Forum
-    url: https://discourse.gitea.io
-    about: Questions and configuration or deployment problems can also be discussed on our forum.
-  - name: Frequently Asked Questions
-    url: https://docs.gitea.com/help/faq
-    about: Please check if your question isn't mentioned here.
-  - name: Crowdin Translations
-    url: https://crowdin.com/project/gitea
-    about: Translations are managed here.
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@ -1,24 +0,0 @@
-name: Feature Request
-description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-labels: ["kind/proposal"]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-        3. Please take a moment to check that your feature hasn't already been suggested.
-  - type: textarea
-    id: description
-    attributes:
-      label: Feature Description
-      placeholder: |
-        I think it would be great if Gitea had...
-    validations:
-      required: true
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      description: If you can, provide screenshots of an implementation on another site e.g. GitHub
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@ -1,66 +0,0 @@
-name: Web Interface Bug Report
-description: Something doesn't look quite as it should?  Report it here!
-labels: ["kind/bug", "kind/ui"]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
-  - type: markdown
-    attributes:
-      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-        3. Please take a moment to check that your issue doesn't already exist.
-        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
-        5. Please give all relevant information below for bug reports, because
-           incomplete details will be handled as an invalid report.
-        6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
-           error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-           DEBUG level logs. (See https://docs.gitea.com/administration/logging-config#collecting-logs-for-help)
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: |
-        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-        If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      description: Please provide at least 1 screenshot showing the issue.
-    validations:
-      required: true
-  - type: input
-    id: gitea-ver
-    attributes:
-      label: Gitea Version
-      description: Gitea version (or commit reference) your instance is running
-    validations:
-      required: true
-  - type: dropdown
-    id: can-reproduce
-    attributes:
-      label: Can you reproduce the bug on the Gitea demo site?
-      description: |
-        If so, please provide a URL in the Description field
-        URL of Gitea demo: https://try.gitea.io
-      options:
-        - "Yes"
-        - "No"
-    validations:
-      required: true
-  - type: input
-    id: os-ver
-    attributes:
-      label: Operating System
-      description: The operating system you are using to access Gitea
-  - type: input
-    id: browser-ver
-    attributes:
-      label: Browser Version
-      description: The browser and version that you are using to access Gitea
-    validations:
-      required: true
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -1,9 +0,0 @@
-<!-- start tips --> 
-Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for backports.
-2. Make sure you have read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md .
-3. Describe what your pull request does and which issue you're targeting (if any).
-4. It is recommended to enable "Allow edits by maintainers", so maintainers can help more easily.
-5. Your input here will be included in the commit message when this PR has been merged. If you don't want some content to be included, please separate them with a line like `---`.
-6. Delete all these tips before posting.
-<!-- end tips -->
--- a/.github/stale.yml
+++ b/.github/stale.yml
@ -1,54 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 60
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 14
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - status/blocked
-  - kind/security
-  - lgtm/done
-  - reviewed/confirmed
-  - priority/critical
-  - kind/proposal
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Comment to post when marking as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had recent activity.
-  I am here to help clear issues left open even if solved or waiting for more insight.
-  This issue will be closed if no further activity occurs during the next 2 weeks.
-  If the issue is still valid just add a comment to keep it alive.
-  Thank you for your contributions.
-
-# Comment to post when closing a stale Issue or Pull Request.
-closeComment: >
-  This issue has been automatically closed because of inactivity.
-  You can re-open it if needed.
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 1
-
-# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
-pulls:
-  daysUntilStale: 60
-  daysUntilClose: 60
-  markComment: >
-    This pull request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you
-    for your contributions.
-  closeComment: >
-    This pull request has been automatically closed because of inactivity.
-    You can re-open it if needed.
--- a/.github/workflows/cron-licenses.yml
+++ b/.github/workflows/cron-licenses.yml
@ -1,29 +0,0 @@
-name: cron-licenses
-
-on:
-  schedule:
-    - cron: "7 0 * * 1" # every Monday at 00:07 UTC
-  workflow_dispatch:
-
-jobs:
-  cron-licenses:
-    runs-on: ubuntu-latest
-    if: github.repository == 'go-gitea/gitea'
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - run: make generate-license generate-gitignore
-        timeout-minutes: 40
-      - name: push translations to repo
-        uses: appleboy/git-push-action@v0.0.2
-        with:
-          author_email: "teabot@gitea.io"
-          author_name: GiteaBot
-          branch: main
-          commit: true
-          commit_message: "[skip ci] Updated licenses and gitignores"
-          remote: "git@github.com:go-gitea/gitea.git"
-          ssh_key: ${{ secrets.DEPLOY_KEY }}
--- a/.github/workflows/cron-lock.yml
+++ b/.github/workflows/cron-lock.yml
@ -1,22 +0,0 @@
-name: cron-lock
-
-on:
-  schedule:
-    - cron: "0 0 * * *" # every day at 00:00 UTC
-  workflow_dispatch:
-
-permissions:
-  issues: write
-  pull-requests: write
-
-concurrency:
-  group: lock
-
-jobs:
-  action:
-    runs-on: ubuntu-latest
-    if: github.repository == 'go-gitea/gitea'
-    steps:
-      - uses: dessant/lock-threads@v4
-        with:
-          issue-inactive-days: 45
--- a/.github/workflows/cron-translations.yml
+++ b/.github/workflows/cron-translations.yml
@ -1,49 +0,0 @@
-name: cron-translations
-
-on:
-  schedule:
-    - cron: "7 0 * * *" # every day at 00:07 UTC
-  workflow_dispatch:
-
-jobs:
-  crowdin-pull:
-    runs-on: ubuntu-latest
-    if: github.repository == 'go-gitea/gitea'
-    steps:
-      - uses: actions/checkout@v4
-      - name: download from crowdin
-        uses: docker://jonasfranz/crowdin
-        env:
-          CROWDIN_KEY: ${{ secrets.CROWDIN_KEY }}
-          PLUGIN_DOWNLOAD: true
-          PLUGIN_EXPORT_DIR: options/locale/
-          PLUGIN_IGNORE_BRANCH: true
-          PLUGIN_PROJECT_IDENTIFIER: gitea
-      - name: update locales
-        run: ./build/update-locales.sh
-      - name: push translations to repo
-        uses: appleboy/git-push-action@v0.0.2
-        with:
-          author_email: "teabot@gitea.io"
-          author_name: GiteaBot
-          branch: main
-          commit: true
-          commit_message: "[skip ci] Updated translations via Crowdin"
-          remote: "git@github.com:go-gitea/gitea.git"
-          ssh_key: ${{ secrets.DEPLOY_KEY }}
-  crowdin-push:
-    runs-on: ubuntu-latest
-    if: github.repository == 'go-gitea/gitea'
-    steps:
-      - uses: actions/checkout@v4
-      - name: push translations to crowdin
-        uses: docker://jonasfranz/crowdin
-        env:
-          CROWDIN_KEY: ${{ secrets.CROWDIN_KEY }}
-          PLUGIN_UPLOAD: true
-          PLUGIN_EXPORT_DIR: options/locale/
-          PLUGIN_IGNORE_BRANCH: true
-          PLUGIN_PROJECT_IDENTIFIER: gitea
-          PLUGIN_FILES: |
-            locale_en-US.ini: options/locale/locale_en-US.ini
-          PLUGIN_BRANCH: main
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@ -1,179 +0,0 @@
-name: compliance
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  lint-backend:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make lint-backend
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-
-  lint-templates:
-    if: needs.files-changed.outputs.templates == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.11"
-      - run: pip install poetry
-      - run: make deps-py
-      - run: make lint-templates
-
-  lint-yaml:
-    if: needs.files-changed.outputs.yaml == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.11"
-      - run: pip install poetry
-      - run: make deps-py
-      - run: make lint-yaml
-
-  lint-swagger:
-    if: needs.files-changed.outputs.swagger == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend
-      - run: make lint-swagger
-
-  lint-go-windows:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make lint-go-windows lint-go-vet
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-          GOOS: windows
-          GOARCH: amd64
-
-  lint-go-gogit:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make lint-go
-        env:
-          TAGS: bindata gogit sqlite sqlite_unlock_notify
-
-  checks-backend:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
-
-  frontend:
-    if: needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend
-      - run: make lint-frontend
-      - run: make checks-frontend
-      - run: make test-frontend
-      - run: make frontend
-
-  backend:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      # no frontend build here as backend should be able to build
-      # even without any frontend files
-      - run: make deps-backend
-      - run: go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
-      - name: build-backend-arm64
-        run: make backend # test cross compile
-        env:
-          GOOS: linux
-          GOARCH: arm64
-          TAGS: bindata gogit
-      - name: build-backend-windows
-        run: go build -o gitea_windows
-        env:
-          GOOS: windows
-          GOARCH: amd64
-          TAGS: bindata gogit
-      - name: build-backend-386
-        run: go build -o gitea_linux_386 # test if compatible with 32 bit
-        env:
-          GOOS: linux
-          GOARCH: 386
-
-  docs:
-    if: needs.files-changed.outputs.docs == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend
-      - run: make lint-md
-      - run: make docs
-
-  actions:
-    if: needs.files-changed.outputs.actions == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-      - run: make lint-actions
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@ -1,259 +0,0 @@
-name: db-tests
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  test-pgsql:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      pgsql:
-        image: postgres:15
-        env:
-          POSTGRES_DB: test
-          POSTGRES_PASSWORD: postgres
-        ports:
-          - "5432:5432"
-      ldap:
-        image: gitea/test-openldap:latest
-        ports:
-          - "389:389"
-          - "636:636"
-      minio:
-        # as github actions doesn't support "entrypoint", we need to use a non-official image
-        # that has a custom entrypoint set to "minio server /data"
-        image: bitnami/minio:2021.3.17
-        env:
-          MINIO_ACCESS_KEY: 123456
-          MINIO_SECRET_KEY: 12345678
-        ports:
-          - "9000:9000"
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 pgsql ldap minio" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - run: make test-pgsql-migration test-pgsql
-        timeout-minutes: 50
-        env:
-          TAGS: bindata gogit
-          RACE_ENABLED: true
-          TEST_TAGS: gogit
-          TEST_LDAP: 1
-          USE_REPO_TEST_DIR: 1
-
-  test-sqlite:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata gogit sqlite sqlite_unlock_notify
-      - run: make test-sqlite-migration test-sqlite
-        timeout-minutes: 50
-        env:
-          TAGS: bindata gogit sqlite sqlite_unlock_notify
-          RACE_ENABLED: true
-          TEST_TAGS: gogit sqlite sqlite_unlock_notify
-          USE_REPO_TEST_DIR: 1
-
-  test-unit:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
-          MYSQL_DATABASE: test
-        ports:
-          - "3306:3306"
-      elasticsearch:
-        image: elasticsearch:7.5.0
-        env:
-          discovery.type: single-node
-        ports:
-          - "9200:9200"
-      meilisearch:
-        image: getmeili/meilisearch:v1.2.0
-        env:
-          MEILI_ENV: development # disable auth
-        ports:
-          - "7700:7700"
-      smtpimap:
-        image: tabascoterrier/docker-imap-devel:latest
-        ports:
-          - "25:25"
-          - "143:143"
-          - "587:587"
-          - "993:993"
-      redis:
-        image: redis
-        options: >- # wait until redis has started
-          --health-cmd "redis-cli ping"
-          --health-interval 5s
-          --health-timeout 3s
-          --health-retries 10
-        ports:
-          - 6379:6379
-      minio:
-        image: bitnami/minio:2021.3.17
-        env:
-          MINIO_ACCESS_KEY: 123456
-          MINIO_SECRET_KEY: 12345678
-        ports:
-          - "9000:9000"
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch meilisearch smtpimap" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - name: unit-tests
-        run: make unit-test-coverage test-check
-        env:
-          TAGS: bindata
-          RACE_ENABLED: true
-          GITHUB_READ_TOKEN: ${{ secrets.GITHUB_READ_TOKEN }}
-      - name: unit-tests-gogit
-        run: make unit-test-coverage test-check
-        env:
-          TAGS: bindata gogit
-          RACE_ENABLED: true
-          GITHUB_READ_TOKEN: ${{ secrets.GITHUB_READ_TOKEN }}
-
-  test-mysql5:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
-          MYSQL_DATABASE: test
-        ports:
-          - "3306:3306"
-      elasticsearch:
-        image: elasticsearch:7.5.0
-        env:
-          discovery.type: single-node
-        ports:
-          - "9200:9200"
-      smtpimap:
-        image: tabascoterrier/docker-imap-devel:latest
-        ports:
-          - "25:25"
-          - "143:143"
-          - "587:587"
-          - "993:993"
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch smtpimap" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - name: run tests
-        run: make test-mysql-migration integration-test-coverage
-        env:
-          TAGS: bindata
-          RACE_ENABLED: true
-          USE_REPO_TEST_DIR: 1
-          TEST_INDEXER_CODE_ES_URL: "http://elastic:changeme@elasticsearch:9200"
-
-  test-mysql8:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mysql8:
-        image: mysql:8
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
-          MYSQL_DATABASE: testgitea
-        ports:
-          - "3306:3306"
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql8" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - run: make test-mysql8-migration test-mysql8
-        timeout-minutes: 50
-        env:
-          TAGS: bindata
-          USE_REPO_TEST_DIR: 1
-
-  test-mssql:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mssql:
-        image: mcr.microsoft.com/mssql/server:latest
-        env:
-          ACCEPT_EULA: Y
-          MSSQL_PID: Standard
-          SA_PASSWORD: MwantsaSecurePassword1
-        ports:
-          - "1433:1433"
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mssql" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - run: make test-mssql-migration test-mssql
-        timeout-minutes: 50
-        env:
-          TAGS: bindata
-          USE_REPO_TEST_DIR: 1
--- a/.github/workflows/pull-docker-dryrun.yml
+++ b/.github/workflows/pull-docker-dryrun.yml
@ -1,35 +0,0 @@
-name: docker-dryrun
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  regular:
-    if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v4
-        with:
-          push: false
-          tags: gitea/gitea:linux-amd64
-
-  rootless:
-    if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v4
-        with:
-          push: false
-          file: Dockerfile.rootless
-          tags: gitea/gitea:linux-amd64
--- a/.github/workflows/pull-e2e-tests.yml
+++ b/.github/workflows/pull-e2e-tests.yml
@ -1,32 +0,0 @@
-name: e2e-tests
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  test-e2e:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend frontend deps-backend
-      - run: npx playwright install --with-deps
-      - run: make test-e2e-sqlite
-        timeout-minutes: 40
-        env:
-          USE_REPO_TEST_DIR: 1
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@ -44,7 +44,7 @@ jobs:
      - name: Get cleaned branch name
        id: clean_name
        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
+          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//')
          echo "Cleaned name is ${REF_NAME}"
          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
      - name: configure aws
@ -56,6 +56,10 @@ jobs:
      - name: upload binaries to s3
        run: |
          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
+      - name: Install GH CLI
+        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
+        with:
+          gh-cli-version: 2.39.1
      - name: create github release
        run: |
          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/*
@ -74,6 +78,8 @@ jobs:
        id: meta
        with:
          images: gitea/gitea
+          flavor: |
+            latest=false
          # 1.2.3-rc0
          tags: |
            type=semver,pattern={{version}}
@ -105,6 +111,7 @@ jobs:
          images: gitea/gitea
          # each tag below will have the suffix of -rootless
          flavor: |
+            latest=false
            suffix=-rootless
          # 1.2.3-rc0
          tags: |
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@ -46,7 +46,7 @@ jobs:
      - name: Get cleaned branch name
        id: clean_name
        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
+          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//')
          echo "Cleaned name is ${REF_NAME}"
          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
      - name: configure aws
@ -58,9 +58,13 @@ jobs:
      - name: upload binaries to s3
        run: |
          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
+      - name: Install GH CLI
+        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
+        with:
+          gh-cli-version: 2.39.1
      - name: create github release
        run: |
-          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/*
+          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --notes-from-tag dist/release/*
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
  docker-rootful:
@ -82,7 +86,6 @@ jobs:
          # 1.2
          # 1.2.3
          tags: |
-            type=raw,value=latest
            type=semver,pattern={{major}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{version}}
@ -114,14 +117,13 @@ jobs:
          images: gitea/gitea
          # each tag below will have the suffix of -rootless
          flavor: |
-            suffix=-rootless
+            suffix=-rootless,onlatest=true
          # this will generate tags in the following format (with -rootless suffix added):
          # latest
          # 1
          # 1.2
          # 1.2.3
          tags: |
-            type=raw,value=latest
            type=semver,pattern={{major}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{version}}
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,6 @@
+# Emacs
+*~
+
 # Compiled Object files, Static and Dynamic libs (Shared Objects)
 *.o
 *.a
@ -110,3 +113,6 @@ prime/

 # Manpage
 /man
+
+# Generated merged Forgejo+Gitea language files
+/options/locale/locale_*
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,602 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).

+## [1.21.4](https://github.com/go-gitea/gitea/releases/tag/1.21.4) - 2024-01-16
+
+* SECURITY
+  * Update github.com/cloudflare/circl (#28789) (#28790)
+  * Require token for GET subscription endpoint (#28765) (#28768)
+* BUGFIXES
+  * Use refname:strip-2 instead of refname:short when syncing tags (#28797) (#28811)
+  * Fix links in issue card (#28806) (#28807)
+  * Fix nil pointer panic when exec some gitea cli command (#28791) (#28795)
+  * Require token for GET subscription endpoint (#28765) (#28778)
+  * Fix button size in "attached header right" (#28770) (#28774)
+  * Fix `convert.ToTeams` on empty input (#28426) (#28767)
+  * Hide code related setting options in repository when code unit is disabled (#28631) (#28749)
+  * Fix incorrect URL for "Reference in New Issue" (#28716) (#28723)
+  * Fix panic when parsing empty pgsql host (#28708) (#28709)
+  * Upgrade xorm to new version which supported update join for all supported databases (#28590) (#28668)
+  * Fix alpine package files are not rebuilt (#28638) (#28665)
+  * Avoid cycle-redirecting user/login page (#28636) (#28658)
+  * Fix empty ref for cron workflow runs (#28640) (#28647)
+  * Remove unnecessary syncbranchToDB with tests (#28624) (#28629)
+  * Use known issue IID to generate new PR index number when migrating from GitLab (#28616) (#28618)
+  * Fix flex container width (#28603) (#28605)
+  * Fix the scroll behavior for emoji/mention list (#28597) (#28601)
+  * Fix wrong due date rendering in issue list page (#28588) (#28591)
+  * Fix `status_check_contexts` matching bug (#28582) (#28589)
+  * Fix 500 error of searching commits (#28576) (#28579)
+  * Use information from previous blame parts (#28572) (#28577)
+  * Update mermaid for 1.21 (#28571)
+  * Fix 405 method not allowed CORS / OIDC (#28583) (#28586) (#28587) (#28611)
+  * Fix `GetCommitStatuses` (#28787) (#28804)
+  * Forbid removing the last admin user (#28337) (#28793)
+  * Fix schedule tasks bugs (#28691) (#28780)
+  * Fix issue dependencies (#27736) (#28776)
+  * Fix system webhooks API bug (#28531) (#28666)
+  * Fix when private user following user, private user will not be counted in his own view (#28037) (#28792)
+  * Render code block in activity tab (#28816) (#28818)
+* ENHANCEMENTS
+  * Rework markup link rendering (#26745) (#28803)
+  * Modernize merge button (#28140) (#28786)
+  * Speed up loading the dashboard on mysql/mariadb (#28546) (#28784)
+  * Assign pull request to project during creation (#28227) (#28775)
+  * Show description as tooltip instead of title for labels (#28754) (#28766)
+  * Make template `DateTime` show proper tooltip (#28677) (#28683)
+  * Switch destination directory for apt signing keys (#28639) (#28642)
+  * Include heap pprof in diagnosis report to help debugging memory leaks (#28596) (#28599)
+* DOCS
+  * Suggest to use Type=simple for systemd service (#28717) (#28722)
+  * Extend description for ARTIFACT_RETENTION_DAYS (#28626) (#28630)
+* MISC
+  * Add -F to commit search to treat keywords as strings (#28744) (#28748)
+  * Add download attribute to release attachments (#28739) (#28740)
+  * Concatenate error in `checkIfPRContentChanged` (#28731) (#28737)
+  * Improve 1.21 document for Database Preparation (#28643) (#28644)
+
+## [1.21.3](https://github.com/go-gitea/gitea/releases/tag/1.21.3) - 2023-12-21
+
+* SECURITY
+  * Update golang.org/x/crypto (#28519)
+* API
+  * chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525)
+  * Add endpoint for not implemented Docker auth (#28457) (#28462)
+* ENHANCEMENTS
+  * Add option to disable ambiguous unicode characters detection (#28454) (#28499)
+  * Refactor SSH clone URL generation code (#28421) (#28480)
+  * Polyfill SubmitEvent for PaleMoon (#28441) (#28478)
+* BUGFIXES
+  * Fix the issue ref rendering for wiki (#28556) (#28559)
+  * Fix duplicate ID when deleting repo (#28520) (#28528)
+  * Only check online runner when detecting matching runners in workflows (#28286) (#28512)
+  * Initalize stroage for orphaned repository doctor (#28487) (#28490)
+  * Fix possible nil pointer access (#28428) (#28440)
+  * Don't show unnecessary citation JS error on UI (#28433) (#28437)
+* DOCS
+  * Update actions document about comparsion as Github Actions (#28560) (#28564)
+  * Fix documents for "custom/public/assets/" (#28465) (#28467)
+* MISC
+  * Fix inperformant query on retrifing review from database. (#28552) (#28562)
+  * Improve the prompt for "ssh-keygen sign" (#28509) (#28510)
+  * Update docs for DISABLE_QUERY_AUTH_TOKEN (#28485) (#28488)
+  * Fix Chinese translation of config cheat sheet[API] (#28472) (#28473)
+  * Retry SSH key verification with additional CRLF if it failed (#28392) (#28464)
+
+## [1.21.2](https://github.com/go-gitea/gitea/releases/tag/1.21.2) - 2023-12-12
+
+* SECURITY
+  * Rebuild with recently released golang version
+  * Fix missing check (#28406) (#28411)
+  * Do some missing checks (#28423) (#28432)
+* BUGFIXES
+  * Fix margin in server signed signature verification view (#28379) (#28381)
+  * Fix object does not exist error when checking citation file (#28314) (#28369)
+  * Use `filepath` instead of `path` to create SQLite3 database file (#28374) (#28378)
+  * Fix the runs will not be displayed bug when the main branch have no workflows but other branches have (#28359) (#28365)
+  * Handle repository.size column being NULL in migration v263 (#28336) (#28363)
+  * Convert git commit summary to valid UTF8. (#28356) (#28358)
+  * Fix migration panic due to an empty review comment diff (#28334) (#28362)
+  * Add `HEAD` support for rpm repo files (#28309) (#28360)
+  * Fix RPM/Debian signature key creation (#28352) (#28353)
+  * Keep profile tab when clicking on Language (#28320) (#28331)
+  * Fix missing issue search index update when changing status (#28325) (#28330)
+  * Fix wrong link in `protect_branch_name_pattern_desc` (#28313) (#28315)
+  * Read `previous` info from git blame (#28306) (#28310)
+  * Ignore "non-existing" errors when getDirectorySize calculates the size (#28276) (#28285)
+  * Use appSubUrl for OAuth2 callback URL tip (#28266) (#28275)
+  * Meilisearch: require all query terms to be matched (#28293) (#28296)
+  * Fix required error for token name (#28267) (#28284)
+  * Fix issue will be detected as pull request when checking `First-time contributor` (#28237) (#28271)
+  * Use full width for project boards (#28225) (#28245)
+  * Increase "version" when update the setting value to a same value as before (#28243) (#28244)
+  * Also sync DB branches on push if necessary (#28361) (#28403)
+  * Make gogit Repository.GetBranchNames consistent (#28348) (#28386)
+  * Recover from panic in cron task (#28409) (#28425)
+  * Deprecate query string auth tokens (#28390) (#28430)
+* ENHANCEMENTS
+  * Improve doctor cli behavior (#28422) (#28424)
+  * Fix margin in server signed signature verification view (#28379) (#28381)
+  * Refactor template empty checks (#28351) (#28354)
+  * Read `previous` info from git blame (#28306) (#28310)
+  * Use full width for project boards (#28225) (#28245)
+  * Enable system users search via the API (#28013) (#28018)
+
+## [1.21.1](https://github.com/go-gitea/gitea/releases/tag/1.21.1) - 2023-11-26
+
+* SECURITY
+  * Fix comment permissions (#28213) (#28216)
+* BUGFIXES
+  * Fix delete-orphaned-repos (#28200) (#28202)
+  * Make CORS work for oauth2 handlers (#28184) (#28185)
+  * Fix missing buttons (#28179) (#28181)
+  * Fix no ActionTaskOutput table waring (#28149) (#28152)
+  * Fix empty action run title (#28113) (#28148)
+  * Use "is-loading" to avoid duplicate form submit for code comment (#28143) (#28147)
+  * Fix Matrix and MSTeams nil dereference (#28089) (#28105)
+  * Fix incorrect pgsql conn builder behavior (#28085) (#28098)
+  * Fix system config cache expiration timing (#28072) (#28090)
+  * Restricted users only see repos in orgs which their team was assigned to (#28025) (#28051)
+* API
+  * Fix permissions for Token DELETE endpoint to match GET and POST (#27610) (#28099)
+* ENHANCEMENTS
+  * Do not display search box when there's no packages yet (#28146) (#28159)
+  * Add missing `packages.cleanup.success` (#28129) (#28132)
+* DOCS
+  * Docs: Replace deprecated IS_TLS_ENABLED mailer setting in email setup (#28205) (#28208)
+  * Fix the description about the default setting for action in quick start document (#28160) (#28168)
+  * Add guide page to actions when there's no workflows (#28145) (#28153)
+* MISC
+  * Use full width for PR comparison (#28182) (#28186)
+
+## [1.21.0](https://github.com/go-gitea/gitea/releases/tag/v1.21.0) - 2023-11-14
+
+* BREAKING
+  * Restrict certificate type for builtin SSH server (#26789)
+  * Refactor to use urfave/cli/v2 (#25959)
+  * Move public asset files to the proper directory (#25907)
+  * Remove commit status running and warning to align GitHub (#25839) (partially reverted: Restore warning commit status (#27504) (#27529))
+  * Remove "CHARSET" config option for MySQL, always use "utf8mb4" (#25413)
+  * Set SSH_AUTHORIZED_KEYS_BACKUP to false (#25412)
+* FEATURES
+  * User details page (#26713)
+  * Chore(actions): support cron schedule task (#26655)
+  * Support rebuilding issue indexer manually (#26546)
+  * Allow to archive labels (#26478)
+  * Add disable workflow feature (#26413)
+  * Support `.git-blame-ignore-revs` file (#26395)
+  * Pre-register OAuth2 applications for git credential helpers (#26291)
+  * Add `Retry` button when creating a mirror-repo fails (#26228)
+  * Artifacts retention and auto clean up (#26131)
+  * Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)
+  * Implement auto-cancellation of concurrent jobs if the event is push (#25716)
+  * Newly pushed branches hints on repository home page (#25715)
+  * Display branch commit status (#25608)
+  * Add direct serving of package content (#25543)
+  * Add commits dropdown in PR files view and allow commit by commit review (#25528)
+  * Allow package cleanup from admin page (#25307)
+  * Batch delete issue and improve tippy opts (#25253)
+  * Show branches and tags that contain a commit (#25180)
+  * Add actor and status dropdowns to run list (#25118)
+  * Allow Organisations to have a E-Mail (#25082)
+  * Add codeowners feature (#24910)
+  * Actions Artifacts support uploading multiple files and directories (#24874)
+  * Support configuration variables on Gitea Actions (#24724)
+  * Support downloading raw task logs (#24451)
+* API
+  * Unify two factor check (#27915) (#27929)
+  * Fix package webhook (#27839) (#27855)
+  * Fix/upload artifact error windows (#27802) (#27840)
+  * Fix bad method call when deleting user secrets via API (#27829) (#27831)
+  * Do not force creation of _cargo-index repo on publish (#27266) (#27765)
+  * Delete repos of org when purge delete user (#27273) (#27728)
+  * Fix org team endpoint (#27721) (#27727)
+  * Api: GetPullRequestCommits: return file list (#27483) (#27539)
+  * Don't let API add 2 exclusive labels from same scope (#27433) (#27460)
+  * Redefine the meaning of column is_active to make Actions Registration Token generation easier (#27143) (#27304)
+  * Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27251)
+  * Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27163)
+  * Allow empty Conan files (#27092)
+  * Fix token endpoints ignore specified account (#27080)
+  * Reduce usage of `db.DefaultContext` (#27073) (#27083) (#27089) (#27103) (#27262) (#27265) (#27347) (#26076)
+  * Make SSPI auth mockable (#27036)
+  * Extract auth middleware from service (#27028)
+  * Add `RemoteAddress` to mirrors (#26952)
+  * Feat(API): add routes and functions for managing user's secrets (#26909)
+  * Feat(API): add secret deletion functionality for repository (#26808)
+  * Feat(API): add route and implementation for creating/updating repository secret (#26766)
+  * Add Upload URL to release API (#26663)
+  * Feat(API): update and delete secret for managing organization secrets (#26660)
+  * Feat: implement organization secret creation API (#26566)
+  * Add API route to list org secrets (#26485)
+  * Set commit id when ref used explicitly (#26447)
+  * PATCH branch-protection updates check list even when checks are disabled (#26351)
+  * Add file status for API "Get a single commit from a repository" (#16205) (#25831)
+  * Add API for changing Avatars (#25369)
+* BUGFIXES
+  * Fix viewing wiki commit on empty repo (#28040) (#28044)
+  * Enable system users for comment.LoadPoster (#28014) (#28032)
+  * Fixed duplicate attachments on dump on windows (#28019) (#28031)
+  * Fix wrong xorm Delete usage(backport for 1.21) (#28002)
+  * Add word-break to repo description in home page (#27924) (#27957)
+  * Fix rendering assignee changed comments without assignee (#27927) (#27952)
+  * Add word break to release title (#27942) (#27947)
+  * Fix JS NPE when viewing specific range of PR commits (#27912) (#27923)
+  * Show correct commit sha when viewing single commit diff (#27916) (#27921)
+  * Fix 500 when deleting a dismissed review (#27903) (#27910)
+  * Fix DownloadFunc when migrating releases (#27887) (#27890)
+  * Fix http protocol auth (#27875) (#27876)
+  * Refactor postgres connection string building (#27723) (#27869)
+  * Close all hashed buffers (#27787) (#27790)
+  * Fix label render containing invalid HTML (#27752) (#27762)
+  * Fix duplicate project board when hitting `enter` key (#27746) (#27751)
+  * Fix `link-action` redirect network error (#27734) (#27749)
+  * Fix sticky diff header background (#27697) (#27712)
+  * Always delete existing scheduled action tasks (#27662) (#27688)
+  * Support allowed hosts for webhook to work with proxy (#27655) (#27675)
+  * Fix poster is not loaded in get default merge message (#27657) (#27666)
+  * Improve dropdown button alignment and fix hover bug (#27632) (#27637)
+  * Improve retrying index issues (#27554) (#27634)
+  * Fix 404 when deleting Docker package with an internal version (#27615) (#27630)
+  * Backport manually for a tmpl issue in v1.21 (#27612)
+  * Don't show Link to TOTP if not set up (#27585) (#27588)
+  * Fix data-race bug when accessing task.LastRun (#27584) (#27586)
+  * Fix attachment download bug (#27486) (#27571)
+  * Respect SSH.KeygenPath option when calculating ssh key fingerprints (#27536) (#27551)
+  * Improve dropdown's behavior when there is a search input in menu (#27526) (#27534)
+  * Fix panic in storageHandler (#27446) (#27479)
+  * When comparing with an non-exist repository, return 404 but 500 (#27437) (#27442)
+  * Fix pr template (#27436) (#27440)
+  * Fix git 2.11 error when checking IsEmpty (#27393) (#27397)
+  * Allow get release download files and lfs files with oauth2 token format (#26430) (#27379)
+  * Fix missing ctx for GetRepoLink in dashboard (#27372) (#27375)
+  * Absolute positioned checkboxes  overlay floated elements (#26870) (#27366)
+  * Introduce fixes and more rigorous tests for 'Show on a map' feature (#26803) (#27365)
+  * Fix repo count in org action settings (#27245) (#27353)
+  * Add logs for data broken of comment review (#27326) (#27345)
+  * Fix the approval count of PR when there is no protection branch rule (#27272) (#27343)
+  * Fix Bug in Issue Config when only contact links are set (#26521) (#27334)
+  * Improve issue history dialog and make poster can delete their own history (#27323) (#27327)
+  * Fix orphan check for deleted branch (#27310) (#27321)
+  * Fix protected branch icon location (#26576) (#27317)
+  * Fix yaml test (#27297) (#27303)
+  * Fix some animation bugs (#27287) (#27294)
+  * Fix incorrect change from #27231 (#27275) (#27282)
+  * Add missing public user visibility in user details page (#27246) (#27250)
+  * Fix EOL handling in web editor (#27141) (#27234)
+  * Fix issues on action runners page (#27226) (#27233)
+  * Quote table `release` in sql queries (#27205) (#27218)
+  * Fix release URL in webhooks (#27182) (#27185)
+  * Fix review request number and add more tests (#27104) (#27168)
+  * Fix the variable regexp pattern on web page (#27161) (#27164)
+  * Fix: treat tab "overview" as "repositories" in user profiles without readme (#27124)
+  * Fix NPE when editing OAuth2 applications (#27078)
+  * Fix the incorrect route path in the user edit page. (#27007)
+  * Fix the secret regexp pattern on web page (#26910)
+  * Allow users with write permissions for issues to add attachments with API (#26837)
+  * Make "link-action" backend code respond correct JSON content (#26680)
+  * Use line-height: normal by default (#26635)
+  * Fix NPM packages name validation (#26595)
+  * Rewrite the DiffFileTreeItem and fix misalignment (#26565)
+  * Return empty when searching issues with no repos (#26545)
+  * Explain SearchOptions and fix ToSearchOptions (#26542)
+  * Add missing triggers to update issue indexer (#26539)
+  * Handle base64 decoding correctly to avoid panic (#26483)
+  * Avoiding accessing undefined mentionValues (#26461)
+  * Fix incorrect redirection in new issue using references (#26440)
+  * Fix the bug when getting files changed for `pull_request_target` event (#26320)
+  * Remove IsWarning in  tmpl (#26120)
+  * Fix loading `LFS_JWT_SECRET` from wrong section (#26109)
+  * Fixing redirection issue for logged-in users (#26105)
+  * Improve "gitea doctor" sub-command and fix "help" commands (#26072)
+  * Fix the truncate and alignment problem for some admin tables (#26042)
+  * Update minimum password length requirements (#25946)
+  * Do not "guess" the file encoding/BOM when using API to upload files (#25828)
+  * Restructure issue list template, styles (#25750)
+  * Fix `ref` for workflows triggered by `pull_request_target` (#25743)
+  * Fix issues indexer document mapping (#25619)
+  * Use JSON response for "user/logout" (#25522)
+  * Fix migrate page layout on mobile (#25507)
+  * Link to existing PR when trying to open a new PR on the same branches (#25494)
+  * Do not publish docker release images on `-dev` tags (#25471)
+  * Support `pull_request_target` event (#25229)
+  * Modify the content format of the Feishu webhook (#25106)
+* ENHANCEMENTS
+  * Render email addresses as such if followed by punctuation (#27987) (#27992)
+  * Show error toast when file size exceeds the limits (#27985) (#27986)
+  * Fix citation error when the file size is larger than 1024 bytes (#27958) (#27965)
+  * Remove action runners on user deletion (#27902) (#27908)
+  * Remove set tabindex on view issue (#27892) (#27896)
+  * Reduce margin/padding on flex-list items and divider (#27872) (#27874)
+  * Change katex limits (#27823) (#27868)
+  * Clean up template locale usage (#27856) (#27857)
+  * Add dedicated class for empty placeholders (#27788) (#27792)
+  * Add gap between diff boxes (#27776) (#27781)
+  * Fix incorrect "tab" parameter for repo search sub-template (#27755) (#27764)
+  * Enable followCursor for language stats bar (#27713) (#27739)
+  * Improve diff tree spacing (#27714) (#27719)
+  * Feed UI Improvements (#27356) (#27717)
+  * Improve feed icons and feed merge text color (#27498) (#27716)
+  * [FIX] resolve confusing colors in languages stats by insert a gap (#27704) (#27715)
+  * Add doctor dbconsistency fix to delete repos with no owner (#27290) (#27693)
+  * Fix required checkboxes in issue forms (#27592) (#27692)
+  * Hide archived labels by default from the suggestions when assigning labels for an issue (#27451) (#27661)
+  * Cleanup repo details icons/labels (#27644) (#27654)
+  * Keep filter when showing unfiltered results on explore page (#27192) (#27589)
+  * Show manual cron run's last time (#27544) (#27577)
+  * Revert "Fix pr template (#27436)" (#27567)
+  * Increase queue length (#27555) (#27562)
+  * Avoid run change title process when the title is same (#27467) (#27558)
+  * Remove max-width and add hide text overflow (#27359) (#27550)
+  * Add hover background to wiki list page (#27507) (#27521)
+  * Fix mermaid flowchart margin issue (#27503) (#27516)
+  * Refactor system setting (#27000) (#27452)
+  * Fix  missing `ctx`  in new_form.tmpl  (#27434) (#27438)
+  * Add Index to `action.user_id` (#27403) (#27425)
+  * Don't use subselect in `DeleteIssuesByRepoID` (#27332) (#27408)
+  * Add support for HEAD ref in /src/branch and /src/commit routes (#27384) (#27407)
+  * Make Actions tasks/jobs timeouts configurable by the user (#27400) (#27402)
+  * Hide archived labels when filtering by labels on the issue list (#27115) (#27381)
+  * Highlight user details link (#26998) (#27376)
+  * Add protected branch name description (#27257) (#27351)
+  * Improve tree not found page (#26570) (#27346)
+  * Add Index to `comment.dependent_issue_id` (#27325) (#27340)
+  * Improve branch list UI (#27319) (#27324)
+  * Fix divider in subscription page (#27298) (#27301)
+  * Add missed return to actions view fetch (#27289) (#27293)
+  * Backport ctx locale refactoring manually (#27231) (#27259) (#27260)
+  * Disable `Test Delivery` and `Replay` webhook buttons when webhook is inactive (#27211) (#27253)
+  * Use mask-based fade-out effect for `.new-menu` (#27181) (#27243)
+  * Cleanup locale function usage (#27227) (#27240)
+  * Fix z-index on markdown completion (#27237) (#27239)
+  * Fix Fomantic UI dropdown icon bug when there is a search input in menu (#27225) (#27228)
+  * Allow copying issue comment link on archived repos and when not logged in (#27193) (#27210)
+  * Fix: text decorator on issue sidebar menu label (#27206) (#27209)
+  * Fix dropdown icon position (#27175) (#27177)
+  * Add index to `issue_user.issue_id` (#27154) (#27158)
+  * Increase auth provider icon size on login page (#27122)
+  * Remove a `gt-float-right` and some unnecessary helpers (#27110)
+  * Change green buttons to primary color (#27099)
+  * Use db.WithTx for AddTeamMember to avoid ctx abuse (#27095)
+  * Use `print` instead of `printf` (#27093)
+  * Remove the useless function `GetUserIssueStats` and move relevant tests to `indexer_test.go` (#27067)
+  * Search branches (#27055)
+  * Display all user types and org types on admin management UI (#27050)
+  * Ui correction in mobile view nav bar left aligned items. (#27046)
+  * Chroma color tweaks (#26978)
+  * Move some functions to service layer (#26969)
+  * Improve "language stats" UI (#26968)
+  * Replace `util.SliceXxx`  with `slices.Xxx` (#26958)
+  * Refactor dashboard/feed.tmpl (#26956)
+  * Move repository deletion to service layer (#26948)
+  * Fix the missing repo count (#26942)
+  * Improve hint when uploading a too large avatar (#26935)
+  * Extract common code to new template (#26933)
+  * Move createrepository from module to service layer (#26927)
+  * Move notification interface to services layer (#26915)
+  * Move feed notification service layer (#26908)
+  * Move ui notification to service layer (#26907)
+  * Move indexer notification to service layer (#26906)
+  * Move mail notification logic to service layer (#26905)
+  * Extract common code to new template (#26903)
+  * Show queue's active worker number (#26896)
+  * Fix media description render for orgmode (#26895)
+  * Remove CSS `has` selector and improve various styles (#26891)
+  * Relocate the `RSS user feed` button (#26882)
+  * Refactor "shortsha" (#26877)
+  * Refactor `og:description` to limit the max length (#26876)
+  * Move web/api context related testing function into a separate package (#26859)
+  * Redable error on S3 storage connection failure (#26856)
+  * Improve opengraph previews (#26851)
+  * Add more descriptive error on forgot password page (#26848)
+  * Show always repo count in header (#26842)
+  * Remove "TODO" tasks from CSS file (#26835)
+  * Render code blocks in repo description (#26830)
+  * Minor dashboard tweaks, fix flex-list margins (#26829)
+  * Remove polluted `.ui.right` (#26825)
+  * Display archived labels specially when listing labels (#26820)
+  * Remove polluted ".ui.left" style (#26809)
+  * Make it posible to customize nav text color via css var (#26807)
+  * Refactor lfs requests (#26783)
+  * Improve flex list item padding (#26779)
+  * Remove fomantic `text` module (#26777)
+  * Remove fomantic `item` module (#26775)
+  * Remove redundant nil check in `WalkGitLog` (#26773)
+  * Reduce some allocations in type conversion (#26772)
+  * Refactor some CSS styles and simplify code (#26771)
+  * Unify `border-radius` behavior (#26770)
+  * Improve modal dialog UI (#26764)
+  * Allow "latest" to be used in release vTag when downloading file (#26748)
+  * Adding hint `Archived` to archive label. (#26741)
+  * Move `modules/mirror` to `services` (#26737)
+  * Add "dir=auto" for input/textarea elements by default (#26735)
+  * Add auth-required to config.json for Cargo http registry (#26729)
+  * Simplify helper CSS classes and avoid abuse (#26728)
+  * Make web context initialize correctly for different cases (#26726)
+  * Focus editor on "Write" tab click (#26714)
+  * Remove incorrect CSS helper classes (#26712)
+  * Fix review bar misalignment (#26711)
+  * Add reverseproxy auth for API back with default disabled (#26703)
+  * Add default label in branch select list (#26697)
+  * Improve Image Diff UI (#26696)
+  * Fixed text overflow in dropdown menu (#26694)
+  * [Refactor] getIssueStatsChunk to move inner function into own one (#26671)
+  * Remove fomantic loader module (#26670)
+  * Add `member`, `collaborator`, `contributor`, and `first-time contributor` roles and tooltips (#26658)
+  * Improve some flex layouts (#26649)
+  * Improve the branch selector tab UI (#26631)
+  * Improve show role (#26621)
+  * Remove avatarHTML from template helpers (#26598)
+  * Allow text selection in actions step header (#26588)
+  * Improve translation of milestone filters (#26569)
+  * Add optimistic lock to ActionRun table (#26563)
+  * Update team invitation email link (#26550)
+  * Differentiate better between user settings and admin settings (#26538)
+  * Check disabled workflow when rerun jobs (#26535)
+  * Improve deadline icon location in milestone list page (#26532)
+  * Improve repo sub menu (#26531)
+  * Fix the display of org level badges (#26504)
+  * Rename `Sync2` -> `Sync` (#26479)
+  * Fix stderr usages (#26477)
+  * Remove fomantic transition module (#26469)
+  * Refactor tests (#26464)
+  * Refactor project templates (#26448)
+  * Fall back to esbuild for css minify (#26445)
+  * Always show usernames in reaction tooltips (#26444)
+  * Use correct pull request commit link instead of a generic commit link (#26434)
+  * Refactor "editorconfig" (#26391)
+  * Make `user-content-* ` consistent with github (#26388)
+  * Remove unnecessary template helper repoAvatar (#26387)
+  * Remove unnecessary template helper DisableGravatar (#26386)
+  * Use template context function for avatar rendering (#26385)
+  * Rename code_langauge.go to code_language.go (#26377)
+  * Use more `IssueList` instead of `[]*Issue` (#26369)
+  * Do not highlight `#number` in documents (#26365)
+  * Fix display problems of members and teams unit (#26363)
+  * Fix 404 error when remove self from an organization (#26362)
+  * Improve CLI and messages (#26341)
+  * Refactor backend SVG package and add tests (#26335)
+  * Add link to job details and tooltip to commit status in repo list in dashboard (#26326)
+  * Use yellow if an approved review is stale (#26312)
+  * Remove commit load branches and tags in wiki repo (#26304)
+  * Add highlight to selected repos in milestone dashboard (#26300)
+  * Delete `issue_service.CreateComment` (#26298)
+  * Do not show Profile README when repository is private (#26295)
+  * Tweak actions menu (#26278)
+  * Start using template context function (#26254)
+  * Use calendar icon for `Joined on...` in profiles (#26215)
+  * Add 'Show on a map' button to Location in profile, fix layout (#26214)
+  * Render plaintext task list items for markdown files (#26186)
+  * Add tooltip to describe LFS table column and color `delete LFS file` button red (#26181)
+  * Release attachments duplicated check (#26176)
+  * De-emphasize issue sidebar buttons (#26171)
+  * Fixing the align of commit stats in commit_page template. (#26161)
+  * Allow editing push mirrors after creation (#26151)
+  * Move web JSON functions to web context and simplify code (#26132)
+  * Refactor improve NoBetterThan (#26126)
+  * Improve clickable area in repo action view page (#26115)
+  * Add context parameter to some database functions (#26055)
+  * Docusaurus-ify (#26051)
+  * Improve text for empty issue/pr description (#26047)
+  * Categorize admin settings sidebar panel (#26030)
+  * Remove redundant "RouteMethods" method (#26024)
+  * Refactor and enhance issue indexer to support both searching, filtering and paging (#26012)
+  * Add a link to OpenID Issuer URL in WebFinger response (#26000)
+  * Fix UI for release tag page / wiki page / subscription page (#25948)
+  * Support copy protected branch from template repository (#25889)
+  * Improve display of Labels/Projects/Assignees sort options (#25886)
+  * Fix margin on the new/edit project page. (#25885)
+  * Show image size on view page (#25884)
+  * Remove ref name in PR commits page (#25876)
+  * Allow the use of alternative net.Listener implementations by downstreams (#25855)
+  * Refactor "Content" for file uploading (#25851)
+  * Add error info if no user can fork the repo (#25820)
+  * Show edit title button on commits tab of PR, too (#25791)
+  * Introduce `flex-list` & `flex-item` elements for Gitea UI (#25790)
+  * Don't stack PR tab menu on small screens (#25789)
+  * Repository Archived text title center align (#25767)
+  * Make route middleware/handler mockable (#25766)
+  * Move issue filters to shared template (#25729)
+  * Use frontend fetch for branch dropdown component (#25719)
+  * Add open/closed field support for issue index (#25708)
+  * Some less naked returns (#25682)
+  * Fix inconsistent user profile layout across tabs (#25625)
+  * Get latest commit statuses from database instead of git data on dashboard for repositories (#25605)
+  * Adding  branch-name copy  to clipboard branches screen. (#25596)
+  * Update emoji set to Unicode 15 (#25595)
+  * Move some files under repo/setting (#25585)
+  * Add custom ansi colors and CSS variables for them (#25546)
+  * Add log line anchor for action logs (#25532)
+  * Use flex instead of float for sort button and search input (#25519)
+  * Update octicons and use `octicon-file-directory-symlink` (#25453)
+  * Add toasts to UI (#25449)
+  * Fine tune project board label colors and modal content background (#25419)
+  * Import additional secrets via file uri (#25408)
+  * Switch to ansi_up for ansi rendering in actions (#25401)
+  * Store and use seconds for timeline time comments (#25392)
+  * Support displaying diff stats in PR tab bar (#25387)
+  * Use fetch form action for lock/unlock/pin/unpin on sidebar (#25380)
+  * Refactor: TotalTimes return seconds (#25370)
+  * Navbar styling rework (#25343)
+  * Introduce shared template for search inputs (#25338)
+  * Only show 'Manage Account Links' when necessary (#25311)
+  * Improve 'Privacy' section in profile settings (#25309)
+  * Substitute variables in path names of template repos too (#25294)
+  * Fix tags line no margin see #25255 (#25280)
+  * Use fetch to send requests to create issues/comments (#25258)
+  * Change form actions to fetch for submit review box (#25219)
+  * Improve AJAX link and modal confirm dialog (#25210)
+  * Reduce unnecessary DB queries for Actions tasks (#25199)
+  * Disable `Create column` button while the column name is empty (#25192)
+  * Refactor indexer (#25174)
+  * Adjust style for action run list (align icons, adjust padding) (#25170)
+  * Remove duplicated functions when deleting a branch (#25128)
+  * Make confusable character warning less jarring (#25069)
+  * Highlight viewed files differently in the PR filetree (#24956)
+  * Support changing labels of Actions runner without re-registration (#24806)
+  * Fix duplicate Reviewed-by trailers (#24796)
+  * Resolve issue with sort icons on admin/users and admin/runners (#24360)
+  * Split lfs size from repository size (#22900)
+  * Sync branches into databases (#22743)
+  * Disable run user change in installation page (#22499)
+  * Add merge files files to GetCommitFileStatus (#20515)
+  * Show OpenID Connect and OAuth on signup page (#20242)
+* SECURITY
+  * Dont leak private users via extensions (#28023) (#28029)
+  * Expanded minimum RSA Keylength to 3072 (#26604)
+* TESTING
+  * Add user secrets API integration tests (#27832) (#27852)
+  * Add tests for db indexer in indexer_test.go (#27087)
+  * Speed up TestEventSourceManagerRun (#26262)
+  * Add unit test for user renaming (#26261)
+  * Add some Wiki unit tests (#26260)
+  * Improve unit test for caching (#26185)
+  * Add unit test for `HashAvatar` (#25662)
+* TRANSLATION
+  * Backport translations to v1.21 (#27899)
+  * Fix issues in translation file (#27699) (#27737)
+  * Add locale for deleted head branch (#26296)
+  * Improve multiple strings in en-US locale (#26213)
+  * Fix broken translations for package documantion (#25742)
+  * Correct translation wrong format (#25643)
+* BUILD
+  * Dockerfile small refactor (#27757) (#27826)
+  * Fix build errors on BSD (in BSDMakefile) (#27594) (#27608)
+  * Fully replace drone with actions (#27556) (#27575)
+  * Enable markdownlint `no-duplicate-header` (#27500) (#27506)
+  * Enable production source maps for index.js, fix CSS sourcemaps (#27291) (#27295)
+  * Update snap package (#27021)
+  * Bump go to 1.21 (#26608)
+  * Bump xgo to go-1.21.x and node to 20 in release-version (#26589)
+  * Add template linting via djlint (#25212)
+* DOCS
+  * Change default size of issue/pr attachments and repo file (#27946) (#28017)
+  * Remove `known issue` section in Gitea Actions Doc (#27930) (#27938)
+  * Remove outdated paragraphs when comparing Gitea Actions to GitHub Actions (#27119)
+  * Update brew installation documentation since gitea moved to brew core package (#27070)
+  * Actions are no longer experimental, so enable them by default (#27054)
+  * Add a documentation note for Windows Service (#26938)
+  * Add sparse url in cargo package guide (#26937)
+  * Update nginx recommendations (#26924)
+  * Update backup instructions to align with archive structure (#26902)
+  * Expanding documentation in queue.go (#26889)
+  * Update info regarding internet connection for build (#26776)
+  * Docs: template variables (#26547)
+  * Update index doc (#26455)
+  * Update zh-cn documentation (#26406)
+  * Fix typos and grammer problems for actions documentation (#26328)
+  * Update documentation for 1.21 actions (#26317)
+  * Doc update swagger doc for POST /orgs/{org}/teams (#26155)
+  * Doc sync authentication.md to zh-cn (#26117)
+  * Doc guide the user to create the appropriate level runner (#26091)
+  * Make organization redirect warning more clear (#26077)
+  * Update blog links (#25843)
+  * Fix default value for LocalURL (#25426)
+  * Update `from-source.zh-cn.md` & `from-source.en-us.md` - Cross Compile Using Zig (#25194)
+* MISC
+  * Replace deprecated `elliptic.Marshal` (#26800)
+  * Add elapsed time on debug for slow git commands (#25642)
+
 ## [1.20.5](https://github.com/go-gitea/gitea/releases/tag/v1.20.5) - 2023-10-03

 * ENHANCEMENTS
@ -455,7 +1051,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.com).
  * Add option to search for users is active join a team (#24093)
  * Add PDF rendering via PDFObject (#24086)
  * Refactor web route (#24080)
-  * Make more functions use ctx instead of db.DefaultContext (#24068)
  * Make HTML template functions support context (#24056)
  * Refactor rename user and rename organization (#24052)
  * Localize milestone related time strings (#24051)
--- a/32
+++ b/32
@ -0,0 +1,32 @@
+# This file describes the expected reviewers for a PR based on the changed
+# files. Unlike what the name of the file suggests they don't own the code, but
+# merely have a good understanding of that area of the codebase and therefore
+# are usually suited as a reviewer.
+
+
+# Please mind the alphabetic order of reviewers.
+
+# Files related to the CI of the Forgejo project.
+.forgejo/.* @dachary @earl-warren
+
+# Files related to frontend development.
+
+# Javascript and CSS code.
+web_src/.* @caesar @crystal @gusted
+
+# HTML templates used by the backend.
+templates/.* @caesar @crystal @gusted
+
+# Files related to Go development.
+
+# The modules usually don't require much knowledge about Forgejo and could
+# be reviewed by Go developers.
+modules/.* @dachary @earl-warren @gusted
+
+# Models has code related to SQL queries, general database knowledge and XORM.
+models/.* @dachary @earl-warren @gusted
+
+# The routers directory contains the most amount code that requires a good grasp
+# of how Forgejo comes together. It's tedious to write good integration testing
+# for code that lives in here.
+routers/.* @dachary @earl-warren @gusted
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -1,96 +0,0 @@
-# Gitea Community Code of Conduct
-
-## About
-
-Online communities include people from many different backgrounds. The Gitea contributors are committed to providing a friendly, safe and welcoming environment for all, regardless of gender identity and expression, sexual orientation, disabilities, neurodiversity, physical appearance, body size, ethnicity, nationality, race, age, religion, or similar personal characteristics.
-
-The first goal of the Code of Conduct is to specify a baseline standard of behavior so that people with different social values and communication styles can talk about Gitea effectively, productively, and respectfully.
-
-The second goal is to provide a mechanism for resolving conflicts in the community when they arise.
-
-The third goal of the Code of Conduct is to make our community welcoming to people from different backgrounds. Diversity is critical to the project; for Gitea to be successful, it needs contributors and users from all backgrounds.
-
-We believe that healthy debate and disagreement are essential to a healthy project and community. However, it is never ok to be disrespectful. We value diverse opinions, but we value respectful behavior more.
-
-## Community values
-
-These are the values to which people in the Gitea community should aspire.
-
- **Be friendly and welcoming.**
- **Be patient.**
-  - Remember that people have varying communication styles and that not everyone is using their native language. (Meaning and tone can be lost in translation.)
- **Be thoughtful.**
-  - Productive communication requires effort. Think about how your words will be interpreted.
-  - Remember that sometimes it is best to refrain entirely from commenting.
- **Be respectful.**
-  - In particular, respect differences of opinion.
- **Be charitable.**
-  - Interpret the arguments of others in good faith, do not seek to disagree.
-  - When we do disagree, try to understand why.
- **Be constructive.**
-  - Avoid derailing: stay on topic; if you want to talk about something else, start a new conversation.
-  - Avoid unconstructive criticism: don't merely decry the current state of affairs; offer—or at least solicit—suggestions as to how things may be improved.
-  - Avoid snarking (pithy, unproductive, sniping comments)
-  - Avoid discussing potentially offensive or sensitive issues; this all too often leads to unnecessary conflict.
-  - Avoid microaggressions (brief and commonplace verbal, behavioral and environmental indignities that communicate hostile, derogatory or negative slights and insults to a person or group).
- **Be responsible.**
-  - What you say and do matters. Take responsibility for your words and actions, including their consequences, whether intended or otherwise.
-
-People are complicated. You should expect to be misunderstood and to misunderstand others; when this inevitably occurs, resist the urge to be defensive or assign blame. Try not to take offense where no offense was intended. Give people the benefit of the doubt. Even if the intent was to provoke, do not rise to it. It is the responsibility of all parties to de-escalate conflict when it arises.
-
-## Code of Conduct
-
-### Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
-
-### Our Standards
-
-Examples of behavior that contributes to creating a positive environment include:
-
- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
- The use of sexualized language or imagery and unwelcome sexual attention or advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others’ private information, such as a physical or electronic address, without explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
-
-### Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or reject: comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, as well as to ban (temporarily or permanently) any contributor for behaviors that they deem inappropriate, threatening, offensive, or harmful.
-
-### Scope
-
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
-
-This Code of Conduct also applies outside the project spaces when the Project Stewards have a reasonable belief that an individual’s behavior may have a negative impact on the project or its community.
-
-### Conflict Resolution
-
-We do not believe that all conflict is bad; healthy debate and disagreement often yield positive results. However, it is never okay to be disrespectful or to engage in behavior that violates the project’s code of conduct.
-
-If you see someone violating the code of conduct, you are encouraged to address the behavior directly with those involved. Many issues can be resolved quickly and easily, and this gives people more control over the outcome of their dispute. If you are unable to resolve the matter for any reason, or if the behavior is threatening or harassing, report it. We are dedicated to providing an environment where participants feel welcome and safe.
-
-Reports should be directed to the Gitea Project Stewards at conduct@gitea.com. It is the Project Stewards’ duty to receive and address reported violations of the code of conduct. They will then work with a committee consisting of representatives from the technical-oversight-committee.
-
-We will investigate every complaint, but you may not receive a direct response. We will use our discretion in determining when and how to follow up on reported incidents, which may range from not taking action to permanent expulsion from the project and project-sponsored spaces. Under normal circumstances, we will notify the accused of the report and provide them an opportunity to discuss it before any action is taken. If there is a consensus between maintainers that such an endeavor would be useless (i.e. in case of an obvious spammer), we reserve the right to take action without notifying the accused first. The identity of the reporter will be omitted from the details of the report supplied to the accused. In potentially harmful situations, such as ongoing harassment or threats to anyone’s safety, we may take action without notice.
-
-### Attribution
-
-This Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-## Summary
-
- Treat everyone with respect and kindness.
- Be thoughtful in how you communicate.
- Don’t be destructive or inflammatory.
- If you encounter an issue, please mail conduct@gitea.com.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,563 +1,24 @@
-# Contribution Guidelines
+# Forgejo Contributor Guide

-<details><summary>Table of Contents</summary>
+The Forgejo project is run by a community of people who are expected to follow this guide when cooperating on a simple bug fix as well as when changing the governance. For more information about the project, take a look at [the documentation explaining what Forgejo provides](README.md).

- [Contribution Guidelines](#contribution-guidelines)
-  - [Introduction](#introduction)
-  - [Issues](#issues)
-    - [How to report issues](#how-to-report-issues)
-    - [Types of issues](#types-of-issues)
-    - [Discuss your design before the implementation](#discuss-your-design-before-the-implementation)
-  - [Building Gitea](#building-gitea)
-  - [Dependencies](#dependencies)
-    - [Backend](#backend)
-    - [Frontend](#frontend)
-  - [Design guideline](#design-guideline)
-  - [Styleguide](#styleguide)
-  - [Copyright](#copyright)
-  - [Testing](#testing)
-  - [Translation](#translation)
-  - [Code review](#code-review)
-    - [Pull request format](#pull-request-format)
-    - [PR title and summary](#pr-title-and-summary)
-    - [Milestone](#milestone)
-    - [Labels](#labels)
-    - [Breaking PRs](#breaking-prs)
-      - [What is a breaking PR?](#what-is-a-breaking-pr)
-      - [How to handle breaking PRs?](#how-to-handle-breaking-prs)
-    - [Maintaining open PRs](#maintaining-open-prs)
-    - [Getting PRs merged](#getting-prs-merged)
-    - [Final call](#final-call)
-    - [Commit messages](#commit-messages)
-      - [PR Co-authors](#pr-co-authors)
-      - [PRs targeting `main`](#prs-targeting-main)
-      - [Backport PRs](#backport-prs)
-  - [Documentation](#documentation)
-  - [API v1](#api-v1)
-    - [GitHub API compatibility](#github-api-compatibility)
-    - [Adding/Maintaining API routes](#addingmaintaining-api-routes)
-    - [When to use what HTTP method](#when-to-use-what-http-method)
-    - [Requirements for API routes](#requirements-for-api-routes)
-  - [Backports and Frontports](#backports-and-frontports)
-    - [What is backported?](#what-is-backported)
-    - [How to backport?](#how-to-backport)
-    - [Format of backport PRs](#format-of-backport-prs)
-    - [Frontports](#frontports)
-  - [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco)
-  - [Release Cycle](#release-cycle)
-  - [Maintainers](#maintainers)
-  - [Technical Oversight Committee (TOC)](#technical-oversight-committee-toc)
-    - [Current TOC members](#current-toc-members)
-    - [Previous TOC/owners members](#previous-tocowners-members)
-  - [Governance Compensation](#governance-compensation)
-  - [TOC \& Working groups](#toc--working-groups)
-  - [Roadmap](#roadmap)
-  - [Versions](#versions)
-  - [Releasing Gitea](#releasing-gitea)
+Sensitive security-related issues should be reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).

-</details>
+## For everyone involved

-## Introduction
+- [Documentation](https://forgejo.org/docs/next/)
+- [Code of Conduct](https://forgejo.org/docs/latest/developer/coc/)
+- [Bugs, features, security and others discussions](https://forgejo.org/docs/latest/developer/discussions/)
+- [Governance](https://forgejo.org/docs/latest/developer/governance/)
+- [Sustainability and funding](https://codeberg.org/forgejo/sustainability/src/branch/main/README.md)

-This document explains how to contribute changes to the Gitea project. \
-It assumes you have followed the [installation instructions](https://docs.gitea.com/category/installation). \
-Sensitive security-related issues should be reported to [security@gitea.io](mailto:security@gitea.io).
+## For contributors

-For configuring IDEs for Gitea development, see the [contributed IDE configurations](contrib/ide/).
+- [Developer Certificate of Origin (DCO)](https://forgejo.org/docs/latest/developer/dco/)
+- [Development workflow](https://forgejo.org/docs/latest/developer/workflow/)
+- [Compiling from source](https://forgejo.org/docs/latest/developer/from-source/)

-## Issues
+## For maintainers

-### How to report issues
-
-Please search the issues on the issue tracker with a variety of related keywords to ensure that your issue has not already been reported.
-
-If your issue has not been reported yet, [open an issue](https://github.com/go-gitea/gitea/issues/new)
-and answer the questions so we can understand and reproduce the problematic behavior. \
-Please write clear and concise instructions so that we can reproduce the behavior — even if it seems obvious. \
-The more detailed and specific you are, the faster we can fix the issue. \
-It is really helpful if you can reproduce your problem on a site running on the latest commits, i.e. <https://try.gitea.io>, as perhaps your problem has already been fixed on a current version. \
-Please follow the guidelines described in [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html) for your report.
-
-Please be kind, remember that Gitea comes at no cost to you, and you're getting free help.
-
-### Types of issues
-
-Typically, issues fall in one of the following categories:
-
- `bug`: Something in the frontend or backend behaves unexpectedly
- `security issue`: bug that has serious implications such as leaking another users data. Please do not file such issues on the public tracker and send a mail to security@gitea.io instead
- `feature`: Completely new functionality. You should describe this feature in enough detail that anyone who reads the issue can understand how it is supposed to be implemented
- `enhancement`: An existing feature should get an upgrade
- `refactoring`: Parts of the code base don't conform with other parts and should be changed to improve Gitea's maintainability
-
-### Discuss your design before the implementation
-
-We welcome submissions. \
-If you want to change or add something, please let everyone know what you're working on — [file an issue](https://github.com/go-gitea/gitea/issues/new) or comment on an existing one before starting your work!
-
-Significant changes such as new features must go through the change proposal process before they can be accepted. \
-This is mainly to save yourself the trouble of implementing it, only to find out that your proposed implementation has some potential problems. \
-Furthermore, this process gives everyone a chance to validate the design, helps prevent duplication of effort, and ensures that the idea fits inside
-the goals for the project and tools.
-
-Pull requests should not be the place for architecture discussions.
-
-## Building Gitea
-
-See the [development setup instructions](https://docs.gitea.com/development/hacking-on-gitea).
-
-## Dependencies
-
-### Backend
-
-Go dependencies are managed using [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance). \
-You can find more details in the [go mod documentation](https://go.dev/ref/mod) and the [Go Modules Wiki](https://github.com/golang/go/wiki/Modules).
-
-Pull requests should only modify `go.mod` and `go.sum` where it is related to your change, be it a bugfix or a new feature. \
-Apart from that, these files should only be modified by Pull Requests whose only purpose is to update dependencies.
-
-The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
-and must be verified by the reviewers and/or merger to always reference
-an existing upstream commit.
-
-### Frontend
-
-For the frontend, we use [npm](https://www.npmjs.com/).
-
-The same restrictions apply for frontend dependencies as for backend dependencies, with the exceptions that the files for it are `package.json` and `package-lock.json`, and that new versions must always reference an existing version.
-
-## Design guideline
-
-Depending on your change, please read the
-
- [backend development guideline](https://docs.gitea.com/contributing/guidelines-backend)
- [frontend development guideline](https://docs.gitea.com/contributing/guidelines-frontend)
- [refactoring guideline](https://docs.gitea.com/contributing/guidelines-refactoring)
-
-## Styleguide
-
-You should always run `make fmt` before committing to conform to Gitea's styleguide.
-
-## Copyright
-
-New code files that you contribute should use the standard copyright header:
-
-```
-// Copyright <current year> The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-```
-
-Afterwards, copyright should only be modified when the copyright author changes.
-
-## Testing
-
-Before submitting a pull request, run all tests to make sure your changes don't cause a regression elsewhere.
-
-Here's how to run the test suite:
-
- code lint
-
-|                       |                                                                   |
-| :-------------------- | :---------------------------------------------------------------- |
-|``make lint``          | lint everything (not needed if you only change the front- **or** backend)    |
-|``make lint-frontend`` | lint frontend files  |
-|``make lint-backend``  | lint backend files   |
-
- run tests (we suggest running them on Linux)
-
-|  Command                               | Action                                           |              |
-| :------------------------------------- | :----------------------------------------------- | ------------ |
-|``make test[\#SpecificTestName]``       |  run unit test(s)  |
-|``make test-sqlite[\#SpecificTestName]``|  run [integration](tests/integration) test(s) for SQLite |[More details](tests/integration/README.md)  |
-|``make test-e2e-sqlite[\#SpecificTestName]``|  run [end-to-end](tests/e2e) test(s) for SQLite |[More details](tests/e2e/README.md)  |
-
-## Translation
-
-All translation work happens on [Crowdin](https://crowdin.com/project/gitea).
-The only translation that is maintained in this repository is [the English translation](https://github.com/go-gitea/gitea/blob/main/options/locale/locale_en-US.ini).
-It is synced regularly with Crowdin. \
-Other locales on main branch **should not** be updated manually as they will be overwritten with each sync. \
-Once a language has reached a **satisfactory percentage** of translated keys (~25%), it will be synced back into this repo and included in the next released version.
-
-The tool `go run build/backport-locale.go` can be used to backport locales from the main branch to release branches that were missed.
-
-## Code review
-
-### Pull request format
-
-Please try to make your pull request easy to review for us. \
-For that, please read the [*Best Practices for Faster Reviews*](https://github.com/kubernetes/community/blob/261cb0fd089b64002c91e8eddceebf032462ccd6/contributors/guide/pull-requests.md#best-practices-for-faster-reviews) guide. \
-It has lots of useful tips for any project you may want to contribute to. \
-Some of the key points:
-
- Make small pull requests. \
-  The smaller, the faster to review and the more likely it will be merged soon.
- Don't make changes unrelated to your PR. \
-  Maybe there are typos on some comments, maybe refactoring would be welcome on a function... \
-  but if that is not related to your PR, please make *another* PR for that.
- Split big pull requests into multiple small ones. \
-  An incremental change will be faster to review than a huge PR.
- Allow edits by maintainers. This way, the maintainers will take care of merging the PR later on instead of you.
-
-### PR title and summary
-
-In the PR title, describe the problem you are fixing, not how you are fixing it. \
-Use the first comment as a summary of your PR. \
-In the PR summary, you can describe exactly how you are fixing this problem. \
-Keep this summary up-to-date as the PR evolves. \
-If your PR changes the UI, you must add **after** screenshots in the PR summary. \
-If you are not implementing a new feature, you should also post **before** screenshots for comparison. \
-If your PR closes some issues, you must note that in a way that both GitHub and Gitea understand, i.e. by appending a paragraph like
-
-```text
-Fixes/Closes/Resolves #<ISSUE_NR_X>.
-Fixes/Closes/Resolves #<ISSUE_NR_Y>.
-```
-
-to your summary. \
-Each issue that will be closed must stand on a separate line.
-
-### Milestone
-
-A PR should only be assigned to a milestone if it will likely be merged into the given version. \
-As a rule of thumb, assume that a PR will stay open for an additional month for every 100 added lines. \
-PRs without a milestone may not be merged.
-
-### Labels
-
-Every PR should be labeled correctly with every label that applies. \
-This includes especially the distinction between `bug` (fixing existing functionality), `feature` (new functionality), `enhancement` (upgrades for existing functionality), and `refactoring` (improving the internal code structure without changing the output (much)). \
-Furthermore,
-
- the amount of pending required approvals
- whether this PR is `blocked`, a `backport` or `breaking`
- if it targets the `ui` or `api`
- if it increases the application `speed`
- reduces `memory usage`
-
-are oftentimes notable labels.
-
-### Breaking PRs
-
-#### What is a breaking PR?
-
-A PR is breaking if it meets one of the following criteria:
-
- It changes API output in an incompatible way for existing users
- It removes a setting that an admin could previously set (i.e. via `app.ini`)
- An admin must do something manually to restore the old behavior
-
-In particular, this means that adding new settings is not breaking.\
-Changing the default value of a setting or replacing the setting with another one is breaking, however.
-
-#### How to handle breaking PRs?
-
-If your PR has a breaking change, you must add a `BREAKING` section to your PR summary, e.g.
-
-```
-## :warning: BREAKING :warning:
-```
-
-To explain how this will affect users and how to mitigate these changes.
-
-### Maintaining open PRs
-
-The moment you create a non-draft PR or the moment you convert a draft PR to a non-draft PR is the moment code review starts for it. \
-Once that happens, do not rebase or squash your branch anymore as it makes it difficult to review the new changes. \
-Merge the base branch into your branch only when you really need to, i.e. because of conflicting changes in the mean time. \
-This reduces unnecessary CI runs. \
-Don't worry about merge commits messing up your commit history as every PR will be squash merged. \
-This means that all changes are joined into a single new commit whose message is as described below.
-
-### Getting PRs merged
-
-Changes to Gitea must be reviewed before they are accepted — no matter who
-makes the change, even if they are an owner or a maintainer. \
-The only exception are critical bugs that prevent Gitea from being compiled or started. \
-Specifically, we require two approvals from maintainers for every PR. \
-Once this criteria has been met, your PR receives the `lgtm/done` label. \
-From this point on, your only responsibility is to fix merge conflicts or respond to/implement requests by maintainers. \
-It is the responsibility of the maintainers from this point to get your PR merged.
-
-If a PR has the `lgtm/done` label and there are no open discussions or merge conflicts anymore, any maintainer can add the `reviewed/wait-merge` label. \
-This label means that the PR is part of the merge queue and will be merged as soon as possible. \
-The merge queue will be cleared in the order of the list below:
-
-<https://github.com/go-gitea/gitea/pulls?q=is%3Apr+label%3Areviewed%2Fwait-merge+sort%3Acreated-asc+is%3Aopen>
-
-Gitea uses it's own tool, the <https://github.com/GiteaBot/gitea-backporter> to automate parts of the review process. \
-This tool does the things listed below automatically:
-
- create a backport PR if needed once the initial PR was merged
- remove the PR from the merge queue after the PR merged
- keep the oldest branch in the merge queue up to date with merges
-
-### Final call
-
-If a PR has been ignored for more than 7 days with no comments or reviews, and the author or any maintainer believes it will not survive a long wait (such as a refactoring PR), they can send "final call" to the TOC by mentioning them in a comment.
-
-After another 7 days, if there is still zero approval, this is considered a polite refusal, and the PR will be closed to avoid wasting further time. Therefore, the "final call" has a cost, and should be used cautiously.
-
-However, if there are no objections from maintainers, the PR can be merged with only one approval from the TOC (not the author).
-
-### Commit messages
-
-Mergers are able and required to rewrite the PR title and summary (the first comment of a PR) so that it can produce an easily understandable commit message if necessary. \
-The final commit message should no longer contain any uncertainty such as `hopefully, <x> won't happen anymore`. Replace uncertainty with certainty.
-
-#### PR Co-authors
-
-A person counts as a PR co-author the moment they (co-)authored a commit that is not simply a `Merge base branch into branch` commit. \
-Mergers are required to remove such "false-positive" co-authors when writing the commit message. \
-The true co-authors must remain in the commit message.
-
-#### PRs targeting `main`
-
-The commit message of PRs targeting `main` is always
-
-```bash
-$PR_TITLE ($PR_INDEX)
-
-$REWRITTEN_PR_SUMMARY
-```
-
-#### Backport PRs
-
-The commit message of backport PRs is always
-
-```bash
-$PR_TITLE ($INITIAL_PR_INDEX) ($BACKPORT_PR_INDEX)
-
-$REWRITTEN_PR_SUMMARY
-```
-
-## Documentation
-
-If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated in the same PR.
-
-## API v1
-
-The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [the GitHub API](https://docs.github.com/en/rest).
-
-### GitHub API compatibility
-
-Gitea's API should use the same endpoints and fields as the GitHub API as far as possible, unless there are good reasons to deviate. \
-If Gitea provides functionality that GitHub does not, a new endpoint can be created. \
-If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields. \
-Updating an existing API should not remove existing fields unless there is a really good reason to do so. \
-The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to API v2 (which is currently not planned).
-
-### Adding/Maintaining API routes
-
-All expected results (errors, success, fail messages) must be documented ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)). \
-All JSON input types must be defined as a struct in [modules/structs/](modules/structs/) ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91)) \
-and referenced in [routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go). \
-They can then be used like [this example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318). \
-All JSON responses must be defined as a struct in [modules/structs/](modules/structs/) ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68)) \
-and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/) ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16)) \
-They can be used like [this example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279).
-
-### When to use what HTTP method
-
-In general, HTTP methods are chosen as follows:
-
- **GET** endpoints return the requested object(s) and status **OK (200)**
- **DELETE** endpoints return the status **No Content (204)** and no content either
- **POST** endpoints are used to **create** new objects (e.g. a User) and return the status **Created (201)** and the created object
- **PUT** endpoints are used to **add/assign** existing Objects (e.g. a user to a team) and return the status **No Content (204)** and no content either
- **PATCH** endpoints are used to **edit/change** an existing object and return the changed object and the status **OK (200)**
-
-### Requirements for API routes
-
-All parameters of endpoints changing/editing an object must be optional (except the ones to identify the object, which are required).
-
-Endpoints returning lists must
-
- support pagination (`page` & `limit` options in query)
- set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
-
-## Backports and Frontports
-
-### What is backported?
-
-We backport PRs given the following circumstances:
-
-1. Feature freeze is active, but `<version>-rc0` has not been released yet. Here, we backport as much as possible. <!-- TODO: Is that our definition with the new backport bot? -->
-2. `rc0` has been released. Here, we only backport bug- and security-fixes, and small enhancements. Large PRs such as refactors are not backported anymore. <!-- TODO: Is that our definition with the new backport bot? -->
-3. We never backport new features.
-4. We never backport breaking changes except when
-    1. The breaking change has no effect on the vast majority of users
-    2. The component triggering the breaking change is marked as experimental
-
-### How to backport?
-
-In the past, it was necessary to manually backport your PRs. \
-Now, that's not a requirement anymore as our [backport bot](https://github.com/GiteaBot) tries to create backports automatically once the PR is merged when the PR
-
- does not have the label `backport/manual`
- has the label `backport/<version>`
-
-The `backport/manual` label signifies either that you want to backport the change yourself, or that there were conflicts when backporting, thus you **must** do it yourself.
-
-### Format of backport PRs
-
-The title of backport PRs should be
-
-```
-<original PR title> (#<original pr number>)
-```
-
-The first two lines of the summary of the backporting PR should be
-
-```
-Backport #<original pr number>
-
-```
-
-with the rest of the summary and labels matching the original PR.
-
-### Frontports
-
-Frontports behave exactly as described above for backports.
-
-## Developer Certificate of Origin (DCO)
-
-We consider the act of contributing to the code by submitting a Pull Request as the "Sign off" or agreement to the certifications and terms of the [DCO](DCO) and [MIT license](LICENSE). \
-No further action is required. \
-You can also decide to sign off your commits by adding the following line at the end of your commit messages:
-
-```
-Signed-off-by: Joe Smith <joe.smith@email.com>
-```
-
-If you set the `user.name` and `user.email` Git config options, you can add the line to the end of your commits automatically with `git commit -s`.
-
-We assume in good faith that the information you provide is legally binding.
-
-## Release Cycle
-
-We adopted a release schedule to streamline the process of working on, finishing, and issuing releases. \
-The overall goal is to make a major release every three or four months, which breaks down into two or three months of general development followed by one month of testing and polishing known as the release freeze. \
-All the feature pull requests should be
-merged before feature freeze. And, during the frozen period, a corresponding
-release branch is open for fixes backported from main branch. Release candidates
-are made during this period for user testing to
-obtain a final version that is maintained in this branch.
-
-During a development cycle, we may also publish any necessary minor releases
-for the previous version. For example, if the latest, published release is
-v1.2, then minor changes for the previous release—e.g., v1.1.0 -> v1.1.1—are
-still possible.
-
-## Maintainers
-
-To make sure every PR is checked, we have [maintainers](MAINTAINERS). \
-Every PR **must** be reviewed by at least two maintainers (or owners) before it can get merged. \
-For refactoring PRs after a week and documentation only PRs, the approval of only one maintainer is enough. \
-A maintainer should be a contributor of Gitea and contributed at least
-4 accepted PRs. A contributor should apply as a maintainer in the
-[Discord](https://discord.gg/Gitea) `#develop` channel. The team maintainers may invite the contributor. A maintainer
-should spend some time on code reviews. If a maintainer has no
-time to do that, they should apply to leave the maintainers team
-and we will give them the honor of being a member of the [advisors
-team](https://github.com/orgs/go-gitea/teams/advisors). Of course, if
-an advisor has time to code review, we will gladly welcome them back
-to the maintainers team. If a maintainer is inactive for more than 3
-months and forgets to leave the maintainers team, the owners may move
-him or her from the maintainers team to the advisors team.
-For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide GPG signed commits.
-https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
-https://help.github.com/articles/signing-commits-with-gpg/
-
-## Technical Oversight Committee (TOC)
-
-At the start of 2023, the `Owners` team was dissolved. Instead, the governance charter proposed a technical oversight committee (TOC) which expands the ownership team of the Gitea project from three elected positions to six positions. Three positions would be elected as it has been over the past years, and the other three would consist of appointed members from the Gitea company.
-https://blog.gitea.com/quarterly-23q1/
-
-When the new community members have been elected, the old members will give up ownership to the newly elected members. For security reasons, TOC members or any account with write access (like a bot) must use 2FA.
-https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
-
-### Current TOC members
-
- 2023-01-01 ~ 2023-12-31 - https://blog.gitea.com/quarterly-23q1/
-  - Company
-    - [Jason Song](https://gitea.com/wolfogre) <i@wolfogre.com>
-    - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-    - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  - Community
-    - [6543](https://gitea.com/6543) <6543@obermui.de>
-    - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
-    - [John Olheiser](https://gitea.com/jolheiser) <john.olheiser@gmail.com>
-
-### Previous TOC/owners members
-
-Here's the history of the owners and the time they served:
-
- [Lunny Xiao](https://gitea.com/lunny) - 2016, 2017, [2018](https://github.com/go-gitea/gitea/issues/3255), [2019](https://github.com/go-gitea/gitea/issues/5572), [2020](https://github.com/go-gitea/gitea/issues/9230), [2021](https://github.com/go-gitea/gitea/issues/13801), [2022](https://github.com/go-gitea/gitea/issues/17872)
- [Kim Carlbäcker](https://github.com/bkcsoft) - 2016, 2017
- [Thomas Boerger](https://gitea.com/tboerger) - 2016, 2017
- [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) - [2018](https://github.com/go-gitea/gitea/issues/3255), [2019](https://github.com/go-gitea/gitea/issues/5572), [2020](https://github.com/go-gitea/gitea/issues/9230), [2021](https://github.com/go-gitea/gitea/issues/13801)
- [Matti Ranta](https://gitea.com/techknowlogick) - [2019](https://github.com/go-gitea/gitea/issues/5572), [2020](https://github.com/go-gitea/gitea/issues/9230), [2021](https://github.com/go-gitea/gitea/issues/13801), [2022](https://github.com/go-gitea/gitea/issues/17872)
- [Andrew Thornton](https://gitea.com/zeripath) - [2020](https://github.com/go-gitea/gitea/issues/9230), [2021](https://github.com/go-gitea/gitea/issues/13801), [2022](https://github.com/go-gitea/gitea/issues/17872)
-
-## Governance Compensation
-
-Each member of the community elected TOC will be granted $500 each month as compensation for their work.
-
-Furthermore, any community release manager for a specific release or LTS will be compensated $500 for the delivery of said release.
-
-These funds will come from community sources like the OpenCollective rather than directly from the company.
-Only non-company members are eligible for this compensation, and if a member of the community TOC takes the responsibility of release manager, they would only be compensated for their TOC duties.
-Gitea Ltd employees are not eligible to receive any funds from the OpenCollective unless it is reimbursement for a purchase made for the Gitea project itself.
-
-## TOC & Working groups
-
-With Gitea covering many projects outside of the main repository, several groups will be created to help focus on specific areas instead of requiring maintainers to be a jack-of-all-trades. Maintainers are of course more than welcome to be part of multiple groups should they wish to contribute in multiple places.
-
-The currently proposed groups are:
-
- **Core Group**: maintain the primary Gitea repository
- **Integration Group**: maintain the Gitea ecosystem's related tools, including go-sdk/tea/changelog/bots etc.
- **Documentation Group**: maintain related documents and repositories
- **Translation Group**: coordinate with translators and maintain translations
- **Security Group**: managed by TOC directly, members are decided by TOC, maintains security patches/responsible for security items
-
-## Roadmap
-
-Each year a roadmap will be discussed with the entire Gitea maintainers team, and feedback will be solicited from various stakeholders.
-TOC members need to review the roadmap every year and work together on the direction of the project.
-
-When a vote is required for a proposal or other change, the vote of community elected TOC members count slightly more than the vote of company elected TOC members. With this approach, we both avoid ties and ensure that changes align with the mission statement and community opinion.
-
-You can visit our roadmap on the wiki.
-
-## Versions
-
-Gitea has the `main` branch as a tip branch and has version branches
-such as `release/v1.19`. `release/v1.19` is a release branch and we will
-tag `v1.19.0` for binary download. If `v1.19.0` has bugs, we will accept
-pull requests on the `release/v1.19` branch and publish a `v1.19.1` tag,
-after bringing the bug fix also to the main branch.
-
-Since the `main` branch is a tip version, if you wish to use Gitea
-in production, please download the latest release tag version. All the
-branches will be protected via GitHub, all the PRs to every branch must
-be reviewed by two maintainers and must pass the automatic tests.
-
-## Releasing Gitea
-
- Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
- If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
-  - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
-  - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
- If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
- Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
- And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
- If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
- Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
- Verify all release assets were correctly published through CI on dl.gitea.com and GitHub releases. Once ACKed:
-  - bump the version of https://dl.gitea.com/gitea/version.json
-  - merge the blog post PR
-  - announce the release in discord `#announcements`
+- [Release management](https://forgejo.org/docs/latest/developer/release/)
+- [Secrets](https://forgejo.org/docs/latest/developer/secrets/)
--- a/51
+++ b/51
@ -1,5 +1,6 @@
-# Build stage
-FROM docker.io/library/golang:1.21-alpine3.18 AS build-env
+FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
+
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21-alpine3.18 as build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -9,24 +10,33 @@ ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

-# Build deps
-RUN apk --no-cache add \
-    build-base \
-    git \
-    nodejs \
-    npm \
-    && rm -rf /var/cache/apk/*
+#
+# Transparently cross compile for the target platform
+#
+COPY --from=xx / /
+ARG TARGETPLATFORM
+RUN apk --no-cache add clang lld
+RUN xx-apk --no-cache add gcc musl-dev
+ENV CGO_ENABLED=1
+RUN xx-go --wrap
+#
+# for go generate and binfmt to find
+# without it the generate phase will fail with
+# #19 25.04 modules/public/public_bindata.go:8: running "go": exit status 1
+# #19 25.39 aarch64-binfmt-P: Could not open '/lib/ld-musl-aarch64.so.1': No such file or directory
+# why exactly is it needed? where is binfmt involved?
+#
+RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true
+
+RUN apk --no-cache add build-base git nodejs npm

-# Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea

-# Checkout version if set
-RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
- && make clean-all build
-
-# Begin env-to-ini build
-RUN go build contrib/environment-to-ini/environment-to-ini.go
+RUN make clean-all
+RUN make frontend
+RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini
+RUN make go-check generate-backend static-executable && xx-verify gitea

 # Copy local files
 COPY docker/root /tmp/local
@ -42,7 +52,7 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
 RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete

 FROM docker.io/library/alpine:3.18
-LABEL maintainer="maintainers@gitea.io"
+LABEL maintainer="contact@forgejo.org"

 EXPOSE 22 3000

@ -69,10 +79,10 @@ RUN addgroup \
    -s /bin/bash \
    -u 1000 \
    -G git \
-    git && \
-  echo "git:*" | chpasswd -e
+    _gitea && \
+  echo "_gitea:*" | chpasswd -e

-ENV USER git
+ENV USER _gitea
 ENV GITEA_CUSTOM /data/gitea

 VOLUME ["/data"]
@ -81,6 +91,7 @@ ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]

 COPY --from=build-env /tmp/local /
+RUN cd /usr/local/bin ; ln -s gitea forgejo
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,5 +1,6 @@
-# Build stage
-FROM docker.io/library/golang:1.21-alpine3.18 AS build-env
+FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
+
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21-alpine3.18 as build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -9,24 +10,33 @@ ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

-#Build deps
-RUN apk --no-cache add \
-    build-base \
-    git \
-    nodejs \
-    npm \
-    && rm -rf /var/cache/apk/*
+#
+# Transparently cross compile for the target platform
+#
+COPY --from=xx / /
+ARG TARGETPLATFORM
+RUN apk --no-cache add clang lld
+RUN xx-apk --no-cache add gcc musl-dev
+ENV CGO_ENABLED=1
+RUN xx-go --wrap
+#
+# for go generate and binfmt to find
+# without it the generate phase will fail with
+# #19 25.04 modules/public/public_bindata.go:8: running "go": exit status 1
+# #19 25.39 aarch64-binfmt-P: Could not open '/lib/ld-musl-aarch64.so.1': No such file or directory
+# why exactly is it needed? where is binfmt involved?
+#
+RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true
+
+RUN apk --no-cache add build-base git nodejs npm

-# Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea

-# Checkout version if set
-RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
- && make clean-all build
-
-# Begin env-to-ini build
-RUN go build contrib/environment-to-ini/environment-to-ini.go
+RUN make clean-all
+RUN make frontend
+RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini
+RUN make go-check generate-backend static-executable && xx-verify gitea

 # Copy local files
 COPY docker/rootless /tmp/local
@ -40,7 +50,7 @@ RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
 RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete

 FROM docker.io/library/alpine:3.18
-LABEL maintainer="maintainers@gitea.io"
+LABEL maintainer="contact@forgejo.org"

 EXPOSE 2222 3000

@ -69,18 +79,19 @@ RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea

 COPY --from=build-env /tmp/local /
+RUN cd /usr/local/bin ; ln -s gitea forgejo
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh

-# git:git
+#git:git
 USER 1000:1000
 ENV GITEA_WORK_DIR /var/lib/gitea
 ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea

-# TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
 ENV GITEA_APP_INI /etc/gitea/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
@ -88,3 +99,4 @@ WORKDIR /var/lib/gitea

 ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD []
+
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+Copyright (c) 2022 The Forgejo Authors
 Copyright (c) 2016 The Gitea Authors
 Copyright (c) 2015 The Gogs Authors

--- a/100
+++ b/100
@ -79,33 +79,19 @@ endif
 STORED_VERSION_FILE := VERSION
 HUGO_VERSION ?= 0.111.3

-GITHUB_REF_TYPE ?= branch
-GITHUB_REF_NAME ?= $(shell git rev-parse --abbrev-ref HEAD)

-ifneq ($(GITHUB_REF_TYPE),branch)
-	VERSION ?= $(subst v,,$(GITHUB_REF_NAME))
-	GITEA_VERSION ?= $(VERSION)
+STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null)
+ifneq ($(STORED_VERSION),)
+  GITEA_VERSION ?= $(STORED_VERSION)
 else
-	ifneq ($(GITHUB_REF_NAME),)
-		VERSION ?= $(subst release/v,,$(GITHUB_REF_NAME))
-	else
-		VERSION ?= main
-	endif
-
-	STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null)
-	ifneq ($(STORED_VERSION),)
-		GITEA_VERSION ?= $(STORED_VERSION)
-	else
-		GITEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
-	endif
+  GITEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
 endif
+VERSION = ${GITEA_VERSION}

-# if version = "main" then update version to "nightly"
-ifeq ($(VERSION),main)
-	VERSION := main-nightly
-endif
+# SemVer
+FORGEJO_VERSION := 6.0.8+0-gitea-1.21.8

-LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
+LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)" -X "main.ForgejoVersion=$(FORGEJO_VERSION)"

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

@ -157,11 +143,14 @@ ifdef DEPS_PLAYWRIGHT
 	PLAYWRIGHT_FLAGS += --with-deps
 endif

+FORGEJO_API_SPEC := public/assets/forgejo/api.v1.yml
+
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
 SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
 SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
 SWAGGER_EXCLUDE := code.gitea.io/sdk
 SWAGGER_NEWLINE_COMMAND := -e '$$a\'
+SWAGGER_SPEC_BRANDING := s|Gitea API|Forgejo API|g

 TEST_MYSQL_HOST ?= mysql:3306
 TEST_MYSQL_DBNAME ?= testgitea
@ -237,6 +226,8 @@ help:
 	@echo " - generate-license                 update license files"
 	@echo " - generate-gitignore               update gitignore files"
 	@echo " - generate-manpage                 generate manpage"
+	@echo " - generate-forgejo-api             generate the forgejo API from spec"
+	@echo " - forgejo-api-validate             check if the forgejo API matches the specs"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - go-licenses                      regenerate go licenses"
@ -322,6 +313,27 @@ ifneq "$(TAGS)" "$(shell cat $(TAGS_EVIDENCE) 2>/dev/null)"
 TAGS_PREREQ := $(TAGS_EVIDENCE)
 endif

+OAPI_CODEGEN_PACKAGE ?= github.com/deepmap/oapi-codegen/cmd/oapi-codegen@v1.12.4
+KIN_OPENAPI_CODEGEN_PACKAGE ?= github.com/getkin/kin-openapi/cmd/validate@v0.114.0
+FORGEJO_API_SERVER = routers/api/forgejo/v1/generated.go
+
+.PHONY: generate-forgejo-api
+generate-forgejo-api: $(FORGEJO_API_SPEC)
+	$(GO) run $(OAPI_CODEGEN_PACKAGE) -package v1 -generate chi-server,types $< > $(FORGEJO_API_SERVER)
+
+.PHONY: forgejo-api-check
+forgejo-api-check: generate-forgejo-api
+	@diff=$$(git diff $(FORGEJO_API_SERVER) ; \
+	if [ -n "$$diff" ]; then \
+		echo "Please run 'make generate-forgejo-api' and commit the result:"; \
+		echo "$${diff}"; \
+		exit 1; \
+	fi
+
+.PHONY: forgejo-api-validate
+forgejo-api-validate:
+	$(GO) run $(KIN_OPENAPI_CODEGEN_PACKAGE) $(FORGEJO_API_SPEC)
+
 .PHONY: generate-swagger
 generate-swagger: $(SWAGGER_SPEC)

@ -329,6 +341,7 @@ $(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)
 	$(GO) run $(SWAGGER_PACKAGE) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) '$(SWAGGER_SPEC_BRANDING)' './$(SWAGGER_SPEC)'

 .PHONY: swagger-check
 swagger-check: generate-swagger
@ -352,7 +365,7 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check

 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
+checks-backend: tidy-check swagger-check fmt-check misspell-check forgejo-api-validate swagger-validate security-check

 .PHONY: lint
 lint: lint-frontend lint-backend
@ -398,11 +411,11 @@ lint-md: node_modules

 .PHONY: lint-go
 lint-go:
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) run
+	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS)

 .PHONY: lint-go-fix
 lint-go-fix:
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) run --fix
+	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS) --fix

 # workaround step for the lint-go-windows CI task because 'go run' can not
 # have distinct GOOS/GOARCH for its build and run steps
@ -414,8 +427,7 @@ lint-go-windows:
 .PHONY: lint-go-vet
 lint-go-vet:
 	@echo "Running go vet..."
-	@GOOS= GOARCH= $(GO) build code.gitea.io/gitea-vet
-	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
+	@$(GO) vet $(GO_PACKAGES)

 .PHONY: lint-editorconfig
 lint-editorconfig:
@ -824,10 +836,14 @@ generate: generate-backend
 generate-backend: $(TAGS_PREREQ) generate-go

 .PHONY: generate-go
-generate-go: $(TAGS_PREREQ)
+generate-go: $(TAGS_PREREQ) merge-locales
 	@echo "Running go generate..."
 	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)

+.PHONY: merge-locales
+merge-locales:
+	@CC= GOOS= GOARCH= $(GO) run build/merge-forgejo-locales.go
+
 .PHONY: security-check
 security-check:
 	go run $(GOVULNCHECK_PACKAGE) ./...
@ -835,8 +851,17 @@ security-check:
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

+forgejo: $(EXECUTABLE)
+	ln -f $(EXECUTABLE) forgejo
+
+static-executable: $(GO_SOURCES) $(TAGS_PREREQ)
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags 'netgo osusergo $(TAGS)' -ldflags '-s -w -linkmode external -extldflags "-static" $(LDFLAGS)' -o $(EXECUTABLE)
+
 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-linux release-copy release-compress vendor release-sources release-check
+
+# just the sources, with all assets builtin and frontend resources generated
+sources-tarbal: frontend generate vendor release-sources release-check

 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)
@ -850,7 +875,10 @@ endif

 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out forgejo-$(VERSION) .
+ifeq ($(CI),true)
+	cp /build/* $(DIST)/binaries
+endif

 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
@ -878,8 +906,8 @@ release-sources: | $(DIST_DIRS)
 # bsdtar needs a ^ to prevent matching subdirectories
 	$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
 # use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s
-	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./gitea-src-$(VERSION)/'" || echo "--transform 's|^./|gitea-src-$(VERSION)/|'"))
-	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
+	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./forgejo-src-$(VERSION)/'" || echo "--transform 's|^./|forgejo-src-$(VERSION)/|'"))
+	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/forgejo-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)

 .PHONY: release-docs
@ -991,13 +1019,7 @@ lockfile-check:

 .PHONY: update-translations
 update-translations:
-	mkdir -p ./translations
-	cd ./translations && curl -L https://crowdin.com/download/project/gitea.zip > gitea.zip && unzip gitea.zip
-	rm ./translations/gitea.zip
-	$(SED_INPLACE) -e 's/="/=/g' -e 's/"$$//g' ./translations/*.ini
-	$(SED_INPLACE) -e 's/\\"/"/g' ./translations/*.ini
-	mv ./translations/*.ini ./options/locale/
-	rmdir ./translations
+	# noop to detect merge conflicts (potentially needs updating the scripts) and avoid breaking with Gitea

 .PHONY: generate-license
 generate-license:
--- a/README.md
+++ b/README.md
@ -1,177 +1,46 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/assets/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
+<div align="center">
+    <img src="./assets/logo.svg" alt="" width="192" align="center" />
+    <h1 align="center">Welcome to Forgejo</h1>
+</div>

-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
+Hi there! Tired of big platforms playing monopoly?
+Providing Git hosting for your project, friends, company or community?
+**Forgejo** (/for'd&#865;ʒe.jo/ inspired by forĝejo – the Esperanto word for *forge*) has you covered with its intuitive interface,
+light and easy hosting and a lot of builtin functionality.

-<p align="center">
-  <a href="README_ZH.md">View this document in Chinese</a>
-</p>
+Forgejo was [created in 2022](https://forgejo.org/2022-12-15-hello-forgejo/)
+because we think that the project should be owned by an independent community.
+If you second that, then Forgejo is for you!
+Our promise: **Independent Free/Libre Software forever!**

-## Purpose
+## What does Forgejo offer?

-The goal of this project is to make the easiest, fastest, and most
-painless way of setting up a self-hosted Git service.
+<!-- If you want to know what Forgejo is like,
+you can check out public instances,
+e.g. [Codeberg.org](https://codeberg.org).
+-->

-As Gitea is written in Go, it works across **all** the platforms and
-architectures that are supported by Go, including Linux, macOS, and
-Windows on x86, amd64, ARM and PowerPC architectures.
-You can try it out using [the online demo](https://try.gitea.io/).
-This project has been
-[forked](https://blog.gitea.com/welcome-to-gitea/) from
-[Gogs](https://gogs.io) since November of 2016, but a lot has changed.
+If you like any of the following, Forgejo is literally meant for you:

-## Building
+- Lightweight: Forgejo can easily be hosted on nearly **every machine**.
+  Running on a Raspberry? Small cloud instance? No problem!
+- Project management: Besides Git hosting, Forgejo offers issues,
+  pull requests, wikis, kanban boards and much more to **coordinate with your team**.
+- Publishing: Have something to share? Use **releases** to host your software for download,
+  or use the **package registry** to publish it for docker, npm and many other package managers.
+- Customizable: Want to change your look? Change some settings?
+  There are many **config switches** to make Forgejo work exactly like you want.
+- Powerful: Organizations & team permissions, CI integration, Code Search, LDAP, OAuth and much more.
+  If you have **advanced needs**, Forgejo has you covered.
+- Privacy: From update checker to default settings: Forgejo is built to be **privacy first** for you and your crew.
+- Federation: (WIP) We are actively working to connect software forges with each other through **ActivityPub**,
+  and create a collaborative network of personal instances.

-From the root of the source tree, run:
+## Learn more

-    TAGS="bindata" make build
+Dive into the [documentation](https://forgejo.org/docs/latest/), subscribe to releases and blog post on [our website](https://forgejo.org), <a href="https://floss.social/@forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#forgejo-chat:matrix.org) if you have any questions or want to get involved.

-or if SQLite support is required:

-    TAGS="bindata sqlite sqlite_unlock_notify" make build
+## Get involved

-The `build` target is split into two sub-targets:
-
- `make backend` which requires [Go Stable](https://go.dev/dl/), the required version is defined in [go.mod](/go.mod).
- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater.
-
-Internet connectivity is required to download the go and npm modules. When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js.
-
-Parallelism (`make -j <num>`) is not supported.
-
-More info: https://docs.gitea.com/installation/install-from-source
-
-## Using
-
-    ./gitea web
-
-NOTE: If you're interested in using our APIs, we have experimental
-support with [documentation](https://try.gitea.io/api/swagger).
-
-## Contributing
-
-Expected workflow is: Fork -> Patch -> Push -> Pull Request
-
-NOTES:
-
-1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
-2. If you have found a vulnerability in the project, please write privately to **security@gitea.io**. Thanks!
-
-## Translating
-
-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.
-
-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
-
-https://docs.gitea.com/contributing/localization
-
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
-## Further information
-
-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.com/).
-If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
-
-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
-
-The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
-
-## Authors
-
- [Maintainers](https://github.com/orgs/go-gitea/people)
- [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
- [Translators](options/locale/TRANSLATORS)
-
-## Backers
-
-Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/gitea#backer)]
-
-<a href="https://opencollective.com/gitea#backers" target="_blank"><img src="https://opencollective.com/gitea/backers.svg?width=890"></a>
-
-## Sponsors
-
-Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/gitea#sponsor)]
-
-<a href="https://opencollective.com/gitea/sponsor/0/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/0/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/1/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/1/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/2/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/2/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/3/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/3/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/4/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/4/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/5/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/5/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/6/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/6/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
-
-## FAQ
-
-**How do you pronounce Gitea?**
-
-Gitea is pronounced [/ɡɪ’ti:/](https://youtu.be/EM71-2uDAoY) as in "gi-tea" with a hard g.
-
-**Why is this not hosted on a Gitea instance?**
-
-We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
-
-## License
-
-This project is licensed under the MIT License.
-See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
-for the full license text.
-
-## Screenshots
-
-Looking for an overview of the interface? Check it out!
-
-|![Dashboard](https://dl.gitea.com/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.com/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.com/screenshots/global_issues.png)|
-|:---:|:---:|:---:|
-|![Branches](https://dl.gitea.com/screenshots/branches.png)|![Web Editor](https://dl.gitea.com/screenshots/web_editor.png)|![Activity](https://dl.gitea.com/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.com/screenshots/migration.png)|![Migrating](https://dl.gitea.com/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.com/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.com/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.com/screenshots/diff_dark.png)|
+If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please [take a look at the contribution guide](CONTRIBUTING.md).
--- a/README_ZH.md
+++ b/README_ZH.md
@ -1,98 +0,0 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/assets/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
-
-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
-
-<p align="center">
-  <a href="README.md">View this document in English</a>
-</p>
-
-## 目标
-
-Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。
-
-如果您想试用一下，请访问 [在线Demo](https://try.gitea.io/)！
-
-## 提示
-
-1. **开始贡献代码之前请确保你已经看过了 [贡献者向导（英文）](CONTRIBUTING.md)**.
-2. 所有的安全问题，请私下发送邮件给 **security@gitea.io**。谢谢！
-3. 如果你要使用API，请参见 [API 文档](https://godoc.org/code.gitea.io/sdk/gitea).
-
-## 文档
-
-关于如何安装请访问我们的 [文档站](https://docs.gitea.com/zh-cn/category/installation)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。
-
-## 贡献流程
-
-Fork -> Patch -> Push -> Pull Request
-
-## 翻译
-
-多语言翻译是基于Crowdin进行的.
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
-## 作者
-
-* [Maintainers](https://github.com/orgs/go-gitea/people)
-* [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
-* [Translators](options/locale/TRANSLATORS)
-
-## 授权许可
-
-本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) 文件中。
-
-## 截图
-
-|![Dashboard](https://dl.gitea.com/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.com/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.com/screenshots/global_issues.png)|
-|:---:|:---:|:---:|
-|![Branches](https://dl.gitea.com/screenshots/branches.png)|![Web Editor](https://dl.gitea.com/screenshots/web_editor.png)|![Activity](https://dl.gitea.com/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.com/screenshots/migration.png)|![Migrating](https://dl.gitea.com/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.com/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.com/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.com/screenshots/diff_dark.png)|
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,85 +0,0 @@
-# Reporting security issues
-
-The Gitea maintainers take security seriously.
-
-If you discover a security issue, please bring it to their attention right away!
-
-Previous vulnerabilities are listed at https://about.gitea.com/security.
-
-## Reporting a Vulnerability
-
-Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
-
-## Protecting Security Information
-
-Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
-
-The PGP key is valid until June 24, 2024.
-
-```
-Key ID: 6FCD2D5B
-Key Type: RSA
-Expires: 6/24/2024
-Key Size: 4096/4096
-Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B
-```
-
-UserID: Gitea Security <security@gitea.io>
-
-```
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8
-4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r
-OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w
-k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7
-kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV
-rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR
-3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z
-q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X
-CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F
-lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e
-AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB
-tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE
-PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
-CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94
-njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI
-4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A
-bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa
-ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE
-i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb
-Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo
-srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb
-a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR
-JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5
-kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX
-AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen
-T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN
-GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46
-XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E
-ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX
-03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP
-RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw
-qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T
-s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/
-axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt
-D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x
-Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC
-YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA
-Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN
-D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B
-O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva
-6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U
-GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+
-7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg
-q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik
-ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP
-GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/
-i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G
-zgS/ZdziCvdAutqnGA==
-=gZWO
-----END PGP PUBLIC KEY BLOCK-----
-
-```
-
-Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/assets/favicon.svg
+++ b/assets/favicon.svg
@ -1,31 +1,27 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
-	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
-<g>
-	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
-		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
-		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
-	<g>
-		<g>
-			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
-				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
-				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
-				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
-				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
-				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
-				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
-				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
-				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
-				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
-			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
-				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
-				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
-				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
-				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
-				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
-				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
-				C343.2,346.5,335,363.3,326.8,380.1z"/>
-		</g>
-	</g>
-</g>
+<svg viewBox="0 0 212 212" xmlns="http://www.w3.org/2000/svg">
+  <style type="text/css">
+    circle {
+      fill: none;
+      stroke: #000;
+      stroke-width: 15;
+    }
+    path {
+      fill: none;
+      stroke: #000;
+      stroke-width: 25;
+    }
+    .orange {
+      stroke:#ff6600;
+    }
+    .red {
+      stroke:#d40000;
+    }
+  </style>
+  <g transform="translate(6,6)">
+    <path d="M58 168 v-98 a50 50 0 0 1 50-50 h20" class="orange" />
+    <path d="M58 168 v-30 a50 50 0 0 1 50-50 h20" class="red" />
+    <circle cx="142" cy="20" r="18" class="orange" />
+    <circle cx="142" cy="88" r="18" class="red" />
+    <circle cx="58" cy="180" r="18" class="red" />
+  </g>
 </svg>
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/assets/logo.svg
+++ b/assets/logo.svg
@ -1,31 +1,27 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
-	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
-<g>
-	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
-		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
-		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
-	<g>
-		<g>
-			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
-				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
-				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
-				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
-				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
-				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
-				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
-				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
-				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
-				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
-			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
-				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
-				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
-				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
-				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
-				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
-				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
-				C343.2,346.5,335,363.3,326.8,380.1z"/>
-		</g>
-	</g>
-</g>
+<svg viewBox="0 0 212 212" xmlns="http://www.w3.org/2000/svg">
+  <style type="text/css">
+    circle {
+      fill: none;
+      stroke: #000;
+      stroke-width: 15;
+    }
+    path {
+      fill: none;
+      stroke: #000;
+      stroke-width: 25;
+    }
+    .orange {
+      stroke:#ff6600;
+    }
+    .red {
+      stroke:#d40000;
+    }
+  </style>
+  <g transform="translate(6,6)">
+    <path d="M58 168 v-98 a50 50 0 0 1 50-50 h20" class="orange" />
+    <path d="M58 168 v-30 a50 50 0 0 1 50-50 h20" class="red" />
+    <circle cx="142" cy="20" r="18" class="orange" />
+    <circle cx="142" cy="88" r="18" class="red" />
+    <circle cx="58" cy="180" r="18" class="red" />
+  </g>
 </svg>
--- a/build/merge-forgejo-locales.go
+++ b/build/merge-forgejo-locales.go
@ -0,0 +1,117 @@
+// Copyright 2022 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import (
+	"bufio"
+	"log"
+	"os"
+	"regexp"
+	"strings"
+
+	"gopkg.in/ini.v1"
+)
+
+const (
+	trimPrefix   = "gitea_"
+	sourceFolder = "options/locales/"
+)
+
+// returns list of locales, still containing the file extension!
+func generate_locale_list() []string {
+	localeFiles, _ := os.ReadDir(sourceFolder)
+	locales := []string{}
+	for _, localeFile := range localeFiles {
+		if !localeFile.IsDir() && strings.HasPrefix(localeFile.Name(), trimPrefix) {
+			locales = append(locales, strings.TrimPrefix(localeFile.Name(), trimPrefix))
+		}
+	}
+	return locales
+}
+
+// replace all occurrences of Gitea with Forgejo
+func renameGiteaForgejo(filename string) []byte {
+	file, err := os.Open(filename)
+	if err != nil {
+		panic(err)
+	}
+
+	replacements := []string{
+		"Gitea", "Forgejo",
+		"https://docs.gitea.com/installation/install-from-binary", "https://forgejo.org/download/#installation-from-binary",
+		"https://github.com/go-gitea/gitea/tree/master/docker", "https://forgejo.org/download/#container-image",
+		"https://docs.gitea.com/installation/install-from-package", "https://forgejo.org/download",
+		"https://code.gitea.io/gitea", "https://forgejo.org/download",
+		"code.gitea.io/gitea", "Forgejo",
+		`<a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a>`, `<a href="https://codeberg.org/forgejo/forgejo/issues" target="_blank">Codeberg</a>`,
+		"https://github.com/go-gitea/gitea", "https://codeberg.org/forgejo/forgejo",
+		"https://blog.gitea.io", "https://forgejo.org/news",
+		"https://docs.gitea.com/usage/protected-tags", "https://forgejo.org/docs/latest/user/protection/#protected-tags",
+		"https://docs.gitea.com/usage/webhooks", "https://forgejo.org/docs/latest/user/webhooks/",
+	}
+	replacer := strings.NewReplacer(replacements...)
+	replaced := make(map[string]bool, len(replacements)/2)
+	count_replaced := func(original string) {
+		for i := 0; i < len(replacements); i += 2 {
+			if strings.Contains(original, replacements[i]) {
+				replaced[replacements[i]] = true
+			}
+		}
+	}
+
+	out := make([]byte, 0, 1024)
+	scanner := bufio.NewScanner(file)
+	scanner.Split(bufio.ScanLines)
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		if strings.HasPrefix(line, "license_desc=") {
+			line = strings.Replace(line, "GitHub", "Forgejo", 1)
+		}
+
+		if strings.HasPrefix(line, "[") && strings.HasSuffix(line, "]") {
+			out = append(out, []byte("\n"+line+"\n")...)
+		} else if strings.HasPrefix(line, "settings.web_hook_name_gitea") {
+			out = append(out, []byte("\n"+line+"\n")...)
+			out = append(out, []byte("settings.web_hook_name_forgejo = Forgejo\n")...)
+		} else if strings.HasPrefix(line, "migrate.gitea.description") {
+			re := regexp.MustCompile(`(.*Gitea)`)
+			out = append(out, []byte(re.ReplaceAllString(line, "${1}/Forgejo")+"\n")...)
+		} else {
+			count_replaced(line)
+			out = append(out, []byte(replacer.Replace(line)+"\n")...)
+		}
+	}
+	file.Close()
+	if strings.HasSuffix(filename, "gitea_en-US.ini") {
+		for i := 0; i < len(replacements); i += 2 {
+			if replaced[replacements[i]] == false {
+				log.Fatalf("%s was never used to replace something in %s, it is obsolete and must be updated", replacements[i], filename)
+			}
+		}
+	}
+	return out
+}
+
+func main() {
+	locales := generate_locale_list()
+	var err error
+	var localeFile *ini.File
+	for _, locale := range locales {
+		giteaLocale := sourceFolder + "gitea_" + locale
+		localeFile, err = ini.LoadSources(ini.LoadOptions{
+			IgnoreInlineComment: true,
+		}, giteaLocale, renameGiteaForgejo(giteaLocale))
+		if err != nil {
+			panic(err)
+		}
+		err = localeFile.SaveTo("options/locale/locale_" + locale)
+		if err != nil {
+			panic(err)
+		}
+	}
+}
--- a/cmd/actions.go
+++ b/cmd/actions.go
@ -17,7 +17,7 @@ var (
 	CmdActions = &cli.Command{
 		Name:        "actions",
 		Usage:       "",
-		Description: "Commands for managing Gitea Actions",
+		Description: "Commands for managing Forgejo Actions",
 		Subcommands: []*cli.Command{
 			subcmdActionsGenRunnerToken,
 		},
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -428,6 +428,12 @@ func runRegenerateHooks(_ *cli.Context) error {
 	if err := initDB(ctx); err != nil {
 		return err
 	}
+
+	// Detection of ProcReceive support relies on Git module being initialized.
+	if err := git.InitFull(ctx); err != nil {
+		return err
+	}
+
 	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
 }

--- a/cmd/cert.go
+++ b/cmd/cert.go
@ -136,7 +136,7 @@ func runCert(c *cli.Context) error {
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
 			Organization: []string{"Acme Co"},
-			CommonName:   "Gitea",
+			CommonName:   "Forgejo",
 		},
 		NotBefore: notBefore,
 		NotAfter:  notAfter,
--- a/cmd/docs.go
+++ b/cmd/docs.go
@ -15,7 +15,7 @@ import (
 var CmdDocs = &cli.Command{
 	Name:        "docs",
 	Usage:       "Output CLI documentation",
-	Description: "A command to output Gitea's CLI documentation, optionally to a file.",
+	Description: "A command to output Forgejo's CLI documentation, optionally to a file.",
 	Action:      runDocs,
 	Flags: []cli.Flag{
 		&cli.BoolFlag{
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@ -25,7 +25,7 @@ import (
 var cmdDoctorCheck = &cli.Command{
 	Name:        "check",
 	Usage:       "Diagnose and optionally fix problems",
-	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
+	Description: "A command to diagnose problems with the current Forgejo instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
 	Action:      runDoctorCheck,
 	Flags: []cli.Flag{
 		&cli.BoolFlag{
@ -64,7 +64,7 @@ var cmdDoctorCheck = &cli.Command{
 var CmdDoctor = &cli.Command{
 	Name:        "doctor",
 	Usage:       "Diagnose and optionally fix problems",
-	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
+	Description: "A command to diagnose problems with the current Forgejo instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",

 	Subcommands: []*cli.Command{
 		cmdDoctorCheck,
@ -83,7 +83,7 @@ var cmdRecreateTable = &cli.Command{
 			Usage: "Print SQL commands sent",
 		},
 	},
-	Description: `The database definitions Gitea uses change across versions, sometimes changing default values and leaving old unused columns.
+	Description: `The database definitions Forgejo uses change across versions, sometimes changing default values and leaving old unused columns.

 This command will cause Xorm to recreate tables, copying over the data and deleting the old table.

--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -98,15 +98,15 @@ var outputTypeEnum = &outputType{
 // CmdDump represents the available dump sub-command.
 var CmdDump = &cli.Command{
 	Name:  "dump",
-	Usage: "Dump Gitea files and database",
+	Usage: "Dump Forgejo files and database",
 	Description: `Dump compresses all related files and database into zip file.
-It can be used for backup and capture Gitea server image to send to maintainer`,
+It can be used for backup and capture Forgejo server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
 		&cli.StringFlag{
 			Name:    "file",
 			Aliases: []string{"f"},
-			Value:   fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
+			Value:   fmt.Sprintf("forgejo-dump-%d.zip", time.Now().Unix()),
 			Usage:   "Name of the dump file which will be created. Supply '-' for stdout. See type for available types.",
 		},
 		&cli.BoolFlag{
@ -209,7 +209,7 @@ func runDump(ctx *cli.Context) error {

 	if !setting.InstallLock {
 		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
-		return fmt.Errorf("gitea is not initialized")
+		return fmt.Errorf("forgejo is not initialized")
 	}
 	setting.LoadSettings() // cannot access session settings otherwise

@ -288,7 +288,7 @@ func runDump(ctx *cli.Context) error {
 		fatal("Path does not exist: %s", tmpDir)
 	}

-	dbDump, err := os.CreateTemp(tmpDir, "gitea-db.sql")
+	dbDump, err := os.CreateTemp(tmpDir, "forgejo-db.sql")
 	if err != nil {
 		fatal("Failed to create tmp file: %v", err)
 	}
@ -310,8 +310,8 @@ func runDump(ctx *cli.Context) error {
 		fatal("Failed to dump database: %v", err)
 	}

-	if err := addFile(w, "gitea-db.sql", dbDump.Name(), verbose); err != nil {
-		fatal("Failed to include gitea-db.sql: %v", err)
+	if err := addFile(w, "forgejo-db.sql", dbDump.Name(), verbose); err != nil {
+		fatal("Failed to include forgejo-db.sql: %v", err)
 	}

 	if len(setting.CustomConf) > 0 {
@ -452,7 +452,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 		return err
 	}
 	for _, file := range files {
-		currentAbsPath := path.Join(absPath, file.Name())
+		currentAbsPath := filepath.Join(absPath, file.Name())
 		currentInsidePath := path.Join(insidePath, file.Name())
 		if file.IsDir() {
 			if !util.SliceContainsString(excludeAbsPath, currentAbsPath) {
--- a/cmd/forgejo/actions.go
+++ b/cmd/forgejo/actions.go
@ -0,0 +1,243 @@
+// Copyright The Forgejo Authors.
+// SPDX-License-Identifier: MIT
+
+package forgejo
+
+import (
+	"context"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/modules/private"
+	"code.gitea.io/gitea/modules/setting"
+	private_routers "code.gitea.io/gitea/routers/private"
+
+	"github.com/urfave/cli/v2"
+)
+
+func CmdActions(ctx context.Context) *cli.Command {
+	return &cli.Command{
+		Name:  "actions",
+		Usage: "Commands for managing Forgejo Actions",
+		Subcommands: []*cli.Command{
+			SubcmdActionsGenerateRunnerToken(ctx),
+			SubcmdActionsGenerateRunnerSecret(ctx),
+			SubcmdActionsRegister(ctx),
+		},
+	}
+}
+
+func SubcmdActionsGenerateRunnerToken(ctx context.Context) *cli.Command {
+	return &cli.Command{
+		Name:   "generate-runner-token",
+		Usage:  "Generate a new token for a runner to use to register with the server",
+		Action: prepareWorkPathAndCustomConf(ctx, func(cliCtx *cli.Context) error { return RunGenerateActionsRunnerToken(ctx, cliCtx) }),
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:    "scope",
+				Aliases: []string{"s"},
+				Value:   "",
+				Usage:   "{owner}[/{repo}] - leave empty for a global runner",
+			},
+		},
+	}
+}
+
+func SubcmdActionsGenerateRunnerSecret(ctx context.Context) *cli.Command {
+	return &cli.Command{
+		Name:   "generate-secret",
+		Usage:  "Generate a secret suitable for input to the register subcommand",
+		Action: func(cliCtx *cli.Context) error { return RunGenerateSecret(ctx, cliCtx) },
+	}
+}
+
+func SubcmdActionsRegister(ctx context.Context) *cli.Command {
+	return &cli.Command{
+		Name:   "register",
+		Usage:  "Idempotent registration of a runner using a shared secret",
+		Action: prepareWorkPathAndCustomConf(ctx, func(cliCtx *cli.Context) error { return RunRegister(ctx, cliCtx) }),
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:  "secret",
+				Usage: "the secret the runner will use to connect as a 40 character hexadecimal string",
+			},
+			&cli.StringFlag{
+				Name:  "secret-stdin",
+				Usage: "the secret the runner will use to connect as a 40 character hexadecimal string, read from stdin",
+			},
+			&cli.StringFlag{
+				Name:  "secret-file",
+				Usage: "path to the file containing the secret the runner will use to connect as a 40 character hexadecimal string",
+			},
+			&cli.StringFlag{
+				Name:    "scope",
+				Aliases: []string{"s"},
+				Value:   "",
+				Usage:   "{owner}[/{repo}] - leave empty for a global runner",
+			},
+			&cli.StringFlag{
+				Name:  "labels",
+				Value: "",
+				Usage: "comma separated list of labels supported by the runner (e.g. docker,ubuntu-latest,self-hosted)  (not required since v1.21)",
+			},
+			&cli.StringFlag{
+				Name:  "name",
+				Value: "runner",
+				Usage: "name of the runner (default runner)",
+			},
+			&cli.StringFlag{
+				Name:  "version",
+				Value: "",
+				Usage: "version of the runner (not required since v1.21)",
+			},
+		},
+	}
+}
+
+func readSecret(ctx context.Context, cliCtx *cli.Context) (string, error) {
+	if cliCtx.IsSet("secret") {
+		return cliCtx.String("secret"), nil
+	}
+	if cliCtx.IsSet("secret-stdin") {
+		buf, err := io.ReadAll(ContextGetStdin(ctx))
+		if err != nil {
+			return "", err
+		}
+		return string(buf), nil
+	}
+	if cliCtx.IsSet("secret-file") {
+		path := cliCtx.String("secret-file")
+		buf, err := os.ReadFile(path)
+		if err != nil {
+			return "", err
+		}
+		return string(buf), nil
+	}
+	return "", fmt.Errorf("at least one of the --secret, --secret-stdin, --secret-file options is required")
+}
+
+func validateSecret(secret string) error {
+	secretLen := len(secret)
+	if secretLen != 40 {
+		return fmt.Errorf("the secret must be exactly 40 characters long, not %d: generate-secret can provide a secret matching the requirements", secretLen)
+	}
+	if _, err := hex.DecodeString(secret); err != nil {
+		return fmt.Errorf("the secret must be an hexadecimal string: %w", err)
+	}
+	return nil
+}
+
+func RunRegister(ctx context.Context, cliCtx *cli.Context) error {
+	if !ContextGetNoInit(ctx) {
+		var cancel context.CancelFunc
+		ctx, cancel = installSignals(ctx)
+		defer cancel()
+
+		if err := initDB(ctx); err != nil {
+			return err
+		}
+	}
+	setting.MustInstalled()
+
+	secret, err := readSecret(ctx, cliCtx)
+	if err != nil {
+		return err
+	}
+	if err := validateSecret(secret); err != nil {
+		return err
+	}
+	scope := cliCtx.String("scope")
+	labels := cliCtx.String("labels")
+	name := cliCtx.String("name")
+	version := cliCtx.String("version")
+
+	//
+	// There are two kinds of tokens
+	//
+	// - "registration token" only used when a runner interacts to
+	//   register
+	//
+	// - "token" obtained after a successful registration and stored by
+	//   the runner to authenticate
+	//
+	// The register subcommand does not need a "registration token", it
+	// needs a "token". Using the same name is confusing and secret is
+	// preferred for this reason in the cli.
+	//
+	// The ActionsRunnerRegister argument is token to be consistent with
+	// the internal naming. It is still confusing to the developer but
+	// not to the user.
+	//
+	owner, repo, err := private_routers.ParseScope(ctx, scope)
+	if err != nil {
+		return err
+	}
+
+	runner, err := actions_model.RegisterRunner(ctx, owner, repo, secret, strings.Split(labels, ","), name, version)
+	if err != nil {
+		return fmt.Errorf("error while registering runner: %v", err)
+	}
+
+	if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", runner.UUID); err != nil {
+		panic(err)
+	}
+	return nil
+}
+
+func RunGenerateSecret(ctx context.Context, cliCtx *cli.Context) error {
+	runner := actions_model.ActionRunner{}
+	if err := runner.GenerateToken(); err != nil {
+		return err
+	}
+	if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", runner.Token); err != nil {
+		panic(err)
+	}
+	return nil
+}
+
+func RunGenerateActionsRunnerToken(ctx context.Context, cliCtx *cli.Context) error {
+	if !ContextGetNoInit(ctx) {
+		var cancel context.CancelFunc
+		ctx, cancel = installSignals(ctx)
+		defer cancel()
+	}
+
+	setting.MustInstalled()
+
+	scope := cliCtx.String("scope")
+
+	respText, extra := private.GenerateActionsRunnerToken(ctx, scope)
+	if extra.HasError() {
+		return handleCliResponseExtra(ctx, extra)
+	}
+	if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", respText); err != nil {
+		panic(err)
+	}
+	return nil
+}
+
+func prepareWorkPathAndCustomConf(ctx context.Context, action cli.ActionFunc) func(cliCtx *cli.Context) error {
+	return func(cliCtx *cli.Context) error {
+		if !ContextGetNoInit(ctx) {
+			var args setting.ArgWorkPathAndCustomConf
+			// from children to parent, check the global flags
+			for _, curCtx := range cliCtx.Lineage() {
+				if curCtx.IsSet("work-path") && args.WorkPath == "" {
+					args.WorkPath = curCtx.String("work-path")
+				}
+				if curCtx.IsSet("custom-path") && args.CustomPath == "" {
+					args.CustomPath = curCtx.String("custom-path")
+				}
+				if curCtx.IsSet("config") && args.CustomConf == "" {
+					args.CustomConf = curCtx.String("config")
+				}
+			}
+			setting.InitWorkPathAndCommonConfig(os.Getenv, args)
+		}
+		return action(cliCtx)
+	}
+}
--- a/cmd/forgejo/forgejo.go
+++ b/cmd/forgejo/forgejo.go
@ -0,0 +1,147 @@
+// Copyright The Forgejo Authors.
+// SPDX-License-Identifier: MIT
+
+package forgejo
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/private"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/urfave/cli/v2"
+)
+
+type key int
+
+const (
+	noInitKey key = iota + 1
+	noExitKey
+	stdoutKey
+	stderrKey
+	stdinKey
+)
+
+func CmdForgejo(ctx context.Context) *cli.Command {
+	return &cli.Command{
+		Name:  "forgejo-cli",
+		Usage: "Forgejo CLI",
+		Flags: []cli.Flag{},
+		Subcommands: []*cli.Command{
+			CmdActions(ctx),
+		},
+	}
+}
+
+func ContextSetNoInit(ctx context.Context, value bool) context.Context {
+	return context.WithValue(ctx, noInitKey, value)
+}
+
+func ContextGetNoInit(ctx context.Context) bool {
+	value, ok := ctx.Value(noInitKey).(bool)
+	return ok && value
+}
+
+func ContextSetNoExit(ctx context.Context, value bool) context.Context {
+	return context.WithValue(ctx, noExitKey, value)
+}
+
+func ContextGetNoExit(ctx context.Context) bool {
+	value, ok := ctx.Value(noExitKey).(bool)
+	return ok && value
+}
+
+func ContextSetStderr(ctx context.Context, value io.Writer) context.Context {
+	return context.WithValue(ctx, stderrKey, value)
+}
+
+func ContextGetStderr(ctx context.Context) io.Writer {
+	value, ok := ctx.Value(stderrKey).(io.Writer)
+	if !ok {
+		return os.Stderr
+	}
+	return value
+}
+
+func ContextSetStdout(ctx context.Context, value io.Writer) context.Context {
+	return context.WithValue(ctx, stdoutKey, value)
+}
+
+func ContextGetStdout(ctx context.Context) io.Writer {
+	value, ok := ctx.Value(stderrKey).(io.Writer)
+	if !ok {
+		return os.Stdout
+	}
+	return value
+}
+
+func ContextSetStdin(ctx context.Context, value io.Reader) context.Context {
+	return context.WithValue(ctx, stdinKey, value)
+}
+
+func ContextGetStdin(ctx context.Context) io.Reader {
+	value, ok := ctx.Value(stdinKey).(io.Reader)
+	if !ok {
+		return os.Stdin
+	}
+	return value
+}
+
+// copied from ../cmd.go
+func initDB(ctx context.Context) error {
+	setting.MustInstalled()
+	setting.LoadDBSetting()
+	setting.InitSQLLoggersForCli(log.INFO)
+
+	if setting.Database.Type == "" {
+		log.Fatal(`Database settings are missing from the configuration file: %q.
+Ensure you are running in the correct environment or set the correct configuration file with -c.
+If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
+	}
+	if err := db.InitEngine(ctx); err != nil {
+		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %w", setting.CustomConf, err)
+	}
+	return nil
+}
+
+// copied from ../cmd.go
+func installSignals(ctx context.Context) (context.Context, context.CancelFunc) {
+	ctx, cancel := context.WithCancel(ctx)
+	go func() {
+		// install notify
+		signalChannel := make(chan os.Signal, 1)
+
+		signal.Notify(
+			signalChannel,
+			syscall.SIGINT,
+			syscall.SIGTERM,
+		)
+		select {
+		case <-signalChannel:
+		case <-ctx.Done():
+		}
+		cancel()
+		signal.Reset()
+	}()
+
+	return ctx, cancel
+}
+
+func handleCliResponseExtra(ctx context.Context, extra private.ResponseExtra) error {
+	if false && extra.UserMsg != "" {
+		if _, err := fmt.Fprintf(ContextGetStdout(ctx), "%s", extra.UserMsg); err != nil {
+			panic(err)
+		}
+	}
+	if ContextGetNoExit(ctx) {
+		return extra.Error
+	}
+	return cli.Exit(extra.Error, 1)
+}
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -172,9 +172,9 @@ func runHookPreReceive(c *cli.Context) error {

 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(ctx, `Rejecting changes as Gitea environment not set.
+			return fail(ctx, `Rejecting changes as Forgejo environment not set.
 If you are pushing over SSH you must push with a key managed by
-Gitea or set your environment appropriately.`, "")
+Forgejo or set your environment appropriately.`, "")
 		}
 		return nil
 	}
@ -316,9 +316,9 @@ func runHookPostReceive(c *cli.Context) error {

 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(ctx, `Rejecting changes as Gitea environment not set.
+			return fail(ctx, `Rejecting changes as Forgejo environment not set.
 If you are pushing over SSH you must push with a key managed by
-Gitea or set your environment appropriately.`, "")
+Forgejo or set your environment appropriately.`, "")
 		}
 		return nil
 	}
@ -485,9 +485,9 @@ func runHookProcReceive(c *cli.Context) error {

 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(ctx, `Rejecting changes as Gitea environment not set.
+			return fail(ctx, `Rejecting changes as Forgejo environment not set.
 If you are pushing over SSH you must push with a key managed by
-Gitea or set your environment appropriately.`, "")
+Forgejo or set your environment appropriately.`, "")
 		}
 		return nil
 	}
--- a/cmd/keys.go
+++ b/cmd/keys.go
@ -17,7 +17,7 @@ import (
 // CmdKeys represents the available keys sub-command
 var CmdKeys = &cli.Command{
 	Name:   "keys",
-	Usage:  "This command queries the Gitea database to get the authorized command for a given ssh key fingerprint",
+	Usage:  "This command queries the Forgejo database to get the authorized command for a given ssh key fingerprint",
 	Before: PrepareConsoleLoggerLevel(log.FATAL),
 	Action: runKeys,
 	Flags: []cli.Flag{
--- a/cmd/main.go
+++ b/cmd/main.go
@ -4,10 +4,13 @@
 package cmd

 import (
+	"context"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"

+	"code.gitea.io/gitea/cmd/forgejo"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@ -75,7 +78,7 @@ func appGlobalFlags() []cli.Flag {
 		&cli.StringFlag{
 			Name:    "work-path",
 			Aliases: []string{"w"},
-			Usage:   "Set Gitea's working path (defaults to the Gitea's binary directory)",
+			Usage:   "Set Forgejo's working path (defaults to the directory of the Forgejo binary)",
 		},
 	}
 }
@ -119,10 +122,40 @@ func prepareWorkPathAndCustomConf(action cli.ActionFunc) func(ctx *cli.Context)
 }

 func NewMainApp(version, versionExtra string) *cli.App {
+	path, err := os.Executable()
+	if err != nil {
+		panic(err)
+	}
+	executable := filepath.Base(path)
+
+	var subCmdsStandalone []*cli.Command = make([]*cli.Command, 0, 10)
+	var subCmdWithConfig []*cli.Command = make([]*cli.Command, 0, 10)
+
+	//
+	// If the executable is forgejo-cli, provide a Forgejo specific CLI
+	// that is NOT compatible with Gitea.
+	//
+	if executable == "forgejo-cli" {
+		subCmdsStandalone = append(subCmdsStandalone, forgejo.CmdActions(context.Background()))
+	} else {
+		//
+		// Otherwise provide a Gitea compatible CLI which includes Forgejo
+		// specific additions under the forgejo-cli subcommand. It allows
+		// admins to migration from Gitea to Forgejo by replacing the gitea
+		// binary and rename it to forgejo if they want.
+		//
+		subCmdsStandalone = append(subCmdsStandalone, forgejo.CmdForgejo(context.Background()))
+		subCmdWithConfig = append(subCmdWithConfig, CmdActions)
+	}
+
+	return innerNewMainApp(version, versionExtra, subCmdsStandalone, subCmdWithConfig)
+}
+
+func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmdWithConfigArgs []*cli.Command) *cli.App {
 	app := cli.NewApp()
-	app.Name = "Gitea"
-	app.Usage = "A painless self-hosted Git service"
-	app.Description = `By default, Gitea will start serving using the web-server with no argument, which can alternatively be run by running the subcommand "web".`
+	app.Name = "Forgejo"
+	app.Usage = "Beyond coding. We forge."
+	app.Description = `By default, forgejo will start serving using the web-server with no argument, which can alternatively be run by running the subcommand "web".`
 	app.Version = version + versionExtra
 	app.EnableBashCompletion = true

@ -141,13 +174,13 @@ func NewMainApp(version, versionExtra string) *cli.App {
 		CmdMigrateStorage,
 		CmdDumpRepository,
 		CmdRestoreRepository,
-		CmdActions,
 		cmdHelp(), // the "help" sub-command was used to show the more information for "work path" and "custom config"
 	}

 	cmdConvert := util.ToPointer(*cmdDoctorConvert)
 	cmdConvert.Hidden = true // still support the legacy "./gitea doctor" by the hidden sub-command, remove it in next release
 	subCmdWithConfig = append(subCmdWithConfig, cmdConvert)
+	subCmdWithConfig = append(subCmdWithConfig, subCmdWithConfigArgs...)

 	// these sub-commands do not need the config file, and they do not depend on any path or environment variable.
 	subCmdStandalone := []*cli.Command{
@ -155,6 +188,7 @@ func NewMainApp(version, versionExtra string) *cli.App {
 		CmdGenerate,
 		CmdDocs,
 	}
+	subCmdStandalone = append(subCmdStandalone, subCmdsStandaloneArgs...)

 	app.DefaultCommand = CmdWeb.Name

--- a/cmd/manager.go
+++ b/cmd/manager.go
@ -16,8 +16,8 @@ var (
 	// CmdManager represents the manager command
 	CmdManager = &cli.Command{
 		Name:        "manager",
-		Usage:       "Manage the running gitea process",
-		Description: "This is a command for managing the running gitea process",
+		Usage:       "Manage the running forgejo process",
+		Description: "This is a command for managing the running forgejo process",
 		Subcommands: []*cli.Command{
 			subcmdShutdown,
 			subcmdRestart,
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@ -62,7 +62,7 @@ var (
 		Subcommands: []*cli.Command{
 			{
 				Name:  "pause",
-				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
+				Usage: "Pause logging (Forgejo will buffer logs up to a certain point and will drop them after that point)",
 				Flags: []cli.Flag{
 					&cli.BoolFlag{
 						Name: "debug",
@ -80,7 +80,7 @@ var (
 				Action: runResumeLogging,
 			}, {
 				Name:  "release-and-reopen",
-				Usage: "Cause Gitea to release and re-open files used for logging",
+				Usage: "Cause Forgejo to release and re-open files used for logging",
 				Flags: []cli.Flag{
 					&cli.BoolFlag{
 						Name: "debug",
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@ -110,6 +110,9 @@ func migrateLFS(ctx context.Context, dstStorage storage.ObjectStorage) error {

 func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
 	return db.Iterate(ctx, nil, func(ctx context.Context, user *user_model.User) error {
+		if user.CustomAvatarRelativePath() == "" {
+			return nil
+		}
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
@ -117,6 +120,9 @@ func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error

 func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
 	return db.Iterate(ctx, nil, func(ctx context.Context, repo *repo_model.Repository) error {
+		if repo.CustomAvatarRelativePath() == "" {
+			return nil
+		}
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -103,12 +103,12 @@ func fail(ctx context.Context, userMessage, logMsgFmt string, args ...any) error
 	// There appears to be a chance to cause a zombie process and failure to read the Exit status
 	// if nothing is outputted on stdout.
 	_, _ = fmt.Fprintln(os.Stdout, "")
-	_, _ = fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
+	_, _ = fmt.Fprintln(os.Stderr, "Forgejo:", userMessage)

 	if logMsgFmt != "" {
 		logMsg := fmt.Sprintf(logMsgFmt, args...)
 		if !setting.IsProd {
-			_, _ = fmt.Fprintln(os.Stderr, "Gitea:", logMsg)
+			_, _ = fmt.Fprintln(os.Stderr, "Forgejo:", logMsg)
 		}
 		if userMessage != "" {
 			if unicode.IsPunct(rune(userMessage[len(userMessage)-1])) {
@ -143,7 +143,7 @@ func runServ(c *cli.Context) error {
 	setup(ctx, c.Bool("debug"))

 	if setting.SSH.Disabled {
-		println("Gitea: SSH has been disabled")
+		println("Forgejo: SSH has been disabled")
 		return nil
 	}

@ -171,13 +171,13 @@ func runServ(c *cli.Context) error {
 		}
 		switch key.Type {
 		case asymkey_model.KeyTypeDeploy:
-			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
+			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Forgejo does not provide shell access.")
 		case asymkey_model.KeyTypePrincipal:
-			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
+			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Forgejo does not provide shell access.")
 		default:
-			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
+			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Forgejo does not provide shell access.")
 		}
-		println("If this is unexpected, please log in with password and setup Gitea under another user.")
+		println("If this is unexpected, please log in with password and setup Forgejo under another user.")
 		return nil
 	} else if c.Bool("debug") {
 		log.Debug("SSH_ORIGINAL_COMMAND: %s", os.Getenv("SSH_ORIGINAL_COMMAND"))
@ -216,16 +216,18 @@ func runServ(c *cli.Context) error {
 		}
 	}

-	// LowerCase and trim the repoPath as that's how they are stored.
-	repoPath = strings.ToLower(strings.TrimSpace(repoPath))
-
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
 		return fail(ctx, "Invalid repository path", "Invalid repository path: %v", repoPath)
 	}

-	username := strings.ToLower(rr[0])
-	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))
+	username := rr[0]
+	reponame := strings.TrimSuffix(rr[1], ".git")
+
+	// LowerCase and trim the repoPath as that's how they are stored.
+	// This should be done after splitting the repoPath into username and reponame
+	// so that username and reponame are not affected.
+	repoPath = strings.ToLower(strings.TrimSpace(repoPath))

 	if alphaDashDotPattern.MatchString(reponame) {
 		return fail(ctx, "Invalid repo name", "Invalid repo name: %s", reponame)
--- a/cmd/web.go
+++ b/cmd/web.go
@ -34,8 +34,8 @@ var PIDFile = "/run/gitea.pid"
 // CmdWeb represents the available web sub-command.
 var CmdWeb = &cli.Command{
 	Name:  "web",
-	Usage: "Start Gitea web server",
-	Description: `Gitea web server is the only thing you need to run,
+	Usage: "Start the Forgejo web server",
+	Description: `The Forgejo web server is the only thing you need to run,
 and it takes care of all the other things for you`,
 	Before: PrepareConsoleLoggerLevel(log.INFO),
 	Action: runWeb,
@ -108,7 +108,7 @@ func createPIDFile(pidPath string) {
 }

 func showWebStartupMessage(msg string) {
-	log.Info("Gitea version: %s%s", setting.AppVer, setting.AppBuiltWith)
+	log.Info("Forgejo version: %s%s", setting.AppVer, setting.AppBuiltWith)
 	log.Info("* RunMode: %s", setting.RunMode)
 	log.Info("* AppPath: %s", setting.AppPath)
 	log.Info("* WorkPath: %s", setting.AppWorkPath)
@ -136,13 +136,13 @@ func serveInstall(ctx *cli.Context) error {
 	c := install.Routes()
 	err := listen(c, false)
 	if err != nil {
-		log.Critical("Unable to open listener for installer. Is Gitea already running?")
+		log.Critical("Unable to open listener for installer. Is Forgejo already running?")
 		graceful.GetManager().DoGracefulShutdown()
 	}
 	select {
 	case <-graceful.GetManager().IsShutdown():
 		<-graceful.GetManager().Done()
-		log.Info("PID: %d Gitea Web Finished", os.Getpid())
+		log.Info("PID: %d Forgejo Web Finished", os.Getpid())
 		log.GetManager().Close()
 		return err
 	default:
@ -211,7 +211,7 @@ func serveInstalled(ctx *cli.Context) error {
 	webRoutes := routers.NormalRoutes()
 	err := listen(webRoutes, true)
 	<-graceful.GetManager().Done()
-	log.Info("PID: %d Gitea Web Finished", os.Getpid())
+	log.Info("PID: %d Forgejo Web Finished", os.Getpid())
 	log.GetManager().Close()
 	return err
 }
@ -237,9 +237,9 @@ func runWeb(ctx *cli.Context) error {
 	defer cancel()

 	if os.Getppid() > 1 && len(os.Getenv("LISTEN_FDS")) > 0 {
-		log.Info("Restarting Gitea on PID: %d from parent PID: %d", os.Getpid(), os.Getppid())
+		log.Info("Restarting Forgejo on PID: %d from parent PID: %d", os.Getpid(), os.Getppid())
 	} else {
-		log.Info("Starting Gitea on PID: %d", os.Getpid())
+		log.Info("Starting Forgejo on PID: %d", os.Getpid())
 	}

 	// Set pid file setting
@ -299,7 +299,7 @@ func listen(m http.Handler, handleRedirector bool) error {
 	if setting.Protocol != setting.HTTPUnix && setting.Protocol != setting.FCGIUnix {
 		listenAddr = net.JoinHostPort(listenAddr, setting.HTTPPort)
 	}
-	_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: Gitea Server", process.SystemProcessType, true)
+	_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: Forgejo Server", process.SystemProcessType, true)
 	defer finished()
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
 	// This can be useful for users, many users do wrong to their config and get strange behaviors behind a reverse-proxy.
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@ -16,15 +16,15 @@ func main() {
 	app := cli.NewApp()
 	app.Name = "environment-to-ini"
 	app.Usage = "Use provided environment to update configuration ini"
-	app.Description = `As a helper to allow docker users to update the gitea configuration
+	app.Description = `As a helper to allow docker users to update the forgejo configuration
 	through the environment, this command allows environment variables to
 	be mapped to values in the ini.

-	Environment variables of the form "GITEA__SECTION_NAME__KEY_NAME"
+	Environment variables of the form "FORGEJO__SECTION_NAME__KEY_NAME"
 	will be mapped to the ini section "[section_name]" and the key
 	"KEY_NAME" with the value as provided.

-	Environment variables of the form "GITEA__SECTION_NAME__KEY_NAME__FILE"
+	Environment variables of the form "FORGEJO__SECTION_NAME__KEY_NAME__FILE"
 	will be mapped to the ini section "[section_name]" and the key
 	"KEY_NAME" with the value loaded from the specified file.

@ -42,8 +42,8 @@ func main() {
 		...
 		"""

-	You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=false"
-	and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
+	You would set the environment variables: "FORGEJO__LOG_0x2E_CONSOLE__COLORIZE=false"
+	and "FORGEJO__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
 	on the configuration cheat sheet.`
 	app.Flags = []cli.Flag{
 		&cli.StringFlag{
@ -62,7 +62,7 @@ func main() {
 			Name:    "work-path",
 			Aliases: []string{"w"},
 			Value:   setting.AppWorkPath,
-			Usage:   "Set the gitea working path",
+			Usage:   "Set the forgejo working path",
 		},
 		&cli.StringFlag{
 			Name:    "out",
--- a/contrib/systemd/forgejo.service
+++ b/contrib/systemd/forgejo.service
@ -1,5 +1,5 @@
 [Unit]
-Description=Gitea (Git with a cup of tea)
+Description=Forgejo (Beyond coding. We forge.)
 After=syslog.target
 After=network.target
 ###
@ -25,21 +25,21 @@ After=network.target
 # If using socket activation for main http/s
 ###
 #
-#After=gitea.main.socket
-#Requires=gitea.main.socket
+#After=forgejo.main.socket
+#Requires=forgejo.main.socket
 #
 ###
-# (You can also provide gitea an http fallback and/or ssh socket too)
+# (You can also provide forgejo an http fallback and/or ssh socket too)
 #
-# An example of /etc/systemd/system/gitea.main.socket
+# An example of /etc/systemd/system/forgejo.main.socket
 ###
 ##
 ## [Unit]
-## Description=Gitea Web Socket
-## PartOf=gitea.service
+## Description=Forgejo Web Socket
+## PartOf=forgejo.service
 ##
 ## [Socket]
-## Service=gitea.service
+## Service=forgejo.service
 ## ListenStream=<some_port>
 ## NoDelay=true
 ##
@ -52,32 +52,31 @@ After=network.target
 # Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
 # LimitNOFILE=524288:524288
 RestartSec=2s
-Type=notify
+Type=simple
 User=git
 Group=git
-WorkingDirectory=/var/lib/gitea/
-# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
-# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
-#RuntimeDirectory=gitea
-ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
+WorkingDirectory=/var/lib/forgejo/
+# If using Unix socket: tells systemd to create the /run/forgejo folder, which will contain the forgejo.sock file
+# (manually creating /run/forgejo doesn't work, because it would not persist across reboots)
+#RuntimeDirectory=forgejo
+ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
 Restart=always
-Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
-WatchdogSec=30s
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/forgejo
 # If you install Git to directory prefix other than default PATH (which happens
 # for example if you install other versions of Git side-to-side with
 # distribution version), uncomment below line and add that prefix to PATH
 # Don't forget to place git-lfs binary on the PATH below if you want to enable
 # Git LFS support
 #Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
-# If you want to bind Gitea to a port below 1024, uncomment
-# the two values below, or use socket activation to pass Gitea its ports as above
+# If you want to bind Forgejo to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Forgejo its ports as above
 ###
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
 ###
 # In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
-# set the following value to false to allow capabilities to be applied on gitea process. The following
-# value if set to true sandboxes gitea service and prevent any processes from running with privileges
+# set the following value to false to allow capabilities to be applied on Forgejo process. The following
+# value if set to true sandboxes Forgejo service and prevent any processes from running with privileges
 # in the host user namespace.
 ###
 #PrivateUsers=false
--- a/contrib/upgrade.sh
+++ b/contrib/upgrade.sh
@ -1,42 +1,42 @@
 #!/usr/bin/env bash
-# This is an update script for gitea installed via the binary distribution
-# from dl.gitea.com on linux as systemd service. It performs a backup and updates
-# Gitea in place.
-# NOTE: This adds the GPG Signing Key of the Gitea maintainers to the keyring.
+# This is an update script for forgejo installed via the binary distribution
+# from codeberg.org/forgejo/forgejo on linux as systemd service. It
+# performs a backup and updates Forgejo in place.
+# NOTE: This adds the GPG Signing Key of the Forgejo maintainers to the keyring.
 # Depends on: bash, curl, xz, sha256sum. optionally jq, gpg
 #   See section below for available environment vars.
 #   When no version is specified, updates to the latest release.
 # Examples:
 #   upgrade.sh 1.15.10
-#   giteahome=/opt/gitea giteaconf=$giteahome/app.ini upgrade.sh
+#   forgejohome=/opt/forgejo forgejoconf=$forgejohome/app.ini upgrade.sh

-# Check if gitea service is running
-if ! pidof gitea &> /dev/null; then
-  echo "Error: gitea is not running."
+# Check if forgejo service is running
+if ! pidof forgejo &> /dev/null; then
+  echo "Error: forgejo is not running."
  exit 1
 fi

-# Continue with rest of the script if gitea is running
-echo "Gitea is running. Continuing with rest of script..."
+# Continue with rest of the script if forgejo is running
+echo "Forgejo is running. Continuing with rest of script..."

 # apply variables from environment
-: "${giteabin:="/usr/local/bin/gitea"}"
-: "${giteahome:="/var/lib/gitea"}"
-: "${giteaconf:="/etc/gitea/app.ini"}"
-: "${giteauser:="git"}"
+: "${forgejobin:="/usr/local/bin/forgejo"}"
+: "${forgejohome:="/var/lib/forgejo"}"
+: "${forgejoconf:="/etc/forgejo/app.ini"}"
+: "${forgejouser:="git"}"
 : "${sudocmd:="sudo"}"
 : "${arch:="linux-amd64"}"
-: "${service_start:="$sudocmd systemctl start gitea"}"
-: "${service_stop:="$sudocmd systemctl stop gitea"}"
-: "${service_status:="$sudocmd systemctl status gitea"}"
-: "${backupopts:=""}" # see `gitea dump --help` for available options
+: "${service_start:="$sudocmd systemctl start forgejo"}"
+: "${service_stop:="$sudocmd systemctl stop forgejo"}"
+: "${service_status:="$sudocmd systemctl status forgejo"}"
+: "${backupopts:=""}" # see `forgejo dump --help` for available options

-function giteacmd {
+function forgejocmd {
  if [[ $sudocmd = "su" ]]; then
    # `-c` only accept one string as argument.
-    "$sudocmd" - "$giteauser" -c "$(printf "%q " "$giteabin" "--config" "$giteaconf" "--work-path" "$giteahome" "$@")"
+    "$sudocmd" - "$forgejouser" -c "$(printf "%q " "$forgejobin" "--config" "$forgejoconf" "--work-path" "$forgejohome" "$@")"
  else
-    "$sudocmd" --user "$giteauser" "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@"
+    "$sudocmd" --user "$forgejouser" "$forgejobin" --config "$forgejoconf" --work-path "$forgejohome" "$@"
  fi
 }

@ -49,7 +49,7 @@ function require {
 # parse command line arguments
 while true; do
  case "$1" in
-    -v | --version ) giteaversion="$2"; shift 2 ;;
+    -v | --version ) forgejoversion="$2"; shift 2 ;;
    -y | --yes ) no_confirm="yes"; shift ;;
    --ignore-gpg) ignore_gpg="yes"; shift ;;
    "" | -- ) shift; break ;;
@ -65,9 +65,9 @@ if [[ -f /etc/os-release ]]; then

  if [[ "$os_release" =~ "OpenWrt" ]]; then
    sudocmd="su"
-    service_start="/etc/init.d/gitea start"
-    service_stop="/etc/init.d/gitea stop"
-    service_status="/etc/init.d/gitea status"
+    service_start="/etc/init.d/forgejo start"
+    service_stop="/etc/init.d/forgejo stop"
+    service_status="/etc/init.d/forgejo status"
  else
    require systemctl
  fi
@ -76,31 +76,31 @@ fi
 require curl xz sha256sum "$sudocmd"

 # select version to install
-if [[ -z "${giteaversion:-}" ]]; then
+if [[ -z "${forgejoversion:-}" ]]; then
  require jq
-  giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.com/gitea/version.json | jq -r .latest.version)
-  echo "Latest available version is $giteaversion"
+  forgejoversion=$(curl --connect-timeout 10 -sL 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?draft=false&pre-release=false&limit=1' -H 'accept: application/json' | jq -r '.[0].tag_name | sub("v"; "")')
+  echo "Latest available version is $forgejoversion"
 fi

 # confirm update
 echo "Checking currently installed version..."
-current=$(giteacmd --version | cut -d ' ' -f 3)
-[[ "$current" == "$giteaversion" ]] && echo "$current is already installed, stopping." && exit 1
+current=$(forgejocmd --version | cut -d ' ' -f 3)
+[[ "$current" == "$forgejoversion" ]] && echo "$current is already installed, stopping." && exit 1
 if [[ -z "${no_confirm:-}"  ]]; then
-  echo "Make sure to read the changelog first: https://github.com/go-gitea/gitea/blob/main/CHANGELOG.md"
-  echo "Are you ready to update Gitea from ${current} to ${giteaversion}? (y/N)"
+  echo "Make sure to read the changelog first: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CHANGELOG.md"
+  echo "Are you ready to update forgejo from ${current} to ${forgejoversion}? (y/N)"
  read -r confirm
  [[ "$confirm" == "y" ]] || [[ "$confirm" == "Y" ]] || exit 1
 fi

-echo "Upgrading gitea from $current to $giteaversion ..."
+echo "Upgrading forgejo from $current to $forgejoversion ..."

 pushd "$(pwd)" &>/dev/null
-cd "$giteahome" # needed for gitea dump later
+cd "$forgejohome" # needed for forgejo dump later

 # download new binary
-binname="gitea-${giteaversion}-${arch}"
-binurl="https://dl.gitea.com/gitea/${giteaversion}/${binname}.xz"
+binname="forgejo-${forgejoversion}-${arch}"
+binurl="https://codeberg.org/forgejo/forgejo/releases/download/v${forgejoversion}/${binname}.xz"
 echo "Downloading $binurl..."
 curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.sha256,.asc}"

@ -108,28 +108,28 @@ curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.
 sha256sum -c "${binname}.xz.sha256"
 if [[ -z "${ignore_gpg:-}" ]]; then
  require gpg
-  gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
+  gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
  gpg --verify "${binname}.xz.asc" "${binname}.xz" || { echo 'Signature does not match'; exit 1; }
 fi
 rm "${binname}".xz.{sha256,asc}

 # unpack binary + make executable
 xz --decompress --force "${binname}.xz"
-chown "$giteauser" "$binname"
+chown "$forgejouser" "$binname"
 chmod +x "$binname"

-# stop gitea, create backup, replace binary, restart gitea
-echo "Flushing gitea queues at $(date)"
-giteacmd manager flush-queues
-echo "Stopping gitea at $(date)"
+# stop forgejo, create backup, replace binary, restart forgejo
+echo "Flushing forgejo queues at $(date)"
+forgejocmd manager flush-queues
+echo "Stopping forgejo at $(date)"
 $service_stop
-echo "Creating backup in $giteahome"
-giteacmd dump $backupopts
-echo "Updating binary at $giteabin"
-cp -f "$giteabin" "$giteabin.bak" && mv -f "$binname" "$giteabin"
+echo "Creating backup in $forgejohome"
+forgejocmd dump $backupopts
+echo "Updating binary at $forgejobin"
+cp -f "$forgejobin" "$forgejobin.bak" && mv -f "$binname" "$forgejobin"
 $service_start
 $service_status

-echo "Upgrade to $giteaversion successful!"
+echo "Upgrade to $forgejoversion successful!"

 popd
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -368,7 +368,7 @@ USER = root
 ;; SQLite Configuration
 ;;
 ;DB_TYPE = sqlite3
-;PATH= ; defaults to data/gitea.db
+;PATH= ; defaults to data/forgejo.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
 ;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
@ -409,6 +409,10 @@ USER = root
 ;;
 ;; Whether execute database models migrations automatically
 ;AUTO_MIGRATION = true
+;;
+;; Threshold value (in seconds) beyond which query execution time is logged as a warning in the xorm logger
+;;
+;SLOW_QUERY_TRESHOLD = 5s

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -479,8 +483,8 @@ INTERNAL_TOKEN=
 ;;Classes include "lower,upper,digit,spec"
 ;PASSWORD_COMPLEXITY = off
 ;;
-;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
-;PASSWORD_HASH_ALGO = pbkdf2
+;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
+;PASSWORD_HASH_ALGO = pbkdf2_hi
 ;;
 ;; Set false to allow JavaScript to read CSRF cookie
 ;CSRF_COOKIE_HTTP_ONLY = true
@ -808,6 +812,11 @@ LEVEL = Info
 ;; Every new user will have restricted permissions depending on this setting
 ;DEFAULT_USER_IS_RESTRICTED = false
 ;;
+;; Users will be able to use dots when choosing their username. Disabling this is
+;; helpful if your usersare having issues with e.g. RSS feeds or advanced third-party
+;; extensions that use strange regex patterns.
+; ALLOW_DOTS_IN_USERNAMES = true
+;;
 ;; Either "public", "limited" or "private", default is "public"
 ;; Limited is for users visible only to signed users
 ;; Private is for users visible only to members of their organizations
@ -836,12 +845,12 @@ LEVEL = Info
 ;;
 ;; Default map service. No external API support has been included. A service has to allow
 ;; searching using URL parameters, the location will be appended to the URL as escaped query parameter.
-;; Disabled by default, some example values are:
+;; Some example values are:
 ;; - OpenStreetMap: https://www.openstreetmap.org/search?query=
 ;; - Google Maps: https://www.google.com/maps/place/
 ;; - MapQuest: https://www.mapquest.com/search/
 ;; - Bing Maps: https://www.bing.com/maps?where1=
-; USER_LOCATION_MAP_URL =
+; USER_LOCATION_MAP_URL = https://www.openstreetmap.org/search?query=
 ;;
 ;; Enable heatmap on users profiles.
 ;ENABLE_USER_HEATMAP = true
@ -1014,8 +1023,8 @@ LEVEL = Info
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ;ALLOWED_TYPES =
 ;;
-;; Max size of each file in megabytes. Defaults to 3MB
-;FILE_MAX_SIZE = 3
+;; Max size of each file in megabytes. Defaults to 50MB
+;FILE_MAX_SIZE = 50 
 ;;
 ;; Max number of files per upload. Defaults to 5
 ;MAX_FILES = 5
@ -1151,15 +1160,9 @@ LEVEL = Info
 ;; enable cors headers (disabled by default)
 ;ENABLED = false
 ;;
-;; scheme of allowed requests
-;SCHEME = http
-;;
-;; list of requesting domains that are allowed
+;; list of requesting origins that are allowed, eg: "https://*.example.com"
 ;ALLOW_DOMAIN = *
 ;;
-;; allow subdomains of headers listed above to request
-;ALLOW_SUBDOMAIN = false
-;;
 ;; list of methods allowed to request
 ;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
 ;;
@ -1205,6 +1208,9 @@ LEVEL = Info
 ;; Max size of files to be displayed (default is 8MiB)
 ;MAX_DISPLAY_FILE_SIZE = 8388608
 ;;
+;; Detect ambiguous unicode characters in file contents and show warnings on the UI
+;AMBIGUOUS_UNICODE_DETECTION = true
+;;
 ;; Whether the email of the user should be shown in the Explore Users page
 ;SHOW_USER_EMAIL = true
 ;;
@ -1453,6 +1459,8 @@ LEVEL = Info
 ;;
 ;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
 ;DEFAULT_EMAIL_NOTIFICATIONS = enabled
+;; Send an email to all admins when a new user signs up to inform the admins about this act. Options: true, false
+;SEND_NOTIFICATION_EMAIL_ON_NEW_USER = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1767,9 +1775,6 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;AVATAR_UPLOAD_PATH = data/avatars
-;REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
-;;
 ;; How Gitea deals with missing repository avatars
 ;; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
 ;REPOSITORY_AVATAR_FALLBACK = none
@ -1815,8 +1820,8 @@ LEVEL = Info
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
-;; Max size of each file. Defaults to 4MB
-;MAX_SIZE = 4
+;; Max size of each file. Defaults to 2048MB
+;MAX_SIZE = 2048
 ;;
 ;; Max number of files per upload. Defaults to 5
 ;MAX_FILES = 5
@ -2186,6 +2191,7 @@ LEVEL = Info
 ;ENABLE_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
 ;HTTP_ENDPOINT = https://dl.gitea.com/gitea/version.json
+;DOMAIN_ENDPOINT = release.forgejo.org

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2566,9 +2572,8 @@ LEVEL = Info
 ; [actions]
 ;; Enable/Disable actions capabilities
 ;ENABLED = true
-;;
-;; Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance.
-;DEFAULT_ACTIONS_URL = github
+;; Default address to get action plugins, e.g. the default value means downloading from "https://code.forgejo.org/actions/checkout" for "uses: actions/checkout@v3"
+;DEFAULT_ACTIONS_URL = https://code.forgejo.org
 ;; Default artifact retention time in days, default is 90 days
 ;ARTIFACT_RETENTION_DAYS = 90
 ;; Timeout to stop the task which have running status, but haven't been updated for a long time
--- a/docker/README.md
+++ b/docker/README.md
@ -1,7 +1,7 @@
-# Gitea - Docker
+# Forgejo - Docker

-Dockerfile is found in root of repository.
+The Dockerfile can be found in the root of repository. [Dockerfile](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/Dockerfile) & [Dockerfile.rootless](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/Dockerfile.rootless).

-Docker image can be found on [docker hub](https://hub.docker.com/r/gitea/gitea)
+The Docker image can be found on [Coddeberg](https://codeberg.org/forgejo/-/packages/container/forgejo/).

-Documentation on using docker image can be found on [Gitea Docs site](https://docs.gitea.com/installation/install-with-docker-rootless)
+Documentation on how you can use the docker image can be found on the [Forgejo documentation website](https://forgejo.org/docs/latest/admin/installation/#installation-with-docker).
--- a/docker/root/etc/s6/gitea/setup
+++ b/docker/root/etc/s6/gitea/setup
@ -32,7 +32,7 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
    fi

    # Substitute the environment variables in the template
-    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+    APP_NAME=${APP_NAME:-"Forgejo: Beyond coding. We forge."} \
    RUN_MODE=${RUN_MODE:-"prod"} \
    DOMAIN=${DOMAIN:-"localhost"} \
    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
--- a/docker/rootless/usr/local/bin/docker-setup.sh
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@ -26,7 +26,7 @@ if [ ! -f ${GITEA_APP_INI} ]; then
    fi

    # Substitute the environment variables in the template
-    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+    APP_NAME=${APP_NAME:-"Forgejo: Beyond coding. We forge."} \
    RUN_MODE=${RUN_MODE:-"prod"} \
    RUN_USER=${USER:-"git"} \
    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
--- a/docs/content/administration/adding-legal-pages.en-us.md
+++ b/docs/content/administration/adding-legal-pages.en-us.md
@ -19,10 +19,10 @@ Some jurisdictions (such as EU), requires certain legal pages (e.g. Privacy Poli

 ## Getting Pages

-Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/`. For example, to add Privacy Policy:
+Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/assets/`. For example, to add Privacy Policy:

 ```
-wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
+wget -O /path/to/custom/public/assets/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
 ```

 Now you need to edit the page to meet your requirements. In particular you must change the email addresses, web addresses and references to "Your Gitea Instance" to match your situation.
--- a/docs/content/administration/adding-legal-pages.zh-cn.md
+++ b/docs/content/administration/adding-legal-pages.zh-cn.md
@ -19,10 +19,10 @@ menu:

 ## 获取页面

-Gitea 源代码附带了示例页面，位于 `contrib/legal` 目录中。将它们复制到 `custom/public/` 目录下。例如，如果要添加隐私政策：
+Gitea 源代码附带了示例页面，位于 `contrib/legal` 目录中。将它们复制到 `custom/public/assets/` 目录下。例如，如果要添加隐私政策：

 ```
-wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
+wget -O /path/to/custom/public/assets/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
 ```

 现在，你需要编辑该页面以满足你的需求。特别是，你必须更改电子邮件地址、网址以及与 "Your Gitea Instance" 相关的引用，以匹配你的情况。
--- a/docs/content/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/administration/config-cheat-sheet.en-us.md
@ -146,7 +146,7 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
 - `ENABLED`: **true**: Whether repository file uploads are enabled
 - `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (content gets deleted on Gitea restart)
 - `ALLOWED_TYPES`: **_empty_**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
- `FILE_MAX_SIZE`: **3**: Max size of each file in megabytes.
+- `FILE_MAX_SIZE`: **50**: Max size of each file in megabytes.
 - `MAX_FILES`: **5**: Max number of files per upload

 ### Repository - Release (`repository.release`)
@ -196,9 +196,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 ## CORS (`cors`)

 - `ENABLED`: **false**: enable cors headers (disabled by default)
- `SCHEME`: **http**: scheme of allowed requests
- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed
- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request
+- `ALLOW_DOMAIN`: **\***: list of requesting origins that are allowed, eg: "https://*.example.com"
 - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
 - `MAX_AGE`: **10m**: max time to cache response
 - `ALLOW_CREDENTIALS`: **false**: allow request with credentials
@ -220,6 +218,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `THEMES`:  **auto,gitea,arc-green**: All available themes. Allow users select personalized themes.
  regardless of the value of `DEFAULT_THEME`.
 - `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB)
+- `AMBIGUOUS_UNICODE_DETECTION`: **true**: Detect ambiguous unicode characters in file contents and show warnings on the UI
 - `REACTIONS`: All available reactions users can choose on issues/prs and comments
    Values can be emoji alias (:smile:) or a unicode emoji.
    For custom reactions, add a tightly cropped square image to public/assets/img/emoji/reaction_name.png
@ -341,7 +340,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
+- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **`{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}`**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
 - `SSH_SERVER_CIPHERS`: **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_KEY_EXCHANGES`: **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
@ -454,6 +453,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `MAX_IDLE_CONNS` **2**: Max idle database connections on connection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
 - `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
 - `AUTO_MIGRATION` **true**: Whether execute database models migrations automatically.
+- `SLOW_QUERY_TRESHOLD` **5s**: Threshold value in seconds beyond which query execution time is logged as a warning in the xorm logger.

 [^1]: It may be necessary to specify a hostport even when listening on a unix socket, as the port is part of the socket name. see [#24552](https://github.com/go-gitea/gitea/issues/24552#issuecomment-1681649367) for additional details.

@ -513,6 +513,7 @@ And the following unique queues:

 - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
 - `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations.
+- `SEND_NOTIFICATION_EMAIL_ON_NEW_USER`: **false**: Send an email to all admins when a new user signs up to inform the admins about this act.

 ## Security (`security`)

@ -571,6 +572,7 @@ And the following unique queues:
  - off - do not check password complexity
 - `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
 - `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
+- `DISABLE_QUERY_AUTH_TOKEN`: **false**: Reject API tokens sent in URL query string (Accept Header-based API tokens only). This setting will default to `true` in Gitea 1.23 and be deprecated in Gitea 1.24.

 ## Camo (`camo`)

@ -822,7 +824,7 @@ Default templates for project boards:

 - `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
 - `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
- `MAX_SIZE`: **4**: Maximum size (MB).
+- `MAX_SIZE`: **2048**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
 - `SERVE_DIRECT`: **false**: Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
@ -1391,7 +1393,7 @@ PROXY_HOSTS = *.github.com
 - `DEFAULT_ACTIONS_URL`: **github**: Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance.
 - `STORAGE_TYPE`: **local**: Storage type for actions logs, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
 - `MINIO_BASE_PATH`: **actions_log/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
- `ARTIFACT_RETENTION_DAYS`: **90**: Number of days to keep artifacts. Set to 0 to disable artifact retention. Default is 90 days if not set.
+- `ARTIFACT_RETENTION_DAYS`: **90**: Default number of days to keep artifacts. This can be overridden in `actions/upload_artifact`. Set to 0 to disable artifact retention. Default is 90 days if not set. Each artifact can have it's own number of retention days.
 - `ZOMBIE_TASK_TIMEOUT`: **10m**: Timeout to stop the task which have running status, but haven't been updated for a long time
 - `ENDLESS_TASK_TIMEOUT`: **3h**: Timeout to stop the tasks which have running status and continuous updates, but don't end for a long time
 - `ABANDONED_JOB_TIMEOUT`: **24h**: Timeout to cancel the jobs which have waiting status, but haven't been picked by a runner for a long time
@ -1404,7 +1406,7 @@ Please note that using `self` is not recommended for most cases, as it could mak
 Additionally, it requires you to mirror all the actions you need to your Gitea instance, which may not be worth it.
 Therefore, please use `self` only if you understand what you are doing.

-In earlier versions (<= 1.19), `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`.
+In earlier versions (`<= 1.19`), `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`.
 However, later updates removed those options, and now the only options are `github` and `self`, with the default value being `github`.
 However, if you want to use actions from other git server, you can use a complete URL in `uses` field, it's supported by Gitea (but not GitHub).
 Like `uses: https://gitea.com/actions/checkout@v3` or `uses: http://your-git-server/actions/checkout@v3`.
--- a/docs/content/administration/config-cheat-sheet.zh-cn.md
+++ b/docs/content/administration/config-cheat-sheet.zh-cn.md
@ -145,7 +145,7 @@ menu:
 - `ENABLED`: **true**: 是否启用仓库文件上传。
 - `TEMP_PATH`: **data/tmp/uploads**: 文件上传的临时保存路径(在Gitea重启的时候该目录会被清空)。
 - `ALLOWED_TYPES`: **_empty_**: 以逗号分割的列表，代表支持上传的文件类型。(`.zip`), mime类型 (`text/plain`) or 通配符类型 (`image/*`, `audio/*`, `video/*`). 为空或者 `*/*`代表允许所有类型文件。
- `FILE_MAX_SIZE`: **3**: 每个文件的最大大小(MB)。
+- `FILE_MAX_SIZE`: **50**: 每个文件的最大大小(MB)。
 - `MAX_FILES`: **5**: 每次上传的最大文件数。

 ### 仓库 - 版本发布 (`repository.release`)
@ -195,9 +195,7 @@ menu:
 ## 跨域 (`cors`)

 - `ENABLED`: **false**: 启用 CORS 头部（默认禁用）
- `SCHEME`: **http**: 允许请求的协议
 - `ALLOW_DOMAIN`: **\***: 允许请求的域名列表
- `ALLOW_SUBDOMAIN`: **false**: 允许上述列出的头部的子域名发出请求。
 - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: 允许发起的请求方式列表
 - `MAX_AGE`: **10m**: 缓存响应的最大时间
 - `ALLOW_CREDENTIALS`: **false**: 允许带有凭据的请求
@ -335,7 +333,7 @@ menu:
 - `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** 或 **username, email**：\[off, username, email, anything\]：指定允许用户用作 principal 的值。当设置为 `anything` 时，对 principal 字符串不执行任何检查。当设置为 `off` 时，不允许设置授权的 principal。
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**：当 Gitea 不使用内置 SSH 服务器且 `SSH_AUTHORIZED_PRINCIPALS_ALLOW` 不为 `off` 时，默认情况下 Gitea 会创建一个 authorized_principals 文件。
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**：在重写所有密钥时启用 SSH 授权 principal 备份，默认值为 true（如果 `SSH_AUTHORIZED_PRINCIPALS_ALLOW` 不为 `off`）。
- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**：设置用于传递授权密钥的命令模板。可能的密钥是：AppPath、AppWorkPath、CustomConf、CustomPath、Key，其中 Key 是 `models/asymkey.PublicKey`，其他是 shellquoted 字符串。
+- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **`{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}`**：设置用于传递授权密钥的命令模板。可能的密钥是：AppPath、AppWorkPath、CustomConf、CustomPath、Key，其中 Key 是 `models/asymkey.PublicKey`，其他是 shellquoted 字符串。
 - `SSH_SERVER_CIPHERS`: **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com**：对于内置的 SSH 服务器，选择支持的 SSH 连接的加密方法，对于系统 SSH，此设置无效。
 - `SSH_SERVER_KEY_EXCHANGES`: **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1**：对于内置 SSH 服务器，选择支持的 SSH 连接的密钥交换算法，对于系统 SSH，此设置无效。
 - `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1**：对于内置 SSH 服务器，选择支持的 SSH 连接的 MAC 算法，对于系统 SSH，此设置无效。
@ -784,7 +782,7 @@ Gitea 创建以下非唯一队列：

 - `ENABLED`: **true**: 是否允许用户上传附件。
 - `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: 允许的文件扩展名（`.zip`）、mime 类型（`text/plain`）或通配符类型（`image/*`、`audio/*`、`video/*`）的逗号分隔列表。空值或 `*/*` 允许所有类型。
- `MAX_SIZE`: **4**: 附件的最大限制（MB）。
+- `MAX_SIZE`: **2048**: 附件的最大限制（MB）。
 - `MAX_FILES`: **5**: 一次最多上传的附件数量。
 - `STORAGE_TYPE`: **local**: 附件的存储类型，`local` 表示本地磁盘，`minio` 表示兼容 S3 的对象存储服务，如果未设置将使用默认值 `local` 或其他在 `[storage.xxx]` 中定义的名称。
 - `SERVE_DIRECT`: **false**: 允许存储驱动器重定向到经过身份验证的 URL 以直接提供文件。目前，只支持 Minio/S3 通过签名 URL 提供支持，local 不会执行任何操作。
@ -1040,10 +1038,11 @@ Gitea 创建以下非唯一队列：

 ## API (`api`)

- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 (`/api/swagger`, `/api/v1/swagger`, …)。
- `MAX_RESPONSE_ITEMS`: **50**: 单个页面的最大 Feed.
- `ENABLE_OPENID_SIGNIN`: **false**: 允许使用OpenID登录，当设置为`true`时可以通过 `/user/login` 页面进行OpenID登录。
- `DISABLE_REGISTRATION`: **false**: 关闭用户注册。
+- `ENABLE_SWAGGER`: **true**: 启用API文档接口 (`/api/swagger`, `/api/v1/swagger`, …). True or false。
+- `MAX_RESPONSE_ITEMS`: **50**: API分页的最大单页项目数。
+- `DEFAULT_PAGING_NUM`: **30**: API分页的默认分页数。
+- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Git trees API的默认单页项目数。
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760** (10MiB): blobs API的默认最大文件大小。

 ## OAuth2 (`oauth2`)

@ -1344,7 +1343,7 @@ PROXY_HOSTS = *.github.com
 此外，它要求您将所有所需的操作镜像到您的 Gitea 实例，这可能不值得。
 因此，请仅在您了解自己在做什么的情况下使用 `self`。

-在早期版本（<= 1.19）中，`DEFAULT_ACTIONS_URL` 可以设置为任何自定义 URL，例如 `https://gitea.com` 或 `http://your-git-server,https://gitea.com`，默认值为 `https://gitea.com`。
+在早期版本（`<= 1.19`）中，`DEFAULT_ACTIONS_URL` 可以设置为任何自定义 URL，例如 `https://gitea.com` 或 `http://your-git-server,https://gitea.com`，默认值为 `https://gitea.com`。
 然而，后来的更新删除了这些选项，现在唯一的选项是 `github` 和 `self`，默认值为 `github`。
 但是，如果您想要使用其他 Git 服务器中的操作，您可以在 `uses` 字段中使用完整的 URL，Gitea 支持此功能（GitHub 不支持）。
 例如 `uses: https://gitea.com/actions/checkout@v3` 或 `uses: http://your-git-server/actions/checkout@v3`。
--- a/docs/content/administration/customizing-gitea.zh-cn.md
+++ b/docs/content/administration/customizing-gitea.zh-cn.md
@ -42,11 +42,11 @@ Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板

 将自定义的公共文件（比如页面和图片）作为 webroot 放在 `custom/public/` 中来让 Gitea 提供这些自定义内容（符号链接将被追踪）。

-举例说明：`image.png` 存放在 `custom/public/`中，那么它可以通过链接 http://gitea.domain.tld/assets/image.png 访问。
+举例说明：`image.png` 存放在 `custom/public/assets/`中，那么它可以通过链接 http://gitea.domain.tld/assets/image.png 访问。

 ## 修改默认头像

-替换以下目录中的 png 图片： `custom/public/img/avatar\_default.png`
+替换以下目录中的 png 图片： `custom/public/assets/img/avatar\_default.png`

 ## 自定义 Gitea 页面

--- a/docs/content/administration/email-setup.en-us.md
+++ b/docs/content/administration/email-setup.en-us.md
@ -61,7 +61,7 @@ Please note: authentication is only supported when the SMTP server communication

 - STARTTLS (also known as Opportunistic TLS) via port 587. Initial connection is done over cleartext, but then be upgraded over TLS if the server supports it.
 - SMTPS connection (SMTP over TLS) via the default port 465. Connection to the server use TLS from the beginning.
- Forced SMTPS connection with `IS_TLS_ENABLED=true`. (These are both known as Implicit TLS.)
+- Forced SMTPS connection with `PROTOCOL=smtps`. (These are both known as Implicit TLS.)
 This is due to protections imposed by the Go internal libraries against STRIPTLS attacks.

 Note that Implicit TLS is recommended by [RFC8314](https://tools.ietf.org/html/rfc8314#section-3) since 2018.
--- a/docs/content/administration/email-setup.zh-cn.md
+++ b/docs/content/administration/email-setup.zh-cn.md
@ -55,13 +55,13 @@ PASSWD         = `password`

 要发送测试邮件以验证设置，请转到 Gitea > 站点管理 > 配置 > SMTP 邮件配置。

-有关所有选项的完整列表，请查看[配置速查表](doc/administration/config-cheat-sheet.zh-cn.md)。
+有关所有选项的完整列表，请查看[配置速查表](administration/config-cheat-sheet.md)。

 请注意：只有在使用 TLS 或 `HOST=localhost` 加密 SMTP 服务器通信时才支持身份验证。TLS 加密可以通过以下方式进行：

 - 通过端口 587 的 STARTTLS（也称为 Opportunistic TLS）。初始连接是明文的，但如果服务器支持，则可以升级为 TLS。
 - 通过默认端口 465 的 SMTPS 连接。连接到服务器从一开始就使用 TLS。
- 使用 `IS_TLS_ENABLED=true` 进行强制的 SMTPS 连接。（这两种方式都被称为 Implicit TLS）
+- 使用 `PROTOCOL=smtps` 进行强制的 SMTPS 连接。（这两种方式都被称为 Implicit TLS）
 这是由于 Go 内部库对 STRIPTLS 攻击的保护机制。

 请注意，自2018年起，[RFC8314](https://tools.ietf.org/html/rfc8314#section-3) 推荐使用 Implicit TLS。
--- a/docs/content/administration/external-renderers.zh-cn.md
+++ b/docs/content/administration/external-renderers.zh-cn.md
@ -194,7 +194,7 @@ ALLOW_DATA_URI_IMAGES = true
 }
 ```

-将您的样式表添加到自定义目录中，例如 `custom/public/css/my-style-XXXXX.css`，并使用自定义的头文件 `custom/templates/custom/header.tmpl` 进行导入：
+将您的样式表添加到自定义目录中，例如 `custom/public/assets/css/my-style-XXXXX.css`，并使用自定义的头文件 `custom/templates/custom/header.tmpl` 进行导入：

 ```html
 <link rel="stylesheet" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
--- a/docs/content/administration/https-support.zh-cn.md
+++ b/docs/content/administration/https-support.zh-cn.md
@ -33,7 +33,7 @@ CERT_FILE = cert.pem
 KEY_FILE  = key.pem
 ```

-请注意，如果您的证书由第三方证书颁发机构签名（即不是自签名的），则 cert.pem 应包含证书链。服务器证书必须是 cert.pem 中的第一个条目，后跟中介（如果有）。不必包含根证书，因为连接客户端必须已经拥有根证书才能建立信任关系。要了解有关配置值的更多信息，请查看 [配置备忘单](../config-cheat-sheet#server-server)。
+请注意，如果您的证书由第三方证书颁发机构签名（即不是自签名的），则 cert.pem 应包含证书链。服务器证书必须是 cert.pem 中的第一个条目，后跟中介（如果有）。不必包含根证书，因为连接客户端必须已经拥有根证书才能建立信任关系。要了解有关配置值的更多信息，请查看 [配置备忘单](administration/config-cheat-sheet#server-server)。

 对于“CERT_FILE”或“KEY_FILE”字段，当文件路径是相对路径时，文件路径相对于“GITEA_CUSTOM”环境变量。它也可以是绝对路径。

--- a/docs/content/contributing/guidelines-frontend.en-us.md
+++ b/docs/content/contributing/guidelines-frontend.en-us.md
@ -48,11 +48,12 @@ We recommend [Google HTML/CSS Style Guide](https://google.github.io/styleguide/h
 10. Avoid mixing different events in one event listener, prefer to use individual event listeners for every event.
 11. Custom event names are recommended to use `ce-` prefix.
 12. Gitea's tailwind-style CSS classes use `gt-` prefix (`gt-relative`), while Gitea's own private framework-level CSS classes use `g-` prefix (`g-modal-confirm`).
+13. Avoid inline scripts & styles as much as possible, it's recommended to put JS code into JS files and use CSS classes. If inline scripts & styles are unavoidable, explain the reason why it can't be avoided.

 ### Accessibility / ARIA

 In history, Gitea heavily uses Fomantic UI which is not an accessibility-friendly framework.
-Gitea uses some patches to make Fomantic UI more accessible (see the `aria.js` and `aria.md`),
+Gitea uses some patches to make Fomantic UI more accessible (see `aria.md` and related JS files),
 but there are still many problems which need a lot of work and time to fix.

 ### Framework Usage
--- a/docs/content/development/api-usage.en-us.md
+++ b/docs/content/development/api-usage.en-us.md
@ -19,10 +19,7 @@ menu:

 ## Enabling/configuring API access

-By default, `ENABLE_SWAGGER` is true, and
-`MAX_RESPONSE_ITEMS` is set to 50. See [Config Cheat
-Sheet](administration/config-cheat-sheet.md) for more
-information.
+By default, `ENABLE_SWAGGER` is true, and `MAX_RESPONSE_ITEMS` is set to 50. See [Config Cheat Sheet](administration/config-cheat-sheet.md) for more information.

 ## Authentication

--- a/docs/content/development/api-usage.zh-cn.md
+++ b/docs/content/development/api-usage.zh-cn.md
@ -19,8 +19,7 @@ menu:

 ## 开启/配置 API 访问

-通常情况下， `ENABLE_SWAGGER` 默认开启并且参数 `MAX_RESPONSE_ITEMS` 默认为 50。您可以从 [Config Cheat
-Sheet](administration/config-cheat-sheet.md) 中获取更多配置相关信息。
+通常情况下， `ENABLE_SWAGGER` 默认开启并且参数 `MAX_RESPONSE_ITEMS` 默认为 50。您可以从 [Config Cheat Sheet](administration/config-cheat-sheet.md) 中获取更多配置相关信息。

 ## 通过 API 认证

--- a/docs/content/help/faq.en-us.md
+++ b/docs/content/help/faq.en-us.md
@ -138,9 +138,9 @@ All Gitea instances have the built-in API and there is no way to disable it comp
 You can, however, disable showing its documentation by setting `ENABLE_SWAGGER` to `false` in the `api` section of your `app.ini`.
 For more information, refer to Gitea's [API docs](development/api-usage.md).

-You can see the latest API (for example) on <https://try.gitea.io/api/swagger>.
+You can see the latest API (for example) on https://try.gitea.io/api/swagger

-You can also see an example of the `swagger.json` file at <https://try.gitea.io/swagger.v1.json>.
+You can also see an example of the `swagger.json` file at https://try.gitea.io/swagger.v1.json

 ## Adjusting your server for public/private use

--- a/Show more
+++ b/Show more