Dockerfile: rename user to _gitea instead of git

[SEMVER] bump to 4.2.2+0-gitea-1.19.4
Changelog for v1.19.4 (#25667 )
2023-07-10 12:15:04 -03:00 · 2023-07-05 08:19:39 +02:00 · 2023-07-05 08:18:41 +02:00 · 2023-07-05 08:18:41 +02:00 · 2023-07-05 08:18:41 +02:00 · 2023-07-05 08:18:41 +02:00
958 changed files with 34006 additions and 18810 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -43,7 +43,7 @@ steps:
    depends_on: [deps-frontend]

  - name: lint-backend
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - make lint-backend
@ -57,7 +57,7 @@ steps:
        path: /go

  - name: lint-backend-windows
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make golangci-lint-windows vet
    environment:
@ -72,7 +72,7 @@ steps:
        path: /go

  - name: lint-backend-gogit
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make lint-backend
    environment:
@ -264,13 +264,13 @@ steps:
      - git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}

  - name: prepare-test-env
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - ./build/test-env-prepare.sh

  - name: build
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - ./build/test-env-check.sh
@ -285,7 +285,7 @@ steps:
        path: /go

  - name: unit-test
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make unit-test-coverage test-check
@ -301,7 +301,7 @@ steps:
        path: /go

  - name: unit-test-gogit
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make unit-test-coverage test-check
@ -317,7 +317,7 @@ steps:
        path: /go

  - name: test-mysql
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make test-mysql-migration integration-test-coverage
@ -334,7 +334,7 @@ steps:
        path: /go

  - name: test-mysql8
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-mysql8-migration test-mysql8
@ -350,7 +350,7 @@ steps:
        path: /go

  - name: test-mssql
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make test-mssql-migration test-mssql
@ -454,13 +454,13 @@ steps:
        path: /go

  - name: prepare-test-env
-    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - ./build/test-env-prepare.sh

  - name: build
-    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - ./build/test-env-check.sh
@ -475,7 +475,7 @@ steps:
        path: /go

  - name: test-sqlite
-    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-sqlite-migration test-sqlite
@ -491,7 +491,7 @@ steps:
        path: /go

  - name: test-pgsql
-    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-pgsql-migration test-pgsql
@ -507,81 +507,6 @@ steps:
      - name: deps
        path: /go

---
-kind: pipeline
-type: docker
-name: testing-e2e
-
-platform:
-  os: linux
-  arch: amd64
-
-depends_on:
-  - compliance
-
-trigger:
-  event:
-    - pull_request
-  paths:
-    exclude:
-      - docs/**
-
-volumes:
-  - name: deps
-    temp: {}
-
-services:
-  - name: pgsql
-    pull: default
-    image: postgres:10
-    environment:
-      POSTGRES_DB: testgitea-e2e
-      POSTGRES_PASSWORD: postgres
-      POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate='en_US.UTF-8' --lc-ctype='en_US.UTF-8'
-
-steps:
-  - name: deps-frontend
-    image: node:18
-    pull: always
-    commands:
-      - make deps-frontend
-
-  - name: build-frontend
-    image: node:18
-    commands:
-      - make frontend
-    depends_on: [deps-frontend]
-
-  - name: deps-backend
-    image: golang:1.18
-    pull: always
-    commands:
-      - make deps-backend
-    volumes:
-      - name: deps
-        path: /go
-
-  # TODO: We should probably build all dependencies into a test image
-  - name: test-e2e
-    image: mcr.microsoft.com/playwright:v1.29.2-focal
-    commands:
-      - curl -sLO https://go.dev/dl/go1.20.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
-      - groupadd --gid 1001 gitea && useradd -m --gid 1001 --uid 1001 gitea
-      - apt-get -qq update && apt-get -qqy install build-essential
-      - export TEST_PGSQL_SCHEMA=''
-      - ./build/test-env-prepare.sh
-      - su gitea bash -c "export PATH=$PATH:/usr/local/go/bin && timeout -s ABRT 40m make test-e2e-pgsql"
-    environment:
-      GOPROXY: https://goproxy.io
-      GOSUMDB: sum.golang.org
-      USE_REPO_TEST_DIR: 1
-      TEST_PGSQL_DBNAME: 'testgitea-e2e'
-      DEBIAN_FRONTEND: noninteractive
-    depends_on: [build-frontend, deps-backend]
-    volumes:
-      - name: deps
-        path: /go
-
 ---
 kind: pipeline
 name: update_translations
@ -963,6 +888,12 @@ trigger:
      - docs/**

 steps:
+  - name: lint-docs
+    image: node:18
+    commands:
+      - make deps-frontend
+      - make lint-frontend
+
  - name: build-docs
    image: golang:1.20
    commands:
@ -1016,7 +947,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: true
@ -1028,13 +959,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
@ -1046,6 +981,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1080,7 +1019,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      tags: ${DRONE_TAG##v}-linux-amd64
@ -1091,13 +1030,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      tags: ${DRONE_TAG##v}-linux-amd64-rootless
@ -1108,6 +1051,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1142,11 +1089,11 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: false
-      tags: dev-linux-amd64
+      tags: nightly-linux-amd64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1154,17 +1101,21 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
-      tags: dev-linux-amd64-rootless
+      tags: nightly-linux-amd64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1172,6 +1123,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1205,11 +1160,11 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: false
-      tags: ${DRONE_BRANCH##release/v}-dev-linux-amd64
+      tags: ${DRONE_BRANCH##release/v}-nightly-linux-amd64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1217,17 +1172,21 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
-      tags: ${DRONE_BRANCH##release/v}-dev-linux-amd64-rootless
+      tags: ${DRONE_BRANCH##release/v}-nightlf-linux-amd64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1235,6 +1194,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1243,7 +1206,7 @@ steps:
 ---
 kind: pipeline
 type: docker
-name: docker-linux-arm64-dry-run
+name: docker-linux-amd64-dry-run

 platform:
  os: linux
@ -1261,7 +1224,7 @@ trigger:

 steps:
  - name: dryrun
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      dry_run: true
@ -1272,6 +1235,7 @@ steps:
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        - pull_request
@ -1308,7 +1272,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: true
@ -1320,13 +1284,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
@ -1338,6 +1306,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1372,7 +1344,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      tags: ${DRONE_TAG##v}-linux-arm64
@ -1383,13 +1355,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      tags: ${DRONE_TAG##v}-linux-arm64-rootless
@ -1400,6 +1376,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1434,11 +1414,11 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: false
-      tags: dev-linux-arm64
+      tags: nightly-linux-arm64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1446,17 +1426,21 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
-      tags: dev-linux-arm64-rootless
+      tags: nightly-linux-arm64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1464,6 +1448,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1497,11 +1485,11 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: false
-      tags: ${DRONE_BRANCH##release/v}-dev-linux-arm64
+      tags: ${DRONE_BRANCH##release/v}-nightly-linux-arm64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1509,17 +1497,21 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
-      tags: ${DRONE_BRANCH##release/v}-dev-linux-arm64-rootless
+      tags: ${DRONE_BRANCH##release/v}-nightly-linux-arm64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@ -1527,6 +1519,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
--- a/.gitea/ISSUE_TEMPLATE/bug-report.md
+++ b/.gitea/ISSUE_TEMPLATE/bug-report.md
@ -0,0 +1,53 @@
+---
+name: "Bug Report"
+about: "Found something you weren't expecting? Report it here!"
+title: "[BUG] "
+---
+<!--
+NOTE: If your issue is a security concern, please email security@forgejo.org (GPG: A4676E79) instead of opening a public issue.
+
+1. Please speak English, as this is the language all maintainers can
+   speak and write.
+
+2. Please ask questions or troubleshoot configuration/deploy problems
+   in our Matrix space (https://matrix.to/#/#forgejo:matrix.org).
+
+3. Please make sure you are using the latest release of Forgejo and
+   take a moment to check that your issue hasn't been reported before.
+
+4. Please give all relevant information below for bug reports, because
+   incomplete details will be handled as an invalid report.
+
+5. If you are using a proxy or a CDN (e.g. CloudFlare) in front of
+   Forgejo, please disable the proxy/CDN fully and connect to Forgejo
+   directly to confirm the issue still persists without those services.
+-->
+
+- Forgejo version (or commit ref):
+- Git version:
+- Operating system:
+- Database (use `[x]`):
+  - [ ] PostgreSQL
+  - [ ] MySQL
+  - [ ] MSSQL
+  - [ ] SQLite
+- How are you running Forgejo?
+<!--
+Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
+Please also tell us how you are running Forgejo, e.g. if it is being run from docker, a command-line, systemd etc.
+If you are using a package or systemd tell us what distribution you are using.
+-->
+
+## Description
+<!-- Please describe the issue you are having as clearly and succinctly as possible. -->
+
+## Logs
+<!--
+It is really important to provide pertinent logs. We need DEBUG level logs.
+Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
+In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of `app.ini`.
+Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden.
+-->
+
+## Screenshots
+<!-- If this issue involves the Web Interface, please provide one or more screenshots -->
--- a/.gitea/ISSUE_TEMPLATE/feature-request.md
+++ b/.gitea/ISSUE_TEMPLATE/feature-request.md
@ -0,0 +1,24 @@
+---
+name: "Feature Request"
+about: "Got an idea for a feature that Forgejo doesn't have yet? Submit it here!"
+title: "[FEAT] "
+---
+<!--
+1. Please speak English, as this is the language all maintainers can
+   speak and write.
+
+2. Please ask questions or troubleshoot configuration/deploy problems
+   in our Matrix space (https://matrix.to/#/#forgejo:matrix.org).
+
+3. Please make sure you are using the latest release of Forgejo and
+   take a moment to check that your feature hasn't already been suggested.
+-->
+
+## Needs and benefits
+<!-- Please describe the needs this feature intends to address and the benefits it brings. -->
+
+## Feature Description
+<!-- Please describe the feature you would like to see added as clearly and succinctly as possible. -->
+
+## Screenshots
+<!-- If you can, provide screenshots of an implementation on another site, e.g. GitHub. -->
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@ -1,42 +0,0 @@
-<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
-
-<!--
-    1. Please speak English, this is the language all maintainers can speak and write.
-    2. Please ask questions or configuration/deploy problems on our Discord
-       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-    3. Please take a moment to check that your issue doesn't already exist.
-    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-    5. Please give all relevant information below for bug reports, because
-       incomplete details will be handled as an invalid report.
-->
-
- Gitea version (or commit ref):
- Git version:
- Operating system:
-  <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package -->
-  <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. --->
-  <!-- If you are using a package or systemd tell us what distribution you are using -->
- Database (use `[x]`):
-  - [ ] PostgreSQL
-  - [ ] MySQL
-  - [ ] MSSQL
-  - [ ] SQLite
- Can you reproduce the bug at https://try.gitea.io:
-  - [ ] Yes (provide example URL)
-  - [ ] No
- Log gist:
-<!-- It really is important to provide pertinent logs -->
-<!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems -->
-<!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->
-
-## Description
-<!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please
-     disable the proxy/CDN fully and connect to gitea directly to confirm
-     the issue still persists without those services. -->
-
-...
-
-
-## Screenshots
-
-<!-- **If this issue involves the Web Interface, please include a screenshot** -->
--- a/.gitea/pull_request_template.md
+++ b/.gitea/pull_request_template.md
@ -0,0 +1,4 @@
+<!--
+Before submitting a PR, please read the contributing guidelines:
+https://codeberg.org/forgejo/forgejo/src/branch/main/CONTRIBUTING.md
+-->
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,2 +0,0 @@
-open_collective: gitea
-custom: https://www.bountysource.com/teams/gitea
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@ -1,94 +0,0 @@
-name: Bug Report
-description: Found something you weren't expecting? Report it here!
-labels: kind/bug
-body:
- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Make sure you are using the latest release and
-         take a moment to check that your issue hasn't been reported before.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
-         Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-         In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) of your instance
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: markdown
-  attributes:
-    value: |
-      It's really important to provide pertinent logs
-      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: input
-  id: logs
-  attributes:
-    label: Log Gist
-    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If this issue involves the Web Interface, please provide one or more screenshots
- type: input
-  id: git-ver
-  attributes:
-    label: Git Version
-    description: The version of git running on the server
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to run Gitea
- type: textarea
-  id: run-info
-  attributes:
-    label: How are you running Gitea?
-    description: |
-      Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
-      Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
-      If you are using a package or systemd tell us what distribution you are using
-  validations:
-    required: true
- type: dropdown
-  id: database
-  attributes:
-    label: Database
-    description: What database system are you running?
-    options:
-    - PostgreSQL
-    - MySQL
-    - MSSQL
-    - SQLite
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,17 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Security Concern
-    url: https://tinyurl.com/security-gitea
-    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
-  - name: Discord Server
-    url: https://discord.gg/Gitea
-    about: Please ask questions and discuss configuration or deployment problems here.
-  - name: Discourse Forum
-    url: https://discourse.gitea.io
-    about: Questions and configuration or deployment problems can also be discussed on our forum.    
-  - name: Frequently Asked Questions
-    url: https://docs.gitea.io/en-us/faq
-    about: Please check if your question isn't mentioned here.
-  - name: Crowdin Translations
-    url: https://crowdin.com/project/gitea
-    about: Translations are managed here.
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@ -1,24 +0,0 @@
-name: Feature Request
-description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-labels: ["kind/feature", "kind/proposal"]
-body:
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your feature hasn't already been suggested.
- type: textarea
-  id: description
-  attributes:
-    label: Feature Description
-    placeholder: |
-      I think it would be great if Gitea had...
-  validations:
-    required: true
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If you can, provide screenshots of an implementation on another site e.g. GitHub
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@ -1,66 +0,0 @@
-name: Web Interface Bug Report
-description: Something doesn't look quite as it should?  Report it here!
-labels: ["kind/bug", "kind/ui"]
-body:
- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your issue doesn't already exist.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
-         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-         DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: Please provide at least 1 screenshot showing the issue.
-  validations:
-    required: true
- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) your instance is running
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to access Gitea
- type: input
-  id: browser-ver
-  attributes:
-    label: Browser Version
-    description: The browser and version that you are using to access Gitea
-  validations:
-    required: true
--- a/.github/lock.yml
+++ b/.github/lock.yml
@ -1,23 +0,0 @@
-# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
-
-# Number of days of inactivity before a closed issue or pull request is locked
-daysUntilLock: 60
-
-# Skip issues and pull requests created before a given timestamp. Timestamp must
-# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
-skipCreatedBefore: false
-
-# Issues and pull requests with these labels will be ignored.
-exemptLabels: []
-
-# Label to add before locking, such as `outdated`. `false` is disabled
-lockLabel: false
-
-# Comment to post before locking.
-lockComment: >
-  This thread has been automatically locked since there has not been
-  any recent activity after it was closed. Please open a new issue for
-  related bugs and link to relevant comments in this thread.
-
-# Assign `resolved` as the reason for locking. Set to `false` to disable
-setLockReason: true
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -1,9 +0,0 @@
-<!-- start tips --> 
-Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for backports.
-2. Make sure you have read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md .
-3. Describe what your pull request does and which issue you're targeting (if any).
-4. It is recommended to enable "Allow edits by maintainers", so maintainers can help more easily.
-5. Your input here will be included in the commit message when this PR has been merged. If you don't want some content to be included, please separate them with a line like `---`.
-6. Delete all these tips before posting.
-<!-- end tips -->
--- a/.github/stale.yml
+++ b/.github/stale.yml
@ -1,54 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 60
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 14
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - status/blocked 
-  - kind/security 
-  - lgtm/done
-  - reviewed/confirmed
-  - priority/critical
-  - kind/proposal
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Comment to post when marking as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had recent activity. 
-  I am here to help clear issues left open even if solved or waiting for more insight.
-  This issue will be closed if no further activity occurs during the next 2 weeks.
-  If the issue is still valid just add a comment to keep it alive.
-  Thank you for your contributions.
-
-# Comment to post when closing a stale Issue or Pull Request.
-closeComment: >
-  This issue has been automatically closed because of inactivity.
-  You can re-open it if needed.
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 1
-
-# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
-pulls:
-  daysUntilStale: 60
-  daysUntilClose: 60
-  markComment: >
-    This pull request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you
-    for your contributions.
-  closeComment: >
-    This pull request has been automatically closed because of inactivity.
-    You can re-open it if needed.
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,6 @@
+# Emacs
+*~
+
 # Compiled Object files, Static and Dynamic libs (Shared Objects)
 *.o
 *.a
@ -112,3 +115,6 @@ prime/

 # Manpage
 /man
+
+# Generated merged Forgejo+Gitea language files
+/options/locale/locale_*
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@ -1,12 +1,16 @@
 plugins:
  - stylelint-declaration-strict-value

+ignoreFiles:
+  - "**/*.go"
+
 overrides:
-  - files: ["**/*.less"]
-    customSyntax: postcss-less
  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console/*"]
    rules:
      scale-unlimited/declaration-strict-value: null
+  - files: ["**/chroma/*", "**/codemirror/*"]
+    rules:
+      block-no-empty: null

 rules:
  alpha-value-notation: null
--- a/.woodpecker/compliance.yml
+++ b/.woodpecker/compliance.yml
@ -0,0 +1,75 @@
+platform: linux/amd64
+
+when:
+  event: [ push, pull_request, manual ]
+  branch:
+    exclude: [ soft-fork/*/*, soft-fork/*/*/* ]
+
+variables:
+ - &golang_image 'golang:1.20'
+ - &test_image 'codeberg.org/forgejo/test_env:1.19'
+ - &goproxy_override ''
+ - &goproxy_setup |-
+      if [ -n "$${GOPROXY_OVERRIDE:-}" ]; then
+        export GOPROXY="$${GOPROXY_OVERRIDE}";
+        echo "Using goproxy from goproxy_override \"$${GOPROXY}\"";
+      elif [ -n "$${GOPROXY_DEFAULT:-}" ]; then
+        export GOPROXY="$${GOPROXY_DEFAULT}";
+        echo "Using goproxy from goproxy_default (secret) not displaying";
+      else
+        export GOPROXY="https://proxy.golang.org,direct";
+        echo "No goproxy overrides or defaults given, using \"$${GOPROXY}\"";
+      fi
+
+workspace:
+  base: /go
+  path: src/codeberg/gitea
+
+pipeline:
+  deps-backend:
+    image: *golang_image
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make deps-backend
+
+  security-check:
+    image: *golang_image
+    group: checks
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make security-check
+
+  lint-backend:
+    image: *test_image
+    pull: true
+    group: checks
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+      TAGS: 'bindata sqlite sqlite_unlock_notify'
+      GOSUMDB: 'sum.golang.org'
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make lint-backend
+
+  checks-backend:
+    image: *test_image
+    group: checks
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make --always-make checks-backend
--- a/.woodpecker/testing-amd64.yml
+++ b/.woodpecker/testing-amd64.yml
@ -0,0 +1,149 @@
+platform: linux/amd64
+
+when:
+  event: [ push, pull_request, manual ]
+  branch:
+    exclude: [ soft-fork/*/*, soft-fork/*/*/* ]
+
+depends_on:
+- compliance
+
+variables:
+ - &golang_image 'golang:1.20'
+ - &test_image 'codeberg.org/forgejo/test_env:1.19'
+ - &mysql_image 'mysql:8'
+ - &pgsql_image 'postgres:10'
+ - &goproxy_override ''
+ - &goproxy_setup |-
+      if [ -n "$${GOPROXY_OVERRIDE:-}" ]; then
+        export GOPROXY="$${GOPROXY_OVERRIDE}";
+        echo "Using goproxy from goproxy_override \"$${GOPROXY}\"";
+      elif [ -n "$${GOPROXY_DEFAULT:-}" ]; then
+        export GOPROXY="$${GOPROXY_DEFAULT}";
+        echo "Using goproxy from goproxy_default (secret) not displaying";
+      else
+        export GOPROXY="https://proxy.golang.org,direct";
+        echo "No goproxy overrides or defaults given, using \"$${GOPROXY}\"";
+      fi
+
+services:
+  mysql8:
+    image: *mysql_image
+    pull: true
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: yes
+      MYSQL_DATABASE: testgitea
+
+  pgsql:
+    image: *pgsql_image
+    pull: true
+    environment:
+      POSTGRES_DB: test
+      POSTGRES_PASSWORD: postgres
+
+workspace:
+  base: /go
+  path: src/codeberg/gitea
+
+pipeline:
+  git-safe:
+    image: *golang_image
+    pull: true
+    commands:
+    - git config --add safe.directory '*'
+
+  deps-backend:
+    image: *golang_image
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make deps-backend
+
+  tag-pre-condition:
+    image: *golang_image
+    pull: true
+    commands:
+    - git update-ref refs/heads/tag_test ${CI_COMMIT_SHA}
+
+  prepare-test-env:
+    image: *test_image
+    pull: true
+    commands:
+    - ./build/test-env-prepare.sh
+
+  environment-to-ini:
+    image: *golang_image
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    commands:
+      - *goproxy_setup
+      - go test contrib/environment-to-ini/environment-to-ini.go contrib/environment-to-ini/environment-to-ini_test.go
+
+  build:
+    image: *test_image
+    environment:
+      GOSUMDB: sum.golang.org
+      TAGS: bindata sqlite sqlite_unlock_notify
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - su gitea -c './build/test-env-check.sh'
+    - su gitea -c 'make backend'
+
+  unit-test:
+    image: *test_image
+    environment:
+      TAGS: 'bindata sqlite sqlite_unlock_notify'
+      RACE_ENABLED: 'true'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+    - github_read_token
+    - goproxy_default
+    commands:
+    - *goproxy_setup
+    - su gitea -c 'make unit-test-coverage test-check'
+
+  test-mysql8:
+    group: integration
+    image: *test_image
+    commands:
+      - *goproxy_setup
+      - su gitea -c 'timeout -s ABRT 50m make test-mysql8-migration test-mysql8'
+    environment:
+      TAGS: 'bindata'
+      RACE_ENABLED: 'true'
+      USE_REPO_TEST_DIR: '1'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+
+  test-pgsql:
+    group: integration
+    image: *test_image
+    commands:
+      - *goproxy_setup
+      - su gitea -c 'timeout -s ABRT 50m make test-pgsql-migration test-pgsql'
+    environment:
+      TAGS: 'bindata'
+      RACE_ENABLED: 'true'
+      USE_REPO_TEST_DIR: '1'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+
+  test-sqlite:
+    group: integration
+    image: *test_image
+    environment:
+    - USE_REPO_TEST_DIR=1
+    - GOPROXY=off
+    - TAGS=bindata gogit sqlite sqlite_unlock_notify
+    - TEST_TAGS=bindata gogit sqlite sqlite_unlock_notify
+    commands:
+    - su gitea -c 'timeout -s ABRT 120m make test-sqlite-migration test-sqlite'
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,553 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

+## [1.19.4](https://github.com/go-gitea/gitea/releases/tag/v1.19.4) - 2023-07-04
+
+* SECURITY
+  * Fix open redirect check for more cases (#25143) (#25155)
+* API
+  * Return `404` in the API if the requested webhooks were not found (#24823) (#24830)
+  * Fix `organization` field being `null` in `GET /api/v1/teams/{id}` (#24694) (#24696)
+* ENHANCEMENTS
+  * Set `--font-weight-bold` to 600 (#24840)
+  * Make mailer SMTP check have timed context (#24751) (#24759)
+  * Do not select line numbers when selecting text from the action run logs (#24594) (#24596)
+* BUGFIXES
+  * Fix bug when change user name (#25637) (#25645)
+  * Fix task list checkbox toggle to work with YAML front matter (#25184) (#25236)
+  * Hide limited users if viewed by anonymous ghost (#25214) (#25224)
+  * Add `WithPullRequest` for `actionsNotifier` (#25144) (#25196)
+  * Fix parallelly generating index failure with Mysql (#24567) (#25081)
+  * GitLab migration: Sanitize response for reaction list (#25054) (#25059)
+  * Fix users cannot visit issue attachment bug (#25019) (#25027)
+  * Fix missing reference prefix of commits when sync mirror repository (#24994)
+  * Only validate changed columns when update user (#24867) (#24903)
+  * Make DeleteIssue use correct context (#24885)
+  * Fix topics deleted via API not being deleted in org page (#24825) (#24829)
+  * Fix Actions being enabled accidentally (#24802) (#24810)
+  * Fix missed table name on iterate lfs meta objects (#24768) (#24774)
+  * Fix safari cookie session bug (#24772)
+  * Respect original content when creating secrets (#24745) (#24746)
+  * Fix Pull Mirror out-of-sync bugs (#24732) (#24733)
+  * Fix run list broken when trigger user deleted (#24706) (#24709)
+  * Fix issues list page multiple selection update milestones (#24660) (#24663)
+  * Fix: release page for empty or non-existing target (#24659)
+  * Fix close org projects (#24588) (#24591)
+  * Refresh the refernce of the closed PR when reopening (#24231) (#24587)
+  * Fix the permission of team's `Actions` unit issue (#24536) (#24545)
+  * Bump go.etcd.io/bbolt and blevesearch deps (#23062) (#24519)
+  * Fix new wiki page mirror (#24518)
+  * Match unqualified references when syncing pulls as well (#23070)
+* DOCS
+  * Change branch name from master to main in some documents' links (#25126) (#25139)
+  * Remove unnecessary content on docs (#24976) (#25001)
+  * Unify doc links to use paths relative to doc folder (#24979) (#25000)
+  * Fix docs documenting invalid `@every` for `OLDER_THAN` cron settings (#24695) (#24698)
+* MISC
+  * Merge different languages for language stats (#24900) (#24921)
+  * Hiding Secrets options when Actions feature is disabled (#24792)
+  * Improve decryption failure message (#24573) (#24575)
+  * Makefile: Use portable !, not GNUish -not, with find(1). (#24565) (#24572)
+
+## [1.19.3](https://github.com/go-gitea/gitea/releases/tag/1.19.3) - 2023-05-03
+
+* SECURITY
+  * Use golang 1.20.4 to fix CVE-2023-24539, CVE-2023-24540, and CVE-2023-29400
+* ENHANCEMENTS
+  * Enable whitespace rendering on selection in Monaco (#24444) (#24485)
+  * Improve milestone filter on issues page (#22423) (#24440)
+* BUGFIXES
+  * Fix api error message if fork exists (#24487) (#24493)
+  * Fix user-cards format (#24428) (#24431)
+  * Fix incorrect CurrentUser check for docker rootless (#24435)
+  * Getting the tag list does not require being signed in (#24413) (#24416)
+
+## [1.19.2](https://github.com/go-gitea/gitea/releases/tag/1.19.2) - 2023-04-26
+
+* SECURITY
+  * Require repo scope for PATs for private repos and basic authentication (#24362) (#24364)
+  * Only delete secrets belonging to its owner (#24284) (#24286)
+* API
+  * Fix typo in API route (#24310) (#24332)
+  * Fix access token issue on some public endpoints (#24194) (#24259)
+* ENHANCEMENTS
+  * Fix broken clone script on an empty archived repo (#24339) (#24348)
+  * Fix Monaco IOS keyboard button (#24341) (#24347)
+  * Don't set meta `theme-color` by default (#24340) (#24346)
+  * Wrap too long push mirror addresses (#21120) (#24334)
+  * Add --font-weight-bold and set previous bold to 601 (#24307) (#24331)
+  * Unify nightly naming across binaries and docker images (#24116) (#24308)
+  * Fix footer display (#24251) (#24269)
+  * Fix label color, fix divider in dropdown (#24215) (#24244)
+  * Vertical widths of containers removed (#24184) (#24211)
+  * Use correct locale key for forks page (#24172) (#24175)
+  * Sort repo topic labels by name (#24123) (#24153)
+  * Highlight selected file in the PR file tree (#23947) (#24126)
+* BUGFIXES
+  * Fix auth check bug (#24382) (#24387)
+  * Add tags list for repos whose release setting is disabled (#23465) (#24369)
+  * Fix wrong error info in RepoRefForAPI (#24344) (#24351)
+  * Fix no edit/close/delete button in org repo project view page (#24349)
+  * Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (#24035) (#24333)
+  * Remove org users who belong to no teams (#24247) (#24313)
+  * Fix bug when deleting wiki with no code write permission (#24274) (#24295)
+  * Handle canceled workflow as a warning instead of a fail (#24282) (#24292)
+  * Load reviewer for comments when dismissing a review (#24281) (#24288)
+  * Show commit history for closed/merged PRs (#24238) (#24261)
+  * Fix owner team access mode value in team_unit table (#24224)
+  * Fix issue attachment handling (#24202) (#24221)
+  * Fix incorrect CORS default values (#24206) (#24217)
+  * Fix template error in pull request with deleted head repo (#24192) (#24216)
+  * Don't list root repository on compare page if pulls not allowed (#24183) (#24210)
+  * Fix calReleaseNumCommitsBehind (#24148) (#24197)
+  * Fix Org edit page bugs: renaming detection, maxlength (#24161) (#24171)
+  * Update redis library to support redis v7 (#24114) (#24156)
+  * Use 1.18's aria role for dropdown menus (#24144) (#24155)
+  * Fix 2-dot direct compare to use the right base commit (#24133) (#24150)
+  * Fix incorrect server error content in RunnersList (#24118) (#24121)
+  * Fix mismatch between hook events and github event types (#24048) (#24091)
+* BUILD
+  * Support converting varchar to nvarchar for mssql database (#24105) (#24168)
+
+## [1.19.1](https://github.com/go-gitea/gitea/releases/tag/v1.19.1) - 2023-04-12
+
+* BREAKING
+  * Rename actions unit to `repo.actions` and add docs for it (#23733) (#23881)
+* ENHANCEMENTS
+  * Add card type to org/user level project on creation, edit and view (#24043) (#24066)
+  * Refactor commit status for Actions jobs (#23786) (#24060)
+  * Show errors for KaTeX and mermaid on the preview tab (#24009) (#24019)
+  * Show protected branch rule names again (#23907) (#24018)
+  * Adjust sticky PR header to cover background (#23956) (#23999)
+  * Discolor pull request tab labels (#23950) (#23987)
+  * Treat PRs with agit flow as fork PRs when triggering actions. (#23884) (#23967)
+  * Left-align review comments (#23937)
+  * Fix image border-radius (#23886) (#23930)
+  * Scroll collapsed file into view (#23702) (#23929)
+  * Fix code view (diff) broken layout (#23096) (#23918)
+  * Org pages style fixes (#23901) (#23914)
+  * Fix user profile description rendering (#23882) (#23902)
+  * Fix review box viewport overflow issue (#23800) (#23898)
+  * Prefill input values in OAuth settings as intended (#23829) (#23871)
+  * CSS color tweaks (#23828) (#23842)
+  * Fix incorrect visibility dropdown list in add/edit user page (#23804) (#23833)
+  * Add CSS rules for basic colored labels (#23774) (#23777)
+  * Add creation time in tag list page (#23693) (#23773)
+  * Fix br display for packages curls (#23737) (#23764)
+  * Fix issue due date edit toggle bug (#23723) (#23758)
+  * Improve commit graph page UI alignment (#23751) (#23754)
+  * Use GitHub Actions compatible globbing for `branches`, `tag`, `path` filter (#22804) (#23740)
+  * Redirect to project again after editing it (#23326) (#23739)
+  * Remove row clicking from notification table (#22695) (#23706)
+  * Remove conflicting CSS rules on notifications, improve notifications table (#23565) (#23621)
+  * Fix diff tree height and adjust target file style (#23616)
+* BUGFIXES
+  * Improve error logging for LFS (#24072) (#24082)
+  * Fix custom mailer template on Windows platform (#24081)
+  * Update the value of `diffEnd` when clicking the `Show More` button in the DiffFileTree (#24069) (#24078)
+  * Make label templates have consistent behavior and priority (#23749)
+  * Fix accidental overwriting of LDAP team memberships (#24050) (#24065)
+  * Fix branch protection priority (#24045) (#24061)
+  * Use actions job link as commit status URL instead of run link (#24023) (#24032)
+  * Add actions support to package auth verification (#23729) (#24028)
+  * Fix protected branch for API (#24013) (#24027)
+  * Do not escape space between PyPI repository URL and package name… (#23981) (#24008)
+  * Fix redirect bug when creating issue from a project (#23971) (#23997)
+  * Set `ref` to fully-formed of the tag when trigger event is `release` (#23944) (#23989)
+  * Use Get/Set instead of Rename when regenerating session ID (#23975) (#23983)
+  * Ensure RSS icon is present on all repo tabs (#23904) (#23973)
+  * Remove `Repository.getFilesChanged` to fix Actions `paths` and `paths-ignore` filter (#23920) (#23969)
+  * Delete deleted release attachments immediately from storage (#23913) (#23958)
+  * Use ghost user if package creator does not exist (#23822) (#23915)
+  * User/Org Feed render description as per web (#23887) (#23906)
+  * Fix `cases.Title` crash for concurrency (#23885) (#23903)
+  * Convert .Source.SkipVerify to $cfg.SkipVerify (#23839) (#23899)
+  * Support "." char as user name for User/Orgs in RSS/ATOM/GPG/KEYS path ... (#23874) (#23878)
+  * Fix JS error when changing PR's target branch (#23862) (#23864)
+  * Fix 500 error if there is a name conflict when editing authentication source (#23832) (#23852)
+  * Fix closed PR also triggers Webhooks and actions (#23782) (#23834)
+  * Fix checks for `needs` in Actions (#23789) (#23831)
+  * Fix "Updating branch by merge" bug in "update_branch_by_merge.tmpl" (#23790) (#23825)
+  * Fix cancel button in the page of project edit not work (#23655) (#23813)
+  * Don't apply the group filter when listing LDAP group membership if it is empty (#23745) (#23788)
+  * Fix profile page email display, respect settings (#23747) (#23756)
+  * Fix project card preview select and template select (#23684) (#23731)
+  * Check LFS/Packages settings in dump and doctor command (#23631) (#23730)
+  * Add git dashes separator to some "log" and "diff" commands (#23606) (#23720)
+  * Create commit status when event is `pull_request_sync` (#23683) (#23691)
+  * Fix incorrect `HookEventType` of pull request review comments (#23650) (#23678)
+  * Fix incorrect `show-modal` and `show-panel` class (#23660) (#23663)
+  * Improve workflow event triggers (#23613) (#23648)
+  * Introduce path Clean/Join helper functions, partially backport&refactor (#23495) (#23607)
+  * Fix pagination on `/notifications/watching` (#23564) (#23603)
+  * Fix submodule is nil panic (#23588) (#23601)
+  * Polyfill the window.customElements (#23592) (#23595)
+  * Avoid too long names for actions (#23162) (#23190)
+* TRANSLATION
+  * Backport locales (with manual fixes) (#23808, #23634, #24083)
+* BUILD
+  * Hardcode the path to docker images (#23955) (#23968)
+* DOCS
+  * Update documentation to explain which projects allow Gitea to host static pages (#23993) (#24058)
+  * Merge `push to create`, `open PR from push`, and `push options` docs articles into one (#23744) (#23959)
+  * Fix code blocks in the cheat sheet (#23664) (#23669)
+* MISC
+  * Do not crash when parsing an invalid workflow file (#23972) (#23976)
+  * Remove assertion debug code for show/hide refactoring (#23576) (#23868)
+  * Add ONLY_SHOW_RELEVANT_REPOS back, fix explore page bug, make code more strict (#23766) (#23791)
+  * Make minio package support legacy MD5 checksum (#23768) (#23770)
+  * Improve template error reporting (#23396) (#23600)
+
+## [1.19.0](https://github.com/go-gitea/gitea/releases/tag/v1.19.0) - 2023-03-19
+
+* BREAKING
+  * Add loading yaml label template files (#22976) (#23232)
+  * Make issue and code search support camel case for Bleve (#22829)
+  * Repositories: by default disable all units except code and pulls on forks (#22541)
+  * Support template for merge message description (#22248)
+  * Remove ONLY_SHOW_RELEVANT_REPOS setting (#21962)
+  * Implement actions (#21937)
+  * Remove deprecated DSA host key from Docker Container (#21522)
+  * Improve valid user name check (#20136)
+* SECURITY
+  * Return 404 instead of 403 if user can not access the repo (#23155) (#23158)
+  * Support scoped access tokens (#20908)
+* FEATURES
+  * Add support for commit cross references (#22645)
+  * Scoped labels (#22585)
+  * Add Chef package registry (#22554)
+  * Support asciicast files as new markup (#22448)
+  * cgo cross-compile for freebsd (#22397)
+  * Add cron method to gc LFS MetaObjects (#22385)
+  * Add new captcha: cloudflare turnstile (#22369)
+  * Enable `@<user>`- completion popup on the release description textarea (#22359)
+  * make /{username}.png redirect to user/org avatar (#22356)
+  * Add Conda package registry (#22262)
+  * Support org/user level projects (#22235)
+  * Add Mermaid copy button (#22225)
+  * Add user secrets (#22191)
+  * Secrets storage with SecretKey encrypted (#22142)
+  * Preview images for Issue cards in Project Board view (#22112)
+  * Add support for incoming emails (#22056)
+  * Add Cargo package registry (#21888)
+  * Add option to prohibit fork if user reached maximum limit of repositories (#21848)
+  * Add attention blocks within quote blocks for `Note` and `Warning` (#21711)
+  * Add Feed for Releases and Tags (#21696)
+  * Add package registry cleanup rules (#21658)
+  * Add "Copy" button to file view of raw text (#21629)
+  * Allow disable sitemap (#21617)
+  * Add package registry quota limits (#21584)
+  * Map OIDC groups to Orgs/Teams (#21441)
+  * Keep languages defined in .gitattributes (#21403)
+  * Add Webhook authorization header (#20926)
+  * Supports wildcard protected branch (#20825)
+  * Copy citation file content, in APA and BibTex format, on repo home page (#19999)
+* API
+  * Match api migration behavior to web behavior (#23552) (#23573)
+  * Purge API comment (#23451) (#23452)
+  * User creation API: allow custom "created" timestamps (#22549)
+  * Add `updated_at` field to PullReview API object (#21812)
+  * Add API management for issue/pull and comment attachments (#21783)
+  * Add API endpoint to get latest release (#21267)
+  * Support system hook API (#14537)
+* ENHANCEMENTS
+  * Add `.patch` to `attachment.ALLOWED_TYPES` (#23580) (#23582)
+  * Fix sticky header in diff view (#23554) (#23568)
+  * Refactor merge/update git command calls (#23366) (#23544)
+  * Fix review comment context menu clipped bug (#23523) (#23543)
+  * Imrove scroll behavior to hash issuecomment(scroll position, auto expand if file is folded, and on refreshing) (#23513) (#23540)
+  * Increase horizontal page padding (#23507) (#23537)
+  * Use octicon-verified for gpg signatures (#23529) (#23536)
+  * Make time tooltips interactive (#23526) (#23527)
+  * Replace Less with CSS (#23508)
+  * Fix 'View File' button in code search (#23478) (#23483)
+  * Convert GitHub event on actions and fix some pull_request events. (#23037) (#23471)
+  * Support reflogs (#22451) (#23438)
+  * Fix actions frontend bugs (pagination, long name alignment) and small simplify (#23370) (#23436)
+  * Scoped label display and documentation tweaks (#23430) (#23433)
+  * Add missing tabs to org projects page (#22705) (#23412)
+  * Fix and move "Use this template" button (#23398) (#23408)
+  * Handle OpenID discovery URL errors a little nicer when creating/editing sources (#23397) (#23403)
+  * Rename `canWriteUnit` to `canWriteProjects` (#23386) (#23399)
+  * Refactor and tidy-up the merge/update branch code (#22568) (#23365)
+  * Refactor `setting.Database.UseXXX` to methods (#23354) (#23356)
+  * Fix incorrect project links and use symlink icon for org-wide projects (#23325) (#23336)
+  * Fix PR view misalignment caused by long name file (#23321) (#23335)
+  * Scoped labels: don't require holding alt key to remove (#23303) (#23331)
+  * Add context when rendering labels or emojis (#23281) (#23319)
+  * Change interactiveBorder to fix popup preview  (#23169) (#23314)
+  * Scoped labels: set aria-disabled on muted Exclusive option for a11y (#23306) (#23311)
+  * update to mermaid v10 (#23178) (#23299)
+  * Fix code wrap for unbroken lines (#23268) (#23293)
+  * Use async await to fix empty quote reply at first time (#23168) (#23256)
+  * Fix switched citation format (#23250) (#23253)
+  * Allow `<video>` in MarkDown (#22892) (#23236)
+  * Order pull request conflict checking by recently updated, for each push (#23220) (#23225)
+  * Fix Fomantic UI's `touchstart` fastclick, always use `click` for click events (#23065) (#23195)
+  * Add word-break to sidebar-item-link (#23146) (#23180)
+  * Add InsecureSkipVerify to Minio Client for Storage (#23166) (#23177)
+  * Fix height for sticky head on large screen on PR page (#23111) (#23123)
+  * Change style to improve whitespaces trimming inside inline markdown code (#23093) (#23120)
+  * Avoid warning for system setting when start up (#23054) (#23116)
+  * Add accessibility to the menu on the navbar (#23059) (#23095)
+  * Improve accessibility for issue comments (#22612) (#23083)
+  * Remove delete button for review comment (#23036)
+  * Remove dashes between organization member avatars on hover (#23034)
+  * Use `gt-relative` class instead of the ambiguous `gt-pr` class  (#23008)
+  * handle deprecated settings (#22992)
+  * Add scopes to API to create token and display them (#22989)
+  * Improve PR Review Box UI (#22986)
+  * Improve issues.LoadProject (#22982)
+  * Add all units to the units permission list in org team members sidebar (#22971)
+  * Rename `GetUnits` to `LoadUnits` (#22970)
+  * Rename `repo.GetOwner` to `repo.LoadOwner` (#22967)
+  * Rename "People" to "Members" in organization page and use a better icon (#22960)
+  * Fix avatar misalignment (#22955)
+  * Sort issues and pulls by recently updated in user and organization home (#22925)
+  * Add `title` to PR file tree items (#22918)
+  * First step to refactor the `.hide` to `.gt-hidden` (#22916)
+  * Add tooltip to issue reference (#22913)
+  * Always show the `command line instructions` button even if there are conflicts (#22909)
+  * Fix dark-colored description text in arc-green theme (#22908)
+  * Remove Fomantic-UI's `.hidden` CSS class for menu elements (#22895)
+  * Move helpers to be prefixed with `gt-` (#22879)
+  * Move `IsReadmeFile*` from `modules/markup/` to `modules/util` (#22877)
+  * Highlight focused diff file (#22870)
+  * Add some headings to repo views (#22869)
+  * Fix milestone title font problem (#22863)
+  * Pull Requests: setting to allow edits by maintainers by default, tweak UI (#22862)
+  * Introduce customized HTML elements, fix incorrect AppUrl usages in templates (#22861)
+  * Add `/$count` endpoints for NuGet v2 (#22855)
+  * Remove Fomantic-UI's `.hidden` CSS class for checkbox elements (#22851)
+  * Fix notification and stopwatch empty states (#22845)
+  * Always go full width in PR view (#22844)
+  * Improve AppUrl/ROOT_URL checking (#22836)
+  * Fix style of actions rerun button (#22835)
+  * Fix more HTMLURL in templates (#22831)
+  * Fix inconsistent Filter Project name in issue list (#22827)
+  * include build info in Prometheus metrics (#22819)
+  * Make clone URL use current page's host (#22808)
+  * Refactor legacy strange git operations (#22756)
+  * Improve error report when user passes a private key (#22726)
+  * set user dashboard org visibility to basic (#22706)
+  * Fix diff UI for unexpandable items (#22700)
+  * Remove 'primary' class from tab counter labels (#22687)
+  * Add more events details supports for actions (#22680)
+  * Refactor git command package to improve security and maintainability (#22678)
+  * Use relative url in actions view (#22675)
+  * set user visibility class to basic (#22674)
+  * Add repository setting to enable/disable releases unit (#22671)
+  * Remove label color from global issue filters (#22660)
+  * Fix poor alignment of organization description on organization home page (#22656)
+  * Small refactor for loading PRs (#22652)
+  * Allow setting access token scope by CLI (#22648)
+  * Improve accessibility of navigation bar and footer (#22635)
+  * Fixes accessibility behavior of Watching, Staring and Fork buttons (#22634)
+  * Fixes accessibility of empty repository commit status (#22632)
+  * Pull request yaml template support for including commit body in a field (#22629)
+  * Show migration validation error (#22619)
+  * set org visibility class to basic in header (#22605)
+  * Fix cache-control header clearing comment text when editing issue (#22604)
+  * Add ARIA support for Fomantic UI checkboxes (#22599)
+  * Add templates to customize text when creating and migrating repositories (#22597)
+  * Allow setting `redirect_to` cookie on OAuth login (#22594)
+  * Improve checkbox accessibility a bit by adding the title attribute (#22593)
+  * Allow issue templates to not render title (#22589)
+  * Webhooks: for issue close/reopen action, add commit ID that caused it (#22583)
+  * Fix missing title and filter in issue sidebar project menu (#22557)
+  * Issues: support setting issue template field values with query (#22545)
+  * Issues: add Project filter to issues list and search (#22544)
+  * Pull Requests: add color to approved/reject icon in pull requests list (#22543)
+  * Mute all links in issue timeline (#22533)
+  * Dropzone: Add "Copy link" button for new uploads (#22517)
+  * Support importing comment types (#22510)
+  * Load asciicast css async (#22502)
+  * Move delete user to service (#22478)
+  * Change use of Walk to WalkDir to improve disk performance (#22462)
+  * Add reply hint to mail text (#22459)
+  * fix wrong theme class when logged out if default theme is changed (#22408)
+  * Refactor the setting to make unit test easier (#22405)
+  * Improve utils of slices (#22379)
+  * Use context parameter in models/git (#22367)
+  * Always reuse transaction (#22362)
+  * Fix unstable emoji sort (#22346)
+  * Add context cache as a request level cache (#22294)
+  * Reminder for no more logs to console (#22282)
+  * Support estimated count with multiple schemas (#22276)
+  * Move `convert` package to services (#22264)
+  * Use dynamic package type list (#22263)
+  * Hide file borders on sticky diff box (#22217)
+  * Improve notification and stopwatch styles (#22169)
+  * Fixed Project view .board-column height for tall screens. (#22108)
+  * Use multi reader instead to concat strings (#22099)
+  * Use git command instead of exec.Cmd in blame (#22098)
+  * Fix autofilled text visibility in dark mode (#22088)
+  * Rename almost all Ctx functions (#22071)
+  * Rename actions to operations on UI (#22067)
+  * refactor bind functions based on generics (#22055)
+  * Support disabling database auto migration (#22053)
+  * remove duplicated read file code (#22042)
+  * Use link in UI which returned a relative url but not html_url which contains an absolute url (#21986)
+  * Skip initing disabled storages (#21985)
+  * Add doctor command for full GC of LFS (#21978)
+  * Util type to parse ref name (#21969)
+  * Replace fmt.Sprintf with hex.EncodeToString (#21960)
+  * Use random bytes to generate access token (#21959)
+  * Add index for access_token (#21908)
+  * Move all remaining colors into CSS variables (#21903)
+  * Webhook list enhancements (#21893)
+  * Embed Matrix icon as SVG (#21890)
+  * Remove useless "Cancel" buttons (#21872)
+  * fix(web): keep the pages of the navigation in the center (#21867)
+  * fix(web): reduce page jitter on browsers that support overlay scrollbar (#21850)
+  * Improvements for Content Copy (#21842)
+  * Tweak katex options (#21828)
+  * Show syntax lexer name in file view/blame (#21814)
+  * Remove `href="javascript:;"` in "save topics (Done)" button (#21813)
+  * Render number of commits in repo page in a user friendly way (#21786)
+  * Adjust clone timeout error to suggest increasing timeout (#21769)
+  * Update message of reach_limit_of_creation (#21757)
+  * Allow detect whether it's in a database transaction for a context.Context (#21756)
+  * Add configuration for CORS allowed headers (#21747)
+  * Move svg html render to modules/svg (#21716)
+  * Release and Tag List tweaks (#21712)
+  * Remove template previewer (#21701)
+  * Clean up formatting on install page (#21668)
+  * Configure update checker on installation page (#21655)
+  * Merge db.Iterate and IterateObjects (#21641)
+  * Add option to enable CAPTCHA validation for login (#21638)
+  * Allow disable RSS/Atom feed (#21622)
+  * Use CSS color-scheme instead of invert (#21616)
+  * Localize time units on activity heatmap (#21570)
+  * Fix UI column width, button overflow Fomantic's grid (#21559)
+  * feat: notify doers of a merge when automerging (#21553)
+  * Split migrations folder (#21549)
+  * feat: add button to quickly clear merge message (#21548)
+  * Add `context.Context` to more methods (#21546)
+  * Add index for hook_task table (#21545)
+  * Allow disable code tab (#20805)
+* BUGFIXES
+  * Fix template error when reference Project (#23584)
+  * Fix dropdown icon misalignment when using fomantic icon (#23558) (#23577)
+  * Fix diff detail buttons wrapping, use tippy for review box (#23271) (#23546)
+  * Handle missing `README` in create repos API (#23387) (#23510)
+  * Disable sending email after push a commit to a closed PR (#23462) (#23492)
+  * Fix aria.js bugs: incorrect role element problem, mobile focus problem, tippy problem (#23450) (#23486)
+  * Fix due date being wrong on issue list (#23475) (#23477)
+  * Remove wrongly added column on migration test fixtures (#23456) (#23470)
+  * Make branches list page operations remember current page (#23420) (#23460)
+  * Fix missing commit status in PR which from forked repo (#23351) (#23453)
+  * Show edit/close/delete button on organization wide repositories (#23388) (#23429)
+  * Preserve file size when creating attachments (#23406) (#23426)
+  * Fix broken Chroma CSS styles (#23174) (#23402)
+  * Fix incorrect NotFound conditions in org/projects.go (#23384) (#23395)
+  * Set `X-Gitea-Debug` header once (#23361) (#23381)
+  * Pass context to avatar for projects view (#23359) (#23378)
+  * Fix panic when getting notes by ref (#23372) (#23377)
+  * Do not recognize text files as audio (#23355) (#23368)
+  * Fix adding of empty class name (#23352) (#23360)
+  * Fix various ImageDiff/SVG bugs (#23312) (#23358)
+  * Fix incorrect display for comment context menu (#23343) (#23344)
+  * Remove unnecessary space on link (#23334) (#23340)
+  * Fix incorrect redirect link of delete org project (#23327) (#23339)
+  * Fix cannot reopen after pushing commits to a closed PR (#23189) (#23324)
+  * Fix broken code editor diff preview (#23307) (#23320)
+  * Support sanitising the URL by removing extra slashes in the URL (#21333) (#23300)
+  * Avoid panic caused by broken payload when creating commit status (#23216) (#23294)
+  * Fill head commit to in payload when notifying push commits for mirroring (#23215) (#23292)
+  * Fix various bugs for "install" page (#23194) (#23286)
+  * Fix GetFilesChangedBetween if the file name may be escaped (#23272) (#23279)
+  * Revert relative links to absolute links in mail templates (#23267) (#23269)
+  * Fix commit retrieval by tag (#21804) (#23266)
+  * Use correct README link to render the README (#23152) (#23264)
+  * Close the temp file when dumping database to make the temp file can be deleted on Windows (#23249) (#23251)
+  * Use the correct selector to hide the checkmark of selected labels on clear (#23224) (#23228)
+  * Fix incorrect checkbox behaviors in the dashboard repolist's filter (#23147) (#23205)
+  * Properly flush unique queues on startup (#23154) (#23201)
+  * Pass `--global` when calling `git config --get`, for consistency with `git config --set` (#23157) (#23199)
+  * Make `gitea serv` respect git binary home (#23138) (#23197)
+  * Change button text for commenting and closing an issue at the same time (#23135) (#23182)
+  * Fix DBConsistency checks on MSSQL (#23132) (#23134)
+  * Show empty repos in Admin Repository Management page (#23114) (#23130)
+  * Redirect to the commit page after applying patch (#23056) (#23127)
+  * Fix nil context in RenderMarkdownToHtml (#23092) (#23108)
+  * Make issue meta dropdown support Enter, confirm before reloading (#23014) (#23102)
+  * Fix SyncOnCommit always return false in API of push_mirrors (#23088) (#23100)
+  * Fix commit name in Apply Patch page (#23086) (#23099)
+  * Fix some more hidden problems (#23074) (#23075)
+  * Bump golang.org/x/net from 0.4.0 to 0.7.0 (#22980)
+  * Get rules by id when editing branch protection rule (#22932)
+  * Fix panic when call api (/repos/{owner}/{repo}/pulls/{index}/files) (#22921)
+  * Increase Content field size of gpg_import_key to MEDIUMTEXT (#22897)
+  * Fix hidden commit status on multiple checks (#22889)
+  * Fix update by rebase being wrongly disabled by protected base branch (#22825)
+  * Make issue title edit buttons focusable and fix incorrect ajax requests (#22807)
+  * Fix rerun button of Actions (#22798)
+  * remove update language in ProfilePost (#22748)
+  * Do not overwrite empty DefaultBranch (#22708)
+  * Fix ref to trigger Actions (#22679)
+  * Fix time to NotifyPullRequestSynchronized (#22650)
+  * Show all projects, not just repo projects and open/closed projects  (#22640)
+  * Project links should use parent link methods (#22587)
+  * Fix group filter for ldap source sync (#22506)
+  * Check quota limits for container uploads (#22450)
+  * Fix halfCommitter and WithTx (#22366)
+  * Attempt to fix TestExportUserGPGKeys (#22159)
+  * Fix heatmap first color being unused (#22157)
+  * Fix scroll over mermaid frame (#21925)
+  * Move migration test fixtures to the correct directories (#21901)
+  * fix(web): add `alt` for logo in home page (#21887)
+  * Fix webhook attachment text is not set in review comment (#21763)
+  * Alter package_version.metadata_json to LONGTEXT (#21667)
+  * Ensure that Webhook tasks are not double delivered (#21558)
+* TESTING
+  * Make CI use a dummy password hasher for all tests (#22983)
+  * Disable test for incoming email (#22686)
+  * Move fuzz tests into tests/fuzz (#22376)
+  * Test views of LFS files (#22196)
+  * Specify ID in `TestAPITeam` (#22192)
+  * verify nodeinfo response by schema  (#22137)
+  * Skip GitHub migration tests if the API token is undefined (#21824)
+  * Add a simple test for external renderer (#20033)
+* TRANSLATION
+  * Use "Title Case" for text "Reference in new issue" (#22936)
+* BUILD
+  * Wrap unless-check in docker manifests (#23079) (#23081)
+  * Adjust manifest to prevent tagging latest on rcs (#22811)
+  * update to build with go1.20 (#22732)
+  * Add Bash and Zsh completion scripts (#22646)
+  * Add Contributed backport command (#22643)
+  * Remove deprecated packages & staticcheck fixes (#22012)
+  * Update to Alpine 3.17 (#21904)
+  * Fix webpack license warning (#21815)
+* DOCS
+  * Update documentation for the new YAML label file format  (#23020) (#23341)
+  * Update hacking-on-gitea-zh_cn documentation (#23315) (#23323)
+  * Add basic documentation for labels, including scoped labels (#23304) (#23309)
+  * Re-add accidentally removed `hacking-on-gitea.zh-cn.md` (#23297) (#23305)
+  * Fix secrets overview page missing from docs sidebar (#23143) (#23145)
+  * Add some guidelines for refactoring (#22880)
+  * Explain that the no-access team unit does not affect public repositories (#22661)
+  * Fix incorrect Redis URL snippets in the example app.ini (#22573)
+  * docs: add swagger.json file location to FAQ (#22489)
+  * Update index.de-de.md (#22363)
+  * Update Gmail mailer configuration (#22291)
+  * Add missed reverse proxy authentication documentation (#22250)
+  * Add plural definitions for German translations (#21802)
+  * Attempt clarify AppWorkPath etc. (#21656)
+  * Add some documentation to packages (#21648)
+* MISC
+  * Use `<nav>` instead of `<div>` in the global navbar (#23125) (#23533)
+  * Do not create commit graph for temporary repos (#23219) (#23229)
+  * Update button is shown when a Pull Request is marked WIP - Issue #21740 (#22683)
+  * Add main landmark to templates and adjust titles (#22670)
+  * Fix error on account activation with wrong passwd (#22609)
+  * Update JS dependencies (#22538)
+  * Display unreferenced packages total size in package admin panel (#22498)
+  * Mobile fix for Project view: Add delay to Sortable.js on mobile, to ensure scrolling is possible. (#22152)
+  * Update chroma to v2.4.0 (#22000)
+  * Hide collapse icon in diff with no lines (#21094)
+
 ## [1.18.5](https://github.com/go-gitea/gitea/releases/tag/v1.18.5) - 2023-02-21

 * ENHANCEMENTS
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,443 +1,23 @@
-# Contribution Guidelines
+# Forgejo Contributor Guide

-## Table of Contents
+The Forgejo project is run by a community of people who are expected to follow this guide when cooperating on a simple bug fix as well as when changing the governance. For more information about the project, take a look at [the documentation explaining what Forgejo provides](README.md).

- [Contribution Guidelines](#contribution-guidelines)
-  - [Table of Contents](#table-of-contents)
-  - [Introduction](#introduction)
-  - [Bug reports](#bug-reports)
-  - [Discuss your design](#discuss-your-design)
-  - [Testing redux](#testing-redux)
-  - [Vendoring](#vendoring)
-  - [Translation](#translation)
-  - [Building Gitea](#building-gitea)
-  - [Code review](#code-review)
-  - [Styleguide](#styleguide)
-  - [Design guideline](#design-guideline)
-  - [API v1](#api-v1)
-  - [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco)
-  - [Release Cycle](#release-cycle)
-  - [Maintainers](#maintainers)
-  - [Owners](#owners)
-  - [Versions](#versions)
-  - [Releasing Gitea](#releasing-gitea)
-  - [Copyright](#copyright)
+Sensitive security-related issues should be reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).

-## Introduction
+## For everyone involved

-This document explains how to contribute changes to the Gitea project.
-It assumes you have followed the
-[installation instructions](https://docs.gitea.io/en-us/).
-Sensitive security-related issues should be reported to
-[security@gitea.io](mailto:security@gitea.io).
+- [Code of Conduct](CONTRIBUTING/COC.md)
+- [Bugs, features, security and others discussions](CONTRIBUTING/DISCUSSIONS.md)
+- [Governance](CONTRIBUTING/GOVERNANCE.md)
+- [Sustainability and funding](https://codeberg.org/forgejo/sustainability/src/branch/master/README.md)

-For configuring IDE or code editor to develop Gitea see [IDE and code editor configuration](contrib/ide/)
+## For contributors

-## Bug reports
+- [Developer Certificate of Origin (DCO)](CONTRIBUTING/DCO.md)
+- [Development workflow](CONTRIBUTING/WORKFLOW.md)

-Please search the issues on the issue tracker with a variety of keywords
-to ensure your bug is not already reported.
+## For maintainers

-If unique, [open an issue](https://github.com/go-gitea/gitea/issues/new)
-and answer the questions so we can understand and reproduce the
-problematic behavior.
+- [Release management](CONTRIBUTING/RELEASE.md)
+- [Secrets](CONTRIBUTING/SECRETS.md)

-To show us that the issue you are having is in Gitea itself, please
-write clear, concise instructions so we can reproduce the behavior—
-even if it seems obvious. The more detailed and specific you are,
-the faster we can fix the issue. Check out [How to Report Bugs
-Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).
-
-Please be kind, remember that Gitea comes at no cost to you, and you're
-getting free help.
-
-## Discuss your design
-
-The project welcomes submissions. If you want to change or add something,
-please let everyone know what you're working on—[file an issue](https://github.com/go-gitea/gitea/issues/new)!
-Significant changes must go through the change proposal process
-before they can be accepted. To create a proposal, file an issue with
-your proposed changes documented, and make sure to note in the title
-of the issue that it is a proposal.
-
-This process gives everyone a chance to validate the design, helps
-prevent duplication of effort, and ensures that the idea fits inside
-the goals for the project and tools. It also checks that the design is
-sound before code is written; the code review tool is not the place for
-high-level discussions.
-
-## Testing redux
-
-Before submitting a pull request, run all the tests for the whole tree
-to make sure your changes don't cause regression elsewhere.
-
-Here's how to run the test suite:
-
- code lint
-
-|                       |                                                                   |
-| :-------------------- | :---------------------------------------------------------------- |
-|``make lint``          | lint everything (not suggest if you only change one type code)    |
-|``make lint-frontend`` | lint frontend files  |
-|``make lint-backend``  | lint backend files   |
-
- run test code (Suggest run in Linux)
-
-|                                        |                                                  |
-| :------------------------------------- | :----------------------------------------------- |
-|``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](tests/integration) test for SQLite |
-|[More details about integration tests](tests/integration/README.md)  |
-|``make test-e2e-sqlite[\#TestSpecificFileName]``|  run [end-to-end](tests/e2e) test for SQLite |
-|[More details about e2e tests](tests/e2e/README.md)  |
-
-## Vendoring
-
-We manage dependencies via [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance), more details: [go mod](https://go.dev/ref/mod).
-
-Pull requests should only include `go.mod`, `go.sum` updates if they are part of
-the same change, be it a bugfix or a feature addition.
-
-The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
-and must be verified by the reviewers and/or merger to always reference
-an existing upstream commit.
-
-You can find more information on how to get started with it on the [Modules Wiki](https://github.com/golang/go/wiki/Modules).
-
-## Translation
-
-We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
-The only translation that is maintained in this Git repository is
-[`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
-and is synced regularly to Crowdin. Once a translation has reached
-A SATISFACTORY PERCENTAGE it will be synced back into this repo and
-included in the next released version.
-
-## Building Gitea
-
-See the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/).
-
-## Code review
-
-Changes to Gitea must be reviewed before they are accepted—no matter who
-makes the change, even if they are an owner or a maintainer. We use GitHub's
-pull request workflow to do that. And, we also use [LGTM](http://lgtm.co)
-to ensure every PR is reviewed by at least 2 maintainers.
-
-Please try to make your pull request easy to review for us. And, please read
-the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob/261cb0fd089b64002c91e8eddceebf032462ccd6/contributors/guide/pull-requests.md#best-practices-for-faster-reviews)* guide;
-it has lots of useful tips for any project you may want to contribute.
-Some of the key points:
-
- Make small pull requests. The smaller, the faster to review and the
-  more likely it will be merged soon.
- Don't make changes unrelated to your PR. Maybe there are typos on
-  some comments, maybe refactoring would be welcome on a function... but
-  if that is not related to your PR, please make *another* PR for that.
- Split big pull requests into multiple small ones. An incremental change
-  will be faster to review than a huge PR.
- Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
-
-If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
-
-```
-## :warning: BREAKING :warning:
-```
-
-To explain how this could affect users and how to mitigate these changes.
-
-Once code review starts on your PR, do not rebase nor squash your branch as it makes it
-difficult to review the new changes. Only if there is a need, sync your branch by merging
-the base branch into yours. Don't worry about merge commits messing up your tree as
-the final merge process squashes all commits into one, with the visible commit message (first
-line) being the PR title + PR index and description being the PR's first comment.
-
-Once your PR gets the `lgtm/done` label, don't worry about keeping it up-to-date or breaking
-builds (unless there's a merge conflict or a request is made by a maintainer to make
-modifications). It is the maintainer team's responsibility from this point to get it merged.
-
-## Styleguide
-
-For imports you should use the following format (*without* the comments)
-
-```go
-import (
-  // stdlib
-  "fmt"
-  "math"
-
-  // local packages
-  "code.gitea.io/gitea/models"
-  "code.gitea.io/sdk/gitea"
-
-  // external packages
-  "github.com/foo/bar"
-  "gopkg.io/baz.v1"
-)
-```
-
-## Design guideline
-
-To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
-
- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
- **models/fixtures:** Sample model data used in integration tests.
- **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
- **modules:** Different modules to handle specific functionality in Gitea. Shall only depend on other modules but not other packages (models, services).
- **public:** Frontend files (javascript, images, css, etc.)
- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers.
- **services:** Support functions for common routing operations. Uses models and modules to handle the request.
- **templates:** Golang templates for generating the html output.
- **tests/e2e:** End to end tests
- **tests/integration:** Integration tests
- **tests/gitea-repositories-meta:** Sample repos used in integration tests. Adding a new repo requires editing `models/fixtures/repositories.yml` and `models/fixtures/repo_unit.yml` to match.
- **tests/gitea-lfs-meta:** Sample LFS objects used in integration tests. Adding a new object requires editing `models/fixtures/lfs_meta_object.yml` to match.
- **vendor:** External code that Gitea depends on.
-
-## Documentation
-
-If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated.
-
-## API v1
-
-The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
-
-Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.
-
-If Gitea provides functionality that GitHub does not, a new endpoint can be created.
-
-If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.
-
-Updating an existing API should not remove existing fields unless there is a really good reason to do so.
-
-The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
-
-All expected results (errors, success, fail messages) should be documented
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)).
-
-All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
-and referenced in
-[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).
-
-They can then be used like the following:
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
-
-All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
-and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))
-
-They can be used like the following:
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
-
-In general, HTTP methods are chosen as follows:
-
- **GET** endpoints return requested object and status **OK (200)**
- **DELETE** endpoints return status **No Content (204)**
- **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
- **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
- **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
-
-An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
-
-### Endpoints returning lists should
-
- support pagination (`page` & `limit` options in query)
- set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
-
-## Backports and Frontports
-
-Occasionally backports of PRs are required.
-
-The backported PR title should be:
-
-```
-Title of backported PR (#ORIGINAL_PR_NUMBER)
-```
-
-The first two lines of the summary of the backporting PR should be:
-
-```
-Backport #ORIGINAL_PR_NUMBER
-
-```
-
-with the rest of the summary matching the original PR. Similarly for frontports
-
---
-
-A command to help create backports can be found in `contrib/backport` and can be installed (from inside the gitea repo root directory) using:
-
-```bash
-go install contrib/backport/backport.go
-```
-
-## Developer Certificate of Origin (DCO)
-
-We consider the act of contributing to the code by submitting a Pull
-Request as the "Sign off" or agreement to the certifications and terms
-of the [DCO](DCO) and [MIT license](LICENSE). No further action is required.
-Additionally you could add a line at the end of your commit message.
-
-```
-Signed-off-by: Joe Smith <joe.smith@email.com>
-```
-
-If you set your `user.name` and `user.email` Git configs, you can add the
-line to the end of your commit automatically with `git commit -s`.
-
-We assume in good faith that the information you provide is legally binding.
-
-## Release Cycle
-
-We adopted a release schedule to streamline the process of working
-on, finishing, and issuing releases. The overall goal is to make a
-minor release every three or four months, which breaks down into two or three months of
-general development followed by one month of testing and polishing
-known as the release freeze. All the feature pull requests should be
-merged before feature freeze. And, during the frozen period, a corresponding
-release branch is open for fixes backported from main branch. Release candidates
-are made during this period for user testing to
-obtain a final version that is maintained in this branch.
-
-Major release cycles are seasonal. They always begin on the 25th and end on
-the 24th (i.e., the 25th of December to March 24th).
-
-During a development cycle, we may also publish any necessary minor releases
-for the previous version. For example, if the latest, published release is
-v1.2, then minor changes for the previous release—e.g., v1.1.0 -> v1.1.1—are
-still possible.
-
-The previous release gets fixes for:
-
- Security issues
- Critical bugs
- Regressions
- Build issues
- Necessary enhancements (including necessary UI/UX fixes)
-
-The backported fixes should avoid breaking downgrade between minor releases as much as possible.
-
-## Maintainers
-
-To make sure every PR is checked, we have [team
-maintainers](MAINTAINERS). Every PR **MUST** be reviewed by at least
-two maintainers (or owners) before it can get merged. A maintainer
-should be a contributor of Gitea (or Gogs) and contributed at least
-4 accepted PRs. A contributor should apply as a maintainer in the
-[Discord](https://discord.gg/NsatcWJ) #develop channel. The owners
-or the team maintainers may invite the contributor. A maintainer
-should spend some time on code reviews. If a maintainer has no
-time to do that, they should apply to leave the maintainers team
-and we will give them the honor of being a member of the [advisors
-team](https://github.com/orgs/go-gitea/teams/advisors). Of course, if
-an advisor has time to code review, we will gladly welcome them back
-to the maintainers team. If a maintainer is inactive for more than 3
-months and forgets to leave the maintainers team, the owners may move
-him or her from the maintainers team to the advisors team.
-For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide GPG signed commits.
-https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
-https://help.github.com/articles/signing-commits-with-gpg/
-
-## Owners
-
-Since Gitea is a pure community organization without any company support,
-to keep the development healthy we will elect three owners every year. All
-contributors may vote to elect up to three candidates, one of which will
-be the main owner, and the other two the assistant owners. When the new
-owners have been elected, the old owners will give up ownership to the
-newly elected owners. If an owner is unable to do so, the other owners
-will assist in ceding ownership to the newly elected owners.
-For security reasons, Owners or any account with write access (like a bot)
-must use 2FA.
-https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
-
-After the election, the new owners should proactively agree
-with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the
-[Discord](https://discord.gg/NsatcWJ) #general channel. Below are the
-words to speak:
-
-```
-I'm honored to having been elected an owner of Gitea, I agree with
-[CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea
-and lead the development of Gitea.
-```
-
-To honor the past owners, here's the history of the owners and the time
-they served:
-
- 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
-
- 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-
- 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-
- 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
-
- 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
-
- 2016-11-04 ~ 2017-12-31
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
-
-## Versions
-
-Gitea has the `main` branch as a tip branch and has version branches
-such as `release/v0.9`. `release/v0.9` is a release branch and we will
-tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
-pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
-after bringing the bug fix also to the main branch.
-
-Since the `main` branch is a tip version, if you wish to use Gitea
-in production, please download the latest release tag version. All the
-branches will be protected via GitHub, all the PRs to every branch must
-be reviewed by two maintainers and must pass the automatic tests.
-
-## Releasing Gitea
-
- Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
- If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
-  - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
-  - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
- If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
- Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
- And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
- If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
- Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
- Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
-  - bump the version of https://dl.gitea.io/gitea/version.json
-  - merge the blog post PR
-  - announce the release in discord `#announcements`
-
-## Copyright
-
-Code that you contribute should use the standard copyright header:
-
-```
-// Copyright <year> The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-```
-
-Files in the repository contain copyright from the year they are added
-to the year they are last changed. If the copyright author is changed,
-just paste the header below the old one.
--- a/CONTRIBUTING/COC.md
+++ b/CONTRIBUTING/COC.md
@ -0,0 +1,30 @@
+# Code of Conduct, Well Being and Moderation teams
+
+Forgejo strives to be an inclusive project where everyone can participate in a safe environment. The **Well Being** team is doing its best to defuse tensions before they escalate and is available to answer all requests sent its way. When diplomacy fails, the **Moderation** team will be forced to act to put a stop to actions that are contrary to the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+
+## Well Being and Moderation teams
+
+Temporary Well Being and Moderation teams [were appointed 10 November 2022](https://codeberg.org/forgejo/meta/issues/13).
+
+The moderation team will rely on this [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
+
+### Well Being
+
+Their goal is to defuse tensions.
+
+It has no power whatsover. The members are approved by the organization and trusted to:
+
+- Read all communications to detect tensions between people before they escalate.
+- Do their best to defuse tensions.
+
+* https://codeberg.org/Gusted
+
+### Moderation
+
+Their goal is to enforce the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
+
+It has the power to exclude people from a space.
+
+Their decisions must be logical, fact based and transparent to the Forgejo community who trust them with this responsibility.
+
+* https://codeberg.org/circlebuilder
--- a/CONTRIBUTING/DCO.md
+++ b/CONTRIBUTING/DCO.md
@ -0,0 +1,29 @@
+# Developer Certificate of Origin (DCO)
+
+Contributions to Forgejo, in all the repositories in the [Forgejo organization](https://codeberg.org/forgejo) are accepted provided the author agrees to the following Developer Certificate of Origin (DCO).
+
+```
+By making a contribution to Forgejo, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the Free Software license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate Free Software
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same Free Software license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the Free Software license(s) involved.
+```
--- a/CONTRIBUTING/DISCUSSIONS.md
+++ b/CONTRIBUTING/DISCUSSIONS.md
@ -0,0 +1,18 @@
+# Bugs, features and discussions
+
+The [Forgejo issue tracker](https://codeberg.org/forgejo/forgejo/issues) is where **bugs** should be reported and **features** requested.
+
+Dedicated repositories in the [Forgejo organization](https://codeberg.org/forgejo) cover areas such as:
+- the [website](https://codeberg.org/forgejo/website)
+- the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct)
+- the [sustainability and funding](https://codeberg.org/forgejo/sustainability).
+
+Other discussions regarding all **non technical aspects** of Forgejo, such as the governance, happen in the [meta issue tracker](https://codeberg.org/forgejo/meta/issues) and in the [matrix chatroom](https://matrix.to/#/#forgejo-chat:matrix.org).
+
+# Security
+
+The [security team](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md#security) takes care of security vulnerabilities. It handles sensitive security-related issues reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).
+
+The security team also keeps the content of the [security.txt](https://codeberg.org/forgejo/website/src/branch/main/public/.well-known/security.txt) file up to date.
+
+The private GPG key for `security@forgejo.org` is shared among all members of the security team and not stored online.
--- a/CONTRIBUTING/GOVERNANCE.md
+++ b/CONTRIBUTING/GOVERNANCE.md
@ -0,0 +1,19 @@
+# Governance
+
+## Codeberg e.V. custodian of the domains
+
+The Forgejo [domains](https://codeberg.org/forgejo/meta/issues/41) are owned by the democratic non-profit dedicated to Free Software [Codeberg e.V.](https://codeberg.org/Codeberg/org/src/branch/main/en/bylaws.md). Forgejo is therefore ultimately under the control of Codeberg e.V. and its governance. However, although Codeberg e.V. is committed to use and host Forgejo, it is expected that Forgejo defines its own governance, in a way that is compatible with the Codeberg e.V. governance.
+
+## Forgejo Governance
+
+See our [decision-making system](https://codeberg.org/forgejo/meta/src/branch/readme/DECISION-MAKING.md) (contains team agreements and guidelines).
+
+Forgejo was bootstraped in November 2022 and is in the process of [defining its governance](https://codeberg.org/forgejo/meta/issues/19). The [first meeting happened November 24th](https://codeberg.org/forgejo/meta/issues/19#issuecomment-694460) and everyone is welcome to participate.
+
+## Interim Forgejo Governance
+
+While the governance is being defined, there was a need to establish an interim Forgejo governance for safeguarding credentials, enforcing the Code of Conduct and ensuring security vulnerabilities are handled responsibly for the Forgejo releases.
+
+All people with a role in the interim Forgejo governance pledge to resign as soon as the Forgejo governance is in place.
+
+The people and teams that are part of the interim governance are [listed publicly](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md).
--- a/CONTRIBUTING/RELEASE.md
+++ b/CONTRIBUTING/RELEASE.md
@ -0,0 +1,158 @@
+# Release management
+
+## Release numbering
+
+The Forgejo release numbers are composed of the Gitea release number followed by a dash and a serial number. For instance:
+
+* Gitea **v1.18.0** will be Forgejo **v1.18.0-0**, **v1.18.0-1**, etc
+
+The Gitea release candidates are suffixed with **-rcN** which is handled as a special case for packaging: although **X.Y.Z** is lexicographically lower than **X.Y.Z-rc1** is is considered greater. The Forgejo serial number must therefore be inserted before the **-rcN** suffix to preserve the expected version ordering.
+
+* Gitea **v1.18.0-rc0** will be Forgejo **v1.18.0-0-rc0**, **v1.18.0-1-rc0**
+* Gitea **v1.18.0-rc1** will be Forgejo **v1.18.0-2-rc1**, **v1.18.0-3-rc1**, **v1.18.0-4-rc1**
+* Gitea **v1.18.0** will be Forgejo **v1.18.0-5**, **v1.18.0-6**, **v1.18.0-7**
+* etc.
+
+Because Forgejo is a soft fork of Gitea, it must retain the same release numbering scheme to be compatible with libraries and tools that depend on it. For instance, the tea CLI or the Gitea SDK will behave differently depending on the server version they connect to. If Forgejo had a different numbering scheme, it would no longer be compatible with the Gitea ecosystem.
+
+From a [Semantic Versioning](https://semver.org/) standpoint, all Forgejo releases are [pre-releases](https://semver.org/#spec-item-9) because they are suffixed with a dash. They are syntactically correct but do not comply with the Semantic Versioning recommendations. Gitea is not compliant either and as long as Forgejo is a soft fork, it inherits this problem.
+
+## Release process
+
+When publishing the vX.Y.Z-N release, the following steps must be followed:
+
+### Semantic version
+
+* Update the FORGEJO_VERSION variable in the Makefile
+
+### Create a milestone and a check list
+
+* Create a `Forgejo vX.X.Z-N` milestone set to the date of the release
+* Create an issue named `[RELEASE] Forgejo vX.Y.Z-N` with a description that includes a list of what needs to be done for the release with links to follow the progress
+* Set the milestone of this issue to `Forgejo vX.X.Z-N`
+* Close the milestone when the release is complete
+
+### Cherry pick the latest commits from Gitea
+
+The vX.Y/forgejo branch is populated as part of the [rebase on top of Gitea](WORKFLOW.md). The release happens in between rebase and it is worth checking if the matching Gitea branch, release/vX.Y contains commits that should be included in the release.
+
+* `cherry-pick -x` the commits
+* push the vX.Y/forgejo branch including the commits
+* verify that the tests pass
+
+### Release Notes
+
+* Add an entry in RELEASE-NOTES.md
+* Copy/paste the matching entry from CHANGELOG.md
+* Update the PR references prefixing them with https://github.com/go-gitea/gitea/pull/
+
+### Testing
+
+When Forgejo is released, artefacts (packages, binaries, etc.) are first published by the CI/CD pipelines in the https://codeberg.org/forgejo-experimental organization, to be downloaded and verified to work.
+
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo-integration/forgejo
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo-integration (if it fails for whatever reason, the tag and the release can be removed manually)
+  * Binaries are built and uploaded to https://codeberg.org/forgejo/forgejo-integration/releases
+  * Container images are built and uploaded to https://codeberg.org/forgejo-integration/-/packages/container/forgejo/versions
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo-experimental/forgejo
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo/experimental
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo/experimental
+  * Binaries are downloaded from https://codeberg.org/forgejo-integration, signed and copied to https://codeberg.org/forgejo-experimental
+  * Container images are copied from https://codeberg.org/forgejo-integration to https://codeberg.org/forgejo-experimental
+* Fetch the Forgejo release as part of the [forgejo-ci](https://codeberg.org/Codeberg-Infrastructure/scripted-configuration/src/branch/main/hosts/forgejo-ci) test suite. Push the change to a branch of a repository enabled in https://ci.dachary.org/ ([read more...](https://codeberg.org/forgejo/forgejo/issues/208)). It will deploy the release and run high level integration tests.
+* Reach out to packagers and users to manually verify the release works as expected
+
+### Publication
+
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo/release
+  * Binaries are downloaded from https://codeberg.org/forgejo-integration, signed and copied to https://codeberg.org/forgejo
+  * Container images are copied from https://codeberg.org/forgejo-integration to https://codeberg.org/forgejo
+
+### Website update
+
+* Restart the last CI build at https://codeberg.org/forgejo/website/src/branch/main/
+* Verify https://forgejo.org/download/ points to the expected release
+* Update the [documentation link to the latest version](https://codeberg.org/forgejo/website/src/commit/e63c6f8ab64876b10b86de1d18162b6ccb87bd99/.woodpecker.yml#L35)
+* Manually try the instructions to work
+
+### DNS update
+
+* Update the `release.forgejo.org` TXT record that starts with `forgejo_versions=` to be `forgejo_versions=vX.Y.Z-N`
+
+### Standard toot
+
+The following toot can be re-used to announce a minor release at `https://floss.social/@forgejo`. For more significant releases it is best to consider a dedicated and non-standard toot.
+
+```
+#Forgejo vX.Y.Z-N was just released! This is a minor patch. Check out the release notes and download it at https://forgejo.org/releases/. If you experience any issues with this release, please report to https://codeberg.org/forgejo/forgejo/issues.
+```
+
+## Release signing keys management
+
+A GPG master key with no expiration date is created and shared with members of the Owners team via encrypted email. A subkey with a one year expiration date is created and stored in the secrets repository, to be used by the CI pipeline. The public master key is stored in the secrets repository and published where relevant.
+
+### Master key creation
+
+* gpg --expert --full-generate-key
+* key type: ECC and ECC option with Curve 25519 as curve
+* no expiration
+* id: Forgejo Releases <contact@forgejo.org>
+* gpg --export-secret-keys --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 and send via encrypted email to Owners
+* gpg --export --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 > release-team-gpg.pub
+* commit to the secret repository
+
+### Subkey creation and renewal
+
+* gpg --expert --edit-key EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
+* addkey
+* key type: ECC (signature only)
+* key validity: one year
+* create [an issue](https://codeberg.org/forgejo/forgejo/issues) to schedule the renewal
+
+#### 2023
+
+* gpg --export --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg.pub
+* gpg --export-secret-keys --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg
+* commit to the secrets repository
+* renewal issue https://codeberg.org/forgejo/forgejo/issues/58
+
+### CI configuration
+
+In the Woodpecker CI configuration the following secrets must be set:
+
+* `releaseteamgpg` is the secret GPG key used to sign the releases
+* `releaseteamuser` is the user name to authenticate with the Forgejo API and publish the releases
+* `releaseteamtoken` is the token to authenticate `releaseteamuser` with the Forgejo API and publish the releases
+* `domain` is `codeberg.org`
+
+## Users, organizations and repositories
+
+### Shared user: release-team
+
+The [release-team](https://codeberg.org/release-team) user publishes and signs all releases. The associated email is mailto:release@forgejo.org.
+
+The public GPG key used to sign the releases is [EB114F5E6C0DC2BCDD183550A4B61A2DC5923710](https://codeberg.org/release-team.gpg) `Forgejo Releases <release@forgejo.org>`
+
+### Shared user: forgejo-ci
+
+The [forgejo-ci](https://codeberg.org/forgejo-ci) user is dedicated to https://forgejo-ci.codeberg.org/ and provides it with OAuth2 credentials it uses to run.
+
+### Shared user: forgejo-experimental-ci
+
+The [forgejo-experimental-ci](https://codeberg.org/forgejo-experimental-ci) user is dedicated to provide the application tokens used by Woodpecker CI repositories to build releases and publish them to https://codeberg.org/forgejo-experimental. It does not (and must not) have permission to publish releases at https://codeberg.org/forgejo.
+
+### Integration and experimental organization
+
+The https://codeberg.org/forgejo-integration organization is dedicated to integration testing. Its purpose is to ensure all artefacts can effectively be published and retrieved by the CI/CD pipelines. 
+
+The https://codeberg.org/forgejo-experimental organization is dedicated to publishing experimental Forgejo releases. They are copied from the https://codeberg.org/forgejo-integration organization.
+
+The `forgejo-experimental-ci` user as well as all Forgejo contributors working on the CI/CD pipeline should be owners of both organizations.
+
+The https://codeberg.org/forgejo-integration/forgejo repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/forgejo-experimental-ci user. It runs the pipelines found in `releases/woodpecker-build/*.yml` which builds and publishes an unsigned release in https://codeberg.org/forgejo-integration.
+
+### Experimental and release repositories
+
+The https://codeberg.org/forgejo/experimental private repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/forgejo-experimental-ci user. It runs the pipelines found in `releases/woodpecker-publish/*.yml` which signs and copies a release from https://codeberg.org/forgejo-integration into https://codeberg.org/forgejo-experimental.
+
+The https://codeberg.org/forgejo/release private repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/release-team user. It runs the pipelines found in `releases/woodpecker-publish/*.yml` which signs and copies a release from https://codeberg.org/forgejo-integration into https://codeberg.org/forgejo.
--- a/CONTRIBUTING/SECRETS.md
+++ b/CONTRIBUTING/SECRETS.md
@ -0,0 +1,56 @@
+# Secrets
+
+All Forgejo credentials are shared among the [secret keepers](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md#secrets-keeper) teams in a private repository with encrypted content.
+
+## Get started
+
+1. Make sure you have a GPG Key, or [create one](https://github.com/NicoHood/gpgit#12-key-generation)
+2. Send someone else your public key and ask this person to add yourself as a recipient
+```
+# Commands for the other person
+$ gpg --import public_key.asc
+# The following command will open a prompt, with the available public keys. 
+# Choose the one you just added and all secrets will be re-encrypted with this new key.
+$ gopass recipients add
+```
+3. [Install gopass](https://www.gopass.pw/#install)
+> :warning: When installing on Ubuntu or Debian you can either download the deb package, install manually or build from source or use our APT repository ([github comment](https://github.com/gopasspw/gopass/issues/1849#issuecomment-802789285) with more information).
+4. Clone this repo using `gopass` (the name and email are for `git config`)
+```
+$ gopass clone git@codeberg.org:forgejo/gopass.git
+```
+5. Check the consistency of the gopass storage
+```
+$ gopass fsck
+```
+
+## Get a secret
+
+Show the whole secret file:
+```
+$ gopass show ovh.com/manager
+```
+
+Copy the password in the clipboard:
+```
+$ gopass show -c ovh.com/manager
+```
+
+Copy the `user` part of the secret in the clipboard:
+```
+$ gopass show -c ovh.com/manager user
+```
+
+## Insert or edit a secret
+```
+$ gopass edit ovh.com/manager
+```
+In the editor, insert the password on the first line.
+You may then add lines with a `key: value` syntax (`user: username` for instance).
+
+## Debugging and manual git operations
+
+The following command will show the location and status of the git repo (all git commands are available).
+```
+$ gopass git status
+```
--- a/CONTRIBUTING/WORKFLOW.md
+++ b/CONTRIBUTING/WORKFLOW.md
@ -0,0 +1,124 @@
+# Development workflow
+
+Forgejo is a soft fork, i.e. a set of commits applied to the Gitea development branch and the stable branches. On a regular basis those commits are rebased and modified if necessary to keep working. All Forgejo commits are merged into a branch from which binary releases and packages are created and distributed. The development workflow is a set of conventions Forgejo developers are expected to follow to work together.
+
+Discussions on how the workflow should evolve happen [in the isssue tracker](https://codeberg.org/forgejo/forgejo/issues?type=all&state=open&labels=&milestone=0&assignee=0&q=%5BWORKFLOW%5D).
+
+## Naming conventions
+
+### Development
+
+* Gitea: main
+* Forgejo: forgejo
+* Feature branches: forgejo-feature-name
+
+### Stable
+
+* Gitea: release/vX.Y
+* Forgejo: vX.Y/forgejo
+* Feature branches: vX.Y/forgejo-feature-name
+
+### Soft fork history
+
+Before rebasing on top of Gitea, all branches are copied to `soft-fork/YYYY-MM-DD/<branch>` for safekeeping. Older `soft-fork/*/<branch>` branches are converted into references under the same name. Similar to how pull requests store their head, they do not clutter the list of branches but can be retrieved if needed with `git fetch +refs/soft-fork/*:refs/soft-fork/*`. Tooling to automate this archival process [is available](https://codeberg.org/forgejo-contrib/soft-fork-tools/src/branch/master/README.md#archive-branches).
+
+### Tags
+
+Because the branches are rebased on top of Gitea, only the latest tag will be found in a given branch. For instance `v1.18.0-1` won't be found in the `v1.18/forgejo` branch after it is rebased.
+
+## Rebasing
+
+### *Feature branch*
+
+The *Gitea* branches are mirrored with the Gitea development and stable branches.
+
+On a regular basis, each *Feature branch* is rebased against the base *Gitea* branch.
+
+### forgejo branch
+
+The latest *Gitea* branch resets the *forgejo* branch and all *Feature branches* are merged into it.
+
+If tests pass after pushing *forgejo* to the https://codeberg.org/forgejo-integration/forgejo repository, it can be pushed to the https://codeberg.org/forgejo/forgejo repository.
+
+If tests do not pass, an issue is filed to the *Feature branch* that fails the test. Once the issue is resolved, another round of rebasing starts.
+
+### Cherry picking and rebasing
+
+Because Forgejo is a soft fork of Gitea, the commits in feature branches need to be cherry-picked on top of their base branch. They cannot be rebased using `git rebase`, because their base branch has been rebased.
+
+Here is how the commits in the `forgejo-f3` branch can be cherry-picked on top of the latest `forgejo-development` branch:
+
+```
+$ git fetch --all
+$ git remote get-url forgejo
+git@codeberg.org:forgejo/forgejo.git
+$ git checkout -b forgejo/forgejo-f3
+$ git reset --hard forgejo/forgejo-development
+$ git cherry-pick $(git rev-list --reverse forgejo/soft-fork/2022-12-10/forgejo-development..forgejo/soft-fork/2022-12-10/forgejo-f3)
+$ git push --force forgejo-f3 forgejo/forgejo-f3
+```
+
+## Feature branches
+
+All *Feature branches* are based on the {vX.Y/,}forgejo-development branch which provides development tools and documentation.
+
+The `forgejo-development` branch is based on the {vX.Y/,}forgejo-ci branch which provides the Woodpecker CI configuration.
+
+The purpose of each *Feature branch* is documented below:
+
+### General purpose
+
+* [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci) based on [main](https://codeberg.org/forgejo/forgejo/src/branch/main)
+  Woodpecker CI configuration, including the release process.
+  * Backports: [v1.18/forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci)
+
+* [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development) based on [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci)
+  Forgejo development tools and documentation.
+  * Backports: [v1.18/forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-development)
+
+### Dependency
+
+* [forgejo-dependency](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-dependency) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Each commit is prefixed with the name of dependency in uppercase, for instance **[GOTH]** or **[GITEA]**. They are standalone and implement either a bug fix or a feature that is in the process of being contributed to the dependency. It is better to contribute directly to the dependency instead of adding a commit to this branch but it is sometimes not possible, for instance when someone does not have a GitHub account. The author of the commit is responsible for rebasing and resolve conflicts. The ultimate goal of this branch is to be empty and it is expected that a continuous effort is made to reduce its content so that the technical debt it represents does not burden Forgejo long term.
+  * Backports: [v1.18/forgejo-dependency](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-dependency)
+
+### [Privacy](https://codeberg.org/forgejo/forgejo/issues?labels=83271)
+
+* [forgejo-privacy](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-privacy) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Customize Forgejo to have more privacy.
+  * Backports: [v1.18/forgejo-privacy](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-privacy)
+
+### Branding
+* [forgejo-branding](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-branding) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Replacing upstream branding with Forgejo branding
+
+### [Internationalization](https://codeberg.org/forgejo/forgejo/issues?labels=82637)
+* [forgejo-i18n](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-i18n) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Internationalization support for Forgejo with a workflow based on Weblate.
+
+### [Accessibility](https://codeberg.org/forgejo/forgejo/issues?labels=81214)
+* Backports only: [v1.18/forgejo-a11y](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-a11y) based on [v1.18/forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-development)
+  Backport future upstream a11y improvements to the current release of Forgejo
+
+### [Federation](https://codeberg.org/forgejo/forgejo/issues?labels=79349)
+
+* [forgejo-federation](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-federation) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Federation support for Forgejo
+
+* [forgejo-f3](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-f3) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  [F3](https://lab.forgefriends.org/friendlyforgeformat/gof3) support for Forgejo
+
+## Pull requests and feature branches
+
+Most people who are used to contributing will be familiar with the workflow of sending a pull request against the default branch. When that happens the reviewer should change the base branch to the appropriate *Feature branch* instead. If the pull request does not fit in any *Feature branch*, the reviewer needs to make decision to either:
+
+* Decline the pull request because it is best contributed to Gitea
+* Create a new *Feature branch*
+
+Returning contributors can figure out which *Feature branch* to base their pull request on using the list of *Feature branches*.
+
+## Granularity
+
+*Feature branches* can contain a number of commits grouped together, for instance for branding the documentation, the landing page and the footer. It makes it convenient for people working on that topic to get the big picture without browsing multiple branches. Creating a new *Feature branch* for each individual commit, while possible, is likely to be difficult to work with.
+
+Observing the granularity of the existing *Feature branches* is the best way to figure out what works and what does not. It requires adjustments from time to time depending on the number of contributors and the complexity of the Forgejo codebase that sits on top of Gitea.
--- a/13
+++ b/13
@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.20-alpine3.17 AS build-env
+FROM docker.io/library/golang:1.20-alpine3.17 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -23,8 +23,8 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM alpine:3.17
-LABEL maintainer="maintainers@gitea.io"
+FROM docker.io/library/alpine:3.17
+LABEL maintainer="contact@forgejo.org"

 EXPOSE 22 3000

@ -50,10 +50,10 @@ RUN addgroup \
    -s /bin/bash \
    -u 1000 \
    -G git \
-    git && \
-  echo "git:*" | chpasswd -e
+    _gitea && \
+  echo "_gitea:*" | chpasswd -e

-ENV USER git
+ENV USER _gitea
 ENV GITEA_CUSTOM /data/gitea

 VOLUME ["/data"]
@ -62,6 +62,7 @@ ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]

 COPY docker/root /
+RUN cd /usr/local/bin ; ln -s gitea forgejo
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.20-alpine3.17 AS build-env
+FROM docker.io/library/golang:1.20-alpine3.17 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -23,8 +23,8 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM alpine:3.17
-LABEL maintainer="maintainers@gitea.io"
+FROM docker.io/library/alpine:3.17
+LABEL maintainer="contact@forgejo.org"

 EXPOSE 2222 3000

@ -52,6 +52,7 @@ RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea

 COPY docker/rootless /
+RUN cd /usr/local/bin ; ln -s gitea forgejo
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+Copyright (c) 2022 The Forgejo Authors
 Copyright (c) 2016 The Gitea Authors
 Copyright (c) 2015 The Gogs Authors

--- a/81
+++ b/81
@ -77,13 +77,14 @@ ifeq ($(RACE_ENABLED),true)
 endif

 STORED_VERSION_FILE := VERSION
+HUGO_VERSION ?= 0.111.3

 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(subst v,,$(DRONE_TAG))
 	GITEA_VERSION ?= $(VERSION)
 else
 	ifneq ($(DRONE_BRANCH),)
-		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
+		VERSION ?= $(shell echo $(DRONE_BRANCH) | sed -e 's|v\([0-9.][0-9.]*\)/.*|\1|')
 	else
 		VERSION ?= main
 	endif
@ -96,7 +97,15 @@ else
 	endif
 endif

-LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
+# if version = "main" then update version to "nightly"
+ifeq ($(VERSION),main)
+	VERSION := main-nightly
+endif
+
+# SemVer
+FORGEJO_VERSION := 4.2.2+0-gitea-1.19.4
+
+LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)"

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

@ -105,7 +114,7 @@ GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/m

 FOMANTIC_WORK_DIR := web_src/fomantic

-WEBPACK_SOURCES := $(shell find web_src/js web_src/less -type f)
+WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
 WEBPACK_CONFIGS := webpack.config.js
 WEBPACK_DEST := public/js/index.js public/css/index.css
 WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack public/serviceworker.js
@ -131,10 +140,10 @@ TEST_TAGS ?= sqlite sqlite_unlock_notify
 TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)

 GO_DIRS := cmd tests models modules routers build services tools
-WEB_DIRS := web_src/js web_src/less
+WEB_DIRS := web_src/js web_src/css

 GO_SOURCES := $(wildcard *.go)
-GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
+GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go)
 GO_SOURCES += $(GENERATED_GO_DEST)
 GO_SOURCES_NO_BINDATA := $(GO_SOURCES)

@ -148,11 +157,14 @@ ifdef DEPS_PLAYWRIGHT
 	PLAYWRIGHT_FLAGS += --with-deps
 endif

+FORGEJO_API_SPEC := public/forgejo/api.v1.yml
+
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
 SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
 SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
 SWAGGER_EXCLUDE := code.gitea.io/sdk
 SWAGGER_NEWLINE_COMMAND := -e '$$a\'
+SWAGGER_SPEC_BRANDING := s|Gitea API|Forgejo API|g

 TEST_MYSQL_HOST ?= mysql:3306
 TEST_MYSQL_DBNAME ?= testgitea
@ -208,6 +220,8 @@ help:
 	@echo " - generate-license                 update license files"
 	@echo " - generate-gitignore               update gitignore files"
 	@echo " - generate-manpage                 generate manpage"
+	@echo " - generate-forgejo-api             generate the forgejo API from spec"
+	@echo " - forgejo-api-validate             check if the forgejo API matches the specs"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
@ -286,8 +300,7 @@ misspell-check:
 .PHONY: vet
 vet:
 	@echo "Running go vet..."
-	@GOOS= GOARCH= $(GO) build code.gitea.io/gitea-vet
-	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
+	@$(GO) vet $(GO_PACKAGES)

 .PHONY: $(TAGS_EVIDENCE)
 $(TAGS_EVIDENCE):
@ -298,6 +311,27 @@ ifneq "$(TAGS)" "$(shell cat $(TAGS_EVIDENCE) 2>/dev/null)"
 TAGS_PREREQ := $(TAGS_EVIDENCE)
 endif

+OAPI_CODEGEN_PACKAGE ?= github.com/deepmap/oapi-codegen/cmd/oapi-codegen@v1.12.4
+KIN_OPENAPI_CODEGEN_PACKAGE ?= github.com/getkin/kin-openapi/cmd/validate@v0.114.0
+FORGEJO_API_SERVER = routers/api/forgejo/v1/generated.go
+
+.PHONY: generate-forgejo-api
+generate-forgejo-api: $(FORGEJO_API_SPEC)
+	$(GO) run $(OAPI_CODEGEN_PACKAGE) -package v1 -generate chi-server,types $< > $(FORGEJO_API_SERVER)
+
+.PHONY: forgejo-api-check
+forgejo-api-check: generate-forgejo-api
+	@diff=$$(git diff $(FORGEJO_API_SERVER) ; \
+	if [ -n "$$diff" ]; then \
+		echo "Please run 'make generate-forgejo-api' and commit the result:"; \
+		echo "$${diff}"; \
+		exit 1; \
+	fi
+
+.PHONY: forgejo-api-validate
+forgejo-api-validate:
+	$(GO) run $(KIN_OPENAPI_CODEGEN_PACKAGE) $(FORGEJO_API_SPEC)
+
 .PHONY: generate-swagger
 generate-swagger: $(SWAGGER_SPEC)

@ -305,6 +339,7 @@ $(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)
 	$(GO) run $(SWAGGER_PACKAGE) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) '$(SWAGGER_SPEC_BRANDING)' './$(SWAGGER_SPEC)'

 .PHONY: swagger-check
 swagger-check: generate-swagger
@ -333,7 +368,7 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check

 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
+checks-backend: tidy-check swagger-check fmt-check misspell-check forgejo-api-validate swagger-validate security-check

 .PHONY: lint
 lint: lint-frontend lint-backend
@ -341,7 +376,7 @@ lint: lint-frontend lint-backend
 .PHONY: lint-frontend
 lint-frontend: node_modules
 	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
-	npx stylelint --color --max-warnings=0 web_src/less
+	npx stylelint --color --max-warnings=0 web_src/css
 	npx spectral lint -q -F hint $(SWAGGER_SPEC)
 	npx markdownlint docs *.md

@ -739,19 +774,23 @@ generate: generate-backend
 generate-backend: $(TAGS_PREREQ) generate-go

 .PHONY: generate-go
-generate-go: $(TAGS_PREREQ)
+generate-go: $(TAGS_PREREQ) merge-locales
 	@echo "Running go generate..."
 	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)

+.PHONY: merge-locales
+merge-locales:
+	$(GO) run build/merge-forgejo-locales.go
+
 .PHONY: security-check
 security-check:
-	go run $(GOVULNCHECK_PACKAGE) -v ./...
+	go run $(GOVULNCHECK_PACKAGE) ./...

 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-linux release-copy release-compress vendor release-sources release-check

 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)
@ -768,7 +807,7 @@ endif

 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out forgejo-$(VERSION) .
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
@ -805,8 +844,8 @@ release-sources: | $(DIST_DIRS)
 # bsdtar needs a ^ to prevent matching subdirectories
 	$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
 # use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s
-	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./gitea-src-$(VERSION)/'" || echo "--transform 's|^./|gitea-src-$(VERSION)/|'"))
-	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
+	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./forgejo-src-$(VERSION)/'" || echo "--transform 's|^./|forgejo-src-$(VERSION)/|'"))
+	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/forgejo-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)

 .PHONY: release-docs
@ -816,7 +855,7 @@ release-docs: | $(DIST_DIRS) docs
 .PHONY: docs
 docs:
 	@hash hugo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		curl -sL https://github.com/gohugoio/hugo/releases/download/v0.74.3/hugo_0.74.3_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
+		curl -sL https://github.com/gohugoio/hugo/releases/download/v$(HUGO_VERSION)/hugo_$(HUGO_VERSION)_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
 	fi
 	cd docs; make trans-copy clean build-offline;

@ -859,6 +898,8 @@ fomantic:
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
+	# fomantic uses "touchstart" as click event for some browsers, it's not ideal, so we force fomantic to always use "click" as click event
+	$(SED_INPLACE) -e 's/clickEvent[ \t]*=/clickEvent = "click", unstableClickEvent =/g' $(FOMANTIC_WORK_DIR)/build/semantic.js
 	$(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js
 	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*

@ -899,13 +940,7 @@ lockfile-check:

 .PHONY: update-translations
 update-translations:
-	mkdir -p ./translations
-	cd ./translations && curl -L https://crowdin.com/download/project/gitea.zip > gitea.zip && unzip gitea.zip
-	rm ./translations/gitea.zip
-	$(SED_INPLACE) -e 's/="/=/g' -e 's/"$$//g' ./translations/*.ini
-	$(SED_INPLACE) -e 's/\\"/"/g' ./translations/*.ini
-	mv ./translations/*.ini ./options/locale/
-	rmdir ./translations
+	# noop to detect merge conflicts (potentially needs updating the scripts) and avoid breaking with Gitea

 .PHONY: generate-license
 generate-license:
--- a/README.md
+++ b/README.md
@ -1,180 +1,47 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
+<div align="center">
+    <img src="./assets/logo.svg" alt="" width="192" align="center" />
+    <h1 align="center">Welcome to Forgejo</h1>
+</div>

-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
+Hi there! Tired of big platforms playing monopoly?
+Providing Git hosting for your project, friends, company or community?
+**Forgejo** (/for'd&#865;ʒe.jo/ inspired by forĝejo – the Esperanto word for *forge*) has you covered with its intuitive interface,
+light and easy hosting and a lot of builtin functionality.

-<p align="center">
-  <a href="README_ZH.md">View this document in Chinese</a>
-</p>
+Forgejo was [created in 2022](https://forgejo.org/2022-12-15-hello-forgejo/)
+because we think that the project should be owned by an independent community.
+If you second that, then Forgejo is for you!
+Our promise: **Independent Free/Libre Software forever!**

-## Purpose
+## What does Forgejo offer?

-The goal of this project is to make the easiest, fastest, and most
-painless way of setting up a self-hosted Git service.
+<!-- If you want to know what Forgejo is like,
+you can check out public instances,
+e.g. [Codeberg.org](https://codeberg.org).
+-->

-As Gitea is written in Go, it works across **all** the platforms and
-architectures that are supported by Go, including Linux, macOS, and
-Windows on x86, amd64, ARM and PowerPC architectures.
-You can try it out using [the online demo](https://try.gitea.io/).
-This project has been
-[forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
-[Gogs](https://gogs.io) since November of 2016, but a lot has changed.
+If you like any of the following, Forgejo is literally meant for you:

-## Building
+- Lightweight: Forgejo can easily be hosted on nearly **every machine**.
+  Running on a Raspberry? Small cloud instance? No problem!
+- Project management: Besides Git hosting, Forgejo offers issues,
+  pull requests, wikis, kanban boards and much more to **coordinate with your team**.
+- Publishing: Have something to share? Use **releases** to host your software for download,
+  or use the **package registry** to publish it for docker, npm and many other package managers.
+- Customizable: Want to change your look? Change some settings?
+  There are many **config switches** to make Forgejo work exactly like you want.
+- Powerful: Organizations & team permissions, CI integration, Code Search, LDAP, OAuth and much more.
+  If you have **advanced needs**, Forgejo has you covered.
+- Privacy: From update checker to default settings: Forgejo is built to be **privacy first** for you and your crew.
+- Federation: (WIP) We are actively working to connect software forges with each other through **ActivityPub**,
+  and create a collaborative network of personal instances.
+  Interested? [Read more](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING/WORKFLOW.md#federation-https-codeberg-org-forgejo-forgejo-issues-labels-79349)

-From the root of the source tree, run:
+## Learn more

-    TAGS="bindata" make build
+Subscribe to releases and blog post on [our website](https://forgejo.org), <a href="https://floss.social/@forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#forgejo-chat:matrix.org) if you have any questions or want to get involved.

-or if SQLite support is required:

-    TAGS="bindata sqlite sqlite_unlock_notify" make build
+## Get involved

-The `build` target is split into two sub-targets:
-
- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
-
-When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.
-
-Parallelism (`make -j <num>`) is not supported.
-
-More info: https://docs.gitea.io/en-us/install-from-source/
-
-## Using
-
-    ./gitea web
-
-NOTE: If you're interested in using our APIs, we have experimental
-support with [documentation](https://try.gitea.io/api/swagger).
-
-## Contributing
-
-Expected workflow is: Fork -> Patch -> Push -> Pull Request
-
-NOTES:
-
-1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
-2. If you have found a vulnerability in the project, please write privately to **security@gitea.io**. Thanks!
-
-## Translating
-
-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.
-
-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
-
-https://docs.gitea.io/en-us/translation-guidelines/
-
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
-## Further information
-
-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
-If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
-
-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
-
-The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
-
-The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
-
-## Authors
-
- [Maintainers](https://github.com/orgs/go-gitea/people)
- [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
- [Translators](options/locale/TRANSLATORS)
-
-## Backers
-
-Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/gitea#backer)]
-
-<a href="https://opencollective.com/gitea#backers" target="_blank"><img src="https://opencollective.com/gitea/backers.svg?width=890"></a>
-
-## Sponsors
-
-Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/gitea#sponsor)]
-
-<a href="https://opencollective.com/gitea/sponsor/0/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/0/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/1/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/1/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/2/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/2/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/3/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/3/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/4/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/4/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/5/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/5/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/6/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/6/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
-<a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>
-
-## FAQ
-
-**How do you pronounce Gitea?**
-
-Gitea is pronounced [/ɡɪ’ti:/](https://youtu.be/EM71-2uDAoY) as in "gi-tea" with a hard g.
-
-**Why is this not hosted on a Gitea instance?**
-
-We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
-
-## License
-
-This project is licensed under the MIT License.
-See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
-for the full license text.
-
-## Screenshots
-
-Looking for an overview of the interface? Check it out!
-
-|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
-|:---:|:---:|:---:|
-|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
+If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please [take a look at the contribution guide](CONTRIBUTING.md).
--- a/README_ZH.md
+++ b/README_ZH.md
@ -1,98 +0,0 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
-
-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
-
-<p align="center">
-  <a href="README.md">View this document in English</a>
-</p>
-
-## 目标
-
-Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。
-
-如果您想试用一下，请访问 [在线Demo](https://try.gitea.io/)！
-
-## 提示
-
-1. **开始贡献代码之前请确保你已经看过了 [贡献者向导（英文）](CONTRIBUTING.md)**.
-2. 所有的安全问题，请私下发送邮件给 **security@gitea.io**。谢谢！
-3. 如果你要使用API，请参见 [API 文档](https://godoc.org/code.gitea.io/sdk/gitea).
-
-## 文档
-
-关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。
-
-## 贡献流程
-
-Fork -> Patch -> Push -> Pull Request
-
-## 翻译
-
-多语言翻译是基于Crowdin进行的.
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
-## 作者
-
-* [Maintainers](https://github.com/orgs/go-gitea/people)
-* [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
-* [Translators](options/locale/TRANSLATORS)
-
-## 授权许可
-
-本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) 文件中。
-
-## 截图
-
-|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
-|:---:|:---:|:---:|
-|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@ -0,0 +1,656 @@
+# Release Notes
+
+A Forgejo release is published shortly after a Gitea release is published and they have [matching release numbers](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING/RELEASE.md#release-numbering). Additional Forgejo releases may be published to address urgent security issues or bug fixes. Forgejo release notes include all Gitea release notes.
+
+The Forgejo admin should carefully read the required manual actions before upgrading. A point release (e.g. v1.19.1 or v1.19.2) does not require manual actions but others might (e.g. v1.18.0, v1.19.0).
+
+## 1.19.0-2
+
+The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.0-2` release can be reviewed from the command line with:
+
+```shell
+$ git clone https://codeberg.org/forgejo/forgejo/
+$ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/forgejo
+```
+
+* Breaking changes
+  * [Scoped access tokens](https://codeberg.org/forgejo/forgejo/commit/de484e86bc)
+
+    Forgejo access token, used with the [API](https://forgejo.org/docs/v1.19/admin/api-usage/) can now have a "scope" that limits what it can access. Existing tokens stored in the database and created before Forgejo v1.19 had unlimited access.  For backward compatibility, their access will remain the same and they will continue to work as before. However, **newly created token that do not specify a scope will now only have read-only access to public user profile and public repositories**.
+
+    For instance, the `/users/{username}/tokens` API endpoint will require the `scopes: ['all', 'sudo']` parameter and the `forgejo admin user generate-access-token` will require the `--scopes all,sudo` argument obtain tokens with ulimited access as before for admin users.
+
+    [Read more about the scoped tokens](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens).
+
+  * [Disable all units except code and pulls on forks](https://codeberg.org/forgejo/forgejo/commit/2741546be) 
+
+    When forking a repository, the fork will now have issues, projects, releases, packages and wiki disabled. These can be enabled in the repository settings afterwards. To change back to the previous default behavior, configure `DEFAULT_FORK_REPO_UNITS` to be the same value as `DEFAULT_REPO_UNITS`.
+
+  * [Filter repositories by default on the explore page](https://codeberg.org/forgejo/forgejo/commit/4d20a4a1b)
+
+    The explore page now always filters out repositories that are considered not relevant because they are either forks or have no topic and not description and no icon. A link is shown to display all repositories, unfiltered.
+
+    <img src="./releases/images/forgejo-v1.19-relevant.png" alt="Explore repositories" width="600" />
+
+  * [Remove deprecated DSA host key from Docker Container](https://codeberg.org/forgejo/forgejo/commit/f17edfaf5a31ea3f4e9152424b75c2c4986acbe3)
+    Since OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm, and recommend against its use. http://www.openssh.com/legacy.html
+
+  * Additional restrictions on valid user names
+
+    The algorithm for validating user names was modified and some users may have invalid names. The command `forgejo doctor --run check-user-names` will list all of them so they can be renamed.
+
+    If a Forgejo instance has users or organizations named `forgejo-actions` and `gitea-actions`, they will also need to be renamed before the upgrade. They are now reserved names for the experimental internal CI/CD named `Actions`.
+* Features
+
+   * [Documentation](https://forgejo.org/docs/latest/)
+     The first version of the [Forgejo documentation](https://forgejo.org/docs/latest/) is available and covers the administration of Forgejo, from installation to troubleshooting.
+
+   * [Semantic version](https://forgejo.org/docs/latest/user/semver)
+     In addition to the Forgejo release number, a [semantic version](https://semver.org/#semantic-versioning-200) number can be obtained from the
+     `/api/forgejo/v1/version` and now reflects the Gitea version that Forgejo depends on (e.g. `3.0.0+0-gitea-1.19.0`).
+
+     [Read more about semantic versions](https://forgejo.codeberg.page/docs/v1.19/user/semver)
+
+   * [Webhook authorization header](https://codeberg.org/forgejo/forgejo/commit/b6e81357bd6fb80f8ba94c513f89a210beb05313)
+     Forgejo webhooks can be configured to send an [authorization header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) to the target.
+
+     [Read more about the webhook authorization header](https://forgejo.codeberg.page/docs/v1.19/user/webhooks/#authorization-header)
+
+   * [Incoming emails](https://codeberg.org/forgejo/forgejo/commit/fc037b4b825f0501a1489e10d7c822435d825cb7)
+     You can now set up Forgejo to receive incoming email. When enabled, it is now possible to reply to an email notification from Forgejo and:
+     * Add a comment to an issue or a pull request
+     * Unsubscribe to the notifications
+
+     [Read more about incoming emails](https://forgejo.org/docs/v1.19/admin/incoming-email/)
+
+   * Packages registries
+     * Support for [Cargo](https://forgejo.org/docs/v1.19/admin/packages/cargo/), [Conda](https://forgejo.org/docs/v1.19/admin/packages/conda/) and [Chef](https://forgejo.org/docs/v1.19/admin/packages/chef/)
+     * [Cleanup rules](https://codeberg.org/forgejo/forgejo/commit/32db62515)
+     * [Quota limits](https://codeberg.org/forgejo/forgejo/commit/20674dd05)
+
+   * [Option to prohibit fork if user reached maximum limit of repositories](https://codeberg.org/forgejo/forgejo/commit/7cc7db73b)
+     It is possible for a user to create as many fork as they want, even when a quota on the number of repositories is imposed. The new `ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT` setting can now be set to `false` so forks are prohibited if that means exceeding the quota.
+
+     [Read more about repository configurations](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#repository-repository)
+
+   * [Scoped labels](https://codeberg.org/forgejo/forgejo/commit/6221a6fd5)
+     Labels that contain a forward slash (**/**) separator are displayed with a slightly different color before and after the separator, as a visual aid. The first part of the label defines its "scope".
+
+     [Read more about scoped labels](https://forgejo.org/docs/v1.19/user/labels/).
+
+   * [Support org/user level projects](https://codeberg.org/forgejo/forgejo/commit/6fe3c8b39)
+     It is now possible to create projects (kanban boards) for an organization or a user, in the same way it was possible for an individual repository.
+
+   * [Map OIDC groups to Orgs/Teams](https://codeberg.org/forgejo/forgejo/commit/e8186f1c0)
+     When a user logs in Forgejo using an provider such as [Keycloak](https://www.keycloak.org/), they can now automatically be part of a Forgejo team, depending on the OIDC group they belong to. For instance:
+
+     ```json
+     {"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}}
+     ```
+
+     Means that the user who is in the OIDC group `Developer` will automatically be a member of the `MyForgejoTeam1` and `MyForgejoTeam2` teams in the `MyForgejoOrganization` organization.
+     This mapping is set when adding a new `Authentication Source` in the `Site Administration` panel.
+
+     <img src="./releases/images/forgejo-v1.19-oidc-part1.png" alt="OIDC Group mapping part1" width="500" />
+
+     ...
+
+     <img src="./releases/images/forgejo-v1.19-oidc-part2.png" alt="OIDC Group mapping part2" width="500" />
+
+     [Read more about OIDC groups mapping](https://forgejo.org/docs/v1.19/admin/oauth2-provider/#endpoints)
+
+   * [RSS feed for releases and tags](https://codeberg.org/forgejo/forgejo/commit/48d71b7d6)
+
+     A RSS feed is now available for releases at `/{owner}/{repo}/releases.rss` and tags at `/{owner}/{repo}/tags.rss`.
+
+   * [Supports wildcard protected branch](https://codeberg.org/forgejo/forgejo/commit/2782c1439)
+
+     Instead of selecting a branch to be protected, the name of the branch must be specified and can be a pattern such as `precious*`.
+
+     [Read more about branch protection](https://forgejo.org/docs/v1.19/user/protection/#protected-branches).
+
+   * [Garbage collect LFS](https://codeberg.org/forgejo/forgejo/commit/651fe4bb7)
+     Add a doctor command for full garbage collection of LFS: `forgejo doctor --run gc-lfs`.
+
+   * Additions to the API
+
+     * [Management for issue/pull and comment attachments](https://codeberg.org/forgejo/forgejo/commit/3c59d31bc)
+     * [Get latest release](https://codeberg.org/forgejo/forgejo/commit/4d072a4c4)
+     * [System hook](https://codeberg.org/forgejo/forgejo/commit/c0015979a)
+
+   * [Option to disable releases on a repository](https://codeberg.org/forgejo/forgejo/commit/faa96553d)
+
+     It is now possible to disable releases on a repository, in the same way it is possible to disable issues or packages.
+
+   * [Git reflog support](https://codeberg.org/forgejo/forgejo/commit/757b4c17e)
+     The [git reflog](https://git-scm.com/docs/git-reflog) are now active by default on all repositories and
+     kept around for 90 days. It allows the Forgejo admin to recover the previous tip of a branch after an
+     accidental force push.
+
+     [Read more about reflog](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#git---reflog-settings-gitreflog)
+
+   * [Actions](https://codeberg.org/forgejo/forgejo/commit/4011821c946e8db032be86266dd9364ccb204118): an experimental CI/CD
+
+     It appears for the first time in this Forgejo release but is not yet fit for production. It is not fully implemented and may be insecure. However, as long as it is not enabled, it presents no risk to existing Forgejo instances.
+
+     If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continous Deployment). The syntax is similar to GitHub Actions and the jobs can be controled from the Forgejo web interface.
+
+     [Read more about Forgejo Actions](https://forgejo.codeberg.page/2023-02-27-forgejo-actions/)
+
+     <img src="./releases/images/forgejo-v1.19.0-0-rc0.png" alt="Actions" width="600" />
+
+* User Interface improvements
+
+   * [Review box on small screens](https://codeberg.org/forgejo/forgejo/commit/1fcf96ad0)
+     The rendering of the review box is improved on small screens.
+
+   * [Video element enabled in markdown](https://codeberg.org/forgejo/forgejo/commit/f8a40dafb)
+     The `<video>` HTML tag can now be used in MarkDown, with the `src`, `autoplay`, and `controls` attributes.
+
+   * [Copy citation file content in APA and BibTex format](https://codeberg.org/forgejo/forgejo/commit/9f8e77891)
+     If a [BibTeX](https://fr.wikipedia.org/wiki/BibTeX) file named `CITATION.bib` is at the root of the repository, it can be conveniently copied and converted in APA by following the `Cite this repository` link.
+
+     <img src="./releases/images/forgejo-v1.19-citation-link.png" alt="Citation link" width="500" />
+
+     It will open a dialog box with the available formats and a preview of the content.
+
+     <img src="./releases/images/forgejo-v1.19-citation-dialog.png" alt="Citation dialog" width="500" />
+
+     The CFF format is also supported when a `CITATION.cff` file used instead.
+
+   * [Display asciicast](https://codeberg.org/forgejo/forgejo/commit/d9f748a70)
+
+     Files with the `.cast` extension are displayed in the Forgejo web interface as [asciicast v2](https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md) using [asciinema-player](https://github.com/asciinema/asciinema-player).
+
+   * [Attention blocks Note and Warning](https://codeberg.org/forgejo/forgejo/commit/cb8328853)
+
+     For each quote block, the first `**Note**` or `**Warning**` gets an icon prepended to it and its text is colored accordingly.
+
+     <img src="./releases/images/forgejo-v1.19-note-warning.png" alt="Attention block" width="400" />
+
+   * [Support for commit cross references](https://codeberg.org/forgejo/forgejo/commit/d0d257b24)
+
+     A commit hash can now be prefixed by the repository to be referenced from a comment in another repository: `owner/repo@commit`.
+
+   * [Preview images for Issue cards in Project Board view](https://codeberg.org/forgejo/forgejo/commit/fb1a2a13f)
+
+     If the card preview in the project is set to **Images and Text**, it displays images found in the corresponding issue. The most recent is displayed first, up to five images.
+
+     [Read more about card preview images](https://forgejo.org/docs/v1.19/user/project/#card-previews-images).
+
+   * [Add "Copy" button to file view of raw text](https://codeberg.org/forgejo/forgejo/commit/e3a7f1579)
+
+     If a raw text file is displayed, a copy button of the text is enabled.
+
+     **Before**
+
+     <img src="./releases/images/forgejo-v1.19-raw-copy-before.png" alt="Raw copy before" width="500" />
+
+     **After**
+
+     <img src="./releases/images/forgejo-v1.19-raw-copy-after.png" alt="Raw copy after" width="500" />
+
+   * [Setting to allow edits on PRs by maintainers](https://codeberg.org/forgejo/forgejo/commit/49919c636)
+
+     Add setting to allow edits by maintainers by default, to avoid having to often ask contributors to enable this.
+
+* Container images upgraded to Alpine 3.17
+
+  The Forgejo container images are now based on [Alpine 3.17](https://alpinelinux.org/posts/Alpine-3.17.0-released.html) instead of Alpine 3.16. It includes an upgrade from git 2.36.5 to git 2.38.4 and from openssh 9.0p1 to openssh 9.1p1.
+
+## 1.18.5-0
+
+This stable release contains an **important security fix** for Forgejo to raise the protection against brute force attack on hashed passwords stored in the database to match industry standards, [as described in detail in a companion blog post](https://forgejo.org/2023-02-23-release-v1/).
+
+### Recommended Action
+
+We **strongly recommend** that all Forgejo installations are upgraded to the latest version as soon as possible.
+
+If `PASSWORD_HASH_ALGO` is explicitly set in `app.ini`, comment it out so that the stronger algorithm is used instead.
+
+All password hashes stored with another algorithm will be updated to the new algorithm on the next usage of this password (e.g. a user provides the password to the Forgejo server when they login). It does not require manual intervention.
+
+### Forgejo
+
+* SECURITY
+  * Upgrade the default password hash algorithm to pbkdf2 with 320,000 iterations (https://codeberg.org/forgejo/forgejo/pulls/407)
+* BUGFIXES
+  * Return the Forgejo semantic version instead of "development" (https://codeberg.org/forgejo/forgejo/pulls/381)
+
+### Gitea
+
+* SECURITY
+  * Provide the ability to set password hash algorithm parameters (https://github.com/go-gitea/gitea/pull/22942) (https://github.com/go-gitea/gitea/pull/22943)
+* BUGFIXES
+  * Use `--message=%s` for git commit message (https://github.com/go-gitea/gitea/pull/23028) (https://github.com/go-gitea/gitea/pull/23029)
+  * Render access log template as text instead of HTML (https://github.com/go-gitea/gitea/pull/23013) (https://github.com/go-gitea/gitea/pull/23025)
+  * Fix the Manually Merged form (https://github.com/go-gitea/gitea/pull/23015) (https://github.com/go-gitea/gitea/pull/23017)
+  * Use beforeCommit instead of baseCommit (https://github.com/go-gitea/gitea/pull/22949) (https://github.com/go-gitea/gitea/pull/22996)
+  * Display attachments of review comment when comment content is blank (https://github.com/go-gitea/gitea/pull/23035) (https://github.com/go-gitea/gitea/pull/23046)
+  * Return empty url for submodule tree entries (https://github.com/go-gitea/gitea/pull/23043) (https://github.com/go-gitea/gitea/pull/23048)
+  * Notify on container image create (https://github.com/go-gitea/gitea/pull/22806) (https://github.com/go-gitea/gitea/pull/22965)
+  * Some refactor about code comments(https://github.com/go-gitea/gitea/pull/20821) (https://github.com/go-gitea/gitea/pull/22707)
+
+Note that there is no Forgejo v1.18.4-N because Gitea v1.18.4 was replaced by Gitea v1.18.5 a few days after its release because of a regression. Forgejo was not affected.
+
+## 1.18.3-2
+
+This stable release includes a security fix for `git` and bug fixes.
+
+### Git
+
+Git [recently announced](https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/) new versions to address two CVEs ([CVE-2023-22490](https://cve.circl.lu/cve/CVE-2023-22490), [CVE-2023-23946](https://cve.circl.lu/cve/CVE-2023-23946)). On 14 Februrary 2023, Git published the maintenance release v2.39.2, together with releases for older maintenance tracks v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. All major GNU/Linux distributions also provide updated packages via their security update channels.
+
+We recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
+
+* When using a Forgejo binary: upgrade the `git` package to a version greater or equal to v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7 or v2.30.8
+* When using a Forgejo container image: `docker pull codeberg.org/forgejo/forgejo:1.18.3-2`
+
+### Forgejo
+
+* BUGFIXES
+  * Use proxy for pull mirror (https://github.com/go-gitea/gitea/pull/22771) (https://github.com/go-gitea/gitea/pull/22772)
+  * Revert "Fixes accessibility of empty repository commit status" (https://github.com/go-gitea/gitea/pull/22632)
+    * A regression introduced in 1.18.3-1 prevented the CI status from displaying for commits with more than one pipeline
+* FORGEJO RELEASE PROCESS BUGFIXES
+  * The tag SHA in the uploaded repository must match (https://codeberg.org/forgejo/forgejo/pulls/345) [Read more about the consequences of this on the Forgejo blog](https://forgejo.org/2023-02-12-tags/)
+
+### Gitea
+
+* BUGFIXES
+  * Load issue before accessing index in merge message (https://github.com/go-gitea/gitea/pull/22822) (https://github.com/go-gitea/gitea/pull/22830)
+  * Fix isAllowed of escapeStreamer (https://github.com/go-gitea/gitea/pull/22814) (https://github.com/go-gitea/gitea/pull/22837)
+  * Escape filename when assemble URL (https://github.com/go-gitea/gitea/pull/22850) (https://github.com/go-gitea/gitea/pull/22871)
+  * Fix PR file tree folders no longer collapsing (https://github.com/go-gitea/gitea/pull/22864) (https://github.com/go-gitea/gitea/pull/22872)
+  * Fix incorrect role labels for migrated issues and comments (https://github.com/go-gitea/gitea/pull/22914) (https://github.com/go-gitea/gitea/pull/22923)
+  * Fix blame view missing lines (https://github.com/go-gitea/gitea/pull/22826) (https://github.com/go-gitea/gitea/pull/22929)
+  * Fix 404 error viewing the LFS file (https://github.com/go-gitea/gitea/pull/22945) (https://github.com/go-gitea/gitea/pull/22948)
+* FEATURES
+  * Add command to bulk set must-change-password (https://github.com/go-gitea/gitea/pull/22823) (https://github.com/go-gitea/gitea/pull/22928)
+
+## 1.18.3-1
+
+This stable release includes bug fixes.
+
+### Forgejo
+
+* ACCESSIBILITY
+  * Add ARIA support for Fomantic UI checkboxes (https://github.com/go-gitea/gitea/pull/22599)
+  * Fixes accessibility behavior of Watching, Staring and Fork buttons (https://github.com/go-gitea/gitea/pull/22634)
+  * Add main landmark to templates and adjust titles (https://github.com/go-gitea/gitea/pull/22670)
+  * Improve checkbox accessibility a bit by adding the title attribute (https://github.com/go-gitea/gitea/pull/22593)
+  * Improve accessibility of navigation bar and footer (https://github.com/go-gitea/gitea/pull/22635)
+* PRIVACY
+  * Use DNS queries to figure out the latest Forgejo version (https://codeberg.org/forgejo/forgejo/pulls/278)
+* BRANDING
+  * Change the values for the nodeinfo API to correctly identify the software as Forgejo (https://codeberg.org/forgejo/forgejo/pulls/313)
+* CI
+  * Use tagged test environment for stable branches (https://codeberg.org/forgejo/forgejo/pulls/318)
+
+### Gitea
+
+* BUGFIXES
+  * Fix missing message in git hook when pull requests disabled on fork (https://github.com/go-gitea/gitea/pull/22625) (https://github.com/go-gitea/gitea/pull/22658)
+  * add default user visibility to cli command "admin user create" (https://github.com/go-gitea/gitea/pull/22750) (https://github.com/go-gitea/gitea/pull/22760)
+  * Fix color of tertiary button on dark theme (https://github.com/go-gitea/gitea/pull/22739) (https://github.com/go-gitea/gitea/pull/22744)
+  * Fix restore repo bug, clarify the problem of ForeignIndex (https://github.com/go-gitea/gitea/pull/22776) (https://github.com/go-gitea/gitea/pull/22794)
+  * Escape path for the file list (https://github.com/go-gitea/gitea/pull/22741) (https://github.com/go-gitea/gitea/pull/22757)
+  * Fix bugs with WebAuthn preventing sign in and registration. (https://github.com/go-gitea/gitea/pull/22651) (https://github.com/go-gitea/gitea/pull/22721)
+* PERFORMANCES
+  * Improve checkIfPRContentChanged (https://github.com/go-gitea/gitea/pull/22611) (https://github.com/go-gitea/gitea/pull/22644)
+
+## 1.18.3-0
+
+This stable release includes bug fixes.
+
+### Forgejo
+
+* BUGFIXES
+  * Fix line spacing for plaintext previews (https://github.com/go-gitea/gitea/pull/22699) (https://github.com/go-gitea/gitea/pull/22701)
+  * Fix README TOC links (https://github.com/go-gitea/gitea/pull/22577) (https://github.com/go-gitea/gitea/pull/22677)
+  * Don't return duplicated users who can create org repo (https://github.com/go-gitea/gitea/pull/22560) (https://github.com/go-gitea/gitea/pull/22562)
+  * Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (https://github.com/go-gitea/gitea/pull/22627) (https://github.com/go-gitea/gitea/pull/22642)
+
+### Gitea
+
+* BUGFIXES
+  * Add missing close bracket in imagediff (https://github.com/go-gitea/gitea/pull/22710) (https://github.com/go-gitea/gitea/pull/22712)
+  * Fix wrong hint when deleting a branch successfully from pull request UI (https://github.com/go-gitea/gitea/pull/22673) (https://github.com/go-gitea/gitea/pull/22698)
+  * Fix missing message in git hook when pull requests disabled on fork (https://github.com/go-gitea/gitea/pull/22625) (https://github.com/go-gitea/gitea/pull/22658)
+
+## 1.18.2-1
+
+This stable release includes a security fix. It was possible to reveal a user's email address, which is problematic because users can choose to hide their email address from everyone. This was possible because the notification email for a repository transfer request to an organization included every user's email address in the owner team. This has been fixed by sending individual emails instead and the code was refactored to prevent it from happening again.
+
+We **strongly recommend** that all installations are upgraded to the latest version as soon as possible.
+
+### Gitea
+
+* BUGFIXES
+  * When updating by rebase we need to set the environment for head repo (https://github.com/go-gitea/gitea/pull/22535) (https://github.com/go-gitea/gitea/pull/22536)
+  * Mute all links in issue timeline (https://github.com/go-gitea/gitea/pull/22534)
+  * Truncate commit summary on repo files table. (https://github.com/go-gitea/gitea/pull/22551) (https://github.com/go-gitea/gitea/pull/22552)
+  * Prevent multiple `To` recipients (https://github.com/go-gitea/gitea/pull/22566) (https://github.com/go-gitea/gitea/pull/22569)
+
+## 1.18.2-0
+
+This stable release includes bug fixes.
+
+### Gitea
+
+* BUGFIXES
+  * Fix issue not auto-closing when it includes a reference to a branch (https://github.com/go-gitea/gitea/pull/22514) (https://github.com/go-gitea/gitea/pull/22521)
+  * Fix invalid issue branch reference if not specified in template (https://github.com/go-gitea/gitea/pull/22513) (https://github.com/go-gitea/gitea/pull/22520)
+  * Fix 500 error viewing pull request when fork has pull requests disabled (https://github.com/go-gitea/gitea/pull/22512) (https://github.com/go-gitea/gitea/pull/22515)
+  * Reliable selection of admin user (https://github.com/go-gitea/gitea/pull/22509) (https://github.com/go-gitea/gitea/pull/22511)
+
+## 1.18.1-0
+
+This is the first Forgejo stable point release.
+
+### Forgejo
+
+### Critical security update for Git
+
+Git [recently announced](https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/) new versions to address two CVEs ([CVE-2022-23521](https://cve.circl.lu/cve/CVE-2022-23521), [CVE-2022-41903](https://cve.circl.lu/cve/CVE-2022-41903)). On 17 January 2023, Git published the maintenance release v2.39.1, together with releases for older maintenance tracks v2.38.3, v2.37.5, v2.36.4, v2.35.6, v2.34.6, v2.33.6, v2.32.5, v2.31.6, and v2.30.7. All major GNU/Linux distributions also provide updated packages via their security update channels.
+
+We **strongly recommend** that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
+
+* When using a Forgejo binary: upgrade the `git` package to a version greater or equal to v2.39.1, v2.38.3, v2.37.5, v2.36.4, v2.35.6, v2.34.6, v2.33.6, v2.32.5, v2.31.6, or v2.30.7
+* When using a Forgejo container image: `docker pull codeberg.org/forgejo/forgejo:1.18.1-0`
+
+Read more in the [Forgejo blog](https://forgejo.org/2023-01-18-release-v1-18-1-0/).
+
+#### Release process stability
+
+The [release process](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci) based on [Woodpecker CI](https://woodpecker-ci.org/) was entirely reworked to be more resilient to transient errors. A new release is first uploaded into the new [Forgejo experimental](https://codeberg.org/forgejo-experimental/) organization for testing purposes.
+
+Automated end to end testing of releases was implemented with a full development cycle including the creation of a new repository and a run of CI. It relieves the user and developer from the burden of tedious manual testing.
+
+#### Container environment variables
+
+When running a container, all environment variables starting with `FORGEJO__` can be used instead of `GITEA__`. For backward compatibility with existing scripts, it is still possible to use `GITEA__` instead of `FORGEJO__`. For instance:
+
+```
+docker run --name forgejo -e FORGEJO__security__INSTALL_LOCK=true codeberg.org/forgejo/forgejo:1.18.1-0
+```
+
+#### Forgejo hook types
+
+A new `forgejo` hook type is available and behaves exactly the same as the existing `gitea` hook type. It will be used to implement additional features specific to Forgejo in a way that will be backward compatible with Gitea.
+
+#### X-Forgejo headers
+
+Wherever a `X-Gitea` header is received or sent, an identical `X-Forgejo` is added. For instance when a notification mail is sent, the `X-Forgejo-Reason` header is set to explain why. Or when a webhook is sent, the `X-Forgejo-Event` header is set with `push`, `tag`, etc. for Woodpecker CI to decide on an action.
+
+#### Look and feel fixes
+
+The Forgejo theme was [modified](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-branding) to take into account user feedback.
+
+### Gitea
+
+* API
+  * Add `sync_on_commit` option for push mirrors api (https://github.com/go-gitea/gitea/pull/22271) (https://github.com/go-gitea/gitea/pull/22292)
+* BUGFIXES
+  * Update `github.com/zeripath/zapx/v15` (https://github.com/go-gitea/gitea/pull/22485)
+  * Fix pull request API field `closed_at` always being `null` (https://github.com/go-gitea/gitea/pull/22482) (https://github.com/go-gitea/gitea/pull/22483)
+  * Fix container blob mount (https://github.com/go-gitea/gitea/pull/22226) (https://github.com/go-gitea/gitea/pull/22476)
+  * Fix error when calculating repository size (https://github.com/go-gitea/gitea/pull/22392) (https://github.com/go-gitea/gitea/pull/22474)
+  * Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (https://github.com/go-gitea/gitea/pull/22454) (https://github.com/go-gitea/gitea/pull/22472)
+  * Fix environments for KaTeX and error reporting (https://github.com/go-gitea/gitea/pull/22453) (https://github.com/go-gitea/gitea/pull/22473)
+  * Remove the netgo tag for Windows build (https://github.com/go-gitea/gitea/pull/22467) (https://github.com/go-gitea/gitea/pull/22468)
+  * Fix migration from GitBucket (https://github.com/go-gitea/gitea/pull/22477) (https://github.com/go-gitea/gitea/pull/22465)
+  * Prevent panic on looking at api "git" endpoints for empty repos (https://github.com/go-gitea/gitea/pull/22457) (https://github.com/go-gitea/gitea/pull/22458)
+  * Fix PR status layout on mobile (https://github.com/go-gitea/gitea/pull/21547) (https://github.com/go-gitea/gitea/pull/22441)
+  * Fix wechatwork webhook sends empty content in PR review (https://github.com/go-gitea/gitea/pull/21762) (https://github.com/go-gitea/gitea/pull/22440)
+  * Remove duplicate "Actions" label in mobile view (https://github.com/go-gitea/gitea/pull/21974) (https://github.com/go-gitea/gitea/pull/22439)
+  * Fix leaving organization bug on user settings -> orgs (https://github.com/go-gitea/gitea/pull/21983) (https://github.com/go-gitea/gitea/pull/22438)
+  * Fixed colour transparency regex matching in project board sorting (https://github.com/go-gitea/gitea/pull/22092) (https://github.com/go-gitea/gitea/pull/22437)
+  * Correctly handle select on multiple channels in Queues (https://github.com/go-gitea/gitea/pull/22146) (https://github.com/go-gitea/gitea/pull/22428)
+  * Prepend refs/heads/ to issue template refs (https://github.com/go-gitea/gitea/pull/20461) (https://github.com/go-gitea/gitea/pull/22427)
+  * Restore function to "Show more" buttons (https://github.com/go-gitea/gitea/pull/22399) (https://github.com/go-gitea/gitea/pull/22426)
+  * Continue GCing other repos on error in one repo (https://github.com/go-gitea/gitea/pull/22422) (https://github.com/go-gitea/gitea/pull/22425)
+  * Allow HOST has no port (https://github.com/go-gitea/gitea/pull/22280) (https://github.com/go-gitea/gitea/pull/22409)
+  * Fix omit avatar_url in discord payload when empty (https://github.com/go-gitea/gitea/pull/22393) (https://github.com/go-gitea/gitea/pull/22394)
+  * Don't display stop watch top bar icon when disabled and hidden when click other place (https://github.com/go-gitea/gitea/pull/22374) (https://github.com/go-gitea/gitea/pull/22387)
+  * Don't lookup mail server when using sendmail (https://github.com/go-gitea/gitea/pull/22300) (https://github.com/go-gitea/gitea/pull/22383)
+  * Fix gravatar disable bug (https://github.com/go-gitea/gitea/pull/22337)
+  * Fix update settings table on install (https://github.com/go-gitea/gitea/pull/22326) (https://github.com/go-gitea/gitea/pull/22327)
+  * Fix sitemap (https://github.com/go-gitea/gitea/pull/22272) (https://github.com/go-gitea/gitea/pull/22320)
+  * Fix code search title translation (https://github.com/go-gitea/gitea/pull/22285) (https://github.com/go-gitea/gitea/pull/22316)
+  * Fix due date rendering the wrong date in issue (https://github.com/go-gitea/gitea/pull/22302) (https://github.com/go-gitea/gitea/pull/22306)
+  * Fix get system setting bug when enabled redis cache (https://github.com/go-gitea/gitea/pull/22298)
+  * Fix bug of DisableGravatar default value (https://github.com/go-gitea/gitea/pull/22297)
+  * Fix key signature error page (https://github.com/go-gitea/gitea/pull/22229) (https://github.com/go-gitea/gitea/pull/22230)
+* TESTING
+  * Remove test session cache to reduce possible concurrent problem (https://github.com/go-gitea/gitea/pull/22199) (https://github.com/go-gitea/gitea/pull/22429)
+* MISC
+  * Restore previous official review when an official review is deleted (https://github.com/go-gitea/gitea/pull/22449) (https://github.com/go-gitea/gitea/pull/22460)
+  * Log STDERR of external renderer when it fails (https://github.com/go-gitea/gitea/pull/22442) (https://github.com/go-gitea/gitea/pull/22444)
+
+## 1.18.0-1
+
+This is the first Forgejo release.
+
+### Forgejo improvements
+
+#### Woodpecker CI
+
+A new [CI configuration](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci) based on [Woodpecker CI](https://woodpecker-ci.org/) was created. It is used to:
+
+* run tests on every Forgejo pull request ([compliance](https://codeberg.org/forgejo/forgejo/src/tag/v1.18.0-1/.woodpecker/compliance.yml), [unit tests and integration tests](https://codeberg.org/forgejo/forgejo/src/tag/v1.18.0-1/.woodpecker/testing-amd64.yml))
+* publish the Forgejo v1.18.0-1 release, [as binary packages](https://codeberg.org/forgejo/forgejo/releases/tag/v1.18.0-1) for amd64, arm64 and armv6 and [container images](https://codeberg.org/forgejo/-/packages/container/forgejo/1.18.0-1) for amd64 and arm64, root and rootless
+
+#### Look and feel
+
+The default themes were replaced by Forgejo themes and the landing page was [modified](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-branding) to display the Forgejo logo and names but the look and feel remains otherwise identical to Gitea.
+
+<img src="./releases/images/forgejo-v1.18.0-rc1-2-landing.jpg" alt="Landing page" width="600" />
+
+#### Privacy
+
+Gitea instances fetch https://dl.gitea.io/gitea/version.json weekly by default, which raises privacy concerns. In Forgejo [this feature needs to be explicitly activated](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-privacy) at installation time or by modifying the configuration file. Forgejo also provides an alternative [RSS feed](https://forgejo.org/releases/) to be informed when a new release is published.
+
+### Gitea
+
+* SECURITY
+  * Remove ReverseProxy authentication from the API (https://github.com/go-gitea/gitea/pull/22219) (https://github.com/go-gitea/gitea/pull/22251)
+  * Support Go Vulnerability Management (https://github.com/go-gitea/gitea/pull/21139)
+  * Forbid HTML string tooltips (https://github.com/go-gitea/gitea/pull/20935)
+* BREAKING
+  * Rework mailer settings (https://github.com/go-gitea/gitea/pull/18982)
+  * Remove U2F support (https://github.com/go-gitea/gitea/pull/20141)
+  * Refactor `i18n` to `locale` (https://github.com/go-gitea/gitea/pull/20153)
+  * Enable contenthash in filename for dynamic assets (https://github.com/go-gitea/gitea/pull/20813)
+* FEATURES
+  * Add color previews in markdown (https://github.com/go-gitea/gitea/pull/21474)
+  * Allow package version sorting (https://github.com/go-gitea/gitea/pull/21453)
+  * Add support for Chocolatey/NuGet v2 API (https://github.com/go-gitea/gitea/pull/21393)
+  * Add API endpoint to get changed files of a PR (https://github.com/go-gitea/gitea/pull/21177)
+  * Add filetree on left of diff view (https://github.com/go-gitea/gitea/pull/21012)
+  * Support Issue forms and PR forms (https://github.com/go-gitea/gitea/pull/20987)
+  * Add support for Vagrant packages (https://github.com/go-gitea/gitea/pull/20930)
+  * Add support for `npm unpublish` (https://github.com/go-gitea/gitea/pull/20688)
+  * Add badge capabilities to users (https://github.com/go-gitea/gitea/pull/20607)
+  * Add issue filter for Author (https://github.com/go-gitea/gitea/pull/20578)
+  * Add KaTeX rendering to Markdown. (https://github.com/go-gitea/gitea/pull/20571)
+  * Add support for Pub packages (https://github.com/go-gitea/gitea/pull/20560)
+  * Support localized README (https://github.com/go-gitea/gitea/pull/20508)
+  * Add support mCaptcha as captcha provider (https://github.com/go-gitea/gitea/pull/20458)
+  * Add team member invite by email (https://github.com/go-gitea/gitea/pull/20307)
+  * Added email notification option to receive all own messages (https://github.com/go-gitea/gitea/pull/20179)
+  * Switch Unicode Escaping to a VSCode-like system (https://github.com/go-gitea/gitea/pull/19990)
+  * Add user/organization code search (https://github.com/go-gitea/gitea/pull/19977)
+  * Only show relevant repositories on explore page (https://github.com/go-gitea/gitea/pull/19361)
+  * User keypairs and HTTP signatures for ActivityPub federation using go-ap (https://github.com/go-gitea/gitea/pull/19133)
+  * Add sitemap support (https://github.com/go-gitea/gitea/pull/18407)
+  * Allow creation of OAuth2 applications for orgs (https://github.com/go-gitea/gitea/pull/18084)
+  * Add system setting table with cache and also add cache supports for user setting (https://github.com/go-gitea/gitea/pull/18058)
+  * Add pages to view watched repos and subscribed issues/PRs (https://github.com/go-gitea/gitea/pull/17156)
+  * Support Proxy protocol (https://github.com/go-gitea/gitea/pull/12527)
+  * Implement sync push mirror on commit (https://github.com/go-gitea/gitea/pull/19411)
+* API
+  * Allow empty assignees on pull request edit (https://github.com/go-gitea/gitea/pull/22150) (https://github.com/go-gitea/gitea/pull/22214)
+  * Make external issue tracker regexp configurable via API (https://github.com/go-gitea/gitea/pull/21338)
+  * Add name field for org api (https://github.com/go-gitea/gitea/pull/21270)
+  * Show teams with no members if user is admin (https://github.com/go-gitea/gitea/pull/21204)
+  * Add latest commit's SHA to content response (https://github.com/go-gitea/gitea/pull/20398)
+  * Add allow_rebase_update, default_delete_branch_after_merge to repository api response (https://github.com/go-gitea/gitea/pull/20079)
+  * Add new endpoints for push mirrors management (https://github.com/go-gitea/gitea/pull/19841)
+* ENHANCEMENTS
+  * Add setting to disable the git apply step in test patch (https://github.com/go-gitea/gitea/pull/22130) (https://github.com/go-gitea/gitea/pull/22170)
+  * Multiple improvements for comment edit diff (https://github.com/go-gitea/gitea/pull/21990) (https://github.com/go-gitea/gitea/pull/22007)
+  * Fix button in branch list, avoid unexpected page jump before restore branch actually done (https://github.com/go-gitea/gitea/pull/21562) (https://github.com/go-gitea/gitea/pull/21928)
+  * Fix flex layout for repo list icons (https://github.com/go-gitea/gitea/pull/21896) (https://github.com/go-gitea/gitea/pull/21920)
+  * Fix vertical align of committer avatar rendered by email address (https://github.com/go-gitea/gitea/pull/21884) (https://github.com/go-gitea/gitea/pull/21918)
+  * Fix setting HTTP headers after write (https://github.com/go-gitea/gitea/pull/21833) (https://github.com/go-gitea/gitea/pull/21877)
+  * Color and Style enhancements (https://github.com/go-gitea/gitea/pull/21784, #21799) (https://github.com/go-gitea/gitea/pull/21868)
+  * Ignore line anchor links with leading zeroes (https://github.com/go-gitea/gitea/pull/21728) (https://github.com/go-gitea/gitea/pull/21776)
+  * Quick fixes monaco-editor error: "vs.editor.nullLanguage" (https://github.com/go-gitea/gitea/pull/21734) (https://github.com/go-gitea/gitea/pull/21738)
+  * Use CSS color-scheme instead of invert (https://github.com/go-gitea/gitea/pull/21616) (https://github.com/go-gitea/gitea/pull/21623)
+  * Respect user's locale when rendering the date range in the repo activity page (https://github.com/go-gitea/gitea/pull/21410)
+  * Change `commits-table` column width (https://github.com/go-gitea/gitea/pull/21564)
+  * Refactor git command arguments and make all arguments to be safe to be used (https://github.com/go-gitea/gitea/pull/21535)
+  * CSS color enhancements (https://github.com/go-gitea/gitea/pull/21534)
+  * Add link to user profile in markdown mention only if user exists (https://github.com/go-gitea/gitea/pull/21533, #21554)
+  * Add option to skip index dirs (https://github.com/go-gitea/gitea/pull/21501)
+  * Diff file tree tweaks (https://github.com/go-gitea/gitea/pull/21446)
+  * Localize all timestamps (https://github.com/go-gitea/gitea/pull/21440)
+  * Add `code` highlighting in issue titles (https://github.com/go-gitea/gitea/pull/21432)
+  * Use Name instead of DisplayName in LFS Lock (https://github.com/go-gitea/gitea/pull/21415)
+  * Consolidate more CSS colors into variables (https://github.com/go-gitea/gitea/pull/21402)
+  * Redirect to new repository owner (https://github.com/go-gitea/gitea/pull/21398)
+  * Use ISO date format instead of hard-coded English date format for date range in repo activity page (https://github.com/go-gitea/gitea/pull/21396)
+  * Use weighted algorithm for string matching when finding files in repo (https://github.com/go-gitea/gitea/pull/21370)
+  * Show private data in feeds (https://github.com/go-gitea/gitea/pull/21369)
+  * Refactor parseTreeEntries, speed up tree list (https://github.com/go-gitea/gitea/pull/21368)
+  * Add GET and DELETE endpoints for Docker blob uploads (https://github.com/go-gitea/gitea/pull/21367)
+  * Add nicer error handling on template compile errors (https://github.com/go-gitea/gitea/pull/21350)
+  * Add `stat` to `ToCommit` function for speed (https://github.com/go-gitea/gitea/pull/21337)
+  * Support instance-wide OAuth2 applications (https://github.com/go-gitea/gitea/pull/21335)
+  * Record OAuth client type at registration (https://github.com/go-gitea/gitea/pull/21316)
+  * Add new CSS variables --color-accent and --color-small-accent (https://github.com/go-gitea/gitea/pull/21305)
+  * Improve error descriptions for unauthorized_client (https://github.com/go-gitea/gitea/pull/21292)
+  * Case-insensitive "find files in repo" (https://github.com/go-gitea/gitea/pull/21269)
+  * Consolidate more CSS rules, fix inline code on arc-green (https://github.com/go-gitea/gitea/pull/21260)
+  * Log real ip of requests from ssh (https://github.com/go-gitea/gitea/pull/21216)
+  * Save files in local storage as group readable (https://github.com/go-gitea/gitea/pull/21198)
+  * Enable fluid page layout on medium size viewports (https://github.com/go-gitea/gitea/pull/21178)
+  * File header tweaks (https://github.com/go-gitea/gitea/pull/21175)
+  * Added missing headers on user packages page (https://github.com/go-gitea/gitea/pull/21172)
+  * Display image digest for container packages (https://github.com/go-gitea/gitea/pull/21170)
+  * Skip dirty check for team forms (https://github.com/go-gitea/gitea/pull/21154)
+  * Keep path when creating a new branch (https://github.com/go-gitea/gitea/pull/21153)
+  * Remove fomantic image module (https://github.com/go-gitea/gitea/pull/21145)
+  * Make labels clickable in the comments section. (https://github.com/go-gitea/gitea/pull/21137)
+  * Sort branches and tags by date descending (https://github.com/go-gitea/gitea/pull/21136)
+  * Better repo API unit checks (https://github.com/go-gitea/gitea/pull/21130)
+  * Improve commit status icons (https://github.com/go-gitea/gitea/pull/21124)
+  * Limit length of repo description and repo url input fields (https://github.com/go-gitea/gitea/pull/21119)
+  * Show .editorconfig errors in frontend (https://github.com/go-gitea/gitea/pull/21088)
+  * Allow poster to choose reviewers (https://github.com/go-gitea/gitea/pull/21084)
+  * Remove black labels and CSS cleanup (https://github.com/go-gitea/gitea/pull/21003)
+  * Make e-mail sanity check more precise (https://github.com/go-gitea/gitea/pull/20991)
+  * Use native inputs in whitespace dropdown (https://github.com/go-gitea/gitea/pull/20980)
+  * Enhance package date display (https://github.com/go-gitea/gitea/pull/20928)
+  * Display total blob size of a package version (https://github.com/go-gitea/gitea/pull/20927)
+  * Show language name on hover (https://github.com/go-gitea/gitea/pull/20923)
+  * Show instructions for all generic package files (https://github.com/go-gitea/gitea/pull/20917)
+  * Refactor AssertExistsAndLoadBean to use generics (https://github.com/go-gitea/gitea/pull/20797)
+  * Move the official website link at the footer of gitea (https://github.com/go-gitea/gitea/pull/20777)
+  * Add support for full name in reverse proxy auth (https://github.com/go-gitea/gitea/pull/20776)
+  * Remove useless JS operation for relative time tooltips (https://github.com/go-gitea/gitea/pull/20756)
+  * Replace some icons with SVG (https://github.com/go-gitea/gitea/pull/20741)
+  * Change commit status icons to SVG (https://github.com/go-gitea/gitea/pull/20736)
+  * Improve single repo action for issue and pull requests (https://github.com/go-gitea/gitea/pull/20730)
+  * Allow multiple files in generic packages (https://github.com/go-gitea/gitea/pull/20661)
+  * Add option to create new issue from /issues page (https://github.com/go-gitea/gitea/pull/20650)
+  * Background color of private list-items updated (https://github.com/go-gitea/gitea/pull/20630)
+  * Added search input field to issue filter (https://github.com/go-gitea/gitea/pull/20623)
+  * Increase default item listing size `ISSUE_PAGING_NUM` to 20 (https://github.com/go-gitea/gitea/pull/20547)
+  * Modify milestone search keywords to be case insensitive again (https://github.com/go-gitea/gitea/pull/20513)
+  * Show hint to link package to repo when viewing empty repo package list (https://github.com/go-gitea/gitea/pull/20504)
+  * Add Tar ZSTD support (https://github.com/go-gitea/gitea/pull/20493)
+  * Make code review checkboxes clickable (https://github.com/go-gitea/gitea/pull/20481)
+  * Add "X-Gitea-Object-Type" header for GET `/raw/` & `/media/` API (https://github.com/go-gitea/gitea/pull/20438)
+  * Display project in issue list (https://github.com/go-gitea/gitea/pull/20434)
+  * Prepend commit message to template content when opening a new PR (https://github.com/go-gitea/gitea/pull/20429)
+  * Replace fomantic popup module with tippy.js (https://github.com/go-gitea/gitea/pull/20428)
+  * Allow to specify colors for text in markup (https://github.com/go-gitea/gitea/pull/20363)
+  * Allow access to the Public Organization Member lists with minimal permissions (https://github.com/go-gitea/gitea/pull/20330)
+  * Use default values when provided values are empty (https://github.com/go-gitea/gitea/pull/20318)
+  * Vertical align navbar avatar at middle (https://github.com/go-gitea/gitea/pull/20302)
+  * Delete cancel button in repo creation page (https://github.com/go-gitea/gitea/pull/21381)
+  * Include login_name in adminCreateUser response (https://github.com/go-gitea/gitea/pull/20283)
+  * fix: icon margin in user/settings/repos (https://github.com/go-gitea/gitea/pull/20281)
+  * Remove blue text on migrate page (https://github.com/go-gitea/gitea/pull/20273)
+  * Modify milestone search keywords to be case insensitive (https://github.com/go-gitea/gitea/pull/20266)
+  * Move some files into models' sub packages (https://github.com/go-gitea/gitea/pull/20262)
+  * Add tooltip to repo icons in explore page (https://github.com/go-gitea/gitea/pull/20241)
+  * Remove deprecated licenses (https://github.com/go-gitea/gitea/pull/20222)
+  * Webhook for Wiki changes (https://github.com/go-gitea/gitea/pull/20219)
+  * Share HTML template renderers and create a watcher framework (https://github.com/go-gitea/gitea/pull/20218)
+  * Allow enable LDAP source and disable user sync via CLI (https://github.com/go-gitea/gitea/pull/20206)
+  * Adds a checkbox to select all issues/PRs (https://github.com/go-gitea/gitea/pull/20177)
+  * Refactor `i18n` to `locale` (https://github.com/go-gitea/gitea/pull/20153)
+  * Disable status checks in template if none found (https://github.com/go-gitea/gitea/pull/20088)
+  * Allow manager logging to set SQL (https://github.com/go-gitea/gitea/pull/20064)
+  * Add order by for assignee no sort issue (https://github.com/go-gitea/gitea/pull/20053)
+  * Take a stab at porting existing components to Vue3 (https://github.com/go-gitea/gitea/pull/20044)
+  * Add doctor command to write commit-graphs (https://github.com/go-gitea/gitea/pull/20007)
+  * Add support for authentication based on reverse proxy email (https://github.com/go-gitea/gitea/pull/19949)
+  * Enable spellcheck for EasyMDE, use contenteditable mode (https://github.com/go-gitea/gitea/pull/19776)
+  * Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (https://github.com/go-gitea/gitea/pull/19663)
+  * Rework mailer settings (https://github.com/go-gitea/gitea/pull/18982)
+  * Add option to purge users (https://github.com/go-gitea/gitea/pull/18064)
+  * Add author search input (https://github.com/go-gitea/gitea/pull/21246)
+  * Make rss/atom identifier globally unique (https://github.com/go-gitea/gitea/pull/21550)
+* BUGFIXES
+  * Auth interface return error when verify failure (https://github.com/go-gitea/gitea/pull/22119) (https://github.com/go-gitea/gitea/pull/22259)
+  * Use complete SHA to create and query commit status (https://github.com/go-gitea/gitea/pull/22244) (https://github.com/go-gitea/gitea/pull/22257)
+  * Update bleve and zapx to fix unaligned atomic (https://github.com/go-gitea/gitea/pull/22031) (https://github.com/go-gitea/gitea/pull/22218)
+  * Prevent panic in doctor command when running default checks (https://github.com/go-gitea/gitea/pull/21791) (https://github.com/go-gitea/gitea/pull/21807)
+  * Load GitRepo in API before deleting issue (https://github.com/go-gitea/gitea/pull/21720) (https://github.com/go-gitea/gitea/pull/21796)
+  * Ignore line anchor links with leading zeroes (https://github.com/go-gitea/gitea/pull/21728) (https://github.com/go-gitea/gitea/pull/21776)
+  * Set last login when activating account (https://github.com/go-gitea/gitea/pull/21731) (https://github.com/go-gitea/gitea/pull/21755)
+  * Fix UI language switching bug (https://github.com/go-gitea/gitea/pull/21597) (https://github.com/go-gitea/gitea/pull/21749)
+  * Quick fixes monaco-editor error: "vs.editor.nullLanguage" (https://github.com/go-gitea/gitea/pull/21734) (https://github.com/go-gitea/gitea/pull/21738)
+  * Allow local package identifiers for PyPI packages (https://github.com/go-gitea/gitea/pull/21690) (https://github.com/go-gitea/gitea/pull/21727)
+  * Deal with markdown template without metadata (https://github.com/go-gitea/gitea/pull/21639) (https://github.com/go-gitea/gitea/pull/21654)
+  * Fix opaque background on mermaid diagrams (https://github.com/go-gitea/gitea/pull/21642) (https://github.com/go-gitea/gitea/pull/21652)
+  * Fix repository adoption on Windows (https://github.com/go-gitea/gitea/pull/21646) (https://github.com/go-gitea/gitea/pull/21650)
+  * Sync git hooks when config file path changed (https://github.com/go-gitea/gitea/pull/21619) (https://github.com/go-gitea/gitea/pull/21626)
+  * Fix 500 on PR files API (https://github.com/go-gitea/gitea/pull/21602) (https://github.com/go-gitea/gitea/pull/21607)
+  * Fix `Timestamp.IsZero` (https://github.com/go-gitea/gitea/pull/21593) (https://github.com/go-gitea/gitea/pull/21603)
+  * Fix viewing user subscriptions (https://github.com/go-gitea/gitea/pull/21482)
+  * Fix mermaid-related bugs (https://github.com/go-gitea/gitea/pull/21431)
+  * Fix branch dropdown shifting on page load (https://github.com/go-gitea/gitea/pull/21428)
+  * Fix default theme-auto selector when nologin (https://github.com/go-gitea/gitea/pull/21346)
+  * Fix and improve incorrect error messages (https://github.com/go-gitea/gitea/pull/21342)
+  * Fix formatted link for PR review notifications to matrix (https://github.com/go-gitea/gitea/pull/21319)
+  * Center-aligning content of WebAuthN page (https://github.com/go-gitea/gitea/pull/21127)
+  * Remove follow from commits by file (https://github.com/go-gitea/gitea/pull/20765)
+  * Fix commit status popup (https://github.com/go-gitea/gitea/pull/20737)
+  * Fix init mail render logic (https://github.com/go-gitea/gitea/pull/20704)
+  * Use correct page size for link header pagination (https://github.com/go-gitea/gitea/pull/20546)
+  * Preserve unix socket file (https://github.com/go-gitea/gitea/pull/20499)
+  * Use tippy.js for context popup (https://github.com/go-gitea/gitea/pull/20393)
+  * Add missing parameter for error in log message (https://github.com/go-gitea/gitea/pull/20144)
+  * Do not allow organisation owners add themselves as collaborator (https://github.com/go-gitea/gitea/pull/20043)
+  * Rework file highlight rendering and fix yaml copy-paste (https://github.com/go-gitea/gitea/pull/19967)
+  * Improve code diff highlight, fix incorrect rendered diff result (https://github.com/go-gitea/gitea/pull/19958)
+* TESTING
+  * Improve OAuth integration tests (https://github.com/go-gitea/gitea/pull/21390)
+  * Add playwright tests (https://github.com/go-gitea/gitea/pull/20123)
+* BUILD
+  * Switch to building with go1.19 (https://github.com/go-gitea/gitea/pull/20695)
+  * Update JS dependencies, adjust eslint (https://github.com/go-gitea/gitea/pull/20659)
+  * Add more linters to improve code readability (https://github.com/go-gitea/gitea/pull/19989)
+
+## 1.18.0-0
+
+This release was replaced by 1.18.0-1 a few hours after being published because the release process [was interrupted](https://codeberg.org/forgejo/forgejo/issues/180).
+
+## 1.18.0-rc1-2
+
+This is the first Forgejo release candidate.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,83 +0,0 @@
-# Reporting security issues
-
-The Gitea maintainers take security seriously.
-
-If you discover a security issue, please bring it to their attention right away!
-
-## Reporting a Vulnerability
-
-Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
-
-## Protecting Security Information
-
-Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
-
-The PGP key is valid until June 24, 2024.
-
-```
-Key ID: 6FCD2D5B
-Key Type: RSA
-Expires: 6/24/2024
-Key Size: 4096/4096
-Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B
-```
-
-UserID: Gitea Security <security@gitea.io>
-
-```
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8
-4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r
-OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w
-k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7
-kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV
-rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR
-3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z
-q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X
-CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F
-lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e
-AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB
-tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE
-PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
-CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94
-njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI
-4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A
-bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa
-ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE
-i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb
-Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo
-srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb
-a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR
-JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5
-kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX
-AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen
-T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN
-GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46
-XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E
-ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX
-03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP
-RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw
-qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T
-s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/
-axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt
-D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x
-Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC
-YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA
-Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN
-D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B
-O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva
-6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U
-GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+
-7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg
-q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik
-ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP
-GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/
-i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G
-zgS/ZdziCvdAutqnGA==
-=gZWO
-----END PGP PUBLIC KEY BLOCK-----
-
-```
-
-Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/assets/favicon.svg
+++ b/assets/favicon.svg
@ -1,31 +1,27 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
-	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
-<g>
-	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
-		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
-		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
-	<g>
-		<g>
-			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
-				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
-				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
-				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
-				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
-				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
-				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
-				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
-				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
-				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
-			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
-				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
-				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
-				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
-				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
-				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
-				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
-				C343.2,346.5,335,363.3,326.8,380.1z"/>
-		</g>
-	</g>
-</g>
+<svg viewBox="0 0 212 212" xmlns="http://www.w3.org/2000/svg">
+  <style type="text/css">
+    circle {
+      fill: none;
+      stroke: #000;
+      stroke-width: 15;
+    }
+    path {
+      fill: none;
+      stroke: #000;
+      stroke-width: 25;
+    }
+    .orange {
+      stroke:#ff6600;
+    }
+    .red {
+      stroke:#d40000;
+    }
+  </style>
+  <g transform="translate(6,6)">
+    <path d="M58 168 v-98 a50 50 0 0 1 50-50 h20" class="orange" />
+    <path d="M58 168 v-30 a50 50 0 0 1 50-50 h20" class="red" />
+    <circle cx="142" cy="20" r="18" class="orange" />
+    <circle cx="142" cy="88" r="18" class="red" />
+    <circle cx="58" cy="180" r="18" class="red" />
+  </g>
 </svg>
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/assets/logo.svg
+++ b/assets/logo.svg
@ -1,31 +1,27 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
-	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
-<g>
-	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
-		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
-		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
-	<g>
-		<g>
-			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
-				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
-				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
-				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
-				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
-				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
-				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
-				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
-				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
-				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
-			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
-				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
-				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
-				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
-				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
-				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
-				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
-				C343.2,346.5,335,363.3,326.8,380.1z"/>
-		</g>
-	</g>
-</g>
+<svg viewBox="0 0 212 212" xmlns="http://www.w3.org/2000/svg">
+  <style type="text/css">
+    circle {
+      fill: none;
+      stroke: #000;
+      stroke-width: 15;
+    }
+    path {
+      fill: none;
+      stroke: #000;
+      stroke-width: 25;
+    }
+    .orange {
+      stroke:#ff6600;
+    }
+    .red {
+      stroke:#d40000;
+    }
+  </style>
+  <g transform="translate(6,6)">
+    <path d="M58 168 v-98 a50 50 0 0 1 50-50 h20" class="orange" />
+    <path d="M58 168 v-30 a50 50 0 0 1 50-50 h20" class="red" />
+    <circle cx="142" cy="20" r="18" class="orange" />
+    <circle cx="142" cy="88" r="18" class="red" />
+    <circle cx="58" cy="180" r="18" class="red" />
+  </g>
 </svg>
--- a/build.go
+++ b/build.go
@ -1,7 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

-
 //go:build vendor

 package main
--- a/build/merge-forgejo-locales.go
+++ b/build/merge-forgejo-locales.go
@ -0,0 +1,97 @@
+// Copyright 2022 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import (
+	"bufio"
+	"os"
+	"regexp"
+	"strings"
+
+	"gopkg.in/ini.v1"
+)
+
+const (
+	trimPrefix   = "gitea_"
+	sourceFolder = "options/locales/"
+)
+
+// returns list of locales, still containing the file extension!
+func generate_locale_list() []string {
+	localeFiles, _ := os.ReadDir(sourceFolder)
+	locales := []string{}
+	for _, localeFile := range localeFiles {
+		if !localeFile.IsDir() && strings.HasPrefix(localeFile.Name(), trimPrefix) {
+			locales = append(locales, strings.TrimPrefix(localeFile.Name(), trimPrefix))
+		}
+	}
+	return locales
+}
+
+// replace all occurrences of Gitea with Forgejo
+func renameGiteaForgejo(filename string) []byte {
+	file, err := os.Open(filename)
+	if err != nil {
+		panic(err)
+	}
+
+	replacer := strings.NewReplacer(
+		"Gitea", "Forgejo",
+		"https://docs.gitea.io/en-us/install-from-binary/", "https://forgejo.org/download/#installation-from-binary",
+		"https://github.com/go-gitea/gitea/tree/master/docker", "https://forgejo.org/download/#container-image",
+		"https://docs.gitea.io/en-us/install-from-package/", "https://forgejo.org/download",
+		"https://code.gitea.io/gitea", "https://forgejo.org/download",
+		"code.gitea.io/gitea", "Forgejo",
+		`<a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a>`, `<a href="https://codeberg.org/forgejo/forgejo/issues" target="_blank">Codeberg</a>`,
+		"https://github.com/go-gitea/gitea", "https://codeberg.org/forgejo/forgejo",
+		"https://blog.gitea.io", "https://forgejo.org/news",
+	)
+
+	out := make([]byte, 0, 1024)
+	scanner := bufio.NewScanner(file)
+	scanner.Split(bufio.ScanLines)
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		if strings.HasPrefix(line, "license_desc=") {
+			line = strings.Replace(line, "GitHub", "Forgejo", 1)
+		}
+
+		if strings.HasPrefix(line, "[") && strings.HasSuffix(line, "]") {
+			out = append(out, []byte("\n"+line+"\n")...)
+		} else if strings.HasPrefix(line, "settings.web_hook_name_gitea") {
+			out = append(out, []byte("\n"+line+"\n")...)
+			out = append(out, []byte("settings.web_hook_name_forgejo = Forgejo\n")...)
+		} else if strings.HasPrefix(line, "migrate.gitea.description") {
+			re := regexp.MustCompile(`(.*Gitea)`)
+			out = append(out, []byte(re.ReplaceAllString(line, "${1}/Forgejo")+"\n")...)
+		} else {
+			out = append(out, []byte(replacer.Replace(line)+"\n")...)
+		}
+	}
+	file.Close()
+	return out
+}
+
+func main() {
+	locales := generate_locale_list()
+	var err error
+	var localeFile *ini.File
+	for _, locale := range locales {
+		giteaLocale := sourceFolder + "gitea_" + locale
+		localeFile, err = ini.LoadSources(ini.LoadOptions{
+			IgnoreInlineComment: true,
+		}, giteaLocale, renameGiteaForgejo(giteaLocale))
+		if err != nil {
+			panic(err)
+		}
+		err = localeFile.SaveTo("options/locale/locale_" + locale)
+		if err != nil {
+			panic(err)
+		}
+	}
+}
--- a/cmd/actions.go
+++ b/cmd/actions.go
@ -0,0 +1,71 @@
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
+
+	"github.com/urfave/cli"
+)
+
+var (
+	// CmdActions represents the available actions sub-commands.
+	CmdActions = cli.Command{
+		Name:        "actions",
+		Usage:       "",
+		Description: "Commands for managing Gitea Actions",
+		Subcommands: []cli.Command{
+			subcmdActionsGenRunnerToken,
+		},
+	}
+
+	subcmdActionsGenRunnerToken = cli.Command{
+		Name:    "generate-runner-token",
+		Usage:   "Generate a new token for a runner to use to register with the server",
+		Action:  runGenerateActionsRunnerToken,
+		Aliases: []string{"grt"},
+		Flags:   []cli.Flag{},
+	}
+)
+
+func maybeInitDB(stdCtx context.Context) error {
+	if setting.Database.Type == "" {
+		if err := initDB(stdCtx); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func runGenerateActionsRunnerToken(ctx *cli.Context) error {
+	stdCtx := context.Background()
+
+	if err := maybeInitDB(stdCtx); err != nil {
+		log.Fatalf("maybeInitDB %v", err)
+	}
+
+	// ownid=0,repo_id=0,means this token is used for global
+	return runActionsRegistrationToken(stdCtx, 0, 0)
+}
+
+func runActionsRegistrationToken(stdCtx context.Context, ownerID, repoID int64) error {
+	var token *actions_model.ActionRunnerToken
+	token, err := actions_model.GetUnactivatedRunnerToken(stdCtx, ownerID, repoID)
+	if errors.Is(err, util.ErrNotExist) {
+		token, err = actions_model.NewRunnerToken(stdCtx, ownerID, repoID)
+		if err != nil {
+			log.Fatalf("CreateRunnerToken %v", err)
+		}
+	} else if err != nil {
+		log.Fatalf("GetUnactivatedRunnerToken %v", err)
+	}
+	fmt.Print(token.Token)
+	return nil
+}
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -7,6 +7,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"net/url"
 	"os"
 	"strings"
 	"text/tabwriter"
@ -469,11 +470,19 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}

+	config := parseOAuth2Config(c)
+	if config.Provider == "openidConnect" {
+		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
+		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
+			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)
+		}
+	}
+
 	return auth_model.CreateSource(&auth_model.Source{
 		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
-		Cfg:      parseOAuth2Config(c),
+		Cfg:      config,
 	})
 }

--- a/cmd/convert.go
+++ b/cmd/convert.go
@ -17,7 +17,7 @@ import (
 var CmdConvert = cli.Command{
 	Name:        "convert",
 	Usage:       "Convert the database",
-	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4 or MSSQL database from varchar to nvarchar",
 	Action:      runConvert,
 }

@ -35,17 +35,22 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("Log path: %s", setting.Log.RootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

-	if !setting.Database.UseMySQL {
-		fmt.Println("This command can only be used with a MySQL database")
-		return nil
+	switch {
+	case setting.Database.Type.IsMySQL():
+		if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
+			log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
+			return err
+		}
+		fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
+	case setting.Database.Type.IsMSSQL():
+		if err := db.ConvertVarcharToNVarchar(); err != nil {
+			log.Fatal("Failed to convert database from varchar to nvarchar: %v", err)
+			return err
+		}
+		fmt.Println("Converted successfully, please confirm your database's all columns character is NVARCHAR now")
+	default:
+		fmt.Println("This command can only be used with a MySQL or MSSQL database")
 	}

-	if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
-		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
-		return err
-	}
-
-	fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
-
 	return nil
 }
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -98,14 +98,14 @@ var outputTypeEnum = &outputType{
 // CmdDump represents the available dump sub-command.
 var CmdDump = cli.Command{
 	Name:  "dump",
-	Usage: "Dump Gitea files and database",
+	Usage: "Dump Forgejo files and database",
 	Description: `Dump compresses all related files and database into zip file.
-It can be used for backup and capture Gitea server image to send to maintainer`,
+It can be used for backup and capture Forgejo server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "file, f",
-			Value: fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
+			Value: fmt.Sprintf("forgejo-dump-%d.zip", time.Now().Unix()),
 			Usage: "Name of the dump file which will be created. Supply '-' for stdout. See type for available types.",
 		},
 		cli.BoolFlag{
@ -194,7 +194,7 @@ func runDump(ctx *cli.Context) error {
 	}
 	if !setting.InstallLock {
 		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
-		return fmt.Errorf("gitea is not initialized")
+		return fmt.Errorf("forgejo is not initialized")
 	}
 	setting.LoadSettings() // cannot access session settings otherwise

@ -250,6 +250,8 @@ func runDump(ctx *cli.Context) error {

 		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
 			log.Info("Skip dumping LFS data")
+		} else if !setting.LFS.StartServer {
+			log.Info("LFS isn't enabled. Skip dumping LFS data")
 		} else if err := storage.LFS.IterateObjects(func(objPath string, object storage.Object) error {
 			info, err := object.Stat()
 			if err != nil {
@ -267,18 +269,19 @@ func runDump(ctx *cli.Context) error {
 		fatal("Path does not exist: %s", tmpDir)
 	}

-	dbDump, err := os.CreateTemp(tmpDir, "gitea-db.sql")
+	dbDump, err := os.CreateTemp(tmpDir, "forgejo-db.sql")
 	if err != nil {
 		fatal("Failed to create tmp file: %v", err)
 	}
 	defer func() {
+		_ = dbDump.Close()
 		if err := util.Remove(dbDump.Name()); err != nil {
 			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
 		}
 	}()

 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
+	if len(targetDBType) > 0 && targetDBType != setting.Database.Type.String() {
 		log.Info("Dumping database %s => %s...", setting.Database.Type, targetDBType)
 	} else {
 		log.Info("Dumping database...")
@ -288,8 +291,8 @@ func runDump(ctx *cli.Context) error {
 		fatal("Failed to dump database: %v", err)
 	}

-	if err := addFile(w, "gitea-db.sql", dbDump.Name(), verbose); err != nil {
-		fatal("Failed to include gitea-db.sql: %v", err)
+	if err := addFile(w, "forgejo-db.sql", dbDump.Name(), verbose); err != nil {
+		fatal("Failed to include forgejo-db.sql: %v", err)
 	}

 	if len(setting.CustomConf) > 0 {
@ -363,6 +366,8 @@ func runDump(ctx *cli.Context) error {

 	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
 		log.Info("Skip dumping package data")
+	} else if !setting.Packages.Enabled {
+		log.Info("Packages isn't enabled. Skip dumping package data")
 	} else if err := storage.Packages.IterateObjects(func(objPath string, object storage.Object) error {
 		info, err := object.Stat()
 		if err != nil {
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@ -72,12 +72,21 @@ var CmdMigrateStorage = cli.Command{
 		cli.StringFlag{
 			Name:  "minio-base-path",
 			Value: "",
-			Usage: "Minio storage basepath on the bucket",
+			Usage: "Minio storage base path on the bucket",
 		},
 		cli.BoolFlag{
 			Name:  "minio-use-ssl",
 			Usage: "Enable SSL for minio",
 		},
+		cli.BoolFlag{
+			Name:  "minio-insecure-skip-verify",
+			Usage: "Skip SSL verification",
+		},
+		cli.StringFlag{
+			Name:  "minio-checksum-algorithm",
+			Value: "",
+			Usage: "Minio checksum algorithm (default/md5)",
+		},
 	},
 }

@ -168,13 +177,15 @@ func runMigrateStorage(ctx *cli.Context) error {
 		dstStorage, err = storage.NewMinioStorage(
 			stdCtx,
 			storage.MinioStorageConfig{
-				Endpoint:        ctx.String("minio-endpoint"),
-				AccessKeyID:     ctx.String("minio-access-key-id"),
-				SecretAccessKey: ctx.String("minio-secret-access-key"),
-				Bucket:          ctx.String("minio-bucket"),
-				Location:        ctx.String("minio-location"),
-				BasePath:        ctx.String("minio-base-path"),
-				UseSSL:          ctx.Bool("minio-use-ssl"),
+				Endpoint:           ctx.String("minio-endpoint"),
+				AccessKeyID:        ctx.String("minio-access-key-id"),
+				SecretAccessKey:    ctx.String("minio-secret-access-key"),
+				Bucket:             ctx.String("minio-bucket"),
+				Location:           ctx.String("minio-location"),
+				BasePath:           ctx.String("minio-base-path"),
+				UseSSL:             ctx.Bool("minio-use-ssl"),
+				InsecureSkipVerify: ctx.Bool("minio-insecure-skip-verify"),
+				ChecksumAlgorithm:  ctx.String("minio-checksum-algorithm"),
 			})
 	default:
 		return fmt.Errorf("unsupported storage type: %s", ctx.String("storage"))
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -11,6 +11,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
@ -149,13 +150,13 @@ func runServ(c *cli.Context) error {
 		}
 		switch key.Type {
 		case asymkey_model.KeyTypeDeploy:
-			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
+			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Forgejo does not provide shell access.")
 		case asymkey_model.KeyTypePrincipal:
-			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
+			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Forgejo does not provide shell access.")
 		default:
-			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
+			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Forgejo does not provide shell access.")
 		}
-		println("If this is unexpected, please log in with password and setup Gitea under another user.")
+		println("If this is unexpected, please log in with password and setup Forgejo under another user.")
 		return nil
 	} else if c.Bool("debug") {
 		log.Debug("SSH_ORIGINAL_COMMAND: %s", os.Getenv("SSH_ORIGINAL_COMMAND"))
@ -290,17 +291,21 @@ func runServ(c *cli.Context) error {
 		return nil
 	}

-	// Special handle for Windows.
-	if setting.IsWindows {
-		verb = strings.Replace(verb, "-", " ", 1)
-	}
-
 	var gitcmd *exec.Cmd
-	verbs := strings.Split(verb, " ")
-	if len(verbs) == 2 {
-		gitcmd = exec.CommandContext(ctx, verbs[0], verbs[1], repoPath)
-	} else {
-		gitcmd = exec.CommandContext(ctx, verb, repoPath)
+	gitBinPath := filepath.Dir(git.GitExecutable) // e.g. /usr/bin
+	gitBinVerb := filepath.Join(gitBinPath, verb) // e.g. /usr/bin/git-upload-pack
+	if _, err := os.Stat(gitBinVerb); err != nil {
+		// if the command "git-upload-pack" doesn't exist, try to split "git-upload-pack" to use the sub-command with git
+		// ps: Windows only has "git.exe" in the bin path, so Windows always uses this way
+		verbFields := strings.SplitN(verb, "-", 2)
+		if len(verbFields) == 2 {
+			// use git binary with the sub-command part: "C:\...\bin\git.exe", "upload-pack", ...
+			gitcmd = exec.CommandContext(ctx, git.GitExecutable, verbFields[1], repoPath)
+		}
+	}
+	if gitcmd == nil {
+		// by default, use the verb (it has been checked above by allowedCommands)
+		gitcmd = exec.CommandContext(ctx, gitBinVerb, repoPath)
 	}

 	process.SetSysProcAttribute(gitcmd)
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@ -1,3 +1,4 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

@ -18,17 +19,17 @@ import (
 )

 // EnvironmentPrefix environment variables prefixed with this represent ini values to write
-const EnvironmentPrefix = "GITEA"
+const prefixRegexpString = "^(FORGEJO|GITEA)"

 func main() {
 	app := cli.NewApp()
 	app.Name = "environment-to-ini"
 	app.Usage = "Use provided environment to update configuration ini"
-	app.Description = `As a helper to allow docker users to update the gitea configuration
+	app.Description = `As a helper to allow docker users to update the forgejo configuration
 	through the environment, this command allows environment variables to
 	be mapped to values in the ini.

-	Environment variables of the form "GITEA__SECTION_NAME__KEY_NAME"
+	Environment variables of the form "FORGEJO__SECTION_NAME__KEY_NAME"
 	will be mapped to the ini section "[section_name]" and the key
 	"KEY_NAME" with the value as provided.

@ -46,9 +47,8 @@ func main() {
 		...
 		"""

-	You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=false"
-	and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
-	on the configuration cheat sheet.`
+	You would set the environment variables: "FORGEJO__LOG_0x2E_CONSOLE__COLORIZE=false"
+	and "FORGEJO__LOG_0x2E_CONSOLE__STDERR=false".`
 	app.Flags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "custom-path, C",
@ -76,7 +76,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name:  "prefix, p",
-			Value: EnvironmentPrefix,
+			Value: prefixRegexpString,
 			Usage: "Environment prefix to look for - will be suffixed by __ (2 underscores)",
 		},
 	}
@ -89,6 +89,19 @@ func main() {
 	}
 }

+func splitEnvironmentVariable(prefixRegexp *regexp.Regexp, kv string) (string, string) {
+	idx := strings.IndexByte(kv, '=')
+	if idx < 0 {
+		return "", ""
+	}
+	k := kv[:idx]
+	loc := prefixRegexp.FindStringIndex(k)
+	if loc == nil {
+		return "", ""
+	}
+	return k[loc[1]:], kv[idx+1:]
+}
+
 func runEnvironmentToIni(c *cli.Context) error {
 	providedCustom := c.String("custom-path")
 	providedConf := c.String("config")
@ -111,19 +124,13 @@ func runEnvironmentToIni(c *cli.Context) error {

 	changed := false

-	prefix := c.String("prefix") + "__"
+	prefixRegexp := regexp.MustCompile(c.String("prefix") + "__")

 	for _, kv := range os.Environ() {
-		idx := strings.IndexByte(kv, '=')
-		if idx < 0 {
+		eKey, value := splitEnvironmentVariable(prefixRegexp, kv)
+		if eKey == "" {
 			continue
 		}
-		eKey := kv[:idx]
-		value := kv[idx+1:]
-		if !strings.HasPrefix(eKey, prefix) {
-			continue
-		}
-		eKey = eKey[len(prefix):]
 		sectionName, keyName := DecodeSectionKey(eKey)
 		if len(keyName) == 0 {
 			continue
@ -163,14 +170,11 @@ func runEnvironmentToIni(c *cli.Context) error {
 	}
 	if c.Bool("clear") {
 		for _, kv := range os.Environ() {
-			idx := strings.IndexByte(kv, '=')
-			if idx < 0 {
+			eKey, _ := splitEnvironmentVariable(prefixRegexp, kv)
+			if eKey == "" {
 				continue
 			}
-			eKey := kv[:idx]
-			if strings.HasPrefix(eKey, prefix) {
-				_ = os.Unsetenv(eKey)
-			}
+			_ = os.Unsetenv(eKey)
 		}
 	}
 	return nil
--- a/contrib/environment-to-ini/environment-to-ini_test.go
+++ b/contrib/environment-to-ini/environment-to-ini_test.go
@ -0,0 +1,21 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package main
+
+import (
+	"regexp"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_splitEnvironmentVariable(t *testing.T) {
+	prefixRegexp := regexp.MustCompile(prefixRegexpString + "__")
+	k, v := splitEnvironmentVariable(prefixRegexp, "FORGEJO__KEY=VALUE")
+	assert.Equal(t, k, "KEY")
+	assert.Equal(t, v, "VALUE")
+	k, v = splitEnvironmentVariable(prefixRegexp, "nothing=interesting")
+	assert.Equal(t, k, "")
+	assert.Equal(t, v, "")
+}
--- a/contrib/systemd/forgejo.service
+++ b/contrib/systemd/forgejo.service
@ -1,5 +1,5 @@
 [Unit]
-Description=Gitea (Git with a cup of tea)
+Description=Forgejo (Beyond coding. We forge.)
 After=syslog.target
 After=network.target
 ###
@ -25,21 +25,21 @@ After=network.target
 # If using socket activation for main http/s
 ###
 #
-#After=gitea.main.socket
-#Requires=gitea.main.socket
+#After=forgejo.main.socket
+#Requires=forgejo.main.socket
 #
 ###
-# (You can also provide gitea an http fallback and/or ssh socket too)
+# (You can also provide forgejo an http fallback and/or ssh socket too)
 #
-# An example of /etc/systemd/system/gitea.main.socket
+# An example of /etc/systemd/system/forgejo.main.socket
 ###
 ##
 ## [Unit]
-## Description=Gitea Web Socket
-## PartOf=gitea.service
+## Description=Forgejo Web Socket
+## PartOf=forgejo.service
 ##
 ## [Socket]
-## Service=gitea.service
+## Service=forgejo.service
 ## ListenStream=<some_port>
 ## NoDelay=true
 ##
@ -55,28 +55,28 @@ RestartSec=2s
 Type=simple
 User=git
 Group=git
-WorkingDirectory=/var/lib/gitea/
-# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
-# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
-#RuntimeDirectory=gitea
-ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
+WorkingDirectory=/var/lib/forgejo/
+# If using Unix socket: tells systemd to create the /run/forgejo folder, which will contain the forgejo.sock file
+# (manually creating /run/forgejo doesn't work, because it would not persist across reboots)
+#RuntimeDirectory=forgejo
+ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
 Restart=always
-Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/forgejo
 # If you install Git to directory prefix other than default PATH (which happens
 # for example if you install other versions of Git side-to-side with
 # distribution version), uncomment below line and add that prefix to PATH
 # Don't forget to place git-lfs binary on the PATH below if you want to enable
 # Git LFS support
 #Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
-# If you want to bind Gitea to a port below 1024, uncomment
-# the two values below, or use socket activation to pass Gitea its ports as above
+# If you want to bind Forgejo to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Forgejo its ports as above
 ###
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
 ###
 # In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
-# set the following value to false to allow capabilities to be applied on gitea process. The following
-# value if set to true sandboxes gitea service and prevent any processes from running with privileges
+# set the following value to false to allow capabilities to be applied on Forgejo process. The following
+# value if set to true sandboxes Forgejo service and prevent any processes from running with privileges
 # in the host user namespace.
 ###
 #PrivateUsers=false
--- a/contrib/upgrade.sh
+++ b/contrib/upgrade.sh
@ -1,33 +1,33 @@
 #!/usr/bin/env bash
-# This is an update script for gitea installed via the binary distribution
-# from dl.gitea.io on linux as systemd service. It performs a backup and updates
-# Gitea in place.
-# NOTE: This adds the GPG Signing Key of the Gitea maintainers to the keyring.
+# This is an update script for forgejo installed via the binary distribution
+# from codeberg.org/forgejo/forgejo on linux as systemd service. It 
+# performs a backup and updates Forgejo in place.
+# NOTE: This adds the GPG Signing Key of the Forgejo maintainers to the keyring.
 # Depends on: bash, curl, xz, sha256sum. optionally jq, gpg
 #   See section below for available environment vars.
 #   When no version is specified, updates to the latest release.
 # Examples:
 #   upgrade.sh 1.15.10
-#   giteahome=/opt/gitea giteaconf=$giteahome/app.ini upgrade.sh
+#   forgejohome=/opt/forgejo forgejoconf=$forgejohome/app.ini upgrade.sh

 # apply variables from environment
-: "${giteabin:="/usr/local/bin/gitea"}"
-: "${giteahome:="/var/lib/gitea"}"
-: "${giteaconf:="/etc/gitea/app.ini"}"
-: "${giteauser:="git"}"
+: "${forgejobin:="/usr/local/bin/forgejo"}"
+: "${forgejohome:="/var/lib/forgejo"}"
+: "${forgejoconf:="/etc/forgejo/app.ini"}"
+: "${forgejouser:="git"}"
 : "${sudocmd:="sudo"}"
 : "${arch:="linux-amd64"}"
-: "${service_start:="$sudocmd systemctl start gitea"}"
-: "${service_stop:="$sudocmd systemctl stop gitea"}"
-: "${service_status:="$sudocmd systemctl status gitea"}"
-: "${backupopts:=""}" # see `gitea dump --help` for available options
+: "${service_start:="$sudocmd systemctl start forgejo"}"
+: "${service_stop:="$sudocmd systemctl stop forgejo"}"
+: "${service_status:="$sudocmd systemctl status forgejo"}"
+: "${backupopts:=""}" # see `forgejo dump --help` for available options

-function giteacmd {
+function forgejocmd {
  if [[ $sudocmd = "su" ]]; then
    # `-c` only accept one string as argument.
-    "$sudocmd" - "$giteauser" -c "$(printf "%q " "$giteabin" "--config" "$giteaconf" "--work-path" "$giteahome" "$@")"
+    "$sudocmd" - "$forgejouser" -c "$(printf "%q " "$forgejobin" "--config" "$forgejoconf" "--work-path" "$forgejohome" "$@")"
  else
-    "$sudocmd" --user "$giteauser" "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@"
+    "$sudocmd" --user "$forgejouser" "$forgejobin" --config "$forgejoconf" --work-path "$forgejohome" "$@"
  fi
 }

@ -40,7 +40,7 @@ function require {
 # parse command line arguments
 while true; do
  case "$1" in
-    -v | --version ) giteaversion="$2"; shift 2 ;;
+    -v | --version ) forgejoversion="$2"; shift 2 ;;
    -y | --yes ) no_confirm="yes"; shift ;;
    --ignore-gpg) ignore_gpg="yes"; shift ;;
    "" | -- ) shift; break ;;
@ -56,9 +56,9 @@ if [[ -f /etc/os-release ]]; then

  if [[ "$os_release" =~ "OpenWrt" ]]; then
    sudocmd="su"
-    service_start="/etc/init.d/gitea start"
-    service_stop="/etc/init.d/gitea stop"
-    service_status="/etc/init.d/gitea status"
+    service_start="/etc/init.d/forgejo start"
+    service_stop="/etc/init.d/forgejo stop"
+    service_status="/etc/init.d/forgejo status"
  else
    require systemctl
  fi
@ -67,31 +67,31 @@ fi
 require curl xz sha256sum "$sudocmd"

 # select version to install
-if [[ -z "${giteaversion:-}" ]]; then
+if [[ -z "${forgejoversion:-}" ]]; then
  require jq
-  giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.io/gitea/version.json | jq -r .latest.version)
-  echo "Latest available version is $giteaversion"
+  forgejoversion=$(curl --connect-timeout 10 -sL 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?draft=false&pre-release=false&limit=1' -H 'accept: application/json' | jq -r '.[0].tag_name | sub("v"; "")')
+  echo "Latest available version is $forgejoversion"
 fi

 # confirm update
 echo "Checking currently installed version..."
-current=$(giteacmd --version | cut -d ' ' -f 3)
-[[ "$current" == "$giteaversion" ]] && echo "$current is already installed, stopping." && exit 1
+current=$(forgejocmd --version | cut -d ' ' -f 3)
+[[ "$current" == "$forgejoversion" ]] && echo "$current is already installed, stopping." && exit 1
 if [[ -z "${no_confirm:-}"  ]]; then
-  echo "Make sure to read the changelog first: https://github.com/go-gitea/gitea/blob/main/CHANGELOG.md"
-  echo "Are you ready to update Gitea from ${current} to ${giteaversion}? (y/N)"
+  echo "Make sure to read the changelog first: https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CHANGELOG.md"
+  echo "Are you ready to update forgejo from ${current} to ${forgejoversion}? (y/N)"
  read -r confirm
  [[ "$confirm" == "y" ]] || [[ "$confirm" == "Y" ]] || exit 1
 fi

-echo "Upgrading gitea from $current to $giteaversion ..."
+echo "Upgrading forgejo from $current to $forgejoversion ..."

 pushd "$(pwd)" &>/dev/null
-cd "$giteahome" # needed for gitea dump later
+cd "$forgejohome" # needed for forgejo dump later

 # download new binary
-binname="gitea-${giteaversion}-${arch}"
-binurl="https://dl.gitea.io/gitea/${giteaversion}/${binname}.xz"
+binname="forgejo-${forgejoversion}-${arch}"
+binurl="https://codeberg.org/forgejo/forgejo/releases/download/v${forgejoversion}/${binname}.xz"
 echo "Downloading $binurl..."
 curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.sha256,.asc}"

@ -99,28 +99,28 @@ curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.
 sha256sum -c "${binname}.xz.sha256"
 if [[ -z "${ignore_gpg:-}" ]]; then
  require gpg
-  gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
+  gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
  gpg --verify "${binname}.xz.asc" "${binname}.xz" || { echo 'Signature does not match'; exit 1; }
 fi
 rm "${binname}".xz.{sha256,asc}

 # unpack binary + make executable
 xz --decompress --force "${binname}.xz"
-chown "$giteauser" "$binname"
+chown "$forgejouser" "$binname"
 chmod +x "$binname"

-# stop gitea, create backup, replace binary, restart gitea
-echo "Flushing gitea queues at $(date)"
-giteacmd manager flush-queues
-echo "Stopping gitea at $(date)"
+# stop forgejo, create backup, replace binary, restart forgejo
+echo "Flushing forgejo queues at $(date)"
+forgejocmd manager flush-queues
+echo "Stopping forgejo at $(date)"
 $service_stop
-echo "Creating backup in $giteahome"
-giteacmd dump $backupopts
-echo "Updating binary at $giteabin"
-cp -f "$giteabin" "$giteabin.bak" && mv -f "$binname" "$giteabin"
+echo "Creating backup in $forgejohome"
+forgejocmd dump $backupopts
+echo "Updating binary at $forgejobin"
+cp -f "$forgejobin" "$forgejobin.bak" && mv -f "$binname" "$forgejobin"
 $service_start
 $service_status

-echo "Upgrade to $giteaversion successful!"
+echo "Upgrade to $forgejoversion successful!"

 popd
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -365,7 +365,7 @@ USER = root
 ;; SQLite Configuration
 ;;
 ;DB_TYPE = sqlite3
-;PATH= ; defaults to data/gitea.db
+;PATH= ; defaults to data/forgejo.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
 ;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
@ -476,8 +476,8 @@ INTERNAL_TOKEN=
 ;;Classes include "lower,upper,digit,spec"
 ;PASSWORD_COMPLEXITY = off
 ;;
-;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
-;PASSWORD_HASH_ALGO = pbkdf2
+;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
+;PASSWORD_HASH_ALGO = pbkdf2_hi
 ;;
 ;; Set false to allow JavaScript to read CSRF cookie
 ;CSRF_COOKIE_HTTP_ONLY = true
@ -931,10 +931,10 @@ ROUTER = console
 ;USE_COMPAT_SSH_URI = false
 ;;
 ;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions.
 ;DISABLED_REPO_UNITS =
 ;;
-;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages.
+;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions.
 ;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
 ;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
 ;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
@ -1191,10 +1191,9 @@ ROUTER = console
 ;; Number of line of codes shown for a code comment
 ;CODE_COMMENT_LINES = 4
 ;;
-;; Value of `theme-color` meta tag, used by Android >= 5.0
-;; An invalid color like "none" or "disable" will have the default style
-;; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
-;THEME_COLOR_META_TAG = `#6cc644`
+;; Value of `theme-color` meta tag, used by some mobile browers for chrome and
+;; out-of-viewport areas. Default is unset which uses body color.
+;THEME_COLOR_META_TAG =
 ;;
 ;; Max size of files to be displayed (default is 8MiB)
 ;MAX_DISPLAY_FILE_SIZE = 8388608
@ -1226,6 +1225,10 @@ ROUTER = console
 ;;
 ;; Whether to enable a Service Worker to cache frontend assets
 ;USE_SERVICE_WORKER = false
+;;
+;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
+;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
+;ONLY_SHOW_RELEVANT_REPOS = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1832,7 +1835,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@ -1871,6 +1874,12 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
+;;
+;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+;MINIO_INSECURE_SKIP_VERIFY = false
+;;
+;; Minio checksum algorithm: default (for MinIO or AWS S3) or md5 (for Cloudflare or Backblaze)
+;MINIO_CHECKSUM_ALGORITHM = default

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2203,6 +2212,7 @@ ROUTER = console
 ;ENABLE_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
 ;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
+;DOMAIN_ENDPOINT = release.forgejo.org

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2253,6 +2263,17 @@ ROUTER = console
 ;PULL = 300
 ;GC = 60

+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Git Reflog timeout in days
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[git.reflog]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = true
+;EXPIRATION = 90
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[mirror]
@ -2552,6 +2573,9 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
+;;
+;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+;MINIO_INSECURE_SKIP_VERIFY = false

 ;[proxy]
 ;; Enable the proxy, all requests to external via HTTP will be affected
@ -2564,8 +2588,8 @@ ROUTER = console
 ; [actions]
 ;; Enable/Disable actions capabilities
 ;ENABLED = false
-;; Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3"
-;DEFAULT_ACTIONS_URL = https://gitea.com
+;; Default address to get action plugins, e.g. the default value means downloading from "https://codeberg.org/actions/checkout" for "uses: actions/checkout@v3"
+;DEFAULT_ACTIONS_URL = https://codeberg.org

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/docker/manifest.rootless.tmpl
+++ b/docker/manifest.rootless.tmpl
@ -1,21 +1,20 @@
-image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-rootless
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-rootless
 {{#if build.tags}}
-{{#unless contains "-rc" build.tag}}
+{{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}-rootless
 {{/each}}
-  - "latest-rootless"
 {{/unless}}
 {{/if}}
 manifests:
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64-rootless
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-amd64-rootless
    platform:
      architecture: amd64
      os: linux
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64-rootless
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-arm64-rootless
    platform:
      architecture: arm64
      os: linux
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@ -1,21 +1,20 @@
-image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}
 {{#if build.tags}}
-{{#unless contains "-rc" build.tag }}
+{{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
-  - "latest"
 {{/unless}}
 {{/if}}
 manifests:
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-amd64
    platform:
      architecture: amd64
      os: linux
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-arm64
    platform:
      architecture: arm64
      os: linux
--- a/docker/root/etc/s6/gitea/setup
+++ b/docker/root/etc/s6/gitea/setup
@ -24,7 +24,7 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
    fi

    # Substitute the environment variables in the template
-    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+    APP_NAME=${APP_NAME:-"Forgejo: Beyond coding. We forge."} \
    RUN_MODE=${RUN_MODE:-"prod"} \
    DOMAIN=${DOMAIN:-"localhost"} \
    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
--- a/docker/rootless/usr/local/bin/docker-setup.sh
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@ -26,7 +26,7 @@ if [ ! -f ${GITEA_APP_INI} ]; then
    fi

    # Substitute the environment variables in the template
-    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+    APP_NAME=${APP_NAME:-"Forgejo: Beyond coding. We forge."} \
    RUN_MODE=${RUN_MODE:-"prod"} \
    RUN_USER=${USER:-"git"} \
    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
--- a/docs/Makefile
+++ b/docs/Makefile
@ -1,8 +1,8 @@
 THEME := themes/gitea
 PUBLIC := public
-ARCHIVE := https://dl.gitea.io/theme/master.tar.gz
+ARCHIVE := https://dl.gitea.com/theme/main.tar.gz

-HUGO_PACKAGE := github.com/gohugoio/hugo@v0.82.0
+HUGO_PACKAGE := github.com/gohugoio/hugo@v0.111.3

 .PHONY: all
 all: build
--- a/docs/config.yaml
+++ b/docs/config.yaml
@ -26,6 +26,11 @@ params:
  repo: "https://github.com/go-gitea/gitea"
  docContentPath: "docs/content"

+markup:
+  tableOfContents:
+    startLevel: 1
+    endLevel: 9
+
 outputs:
  home:
    - HTML
--- a/docs/content/doc/administration.en-us.md
+++ b/docs/content/doc/administration.en-us.md
@ -0,0 +1,14 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "Administration"
+slug: "administration"
+weight: 30
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "Administration"
+    weight: 20
+    collapse: true
+    identifier: "administration"
+---
--- a/docs/content/doc/administration.fr-fr.md
+++ b/docs/content/doc/administration.fr-fr.md
@ -1,13 +1,13 @@
 ---
 date: "2017-08-23T09:00:00+02:00"
 title: "Avancé"
-slug: "advanced"
+slug: "administration"
 weight: 30
 toc: false
 draft: false
 menu:
  sidebar:
    name: "Avancé"
-    weight: 40
-    identifier: "advanced"
+    weight: 20
+    identifier: "administration"
 ---
--- a/docs/content/doc/administration.zh-cn.md
+++ b/docs/content/doc/administration.zh-cn.md
@ -0,0 +1,13 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "运维"
+slug: "administration"
+weight: 30
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "运维"
+    weight: 20
+    identifier: "administration"
+---
--- a/docs/content/doc/administration.zh-tw.md
+++ b/docs/content/doc/administration.zh-tw.md
@ -0,0 +1,13 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "運維"
+slug: "administration"
+weight: 30
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "運維"
+    weight: 20
+    identifier: "administration"
+---
--- a/docs/content/doc/administration/adding-legal-pages.en-us.md
+++ b/docs/content/doc/administration/adding-legal-pages.en-us.md
@ -2,15 +2,15 @@
 date: "2019-12-28"
 title: "Adding Legal Pages"
 slug: adding-legal-pages
-weight: 9
+weight: 110
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Adding Legal Pages"
    identifier: "adding-legal-pages"
-    weight: 9
+    weight: 110
 ---

 Some jurisdictions (such as EU), requires certain legal pages (e.g. Privacy Policy) to be added to website. Follow these steps to add them to your Gitea instance.
--- a/docs/content/doc/administration/adding-legal-pages.zh-cn.md
+++ b/docs/content/doc/administration/adding-legal-pages.zh-cn.md
@ -0,0 +1,40 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "添加法律页面"
+slug: adding-legal-pages
+weight: 110
+toc: false
+draft: false
+aliases:
+  - /zh-cn/adding-legal-pages
+menu:
+  sidebar:
+    parent: "administration"
+    name: "添加法律页面"
+    identifier: "adding-legal-pages"
+    weight: 110
+---
+
+一些法域（例如欧盟）要求在网站上添加特定的法律页面（例如隐私政策）。按照以下步骤将它们添加到你的 Gitea 实例中。
+
+## 获取页面
+
+Gitea 源代码附带了示例页面，位于 `contrib/legal` 目录中。将它们复制到 `custom/public/` 目录下。例如，如果要添加隐私政策：
+
+```
+wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
+```
+
+现在，你需要编辑该页面以满足你的需求。特别是，你必须更改电子邮件地址、网址以及与 "Your Gitea Instance" 相关的引用，以匹配你的情况。
+
+请务必不要放置会暗示 Gitea 项目对你的服务器负责的一般服务条款或隐私声明。
+
+## 使其可见
+
+创建或追加到 `/path/to/custom/templates/custom/extra_links_footer.tmpl` 文件中：
+
+```go
+<a class="item" href="{{AppSubUrl}}/assets/privacy.html">隐私政策</a>
+```
+
+重启 Gitea 以查看更改。
--- a/docs/content/doc/administration/backup-and-restore.en-us.md
+++ b/docs/content/doc/administration/backup-and-restore.en-us.md
@ -1,13 +1,13 @@
 ---
 date: "2017-01-01T16:00:00+02:00"
-title: "Usage: Backup and Restore"
+title: "Backup and Restore"
 slug: "backup-and-restore"
 weight: 11
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "Backup and Restore"
    weight: 11
    identifier: "backup-and-restore"
--- a/docs/content/doc/administration/backup-and-restore.zh-cn.md
+++ b/docs/content/doc/administration/backup-and-restore.zh-cn.md
@ -1,13 +1,13 @@
 ---
 date: "2018-06-06T09:33:00+08:00"
-title: "使用：备份与恢复"
+title: "备份与恢复"
 slug: "backup-and-restore"
 weight: 11
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "备份与恢复"
    weight: 11
    identifier: "backup-and-restore"
--- a/docs/content/doc/administration/backup-and-restore.zh-tw.md
+++ b/docs/content/doc/administration/backup-and-restore.zh-tw.md
@ -7,7 +7,7 @@ toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "備份與還原"
    weight: 11
    identifier: "backup-and-restore"
--- a/docs/content/doc/administration/cmd-embedded.en-us.md
+++ b/docs/content/doc/administration/cmd-embedded.en-us.md
@ -2,14 +2,14 @@
 date: "2020-01-25T21:00:00-03:00"
 title: "Embedded data extraction tool"
 slug: "cmd-embedded"
-weight: 40
+weight: 20
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Embedded data extraction tool"
-    weight: 40
+    weight: 20
    identifier: "cmd-embedded"
 ---

@ -21,7 +21,7 @@ menu:

 Gitea's executable contains all the resources required to run: templates, images, style-sheets
 and translations. Any of them can be overridden by placing a replacement in a matching path
-inside the `custom` directory (see [Customizing Gitea]({{< relref "doc/advanced/customizing-gitea.en-us.md" >}})).
+inside the `custom` directory (see [Customizing Gitea]({{< relref "doc/administration/customizing-gitea.en-us.md" >}})).

 To obtain a copy of the embedded resources ready for editing, the `embedded` command from the CLI
 can be used from the OS shell interface.
@ -85,7 +85,7 @@ The default is the current directory.
 The `--custom` flag tells Gitea to extract the files directly into the `custom` directory.
 For this to work, the command needs to know the location of the `app.ini` configuration
 file (`--config`) and, depending of the configuration, be ran from the directory where
-Gitea normally starts. See [Customizing Gitea]({{< relref "doc/advanced/customizing-gitea.en-us.md" >}}) for details.
+Gitea normally starts. See [Customizing Gitea]({{< relref "doc/administration/customizing-gitea.en-us.md" >}}) for details.

 The `--overwrite` flag allows any existing files in the destination directory to be overwritten.

--- a/docs/content/doc/administration/cmd-embedded.zh-cn.md
+++ b/docs/content/doc/administration/cmd-embedded.zh-cn.md
@ -0,0 +1,105 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "嵌入资源提取工具"
+slug: "cmd-embedded"
+weight: 20
+toc: false
+draft: false
+aliases:
+  - /zh-cn/cmd-embedded
+menu:
+  sidebar:
+    parent: "administration"
+    name: "嵌入资源提取工具"
+    weight: 20
+    identifier: "cmd-embedded"
+---
+
+# 嵌入资源提取工具
+
+**目录**
+
+{{< toc >}}
+
+Gitea 的可执行文件包含了运行所需的所有资源：模板、图片、样式表和翻译文件。你可以通过在 `custom` 目录下的相应路径中放置替换文件来覆盖其中的任何资源（详见 [自定义 Gitea 配置]({{< relref "doc/administration/customizing-gitea.zh-cn.md" >}})）。
+
+要获取嵌入资源的副本以进行编辑，可以使用 CLI 中的 `embedded` 命令，通过操作系统的 shell 执行。
+
+**注意：** 嵌入资源提取工具包含在 Gitea 1.12 及以上版本中。
+
+## 资源列表
+
+要列出嵌入在 Gitea 可执行文件中的资源，请使用以下语法：
+
+```sh
+gitea embedded list [--include-vendored] [patterns...]
+```
+
+`--include-vendored` 标志使命令包括被供应的文件，这些文件通常被排除在外；即来自外部库的文件，这些文件是 Gitea 所需的（例如 [octicons](https://octicons.github.com/) 等）。
+
+可以提供一系列文件搜索模式。Gitea 使用 [gobwas/glob](https://github.com/gobwas/glob) 作为其 glob 语法。以下是一些示例：
+
+- 列出所有模板文件，无论在哪个虚拟目录下：`**.tmpl`
+- 列出所有邮件模板文件：`templates/mail/**.tmpl`
+- 列出 `public/img` 目录下的所有文件：`public/img/**`
+
+不要忘记为模式使用引号，因为空格、`*` 和其他字符可能对命令行解释器有特殊含义。
+
+如果未提供模式，则列出所有文件。
+
+### 示例
+
+列出所有路径中包含 `openid` 的嵌入文件：
+
+```sh
+$ gitea embedded list '**openid**'
+public/img/auth/openid_connect.svg
+public/img/openid-16x16.png
+templates/user/auth/finalize_openid.tmpl
+templates/user/auth/signin_openid.tmpl
+templates/user/auth/signup_openid_connect.tmpl
+templates/user/auth/signup_openid_navbar.tmpl
+templates/user/auth/signup_openid_register.tmpl
+templates/user/settings/security_openid.tmpl
+```
+
+## 提取资源
+
+要提取嵌入在 Gitea 可执行文件中的资源，请使用以下语法：
+
+```sh
+gitea [--config {file}] embedded extract [--destination {dir}|--custom] [--overwrite|--rename] [--include-vendored] {patterns...}
+```
+
+`--config` 选项用于告知 Gitea `app.ini` 配置文件的位置（如果不在默认位置）。此选项仅在使用 `--custom` 标志时使用。
+
+`--destination` 选项用于指定提取文件的目标目录。默认为当前目录。
+
+`--custom` 标志告知 Gitea 直接将文件提取到 `custom` 目录中。为使其正常工作，该命令需要知道 `app.ini` 配置文件的位置（通过 `--config` 指定），并且根据配置的不同，需要从 Gitea 通常启动的目录运行。有关详细信息，请参阅 [自定义 Gitea 配置]({{< relref "doc/administration/customizing-gitea.zh-cn.md" >}})。
+
+`--overwrite` 标志允许覆盖目标目录中的任何现有文件。
+
+`--rename` 标志告知 Gitea 将目标目录中的任何现有文件重命名为 `filename.bak`。之前的 `.bak` 文件将被覆盖。
+
+至少需要提供一个文件搜索模式；有关模式的语法和示例，请参阅上述 `list` 子命令。
+
+### 重要提示
+
+请确保**只提取需要自定义的文件**。位于 `custom` 目录中的文件不会受到 Gitea 的升级过程的影响。当 Gitea 升级到新版本（通过替换可执行文件）时，许多嵌入文件将发生变化。Gitea 将尊重并使用在 `custom` 目录中找到的任何文件，即使这些文件是旧的和不兼容的。
+
+### 示例
+
+将邮件模板提取到临时目录：
+
+```sh
+$ mkdir tempdir
+$ gitea embedded extract --destination tempdir 'templates/mail/**.tmpl'
+Extracting to tempdir:
+tempdir/templates/mail/auth/activate.tmpl
+tempdir/templates/mail/auth/activate_email.tmpl
+tempdir/templates/mail/auth/register_notify.tmpl
+tempdir/templates/mail/auth/reset_passwd.tmpl
+tempdir/templates/mail/issue/assigned.tmpl
+tempdir/templates/mail/issue/default.tmpl
+tempdir/templates/mail/notify/collaborator.tmpl
+```
--- a/docs/content/doc/administration/command-line.en-us.md
+++ b/docs/content/doc/administration/command-line.en-us.md
@ -1,15 +1,15 @@
 ---
 date: "2017-01-01T16:00:00+02:00"
-title: "Usage: Command Line"
+title: "Command Line"
 slug: "command-line"
-weight: 10
+weight: 1
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "Command Line"
-    weight: 10
+    weight: 1
    identifier: "command-line"
 ---

--- a/docs/content/doc/administration/command-line.zh-cn.md
+++ b/docs/content/doc/administration/command-line.zh-cn.md
@ -0,0 +1,556 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "Gitea 命令行"
+slug: "command-line"
+weight: 1
+toc: false
+draft: false
+aliases:
+  - /zh-cn/command-line
+menu:
+  sidebar:
+    parent: "administration"
+    name: "Gitea 命令行"
+    weight: 1
+    identifier: "command-line"
+---
+
+# 命令行
+
+**目录**
+
+{{< toc >}}
+
+## 用法
+
+`gitea [全局选项] 命令 [命令或全局选项] [参数...]`
+
+## 全局选项
+
+所有全局选项均可被放置在命令级别。
+
+- `--help`，`-h`：显示帮助文本并退出。可选。
+- `--version`，`-v`：显示版本信息并退出。可选。 (示例：`Gitea version 1.1.0+218-g7b907ed built with: bindata, sqlite`)。
+- `--custom-path path`，`-C path`：Gitea 自定义文件夹的路径。可选。 (默认值：`AppWorkPath`/custom 或 `$GITEA_CUSTOM`)。
+- `--config path`，`-c path`：Gitea 配置文件的路径。可选。 (默认值：`custom`/conf/app.ini)。
+- `--work-path path`，`-w path`：Gitea 的 `AppWorkPath`。可选。 (默认值：LOCATION_OF_GITEA_BINARY 或 `$GITEA_WORK_DIR`)
+
+注意：默认的 custom-path、config 和 work-path 也可以在构建时更改（如果需要）。
+
+## 命令
+
+### web
+
+启动服务器：
+
+- 选项：
+  - `--port number`，`-p number`：端口号。可选。 (默认值：3000)。覆盖配置文件中的设置。
+  - `--install-port number`：运行安装页面的端口号。可选。 (默认值：3000)。覆盖配置文件中的设置。
+  - `--pid path`，`-P path`：Pid 文件的路径。可选。
+  - `--quiet`，`-q`：只在控制台上输出 Fatal 日志，用于在设置日志之前发出的日志。
+  - `--verbose`：在控制台上输出跟踪日志，用于在设置日志之前发出的日志。
+- 示例：
+  - `gitea web`
+  - `gitea web --port 80`
+  - `gitea web --config /etc/gitea.ini --pid /some/custom/gitea.pid`
+- 注意：
+  - Gitea 不应以 root 用户身份运行。要绑定到低于 1024 的端口，您可以在 Linux 上使用 setcap 命令：`sudo setcap 'cap_net_bind_service=+ep' /path/to/gitea`。每次更新 Gitea 都需要重新执行此操作。
+
+### admin
+
+管理员操作：
+
+- 命令：
+  - `user`：
+    - `list`：
+      - 选项：
+        - `--admin`：仅列出管理员用户。可选。
+      - 描述：列出所有现有用户。
+      - 示例：
+        - `gitea admin user list`
+    - `delete`：
+      - 选项：
+        - `--email`：要删除的用户的电子邮件。
+        - `--username`：要删除的用户的用户名。
+        - `--id`：要删除的用户的ID。
+        - 必须提供 `--id`、`--username` 或 `--email` 中的一个。如果提供多个，则所有条件必须匹配。
+      - 示例：
+        - `gitea admin user delete --id 1`
+    - `create`：
+      - 选项：
+        - `--name value`：用户名。必填。自 Gitea 1.9.0 版本起，请改用 `--username` 标志。
+        - `--username value`：用户名。必填。Gitea 1.9.0 新增。
+        - `--password value`：密码。必填。
+        - `--email value`：邮箱。必填。
+        - `--admin`：如果提供此选项，将创建一个管理员用户。可选。
+        - `--access-token`：如果提供，将为用户创建访问令牌。可选。（默认值：false）。
+        - `--must-change-password`：如果提供，创建的用户将在初始登录后需要选择一个新密码。可选。（默认值：true）。
+        - `--random-password`：如果提供，将使用随机生成的密码作为创建用户的密码。`--password` 的值将被忽略。可选。
+        - `--random-password-length`：如果提供，将用于配置随机生成密码的长度。可选。（默认值：12）
+      - 示例：
+        - `gitea admin user create --username myname --password asecurepassword --email me@example.com`
+    - `change-password`：
+      - 选项：
+        - `--username value`，`-u value`：用户名。必填。
+        - `--password value`，`-p value`：新密码。必填。
+      - 示例：
+        - `gitea admin user change-password --username myname --password asecurepassword`
+    - `must-change-password`：
+      - 参数：
+        - `[username...]`：需要更改密码的用户
+      - 选项：
+        - `--all`，`-A`：强制所有用户更改密码
+        - `--exclude username`，`-e username`：排除给定的用户。可以多次设置。
+        - `--unset`：撤销对给定用户的强制密码更改
+  - `regenerate`：
+    - 选项：
+      - `hooks`：重新生成所有仓库的 Git Hooks。
+      - `keys`：重新生成 authorized_keys 文件。
+    - 示例：
+      - `gitea admin regenerate hooks`
+      - `gitea admin regenerate keys`
+  - `auth`：
+    - `list`：
+      - 描述：列出所有存在的外部认证源。
+      - 示例：
+        - `gitea admin auth list`
+    - `delete`：
+      - 选项：
+        - `--id`：要删除的源的 ID。必填。
+      - 示例：
+        - `gitea admin auth delete --id 1`
+    - `add-oauth`：
+      - 选项：
+        - `--name`：应用程序名称。
+        - `--provider`：OAuth2 提供者。
+        - `--key`：客户端 ID（Key）。
+        - `--secret`：客户端密钥。
+        - `--auto-discover-url`：OpenID Connect 自动发现 URL（仅在使用 OpenID Connect 作为提供程序时需要）。
+        - `--use-custom-urls`：在 GitLab/GitHub OAuth 端点上使用自定义 URL。
+        - `--custom-tenant-id`：在 OAuth 端点上使用自定义租户 ID。
+        - `--custom-auth-url`：使用自定义授权 URL（GitLab/GitHub 的选项）。
+        - `--custom-token-url`：使用自定义令牌 URL（GitLab/GitHub 的选项）。
+        - `--custom-profile-url`：使用自定义配置文件 URL（GitLab/GitHub 的选项）。
+        - `--custom-email-url`：使用自定义电子邮件 URL（GitHub 的选项）。
+        - `--icon-url`：OAuth2 登录源的自定义图标 URL。
+        - `--skip-local-2fa`：允许源覆盖本地 2FA。（可选）
+        - `--scopes`：请求此 OAuth2 源的附加范围。（可选）
+        - `--required-claim-name`：必须设置的声明名称，以允许用户使用此源登录。（可选）
+        - `--required-claim-value`：必须设置的声明值，以允许用户使用此源登录。（可选）
+        - `--group-claim-name`：提供此源的组名的声明名称。（可选）
+        - `--admin-group`：管理员用户的组声明值。（可选）
+        - `--restricted-group`：受限用户的组声明值。（可选）
+        - `--group-team-map`：组与组织团队之间的 JSON 映射。（可选）
+        - `--group-team-map-removal`：根据组自动激活团队成员资格的删除。（可选）
+      - 示例：
+        - `gitea admin auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE`
+    - `update-oauth`：
+      - 选项：
+        - `--id`：要更新的源的 ID。必填。
+        - `--name`：应用程序名称。
+        - `--provider`：OAuth2 提供者。
+        - `--key`：客户端 ID（Key）。
+        - `--secret`：客户端密钥。
+        - `--auto-discover-url`：OpenID Connect 自动发现 URL（仅在使用 OpenID Connect 作为提供程序时需要）。
+        - `--use-custom-urls`：在 GitLab/GitHub OAuth 端点上使用自定义 URL。
+        - `--custom-tenant-id`：在 OAuth 端点上使用自定义租户 ID。
+        - `--custom-auth-url`：使用自定义授权 URL（GitLab/GitHub 的选项）。
+        - `--custom-token-url`：使用自定义令牌 URL（GitLab/GitHub 的选项）。
+        - `--custom-profile-url`：使用自定义配置文件 URL（GitLab/GitHub 的选项）。
+        - `--custom-email-url`：使用自定义电子邮件 URL（GitHub 的选项）。
+        - `--icon-url`：OAuth2 登录源的自定义图标 URL。
+        - `--skip-local-2fa`：允许源覆盖本地 2FA。（可选）
+        - `--scopes`：请求此 OAuth2 源的附加范围。
+        - `--required-claim-name`：必须设置的声明名称，以允许用户使用此源登录。（可选）
+        - `--required-claim-value`：必须设置的声明值，以允许用户使用此源登录。（可选）
+        - `--group-claim-name`：提供此源的组名的声明名称。（可选）
+        - `--admin-group`：管理员用户的组声明值。（可选）
+        - `--restricted-group`：受限用户的组声明值。（可选）
+      - 示例：
+        - `gitea admin auth update-oauth --id 1 --name external-github-updated`
+    - `add-smtp`：
+      - 选项：
+        - `--name`：应用程序名称。必填。
+        - `--auth-type`：SMTP 认证类型（PLAIN/LOGIN/CRAM-MD5）。默认为 PLAIN。
+        - `--host`：SMTP 主机。必填。
+        - `--port`：SMTP 端口。必填。
+        - `--force-smtps`：SMTPS 始终在端口 465 上使用。设置此选项以强制在其他端口上使用 SMTPS。
+        - `--skip-verify`：跳过 TLS 验证。
+        - `--helo-hostname`：发送 HELO 时使用的主机名。留空以发送当前主机名。
+        - `--disable-helo`：禁用 SMTP helo。
+        - `--allowed-domains`：留空以允许所有域。使用逗号（','）分隔多个域。
+        - `--skip-local-2fa`：跳过 2FA 登录。
+        - `--active`：启用此认证源。
+        备注：
+        `--force-smtps`、`--skip-verify`、`--disable-helo`、`--skip-local-2fs` 和 `--active` 选项可以采用以下形式使用：
+        - `--option`、`--option=true` 以启用选项
+        - `--option=false` 以禁用选项
+        如果未指定这些选项，则在 `update-smtp` 中不会更改值，或者在 `add-smtp` 中将使用默认的 `false` 值。
+      - 示例：
+        - `gitea admin auth add-smtp --name ldap --host smtp.mydomain.org --port 587 --skip-verify --active`
+    - `update-smtp`：
+      - 选项：
+        - `--id`：要更新的源的 ID。必填。
+        - 其他选项与 `add-smtp` 共享
+      - 示例：
+        - `gitea admin auth update-smtp --id 1 --host smtp.mydomain.org --port 587 --skip-verify=false`
+        - `gitea admin auth update-smtp --id 1 --active=false`
+    - `add-ldap`：添加新的 LDAP（通过 Bind DN）认证源
+      - 选项：
+        - `--name value`：认证名称。必填。
+        - `--not-active`：停用认证源。
+        - `--security-protocol value`：安全协议名称。必填。
+        - `--skip-tls-verify`：禁用 TLS 验证。
+        - `--host value`：LDAP 服务器的地址。必填。
+        - `--port value`：连接到 LDAP 服务器时使用的端口。必填。
+        - `--user-search-base value`：用户帐户将在其中搜索的 LDAP 基础路径。必填。
+        - `--user-filter value`：声明如何查找试图进行身份验证的用户记录的 LDAP 过滤器。必填。
+        - `--admin-filter value`：指定是否应授予用户管理员特权的 LDAP 过滤器。
+        - `--restricted-filter value`：指定是否应将用户设置为受限状态的 LDAP 过滤器。
+        - `--username-attribute value`：用户 LDAP 记录中包含用户名的属性。
+        - `--firstname-attribute value`：用户 LDAP 记录中包含用户名字的属性。
+        - `--surname-attribute value`：用户 LDAP 记录中包含用户姓氏的属性。
+        - `--email-attribute value`：用户 LDAP 记录中包含用户电子邮件地址的属性。必填。
+        - `--public-ssh-key-attribute value`：用户 LDAP 记录中包含用户公共 SSH 密钥的属性。
+        - `--avatar-attribute value`：用户 LDAP 记录中包含用户头像的属性。
+        - `--bind-dn value`：在搜索用户时绑定到 LDAP 服务器的 DN。
+        - `--bind-password value`：绑定 DN 的密码（如果有）。
+        - `--attributes-in-bind`：在绑定 DN 上下文中获取属性。
+        - `--synchronize-users`：启用用户同步。
+        - `--page-size value`：搜索页面大小。
+      - 示例：
+        - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" --email-attribute mail`
+    - `update-ldap`：更新现有的 LDAP（通过 Bind DN）认证源
+      - 选项：
+        - `--id value`：认证源的 ID。必填。
+        - `--name value`：认证名称。
+        - `--not-active`：停用认证源。
+        - `--security-protocol value`：安全协议名称。
+        - `--skip-tls-verify`：禁用 TLS 验证。
+        - `--host value`：LDAP 服务器的地址。
+        - `--port value`：连接到 LDAP 服务器时使用的端口。
+        - `--user-search-base value`：用户帐户将在其中搜索的 LDAP 基础路径。
+        - `--user-filter value`：声明如何查找试图进行身份验证的用户记录的 LDAP 过滤器。
+        - `--admin-filter value`：指定是否应授予用户管理员特权的 LDAP 过滤器。
+        - `--restricted-filter value`：指定是否应将用户设置为受限状态的 LDAP 过滤器。
+        - `--username-attribute value`：用户 LDAP 记录中包含用户名的属性。
+        - `--firstname-attribute value`：用户 LDAP 记录中包含用户名字的属性。
+        - `--surname-attribute value`：用户 LDAP 记录中包含用户姓氏的属性。
+        - `--email-attribute value`：用户 LDAP 记录中包含用户电子邮件地址的属性。
+        - `--public-ssh-key-attribute value`：用户 LDAP 记录中包含用户公共 SSH 密钥的属性。
+        - `--avatar-attribute value`：用户 LDAP 记录中包含用户头像的属性。
+        - `--bind-dn value`：在搜索用户时绑定到 LDAP 服务器的 DN。
+        - `--bind-password value`：绑定 DN 的密码（如果有）。
+        - `--attributes-in-bind`：在绑定 DN 上下文中获取属性。
+        - `--synchronize-users`：启用用户同步。
+        - `--page-size value`：搜索页面大小。
+      - 示例：
+        - `gitea admin auth update-ldap --id 1 --name "my ldap auth source"`
+        - `gitea admin auth update-ldap --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
+    - `add-ldap-simple`：添加新的 LDAP（简单身份验证）认证源
+      - 选项：
+        - `--name value`：认证名称。必填。
+        - `--not-active`：停用认证源。
+        - `--security-protocol value`：安全协议名称。必填。
+        - `--skip-tls-verify`：禁用 TLS 验证。
+        - `--host value`：LDAP 服务器的地址。必填。
+        - `--port value`：连接到 LDAP 服务器时使用的端口。必填。
+        - `--user-search-base value`：用户帐户将在其中搜索的 LDAP 基础路径。
+        - `--user-filter value`：声明如何查找试图进行身份验证的用户记录的 LDAP 过滤器。必填。
+        - `--admin-filter value`：指定是否应授予用户管理员特权的 LDAP 过滤器。
+        - `--restricted-filter value`：指定是否应将用户设置为受限状态的 LDAP 过滤器。
+        - `--username-attribute value`：用户 LDAP 记录中包含用户名的属性。
+        - `--firstname-attribute value`：用户 LDAP 记录中包含用户名字的属性。
+        - `--surname-attribute value`：用户 LDAP 记录中包含用户姓氏的属性。
+        - `--email-attribute value`：用户 LDAP 记录中包含用户电子邮件地址的属性。必填。
+        - `--public-ssh-key-attribute value`：用户 LDAP 记录中包含用户公共 SSH 密钥的属性。
+        - `--avatar-attribute value`：用户 LDAP 记录中包含用户头像的属性。
+        - `--user-dn value`：用户的 DN。必填。
+      - 示例：
+        - `gitea admin auth add-ldap-simple --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-dn "cn=%s,ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(cn=%s))" --email-attribute mail`
+    - `update-ldap-simple`：更新现有的 LDAP（简单身份验证）认证源
+      - 选项：
+        - `--id value`：认证源的 ID。必填。
+        - `--name value`：认证名称。
+        - `--not-active`：停用认证源。
+        - `--security-protocol value`：安全协议名称。
+        - `--skip-tls-verify`：禁用 TLS 验证。
+        - `--host value`：LDAP 服务器的地址。
+        - `--port value`：连接到 LDAP 服务器时使用的端口。
+        - `--user-search-base value`：用户帐户将在其中搜索的 LDAP 基础路径。
+        - `--user-filter value`：声明如何查找试图进行身份验证的用户记录的 LDAP 过滤器。
+        - `--admin-filter value`：指定是否应授予用户管理员特权的 LDAP 过滤器。
+        - `--restricted-filter value`：指定是否应将用户设置为受限状态的 LDAP 过滤器。
+        - `--username-attribute value`：用户 LDAP 记录中包含用户名的属性。
+        - `--firstname-attribute value`：用户 LDAP 记录中包含用户名字的属性。
+        - `--surname-attribute value`：用户 LDAP 记录中包含用户姓氏的属性。
+        - `--email-attribute value`：用户 LDAP 记录中包含用户电子邮件地址的属性。
+        - `--public-ssh-key-attribute value`：用户 LDAP 记录中包含用户公共 SSH 密钥的属性。
+        - `--avatar-attribute value`：用户 LDAP 记录中包含用户头像的属性。
+        - `--user-dn value`：用户的 DN。
+      - 示例：
+        - `gitea admin auth update-ldap-simple --id 1 --name "my ldap auth source"`
+        - `gitea admin auth update-ldap-simple --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
+
+### cert
+
+生成自签名的SSL证书。将输出到当前目录下的`cert.pem`和`key.pem`文件中，并且会覆盖任何现有文件。
+
+- 选项：
+  - `--host value`：逗号分隔的主机名和IP地址列表，此证书适用于这些主机。支持使用通配符。必填。
+  - `--ecdsa-curve value`：用于生成密钥的ECDSA曲线。可选。有效选项为P224、P256、P384、P521。
+  - `--rsa-bits value`：要生成的RSA密钥的大小。可选。如果设置了--ecdsa-curve，则忽略此选项。（默认值：2048）。
+  - `--start-date value`：证书的创建日期。可选。（格式：`Jan 1 15:04:05 2011`）。
+  - `--duration value`：证书有效期。可选。（默认值：8760h0m0s）
+  - `--ca`：如果提供此选项，则证书将生成自己的证书颁发机构。可选。
+- 示例：
+  - `gitea cert --host git.example.com,example.com,www.example.com --ca`
+
+### dump
+
+将所有文件和数据库导出到一个zip文件中。输出文件将保存在当前目录下，类似于`gitea-dump-1482906742.zip`。
+
+- 选项：
+  - `--file name`，`-f name`：指定要创建的导出文件的名称。可选。（默认值：gitea-dump-[timestamp].zip）。
+  - `--tempdir path`，`-t path`：指定临时目录的路径。可选。（默认值：/tmp）。
+  - `--skip-repository`，`-R`：跳过仓库的导出。可选。
+  - `--skip-custom-dir`：跳过自定义目录的导出。可选。
+  - `--skip-lfs-data`：跳过LFS数据的导出。可选。
+  - `--skip-attachment-data`：跳过附件数据的导出。可选。
+  - `--skip-package-data`：跳过包数据的导出。可选。
+  - `--skip-log`：跳过日志数据的导出。可选。
+  - `--database`，`-d`：指定数据库的SQL语法。可选。
+  - `--verbose`，`-V`：如果提供此选项，显示附加详细信息。可选。
+  - `--type`：设置导出的格式。可选。（默认值：zip）
+- 示例：
+  - `gitea dump`
+  - `gitea dump --verbose`
+
+### generate
+
+用于在配置文件中生成随机值和令牌。对于自动部署时生成值非常有用。
+
+- 命令:
+  - `secret`:
+    - 选项:
+      - `INTERNAL_TOKEN`: 用于内部 API 调用身份验证的令牌。
+      - `JWT_SECRET`: 用于 LFS 和 OAUTH2 JWT 身份验证的密钥（LFS_JWT_SECRET 是此选项的别名，用于向后兼容）。
+      - `SECRET_KEY`: 全局密钥。
+    - 示例:
+      - `gitea generate secret INTERNAL_TOKEN`
+      - `gitea generate secret JWT_SECRET`
+      - `gitea generate secret SECRET_KEY`
+
+### keys
+
+提供一个 SSHD AuthorizedKeysCommand。需要在 sshd 配置文件中进行配置:
+
+```ini
+...
+# -e 的值和 AuthorizedKeysCommandUser 应与运行 Gitea 的用户名匹配
+AuthorizedKeysCommandUser git
+AuthorizedKeysCommand /path/to/gitea keys -e git -u %u -t %t -k %k
+```
+
+该命令将返回适用于提供的密钥的合适 authorized_keys 行。您还应在 `app.ini` 的 `[server]` 部分设置值 `SSH_CREATE_AUTHORIZED_KEYS_FILE=false`。
+
+注意: opensshd 要求 Gitea 程序由 root 拥有，并且不可由组或其他人写入。程序必须使用绝对路径指定。
+注意: Gitea 必须在运行此命令时处于运行状态才能成功。
+
+### migrate
+
+迁移数据库。该命令可用于在首次启动服务器之前运行其他命令。此命令是幂等的。
+
+### convert
+
+将现有的 MySQL 数据库从 utf8 转换为 utf8mb4。
+
+### doctor
+
+根据给定的配置诊断当前 Gitea 实例的问题。目前有以下检查清单:
+
+- 检查 OpenSSH 的 authorized_keys 文件是否正确
+  当您的 Gitea 实例支持 OpenSSH 时，当您的 Gitea 实例添加或更改任何公钥时，Gitea 实例的二进制路径将被写入 `authorized_keys` 文件。
+  有时，如果您在升级时移动或重命名了 Gitea 二进制文件，并且您没有在管理面板上运行“使用 Gitea 的 SSH 密钥更新「.ssh/authorized_keys」文件”操作。那么通过 SSH 的所有拉取/推送操作将无法正常工作。
+  此检查将帮助您检查它是否正常工作。
+
+对于贡献者，如果您想添加更多的检查项，您可以编写一个新的函数，如 `func(ctx *cli.Context) ([]string, error)`，并将其追加到 `doctor.go` 文件中。
+
+```go
+var checklist = []check{
+	{
+		title: "Check if OpenSSH authorized_keys file id correct",
+		f:     runDoctorLocationMoved,
+    },
+    // more checks please append here
+}
+```
+
+此函数将接收一个命令行上下文，并返回有关问题或错误的详细信息列表。
+
+#### doctor recreate-table
+
+有时，在迁移时，旧的列和默认值可能会在数据库模式中保持不变。这可能会导致警告，如下所示:
+
+```
+2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync2() [W] Table user Column keep_activity_private db default is , struct default is 0
+```
+
+您可以通过以下方式让 Gitea 重新创建这些表，并将旧数据复制到新表中，并适当设置默认值：
+
+```
+gitea doctor recreate-table user
+```
+
+您可以使用以下方式让 Gitea 重新创建多个表：
+
+```
+gitea doctor recreate-table table1 table2 ...
+```
+
+如果您希望 Gitea 重新创建所有表，请直接调用：
+
+```
+gitea doctor recreate-table
+```
+
+强烈建议在运行这些命令之前备份您的数据库。
+
+### manager
+
+管理运行中的服务器操作：
+
+- 命令:
+  - `shutdown`: 优雅地关闭运行中的进程
+  - `restart`: 优雅地重新启动运行中的进程（对于Windows服务器尚未实现）
+  - `flush-queues`: 刷新运行中的进程中的队列
+    - 选项:
+      - `--timeout value`: 刷新过程的超时时间（默认值: 1m0s）
+      - `--non-blocking`: 设置为true，以在返回之前不等待刷新完成
+  - `logging`: 调整日志命令
+    - 命令:
+      - `pause`: 暂停日志记录
+        - 注意:
+          - 如果日志级别低于此级别，日志级别将被临时提升为INFO。
+          - Gitea将在一定程度上缓冲日志，并在超过该点后丢弃日志。
+      - `resume`: 恢复日志记录
+      - `release-and-reopen`: 使Gitea释放和重新打开用于日志记录的文件和连接（相当于向Gitea发送SIGUSR1信号）。
+      - `remove name`: 删除指定的日志记录器
+        - 选项:
+          - `--group group`, `-g group`: 从中删除子记录器的组（默认为`default`）
+      - `add`: 添加日志记录器
+        - 命令:
+          - `console`: 添加控制台日志记录器
+            - 选项:
+              - `--group value`, `-g value`: 要添加日志记录器的组 - 默认为"default"
+              - `--name value`, `-n value`: 新日志记录器的名称 - 默认为模式
+              - `--level value`, `-l value`: 新日志记录器的日志级别
+              - `--stacktrace-level value`, `-L value`: 堆栈跟踪日志级别
+              - `--flags value`, `-F value`: 日志记录器的标志
+              - `--expression value`, `-e value`: 日志记录器的匹配表达式
+              - `--prefix value`, `-p value`: 日志记录器的前缀
+              - `--color`: 在日志中使用颜色
+              - `--stderr`: 将控制台日志输出到stderr - 仅适用于控制台
+          - `file`: 添加文件日志记录器
+            - 选项:
+              - `--group value`, `-g value`: 要添加日志记录器的组 - 默认为"default"
+              - `--name value`, `-n value`: 新日志记录器的名称 - 默认为模式
+              - `--level value`, `-l value`: 新日志记录器的日志级别
+              - `--stacktrace-level value`, `-L value`: 堆栈跟踪日志级别
+              - `--flags value`, `-F value`: 日志记录器的标志
+              - `--expression value`, `-e value`: 日志记录器的匹配表达式
+              - `--prefix value`, `-p value`: 日志记录器的前缀
+              - `--color`: 在日志中使用颜色
+              - `--filename value`, `-f value`: 日志记录器的文件名
+              - `--rotate`, `-r`: 轮转日志
+              - `--max-size value`, `-s value`: 在轮转之前的最大大小（以字节为单位）
+              - `--daily`, `-d`: 每天轮转日志
+              - `--max-days value`, `-D value`: 保留的每日日志的最大数量
+              - `--compress`, `-z`: 压缩轮转的日志
+              - `--compression-level value`, `-Z value`: 使用的压缩级别
+          - `conn`: 添加网络连接日志记录器
+            - 选项:
+              - `--group value`, `-g value`: 要添加日志记录器的组 - 默认为"default"
+              - `--name value`, `-n value`: 新日志记录器的名称 - 默认为模式
+              - `--level value`, `-l value`: 新日志记录器的日志级别
+              - `--stacktrace-level value`, `-L value`: 堆栈跟踪日志级别
+              - `--flags value`, `-F value`: 日志记录器的标志
+              - `--expression value`, `-e value`: 日志记录器的匹配表达式
+              - `--prefix value`, `-p value`: 日志记录器的前缀
+              - `--color`: 在日志中使用颜色
+              - `--reconnect-on-message`, `-R`: 对于每个消息重新连接主机
+              - `--reconnect`, `-r`: 连接中断时重新连接主机
+              - `--protocol value`, `-P value`: 设置要使用的协议：tcp、unix或udp（默认为tcp）
+              - `--address value`, `-a value`: 要连接到的主机地址和端口（默认为:7020）
+          - `smtp`: 添加SMTP日志记录器
+            - 选项:
+              - `--group value`, `-g value`: 要添加日志记录器的组 - 默认为"default"
+              - `--name value`, `-n value`: 新日志记录器的名称 - 默认为模式
+              - `--level value`, `-l value`: 新日志记录器的日志级别
+              - `--stacktrace-level value`, `-L value`: 堆栈跟踪日志级别
+              - `--flags value`, `-F value`: 日志记录器的标志
+              - `--expression value`, `-e value`: 日志记录器的匹配表达式
+              - `--prefix value`, `-p value`: 日志记录器的前缀
+              - `--color`: 在日志中使用颜色
+              - `--username value`, `-u value`: 邮件服务器用户名
+              - `--password value`, `-P value`: 邮件服务器密码
+              - `--host value`, `-H value`: 邮件服务器主机（默认为: 127.0.0.1:25）
+              - `--send-to value`, `-s value`: 要发送到的电子邮件地址
+              - `--subject value`, `-S value`: 发送电子邮件的主题标题
+  - `processes`: 显示 Gitea 进程和 Goroutine 信息
+    - 选项:
+      - `--flat`: 以平面表格形式显示进程，而不是树形结构
+      - `--no-system`: 不显示系统进程
+      - `--stacktraces`: 显示与进程关联的 Goroutine 的堆栈跟踪
+      - `--json`: 输出为 JSON 格式
+      - `--cancel PID`: 向具有 PID 的进程发送取消命令（仅适用于非系统进程）
+
+### dump-repo
+
+`dump-repo` 从 Git/GitHub/Gitea/GitLab 中转储存储库数据：
+
+- 选项：
+  - `--git_service service`：Git 服务，可以是 `git`、`github`、`gitea`、`gitlab`。如果 `clone_addr` 可以被识别，则可以忽略此选项。
+  - `--repo_dir dir`，`-r dir`：存储数据的存储库目录路径。
+  - `--clone_addr addr`：将被克隆的 URL，目前可以是 git/github/gitea/gitlab 的 http/https URL。例如：https://github.com/lunny/tango.git
+  - `--auth_username lunny`：访问 `clone_addr` 的用户名。
+  - `--auth_password <password>`：访问 `clone_addr` 的密码。
+  - `--auth_token <token>`：访问 `clone_addr` 的个人令牌。
+  - `--owner_name lunny`：如果非空，数据将存储在具有所有者名称的目录中。
+  - `--repo_name tango`：如果非空，数据将存储在具有存储库名称的目录中。
+  - `--units <units>`：要迁移的项目，一个或多个项目应以逗号分隔。允许的项目有 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments。如果为空，则表示所有项目。
+
+### restore-repo
+
+`restore-repo` 从磁盘目录中还原存储库数据：
+
+- 选项：
+  - `--repo_dir dir`，`-r dir`：还原数据的存储库目录路径。
+  - `--owner_name lunny`：还原目标所有者名称。
+  - `--repo_name tango`：还原目标存储库名称。
+  - `--units <units>`：要还原的项目，一个或多个项目应以逗号分隔。允许的项目有 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments。如果为空，则表示所有项目。
+
+### actions generate-runner-token
+
+生成一个供 Runner 使用的新令牌，用于向服务器注册。
+
+- 选项：
+  - `--scope {owner}[/{repo}]`，`-s {owner}[/{repo}]`：限制 Runner 的范围，没有范围表示该 Runner 可用于所有仓库，但你也可以将其限制为特定的仓库或所有者。
+
+要注册全局 Runner：
+
+```
+gitea actions generate-runner-token
+```
+
+要注册特定组织的 Runner，例如 `org`：
+
+```
+gitea actions generate-runner-token -s org
+```
+
+要注册特定仓库的 Runner，例如 `username/test-repo`：
+
+```
+gitea actions generate-runner-token -s username/test-repo
+```
--- a/docs/content/doc/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/administration/config-cheat-sheet.en-us.md
@ -2,14 +2,14 @@
 date: "2016-12-26T16:00:00+02:00"
 title: "Config Cheat Sheet"
 slug: "config-cheat-sheet"
-weight: 20
+weight: 30
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Config Cheat Sheet"
-    weight: 20
+    weight: 30
    identifier: "config-cheat-sheet"
 ---

@ -103,8 +103,8 @@ In addition there is _`StaticRootPath`_ which can be set as a built-in at build
 - `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`:  **false**: Close an issue if a commit on a non default branch marks it as closed.
 - `ENABLE_PUSH_CREATE_USER`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for a user.
 - `ENABLE_PUSH_CREATE_ORG`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for an org.
- `DISABLED_REPO_UNITS`: **_empty_**: Comma separated list of globally disabled repo units. Allowed values: \[repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects\]
- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages**: Comma separated list of default new repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
+- `DISABLED_REPO_UNITS`: **_empty_**: Comma separated list of globally disabled repo units. Allowed values: \[repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions\]
+- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages**: Comma separated list of default new repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
 - `DEFAULT_FORK_REPO_UNITS`: **repo.code,repo.pulls**: Comma separated list of default forked repo units. The set of allowed values and rules is the same as `DEFAULT_REPO_UNITS`.
 - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
 - `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
@ -220,17 +220,19 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SHOW_USER_EMAIL`: **true**: Whether the email of the user should be shown in the Explore Users page.
 - `THEMES`:  **auto,gitea,arc-green**: All available themes. Allow users select personalized themes.
  regardless of the value of `DEFAULT_THEME`.
- `THEME_COLOR_META_TAG`: **#6cc644**:  Value of `theme-color` meta tag, used by Android >= 5.0. An invalid color like "none" or "disable" will have the default style.  More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+- `THEME_COLOR_META_TAG`: **\<empty\>**: Value of `theme-color` meta tag, used by some mobile browers for chrome and out-of-viewport areas. Default is unset which uses body color.
 - `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB)
 - `REACTIONS`: All available reactions users can choose on issues/prs and comments
    Values can be emoji alias (:smile:) or a unicode emoji.
    For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png
 - `CUSTOM_EMOJIS`: **gitea, codeberg, gitlab, git, github, gogs**: Additional Emojis not defined in the utf8 standard.
-    By default we support Gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and
+    By default, we support Gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and
    add it to this config.
 - `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
 - `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page.
 - `USE_SERVICE_WORKER`: **false**: Whether to enable a Service Worker to cache frontend assets.
+- `ONLY_SHOW_RELEVANT_REPOS`: **false** Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
+    A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).

 ### UI - Admin (`ui.admin`)

@ -753,7 +755,7 @@ and
 - `FORCE_TRUST_SERVER_CERT`: **false**: If set to `true`, completely ignores server certificate validation errors. This option is unsafe. Consider adding the certificate to the system trust store instead.
 - `USER`: **\<empty\>**: Username of mailing user (usually the sender's e-mail address).
 - `PASSWD`: **\<empty\>**: Password of mailing user.  Use \`your password\` for quoting if you use special characters in the password.
-  - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or SMTP host is localhost. See [Email Setup]({{< relref "doc/usage/email-setup.en-us.md" >}}) for more information.
+  - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or SMTP host is localhost. See [Email Setup]({{< relref "doc/administration/email-setup.en-us.md" >}}) for more information.
 - `ENABLE_HELO`: **true**: Enable HELO operation.
 - `HELO_HOSTNAME`: **(retrieved from system)**: HELO hostname.
 - `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or the "Name" \<email@example.com\> format.
@ -841,7 +843,7 @@ Default templates for project boards:
 ## Issue and pull request attachments (`attachment`)

 - `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
- `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+- `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 - `MAX_SIZE`: **4**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
@ -854,6 +856,8 @@ Default templates for project boards:
 - `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when STORAGE_TYPE is `minio`
 - `MINIO_BASE_PATH`: **attachments/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when STORAGE_TYPE is `minio`
+- `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`
+- `MINIO_CHECKSUM_ALGORITHM`: **default**: Minio checksum algorithm: `default` (for MinIO or AWS S3) or `md5` (for Cloudflare or Backblaze)

 ## Log (`log`)

@ -987,7 +991,7 @@ Default templates for project boards:

 ### Extended cron tasks (not enabled by default)

-#### Cron - Garbage collect all repositories ('cron.git_gc_repos')
+#### Cron - Garbage collect all repositories (`cron.git_gc_repos`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
@ -996,66 +1000,67 @@ Default templates for project boards:
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. The default value is same with [git] -> GC_ARGS

-#### Cron - Update the '.ssh/authorized_keys' file with Gitea SSH keys ('cron.resync_all_sshkeys')
+#### Cron - Update the '.ssh/authorized_keys' file with Gitea SSH keys (`cron.resync_all_sshkeys`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

-#### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories ('cron.resync_all_hooks')
+#### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories (`cron.resync_all_hooks`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

-#### Cron - Reinitialize all missing Git repositories for which records exist ('cron.reinit_missing_repos')
+#### Cron - Reinitialize all missing Git repositories for which records exist (`cron.reinit_missing_repos`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

-#### Cron - Delete all repositories missing their Git files ('cron.delete_missing_repos')
+#### Cron - Delete all repositories missing their Git files (`cron.delete_missing_repos`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

-#### Cron -  Delete generated repository avatars ('cron.delete_generated_repository_avatars')
+#### Cron -  Delete generated repository avatars (`cron.delete_generated_repository_avatars`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

-#### Cron -  Delete all old actions from database ('cron.delete_old_actions')
+#### Cron -  Delete all old actions from database (`cron.delete_old_actions`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax to set how often to check.
- `OLDER_THAN`: **@every 8760h**: any action older than this expression will be deleted from database, suggest using `8760h` (1 year) because that's the max length of heatmap.
+- `OLDER_THAN`: **8760h**: any action older than this expression will be deleted from database, suggest using `8760h` (1 year) because that's the max length of heatmap.

-#### Cron -  Check for new Gitea versions ('cron.update_checker')
+#### Cron -  Check for new Gitea versions (`cron.update_checker`)

 - `ENABLED`: **true**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `ENABLE_SUCCESS_NOTICE`: **true**: Set to false to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax for scheduling a work, e.g. `@every 168h`.
 - `HTTP_ENDPOINT`: **https://dl.gitea.io/gitea/version.json**: the endpoint that Gitea will check for newer versions
+- `DOMAIN_ENDPOINT`: **release.forgejo.org**: the domain that, if specified, Gitea will check for newer versions. This is preferred over `HTTP_ENDPOINT`.

-#### Cron -  Delete all old system notices from database ('cron.delete_old_system_notices')
+#### Cron -  Delete all old system notices from database (`cron.delete_old_system_notices`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax to set how often to check.
- `OLDER_THAN`: **@every 8760h**: any system notice older than this expression will be deleted from database.
+- `OLDER_THAN`: **8760h**: any system notice older than this expression will be deleted from database.

-#### Cron -  Garbage collect LFS pointers in repositories ('cron.gc_lfs')
+#### Cron -  Garbage collect LFS pointers in repositories (`cron.gc_lfs`)

 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
@ -1086,6 +1091,11 @@ Default templates for project boards:
 - `DISABLE_CORE_PROTECT_NTFS`: **false** Set to true to forcibly set `core.protectNTFS` to false.
 - `DISABLE_PARTIAL_CLONE`: **false** Disable the usage of using partial clones for git.

+## Git - Reflog settings (`git.reflog`)
+
+- `ENABLED`: **true** Set to true to enable Git to write changes to reflogs in each repo.
+- `EXPIRATION`: **90** Reflog entry lifetime, in days. Entries are removed opportunistically by Git.
+
 ## Git - Timeout settings (`git.timeout`)

 - `DEFAULT`: **360**: Git operations default timeout seconds.
@ -1268,6 +1278,7 @@ is `data/lfs` and the default of `MINIO_BASE_PATH` is `lfs/`.
 - `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_BASE_PATH`: **lfs/**: Minio base path on the bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
+- `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`

 ## Storage (`storage`)

@ -1280,6 +1291,7 @@ Default storage configuration for attachments, lfs, avatars and etc.
 - `MINIO_BUCKET`: **gitea**: Minio bucket to store the data only available when `STORAGE_TYPE` is `minio`
 - `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
+- `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`

 And you can also define a customize storage like below:

@ -1298,6 +1310,8 @@ MINIO_BUCKET = gitea
 MINIO_LOCATION = us-east-1
 ; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 MINIO_USE_SSL = false
+; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+MINIO_INSECURE_SKIP_VERIFY = false
 ```

 And used by `[attachment]`, `[lfs]` and etc. as `STORAGE_TYPE`.
@ -1318,6 +1332,7 @@ is `data/repo-archive` and the default of `MINIO_BASE_PATH` is `repo-archive/`.
 - `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_BASE_PATH`: **repo-archive/**: Minio base path on the bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
+- `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`

 ## Proxy (`proxy`)

--- a/docs/content/doc/administration/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/administration/config-cheat-sheet.zh-cn.md
@ -2,14 +2,14 @@
 date: "2016-12-26T16:00:00+02:00"
 title: "配置说明"
 slug: "config-cheat-sheet"
-weight: 20
+weight: 30
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "配置说明"
-    weight: 20
+    weight: 30
    identifier: "config-cheat-sheet"
 ---

@ -431,6 +431,8 @@ MINIO_BUCKET = gitea
 MINIO_LOCATION = us-east-1
 ; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 MINIO_USE_SSL = false
+; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+MINIO_INSECURE_SKIP_VERIFY = false
 ```

 然后你在 `[attachment]`, `[lfs]` 等中可以把这个名字用作 `STORAGE_TYPE` 的值。
--- a/docs/content/doc/administration/customizing-gitea.en-us.md
+++ b/docs/content/doc/administration/customizing-gitea.en-us.md
@ -2,15 +2,15 @@
 date: "2017-04-15T14:56:00+02:00"
 title: "Customizing Gitea"
 slug: "customizing-gitea"
-weight: 9
+weight: 100
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Customizing Gitea"
    identifier: "customizing-gitea"
-    weight: 9
+    weight: 100
 ---

 # Customizing Gitea
@ -84,7 +84,7 @@ directory at the top of this document).
 Every single page of Gitea can be changed. Dynamic content is generated using [go templates](https://golang.org/pkg/html/template/),
 which can be modified by placing replacements below the `$GITEA_CUSTOM/templates` directory.

-To obtain any embedded file (including templates), the [`gitea embedded` tool]({{< relref "doc/advanced/cmd-embedded.en-us.md" >}}) can be used. Alternatively, they can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/main/templates) directory of Gitea source (Note: the example link is from the `main` branch. Make sure to use templates compatible with the release you are using).
+To obtain any embedded file (including templates), the [`gitea embedded` tool]({{< relref "doc/administration/cmd-embedded.en-us.md" >}}) can be used. Alternatively, they can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/main/templates) directory of Gitea source (Note: the example link is from the `main` branch. Make sure to use templates compatible with the release you are using).

 Be aware that any statement contained inside `{{` and `}}` are Gitea's template syntax and
 shouldn't be touched without fully understanding these components.
@ -282,9 +282,22 @@ To add custom .gitignore, add a file with existing [.gitignore rules](https://gi

 ### Labels

-To add a custom label set, add a file that follows the [label format](https://github.com/go-gitea/gitea/blob/main/options/label/Default) to `$GITEA_CUSTOM/options/label`
+Starting with Gitea 1.19, you can add a file that follows the [YAML label format](https://github.com/go-gitea/gitea/blob/main/options/label/Advanced.yaml) to `$GITEA_CUSTOM/options/label`:
+
+```yaml
+labels:
+  - name: "foo/bar"  # name of the label that will appear in the dropdown
+    exclusive: true # whether to use the exclusive namespace for scoped labels. scoped delimiter is /
+    color: aabbcc # hex colour coding
+    description: Some label # long description of label intent
+ ```
+
+The [legacy file format](https://github.com/go-gitea/gitea/blob/main/options/label/Default) can still be used following the format below, however we strongly recommend using the newer YAML format instead.
+
 `#hex-color label name ; label description`

+For more information, see the [labels documentation]({{< relref "doc/usage/labels.en-us.md" >}}).
+
 ### Licenses

 To add a custom license, add a file with the license text to `$GITEA_CUSTOM/options/license`
@ -341,7 +354,7 @@ To make a custom theme available to all users:

 Community themes are listed in [gitea/awesome-gitea#themes](https://gitea.com/gitea/awesome-gitea#themes).

-The `arc-green` theme source can be found [here](https://github.com/go-gitea/gitea/blob/main/web_src/less/themes/theme-arc-green.less).
+The `arc-green` theme source can be found [here](https://github.com/go-gitea/gitea/blob/main/web_src/css/themes/theme-arc-green.css).

 If your custom theme is considered a dark theme, set the global css variable `--is-dark-theme` to `true`.
 This allows Gitea to adjust the Monaco code editor's theme accordingly.
--- a/docs/content/doc/administration/customizing-gitea.zh-cn.md
+++ b/docs/content/doc/administration/customizing-gitea.zh-cn.md
@ -2,14 +2,14 @@
 date: "2017-04-15T14:56:00+02:00"
 title: "自定义 Gitea 配置"
 slug: "customizing-gitea"
-weight: 9
+weight: 100
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "自定义 Gitea 配置"
-    weight: 9
+    weight: 100
    identifier: "customizing-gitea"
 ---

--- a/docs/content/doc/administration/email-setup.en-us.md
+++ b/docs/content/doc/administration/email-setup.en-us.md
@ -1,13 +1,13 @@
 ---
 date: "2019-10-15T10:10:00+05:00"
-title: "Usage: Email setup"
+title: "Email setup"
 slug: "email-setup"
 weight: 12
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "Email setup"
    weight: 12
    identifier: "email-setup"
@ -58,7 +58,7 @@ Restart Gitea for the configuration changes to take effect.

 To send a test email to validate the settings, go to Gitea > Site Administration > Configuration > SMTP Mailer Configuration.

-For the full list of options check the [Config Cheat Sheet]({{< relref "doc/advanced/config-cheat-sheet.en-us.md" >}})
+For the full list of options check the [Config Cheat Sheet]({{< relref "doc/administration/config-cheat-sheet.en-us.md" >}})

 Please note: authentication is only supported when the SMTP server communication is encrypted with TLS or `HOST=localhost`. TLS encryption can be through:

@ -81,7 +81,7 @@ SMTP_ADDR      = smtp.gmail.com
 SMTP_PORT      = 465
 FROM           = example.user@gmail.com
 USER           = example.user
-PASSWD         = ***
+PASSWD         = `***`
 MAILER_TYPE    = smtp
 IS_TLS_ENABLED = true
 ```
--- a/docs/content/doc/administration/email-setup.zh-cn.md
+++ b/docs/content/doc/administration/email-setup.zh-cn.md
@ -0,0 +1,91 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "Email 设置"
+slug: "email-setup"
+weight: 12
+toc: false
+draft: false
+aliases:
+  - /zh-cn/email-setup
+menu:
+  sidebar:
+    parent: "administration"
+    name: "Email 设置"
+    weight: 12
+    identifier: "email-setup"
+---
+
+# Email 设置
+
+**目录**
+
+{{< toc >}}
+
+Gitea 具有邮件功能，用于发送事务性邮件（例如注册确认邮件）。它可以配置为使用 Sendmail（或兼容的 MTA，例如 Postfix 和 msmtp）或直接使用 SMTP 服务器。
+
+## 使用 Sendmail
+
+使用 `sendmail` 命令作为邮件传输代理（mailer）。
+
+注意：对于在官方Gitea Docker镜像中使用，请使用SMTP版本进行配置（请参考下一节）。
+
+注意：对于面向互联网的网站，请查阅您的 MTA 文档以了解通过TLS发送邮件的说明。同时设置 SPF、DMARC 和 DKIM DNS 记录，以使发送的邮件被各个电子邮件提供商接受为合法邮件。
+
+```ini
+[mailer]
+ENABLED       = true
+FROM          = gitea@mydomain.com
+MAILER_TYPE   = sendmail
+SENDMAIL_PATH = /usr/sbin/sendmail
+SENDMAIL_ARGS = "--" ; 大多数 "sendmail" 程序都接受选项，使用 "--" 将防止电子邮件地址被解释为选项。
+```
+
+## 使用 SMTP
+
+直接使用 SMTP 服务器作为中继。如果您不想在实例上设置 MTA，但在电子邮件提供商那里有一个帐户，这个选项非常有用。
+
+```ini
+[mailer]
+ENABLED        = true
+FROM           = gitea@mydomain.com
+MAILER_TYPE    = smtp
+SMTP_ADDR      = mail.mydomain.com
+SMTP_PORT      = 587
+IS_TLS_ENABLED = true
+USER           = gitea@mydomain.com
+PASSWD         = `password`
+```
+
+重启 Gitea 以使配置更改生效。
+
+要发送测试邮件以验证设置，请转到 Gitea > 站点管理 > 配置 > SMTP 邮件配置。
+
+有关所有选项的完整列表，请查看[配置速查表](doc/administration/config-cheat-sheet.zh-cn.md)。
+
+请注意：只有在使用 TLS 或 `HOST=localhost` 加密 SMTP 服务器通信时才支持身份验证。TLS 加密可以通过以下方式进行：
+
+- 通过端口 587 的 STARTTLS（也称为 Opportunistic TLS）。初始连接是明文的，但如果服务器支持，则可以升级为 TLS。
+- 通过默认端口 465 的 SMTPS 连接。连接到服务器从一开始就使用 TLS。
+- 使用 `IS_TLS_ENABLED=true` 进行强制的 SMTPS 连接。（这两种方式都被称为 Implicit TLS）
+这是由于 Go 内部库对 STRIPTLS 攻击的保护机制。
+
+请注意，自2018年起，[RFC8314](https://tools.ietf.org/html/rfc8314#section-3) 推荐使用 Implicit TLS。
+
+### Gmail
+
+以下配置应该适用于 Gmail 的 SMTP 服务器：
+
+```ini
+[mailer]
+ENABLED        = true
+HOST           = smtp.gmail.com:465 ; 对于 Gitea >= 1.18.0，删除此行
+SMTP_ADDR      = smtp.gmail.com
+SMTP_PORT      = 465
+FROM           = example.user@gmail.com
+USER           = example.user
+PASSWD         = `***`
+MAILER_TYPE    = smtp
+IS_TLS_ENABLED = true
+```
+
+请注意，您需要创建并使用一个 [应用密码](https://support.google.com/accounts/answer/185833?hl=en) 并在您的 Google 帐户上启用 2FA。您将无法直接使用您的 Google 帐户密码。
--- a/docs/content/doc/administration/environment-variables.en-us.md
+++ b/docs/content/doc/administration/environment-variables.en-us.md
@ -2,14 +2,14 @@
 date: "2017-04-08T11:34:00+02:00"
 title: "Environment variables"
 slug: "environment-variables"
-weight: 20
+weight: 10
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Environment variables"
-    weight: 20
+    weight: 10
    identifier: "environment-variables"
 ---

--- a/docs/content/doc/administration/environment-variables.zh-cn.md
+++ b/docs/content/doc/administration/environment-variables.zh-cn.md
@ -2,14 +2,14 @@
 date: "2017-04-08T11:34:00+02:00"
 title: "环境变量清单"
 slug: "environment-variables"
-weight: 20
+weight: 10
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "环境变量清单"
-    weight: 20
+    weight: 10
    identifier: "environment-variables"
 ---

--- a/docs/content/doc/administration/external-renderers.en-us.md
+++ b/docs/content/doc/administration/external-renderers.en-us.md
@ -2,14 +2,14 @@
 date: "2018-11-23:00:00+02:00"
 title: "External renderers"
 slug: "external-renderers"
-weight: 40
+weight: 60
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "External renderers"
-    weight: 40
+    weight: 60
    identifier: "external-renderers"
 ---

--- a/docs/content/doc/administration/external-renderers.zh-cn.md
+++ b/docs/content/doc/administration/external-renderers.zh-cn.md
@ -0,0 +1,207 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "外部渲染器"
+slug: "external-renderers"
+weight: 60
+toc: false
+draft: false
+aliases:
+  - /zh-cn/external-renderers
+menu:
+  sidebar:
+    parent: "administration"
+    name: "外部渲染器"
+    weight: 60
+    identifier: "external-renderers"
+---
+
+# 自定义文件渲染配置
+
+**目录**
+
+{{< toc >}}
+
+Gitea 通过外部二进制文件支持自定义文件渲染（例如 Jupyter notebooks、asciidoc 等），只需要进行以下步骤：
+
+- 安装外部二进制文件
+- 在您的 `app.ini` 文件中添加一些配置
+- 重新启动 Gitea 实例
+
+此功能支持整个文件的渲染。如果您想要在 Markdown 中渲染代码块，您需要使用 JavaScript 进行一些操作。请参阅 [自定义 Gitea 配置]({{< relref "doc/administration/customizing-gitea.zh-cn.md" >}}) 页面上的一些示例。
+
+## 安装外部二进制文件
+
+为了通过外部二进制文件进行文件渲染，必须安装它们的关联软件包。
+如果您正在使用 Docker 镜像，则您的 `Dockerfile` 应该包含以下内容：
+
+```docker
+FROM gitea/gitea:{{< version >}}
+[...]
+
+COPY custom/app.ini /data/gitea/conf/app.ini
+[...]
+
+RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng libffi-dev py-pip python3-dev py3-pip py3-pyzmq
+# 安装其他您需要的外部渲染器的软件包
+
+RUN pip3 install --upgrade pip
+RUN pip3 install -U setuptools
+RUN pip3 install jupyter docutils
+# 在上面添加您需要安装的任何其他 Python 软件包
+```
+
+## `app.ini` 文件配置
+
+在您的自定义 `app.ini` 文件中为每个外部渲染器添加一个 `[markup.XXXXX]` 部分：
+
+```ini
+[markup.asciidoc]
+ENABLED = true
+FILE_EXTENSIONS = .adoc,.asciidoc
+RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
+; 输入不是标准输入而是文件
+IS_INPUT_FILE = false
+
+[markup.jupyter]
+ENABLED = true
+FILE_EXTENSIONS = .ipynb
+RENDER_COMMAND = "jupyter nbconvert --stdin --stdout --to html --template basic"
+IS_INPUT_FILE = false
+
+[markup.restructuredtext]
+ENABLED = true
+FILE_EXTENSIONS = .rst
+RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
+IS_INPUT_FILE = false
+```
+
+如果您的外部标记语言依赖于在生成的 HTML 元素上的额外类和属性，您可能需要启用自定义的清理策略。Gitea 使用 [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) 包作为我们的 HTML 清理器。下面的示例可以用于支持从 [`pandoc`](https://pandoc.org/) 输出的服务器端 [KaTeX](https://katex.org/) 渲染结果。
+
+```ini
+[markup.sanitizer.TeX]
+; Pandoc 渲染 TeX 段落为带有 "math" 类的 <span> 元素，根据上下文可能还带有 "inline" 或 "display" 类。
+; - 请注意，这与我们的 Markdown 解析器中内置的数学支持不同，后者使用 <code> 元素。
+ELEMENT = span
+ALLOW_ATTR = class
+REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
+
+[markup.markdown]
+ENABLED         = true
+FILE_EXTENSIONS = .md,.markdown
+RENDER_COMMAND  = pandoc -f markdown -t html --katex
+```
+
+您必须在每个部分中定义 `ELEMENT` 和 `ALLOW_ATTR`。
+
+要定义多个条目，请添加唯一的字母数字后缀（例如，`[markup.sanitizer.1]` 和 `[markup.sanitizer.something]`）。
+
+要仅为特定的外部渲染器应用清理规则，它们必须使用渲染器名称，例如 `[markup.sanitizer.asciidoc.rule-1]`、`[markup.sanitizer.<renderer>.rule-1]`。
+
+**注意**：如果规则在渲染器 ini 部分之前定义，或者名称与渲染器不匹配，它将应用于所有渲染器。
+
+完成配置更改后，请重新启动 Gitea 以使更改生效。
+
+**注意**：在 Gitea 1.12 之前，存在一个名为 `markup.sanitiser` 的单个部分，其中的键被重新定义为多个规则，但是，这种配置方法存在重大问题，需要通过多个部分进行配置。
+
+### 示例：HTML
+
+直接渲染 HTML 文件：
+
+```ini
+[markup.html]
+ENABLED         = true
+FILE_EXTENSIONS = .html,.htm
+RENDER_COMMAND  = cat
+; 输入不是标准输入，而是文件
+IS_INPUT_FILE   = true
+
+[markup.sanitizer.html.1]
+ELEMENT = div
+ALLOW_ATTR = class
+
+[markup.sanitizer.html.2]
+ELEMENT = a
+ALLOW_ATTR = class
+```
+
+请注意：此示例中的配置将允许渲染 HTML 文件，并使用 `cat` 命令将文件内容输出为 HTML。此外，配置中的两个清理规则将允许 `<div>` 和 `<a>` 元素使用 `class` 属性。
+
+在进行配置更改后，请重新启动 Gitea 以使更改生效。
+
+### 示例：Office DOCX
+
+使用 [`pandoc`](https://pandoc.org/) 显示 Office DOCX 文件：
+
+```ini
+[markup.docx]
+ENABLED = true
+FILE_EXTENSIONS = .docx
+RENDER_COMMAND = "pandoc --from docx --to html --self-contained --template /path/to/basic.html"
+
+[markup.sanitizer.docx.img]
+ALLOW_DATA_URI_IMAGES = true
+```
+
+在此示例中，配置将允许显示 Office DOCX 文件，并使用 `pandoc` 命令将文件转换为 HTML 格式。同时，清理规则中的 `ALLOW_DATA_URI_IMAGES` 设置为 `true`，允许使用 Data URI 格式的图片。
+
+模板文件的内容如下：
+
+```
+$body$
+```
+
+### 示例：Jupyter Notebook
+
+使用 [`nbconvert`](https://github.com/jupyter/nbconvert) 显示 Jupyter Notebook 文件：
+
+```ini
+[markup.jupyter]
+ENABLED = true
+FILE_EXTENSIONS = .ipynb
+RENDER_COMMAND = "jupyter-nbconvert --stdin --stdout --to html --template basic"
+
+[markup.sanitizer.jupyter.img]
+ALLOW_DATA_URI_IMAGES = true
+```
+
+在此示例中，配置将允许显示 Jupyter Notebook 文件，并使用 `nbconvert` 命令将文件转换为 HTML 格式。同样，清理规则中的 `ALLOW_DATA_URI_IMAGES` 设置为 `true`，允许使用 Data URI 格式的图片。
+
+在进行配置更改后，请重新启动 Gitea 以使更改生效。
+
+## 自定义 CSS
+
+在 `.ini` 文件中，可以使用 `[markup.XXXXX]` 的格式指定外部渲染器，并且由外部渲染器生成的 HTML 将被包装在一个带有 `markup` 和 `XXXXX` 类的 `<div>` 中。`markup` 类提供了预定义的样式（如果 `XXXXX` 是 `markdown`，则使用 `markdown` 类）。否则，您可以使用这些类来针对渲染的 HTML 内容进行定制样式。
+
+因此，您可以编写一些 CSS 样式：
+
+```css
+.markup.XXXXX html {
+  font-size: 100%;
+  overflow-y: scroll;
+  -webkit-text-size-adjust: 100%;
+  -ms-text-size-adjust: 100%;
+}
+
+.markup.XXXXX body {
+  color: #444;
+  font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', serif;
+  font-size: 12px;
+  line-height: 1.7;
+  padding: 1em;
+  margin: auto;
+  max-width: 42em;
+  background: #fefefe;
+}
+
+.markup.XXXXX p {
+  color: orangered;
+}
+```
+
+将您的样式表添加到自定义目录中，例如 `custom/public/css/my-style-XXXXX.css`，并使用自定义的头文件 `custom/templates/custom/header.tmpl` 进行导入：
+
+```html
+<link rel="stylesheet" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
+```
+
+通过以上步骤，您可以将自定义的 CSS 样式应用到特定的外部渲染器，使其具有所需的样式效果。
--- a/docs/content/doc/administration/fail2ban-setup.en-us.md
+++ b/docs/content/doc/administration/fail2ban-setup.en-us.md
@ -1,13 +1,13 @@
 ---
 date: "2018-05-11T11:00:00+02:00"
-title: "Usage: Setup fail2ban"
+title: "Setup fail2ban"
 slug: "fail2ban-setup"
 weight: 16
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "Fail2ban setup"
    weight: 16
    identifier: "fail2ban-setup"
--- a/docs/content/doc/administration/fail2ban-setup.zh-cn.md
+++ b/docs/content/doc/administration/fail2ban-setup.zh-cn.md
@ -7,7 +7,7 @@ toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "设置 Fail2ban"
    weight: 16
    identifier: "fail2ban-setup"
--- a/docs/content/doc/administration/git-lfs-support.en-us.md
+++ b/docs/content/doc/administration/git-lfs-support.en-us.md
@ -1,13 +1,13 @@
 ---
 date: "2019-10-06T08:00:00+05:00"
-title: "Usage: Git LFS setup"
+title: "Git LFS setup"
 slug: "git-lfs-setup"
 weight: 12
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "Git LFS setup"
    weight: 12
    identifier: "git-lfs-setup"
--- a/docs/content/doc/administration/git-lfs-support.zh-cn.md
+++ b/docs/content/doc/administration/git-lfs-support.zh-cn.md
@ -0,0 +1,32 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "Git LFS 设置"
+slug: "git-lfs-setup"
+weight: 12
+toc: false
+draft: false
+aliases:
+  - /zh-cn/git-lfs-setup
+menu:
+  sidebar:
+    parent: "administration"
+    name: "Git LFS 设置"
+    weight: 12
+    identifier: "git-lfs-setup"
+---
+
+# 配置 Git 大文件存储（Large File Storage，LFS）
+
+要使用 Gitea 内置的 LFS 支持，您需要更新 `app.ini` 文件：
+
+```ini
+[server]
+; 启用 git-lfs 支持。true 或 false，默认为 false。
+LFS_START_SERVER = true
+
+[lfs]
+; 存放 LFS 文件的路径，默认为 data/lfs。
+PATH = /home/gitea/data/lfs
+```
+
+**注意**：LFS 服务器支持需要服务器上安装 Git v2.1.2 以上版本。
--- a/docs/content/doc/administration/https-support.en-us.md
+++ b/docs/content/doc/administration/https-support.en-us.md
@ -1,13 +1,13 @@
 ---
 date: "2018-06-02T11:00:00+02:00"
-title: "Usage: HTTPS setup"
+title: "HTTPS setup"
 slug: "https-setup"
 weight: 12
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "HTTPS setup"
    weight: 12
    identifier: "https-setup"
@ -24,7 +24,7 @@ menu:
 Before you enable HTTPS, make sure that you have valid SSL/TLS certificates.
 You could use self-generated certificates for evaluation and testing. Please run `gitea cert --host [HOST]` to generate a self signed certificate.

-If you are using Apache or nginx on the server, it's recommended to check the [reverse proxy guide]({{< relref "doc/usage/reverse-proxies.en-us.md" >}}).
+If you are using Apache or nginx on the server, it's recommended to check the [reverse proxy guide]({{< relref "doc/administration/reverse-proxies.en-us.md" >}}).

 To use Gitea's built-in HTTPS support, you must change your `app.ini` file:

--- a/docs/content/doc/administration/logging-config.zh-cn.md
+++ b/docs/content/doc/administration/logging-config.zh-cn.md
@ -0,0 +1,272 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "日志配置"
+slug: "logging-config"
+weight: 40
+toc: false
+draft: false
+aliases:
+  - /zh-cn/logging-configuration
+menu:
+  sidebar:
+    parent: "administration"
+    name: "日志配置"
+    weight: 40
+    identifier: "logging-config"
+---
+
+# 日志配置
+
+Gitea 的日志配置主要由以下三种类型的组件组成：
+
+- `[log]` 部分用于一般配置
+- `[log.<mode-name>]` 部分用于配置不同的日志输出方式，也称为 "writer mode"，模式名称同时也作为 "writer name"
+- `[log]` 部分还可以包含遵循 `logger.<logger-name>.<CONFIG-KEY>` 模式的子日志记录器的配置
+
+默认情况下，已经有一个完全功能的日志输出，因此不需要重新定义。
+
+**目录**
+
+{{< toc >}}
+
+## `[log]` 部分
+
+在 Gitea 中，日志设施的配置在 `[log]` 部分及其子部分。
+
+在顶层的 `[log]` 部分，可以放置以下配置项：
+
+- `ROOT_PATH`：（默认值：**%(GITEA_WORK_DIR)/log**）：日志文件的基本路径。
+- `MODE`：（默认值：**console**）：要用于默认日志记录器的日志输出列表。
+- `LEVEL`：（默认值：**Info**）：要持久化的最严重的日志事件，不区分大小写。可能的值为：`Trace`、`Debug`、`Info`、`Warn`、`Error`、`Fatal`。
+- `STACKTRACE_LEVEL`：（默认值：**None**）：对于此类及更严重的事件，将在记录时打印堆栈跟踪。
+
+它还可以包含以下子日志记录器：
+
+- `logger.router.MODE`：（默认值：**,**）：用于路由器日志记录器的日志输出列表。
+- `logger.access.MODE`：（默认值：**\<empty\>**）：用于访问日志记录器的日志输出列表。默认情况下，访问日志记录器被禁用。
+- `logger.xorm.MODE`：（默认值：**,**）：用于 XORM 日志记录器的日志输出列表。
+
+将子日志记录器的模式设置为逗号（`,`）表示使用默认的全局 `MODE`。
+
+## 快速示例
+
+### 默认（空）配置
+
+空配置等同于默认配置：
+
+```ini
+[log]
+ROOT_PATH = %(GITEA_WORK_DIR)/log
+MODE = console
+LEVEL = Info
+STACKTRACE_LEVEL = None
+logger.router.MODE = ,
+logger.xorm.MODE = ,
+logger.access.MODE =
+
+; 这是“控制台”模式的配置选项（由上面的 MODE=console 使用）
+[log.console]
+MODE = console
+FLAGS = stdflags
+PREFIX =
+COLORIZE = true
+```
+
+这等同于将所有日志发送到控制台，并将默认的 Golang 日志也发送到控制台日志中。
+
+这只是一个示例，默认情况下不需要将其写入配置文件中。
+
+### 禁用路由日志并将一些访问日志记录到文件中
+
+禁用路由日志，将访问日志（>=Warn）记录到 `access.log` 中：
+
+```ini
+[log]
+logger.router.MODE =
+logger.access.MODE = access-file
+
+[log.access-file]
+MODE = file
+LEVEL = Warn
+FILE_NAME = access.log
+```
+
+### 为不同的模式设置不同的日志级别
+
+将默认日志（>=Warn）记录到 `gitea.log` 中，将错误日志记录到 `file-error.log` 中：
+
+```ini
+[log]
+LEVEL = Warn
+MODE = file, file-error
+
+; 默认情况下，"file" 模式会将日志记录到 %(log.ROOT_PATH)/gitea.log，因此我们不需要设置它
+; [log.file]
+
+[log.file-error]
+LEVEL = Error
+FILE_NAME = file-error.log
+```
+
+## 日志输出（模式和写入器）
+
+Gitea 提供以下日志写入器：
+
+- `console` - 输出日志到 `stdout`（或 `stderr`，如果已在配置中设置）
+- `file` - 输出日志到文件
+- `conn` - 输出日志到套接字（网络或 Unix 套接字）
+
+### 公共配置
+
+某些配置适用于所有日志输出模式：
+
+- `MODE` 是日志输出写入器的模式。它将默认为 ini 部分的模式名称。因此，`[log.console]` 将默认为 `MODE = console`。
+- `LEVEL` 是此输出将记录的最低日志级别。
+- `STACKTRACE_LEVEL` 是此输出将打印堆栈跟踪的最低日志级别。
+- `COLORIZE` 对于 `console`，默认为 `true`，否则默认为 `false`。
+
+#### `EXPRESSION`
+
+`EXPRESSION` 表示日志事件必须匹配才能被输出写入器记录的正则表达式。
+日志消息（去除颜色）或 `longfilename:linenumber:functionname` 必须匹配其中之一。
+注意：整个消息或字符串不需要完全匹配。
+
+请注意，此表达式将在写入器的 goroutine 中运行，而不是在日志事件的 goroutine 中运行。
+
+#### `FLAGS`
+
+`FLAGS` 表示在每条消息之前打印的前置日志上下文信息。
+它是一个逗号分隔的字符串集。值的顺序无关紧要。
+
+默认值为 `stdflags`（= `date,time,medfile,shortfuncname,levelinitial`）。
+
+可能的值为：
+
+- `none` 或 `,` - 无标志。
+- `date` - 当地时区的日期：`2009/01/23`。
+- `time` - 当地时区的时间：`01:23:23`。
+- `microseconds` - 微秒精度：`01:23:23.123123`。假定有时间。
+- `longfile` - 完整的文件名和行号：`/a/b/c/d.go:23`。
+- `shortfile` - 文件名的最后一个部分和行号：`d.go:23`。
+- `funcname` - 调用者的函数名：`runtime.Caller()`。
+- `shortfuncname` - 函数名的最后一部分。覆盖 `funcname`。
+- `utc` - 如果设置了日期或时间，则使用 UTC 而不是本地时区。
+- `levelinitial` - 提供的级别的初始字符，放在方括号内，例如 `[I]` 表示 info。
+- `level` - 在方括号内的级别，例如 `[INFO]`。
+- `gopid` - 上下文的 Goroutine-PID。
+- `medfile` - 文件名的最后 20 个字符 - 相当于 `shortfile,longfile`。
+- `stdflags` - 相当于 `date,time,medfile,shortfuncname,levelinitial`。
+
+### Console 模式
+
+在此模式下，日志记录器将将日志消息转发到 Gitea 进程附加的 stdout 和 stderr 流。
+
+对于 console 模式的日志记录器，如果不在 Windows 上，或者 Windows 终端可以设置为 ANSI 模式，或者是 cygwin 或 Msys 管道，则 `COLORIZE` 默认为 `true`。
+
+设置：
+
+- `STDERR`：**false**：日志记录器是否应将日志打印到 `stderr` 而不是 `stdout`。
+
+### File 模式
+
+在此模式下，日志记录器将将日志消息保存到文件中。
+
+设置：
+
+- `FILE_NAME`：要将日志事件写入的文件，相对于 `ROOT_PATH`，默认为 `%(ROOT_PATH)/gitea.log`。异常情况：访问日志默认为 `%(ROOT_PATH)/access.log`。
+- `MAX_SIZE_SHIFT`：**28**：单个文件的最大大小位移。28 表示 256Mb。详细信息见下文。
+- `LOG_ROTATE` **true**：是否轮转日志文件。
+- `DAILY_ROTATE`：**true**：是否每天旋转日志。
+- `MAX_DAYS`：**7**：在此天数之后删除旋转的日志文件。
+- `COMPRESS`：**true**：默认情况下是否使用 gzip 压缩旧的日志文件。
+- `COMPRESSION_LEVEL`：**-1**：压缩级别。详细信息见下文。
+
+`MAX_SIZE_SHIFT` 通过将给定次数左移 1 (`1 << x`) 来定义文件的最大大小。
+在 v1.17.3 版本时的确切行为可以在[这里](https://github.com/go-gitea/gitea/blob/v1.17.3/modules/setting/log.go#L185)中查看。
+
+`COMPRESSION_LEVEL` 的有用值范围从 1 到（包括）9，其中较高的数字表示更好的压缩。
+请注意，更好的压缩可能会带来更高的资源使用。
+必须在前面加上 `-` 符号。
+
+### Conn 模式
+
+在此模式下，日志记录器将通过网络套接字发送日志消息。
+
+设置：
+
+- `ADDR`：**:7020**：设置要连接的地址。
+- `PROTOCOL`：**tcp**：设置协议，可以是 "tcp"、"unix" 或 "udp"。
+- `RECONNECT`：**false**：在连接丢失时尝试重新连接。
+- `RECONNECT_ON_MSG`：**false**：为每条消息重新连接主机。
+
+### "Router" 日志记录器
+
+当 Gitea 的路由处理程序工作时，Router 日志记录器记录以下消息类型：
+
+- `started` 消息将以 TRACE 级别记录
+- `polling`/`completed` 路由将以 INFO 级别记录。异常情况："/assets" 静态资源请求也会以 TRACE 级别记录。
+- `slow` 路由将以 WARN 级别记录
+- `failed` 路由将以 WARN 级别记录
+
+### "XORM" 日志记录器
+
+为了使 XORM 输出 SQL 日志，还应将 `[database]` 部分中的 `LOG_SQL` 设置为 `true`。
+
+### "Access" 日志记录器
+
+"Access" 日志记录器是自 Gitea 1.9 版本以来的新日志记录器。它提供了符合 NCSA Common Log 标准的日志格式。虽然它具有高度可配置性，但在更改其模板时应谨慎。此日志记录器的主要好处是，Gitea 现在可以使用标准日志格式记录访问日志，因此可以使用标准工具进行分析。
+
+您可以通过使用 `logger.access.MODE = ...` 来启用此日志记录器。
+
+如果需要，可以通过更改 `ACCESS_LOG_TEMPLATE` 的值来更改 "Access" 日志记录器的格式。
+
+请注意，访问日志记录器将以 `INFO` 级别记录，将此日志记录器的 `LEVEL` 设置为 `WARN` 或更高级别将导致不记录访问日志。
+
+#### ACCESS_LOG_TEMPLATE
+
+此值表示一个 Go 模板。其默认值为
+
+```tmpl
+{{.Ctx.RemoteHost}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"`
+```
+
+模板接收以下选项：
+
+- `Ctx` 是 `context.Context`
+- `Identity` 是 `SignedUserName`，如果用户未登录，则为 "-"
+- `Start` 是请求的开始时间
+- `ResponseWriter` 是 `http.ResponseWriter`
+
+更改此模板时必须小心，因为它在标准的 panic 恢复陷阱之外运行。此模板应该尽可能简单，因为它会为每个请求运行一次。
+
+## 释放和重新打开、暂停和恢复日志记录
+
+如果您在 Unix 上运行，您可能希望释放和重新打开日志以使用 `logrotate` 或其他工具。
+可以通过向运行中的进程发送 `SIGUSR1` 信号或运行 `gitea manager logging release-and-reopen` 命令来强制 Gitea 释放并重新打开其日志文件和连接。
+
+或者，您可能希望暂停和恢复日志记录 - 可以通过使用 `gitea manager logging pause` 和 `gitea manager logging resume` 命令来实现。请注意，当日志记录暂停时，低于 INFO 级别的日志事件将不会存储，并且只会存储有限数量的事件。在暂停时，日志记录可能会阻塞，尽管是暂时性的，但会大大减慢 Gitea 的运行速度，因此建议仅暂停很短的时间。
+
+### 在 Gitea 运行时添加和删除日志记录
+
+可以使用 `gitea manager logging add` 和 `remove` 子命令在 Gitea 运行时添加和删除日志记录。
+此功能只能调整正在运行的日志系统，不能用于启动未初始化的访问或路由日志记录器。如果您希望启动这些系统，建议调整 app.ini 并（优雅地）重新启动 Gitea 服务。
+
+这些命令的主要目的是在运行中的系统上轻松添加临时日志记录器，以便调查问题，因为重新启动可能会导致问题消失。
+
+## 使用 `logrotate` 而不是内置的日志轮转
+
+Gitea 包含内置的日志轮转功能，对于大多数部署来说应该已经足够了。但是，如果您想使用 `logrotate` 工具：
+
+- 在 `app.ini` 中将 `LOG_ROTATE` 设置为 `false`，禁用内置的日志轮转。
+- 安装 `logrotate`。
+- 根据部署要求配置 `logrotate`，有关配置语法细节，请参阅 `man 8 logrotate`。
+  在 `postrotate/endscript` 块中通过 `kill -USR1` 或 `kill -10` 向 `gitea` 进程本身发送 `USR1` 信号，
+  或者运行 `gitea manager logging release-and-reopen`（使用适当的环境设置）。
+  确保配置适用于由 Gitea 日志记录器生成的所有文件，如上述部分所述。
+- 始终使用 `logrotate /etc/logrotate.conf --debug` 来测试您的配置。
+- 如果您正在使用 Docker 并从容器外部运行，您可以使用
+  `docker exec -u $OS_USER $CONTAINER_NAME sh -c 'gitea manager logging release-and-reopen'`
+  或 `docker exec $CONTAINER_NAME sh -c '/bin/s6-svc -1 /etc/s6/gitea/'`，或直接向 Gitea 进程本身发送 `USR1` 信号。
+
+下一个 `logrotate` 作业将包括您的配置，因此不需要重新启动。
+您还可以立即使用 `logrotate /etc/logrotate.conf --force` 重新加载 `logrotate`。
--- a/docs/content/doc/administration/logging-documentation.en-us.md
+++ b/docs/content/doc/administration/logging-documentation.en-us.md
@ -1,15 +1,15 @@
 ---
 date: "2019-04-02T17:06:00+01:00"
-title: "Advanced: Logging Configuration"
+title: "Logging Configuration"
 slug: "logging-configuration"
-weight: 55
+weight: 40
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Logging Configuration"
-    weight: 55
+    weight: 40
    identifier: "logging-configuration"
 ---

--- a/docs/content/doc/administration/mail-templates.en-us.md
+++ b/docs/content/doc/administration/mail-templates.en-us.md
@ -7,7 +7,7 @@ toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Mail templates"
    weight: 45
    identifier: "mail-templates"
@ -39,7 +39,7 @@ Currently, the following notification events make use of templates:
 | `approve`   | The head comment of a approving review for a pull request.                                                   |
 | `reject`    | The head comment of a review requesting changes for a pull request.                                          |
 | `code`      | A single comment on the code of a pull request.                                                              |
-| `assigned`  | Used was assigned to an issue or pull request.                                                               |
+| `assigned`  | User was assigned to an issue or pull request.                                                               |
 | `default`   | Any action not included in the above categories, or when the corresponding category template is not present. |

 The path for the template of a particular message type is:
--- a/docs/content/doc/administration/mail-templates.zh-cn.md
+++ b/docs/content/doc/administration/mail-templates.zh-cn.md
@ -0,0 +1,265 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "邮件模板"
+slug: "mail-templates"
+weight: 45
+toc: false
+draft: false
+aliases:
+  - /zh-cn/mail-templates
+menu:
+  sidebar:
+    parent: "administration"
+    name: "邮件模板"
+    weight: 45
+    identifier: "mail-templates"
+---
+
+# 邮件模板
+
+**目录**
+
+{{< toc >}}
+
+为了定制特定操作的电子邮件主题和内容，可以使用模板来自定义 Gitea。这些功能的模板位于 [`custom` 目录](https://docs.gitea.io/en-us/customizing-gitea/) 下。
+如果没有自定义的替代方案，Gitea 将使用内部模板作为默认模板。
+
+自定义模板在 Gitea 启动时加载。对它们的更改在 Gitea 重新启动之前不会被识别。
+
+## 支持模板的邮件通知
+
+目前，以下通知事件使用模板：
+
+| 操作名称   | 用途                                                                                    |
+| ----------- | ------------------------------------------------------------------------------------------------------------ |
+| `new`       | 创建了新的工单或合并请求。                                                                    |
+| `comment`   | 在现有工单或合并请求中创建了新的评论。                                                          |
+| `close`     | 关闭了工单或合并请求。                                                                         |
+| `reopen`    | 重新打开了工单或合并请求。                                                                       |
+| `review`    | 在合并请求中进行审查的首要评论。                                                               |
+| `approve`   | 对合并请求进行批准的首要评论。                                                                 |
+| `reject`    | 对合并请求提出更改请求的审查的首要评论。                                                       |
+| `code`      | 关于合并请求的代码的单个评论。                                                                 |
+| `assigned`  | 用户被分配到工单或合并请求。                                                                    |
+| `default`   | 未包括在上述类别中的任何操作，或者当对应类别的模板不存在时使用的模板。                              |
+
+特定消息类型的模板路径为：
+
+```sh
+custom/templates/mail/{操作类型}/{操作名称}.tmpl
+```
+
+其中 `{操作类型}` 是 `issue` 或 `pull`（针对合并请求），`{操作名称}` 是上述列出的操作名称之一。
+
+例如，有关合并请求中的评论的电子邮件的特定模板是：
+
+```sh
+custom/templates/mail/pull/comment.tmpl
+```
+
+然而，并不需要为每个操作类型/名称组合创建模板。
+使用回退系统来选择适当的模板。在此列表中，将使用 _第一个存在的_ 模板：
+
+- 所需**操作类型**和**操作名称**的特定模板。
+- 操作类型为 `issue` 和所需**操作名称**的模板。
+- 所需**操作类型**和操作名称为 `default` 的模板。
+- 操作类型为` issue` 和操作名称为 `default` 的模板。
+
+唯一必需的模板是操作类型为 `issue` 操作名称为 `default` 的模板，除非用户在 `custom` 目录中覆盖了它。
+
+## 模板语法
+
+邮件模板是 UTF-8 编码的文本文件，需要遵循以下格式之一：
+
+```
+用于主题行的文本和宏
+------------
+用于邮件正文的文本和宏
+```
+
+或者
+
+```
+用于邮件正文的文本和宏
+```
+
+指定 _主题_ 部分是可选的（因此也是虚线分隔符）。在使用时，_主题_ 和 _邮件正文_ 模板之间的分隔符需要至少三个虚线；分隔符行中不允许使用其他字符。
+
+_主题_ 和 _邮件正文_ 由 [Golang的模板引擎](https://golang.org/pkg/text/template/) 解析，并提供了为每个通知组装的 _元数据上下文_。上下文包含以下元素：
+
+| 名称                 | 类型               | 可用性            | 用途                                                                                                                                                                                                                                             |
+| -------------------- | ------------------ | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `.FallbackSubject`   | string             | 始终可用        | 默认主题行。参见下文。                                                                                                                                                                                                                            |
+| `.Subject`           | string             | 仅在正文中可用  | 解析后的 _主题_。                                                                                                                                                                                                                                 |
+| `.Body`              | string             | 始终可用        | 工单、合并请求或评论的消息，从 Markdown 解析为 HTML 并进行了清理。请勿与 _邮件正文_ 混淆。                                                                                                                                                                 |
+| `.Link`              | string             | 始终可用        | 源工单、合并请求或评论的地址。                                                                                                                                                                                                                    |
+| `.Issue`             | models.Issue       | 始终可用        | 产生通知的工单（或合并请求）。要获取特定于合并请求的数据（例如 `HasMerged`），可以使用 `.Issue.PullRequest`，但需要注意，如果工单 _不是_ 合并请求，则该字段将为 `nil`。                                                                       |
+| `.Comment`           | models.Comment     | 如果适用        | 如果通知是针对添加到工单或合并请求的评论，则其中包含有关评论的信息。                                                                                                                                                                             |
+| `.IsPull`            | bool               | 始终可用        | 如果邮件通知与合并请求关联（即 `.Issue.PullRequest` 不为 `nil` ），则为 `true`。                                                                                                                                                                       |
+| `.Repo`              | string         | 始终可用        | 仓库的名称，包括所有者名称（例如 `mike/stuff`）                                                                                                                                                                                                    |
+| `.User`              | models.User        | 始终可用        | 事件来源仓库的所有者。要获取用户名（例如 `mike`），可以使用 `.User.Name`。                                                                                                                                                                           |
+| `.Doer`              | models.User        | 始终可用        | 执行触发通知事件的操作的用户。要获取用户名（例如 `rhonda`），可以使用 `.Doer.Name`。                                                                                                                                                                |
+| `.IsMention`         | bool               | 始终可用        | 如果此通知仅是因为在评论中提到了用户而生成的，并且收件人未订阅源，则为 `true`。如果收件人已订阅工单或仓库，则为 `false`。                                                                                                                            |
+| `.SubjectPrefix`     | string             | 始终可用        | 如果通知是关于除工单或合并请求创建之外的其他内容，则为 `Re：`；否则为空字符串。                                                                                                                                                                      |
+| `.ActionType`        | string             | 始终可用        | `"issue"` 或 `"pull"`。它将与实际的 _操作类型_ 对应，与选择的模板无关。                                                                                                                                                                                 |
+| `.ActionName`        | string             | 始终可用        | 它将是上述操作类型之一（`new` ，`comment` 等），并与选择的模板对应。                                                                                                                                                                                 |
+| `.ReviewComments`    | []models.Comment   | 始终可用        | 审查中的代码评论列表。评论文本将在 `.RenderedContent` 中，引用的代码将在 `.Patch` 中。                                                                                                                                                                |
+
+所有名称区分大小写。
+
+### 模板中的主题部分
+
+用于邮件主题的模板引擎是 Golang 的 [`text/template`](https://golang.org/pkg/text/template/)。
+有关语法的详细信息，请参阅链接的文档。
+
+主题构建的步骤如下：
+
+- 根据通知类型和可用的模板选择一个模板。
+- 解析并解析模板（例如，将 `{{.Issue.Index}}` 转换为工单或合并请求的编号）。
+- 将所有空格字符（例如 `TAB`，`LF` 等）转换为普通空格。
+- 删除所有前导、尾随和多余的空格。
+- 将字符串截断为前 256 个字母（字符）。
+
+如果最终结果为空字符串，**或者**没有可用的主题模板（即所选模板不包含主题部分），将使用Gitea的**内部默认值**。
+
+内部默认（回退）主题相当于：
+
+```
+{{.SubjectPrefix}}[{{.Repo}}] {{.Issue.Title}} (#{{.Issue.Index}})
+```
+
+例如：`Re: [mike/stuff] New color palette (#38)`
+
+即使存在有效的主题模板，Gitea的默认主题也可以在模板的元数据中作为 `.FallbackSubject` 找到。
+
+### 模板中的邮件正文部分
+
+用于邮件正文的模板引擎是 Golang 的 [`html/template`](https://golang.org/pkg/html/template/)。
+有关语法的详细信息，请参阅链接的文档。
+
+邮件正文在邮件主题之后进行解析，因此还有一个额外的 _元数据_ 字段，即在考虑所有情况之后实际呈现的主题。
+
+期望的结果是 HTML（包括结构元素，如`<html>`，`<body>`等）。可以通过 `<style>` 块、`class` 和 `style` 属性进行样式设置。但是，`html/template` 会进行一些 [自动转义](https://golang.org/pkg/html/template/#hdr-Contexts)，需要考虑这一点。
+
+不支持附件（例如图像或外部样式表）。但是，也可以引用其他模板，例如以集中方式提供 `<style>` 元素的内容。外部模板必须放置在 `custom/mail` 下，并相对于该目录引用。例如，可以使用 `{{template styles/base}}` 包含 `custom/mail/styles/base.tmpl`。
+
+邮件以 `Content-Type: multipart/alternative` 发送，因此正文以 HTML 和文本格式发送。通过剥离 HTML 标记来获取文本版本。
+
+## 故障排除
+
+邮件的呈现方式直接取决于邮件应用程序的功能。许多邮件客户端甚至不支持 HTML，因此显示生成邮件中包含的文本版本。
+
+如果模板无法呈现，则只有在发送邮件时才会注意到。
+如果主题模板失败，将使用默认主题，如果从 _邮件正文_ 中成功呈现了任何内容，则将使用该内容，忽略其他内容。
+
+如果遇到问题，请检查 [Gitea的日志](https://docs.gitea.io/en-us/logging-configuration/) 以获取错误消息。
+
+## 示例
+
+`custom/templates/mail/issue/default.tmpl`:
+
+```html
+[{{.Repo}}] @{{.Doer.Name}}
+{{if eq .ActionName "new"}}
+    创建了
+{{else if eq .ActionName "comment"}}
+    评论了
+{{else if eq .ActionName "close"}}
+    关闭了
+{{else if eq .ActionName "reopen"}}
+    重新打开了
+{{else}}
+    更新了
+{{end}}
+{{if eq .ActionType "issue"}}
+    工单
+{{else}}
+    合并请求
+{{end}}
+#{{.Issue.Index}}: {{.Issue.Title}}
+------------
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>{{.Subject}}</title>
+</head>
+
+<body>
+    {{if .IsMention}}
+    <p>
+        您收到此邮件是因为 @{{.Doer.Name}} 提到了您。
+    </p>
+    {{end}}
+    <p>
+        <p>
+        <a href="{{AppUrl}}/{{.Doer.LowerName}}">@{{.Doer.Name}}</a>
+        {{if not (eq .Doer.FullName "")}}
+            ({{.Doer.FullName}})
+        {{end}}
+        {{if eq .ActionName "new"}}
+            创建了
+        {{else if eq .ActionName "close"}}
+            关闭了
+        {{else if eq .ActionName "reopen"}}
+            重新打开了
+        {{else}}
+            更新了
+        {{end}}
+        <a href="{{.Link}}">{{.Repo}}#{{.Issue.Index}}</a>。
+        </p>
+        {{if not (eq .Body "")}}
+            <h3>消息内容：</h3>
+            <hr>
+            {{.Body | Str2html}}
+        {{end}}
+    </p>
+    <hr>
+    <p>
+        <a href="{{.Link}}">在 Gitea 上查看</a>。
+    </p>
+</body>
+</html>
+```
+
+该模板将生成以下内容：
+
+### 主题
+
+> [mike/stuff] @rhonda 在合并请求 #38 上进行了评论：New color palette
+
+### 邮件正文
+
+> [@rhonda](#)（Rhonda Myers）更新了 [mike/stuff#38](#)。
+>
+> #### 消息内容：
+>
+> \_********************************\_********************************
+>
+> Mike, I think we should tone down the blues a little.
+>
+> \_********************************\_********************************
+>
+> [在 Gitea 上查看](#)。
+
+## 高级用法
+
+模板系统包含一些函数，可用于进一步处理和格式化消息。以下是其中一些函数的列表：
+
+| 函数名            | 参数        | 可用于       | 用法                                                                              |
+| ----------------- | ----------- | ------------ | --------------------------------------------------------------------------------- |
+| `AppUrl`          | -           | 任何地方     | Gitea 的 URL                                                                     |
+| `AppName`         | -           | 任何地方     | 从 `app.ini` 中设置，通常为 "Gitea"                                               |
+| `AppDomain`       | -           | 任何地方     | Gitea 的主机名                                                                   |
+| `EllipsisString`  | string, int | 任何地方     | 将字符串截断为指定长度；根据需要添加省略号                                        |
+| `Str2html`        | string      | 仅正文部分   | 通过删除其中的 HTML 标签对文本进行清理                                              |
+| `Safe`            | string      | 仅正文部分   | 将输入作为 HTML 处理；可用于 `.ReviewComments.RenderedContent` 等字段               |
+
+这些都是 _函数_，而不是元数据，因此必须按以下方式使用：
+
+```html
+像这样使用：         {{Str2html "Escape<my>text"}}
+或者这样使用：       {{"Escape<my>text" | Str2html}}
+或者这样使用：       {{AppUrl}}
+但不要像这样使用：   {{.AppUrl}}
+```
--- a/docs/content/doc/administration/repo-indexer.en-us.md
+++ b/docs/content/doc/administration/repo-indexer.en-us.md
@ -7,7 +7,7 @@ toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Repository indexer"
    weight: 45
    identifier: "repo-indexer"
--- a/docs/content/doc/administration/repo-indexer.zh-cn.md
+++ b/docs/content/doc/administration/repo-indexer.zh-cn.md
@ -0,0 +1,63 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "仓库索引器"
+slug: "repo-indexer"
+weight: 45
+toc: false
+draft: false
+aliases:
+  - /zh-cn/repo-indexer
+menu:
+  sidebar:
+    parent: "administration"
+    name: "仓库索引器"
+    weight: 45
+    identifier: "repo-indexer"
+---
+
+# 仓库索引器
+
+**目录**
+
+{{< toc >}}
+
+## 设置仓库索引器
+
+通过在您的 [`app.ini`](https://docs.gitea.io/en-us/config-cheat-sheet/) 中启用此功能，Gitea 可以通过仓库的文件进行搜索：
+
+```ini
+[indexer]
+; ...
+REPO_INDEXER_ENABLED = true
+REPO_INDEXER_PATH = indexers/repos.bleve
+MAX_FILE_SIZE = 1048576
+REPO_INDEXER_INCLUDE =
+REPO_INDEXER_EXCLUDE = resources/bin/**
+```
+
+请记住，索引内容可能会消耗大量系统资源，特别是在首次创建索引或全局更新索引时（例如升级 Gitea 之后）。
+
+### 按大小选择要索引的文件
+
+`MAX_FILE_SIZE` 选项将使索引器跳过所有大于指定值的文件。
+
+### 按路径选择要索引的文件
+
+Gitea使用 [`gobwas/glob` 库](https://github.com/gobwas/glob) 中的 glob 模式匹配来选择要包含在索引中的文件。
+
+限制文件列表可以防止索引被派生或无关的文件（例如 lss、sym、map 等）污染，从而使搜索结果更相关。这还有助于减小索引的大小。
+
+`REPO_INDEXER_EXCLUDE_VENDORED`（默认值为 true）将排除供应商文件不包含在索引中。
+
+`REPO_INDEXER_INCLUDE`（默认值为空）是一个逗号分隔的 glob 模式列表，用于在索引中**包含**的文件。空列表表示“_包含所有文件_”。
+`REPO_INDEXER_EXCLUDE`（默认值为空）是一个逗号分隔的 glob 模式列表，用于从索引中**排除**的文件。与该列表匹配的文件将不会被索引。`REPO_INDEXER_EXCLUDE` 优先于 `REPO_INDEXER_INCLUDE`。
+
+模式匹配工作方式如下：
+
+- 要匹配所有带有 `.txt` 扩展名的文件，无论在哪个目录中，请使用 `**.txt`。
+- 要匹配仅在仓库的根级别中具有 `.txt` 扩展名的所有文件，请使用 `*.txt`。
+- 要匹配 `resources/bin` 目录及其子目录中的所有文件，请使用 `resources/bin/**`。
+- 要匹配位于 `resources/bin` 目录下的所有文件，请使用 `resources/bin/*`。
+- 要匹配所有名为 `Makefile` 的文件，请使用 `**Makefile`。
+- 匹配目录没有效果；模式 `resources/bin` 不会包含/排除该目录中的文件；`resources/bin/**` 会。
+- 所有文件和模式都规范化为小写，因此 `**Makefile`、`**makefile` 和 `**MAKEFILE` 是等效的。
--- a/docs/content/doc/administration/reverse-proxies.en-us.md
+++ b/docs/content/doc/administration/reverse-proxies.en-us.md
@ -1,13 +1,13 @@
 ---
 date: "2018-05-22T11:00:00+00:00"
-title: "Usage: Reverse Proxies"
+title: "Reverse Proxies"
 slug: "reverse-proxies"
-weight: 17
+weight: 16
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "Reverse Proxies"
    weight: 16
    identifier: "reverse-proxies"
@ -48,7 +48,7 @@ server {
    server_name git.example.com;

    # Note: Trailing slash
-    location /git/ { 
+    location /git/ {
        # Note: Trailing slash
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
@ -187,14 +187,6 @@ git.example.com {
 }
 ```

-If you still use Caddy v1, use:
-
-```apacheconf
-git.example.com {
-    proxy / localhost:3000
-}
-```
-
 ## Caddy with a sub-path

 In case you already have a site, and you want Gitea to share the domain name, you can setup Caddy to serve Gitea under a sub-path by adding the following to your server block in your Caddyfile:
@ -208,14 +200,6 @@ git.example.com {
 }
 ```

-Or, for Caddy v1:
-
-```apacheconf
-git.example.com {
-    proxy /git/ localhost:3000
-}
-```
-
 Then set `[server] ROOT_URL = http://git.example.com/git/` in your configuration.

 ## IIS
--- a/docs/content/doc/administration/reverse-proxies.zh-cn.md
+++ b/docs/content/doc/administration/reverse-proxies.zh-cn.md
@ -1,13 +1,13 @@
 ---
 date: "2018-05-22T11:00:00+00:00"
-title: "使用：反向代理"
+title: "反向代理"
 slug: "reverse-proxies"
-weight: 17
+weight: 16
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "usage"
+    parent: "administration"
    name: "反向代理"
    weight: 16
    identifier: "reverse-proxies"
@ -48,7 +48,7 @@ server {
    server_name git.example.com;

    # 注意: /git/ 最后需要有一个路径符号
-    location /git/ { 
+    location /git/ {
        # 注意: 反向代理后端 URL 的最后需要有一个路径符号
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
--- a/docs/content/doc/administration/search-engines-indexation.en-us.md
+++ b/docs/content/doc/administration/search-engines-indexation.en-us.md
@ -1,13 +1,13 @@
 ---
 date: "2019-12-31T13:55:00+05:00"
-title: "Advanced: Search Engines Indexation"
+title: "Search Engines Indexation"
 slug: "search-engines-indexation"
-weight: 30
+weight: 60
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "Search Engines Indexation"
    weight: 60
    identifier: "search-engines-indexation"
@ -21,7 +21,7 @@ If you don't want your repository to be visible for search engines read further.
 ## Block search engines indexation using robots.txt

 To make Gitea serve a custom `robots.txt` (default: empty 404) for top level installations,
-create a file called `robots.txt` in the [`custom` folder or `CustomPath`]({{< relref "doc/advanced/customizing-gitea.en-us.md" >}})
+create a file called `robots.txt` in the [`custom` folder or `CustomPath`]({{< relref "doc/administration/customizing-gitea.en-us.md" >}})

 Examples on how to configure the `robots.txt` can be found at [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt).

--- a/docs/content/doc/administration/search-engines-indexation.zh-cn.md
+++ b/docs/content/doc/administration/search-engines-indexation.zh-cn.md
@ -0,0 +1,39 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "搜索引擎索引"
+slug: "search-engines-indexation"
+weight: 60
+toc: false
+draft: false
+aliases:
+  - /zh-cn/search-engines-indexation
+menu:
+  sidebar:
+    parent: "administration"
+    name: "搜索引擎索引"
+    weight: 60
+    identifier: "search-engines-indexation"
+---
+
+# Gitea 安装的搜索引擎索引
+
+默认情况下，您的 Gitea 安装将被搜索引擎索引。
+如果您不希望您的仓库对搜索引擎可见，请进一步阅读。
+
+## 使用 robots.txt 阻止搜索引擎索引
+
+为了使 Gitea 为顶级安装提供自定义的`robots.txt`（默认为空的 404），请在[`custom`文件夹或`CustomPath`]（{{< relref "doc/administration/customizing-gitea.zh-cn.md" >}}）中创建一个名为 `robots.txt` 的文件。
+
+有关如何配置 `robots.txt` 的示例，请参考 [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt)。
+
+```txt
+User-agent: *
+Disallow: /
+```
+
+如果您将Gitea安装在子目录中，则需要在顶级目录中创建或编辑 `robots.txt`。
+
+```txt
+User-agent: *
+Disallow: /gitea/
+```
--- a/docs/content/doc/administration/signing.en-us.md
+++ b/docs/content/doc/administration/signing.en-us.md
@ -2,14 +2,14 @@
 date: "2019-08-17T10:20:00+01:00"
 title: "GPG Commit Signatures"
 slug: "signing"
-weight: 20
+weight: 50
 toc: false
 draft: false
 menu:
  sidebar:
-    parent: "advanced"
+    parent: "administration"
    name: "GPG Commit Signatures"
-    weight: 20
+    weight: 50
    identifier: "signing"
 ---

--- a/docs/content/doc/administration/signing.zh-cn.md
+++ b/docs/content/doc/administration/signing.zh-cn.md
@ -0,0 +1,146 @@
+---
+date: "2023-05-23T09:00:00+08:00"
+title: "GPG 提交签名"
+slug: "signing"
+weight: 50
+toc: false
+draft: false
+aliases:
+  - /zh-cn/signing
+menu:
+  sidebar:
+    parent: "administration"
+    name: "GPG 提交签名"
+    weight: 50
+    identifier: "signing"
+---
+
+# GPG 提交签名
+
+**目录**
+
+{{< toc >}}
+
+Gitea 将通过检查提交是否由 Gitea 数据库中的密钥签名，或者提交是否与 Git 的默认密钥匹配，来验证提供的树中的 GPG 提交签名。
+
+密钥不会被检查以确定它们是否已过期或撤销。密钥也不会与密钥服务器进行检查。
+
+如果找不到用于验证提交的密钥，提交将被标记为灰色的未锁定图标。如果提交被标记为红色的未锁定图标，则表示它使用带有 ID 的密钥签名。
+
+请注意：提交的签署者不必是提交的作者或提交者。
+
+此功能要求 Git >= 1.7.9，但要实现全部功能，需要 Git >= 2.0.0。
+
+## 自动签名
+
+有许多地方 Gitea 会生成提交：
+
+- 仓库初始化
+- Wiki 更改
+- 使用编辑器或 API 进行的 CRUD 操作
+- 从合并请求进行合并
+
+根据配置和服务器信任，您可能希望 Gitea 对这些提交进行签名。
+
+## 安装和生成 Gitea 的 GPG 密钥
+
+如何安装签名密钥由服务器管理员决定。Gitea 目前使用服务器的 `git` 命令生成所有提交，因此将使用服务器的 `gpg` 进行签名（如果配置了）。管理员应该审查 GPG 的最佳实践 - 特别是可能建议仅安装签名的子密钥，而不是主签名和认证的密钥。
+
+## 通用配置
+
+Gitea 的签名配置可以在 `app.ini` 的 `[repository.signing]` 部分找到：
+
+```ini
+...
+[repository.signing]
+SIGNING_KEY = default
+SIGNING_NAME =
+SIGNING_EMAIL =
+INITIAL_COMMIT = always
+CRUD_ACTIONS = pubkey, twofa, parentsigned
+WIKI = never
+MERGES = pubkey, twofa, basesigned, commitssigned
+
+...
+```
+
+### `SIGNING_KEY`
+
+首先讨论的选项是 `SIGNING_KEY`。有三个主要选项：
+
+- `none` - 这将阻止 Gitea 对任何提交进行签名
+- `default` - Gitea 将使用 `git config` 中配置的默认密钥
+- `KEYID` - Gitea 将使用具有 ID `KEYID` 的 GPG 密钥对提交进行签名。在这种情况下，您应该提供 `SIGNING_NAME` 和 `SIGNING_EMAIL`，以便显示此密钥的信息。
+
+`default` 选项将读取 `git config` 中的 `commit.gpgsign` 选项 - 如果设置了该选项，它将使用 `user.signingkey`、`user.name` 和 `user.email` 的结果。
+
+请注意：通过在 Gitea 的仓库中调整 Git 的 `config` 文件，可以使用 `SIGNING_KEY=default` 为每个仓库提供不同的签名密钥。然而，这显然不是一个理想的用户界面，因此可能会发生更改。
+
+**自 1.17 起**，Gitea 在自己的主目录 `[git].HOME_PATH`（默认为 `%(APP_DATA_PATH)/home`）中运行 git，并使用自己的配置文件 `{[git].HOME_PATH}/.gitconfig`。
+如果您有自己定制的 Gitea git 配置，您应该将这些配置设置在系统 git 配置文件中（例如 `/etc/gitconfig`）或者 Gitea 的内部 git 配置文件 `{[git].HOME_PATH}/.gitconfig` 中。
+与 git 命令相关的主目录文件（如 `.gnupg`）也应该放在 Gitea 的 git 主目录 `[git].HOME_PATH` 中。
+如果您希望将 `.gnupg` 目录放在 `{[git].HOME_PATH}/` 之外的位置，请考虑设置 `$GNUPGHOME` 环境变量为您首选的位置。
+
+### `INITIAL_COMMIT`
+
+此选项确定在创建仓库时，Gitea 是否应该对初始提交进行签名。可能的取值有：
+
+- `never`：从不签名
+- `pubkey`：仅在用户拥有公钥时进行签名
+- `twofa`：仅在用户使用 2FA 登录时进行签名
+- `always`：始终签名
+
+除了 `never` 和 `always` 之外的选项可以组合为逗号分隔的列表。如果所有选择的选项都为 true，则提交将被签名。
+
+### `WIKI`
+
+此选项确定 Gitea 是否应该对 Wiki 的提交进行签名。可能的取值有：
+
+- `never`：从不签名
+- `pubkey`：仅在用户拥有公钥时进行签名
+- `twofa`：仅在用户使用 2FA 登录时进行签名
+- `parentsigned`：仅在父提交已签名时进行签名。
+- `always`：始终签名
+
+除了 `never` 和 `always` 之外的选项可以组合为逗号分隔的列表。如果所有选择的选项都为 true，则提交将被签名。
+
+### `CRUD_ACTIONS`
+
+此选项确定 Gitea 是否应该对 Web 编辑器或 API CRUD 操作的提交进行签名。可能的取值有：
+
+- `never`：从不签名
+- `pubkey`：仅在用户拥有公钥时进行签名
+- `twofa`：仅在用户使用 2FA 登录时进行签名
+- `parentsigned`：仅在父提交已签名时进行签名。
+- `always`：始终签名
+
+除了 `never` 和 `always` 之外的选项可以组合为逗号分隔的列表。如果所有选择的选项都为 true，则更改将被签名。
+
+### `MERGES`
+
+此选项确定 Gitea 是否应该对 PR 的合并提交进行签名。可能的选项有：
+
+- `never`：从不签名
+- `pubkey`：仅在用户拥有公钥时进行签名
+- `twofa`：仅在用户使用 2FA 登录时进行签名
+- `basesigned`：仅在基础仓库中的父提交已签名时进行签名。
+- `headsigned`：仅在头分支中的头提交已签名时进行签名。
+- `commitssigned`：仅在头分支中的所有提交到合并点的提交都已签名时进行签名。
+- `approved`：仅对已批准的合并到受保护分支的提交进行签名。
+- `always`：始终签名
+
+除了 `never` 和 `always` 之外的选项可以组合为逗号分隔的列表。如果所有选择的选项都为 true，则合并将被签名。
+
+## 获取签名密钥的公钥
+
+用于签署 Gitea 提交的公钥可以通过 API 获取：
+
+```sh
+/api/v1/signing-key.gpg
+```
+
+在存在特定于仓库的密钥的情况下，可以通过以下方式获取：
+
+```sh
+/api/v1/repos/:username/:reponame/signing-key.gpg
+```
--- a/docs/content/doc/advanced.zh-tw.md
+++ b/docs/content/doc/advanced.zh-tw.md
@ -1,13 +0,0 @@
---
-date: "2016-12-01T16:00:00+02:00"
-title: "進階"
-slug: "advanced"
-weight: 30
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "進階"
-    weight: 40
-    identifier: "advanced"
---
--- a/docs/content/doc/contributing.en-us.md
+++ b/docs/content/doc/contributing.en-us.md
@ -1,13 +1,13 @@
 ---
 date: "2021-01-22T00:00:00+02:00"
-title: "Translation"
-slug: "translation"
+title: "Contributing"
+slug: "contributing"
 weight: 35
 toc: false
 draft: false
 menu:
  sidebar:
-    name: "Translation"
+    name: "Contributing"
    weight: 50
-    identifier: "translation"
+    identifier: "contributing"
 ---
--- a/docs/content/doc/contributing.fr-fr.md
+++ b/docs/content/doc/contributing.fr-fr.md
@ -1,7 +1,7 @@
 ---
 date: "2021-01-22T00:00:00+02:00"
 title: "Übersetzung"
-slug: "translation"
+slug: "contributing"
 weight: 35
 toc: false
 draft: false
@ -9,5 +9,5 @@ menu:
  sidebar:
    name: "Übersetzung"
    weight: 50
-    identifier: "translation"
+    identifier: "contributing"
 ---
--- a/docs/content/doc/contributing.zh-tw.md
+++ b/docs/content/doc/contributing.zh-tw.md
@ -1,13 +1,13 @@
 ---
 date: "2021-01-22T00:00:00+02:00"
-title: "翻譯"
-slug: "translation"
+title: "貢獻"
+slug: "contributing"
 weight: 35
 toc: false
 draft: false
 menu:
  sidebar:
-    name: "翻譯"
+    name: "貢獻"
    weight: 50
-    identifier: "translation"
+    identifier: "contributing"
 ---
--- a/Show more
+++ b/Show more