Dockerfile: rename user to _gitea instead of git

[SEMVER] bump to 4.2.2+0-gitea-1.19.4
Changelog for v1.19.4 (#25667 )
2023-07-10 12:15:04 -03:00 · 2023-07-05 08:19:39 +02:00 · 2023-07-05 08:18:41 +02:00 · 2023-07-05 08:18:41 +02:00 · 2023-07-05 08:18:41 +02:00 · 2023-07-05 08:18:41 +02:00
4539 changed files with 251256 additions and 162503 deletions
--- a/.air.toml
+++ b/.air.toml
@ -2,12 +2,9 @@ root = "."
 tmp_dir = ".air"

 [build]
-cmd = "make --no-print-directory backend"
+cmd = "make backend"
 bin = "gitea"
-delay = 1000
 include_ext = ["go", "tmpl"]
-include_file = ["main.go"]
-include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
 exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata", "models/fixtures", "models/migrations/fixtures", "modules/migration/file_format_testdata", "modules/avatar/identicon/testdata"]
+include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
 exclude_regex = ["_test.go$", "_gen.go$"]
-stop_on_error = true
--- a/.changelog.yml
+++ b/.changelog.yml
@ -13,42 +13,46 @@ groups:
  -
    name: BREAKING
    labels:
-      - pr/breaking
+      - kind/breaking
  -
    name: SECURITY
    labels:
-      - topic/security
+      - kind/security
  -
    name: FEATURES
    labels:
-      - type/feature
+      - kind/feature
  -
    name: API
    labels:
-      - modifies/api
+      - kind/api
  -
    name: ENHANCEMENTS
    labels:
-      - type/enhancement
-      - type/refactoring
-      - topic/ui
+      - kind/enhancement
+      - kind/refactor
+      - kind/ui
  -
    name: BUGFIXES
    labels:
-      - type/bug
+      - kind/bug
  -
    name: TESTING
    labels:
-      - type/testing
+      - kind/testing
+  -
+    name: TRANSLATION
+    labels:
+      - kind/translation
  -
    name: BUILD
    labels:
-      - topic/build
-      - topic/code-linting
+      - kind/build
+      - kind/lint
  -
    name: DOCS
    labels:
-      - type/docs
+      - kind/docs
  -
    name: MISC
    default: true
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,38 +0,0 @@
-{
-  "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.21-bullseye",
-  "features": {
-    // installs nodejs into container
-    "ghcr.io/devcontainers/features/node:1": {
-      "version":"20"
-    },
-    "ghcr.io/devcontainers/features/git-lfs:1.1.0": {},
-    "ghcr.io/devcontainers-contrib/features/poetry:2": {},
-    "ghcr.io/devcontainers/features/python:1": {}
-  },
-  "customizations": {
-    "vscode": {
-      "settings": {},
-      // same extensions as Gitpod, should match /.gitpod.yml
-      "extensions": [
-        "editorconfig.editorconfig",
-        "dbaeumer.vscode-eslint",
-        "golang.go",
-        "stylelint.vscode-stylelint",
-        "DavidAnson.vscode-markdownlint",
-        "Vue.volar",
-        "ms-azuretools.vscode-docker",
-        "zixuanchen.vitest-explorer",
-        "qwtel.sqlite-viewer",
-        "GitHub.vscode-pull-request-github"
-      ]
-    }
-  },
-  "portsAttributes": {
-    "3000": {
-      "label": "Gitea Web",
-      "onAutoForward": "notify"
-    }
-  },
-  "postCreateCommand": "make deps"
-}
--- a/.dockerignore
+++ b/.dockerignore
@ -75,10 +75,11 @@ cpu.out
 /yarn.lock
 /yarn-error.log
 /npm-debug.log*
-/public/assets/js
-/public/assets/css
-/public/assets/fonts
-/public/assets/img/webpack
+/public/js
+/public/serviceworker.js
+/public/css
+/public/fonts
+/public/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
--- a/.drone.yml
+++ b/.drone.yml
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@ -9,32 +9,24 @@ parserOptions:
  ecmaVersion: latest

 plugins:
-  - "@eslint-community/eslint-plugin-eslint-comments"
-  - eslint-plugin-array-func
+  - eslint-plugin-unicorn
  - eslint-plugin-import
  - eslint-plugin-jquery
-  - eslint-plugin-no-jquery
-  - eslint-plugin-no-use-extend-native
-  - eslint-plugin-regexp
  - eslint-plugin-sonarjs
-  - eslint-plugin-unicorn
-  - eslint-plugin-vitest-globals
-  - eslint-plugin-wc

 env:
-  es2024: true
+  es2022: true
  node: true

+globals:
+  __webpack_public_path__: true
+
 overrides:
-  - files: ["web_src/**/*"]
-    globals:
-      __webpack_public_path__: true
-      process: false # https://github.com/webpack/webpack/issues/15833
-  - files: ["web_src/**/*", "docs/**/*"]
+  - files: ["web_src/**/*.js", "docs/**/*.js"]
    env:
      browser: true
      node: false
-  - files: ["web_src/**/*worker.*"]
+  - files: ["web_src/**/*worker.js"]
    env:
      worker: true
    rules:
@ -43,37 +35,16 @@ overrides:
    rules:
      import/no-unresolved: [0]
      import/no-extraneous-dependencies: [0]
-  - files: ["*.config.*"]
+  - files: ["*.config.js"]
    rules:
      import/no-unused-modules: [0]
-  - files: ["**/*.test.*", "web_src/js/test/setup.js"]
-    env:
-      vitest-globals/env: true
-  - files: ["web_src/js/modules/fetch.js", "web_src/js/standalone/**/*"]
-    rules:
-      no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression]

 rules:
-  "@eslint-community/eslint-comments/disable-enable-pair": [2]
-  "@eslint-community/eslint-comments/no-aggregating-enable": [2]
-  "@eslint-community/eslint-comments/no-duplicate-disable": [2]
-  "@eslint-community/eslint-comments/no-restricted-disable": [0]
-  "@eslint-community/eslint-comments/no-unlimited-disable": [2]
-  "@eslint-community/eslint-comments/no-unused-disable": [2]
-  "@eslint-community/eslint-comments/no-unused-enable": [2]
-  "@eslint-community/eslint-comments/no-use": [0]
-  "@eslint-community/eslint-comments/require-description": [0]
  accessor-pairs: [2]
  array-bracket-newline: [0]
  array-bracket-spacing: [2, never]
  array-callback-return: [2, {checkForEach: true}]
  array-element-newline: [0]
-  array-func/avoid-reverse: [2]
-  array-func/from-map: [2]
-  array-func/no-unnecessary-this-arg: [2]
-  array-func/prefer-array-from: [2]
-  array-func/prefer-flat-map: [0] # handled by unicorn/prefer-array-flat-map
-  array-func/prefer-flat: [0] # handled by unicorn/prefer-array-flat
  arrow-body-style: [0]
  arrow-parens: [2, always]
  arrow-spacing: [2, {before: true, after: true}]
@ -126,9 +97,9 @@ rules:
  import/namespace: [0]
  import/newline-after-import: [0]
  import/no-absolute-path: [0]
-  import/no-amd: [2]
+  import/no-amd: [0]
  import/no-anonymous-default-export: [0]
-  import/no-commonjs: [2]
+  import/no-commonjs: [0]
  import/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
  import/no-default-export: [0]
  import/no-deprecated: [0]
@ -149,7 +120,7 @@ rules:
  import/no-restricted-paths: [0]
  import/no-self-import: [2]
  import/no-unassigned-import: [0]
-  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$", ^vitest/]}]
+  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$"]}]
  import/no-unused-modules: [2, {unusedExports: true}]
  import/no-useless-path-segments: [2, {commonjs: true}]
  import/no-webpack-loader-syntax: [2]
@ -193,7 +164,7 @@ rules:
  jquery/no-parse-html: [2]
  jquery/no-prop: [0]
  jquery/no-proxy: [2]
-  jquery/no-ready: [2]
+  jquery/no-ready: [0]
  jquery/no-serialize: [2]
  jquery/no-show: [2]
  jquery/no-size: [2]
@ -285,99 +256,6 @@ rules:
  no-invalid-this: [0]
  no-irregular-whitespace: [2]
  no-iterator: [2]
-  no-jquery/no-ajax-events: [2]
-  no-jquery/no-ajax: [0]
-  no-jquery/no-and-self: [2]
-  no-jquery/no-animate-toggle: [2]
-  no-jquery/no-animate: [2]
-  no-jquery/no-append-html: [0]
-  no-jquery/no-attr: [0]
-  no-jquery/no-bind: [2]
-  no-jquery/no-box-model: [2]
-  no-jquery/no-browser: [2]
-  no-jquery/no-camel-case: [2]
-  no-jquery/no-class-state: [0]
-  no-jquery/no-class: [0]
-  no-jquery/no-clone: [2]
-  no-jquery/no-closest: [0]
-  no-jquery/no-constructor-attributes: [2]
-  no-jquery/no-contains: [2]
-  no-jquery/no-context-prop: [2]
-  no-jquery/no-css: [0]
-  no-jquery/no-data: [0]
-  no-jquery/no-deferred: [2]
-  no-jquery/no-delegate: [2]
-  no-jquery/no-each-collection: [0]
-  no-jquery/no-each-util: [0]
-  no-jquery/no-each: [0]
-  no-jquery/no-error-shorthand: [2]
-  no-jquery/no-error: [2]
-  no-jquery/no-escape-selector: [2]
-  no-jquery/no-event-shorthand: [2]
-  no-jquery/no-extend: [2]
-  no-jquery/no-fade: [2]
-  no-jquery/no-filter: [0]
-  no-jquery/no-find-collection: [0]
-  no-jquery/no-find-util: [2]
-  no-jquery/no-find: [0]
-  no-jquery/no-fx-interval: [2]
-  no-jquery/no-global-eval: [2]
-  no-jquery/no-global-selector: [0]
-  no-jquery/no-grep: [2]
-  no-jquery/no-has: [2]
-  no-jquery/no-hold-ready: [2]
-  no-jquery/no-html: [0]
-  no-jquery/no-in-array: [2]
-  no-jquery/no-is-array: [2]
-  no-jquery/no-is-empty-object: [2]
-  no-jquery/no-is-function: [2]
-  no-jquery/no-is-numeric: [2]
-  no-jquery/no-is-plain-object: [2]
-  no-jquery/no-is-window: [2]
-  no-jquery/no-is: [0]
-  no-jquery/no-jquery-constructor: [0]
-  no-jquery/no-live: [2]
-  no-jquery/no-load-shorthand: [2]
-  no-jquery/no-load: [2]
-  no-jquery/no-map-collection: [0]
-  no-jquery/no-map-util: [2]
-  no-jquery/no-map: [0]
-  no-jquery/no-merge: [2]
-  no-jquery/no-node-name: [2]
-  no-jquery/no-noop: [2]
-  no-jquery/no-now: [2]
-  no-jquery/no-on-ready: [2]
-  no-jquery/no-other-methods: [0]
-  no-jquery/no-other-utils: [2]
-  no-jquery/no-param: [2]
-  no-jquery/no-parent: [0]
-  no-jquery/no-parents: [0]
-  no-jquery/no-parse-html-literal: [0]
-  no-jquery/no-parse-html: [2]
-  no-jquery/no-parse-json: [2]
-  no-jquery/no-parse-xml: [2]
-  no-jquery/no-prop: [0]
-  no-jquery/no-proxy: [2]
-  no-jquery/no-ready-shorthand: [2]
-  no-jquery/no-ready: [2]
-  no-jquery/no-selector-prop: [2]
-  no-jquery/no-serialize: [2]
-  no-jquery/no-size: [2]
-  no-jquery/no-sizzle: [0]
-  no-jquery/no-slide: [2]
-  no-jquery/no-sub: [2]
-  no-jquery/no-support: [2]
-  no-jquery/no-text: [0]
-  no-jquery/no-trigger: [0]
-  no-jquery/no-trim: [2]
-  no-jquery/no-type: [2]
-  no-jquery/no-unique: [2]
-  no-jquery/no-unload-shorthand: [2]
-  no-jquery/no-val: [0]
-  no-jquery/no-visibility: [2]
-  no-jquery/no-when: [2]
-  no-jquery/no-wrap: [2]
-  no-jquery/variable-pattern: [0]
  no-label-var: [2]
  no-labels: [0] # handled by no-restricted-syntax
  no-lone-blocks: [2]
@ -413,8 +291,9 @@ rules:
  no-restricted-exports: [0]
  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
  no-restricted-imports: [0]
-  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression, {selector: "CallExpression[callee.name='fetch']", message: "use modules/fetch.js instead"}]
+  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
  no-return-assign: [0]
+  no-return-await: [0]
  no-script-url: [2]
  no-self-assign: [2, {props: true}]
  no-self-compare: [2]
@ -445,7 +324,6 @@ rules:
  no-unused-private-class-members: [2]
  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
  no-use-before-define: [2, {functions: false, classes: true, variables: true, allowNamedExports: true}]
-  no-use-extend-native/no-use-extend-native: [2]
  no-useless-backreference: [2]
  no-useless-call: [2]
  no-useless-catch: [2]
@ -476,7 +354,7 @@ rules:
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
-  prefer-object-has-own: [2]
+  prefer-object-has-own: [0]
  prefer-object-spread: [2]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
@ -486,80 +364,6 @@ rules:
  quote-props: [0]
  quotes: [2, single, {avoidEscape: true, allowTemplateLiterals: true}]
  radix: [2, as-needed]
-  regexp/confusing-quantifier: [2]
-  regexp/control-character-escape: [2]
-  regexp/hexadecimal-escape: [0]
-  regexp/letter-case: [0]
-  regexp/match-any: [2]
-  regexp/negation: [2]
-  regexp/no-contradiction-with-assertion: [0]
-  regexp/no-control-character: [0]
-  regexp/no-dupe-characters-character-class: [2]
-  regexp/no-dupe-disjunctions: [2]
-  regexp/no-empty-alternative: [2]
-  regexp/no-empty-capturing-group: [2]
-  regexp/no-empty-character-class: [0]
-  regexp/no-empty-group: [2]
-  regexp/no-empty-lookarounds-assertion: [2]
-  regexp/no-escape-backspace: [2]
-  regexp/no-extra-lookaround-assertions: [0]
-  regexp/no-invalid-regexp: [2]
-  regexp/no-invisible-character: [2]
-  regexp/no-lazy-ends: [2]
-  regexp/no-legacy-features: [2]
-  regexp/no-misleading-capturing-group: [0]
-  regexp/no-misleading-unicode-character: [0]
-  regexp/no-missing-g-flag: [2]
-  regexp/no-non-standard-flag: [2]
-  regexp/no-obscure-range: [2]
-  regexp/no-octal: [2]
-  regexp/no-optional-assertion: [2]
-  regexp/no-potentially-useless-backreference: [2]
-  regexp/no-standalone-backslash: [2]
-  regexp/no-super-linear-backtracking: [0]
-  regexp/no-super-linear-move: [0]
-  regexp/no-trivially-nested-assertion: [2]
-  regexp/no-trivially-nested-quantifier: [2]
-  regexp/no-unused-capturing-group: [0]
-  regexp/no-useless-assertions: [2]
-  regexp/no-useless-backreference: [2]
-  regexp/no-useless-character-class: [2]
-  regexp/no-useless-dollar-replacements: [2]
-  regexp/no-useless-escape: [2]
-  regexp/no-useless-flag: [2]
-  regexp/no-useless-lazy: [2]
-  regexp/no-useless-non-capturing-group: [2]
-  regexp/no-useless-quantifier: [2]
-  regexp/no-useless-range: [2]
-  regexp/no-useless-two-nums-quantifier: [2]
-  regexp/no-zero-quantifier: [2]
-  regexp/optimal-lookaround-quantifier: [2]
-  regexp/optimal-quantifier-concatenation: [0]
-  regexp/prefer-character-class: [0]
-  regexp/prefer-d: [0]
-  regexp/prefer-escape-replacement-dollar-char: [0]
-  regexp/prefer-lookaround: [0]
-  regexp/prefer-named-backreference: [0]
-  regexp/prefer-named-capture-group: [0]
-  regexp/prefer-named-replacement: [0]
-  regexp/prefer-plus-quantifier: [2]
-  regexp/prefer-predefined-assertion: [2]
-  regexp/prefer-quantifier: [0]
-  regexp/prefer-question-quantifier: [2]
-  regexp/prefer-range: [2]
-  regexp/prefer-regexp-exec: [2]
-  regexp/prefer-regexp-test: [2]
-  regexp/prefer-result-array-groups: [0]
-  regexp/prefer-star-quantifier: [2]
-  regexp/prefer-unicode-codepoint-escapes: [2]
-  regexp/prefer-w: [0]
-  regexp/require-unicode-regexp: [0]
-  regexp/sort-alternatives: [0]
-  regexp/sort-character-class-elements: [0]
-  regexp/sort-flags: [0]
-  regexp/strict: [2]
-  regexp/unicode-escape: [0]
-  regexp/use-ignore-case: [0]
  require-atomic-updates: [0]
  require-await: [0]
  require-unicode-regexp: [0]
@ -589,7 +393,7 @@ rules:
  sonarjs/no-nested-template-literals: [0]
  sonarjs/no-one-iteration-loop: [2]
  sonarjs/no-redundant-boolean: [2]
-  sonarjs/no-redundant-jump: [2]
+  sonarjs/no-redundant-jump: [0]
  sonarjs/no-same-line-conditional: [2]
  sonarjs/no-small-switch: [0]
  sonarjs/no-unused-collection: [2]
@ -629,18 +433,17 @@ rules:
  unicorn/import-style: [0]
  unicorn/new-for-builtins: [2]
  unicorn/no-abusive-eslint-disable: [0]
-  unicorn/no-array-callback-reference: [0]
  unicorn/no-array-for-each: [2]
+  unicorn/no-array-instanceof: [0]
  unicorn/no-array-method-this-argument: [2]
  unicorn/no-array-push-push: [2]
-  unicorn/no-array-reduce: [2]
  unicorn/no-await-expression-member: [0]
  unicorn/no-console-spaces: [0]
  unicorn/no-document-cookie: [2]
  unicorn/no-empty-file: [2]
+  unicorn/no-fn-reference-in-iterator: [0]
  unicorn/no-for-loop: [0]
  unicorn/no-hex-escape: [0]
-  unicorn/no-instanceof-array: [0]
  unicorn/no-invalid-remove-event-listener: [2]
  unicorn/no-keyword-prefix: [0]
  unicorn/no-lonely-if: [2]
@ -651,6 +454,7 @@ rules:
  unicorn/no-null: [0]
  unicorn/no-object-as-default-parameter: [0]
  unicorn/no-process-exit: [0]
+  unicorn/no-reduce: [2]
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
@ -658,6 +462,7 @@ rules:
  unicorn/no-unnecessary-await: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unreadable-iife: [2]
+  unicorn/no-unsafe-regex: [0]
  unicorn/no-unused-properties: [2]
  unicorn/no-useless-fallback-in-spread: [2]
  unicorn/no-useless-length-check: [2]
@ -675,19 +480,15 @@ rules:
  unicorn/prefer-array-index-of: [2]
  unicorn/prefer-array-some: [2]
  unicorn/prefer-at: [0]
-  unicorn/prefer-blob-reading-methods: [2]
  unicorn/prefer-code-point: [0]
+  unicorn/prefer-dataset: [2]
  unicorn/prefer-date-now: [2]
  unicorn/prefer-default-parameters: [0]
-  unicorn/prefer-dom-node-append: [2]
-  unicorn/prefer-dom-node-dataset: [0]
-  unicorn/prefer-dom-node-remove: [2]
-  unicorn/prefer-dom-node-text-content: [2]
+  unicorn/prefer-event-key: [2]
  unicorn/prefer-event-target: [2]
-  unicorn/prefer-export-from: [0]
+  unicorn/prefer-export-from: [2]
  unicorn/prefer-includes: [2]
  unicorn/prefer-json-parse-buffer: [0]
-  unicorn/prefer-keyboard-event-key: [2]
  unicorn/prefer-logical-operator-over-ternary: [2]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
@ -695,7 +496,9 @@ rules:
  unicorn/prefer-module: [2]
  unicorn/prefer-native-coercion-functions: [2]
  unicorn/prefer-negative-index: [2]
+  unicorn/prefer-node-append: [0]
  unicorn/prefer-node-protocol: [2]
+  unicorn/prefer-node-remove: [0]
  unicorn/prefer-number-properties: [0]
  unicorn/prefer-object-from-entries: [2]
  unicorn/prefer-object-has-own: [0]
@ -704,17 +507,17 @@ rules:
  unicorn/prefer-query-selector: [0]
  unicorn/prefer-reflect-apply: [0]
  unicorn/prefer-regexp-test: [2]
+  unicorn/prefer-replace-all: [0]
  unicorn/prefer-set-has: [0]
  unicorn/prefer-set-size: [2]
  unicorn/prefer-spread: [0]
-  unicorn/prefer-string-replace-all: [0]
+  unicorn/prefer-starts-ends-with: [2]
  unicorn/prefer-string-slice: [0]
-  unicorn/prefer-string-starts-ends-with: [2]
-  unicorn/prefer-string-trim-start-end: [2]
  unicorn/prefer-switch: [0]
  unicorn/prefer-ternary: [0]
  unicorn/prefer-text-content: [2]
  unicorn/prefer-top-level-await: [0]
+  unicorn/prefer-trim-start-end: [2]
  unicorn/prefer-type-error: [0]
  unicorn/prevent-abbreviations: [0]
  unicorn/relative-url-style: [2]
@ -729,28 +532,6 @@ rules:
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
-  wc/attach-shadow-constructor: [2]
-  wc/define-tag-after-class-definition: [0]
-  wc/expose-class-on-global: [0]
-  wc/file-name-matches-element: [2]
-  wc/guard-define-call: [0]
-  wc/guard-super-call: [2]
-  wc/max-elements-per-file: [0]
-  wc/no-child-traversal-in-attributechangedcallback: [2]
-  wc/no-child-traversal-in-connectedcallback: [2]
-  wc/no-closed-shadow-root: [2]
-  wc/no-constructor-attributes: [2]
-  wc/no-constructor-params: [2]
-  wc/no-constructor: [2]
-  wc/no-customized-built-in-elements: [2]
-  wc/no-exports-with-element: [0]
-  wc/no-invalid-element-name: [2]
-  wc/no-invalid-extends: [2]
-  wc/no-method-prefixed-with-on: [2]
-  wc/no-self-class: [2]
-  wc/no-typos: [2]
-  wc/require-listener-teardown: [2]
-  wc/tag-name-matches-class: [2]
  wrap-iife: [2, inside]
  wrap-regex: [0]
  yield-star-spacing: [2, after]
--- a/.forgejo/actions/build-release/action.yml
+++ b/.forgejo/actions/build-release/action.yml
@ -1,154 +0,0 @@
-name: 'Build release'
-author: 'Forgejo authors'
-description: |
-  Build release
-
-inputs:
-  forgejo:
-    description: 'URL of the Forgejo instance where the release is uploaded'
-    required: true
-  owner:
-    description: 'User or organization where the release is uploaded, relative to the Forgejo instance'
-    required: true
-  repository:
-    description: 'Repository where the release is uploaded, relative to the owner'
-    required: true
-  doer:
-    description: 'Name of the user authoring the release'
-    required: true
-  tag-version:
-    description: 'Version of the release derived from the tag withint the leading v'
-    required: true
-  suffix:
-    description: 'Suffix to add to the image tag'
-  token:
-    description: 'token'
-    required: true
-  dockerfile:
-    description: 'path to the dockerfile'
-    default: 'Dockerfile'
-  platforms:
-    description: 'Coma separated list of platforms'
-    default: 'linux/amd64,linux/arm64'
-  release-notes:
-    description: 'Full text of the release notes'
-    default: 'Release notes placeholder'
-  binary-name:
-    description: 'Name of the binary'
-  binary-path:
-    description: 'Path of the binary within the container to extract into binary-name'
-  verbose:
-    description: 'Increase the verbosity level'
-    default: 'false'
-
-runs:
-  using: "composite"
-  steps:
-    - run: echo "${{ github.action_path }}" >> $GITHUB_PATH
-      shell: bash
-
-    - name: Install dependencies
-      run: |
-        apt-get install -y -qq xz-utils
-
-    - name: set -x if verbose is required
-      id: verbose
-      run: |
-        if ${{ inputs.verbose }} ; then
-          echo "shell=set -x" >> "$GITHUB_OUTPUT"
-        fi
-
-    - name: Create the insecure and buildx-config variables for the container registry
-      id: registry
-      run: |
-        ${{ steps.verbose.outputs.shell }}
-        url="${{ inputs.forgejo }}"
-        hostport=${url##http*://}
-        hostport=${hostport%%/}
-        echo "host-port=${hostport}" >> "$GITHUB_OUTPUT"
-        if ! [[ $url =~ ^http:// ]] ; then
-           exit 0
-        fi
-        cat >> "$GITHUB_OUTPUT" <<EOF
-        insecure=true
-        buildx-config<<ENDVAR
-        [registry."${hostport}"]
-          http = true
-        ENDVAR
-        EOF
-
-    - name: Allow docker pull/push to forgejo
-      if: ${{ steps.registry.outputs.insecure }}
-      run: |-
-        mkdir -p /etc/docker
-        cat > /etc/docker/daemon.json <<EOF
-          {
-            "insecure-registries" : ["${{ steps.registry.outputs.host-port }}"],
-            "bip": "172.26.0.1/16"
-          }
-        EOF
-
-    - name: Install docker
-      run: |
-        echo deb http://deb.debian.org/debian bullseye-backports main | tee /etc/apt/sources.list.d/backports.list && apt-get -qq update
-        DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y -t bullseye-backports docker.io
-
-    - uses: https://github.com/docker/setup-buildx-action@v2
-      with:
-        config-inline: |
-         ${{ steps.registry.outputs.buildx-config }}
-
-    - name: Login to the container registry
-      run: |
-        BASE64_AUTH=`echo -n "${{ inputs.doer }}:${{ inputs.token }}" | base64 -w0`
-        mkdir -p ~/.docker
-        echo "{\"auths\": {\"$CI_REGISTRY\": {\"auth\": \"$BASE64_AUTH\"}}}" > ~/.docker/config.json
-      env:
-        CI_REGISTRY: "${{ steps.registry.outputs.host-port }}"
-
-    - name: Build the container image for each architecture
-      uses: https://github.com/docker/build-push-action@v4
-      # workaround until https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba is in @v4 or @v5 is released
-      env:
-        ACTIONS_RUNTIME_TOKEN: ''
-      with:
-        context: .
-        push: true
-        file: ${{ inputs.dockerfile }}
-        platforms: ${{ inputs.platforms }}
-        tags: ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ inputs.tag-version }}${{ inputs.suffix }}
-
-    - name: Extract the binary from the container images into the release directory
-      if: inputs.binary-name != ''
-      run: |
-        ${{ steps.verbose.outputs.shell }}
-        mkdir -p release
-        cd release
-        for platform in $(echo ${{ inputs.platforms }} | tr ',' ' '); do
-          arch=$(echo $platform | sed -e 's|linux/||g' -e 's|arm/v6|arm-6|g')
-          docker create --platform $platform --name forgejo-$arch ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ inputs.tag-version }}${{ inputs.suffix }}
-          binary="${{ inputs.binary-name }}-${{ inputs.tag-version }}-linux"
-          docker cp forgejo-$arch:${{ inputs.binary-path }} $binary-$arch
-          chmod +x $binary-$arch
-          # the displayed version has a + instead of the first -, deal with it
-          pattern=$(echo "${{ inputs.tag-version }}" | tr - .)
-          if ! ./$binary-$arch --version | grep "$pattern" ; then
-            echo "ERROR: expected version pattern $pattern not found in the output of $binary-$arch --version"
-            ./$binary-$arch --version
-            exit 1
-          fi
-          xz --keep -9 $binary-$arch
-          shasum -a 256 $binary-$arch > $binary-$arch.sha256
-          shasum -a 256 $binary-$arch.xz > $binary-$arch.xz.sha256
-          docker rm forgejo-$arch
-        done
-
-    - name: publish release
-      if: inputs.binary-name != ''
-      uses: https://code.forgejo.org/actions/forgejo-release@v1
-      with:
-        direction: upload
-        release-dir: release
-        release-notes: "${{ inputs.release-notes }}"
-        token: ${{ inputs.token }}
-        verbose: ${{ steps.verbose.outputs.value }}
--- a/.forgejo/actions/publish-release/action.yml
+++ b/.forgejo/actions/publish-release/action.yml
@ -1,110 +0,0 @@
-name: 'Publish release'
-author: 'Forgejo authors'
-description: |
-  Publish release
-
-inputs:
-  forgejo:
-    description: 'URL of the Forgejo instance where the release is uploaded (e.g. https://codeberg.org)'
-    required: true
-  from-owner:
-    description: 'the owner from which a release is to be copied (e.g forgejo-integration)'
-    required: true
-  to-owner:
-    description: 'the owner to which a release is to be copied (e.g. forgejo-experimental). It has be an organization in which doer has the required permissions. Or be the same as the doer'
-    required: true
-  repo:
-    description: 'the repository from which a release is to be copied relative to from-owner and to-owner'
-    default: 'forgejo'
-  ref-name:
-    description: 'ref_name of the tag of the release to be copied (e.g. github.ref_name)'
-    required: true
-  doer:
-    description: 'Name of the user authoring the release (e.g. release-team). The user must be authorized to create packages in to-owner and releases in to-owner/repo'
-    required: true
-  token:
-    description: 'application token created on forgejo by the doer, with a scope allowing it to create packages in to-owner and releases in to-owner/repo'
-    required: true
-  gpg-private-key:
-    description: 'GPG Private Key to sign the release artifacts'
-  gpg-passphrase:
-    description: 'Passphrase of the GPG Private Key'
-  verbose:
-    description: 'Increase the verbosity level'
-    default: 'false'
-
-runs:
-  using: "composite"
-  steps:
-    - id: hostport
-      run: |
-         url="${{ inputs.forgejo }}"
-         hostport=${url##http*://}
-         hostport=${hostport%%/}
-         echo "value=$hostport" >> "$GITHUB_OUTPUT"    
-
-    - id: tag-version
-      run: |
-        version="${{ inputs.ref-name }}"
-        version=${version##*v}
-        echo "value=$version" >> "$GITHUB_OUTPUT"
-
-    - name: Create the release notes
-      id: release-notes
-      run: |
-          anchor=${{ steps.tag-version.outputs.value }}
-          anchor=${anchor//./-}
-          cat >> "$GITHUB_OUTPUT" <<EOF
-          value<<ENDVAR
-          See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor
-          ENDVAR
-          EOF
-
-    - name: apt-get install docker.io
-      run: |
-        DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y docker.io
-
-    - name: download release
-      uses: https://code.forgejo.org/actions/forgejo-release@v1
-      with:
-        url: ${{ inputs.forgejo }}
-        repo: ${{ inputs.from-owner }}/${{ inputs.repo }}
-        direction: download
-        release-dir: release
-        download-retry: 60
-        token: ${{ inputs.token }}
-        verbose: ${{ inputs.verbose }}
-
-    - name: upload release
-      uses: https://code.forgejo.org/actions/forgejo-release@v1
-      with:
-        url: ${{ inputs.forgejo }}
-        repo: ${{ inputs.to-owner }}/${{ inputs.repo }}
-        direction: upload
-        release-dir: release
-        release-notes: ${{ steps.release-notes.outputs.value }}
-        token: ${{ inputs.token }}
-        gpg-private-key: ${{ inputs.gpg-private-key }}
-        gpg-passphrase: ${{ inputs.gpg-passphrase }}
-        verbose: ${{ inputs.verbose }}
-
-    - name: login to the registry
-      uses: https://github.com/docker/login-action@v2
-      with:
-          registry: ${{ steps.hostport.outputs.value }}
-          username: ${{ inputs.doer }}
-          password: ${{ inputs.token }}
-
-    - uses: https://code.forgejo.org/forgejo/forgejo-container-image@v1
-      env:
-        VERIFY: 'false'
-      with:
-        url: https://${{ steps.hostport.outputs.value }}
-        destination-owner: ${{ inputs.to-owner }}
-        owner: ${{ inputs.from-owner }}
-        suffixes: '-rootless'
-        project: ${{ inputs.repo }}
-        tag: ${{ steps.tag-version.outputs.value }}
-        doer: ${{ inputs.doer }}
-        token: ${{ inputs.token }}
-        verbose: ${{ inputs.verbose }}
--- a/.forgejo/testdata/build-release/Dockerfile
+++ b/.forgejo/testdata/build-release/Dockerfile
@ -1,3 +0,0 @@
-FROM public.ecr.aws/docker/library/alpine:3.18
-RUN mkdir -p /app/gitea
-RUN ( echo '#!/bin/sh' ; echo "echo forgejo v1.2.3" ) > /app/gitea/gitea ; chmod +x /app/gitea/gitea
--- a/.forgejo/testdata/build-release/Makefile
+++ b/.forgejo/testdata/build-release/Makefile
@ -1,5 +0,0 @@
-VERSION ?= $(shell cat VERSION 2>/dev/null)
-sources-tarbal:
-	mkdir -p dist/release
-	echo $(VERSION) > VERSION
-	sources=forgejo-src-$(VERSION).tar.gz ; tar --transform 's|^./|forgejo-src-$(VERSION)/|' -czf dist/release/forgejo-src-$(VERSION).tar.gz . ; cd dist/release ; shasum -a 256 $$sources > $$sources.sha256
--- a/.forgejo/testdata/build-release/modules/public/bindata.go
+++ b/.forgejo/testdata/build-release/modules/public/bindata.go
--- a/.forgejo/testdata/build-release/public/assets/css/placeholder
+++ b/.forgejo/testdata/build-release/public/assets/css/placeholder
--- a/.forgejo/testdata/build-release/public/assets/fonts/placeholder
+++ b/.forgejo/testdata/build-release/public/assets/fonts/placeholder
--- a/.forgejo/testdata/build-release/public/assets/js/placeholder
+++ b/.forgejo/testdata/build-release/public/assets/js/placeholder
--- a/.forgejo/upgrades/default-app.ini
+++ b/.forgejo/upgrades/default-app.ini
@ -1,30 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/data
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-
-[database]
-DB_TYPE = sqlite3
-PATH = ${WORK_PATH}/forgejo.db
-
-[log]
-MODE = file
-LEVEL = trace
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[actions]
-ENABLED = true
--- a/.forgejo/upgrades/fixtures.sh
+++ b/.forgejo/upgrades/fixtures.sh
@ -1,187 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: MIT
-
-#ONEPIXEL="iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mP8z8BQDwAEhQGAhKmMIQAAAABJRU5ErkJggg=="
-#
-# one pixel scaled to 290x290 because that's what versions lower or equal to v1.19.4-0 want
-# by default and any other size will be transformed which make it difficult to compare.
-#
-ONEPIXEL="iVBORw0KGgoAAAANSUhEUgAAASIAAAEiCAYAAABdvt+2AAADrElEQVR4nOzUMRHAMADEsL9eeQd6AsOLhMCT/7udAYS+OgDAiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDOiICcEQE5IwJyRgTkjAjIGRGQMyIgZ0RAzoiAnBEBOSMCckYE5IwIyBkRkDMiIGdEQM6IgJwRATkjAnJGBOSMCMgZEZAzIiBnREDuBQAA//+4jAPFe1H1tgAAAABJRU5ErkJggg=="
-
-function fixture_get_paths_s3() {
-    local path=$1
-
-    (
-        echo -n $path/
-        mc ls --quiet --recursive testS3/$path | sed -e 's/.* //'
-    ) > $DIR/path
-}
-
-function fixture_get_paths_local() {
-    local path=$1
-    local work_path=$DIR/forgejo-work-path
-
-    ( cd $work_path ; find $path -type f) > $DIR/path
-}
-
-function fixture_get_one_path() {
-    local storage=$1
-    local path=$2
-
-    fixture_get_paths_$storage $path
-
-    if test $(wc -l < $DIR/path) != 1 ; then
-        echo expected one path but got
-        cat $DIR/path
-        return 1
-    fi
-    cat $DIR/path
-}
-
-function fixture_repo_archive_create() {
-    retry curl -f -sS http://${HOST_PORT}/root/fixture/archive/main.zip -o /dev/null
-}
-
-function fixture_repo_archive_assert_s3() {
-    mc ls --recursive testS3/forgejo/repo-archive | grep --quiet '.zip$'
-}
-
-function fixture_repo_archive_assert_local() {
-    local path=$1
-    local work_path=$DIR/forgejo-work-path
-
-    find $work_path/$path | grep --quiet '.zip$'
-}
-
-function fixture_lfs_create() {
-    (
-        cd $DIR/fixture
-        git lfs track "*.txt"
-        echo CONTENT > file.txt
-        git add .
-        git commit -m 'lfs files'
-        git push
-    )
-}
-
-function fixture_lfs_assert_s3() {
-    local content=$(mc cat testS3/forgejo/lfs/d6/1e/5fa787e50330288923bd0c9866b44643925965144262288447cf52f9f9b7)
-    test "$content" = CONTENT
-}
-
-function fixture_lfs_assert_local() {
-    local path=$1
-    local work_path=$DIR/forgejo-work-path
-
-    local content=$(mc cat $work_path/$path/d6/1e/5fa787e50330288923bd0c9866b44643925965144262288447cf52f9f9b7)
-    test "$content" = CONTENT
-}
-
-function fixture_packages_create() {
-    echo PACKAGE_CONTENT > $DIR/fixture/package
-    $work_path/forgejo-api -X DELETE http://${HOST_PORT}/api/packages/${FORGEJO_USER}/generic/test_package/1.0.0/file.txt || true
-    $work_path/forgejo-api --upload-file $DIR/fixture/package http://${HOST_PORT}/api/packages/${FORGEJO_USER}/generic/test_package/1.0.0/file.txt
-}
-
-function fixture_packages_assert_s3() {
-    local content=$(mc cat testS3/forgejo/packages/aa/cf/aacf02e660d813e95d2854e27926ba1ad5c87299dc5f7661d5f08f076c6bbc17)
-    test "$content" = PACKAGE_CONTENT
-}
-
-function fixture_packages_assert_local() {
-    local path=$1
-
-    local content=$(cat $work_path/$path/aa/cf/aacf02e660d813e95d2854e27926ba1ad5c87299dc5f7661d5f08f076c6bbc17)
-    test "$content" = PACKAGE_CONTENT
-}
-
-function fixture_avatars_create() {
-    echo -n $ONEPIXEL | base64 --decode > $DIR/avatar.png
-    $work_path/forgejo-client --form avatar=@$DIR/avatar.png http://${HOST_PORT}/user/settings/avatar
-}
-
-function fixture_avatars_assert_s3() {
-    local filename=$(fixture_get_one_path s3 forgejo/avatars)
-    local content=$(mc cat testS3/$filename | base64 -w0)
-    test "$content" = "$ONEPIXEL"
-}
-
-function fixture_avatars_assert_local() {
-    local path=$1
-
-    local filename=$(fixture_get_one_path local $path)
-    local content=$(cat $work_path/$filename | base64 -w0)
-    test "$content" = "$ONEPIXEL"
-}
-
-function fixture_repo_avatars_create() {
-    echo -n $ONEPIXEL | base64 --decode > $DIR/repo-avatar.png
-    $work_path/forgejo-client --form avatar=@$DIR/repo-avatar.png http://${HOST_PORT}/${FORGEJO_USER}/${FORGEJO_REPO}/settings/avatar
-    # v1.21 only
-    #$work_path/forgejo-api -X POST --data-raw '{"body":"'$avatar'"}' http://${HOST_PORT}/api/v1/repos/${FORGEJO_USER}/${FORGEJO_REPO}/avatar
-}
-
-function fixture_repo_avatars_assert_s3() {
-    local filename=$(fixture_get_one_path s3 forgejo/repo-avatars)
-    local content=$(mc cat testS3/$filename | base64 -w0)
-    test "$content" = "$ONEPIXEL"
-}
-
-function fixture_repo_avatars_assert_local() {
-    local path=$1
-
-    local filename=$(fixture_get_one_path local $path)
-    local content=$(cat $work_path/$filename | base64 -w0)
-    test "$content" = "$ONEPIXEL"
-}
-
-function fixture_attachments_create_1_18() {
-    echo -n $ONEPIXEL | base64 --decode > $DIR/attachment.png
-    $work_path/forgejo-client --trace-ascii - --form file=@$DIR/attachment.png http://${HOST_PORT}/${FORGEJO_USER}/${FORGEJO_REPO}/issues/attachments
-}
-
-function fixture_attachments_create() {
-    if $work_path/forgejo-api http://${HOST_PORT}/api/v1/version | grep --quiet --fixed-strings 1.18. ; then
-        fixture_attachments_create_1_18
-        return
-    fi
-    id=$($work_path/forgejo-api --data-raw '{"title":"TITLE"}' http://${HOST_PORT}/api/v1/repos/${FORGEJO_USER}/${FORGEJO_REPO}/issues | jq .id)
-    echo -n $ONEPIXEL | base64 --decode > $DIR/attachment.png
-    $work_path/forgejo-client -H @$DIR/forgejo-work-path/forgejo-header --form name=attachment.png --form attachment=@$DIR/attachment.png http://${HOST_PORT}/api/v1/repos/${FORGEJO_USER}/${FORGEJO_REPO}/issues/$id/assets
-}
-
-function fixture_attachments_assert_s3() {
-    local filename=$(fixture_get_one_path s3 forgejo/attachments)
-    local content=$(mc cat testS3/$filename | base64 -w0)
-    test "$content" = "$ONEPIXEL"
-}
-
-function fixture_attachments_assert_local() {
-    local path=$1
-
-    local filename=$(fixture_get_one_path local $path)
-    local content=$(cat $work_path/$filename | base64 -w0)
-    test "$content" = "$ONEPIXEL"
-}
-
-function fixture_create() {
-    local work_path=$DIR/forgejo-work-path
-
-    rm -fr $DIR/fixture
-    mkdir -p $DIR/fixture
-    (
-        cd $DIR/fixture
-        git init
-        git checkout -b main
-        git remote add origin http://${FORGEJO_USER}:${FORGEJO_PASSWORD}@${HOST_PORT}/${FORGEJO_USER}/${FORGEJO_REPO}
-        git config user.email root@example.com
-        git config user.name username
-        echo SOMETHING > README
-        git add README
-        git commit -m 'initial commit'
-        git push --set-upstream --force origin main
-    )
-    for fun in ${STORAGE_FUN} ; do
-        fixture_${fun}_create
-    done
-}
--- a/.forgejo/upgrades/legagy-relative-app.ini
+++ b/.forgejo/upgrades/legagy-relative-app.ini
@ -1,32 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/data
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-LFS_CONTENT_PATH = relative-lfs
-
-[database]
-DB_TYPE = sqlite3
-PATH = ${WORK_PATH}/forgejo.db
-
-[log]
-MODE = file
-LEVEL = debug
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[picture]
-AVATAR_UPLOAD_PATH = relative-avatars
-REPOSITORY_AVATAR_UPLOAD_PATH = relative-repo-avatars
--- a/.forgejo/upgrades/merged-app.ini
+++ b/.forgejo/upgrades/merged-app.ini
@ -1,32 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/data
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-
-[database]
-DB_TYPE = sqlite3
-
-[log]
-MODE = file
-LEVEL = debug
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[actions]
-ENABLED = true
-
-[storage]
-PATH = ${WORK_PATH}/merged
--- a/.forgejo/upgrades/misplace-app.ini
+++ b/.forgejo/upgrades/misplace-app.ini
@ -1,59 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/elsewhere
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-
-[database]
-DB_TYPE = sqlite3
-
-[log]
-MODE = file
-LEVEL = debug
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[actions]
-ENABLED = true
-
-[attachment]
-
-[storage.attachments]
-PATH = ${WORK_PATH}/data/attachments
-
-[lfs]
-
-[storage.lfs]
-PATH = ${WORK_PATH}/data/lfs
-
-[avatar]
-
-[storage.avatars]
-PATH = ${WORK_PATH}/data/avatars
-
-[repo-avatar]
-
-[storage.repo-avatars]
-PATH = ${WORK_PATH}/data/repo-avatars
-
-[repo-archive]
-
-[storage.repo-archive]
-PATH = ${WORK_PATH}/data/repo-archive
-
-[packages]
-
-[storage.packages]
-PATH = ${WORK_PATH}/data/packages
--- a/.forgejo/upgrades/misplace-s3-app.ini
+++ b/.forgejo/upgrades/misplace-s3-app.ini
@ -1,89 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/elsewhere
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-
-[database]
-DB_TYPE = sqlite3
-
-[log]
-MODE = file
-LEVEL = debug
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[actions]
-ENABLED = true
-
-[attachment]
-STORAGE_TYPE = minio
-SERVE_DIRECT = false
-MINIO_ENDPOINT = 127.0.0.1:9000
-MINIO_ACCESS_KEY_ID = 123456
-MINIO_SECRET_ACCESS_KEY = 12345678
-MINIO_BUCKET = forgejo
-MINIO_LOCATION = us-east-1
-MINIO_USE_SSL = false
-
-[lfs]
-STORAGE_TYPE = minio
-SERVE_DIRECT = false
-MINIO_ENDPOINT = 127.0.0.1:9000
-MINIO_ACCESS_KEY_ID = 123456
-MINIO_SECRET_ACCESS_KEY = 12345678
-MINIO_BUCKET = forgejo
-MINIO_LOCATION = us-east-1
-MINIO_USE_SSL = false
-
-[repo-avatar]
-STORAGE_TYPE = minio
-SERVE_DIRECT = false
-MINIO_ENDPOINT = 127.0.0.1:9000
-MINIO_ACCESS_KEY_ID = 123456
-MINIO_SECRET_ACCESS_KEY = 12345678
-MINIO_BUCKET = forgejo
-MINIO_LOCATION = us-east-1
-MINIO_USE_SSL = false
-
-[avatar]
-STORAGE_TYPE = minio
-SERVE_DIRECT = false
-MINIO_ENDPOINT = 127.0.0.1:9000
-MINIO_ACCESS_KEY_ID = 123456
-MINIO_SECRET_ACCESS_KEY = 12345678
-MINIO_BUCKET = forgejo
-MINIO_LOCATION = us-east-1
-MINIO_USE_SSL = false
-
-[repo-archive]
-STORAGE_TYPE = minio
-SERVE_DIRECT = false
-MINIO_ENDPOINT = 127.0.0.1:9000
-MINIO_ACCESS_KEY_ID = 123456
-MINIO_SECRET_ACCESS_KEY = 12345678
-MINIO_BUCKET = forgejo
-MINIO_LOCATION = us-east-1
-MINIO_USE_SSL = false
-
-[packages]
-STORAGE_TYPE = minio
-SERVE_DIRECT = false
-MINIO_ENDPOINT = 127.0.0.1:9000
-MINIO_ACCESS_KEY_ID = 123456
-MINIO_SECRET_ACCESS_KEY = 12345678
-MINIO_BUCKET = forgejo
-MINIO_LOCATION = us-east-1
-MINIO_USE_SSL = false
--- a/.forgejo/upgrades/relative-app.ini
+++ b/.forgejo/upgrades/relative-app.ini
@ -1,44 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/data
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-
-[database]
-DB_TYPE = sqlite3
-
-[log]
-MODE = file
-LEVEL = debug
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[attachment]
-PATH = relative-attachments
-
-[lfs]
-PATH = relative-lfs
-
-[avatar]
-PATH = relative-avatars
-
-[repo-avatar]
-PATH = relative-repo-avatars
-
-[repo-archive]
-PATH = relative-repo-archive
-
-[packages]
-PATH = relative-packages
--- a/.forgejo/upgrades/specific-app.ini
+++ b/.forgejo/upgrades/specific-app.ini
@ -1,47 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/elsewhere
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-
-[database]
-DB_TYPE = sqlite3
-
-[log]
-MODE = file
-LEVEL = debug
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[actions]
-ENABLED = true
-
-[attachment]
-PATH = ${WORK_PATH}/data/attachments
-
-[lfs]
-PATH = ${WORK_PATH}/data/lfs
-
-[avatar]
-PATH = ${WORK_PATH}/data/avatars
-
-[repo-avatar]
-PATH = ${WORK_PATH}/data/repo-avatars
-
-[repo-archive]
-PATH = ${WORK_PATH}/data/repo-archive
-
-[packages]
-PATH = ${WORK_PATH}/data/packages
--- a/.forgejo/upgrades/stable-s3-app.ini
+++ b/.forgejo/upgrades/stable-s3-app.ini
@ -1,39 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/elsewhere
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-
-[database]
-DB_TYPE = sqlite3
-
-[log]
-MODE = file
-LEVEL = debug
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[actions]
-ENABLED = true
-
-[storage]
-STORAGE_TYPE = minio
-SERVE_DIRECT = false
-MINIO_ENDPOINT = 127.0.0.1:9000
-MINIO_ACCESS_KEY_ID = 123456
-MINIO_SECRET_ACCESS_KEY = 12345678
-MINIO_BUCKET = forgejo
-MINIO_LOCATION = us-east-1
-MINIO_USE_SSL = false
--- a/.forgejo/upgrades/storage-relative-app.ini
+++ b/.forgejo/upgrades/storage-relative-app.ini
@ -1,44 +0,0 @@
-RUN_MODE = prod
-WORK_PATH = ${WORK_PATH}
-
-[server]
-APP_DATA_PATH = ${WORK_PATH}/data
-HTTP_PORT = 3000
-SSH_LISTEN_PORT = 2222
-LFS_START_SERVER = true
-
-[database]
-DB_TYPE = sqlite3
-
-[log]
-MODE = file
-LEVEL = debug
-ROUTER = file
-
-[log.file]
-FILE_NAME = forgejo.log
-
-[security]
-INSTALL_LOCK = true
-
-[repository]
-ENABLE_PUSH_CREATE_USER = true
-DEFAULT_PUSH_CREATE_PRIVATE = false
-
-[storage.attachments]
-PATH = relative-attachments
-
-[storage.lfs]
-PATH = relative-lfs
-
-[storage.avatars]
-PATH = relative-avatars
-
-[storage.repo-avatars]
-PATH = relative-repo-avatars
-
-[storage.repo-archive]
-PATH = relative-repo-archive
-
-[storage.packages]
-PATH = relative-packages
--- a/.forgejo/upgrades/test-upgrade.sh
+++ b/.forgejo/upgrades/test-upgrade.sh
@ -1,629 +0,0 @@
-#!/bin/bash
-# SPDX-License-Identifier: MIT
-
-#
-# Debug loop from the source tree:
-#
-# ./.forgejo/upgrades/test-upgrade.sh dependencies
-# ./.forgejo/upgrades/test-upgrade.sh build_all
-# VERBOSE=true ./.forgejo/upgrades/test-upgrade.sh test_downgrade_1.20.2_fails
-#
-# Everything happens in /tmp/forgejo-upgrades
-#
-
-PREFIX===============
-HOST_PORT=0.0.0.0:3000
-STORAGE_PATHS="attachments avatars lfs packages repo-archive repo-avatars"
-STORAGE_FUN="attachments avatars lfs packages repo_archive repo_avatars"
-DIR=/tmp/forgejo-upgrades
-if ${VERBOSE:-false} ; then
-    set -ex
-    PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}:  '
-else
-    set -e
-fi
-SELF_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-: ${FORGEJO_USER:=root}
-: ${FORGEJO_REPO:=fixture}
-: ${FORGEJO_PASSWORD:=admin1234}
-
-source $SELF_DIR/fixtures.sh
-
-function maybe_sudo() {
-    if test $(id -u) != 0 ; then
-        SUDO=sudo
-    fi
-}
-
-function log_info() {
-    echo "$PREFIX $@"
-}
-
-function dependencies() {
-    maybe_sudo
-    if ! which curl daemon jq git-lfs > /dev/null ; then
-        $SUDO apt-get install -y -qq curl daemon git-lfs jq sqlite3
-    fi
-
-    if ! test -f /usr/local/bin/mc || ! test -f /usr/local/bin/minio  > /dev/null ; then
-        $SUDO curl --fail -sS https://dl.min.io/client/mc/release/linux-amd64/mc -o /usr/local/bin/mc
-        $SUDO curl --fail -sS https://dl.min.io/server/minio/release/linux-amd64/minio -o /usr/local/bin/minio
-    fi
-    if ! test -x /usr/local/bin/mc || ! test -x /usr/local/bin/minio  > /dev/null ; then
-        $SUDO chmod +x /usr/local/bin/mc
-        $SUDO chmod +x /usr/local/bin/minio
-    fi
-
-    if ! test -f /usr/local/bin/garage > /dev/null ; then
-        $SUDO curl --fail -sS https://garagehq.deuxfleurs.fr/_releases/v0.8.2/x86_64-unknown-linux-musl/garage -o /usr/local/bin/garage
-    fi
-    if ! test -x /usr/local/bin/garage  > /dev/null ; then
-        $SUDO chmod +x /usr/local/bin/garage
-    fi
-}
-
-function build() {
-    local version=$1
-    local semver=$2
-
-    if ! test -f $DIR/forgejo-$version ; then
-        mkdir -p $DIR
-        make VERSION=v$version GITEA_VERSION=v$version FORGEJO_VERSION=$semver TAGS='bindata sqlite sqlite_unlock_notify' generate gitea
-        mv gitea $DIR/forgejo-$version
-    fi
-}
-
-function build_all() {
-    test -f Makefile
-    build 1.21.0-0 6.0.0+0-gitea-1.21.0
-}
-
-function retry() {
-    rm -f $DIR/wait-for.out
-    success=false
-    for delay in 1 1 5 5 15 ; do
-        if "$@" >> $DIR/wait-for.out 2>&1 ; then
-            success=true
-            break
-        fi
-        cat $DIR/wait-for.out
-        echo waiting $delay
-        sleep $delay
-    done
-    if test $success = false ; then
-        cat $DIR/wait-for.out
-        return 1
-    fi
-}
-
-function download() {
-    local version=$1
-
-    if ! test -f $DIR/forgejo-$version ; then
-        mkdir -p $DIR
-	for owner in forgejo forgejo-experimental forgejo-integration ; do
-            if wget -O $DIR/forgejo-$version --quiet https://codeberg.org/$owner/forgejo/releases/download/v$version/forgejo-$version-linux-amd64 ; then
-		break
-	    fi
-	done
-        chmod +x $DIR/forgejo-$version
-    fi
-}
-
-function cleanup_logs() {
-    local work_path=$DIR/forgejo-work-path
-
-    rm -f $DIR/*.log
-    rm -f $work_path/log/*.log
-}
-
-function clobber() {
-    rm -fr /tmp/forgejo-upgrades
-}
-
-function start_forgejo() {
-    local version=$1
-
-    download $version
-    local work_path=$DIR/forgejo-work-path
-    daemon --chdir=$DIR --unsafe --env="TERM=$TERM" --env="HOME=$HOME" --env="PATH=$PATH" --pidfile=$DIR/forgejo-pid --errlog=$DIR/forgejo-err.log --output=$DIR/forgejo-out.log -- $DIR/forgejo-$version --config $work_path/app.ini --work-path $work_path
-    if ! retry grep 'Starting server on' $work_path/log/forgejo.log ; then
-        cat $DIR/*.log
-        cat $work_path/log/*.log
-        return 1
-    fi
-    create_user $version
-}
-
-function start_minio() {
-    mkdir -p $DIR/minio
-    daemon --chdir=$DIR --unsafe \
-           --env="PATH=$PATH" \
-           --env=MINIO_ROOT_USER=123456 \
-           --env=MINIO_ROOT_PASSWORD=12345678 \
-           --env=MINIO_VOLUMES=$DIR/minio \
-           --pidfile=$DIR/minio-pid --errlog=$DIR/minio-err.log --output=$DIR/minio-out.log -- /usr/local/bin/minio server
-    retry mc alias set testS3 http://127.0.0.1:9000 123456 12345678
-}
-
-function start_garage() {
-    mkdir -p $DIR/garage/{data,meta}
-    cat > $DIR/garage/garage.toml <<EOF
-metadata_dir = "$DIR/garage/meta"
-data_dir = "$DIR/garage/data"
-db_engine = "lmdb"
-
-replication_mode = "none"
-
-rpc_bind_addr = "127.0.0.1:3901"
-rpc_public_addr = "127.0.0.1:3901"
-rpc_secret = "$(openssl rand -hex 32)"
-
-[s3_api]
-s3_region = "us-east-1"
-api_bind_addr = "127.0.0.1:9000"
-root_domain = ".s3.garage.localhost"
-
-[s3_web]
-bind_addr = "127.0.0.1:3902"
-root_domain = ".web.garage.localhost"
-index = "index.html"
-
-[k2v_api]
-api_bind_addr = "127.0.0.1:3904"
-
-[admin]
-api_bind_addr = "127.0.0.1:3903"
-admin_token = "$(openssl rand -base64 32)"
-EOF
-
-    daemon --chdir=$DIR --unsafe \
-           --env="PATH=$PATH" \
-           --env=RUST_LOG=garage_api=debug \
-           --pidfile=$DIR/garage-pid --errlog=$DIR/garage-err.log --output=$DIR/garage-out.log -- /usr/local/bin/garage -c $DIR/garage/garage.toml server
-
-    retry garage -c $DIR/garage/garage.toml status
-    garage -c $DIR/garage/garage.toml layout assign -z dc1 -c 1 $(garage -c $DIR/garage/garage.toml status | tail -1 | grep -o '[0-9a-z]*' | head -1)
-    ver=$(garage -c $DIR/garage/garage.toml layout show | grep -oP '(?<=Current cluster layout version: )\d+')
-    garage -c $DIR/garage/garage.toml layout apply --version $((ver+1))
-    garage -c $DIR/garage/garage.toml key info test || garage -c $DIR/garage/garage.toml key import -n test 123456 12345678
-    garage -c $DIR/garage/garage.toml key allow --create-bucket test
-    retry mc alias set testS3 http://127.0.0.1:9000 123456 12345678
-}
-
-function start_s3() {
-    local s3_backend=$1
-
-    start_$s3_backend
-}
-
-function start() {
-    local version=$1
-    local s3_backend=${2:-minio}
-
-    start_s3 $s3_backend
-    start_forgejo $version
-}
-
-function create_user() {
-    local version=$1
-
-    local work_path=$DIR/forgejo-work-path
-
-    if test -f $work_path/forgejo-token; then
-        return
-    fi
-
-    local cli="$DIR/forgejo-$version --config $work_path/app.ini --work-path $work_path"
-    $cli admin user create --admin --username "$FORGEJO_USER" --password "$FORGEJO_PASSWORD" --email "$FORGEJO_USER@example.com"
-    local scopes="--scopes all"
-    if echo $version | grep --quiet 1.18. ; then
-        scopes=""
-    fi
-
-    #
-    # forgejo-cli is to use with api/v1 enpoints
-    #
-    # tail -1 is because there are logs creating noise in the output in v1.19.4-0
-    #
-    $cli admin user generate-access-token -u $FORGEJO_USER --raw $scopes | tail -1 > $work_path/forgejo-token
-    ( echo -n 'Authorization: token ' ; cat $work_path/forgejo-token ) > $work_path/forgejo-header
-    ( echo "#!/bin/sh" ; echo 'curl -f -sS -H "Content-Type: application/json" -H @'$work_path/forgejo-header' "$@"' ) > $work_path/forgejo-api && chmod +x $work_path/forgejo-api
-    $work_path/forgejo-api http://${HOST_PORT}/api/v1/version
-
-    #
-    # forgejo-client is to use with web endpoints
-    #
-    #
-    # login and obtain a CSRF, all stored in the cookie file
-    #
-    ( echo "#!/bin/sh" ; echo 'curl --cookie-jar '$DIR/cookies' --cookie '$DIR/cookies' -f -sS "$@"' ) > $work_path/forgejo-client-update-cookies && chmod +x $work_path/forgejo-client-update-cookies
-    $work_path/forgejo-client-update-cookies http://${HOST_PORT}/user/login -o /dev/null
-    $work_path/forgejo-client-update-cookies --verbose -X POST --data user_name=${FORGEJO_USER} --data password=${FORGEJO_PASSWORD} http://${HOST_PORT}/user/login >& $DIR/login.html
-    $work_path/forgejo-client-update-cookies http://${HOST_PORT}/user/login -o /dev/null
-    local csrf=$(sed -n -e '/csrf/s/.*csrf\t//p' $DIR/cookies)
-    #
-    # use the cookie file but do not modify it
-    #
-    ( echo "#!/bin/sh" ; echo 'curl --cookie '$DIR/cookies' -H "X-Csrf-Token: '$csrf'" -f -sS "$@"' ) > $work_path/forgejo-client && chmod +x $work_path/forgejo-client
-}
-
-function stop_daemon() {
-    local daemon=$1
-
-    if test -f $DIR/$daemon-pid ; then
-        local pid=$(cat $DIR/$daemon-pid)
-        kill -TERM $pid
-        pidwait $pid || true
-        for delay in 1 1 2 2 5 5 ; do
-            if ! test -f $DIR/$daemon-pid ; then
-                break
-            fi
-            sleep $delay
-        done
-        ! test -f $DIR/$daemon-pid
-    fi
-}
-
-function stop() {
-    stop_daemon forgejo
-    stop_daemon minio
-    stop_daemon garage
-
-    cleanup_logs
-}
-
-function reset_forgejo() {
-    local config=$1
-    local work_path=$DIR/forgejo-work-path
-    rm -fr $work_path
-    mkdir -p $work_path
-    WORK_PATH=$work_path envsubst < $SELF_DIR/$config-app.ini > $work_path/app.ini
-}
-
-function reset_minio() {
-    rm -fr $DIR/minio
-}
-
-function reset_garage() {
-    rm -fr $DIR/garage
-}
-
-function reset() {
-    local config=$1
-    reset_forgejo $config
-    reset_minio
-    reset_garage
-}
-
-function verify_storage() {
-    local work_path=$DIR/forgejo-work-path
-
-    for path in ${STORAGE_PATHS} ; do
-        test -d $work_path/data/$path
-    done
-}
-
-function cleanup_storage() {
-    local work_path=$DIR/forgejo-work-path
-
-    for path in ${STORAGE_PATHS} ; do
-        rm -fr $work_path/data/$path
-    done
-}
-
-function test_downgrade_1.20.2_fails() {
-    local work_path=$DIR/forgejo-work-path
-
-    log_info "See also https://codeberg.org/forgejo/forgejo/pulls/1225"
-
-    log_info "downgrading from 1.20.3-0 to 1.20.2-0 fails"
-    stop
-    reset default
-    start 1.20.3-0
-    stop
-    download 1.20.2-0
-    timeout 60 $DIR/forgejo-1.20.2-0 --config $work_path/app.ini --work-path $work_path || true
-    if ! grep --fixed-strings --quiet 'use the newer database' $work_path/log/forgejo.log ; then
-        cat $work_path/log/forgejo.log
-        return 1
-    fi
-}
-
-function test_bug_storage_merged() {
-    local work_path=$DIR/forgejo-work-path
-
-    log_info "See also https://codeberg.org/forgejo/forgejo/pulls/1225"
-
-    log_info "using < 1.20.3-0 and [storage].PATH merge all storage"
-    for version in 1.18.5-0 1.19.4-0 1.20.2-0 ; do
-        stop
-        reset merged
-        start $version
-        for path in ${STORAGE_PATHS} ; do
-            ! test -d $work_path/data/$path
-        done
-        for path in ${STORAGE_PATHS} ; do
-            ! test -d $work_path/merged/$path
-        done
-        test -d $work_path/merged
-    done
-    stop
-
-    log_info "upgrading from 1.20.2-0 with [storage].PATH fails"
-    download 1.20.3-0
-    timeout 60 $DIR/forgejo-1.20.3-0 --config $work_path/app.ini --work-path $work_path || true
-    if ! grep --fixed-strings --quiet '[storage].PATH is set and may create storage issues' $work_path/log/forgejo.log ; then
-        cat $work_path/log/forgejo.log
-        return 1
-    fi
-}
-
-function test_bug_storage_relative_path() {
-    local work_path=$DIR/forgejo-work-path
-
-    log_info "using < 1.20.3-0 legacy [server].XXXX and [picture].XXXX are relative to WORK_PATH"
-    for version in 1.18.5-0 1.19.4-0 1.20.2-0 ; do
-        stop
-        reset legagy-relative
-        start $version
-        test -d $work_path/relative-lfs
-        test -d $work_path/relative-avatars
-        test -d $work_path/relative-repo-avatars
-    done
-
-    log_info "using >= 1.20.3-0 legacy [server].XXXX and [picture].XXXX are relative to APP_DATA_PATH"
-    for version in 1.20.3-0 1.21.0-0 ; do
-        stop
-        reset legagy-relative
-        start $version
-        test -d $work_path/data/relative-lfs
-        test -d $work_path/data/relative-avatars
-        test -d $work_path/data/relative-repo-avatars
-    done
-
-    log_info "using >= 1.20.3-0 relative [storage.XXXX].PATHS are relative to APP_DATA_PATH"
-    for version in 1.20.3-0 1.21.0-0 ; do
-        stop
-        reset storage-relative
-        start $version
-        for path in ${STORAGE_PATHS} ; do
-            test -d $work_path/data/relative-$path
-        done
-    done
-
-    log_info "using 1.20.[12]-0 relative [storage.XXXX].PATHS are inconsistent"
-    for version in 1.20.2-0 ; do
-        stop
-        reset storage-relative
-        start $version
-        test -d $work_path/data/packages
-        test -d $work_path/relative-repo-archive
-        test -d $work_path/relative-attachments
-        test -d $work_path/relative-lfs
-        test -d $work_path/data/avatars
-        test -d $work_path/data/repo-avatars
-    done
-
-    log_info "using < 1.20 relative [storage.XXXX].PATHS are inconsistent"
-    for version in 1.18.5-0 1.19.4-0 ; do
-        stop
-        reset storage-relative
-        start $version
-        test -d $work_path/relative-packages
-        test -d $work_path/relative-repo-archive
-        test -d $work_path/relative-attachments
-        test -d $work_path/data/lfs
-        test -d $work_path/data/avatars
-        test -d $work_path/data/repo-avatars
-    done
-
-    log_info "using < 1.20.3-0 relative [XXXX].PATHS are relative to WORK_PATH"
-    for version in 1.18.5-0 1.19.4-0 1.20.2-0 ; do
-        stop
-        reset relative
-        start $version
-        for path in ${STORAGE_PATHS} ; do
-            test -d $work_path/relative-$path
-        done
-    done
-
-    log_info "using >= 1.20.3-0 relative [XXXX].PATHS are relative to APP_DATA_PATH"
-    for version in 1.20.3-0 1.21.0-0 ; do
-        stop
-        reset relative
-        start $version
-        for path in ${STORAGE_PATHS} ; do
-            test -d $work_path/data/relative-$path
-        done
-    done
-
-    stop
-}
-
-function test_bug_storage_s3_misplace() {
-    local work_path=$DIR/forgejo-work-path
-    local s3_backend=${2:-minio}
-
-    log_info "See also https://codeberg.org/forgejo/forgejo/issues/1338"
-
-    for version in 1.20.2-0 1.20.3-0 ; do
-        log_info "Forgejo $version & $s3_backend"
-        stop
-        reset misplace-s3
-        start $version $s3_backend
-        fixture_create
-        for fun in ${STORAGE_FUN} ; do
-            fixture_${fun}_assert_s3
-        done
-    done
-
-    for version in 1.18.5-0 1.19.4-0 ; do
-        log_info "Forgejo $version & $s3_backend"
-        stop
-        reset misplace-s3
-        start $version $s3_backend
-        fixture_create
-        #
-        # some storage are in S3
-        #
-        fixture_attachments_assert_s3
-        fixture_lfs_assert_s3
-        #
-        # others are in local
-        #
-        fixture_repo_archive_assert_local elsewhere/repo-archive
-        fixture_avatars_assert_local elsewhere/avatars
-        fixture_packages_assert_local elsewhere/packages
-        fixture_repo_avatars_assert_local elsewhere/repo-avatars
-    done
-}
-
-function test_storage_stable_s3() {
-    local work_path=$DIR/forgejo-work-path
-    local s3_backend=${1:-minio}
-
-    log_info "See also https://codeberg.org/forgejo/forgejo/issues/1338"
-
-    for version in 1.18.5-0 1.19.4-0 1.20.2-0 1.20.3-0 ; do
-        log_info "Forgejo $version & $s3_backend"
-        stop
-        reset stable-s3
-        start $version $s3_backend
-        fixture_create
-        for fun in ${STORAGE_FUN} ; do
-            fixture_${fun}_assert_s3
-        done
-    done
-}
-
-function test_bug_storage_misplace() {
-    local work_path=$DIR/forgejo-work-path
-
-    log_info "See also https://codeberg.org/forgejo/forgejo/pulls/1225"
-
-    log_info "using < 1.20 and conflicting sections misplace storage"
-    for version in 1.18.5-0 1.19.4-0 ; do
-        stop
-        reset misplace
-        start $version
-        #
-        # some storage are where they should be
-        #
-        test -d $work_path/data/packages
-        test -d $work_path/data/repo-archive
-        test -d $work_path/data/attachments
-        #
-        # others are under APP_DATA_PATH
-        #
-        test -d $work_path/elsewhere/lfs
-        test -d $work_path/elsewhere/avatars
-        test -d $work_path/elsewhere/repo-avatars
-    done
-
-    log_info "using < 1.20.[12]-0 and conflicting sections ignores [storage.*]"
-    for version in 1.20.2-0 ; do
-        stop
-        reset misplace
-        start $version
-        for path in ${STORAGE_PATHS} ; do
-            test -d $work_path/elsewhere/$path
-        done
-    done
-
-    stop
-
-    log_info "upgrading from 1.20.2-0 with conflicting sections fails"
-    download 1.20.3-0
-    timeout 60 $DIR/forgejo-1.20.3-0 --config $work_path/app.ini --work-path $work_path || true
-    for path in ${STORAGE_PATHS} ; do
-        if ! grep --fixed-strings --quiet "[storage.$path] may conflict" $work_path/log/forgejo.log ; then
-            cat $work_path/log/forgejo.log
-            return 1
-        fi
-    done
-}
-
-function test_successful_upgrades() {
-    for config in default specific ; do
-        log_info "using $config app.ini"
-        reset $config
-
-        for version in 1.18.5-0 1.19.4-0 1.20.2-0 1.20.3-0 1.21.0-0 ; do
-            log_info "run $version"
-            cleanup_storage
-            start $version
-            verify_storage
-            stop
-        done
-    done
-}
-
-function test_forgejo_database_version() {
-    local expected_version=$1
-    local work_path=$DIR/forgejo-work-path
-
-    actual_version=$(sqlite3 $work_path/forgejo.db "select version from forgejo_version")
-    test "$expected_version" = "$actual_version"
-}
-
-function test_forgejo_database_v3_upgrades_list_table() {
-    local table=$1
-    local work_path=$DIR/forgejo-work-path
-
-    sqlite3 $work_path/forgejo.db  ".tables $table"  .exit | grep --quiet $table
-}
-
-function test_forgejo_database_v3_upgrades() {
-    local table=forgejo_auth_token
-
-    stop
-
-    reset default
-    log_info "run 1.20.4-1"
-    start 1.20.4-1
-    stop
-    ! test_forgejo_database_v3_upgrades_list_table $table
-    test_forgejo_database_version 2
-
-    log_info "run 1.20.5-0"
-    start 1.20.5-0
-    stop
-    test_forgejo_database_v3_upgrades_list_table $table
-    test_forgejo_database_version 3
-}
-
-function run() {
-    local fun=$1
-    shift
-
-    echo Start running $fun
-    mkdir -p $DIR
-    > $DIR/$fun.out
-    tail --follow $DIR/$fun.out | sed --unbuffered -n -e "/^$PREFIX/s/^$PREFIX //p" &
-    pid=$!
-    if ! VERBOSE=true ${BASH_SOURCE[0]} $fun "$@" >& $DIR/$fun.out ; then
-        kill $pid
-        cat $DIR/$fun.out
-        echo Failure running $fun
-        return 1
-    fi
-    kill $pid
-    echo Success running $fun
-}
-
-function test_upgrades() {
-    run stop
-    run dependencies
-    run build_all
-    run test_successful_upgrades
-    run test_bug_storage_misplace
-    run test_bug_storage_merged
-    run test_downgrade_1.20.2_fails
-    run test_bug_storage_s3_misplace
-    run test_storage_stable_s3 minio
-    run test_storage_stable_s3 garage
-    run test_forgejo_database_v3_upgrades
-}
-
-"$@"
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@ -1,99 +0,0 @@
-name: Integration tests for the release process
-
-on:
-  push:
-    paths:
-      - Makefile
-      - Dockerfile
-      - Dockerfile.rootless
-      - docker/**
-      - .forgejo/actions/build-release/action.yml
-      - .forgejo/workflows/build-release.yml
-      - .forgejo/workflows/build-release-integration.yml
-
-jobs:
-  release-simulation:
-    runs-on: self-hosted
-    if: secrets.ROLE != 'forgejo-integration' && secrets.ROLE != 'forgejo-experimental' && secrets.ROLE != 'forgejo-release'
-    steps:
-      - uses: actions/checkout@v3
-
-      - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v1
-        with:
-          user: root
-          password: admin1234
-          image-version: 1.19
-          lxc-ip-prefix: 10.0.9
-
-      - name: publish the forgejo release
-        run: |
-          set -x
-
-          version=1.2.3
-          cat > /etc/docker/daemon.json <<EOF
-            {
-              "insecure-registries" : ["${{ steps.forgejo.outputs.host-port }}"]
-            }
-          EOF
-          systemctl restart docker
-
-          apt-get install -qq -y xz-utils
-
-          dir=$(mktemp -d)
-          trap "rm -fr $dir" EXIT
-
-          url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }}
-          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"
-
-          #
-          # Create a new project with a fake forgejo and the release workflow only
-          #
-          cp -a .forgejo/testdata/build-release/* $dir
-          mkdir -p $dir/.forgejo/workflows
-          cp .forgejo/workflows/build-release.yml $dir/.forgejo/workflows
-          cp -a .forgejo/actions $dir/.forgejo/actions
-          cp $dir/Dockerfile $dir/Dockerfile.rootless
-
-          forgejo-test-helper.sh push $dir $url root forgejo
-          sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo main)
-
-          #
-          # Push a tag to trigger the release workflow and wait for it to complete
-          #
-          forgejo-curl.sh api_json --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}' $url/api/v1/repos/root/forgejo/tags
-          LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha
-
-          #
-          # uncomment to see the logs even when everything is reported to be working ok
-          #
-          #cat $FORGEJO_RUNNER_LOGS
-
-          #
-          # Minimal sanity checks. e2e test is for the setup-forgejo
-          # action and the infrastructure playbook. Since the binary
-          # is a script shell it does not test the sanity of the cross
-          # build, only the sanity of the naming of the binaries.
-          #
-          for arch in amd64 arm64 arm-6 ; do
-            binary=forgejo-$version-linux-$arch
-            for suffix in '' '.xz' ; do
-              curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix > $binary$suffix
-              if test "$suffix" = .xz ; then
-                 unxz --keep $binary$suffix
-              fi
-              chmod +x $binary
-              ./$binary --version | grep $version
-              curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256
-              shasum -a 256 --check $binary$suffix.sha256
-              rm $binary$suffix
-            done
-          done
-
-          sources=forgejo-src-$version.tar.gz
-          curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources > $sources
-          curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources.sha256 > $sources.sha256
-          shasum -a 256 --check $sources.sha256
-
-          docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version
-          docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version-rootless
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@ -1,190 +0,0 @@
-name: Build release
-
-on:
-  push:
-    tags: 'v*'
-
-jobs:
-  release:
-    runs-on: self-hosted
-    # root is used for testing, allow it
-    if: secrets.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Increase the verbosity when there are no secrets
-        id: verbose
-        run: |
-          if test -z "${{ secrets.TOKEN }}"; then
-            value=true
-          else
-            value=false
-          fi
-          echo "value=$value" >> "$GITHUB_OUTPUT"
-
-      - name: Sanitize the name of the repository
-        id: repository
-        run: |
-          set -x # comment out
-          repository="${{ github.repository }}"
-          echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
-
-      - name: When in a test environment, create a token
-        id: token
-        if: ${{ secrets.TOKEN == '' }}
-        run: |
-          apt-get -qq install -y jq
-          url="${{ env.GITHUB_SERVER_URL }}"
-          hostport=${url##http*://}
-          hostport=${hostport%%/}
-          doer=root
-          api=http://$doer:admin1234@$hostport/api/v1/users/$doer/tokens
-          curl -sS -X DELETE $api/release
-          token=$(curl -sS -X POST -H 'Content-Type: application/json' --data-raw '{"name": "release", "scopes": ["all"]}' $api | jq --raw-output .sha1)
-          echo "value=${token}" >> "$GITHUB_OUTPUT"
-
-      - uses: https://code.forgejo.org/actions/setup-node@v3
-        with:
-          node-version: 18
-
-      - uses: https://code.forgejo.org/actions/setup-go@v4
-        with:
-          go-version: ">=1.20"
-          check-latest: true
-
-      - name: Create the version from ref_name
-        id: tag-version
-        run: |
-          version="${{ github.ref_name }}"
-          version=${version##*v}
-          echo "value=$version" >> "$GITHUB_OUTPUT"
-
-      - name: Create the release notes
-        id: release-notes
-        run: |
-          cat >> "$GITHUB_OUTPUT" <<EOF
-          value<<ENDVAR
-          See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#${{ steps.tag-version.outputs.value }}
-          ENDVAR
-          EOF
-
-      - name: Build sources
-        run: |
-          set -x
-          apt-get -qq install -y make
-          version=${{ steps.tag-version.outputs.value }}
-          #
-          # Make sure all files are owned by the current user.
-          # When run as root `npx webpack` will assume the identity
-          # of the owner of the current working directory and may
-          # fail to create files if some sub-directories are not owned
-          # by the same user.
-          #
-          #   Binaries:
-          #   Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
-          #   npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
-          # Packages:
-          #   add-asset-webpack-plugin: 2.0.1 => 2.0.1
-          #   css-loader: 6.8.1 => 6.8.1
-          #   esbuild-loader: 3.0.1 => 3.0.1
-          #   license-checker-webpack-plugin: 0.2.1 => 0.2.1
-          #   monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
-          #   vue-loader: 17.2.2 => 17.2.2
-          #   webpack: 5.87.0 => 5.87.0
-          #   webpack-cli: 5.1.4 => 5.1.4
-          #
-          chown -R $(id -u) .
-          make VERSION=$version TAGS=bindata sources-tarbal
-          mv dist/release release
-
-          (
-            tmp=$(mktemp -d)
-            tar --directory $tmp -zxvf release/*$version*.tar.gz
-            cd $tmp/*
-            #
-            # Verify `make frontend` files are available
-            #
-            test -d public/assets/css
-            test -d public/assets/fonts
-            test -d public/assets/js
-            #
-            # Verify `make generate` files are available
-            #
-            test -f modules/public/bindata.go
-            #
-            # Sanity check to verify that the source tarbal knows the
-            # version and is able to rebuild itself from it.
-            #
-            # When in sources the version is determined with git.
-            # When in the tarbal the version is determined from a VERSION file.
-            #
-            make sources-tarbal
-            tarbal=$(echo dist/release/*$version*.tar.gz)
-            if ! test -f $tarbal ; then
-              echo $tarbal does not exist
-              find dist release
-              exit 1
-            fi
-          )
-
-      - name: build container & release (when TOKEN secret is not set)
-        if: ${{ secrets.TOKEN == '' }}
-        uses: ./.forgejo/actions/build-release
-        with:
-          forgejo: "${{ env.GITHUB_SERVER_URL }}"
-          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
-          repository: "${{ steps.repository.outputs.value }}"
-          doer: root
-          tag-version: "${{ steps.tag-version.outputs.value }}"
-          token: ${{ steps.token.outputs.value }}
-          platforms: linux/amd64,linux/arm64,linux/arm/v6
-          release-notes: "${{ steps.release-notes.outputs.value }}"
-          binary-name: forgejo
-          binary-path: /app/gitea/gitea
-          verbose: ${{ steps.verbose.outputs.value }}
-
-      - name: build rootless container (when TOKEN secret is not set)
-        if: ${{ secrets.TOKEN == '' }}
-        uses: ./.forgejo/actions/build-release
-        with:
-          forgejo: "${{ env.GITHUB_SERVER_URL }}"
-          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
-          repository: "${{ steps.repository.outputs.value }}"
-          doer: root
-          tag-version: "${{ steps.tag-version.outputs.value }}"
-          token: ${{ steps.token.outputs.value }}
-          platforms: linux/amd64,linux/arm64,linux/arm/v6
-          suffix: -rootless
-          dockerfile: Dockerfile.rootless
-          verbose: ${{ steps.verbose.outputs.value }}
-
-      - name: build container & release (when TOKEN secret is set)
-        if: ${{ secrets.TOKEN != '' }}
-        uses: ./.forgejo/actions/build-release
-        with:
-          forgejo: "${{ env.GITHUB_SERVER_URL }}"
-          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
-          repository: "${{ steps.repository.outputs.value }}"
-          doer: "${{ secrets.DOER }}"
-          tag-version: "${{ steps.tag-version.outputs.value }}"
-          token: "${{ secrets.TOKEN }}"
-          platforms: linux/amd64,linux/arm64,linux/arm/v6
-          release-notes: "${{ steps.release-notes.outputs.value }}"
-          binary-name: forgejo
-          binary-path: /app/gitea/gitea
-          verbose: ${{ steps.verbose.outputs.value }}
-
-      - name: build rootless container (when TOKEN secret is set)
-        if: ${{ secrets.TOKEN != '' }}
-        uses: ./.forgejo/actions/build-release
-        with:
-          forgejo: "${{ env.GITHUB_SERVER_URL }}"
-          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
-          repository: "${{ steps.repository.outputs.value }}"
-          doer: "${{ secrets.DOER }}"
-          tag-version: "${{ steps.tag-version.outputs.value }}"
-          token: "${{ secrets.TOKEN }}"
-          platforms: linux/amd64,linux/arm64,linux/arm/v6
-          suffix: -rootless
-          dockerfile: Dockerfile.rootless
-          verbose: ${{ steps.verbose.outputs.value }}
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@ -1,72 +0,0 @@
-# SPDX-License-Identifier: MIT
-#
-# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
-#
-# https://codeberg.org/forgejo-experimental/forgejo
-#
-#  Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
-#
-#  ROLE: forgejo-experimental
-#  FORGEJO: https://codeberg.org
-#  FROM_OWNER: forgejo-integration
-#  TO_OWNER: forgejo-experimental
-#  DOER: forgejo-experimental-ci
-#  TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
-#
-# http://private.forgejo.org/forgejo/forgejo
-#
-#  Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
-#
-#  ROLE: forgejo-release
-#  FORGEJO: https://codeberg.org
-#  FROM_OWNER: forgejo-integration
-#  TO_OWNER: forgejo
-#  DOER: release-team
-#  TOKEN: <generated from codeberg.org/release-team>
-#  GPG_PRIVATE_KEY: <XYZ>
-#  GPG_PASSPHRASE: <ABC>
-#
-name: Pubish release
-
-on: 
-  push:
-    tags: 'v*'
-
-jobs:
-  publish:
-    runs-on: self-hosted
-    if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != ''
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: copy & sign binaries and container images from one owner to another
-        uses: ./.forgejo/actions/publish-release
-        with:
-          forgejo: ${{ secrets.FORGEJO }}
-          from-owner: ${{ secrets.FROM_OWNER }}
-          to-owner: ${{ secrets.TO_OWNER }}
-          ref-name: ${{ github.ref_name }}
-          doer: ${{ secrets.DOER }}
-          token: ${{ secrets.TOKEN }}
-          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
-          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
-          verbose: ${{ secrets.VERBOSE }}
-
-
-      - name: set up go for the DNS update below
-        uses: https://code.forgejo.org/actions/setup-go@v4
-        if: secrets.ROLE == 'forgejo-experimental'
-        with:
-          go-version: "1.21"
-          check-latest: true
-      - name: update the _release.experimental DNS record
-        if: secrets.ROLE == 'forgejo-experimental'
-        uses: https://code.forgejo.org/actions/ovh-dns-update@v1
-        with:
-          subdomain: _release.experimental
-          domain: forgejo.com # there is a CNAME from .org to .com (for security reasons)
-          record-id: 5283602601
-          value: v=${{ github.ref_name }}
-          ovh-app-key: ${{ secrets.OVH_APP_KEY }}
-          ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
-          ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@ -1,189 +0,0 @@
-name: testing
-
-on:
-  pull_request:
-  push:
-    branches:
-      - 'forgejo*'
-      - 'v*/forgejo*'
-
-jobs:
-  lint-backend:
-    runs-on: docker
-    container:
-      image: 'docker.io/node:20-bookworm'
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
-      - uses: https://code.forgejo.org/actions/setup-go@v4
-        with:
-          go-version: "1.21"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make lint-backend
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-  checks-backend:
-    runs-on: docker
-    container:
-      image: 'docker.io/node:20-bookworm'
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
-      - uses: https://code.forgejo.org/actions/setup-go@v4
-        with:
-          go-version: "1.21"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
-  test-unit:
-    runs-on: docker
-    needs: [lint-backend, checks-backend]
-    container:
-      image: 'docker.io/node:20-bookworm'
-    services:
-      minio:
-        image: 'docker.io/bitnami/minio:2023.8.31'
-        env:
-          MINIO_ROOT_USER: 123456
-          MINIO_ROOT_PASSWORD: 12345678
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
-      - uses: https://code.forgejo.org/actions/setup-go@v4
-        with:
-          go-version: "1.21"
-      - run: |
-          git config --add safe.directory '*'
-          adduser --quiet --comment forgejo --disabled-password forgejo
-          chown -R forgejo:forgejo .
-      - run: |
-          su forgejo -c 'make deps-backend'
-      - run: |
-          su forgejo -c 'make backend'
-        env:
-          TAGS: bindata
-      - run: |
-          su forgejo -c 'make unit-test-coverage test-check'
-        timeout-minutes: 50
-        env:
-          RACE_ENABLED: 'true'
-          TAGS: bindata
-  test-mysql:
-    runs-on: docker
-    needs: [lint-backend, checks-backend]
-    container:
-      image: 'docker.io/node:20-bookworm'
-    services:
-      mysql8:
-        image: mysql:8-debian
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: yes
-          MYSQL_DATABASE: testgitea
-        #
-        # See also https://codeberg.org/forgejo/forgejo/issues/976
-        #
-        cmd: ['mysqld', '--innodb-adaptive-flushing=OFF', '--innodb-buffer-pool-size=4G', '--innodb-log-buffer-size=128M', '--innodb-flush-log-at-trx-commit=0', '--innodb-flush-log-at-timeout=30', '--innodb-flush-method=nosync', '--innodb-fsync-threshold=1000000000']
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
-      - uses: https://code.forgejo.org/actions/setup-go@v4
-        with:
-          go-version: "1.21"
-      - name: install dependencies
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt-get update -qq
-          apt-get install --no-install-recommends -qq -y git-lfs
-      - name: setup user and permissions
-        run: |
-          git config --add safe.directory '*'
-          adduser --quiet --comment forgejo --disabled-password forgejo
-          chown -R forgejo:forgejo .
-      - run: |
-          su forgejo -c 'make deps-backend'
-      - run: |
-          su forgejo -c 'make backend'
-        env:
-          TAGS: bindata
-      - run: |
-          su forgejo -c 'make test-mysql8-migration test-mysql8'
-        timeout-minutes: 50
-        env:
-          TAGS: bindata
-          USE_REPO_TEST_DIR: 1
-  test-pgsql:
-    runs-on: docker
-    needs: [lint-backend, checks-backend]
-    container:
-      image: 'docker.io/node:20-bookworm'
-    services:
-      minio:
-        image: bitnami/minio:2021.3.17
-        env:
-          MINIO_ACCESS_KEY: 123456
-          MINIO_SECRET_KEY: 12345678
-      pgsql:
-        image: 'docker.io/postgres:15'
-        env:
-          POSTGRES_DB: test
-          POSTGRES_PASSWORD: postgres
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
-      - uses: https://code.forgejo.org/actions/setup-go@v4
-        with:
-          go-version: "1.21"
-      - name: install dependencies
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt-get update -qq
-          apt-get install --no-install-recommends -qq -y git-lfs
-      - name: setup user and permissions
-        run: |
-          git config --add safe.directory '*'
-          adduser --quiet --comment forgejo --disabled-password forgejo
-          chown -R forgejo:forgejo .
-      - run: |
-          su forgejo -c 'make deps-backend'
-      - run: |
-          su forgejo -c 'make backend'
-        env:
-          TAGS: bindata
-      - run: |
-          su forgejo -c 'make test-pgsql-migration test-pgsql'
-        timeout-minutes: 50
-        env:
-          TAGS: bindata gogit
-          RACE_ENABLED: true
-          TEST_TAGS: gogit
-          USE_REPO_TEST_DIR: 1
-  test-sqlite:
-    runs-on: docker
-    needs: [lint-backend, checks-backend]
-    container:
-      image: 'docker.io/node:20-bookworm'
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v3
-      - uses: https://code.forgejo.org/actions/setup-go@v4
-        with:
-          go-version: "1.21"
-      - name: install dependencies
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt-get update -qq
-          apt-get install --no-install-recommends -qq -y git-lfs
-      - name: setup user and permissions
-        run: |
-          git config --add safe.directory '*'
-          adduser --quiet --comment forgejo --disabled-password forgejo
-          chown -R forgejo:forgejo .
-      - run: |
-          su forgejo -c 'make deps-backend'
-      - run: |
-          su forgejo -c 'make backend'
-        env:
-          TAGS: bindata gogit sqlite sqlite_unlock_notify
-      - run: |
-          su forgejo -c 'make test-sqlite-migration test-sqlite'
-        timeout-minutes: 50
-        env:
-          TAGS: bindata gogit sqlite sqlite_unlock_notify
-          RACE_ENABLED: true
-          TEST_TAGS: gogit sqlite sqlite_unlock_notify
-          USE_REPO_TEST_DIR: 1
--- a/.gitattributes
+++ b/.gitattributes
@ -1,10 +1,8 @@
 * text=auto eol=lf
-*.tmpl linguist-language=go-html-template
+*.tmpl linguist-language=Handlebars
 /assets/*.json linguist-generated
-/public/assets/img/svg/*.svg linguist-generated
-/templates/swagger/v1_json.tmpl linguist-generated
+/public/vendor/** -text -eol linguist-vendored
 /vendor/** -text -eol linguist-vendored
 /web_src/fomantic/build/** linguist-generated
-/web_src/fomantic/_site/globals/site.variables linguist-language=Less
 /web_src/js/vendor/** -text -eol linguist-vendored
 Dockerfile.* linguist-language=Dockerfile
--- a/.gitea/ISSUE_TEMPLATE/bug-report.md
+++ b/.gitea/ISSUE_TEMPLATE/bug-report.md
@ -0,0 +1,53 @@
+---
+name: "Bug Report"
+about: "Found something you weren't expecting? Report it here!"
+title: "[BUG] "
+---
+<!--
+NOTE: If your issue is a security concern, please email security@forgejo.org (GPG: A4676E79) instead of opening a public issue.
+
+1. Please speak English, as this is the language all maintainers can
+   speak and write.
+
+2. Please ask questions or troubleshoot configuration/deploy problems
+   in our Matrix space (https://matrix.to/#/#forgejo:matrix.org).
+
+3. Please make sure you are using the latest release of Forgejo and
+   take a moment to check that your issue hasn't been reported before.
+
+4. Please give all relevant information below for bug reports, because
+   incomplete details will be handled as an invalid report.
+
+5. If you are using a proxy or a CDN (e.g. CloudFlare) in front of
+   Forgejo, please disable the proxy/CDN fully and connect to Forgejo
+   directly to confirm the issue still persists without those services.
+-->
+
+- Forgejo version (or commit ref):
+- Git version:
+- Operating system:
+- Database (use `[x]`):
+  - [ ] PostgreSQL
+  - [ ] MySQL
+  - [ ] MSSQL
+  - [ ] SQLite
+- How are you running Forgejo?
+<!--
+Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
+Please also tell us how you are running Forgejo, e.g. if it is being run from docker, a command-line, systemd etc.
+If you are using a package or systemd tell us what distribution you are using.
+-->
+
+## Description
+<!-- Please describe the issue you are having as clearly and succinctly as possible. -->
+
+## Logs
+<!--
+It is really important to provide pertinent logs. We need DEBUG level logs.
+Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
+In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of `app.ini`.
+Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden.
+-->
+
+## Screenshots
+<!-- If this issue involves the Web Interface, please provide one or more screenshots -->
--- a/.gitea/ISSUE_TEMPLATE/feature-request.md
+++ b/.gitea/ISSUE_TEMPLATE/feature-request.md
@ -0,0 +1,24 @@
+---
+name: "Feature Request"
+about: "Got an idea for a feature that Forgejo doesn't have yet? Submit it here!"
+title: "[FEAT] "
+---
+<!--
+1. Please speak English, as this is the language all maintainers can
+   speak and write.
+
+2. Please ask questions or troubleshoot configuration/deploy problems
+   in our Matrix space (https://matrix.to/#/#forgejo:matrix.org).
+
+3. Please make sure you are using the latest release of Forgejo and
+   take a moment to check that your feature hasn't already been suggested.
+-->
+
+## Needs and benefits
+<!-- Please describe the needs this feature intends to address and the benefits it brings. -->
+
+## Feature Description
+<!-- Please describe the feature you would like to see added as clearly and succinctly as possible. -->
+
+## Screenshots
+<!-- If you can, provide screenshots of an implementation on another site, e.g. GitHub. -->
--- a/.gitea/issue_template/bug-report-ui.yaml
+++ b/.gitea/issue_template/bug-report-ui.yaml
@ -1,63 +0,0 @@
-name: 🦋 Bug Report (web interface / frontend)
-description: Something doesn't look quite as it should?  Report it here!
-title: "[BUG] "
-labels: ["bug", "forgejo/ui"]
-body:
- type: markdown
-  attributes:
-    value: |
-      **NOTE: If your issue is a security concern, please email <security@forgejo.org> (GPG: `A4676E79`) instead of opening a public issue.**
- type: markdown
-  attributes:
-    value: |
-      - Please speak English, as this is the language all maintainers can speak and write.
-      - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way.
-      - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
-      - Please make sure you are using the latest release of Forgejo and take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137).
-      - Please give all relevant information below for bug reports, as incomplete details may result in the issue not being considered.
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below).
-      If you think this is a JavaScript error, show us the JavaScript console.
-      If the error appears to relate to Forgejo the server, please also give us `DEBUG` level logs. (See https://forgejo.org/docs/latest/admin/logging-documentation/)
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: Please provide at least one screenshot showing the issue.
-  validations:
-    required: true
- type: input
-  id: forgejo-ver
-  attributes:
-    label: Forgejo Version
-    description: Forgejo version (or commit reference) your instance is running
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on Forgejo Next?
-    description: |
-      Please try reproducing your issue at [Forgejo Next](https://next.forgejo.org).
-      If you can reproduce it, please provide a URL in the Description field.
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: input
-  id: browser-ver
-  attributes:
-    label: Browser Version
-    description: The browser and version that you are using to access Forgejo
-  validations:
-    required: true
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to access Forgejo
--- a/.gitea/issue_template/bug-report.yaml
+++ b/.gitea/issue_template/bug-report.yaml
@ -1,90 +0,0 @@
-name: 🐛 Bug Report (server / backend)
-description: Found something you weren't expecting? Report it here!
-title: "[BUG] "
-labels: bug
-body:
- type: markdown
-  attributes:
-    value: |
-      **NOTE: If your issue is a security concern, please email <security@forgejo.org> (GPG: `A4676E79`) instead of opening a public issue.**
- type: markdown
-  attributes:
-    value: |
-      - Please speak English, as this is the language all maintainers can speak and write.
-      - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way.
-      - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
-      - Please make sure you are using the latest release of Forgejo and take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137).
-      - Please give all relevant information below for bug reports, as incomplete details may result in the issue not being considered.
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below).
-  validations:
-    required: true
- type: input
-  id: forgejo-ver
-  attributes:
-    label: Forgejo Version
-    description: Forgejo version (or commit reference) of your instance
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on Forgejo Next?
-    description: |
-      Please try reproducing your issue at [Forgejo Next](https://next.forgejo.org).
-      If you can reproduce it, please provide a URL in the Description field.
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: textarea
-  id: logs
-  attributes:
-    label: Logs
-    description: |
-      It's really important to provide pertinent logs. You must give us `DEBUG` level logs.
-      Please read https://forgejo.org/docs/latest/admin/logging-documentation/.
-      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of `app.ini`.
-
-      Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden.
-      You can wrap your logs in `<details>...</details>` tags so it doesn't take up too much space in the issue.
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If this issue involves the Web Interface, please provide one or more screenshots
- type: input
-  id: git-ver
-  attributes:
-    label: Git Version
-    description: The version of git running on the server
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to run Forgejo
- type: textarea
-  id: run-info
-  attributes:
-    label: How are you running Forgejo?
-    description: |
-      Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
-      Please also tell us how you are running Forgejo, e.g. if it is being run from docker, a command-line, systemd etc.
-      If you are using a package or systemd tell us what distribution you are using.
-  validations:
-    required: true
- type: dropdown
-  id: database
-  attributes:
-    label: Database
-    description: What database system are you running?
-    options:
-    - SQLite
-    - PostgreSQL
-    - MySQL
-    - MSSQL
--- a/.gitea/issue_template/config.yml
+++ b/.gitea/issue_template/config.yml
@ -1,17 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: 🔓 Security Reports
-    url: mailto:security@forgejo.org
-    about: "Please email <security@forgejo.org> (GPG: `A4676E79`) instead of opening a public issue."
-  - name: 💬 Matrix Chat Room
-    url: https://matrix.to/#/#forgejo-chat:matrix.org
-    about: Please ask questions and discuss configuration or deployment problems here.
-  - name: 💬 Matrix Space
-    url: https://matrix.to/#/#forgejo:matrix.org
-    about: A collection of Matrix rooms relating to Forgejo in addition to the main chat room.
-  - name: 📚 Documentation
-    url: https://forgejo.org/docs/latest/
-    about: Documentation about Forgejo.
-  - name: ❓ Frequently Asked Questions
-    url: https://forgejo.org/faq/
-    about: Please check if your question is mentioned here.
--- a/.gitea/issue_template/feature-request.yaml
+++ b/.gitea/issue_template/feature-request.yaml
@ -1,31 +0,0 @@
-name: 💡 Feature Request
-description: Got an idea for a feature that Forgejo doesn't have yet? Suggest it here!
-title: "[FEAT] "
-labels: ["enhancement/feature"]
-body:
- type: markdown
-  attributes:
-    value: |
-      - Please speak English, as this is the language all maintainers can speak and write.
-      - Be as clear and concise as possible. A very verbose request is harder to interpret in a concrete way.
-      - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
-      - Please make sure you are using the latest release of Forgejo and take a moment to [check that your feature hasn't already been suggested](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78139).
- type: textarea
-  id: needs-benefits
-  attributes:
-    label: Needs and benefits
-    description: As concisely as possible, describe the benefits your feture request will provide or the problems it will try to solve.
-  validations:
-    required: true
- type: textarea
-  id: description
-  attributes:
-    label: Feature Description
-    description: As concisely as possible, describe the feature you would like to see added or the changes you would like to see made to Forgejo.
-  validations:
-    required: true
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If you can, provide screenshots of an implementation on another site, e.g. GitHub.
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@ -1,5 +0,0 @@
-self-hosted-runner:
-  labels:
-    - actuated-4cpu-8gb
-    - actuated-4cpu-16gb
-    - nscloud
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@ -1,36 +0,0 @@
-modifies/docs:
-  - "**/*.md"
-  - "docs/**"
-
-modifies/frontend:
-  - "web_src/**/*"
-
-modifies/templates:
-  - all: ["templates/**", "!templates/swagger/v1_json.tmpl"]
-
-modifies/api:
-  - "routers/api/**"
-  - "templates/swagger/v1_json.tmpl"
-
-modifies/cli:
-  - "cmd/**"
-
-modifies/translation:
-  - "options/locale/*.ini"
-
-modifies/migrations:
-  - "models/migrations/**/*"
-
-modifies/internal:
-  - "Makefile"
-  - "Dockerfile"
-  - "Dockerfile.rootless"
-  - "docker/**"
-  - "webpack.config.js"
-  - ".eslintrc.yaml"
-  - ".golangci.yml"
-  - ".markdownlint.yaml"
-  - ".spectral.yaml"
-  - ".stylelintrc.yaml"
-  - ".yamllint.yaml"
-  - ".github/**"
--- a/.github/workflows/disk-clean.yml
+++ b/.github/workflows/disk-clean.yml
@ -1,36 +0,0 @@
-name: disk-clean
-
-on:
-  workflow_call:
-
-jobs:
-  triage:
-    runs-on: ubuntu-latest
-    steps:
-      # FIXME: https://github.com/jlumbroso/free-disk-space/issues/17
-      - name: same as 'large-packages' but without 'google-cloud-sdk'
-        shell: bash
-        run: |
-          sudo apt-get remove -y '^dotnet-.*'
-          sudo apt-get remove -y '^llvm-.*'
-          sudo apt-get remove -y 'php.*'
-          sudo apt-get remove -y '^mongodb-.*'
-          sudo apt-get remove -y '^mysql-.*'
-          sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri
-          sudo apt-get autoremove -y
-          sudo apt-get clean
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
-        with:
-          # this might remove tools that are actually needed,
-          # if set to "true" but frees about 6 GB
-          tool-cache: false
-
-          # all of these default to true, but feel free to set to
-          # "false" if necessary for your workflow
-          android: true
-          dotnet: true
-          haskell: true
-          large-packages: false
-          docker-images: false
-          swap-storage: true
--- a/.github/workflows/files-changed.yml
+++ b/.github/workflows/files-changed.yml
@ -1,97 +0,0 @@
-name: files-changed
-
-on:
-  workflow_call:
-    outputs:
-      backend:
-        value: ${{ jobs.detect.outputs.backend }}
-      frontend:
-        value: ${{ jobs.detect.outputs.frontend }}
-      docs:
-        value: ${{ jobs.detect.outputs.docs }}
-      actions:
-        value: ${{ jobs.detect.outputs.actions }}
-      templates:
-        value: ${{ jobs.detect.outputs.templates }}
-      docker:
-        value: ${{ jobs.detect.outputs.docker }}
-      swagger:
-        value: ${{ jobs.detect.outputs.swagger }}
-      yaml:
-        value: ${{ jobs.detect.outputs.yaml }}
-
-jobs:
-  detect:
-    runs-on: ubuntu-latest
-    timeout-minutes: 3
-    outputs:
-      backend: ${{ steps.changes.outputs.backend }}
-      frontend: ${{ steps.changes.outputs.frontend }}
-      docs: ${{ steps.changes.outputs.docs }}
-      actions: ${{ steps.changes.outputs.actions }}
-      templates: ${{ steps.changes.outputs.templates }}
-      docker: ${{ steps.changes.outputs.docker }}
-      swagger: ${{ steps.changes.outputs.swagger }}
-      yaml: ${{ steps.changes.outputs.yaml }}
-    steps:
-      - uses: actions/checkout@v4
-      - uses: dorny/paths-filter@v2
-        id: changes
-        with:
-          filters: |
-            backend:
-              - "**/*.go"
-              - "templates/**/*.tmpl"
-              - "assets/emoji.json"
-              - "go.mod"
-              - "go.sum"
-              - "Makefile"
-              - ".golangci.yml"
-              - ".editorconfig"
-
-            frontend:
-              - "**/*.js"
-              - "web_src/**"
-              - "assets/emoji.json"
-              - "package.json"
-              - "package-lock.json"
-              - "Makefile"
-              - ".eslintrc.yaml"
-              - ".stylelintrc.yaml"
-              - ".npmrc"
-
-            docs:
-              - "**/*.md"
-              - "docs/**"
-              - ".markdownlint.yaml"
-              - "package.json"
-              - "package-lock.json"
-
-            actions:
-              - ".github/workflows/*"
-              - "Makefile"
-
-            templates:
-              - "templates/**/*.tmpl"
-              - "pyproject.toml"
-              - "poetry.lock"
-
-            docker:
-              - "Dockerfile"
-              - "Dockerfile.rootless"
-              - "docker/**"
-              - "Makefile"
-
-            swagger:
-              - "templates/swagger/v1_json.tmpl"
-              - "Makefile"
-              - "package.json"
-              - "package-lock.json"
-              - ".spectral.yaml"
-
-            yaml:
-              - "**/*.yml"
-              - "**/*.yaml"
-              - ".yamllint.yaml"
-              - "pyproject.toml"
-              - "poetry.lock"
--- a/.github/workflows/pull-labeler.yml
+++ b/.github/workflows/pull-labeler.yml
@ -1,21 +0,0 @@
-name: labeler
-
-on:
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  label:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - uses: actions/labeler@v4
-        with:
-          dot: true
-          sync-labels: true
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@ -1,132 +0,0 @@
-name: release-nightly
-
-on:
-  push:
-    branches: [ main, release/v* ]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  nightly-binary:
-    runs-on: nscloud
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend deps-backend
-      # xgo build
-      - run: make release
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-      - name: import gpg key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      - name: sign binaries
-        run: |
-          for f in dist/release/*; do
-            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
-          done
-      # clean branch name to get the folder name in S3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "Cleaned name is ${REF_NAME}"
-          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
-      - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      - name: upload binaries to s3
-        run: |
-          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
-  nightly-docker-rootful:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          # if main then say nightly otherwise cleanup name
-          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            echo "branch=nightly" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: fetch go modules
-        run: make vendor
-      - name: build rootful docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}
-  nightly-docker-rootless:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          # if main then say nightly otherwise cleanup name
-          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            echo "branch=nightly" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: fetch go modules
-        run: make vendor
-      - name: build rootless docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          file: Dockerfile.rootless
-          tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@ -1,132 +0,0 @@
-name: release-tag-rc
-
-on:
-  push:
-    tags:
-      - 'v1*-rc*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-jobs:
-  binary:
-    runs-on: nscloud
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend deps-backend
-      # xgo build
-      - run: make release
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-      - name: import gpg key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      - name: sign binaries
-        run: |
-          for f in dist/release/*; do
-            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
-          done
-      # clean branch name to get the folder name in S3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//')
-          echo "Cleaned name is ${REF_NAME}"
-          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
-      - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      - name: upload binaries to s3
-        run: |
-          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
-      - name: Install GH CLI
-        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
-        with:
-          gh-cli-version: 2.39.1
-      - name: create github release
-        run: |
-          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/*
-        env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-  docker-rootful:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          flavor: |
-            latest=false
-          # 1.2.3-rc0
-          tags: |
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootful docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-  docker-rootless:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          # each tag below will have the suffix of -rootless
-          flavor: |
-            latest=false
-            suffix=-rootless
-          # 1.2.3-rc0
-          tags: |
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootless docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          file: Dockerfile.rootless
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@ -1,143 +0,0 @@
-name: release-tag-version
-
-on:
-  push:
-    tags:
-      - 'v1.*'
-      - '!v1*-rc*'
-      - '!v1*-dev'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-jobs:
-  binary:
-    runs-on: nscloud
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend deps-backend
-      # xgo build
-      - run: make release
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-      - name: import gpg key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      - name: sign binaries
-        run: |
-          for f in dist/release/*; do
-            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
-          done
-      # clean branch name to get the folder name in S3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//')
-          echo "Cleaned name is ${REF_NAME}"
-          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
-      - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      - name: upload binaries to s3
-        run: |
-          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
-      - name: Install GH CLI
-        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
-        with:
-          gh-cli-version: 2.39.1
-      - name: create github release
-        run: |
-          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --notes-from-tag dist/release/*
-        env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-  docker-rootful:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          # this will generate tags in the following format:
-          # latest
-          # 1
-          # 1.2
-          # 1.2.3
-          tags: |
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootful docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-  docker-rootless:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          # each tag below will have the suffix of -rootless
-          flavor: |
-            suffix=-rootless,onlatest=true
-          # this will generate tags in the following format (with -rootless suffix added):
-          # latest
-          # 1
-          # 1.2
-          # 1.2.3
-          tags: |
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootless docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          file: Dockerfile.rootless
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
--- a/.gitignore
+++ b/.gitignore
@ -19,6 +19,10 @@ _test
 .vscode
 __debug_bin

+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
 *.cgo1.go
 *.cgo2.c
 _cgo_defun.c
@ -46,7 +50,6 @@ cpu.out

 *.db
 *.log
-*.log.*.gz

 /gitea
 /gitea-vet
@ -56,6 +59,8 @@ cpu.out
 /bin
 /dist
 /custom/*
+!/custom/conf
+/custom/conf/*
 !/custom/conf/app.example.ini
 /data
 /indexers
@ -69,17 +74,15 @@ cpu.out
 /tests/e2e/test-artifacts
 /tests/e2e/test-snapshots
 /tests/*.ini
-/tests/**/*.git/**/*.sample
 /node_modules
-/.venv
 /yarn.lock
 /yarn-error.log
 /npm-debug.log*
-/public/assets/js
-/public/assets/css
-/public/assets/fonts
-/public/assets/licenses.txt
-/public/assets/img/webpack
+/public/js
+/public/serviceworker.js
+/public/css
+/public/fonts
+/public/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
@ -98,7 +101,6 @@ cpu.out
 /.go-licenses

 # Snapcraft
-/gitea_a*.txt
 snap/.snapcraft/
 parts/
 stage/
--- a/.gitpod.yml
+++ b/.gitpod.yml
@ -10,12 +10,9 @@ tasks:
  - name: Run backend
    command: |
      gp sync-await setup
-      if [ ! -f custom/conf/app.ini ]
-      then
-        mkdir -p custom/conf/
-        echo -e "[server]\nROOT_URL=$(gp url 3000)/" > custom/conf/app.ini
-        echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
-      fi
+      mkdir -p custom/conf/
+      echo -e "[server]\nROOT_URL=$(gp url 3000)/" > custom/conf/app.ini
+      echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
      export TAGS="sqlite sqlite_unlock_notify"
      make watch-backend
  - name: Run frontend
@ -23,6 +20,10 @@ tasks:
      gp sync-await setup
      make watch-frontend
    openMode: split-right
+  - name: Run docs
+    before: sudo bash -c "$(grep 'https://github.com/gohugoio/hugo/releases/download' Makefile | tr -d '\')" # install hugo
+    command: cd docs && make clean update && hugo server -D -F --baseUrl $(gp url 1313) --liveReloadPort=443 --appendPort=false --bind=0.0.0.0
+    openMode: split-right

 vscode:
  extensions:
@ -31,12 +32,13 @@ vscode:
    - golang.go
    - stylelint.vscode-stylelint
    - DavidAnson.vscode-markdownlint
-    - Vue.volar
+    - johnsoncodehk.volar
    - ms-azuretools.vscode-docker
    - zixuanchen.vitest-explorer
-    - qwtel.sqlite-viewer
-    - GitHub.vscode-pull-request-github
+    - alexcvzz.vscode-sqlite

 ports:
  - name: Gitea
    port: 3000
+  - name: Docs
+    port: 1313
--- a/.golangci.yml
+++ b/.golangci.yml
@ -5,7 +5,6 @@ linters:
    - depguard
    - dupl
    - errcheck
-    - forbidigo
    - gocritic
    # - gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
@ -23,13 +22,13 @@ linters:
    - unconvert
    - unused
    # - varcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    - wastedassign
+    # - wastedassign # disabled - https://github.com/golangci/golangci-lint/issues/2649
  enable-all: false
  disable-all: true
  fast: false

 run:
-  go: "1.21"
+  go: "1.20"
  timeout: 10m
  skip-dirs:
    - node_modules
@ -75,23 +74,17 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.21"
+    lang-version: "1.20"
  depguard:
-    rules:
-      main:
-        deny:
-          - pkg: encoding/json
-            desc: use gitea's modules/json instead of encoding/json
-          - pkg: github.com/unknwon/com
-            desc: use gitea's util and replacements
-          - pkg: io/ioutil
-            desc: use os or io instead
-          - pkg: golang.org/x/exp
-            desc: it's experimental and unreliable
-          - pkg: code.gitea.io/gitea/modules/git/internal
-            desc: do not use the internal package, use AddXxx function instead
-          - pkg: gopkg.in/ini.v1
-            desc: do not use the ini package, use gitea's config system instead
+    list-type: denylist
+    # Check the list against standard lib.
+    include-go-root: true
+    packages-with-error-message:
+      - encoding/json: "use gitea's modules/json instead of encoding/json"
+      - github.com/unknwon/com: "use gitea's util and replacements"
+      - io/ioutil: "use os or io instead"
+      - golang.org/x/exp: "it's experimental and unreliable."
+      - code.gitea.io/gitea/modules/git/internal: "do not use the internal package, use AddXxx function instead"

 issues:
  max-issues-per-linter: 0
@ -112,25 +105,73 @@ issues:
        - errcheck
        - dupl
        - gosec
-    - path: cmd
-      linters:
-        - forbidigo
    - linters:
        - dupl
      text: "webhook"
    - linters:
        - gocritic
      text: "`ID' should not be capitalized"
+    - path: modules/templates/helper.go
+      linters:
+        - gocritic
    - linters:
        - unused
        - deadcode
      text: "swagger"
+    - path: contrib/pr/checkout.go
+      linters:
+        - errcheck
+    - path: models/issue.go
+      linters:
+        - errcheck
+    - path: models/migrations/
+      linters:
+        - errcheck
+    - path: modules/log/
+      linters:
+        - errcheck
+    - path: routers/api/v1/repo/issue_subscription.go
+      linters:
+        - dupl
+    - path: routers/repo/view.go
+      linters:
+        - dupl
+    - path: models/migrations/
+      linters:
+        - unused
    - linters:
        - staticcheck
      text: "argument x is overwritten before first use"
+    - path: modules/httplib/httplib.go
+      linters:
+        - staticcheck
+    # Enabling this would require refactoring the methods and how they are called.
+    - path: models/issue_comment_list.go
+      linters:
+        - dupl
+    - path: models/update.go
+      linters:
+        - unused
+    - path: cmd/dump.go
+      linters:
+        - dupl
+    - path: services/webhook/webhook.go
+      linters:
+        - structcheck
    - text: "commentFormatting: put a space between `//` and comment text"
      linters:
        - gocritic
    - text: "exitAfterDefer:"
      linters:
        - gocritic
+    - path: modules/graceful/manager_windows.go
+      linters:
+        - staticcheck
+      text: "svc.IsAnInteractiveSession is deprecated: Use IsWindowsService instead."
+    - path: models/user/openid.go
+      linters:
+        - golint
+    - path: models/user/badge.go
+      linters:
+        - revive
+      text: "exported: type name will be used as user.UserBadge by other packages, and that stutters; consider calling this Badge"
--- a/.ignore
+++ b/.ignore
@ -1,9 +1,8 @@
 *.min.css
 *.min.js
-/assets/*.json
 /modules/options/bindata.go
 /modules/public/bindata.go
 /modules/templates/bindata.go
+/public/vendor/plugins
 /vendor
-/public/assets
 node_modules
--- a/.lgtm
+++ b/.lgtm
@ -0,0 +1,3 @@
+pattern = "(?)LGTM"
+self_approval_off = true
+ignore_maintainers_file = true
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@ -6,6 +6,7 @@ line-length: {code_blocks: false, tables: false, stern: true, line_length: -1}
 no-alt-text: false
 no-bare-urls: false
 no-blanks-blockquote: false
+no-duplicate-header: {allow_different_nesting: true}
 no-emphasis-as-header: false
 no-empty-links: false
 no-hard-tabs: {code_blocks: false}
--- a/.npmrc
+++ b/.npmrc
@ -3,4 +3,3 @@ fund=false
 update-notifier=false
 package-lock=true
 save-exact=true
-lockfile-version=3
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@ -1,20 +1,16 @@
 plugins:
  - stylelint-declaration-strict-value
-  - stylelint-declaration-block-no-ignored-properties
-  - stylelint-stylistic

 ignoreFiles:
  - "**/*.go"

 overrides:
-  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console.css", "font_i18n.css"]
+  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console/*"]
    rules:
      scale-unlimited/declaration-strict-value: null
  - files: ["**/chroma/*", "**/codemirror/*"]
    rules:
      block-no-empty: null
-  - files: ["**/*.vue"]
-    customSyntax: postcss-html

 rules:
  alpha-value-notation: null
@ -50,7 +46,7 @@ rules:
  declaration-no-important: null
  declaration-property-max-values: null
  declaration-property-unit-allowed-list: null
-  declaration-property-unit-disallowed-list: {line-height: [em]}
+  declaration-property-unit-disallowed-list: null
  declaration-property-value-allowed-list: null
  declaration-property-value-disallowed-list: null
  declaration-property-value-no-unknown: true
@ -82,9 +78,7 @@ rules:
  media-feature-name-no-vendor-prefix: true
  media-feature-name-unit-allowed-list: null
  media-feature-name-value-allowed-list: null
-  media-feature-name-value-no-unknown: true
  media-feature-range-notation: null
-  media-query-no-invalid: true
  named-grid-areas-no-invalid: true
  no-descending-specificity: null
  no-duplicate-at-import-rules: true
@ -94,16 +88,14 @@ rules:
  no-invalid-position-at-import-rule: null
  no-irregular-whitespace: true
  no-unknown-animations: null
-  no-unknown-custom-properties: null
  number-max-precision: null
-  plugin/declaration-block-no-ignored-properties: true
  property-allowed-list: null
  property-disallowed-list: null
  property-no-unknown: true
  property-no-vendor-prefix: null
  rule-empty-line-before: null
  rule-selector-property-disallowed-list: null
-  scale-unlimited/declaration-strict-value: [[color, background-color, border-color, font-weight], {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor|none)$/, ignoreFunctions: false, disableFix: true}]
+  scale-unlimited/declaration-strict-value: [color, {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor)$/}]
  selector-attribute-name-disallowed-list: null
  selector-attribute-operator-allowed-list: null
  selector-attribute-operator-disallowed-list: null
@ -137,82 +129,6 @@ rules:
  selector-type-no-unknown: [true, {ignore: [custom-elements]}]
  shorthand-property-no-redundant-values: true
  string-no-newline: true
-  stylistic/at-rule-name-case: null
-  stylistic/at-rule-name-newline-after: null
-  stylistic/at-rule-name-space-after: null
-  stylistic/at-rule-semicolon-newline-after: null
-  stylistic/at-rule-semicolon-space-before: null
-  stylistic/block-closing-brace-empty-line-before: null
-  stylistic/block-closing-brace-newline-after: null
-  stylistic/block-closing-brace-newline-before: null
-  stylistic/block-closing-brace-space-after: null
-  stylistic/block-closing-brace-space-before: null
-  stylistic/block-opening-brace-newline-after: null
-  stylistic/block-opening-brace-newline-before: null
-  stylistic/block-opening-brace-space-after: null
-  stylistic/block-opening-brace-space-before: null
-  stylistic/color-hex-case: lower
-  stylistic/declaration-bang-space-after: never
-  stylistic/declaration-bang-space-before: null
-  stylistic/declaration-block-semicolon-newline-after: null
-  stylistic/declaration-block-semicolon-newline-before: null
-  stylistic/declaration-block-semicolon-space-after: null
-  stylistic/declaration-block-semicolon-space-before: never
-  stylistic/declaration-block-trailing-semicolon: null
-  stylistic/declaration-colon-newline-after: null
-  stylistic/declaration-colon-space-after: null
-  stylistic/declaration-colon-space-before: never
-  stylistic/function-comma-newline-after: null
-  stylistic/function-comma-newline-before: null
-  stylistic/function-comma-space-after: null
-  stylistic/function-comma-space-before: null
-  stylistic/function-max-empty-lines: 0
-  stylistic/function-parentheses-newline-inside: never-multi-line
-  stylistic/function-parentheses-space-inside: null
-  stylistic/function-whitespace-after: null
-  stylistic/indentation: 2
-  stylistic/linebreaks: null
-  stylistic/max-empty-lines: 1
-  stylistic/max-line-length: null
-  stylistic/media-feature-colon-space-after: null
-  stylistic/media-feature-colon-space-before: never
-  stylistic/media-feature-name-case: null
-  stylistic/media-feature-parentheses-space-inside: null
-  stylistic/media-feature-range-operator-space-after: always
-  stylistic/media-feature-range-operator-space-before: always
-  stylistic/media-query-list-comma-newline-after: null
-  stylistic/media-query-list-comma-newline-before: null
-  stylistic/media-query-list-comma-space-after: null
-  stylistic/media-query-list-comma-space-before: null
-  stylistic/no-empty-first-line: null
-  stylistic/no-eol-whitespace: true
-  stylistic/no-extra-semicolons: true
-  stylistic/no-missing-end-of-source-newline: null
-  stylistic/number-leading-zero: null
-  stylistic/number-no-trailing-zeros: null
-  stylistic/property-case: lower
-  stylistic/selector-attribute-brackets-space-inside: null
-  stylistic/selector-attribute-operator-space-after: null
-  stylistic/selector-attribute-operator-space-before: null
-  stylistic/selector-combinator-space-after: null
-  stylistic/selector-combinator-space-before: null
-  stylistic/selector-descendant-combinator-no-non-space: null
-  stylistic/selector-list-comma-newline-after: null
-  stylistic/selector-list-comma-newline-before: null
-  stylistic/selector-list-comma-space-after: always-single-line
-  stylistic/selector-list-comma-space-before: never-single-line
-  stylistic/selector-max-empty-lines: 0
-  stylistic/selector-pseudo-class-case: lower
-  stylistic/selector-pseudo-class-parentheses-space-inside: never
-  stylistic/selector-pseudo-element-case: lower
-  stylistic/string-quotes: double
-  stylistic/unicode-bom: null
-  stylistic/unit-case: lower
-  stylistic/value-list-comma-newline-after: null
-  stylistic/value-list-comma-newline-before: null
-  stylistic/value-list-comma-space-after: null
-  stylistic/value-list-comma-space-before: null
-  stylistic/value-list-max-empty-lines: 0
  time-min-milliseconds: null
  unit-allowed-list: null
  unit-disallowed-list: null
--- a/.woodpecker/compliance.yml
+++ b/.woodpecker/compliance.yml
@ -0,0 +1,75 @@
+platform: linux/amd64
+
+when:
+  event: [ push, pull_request, manual ]
+  branch:
+    exclude: [ soft-fork/*/*, soft-fork/*/*/* ]
+
+variables:
+ - &golang_image 'golang:1.20'
+ - &test_image 'codeberg.org/forgejo/test_env:1.19'
+ - &goproxy_override ''
+ - &goproxy_setup |-
+      if [ -n "$${GOPROXY_OVERRIDE:-}" ]; then
+        export GOPROXY="$${GOPROXY_OVERRIDE}";
+        echo "Using goproxy from goproxy_override \"$${GOPROXY}\"";
+      elif [ -n "$${GOPROXY_DEFAULT:-}" ]; then
+        export GOPROXY="$${GOPROXY_DEFAULT}";
+        echo "Using goproxy from goproxy_default (secret) not displaying";
+      else
+        export GOPROXY="https://proxy.golang.org,direct";
+        echo "No goproxy overrides or defaults given, using \"$${GOPROXY}\"";
+      fi
+
+workspace:
+  base: /go
+  path: src/codeberg/gitea
+
+pipeline:
+  deps-backend:
+    image: *golang_image
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make deps-backend
+
+  security-check:
+    image: *golang_image
+    group: checks
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make security-check
+
+  lint-backend:
+    image: *test_image
+    pull: true
+    group: checks
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+      TAGS: 'bindata sqlite sqlite_unlock_notify'
+      GOSUMDB: 'sum.golang.org'
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make lint-backend
+
+  checks-backend:
+    image: *test_image
+    group: checks
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make --always-make checks-backend
--- a/.woodpecker/testing-amd64.yml
+++ b/.woodpecker/testing-amd64.yml
@ -0,0 +1,149 @@
+platform: linux/amd64
+
+when:
+  event: [ push, pull_request, manual ]
+  branch:
+    exclude: [ soft-fork/*/*, soft-fork/*/*/* ]
+
+depends_on:
+- compliance
+
+variables:
+ - &golang_image 'golang:1.20'
+ - &test_image 'codeberg.org/forgejo/test_env:1.19'
+ - &mysql_image 'mysql:8'
+ - &pgsql_image 'postgres:10'
+ - &goproxy_override ''
+ - &goproxy_setup |-
+      if [ -n "$${GOPROXY_OVERRIDE:-}" ]; then
+        export GOPROXY="$${GOPROXY_OVERRIDE}";
+        echo "Using goproxy from goproxy_override \"$${GOPROXY}\"";
+      elif [ -n "$${GOPROXY_DEFAULT:-}" ]; then
+        export GOPROXY="$${GOPROXY_DEFAULT}";
+        echo "Using goproxy from goproxy_default (secret) not displaying";
+      else
+        export GOPROXY="https://proxy.golang.org,direct";
+        echo "No goproxy overrides or defaults given, using \"$${GOPROXY}\"";
+      fi
+
+services:
+  mysql8:
+    image: *mysql_image
+    pull: true
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: yes
+      MYSQL_DATABASE: testgitea
+
+  pgsql:
+    image: *pgsql_image
+    pull: true
+    environment:
+      POSTGRES_DB: test
+      POSTGRES_PASSWORD: postgres
+
+workspace:
+  base: /go
+  path: src/codeberg/gitea
+
+pipeline:
+  git-safe:
+    image: *golang_image
+    pull: true
+    commands:
+    - git config --add safe.directory '*'
+
+  deps-backend:
+    image: *golang_image
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make deps-backend
+
+  tag-pre-condition:
+    image: *golang_image
+    pull: true
+    commands:
+    - git update-ref refs/heads/tag_test ${CI_COMMIT_SHA}
+
+  prepare-test-env:
+    image: *test_image
+    pull: true
+    commands:
+    - ./build/test-env-prepare.sh
+
+  environment-to-ini:
+    image: *golang_image
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    commands:
+      - *goproxy_setup
+      - go test contrib/environment-to-ini/environment-to-ini.go contrib/environment-to-ini/environment-to-ini_test.go
+
+  build:
+    image: *test_image
+    environment:
+      GOSUMDB: sum.golang.org
+      TAGS: bindata sqlite sqlite_unlock_notify
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - su gitea -c './build/test-env-check.sh'
+    - su gitea -c 'make backend'
+
+  unit-test:
+    image: *test_image
+    environment:
+      TAGS: 'bindata sqlite sqlite_unlock_notify'
+      RACE_ENABLED: 'true'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+    - github_read_token
+    - goproxy_default
+    commands:
+    - *goproxy_setup
+    - su gitea -c 'make unit-test-coverage test-check'
+
+  test-mysql8:
+    group: integration
+    image: *test_image
+    commands:
+      - *goproxy_setup
+      - su gitea -c 'timeout -s ABRT 50m make test-mysql8-migration test-mysql8'
+    environment:
+      TAGS: 'bindata'
+      RACE_ENABLED: 'true'
+      USE_REPO_TEST_DIR: '1'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+
+  test-pgsql:
+    group: integration
+    image: *test_image
+    commands:
+      - *goproxy_setup
+      - su gitea -c 'timeout -s ABRT 50m make test-pgsql-migration test-pgsql'
+    environment:
+      TAGS: 'bindata'
+      RACE_ENABLED: 'true'
+      USE_REPO_TEST_DIR: '1'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+
+  test-sqlite:
+    group: integration
+    image: *test_image
+    environment:
+    - USE_REPO_TEST_DIR=1
+    - GOPROXY=off
+    - TAGS=bindata gogit sqlite sqlite_unlock_notify
+    - TEST_TAGS=bindata gogit sqlite sqlite_unlock_notify
+    commands:
+    - su gitea -c 'timeout -s ABRT 120m make test-sqlite-migration test-sqlite'
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@ -1,44 +0,0 @@
-extends: default
-
-rules:
-  braces:
-    min-spaces-inside: 0
-    max-spaces-inside: 1
-    min-spaces-inside-empty: 0
-    max-spaces-inside-empty: 0
-
-  brackets:
-    min-spaces-inside: 0
-    max-spaces-inside: 1
-    min-spaces-inside-empty: 0
-    max-spaces-inside-empty: 0
-
-  comments:
-    require-starting-space: true
-    ignore-shebangs: true
-    min-spaces-from-content: 1
-
-  comments-indentation:
-    level: error
-
-  document-start:
-    level: error
-    present: false
-
-  document-end:
-    present: false
-
-  empty-lines:
-    max: 1
-
-  indentation:
-    spaces: 2
-
-  line-length: disable
-
-  truthy:
-    allowed-values: ["true", "false", "on", "off"]
-
-ignore: |
-  .venv
-  node_modules
--- a/33
+++ b/33
@ -1,7 +1,6 @@
 # GNU makefile proxy script for BSD make
-#
 # Written and maintained by Mahmoud Al-Qudsi <mqudsi@neosmart.net>
-# Copyright NeoSmart Technologies <https://neosmart.net/> 2014-2019
+# Copyright NeoSmart Technologies <https://neosmart.net/> 2014-2018
 # Obtain updates from <https://github.com/neosmart/gmake-proxy>
 #
 # Redistribution and use in source and binary forms, with or without
@ -27,32 +26,26 @@

 JARG =
 GMAKE = "gmake"
-# When gmake is called from another make instance, -w is automatically added
-# which causes extraneous messages about directory changes to be emitted.
-# Running with --no-print-directory silences these messages.
+#When gmake is called from another make instance, -w is automatically added
+#which causes extraneous messages about directory changes to be emitted.
+#--no-print-directory silences these messages.
 GARGS = "--no-print-directory"

 .if "$(.MAKE.JOBS)" != ""
-    JARG = -j$(.MAKE.JOBS)
+JARG = -j$(.MAKE.JOBS)
 .endif

-# bmake prefers out-of-source builds and tries to cd into ./obj (among others)
-# where possible. GNU Make doesn't, so override that value.
+#by default bmake will cd into ./obj first
 .OBJDIR: ./

-# The GNU convention is to use the lowercased `prefix` variable/macro to
-# specify the installation directory. Humor them.
-GPREFIX =
-.if defined(PREFIX) && ! defined(prefix)
-    GPREFIX = 'prefix = "$(PREFIX)"'
-.endif
-
-.BEGIN: .SILENT
-	which $(GMAKE) || (printf "Error: GNU Make is required!\n\n" 1>&2 && false)
-
 .PHONY: FRC
 $(.TARGETS): FRC
-	$(GMAKE) $(GPREFIX) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)

 .DONE .DEFAULT: .SILENT
-	$(GMAKE) $(GPREFIX) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+
+.ERROR: .SILENT
+	if ! which $(GMAKE) > /dev/null; then \
+		echo "GNU Make is required!"; \
+	fi
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/32
+++ b/32
@ -1,32 +0,0 @@
-# This file describes the expected reviewers for a PR based on the changed
-# files. Unlike what the name of the file suggests they don't own the code, but
-# merely have a good understanding of that area of the codebase and therefore
-# are usually suited as a reviewer.
-
-
-# Please mind the alphabetic order of reviewers.
-
-# Files related to the CI of the Forgejo project.
-.forgejo/.* @dachary @earl-warren
-
-# Files related to frontend development.
-
-# Javascript and CSS code.
-web_src/.* @caesar @crystal @gusted
-
-# HTML templates used by the backend.
-templates/.* @caesar @crystal @gusted
-
-# Files related to Go development.
-
-# The modules usually don't require much knowledge about Forgejo and could
-# be reviewed by Go developers.
-modules/.* @dachary @earl-warren @gusted
-
-# Models has code related to SQL queries, general database knowledge and XORM.
-models/.* @dachary @earl-warren @gusted
-
-# The routers directory contains the most amount code that requires a good grasp
-# of how Forgejo comes together. It's tedious to write good integration testing
-# for code that lives in here.
-routers/.* @dachary @earl-warren @gusted
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -6,19 +6,18 @@ Sensitive security-related issues should be reported to [security@forgejo.org](m

 ## For everyone involved

- [Documentation](https://forgejo.org/docs/next/)
- [Code of Conduct](https://forgejo.org/docs/latest/developer/coc/)
- [Bugs, features, security and others discussions](https://forgejo.org/docs/latest/developer/discussions/)
- [Governance](https://forgejo.org/docs/latest/developer/governance/)
- [Sustainability and funding](https://codeberg.org/forgejo/sustainability/src/branch/main/README.md)
+- [Code of Conduct](CONTRIBUTING/COC.md)
+- [Bugs, features, security and others discussions](CONTRIBUTING/DISCUSSIONS.md)
+- [Governance](CONTRIBUTING/GOVERNANCE.md)
+- [Sustainability and funding](https://codeberg.org/forgejo/sustainability/src/branch/master/README.md)

 ## For contributors

- [Developer Certificate of Origin (DCO)](https://forgejo.org/docs/latest/developer/dco/)
- [Development workflow](https://forgejo.org/docs/latest/developer/workflow/)
- [Compiling from source](https://forgejo.org/docs/latest/developer/from-source/)
+- [Developer Certificate of Origin (DCO)](CONTRIBUTING/DCO.md)
+- [Development workflow](CONTRIBUTING/WORKFLOW.md)

 ## For maintainers

- [Release management](https://forgejo.org/docs/latest/developer/release/)
- [Secrets](https://forgejo.org/docs/latest/developer/secrets/)
+- [Release management](CONTRIBUTING/RELEASE.md)
+- [Secrets](CONTRIBUTING/SECRETS.md)
+
--- a/CONTRIBUTING/COC.md
+++ b/CONTRIBUTING/COC.md
@ -0,0 +1,30 @@
+# Code of Conduct, Well Being and Moderation teams
+
+Forgejo strives to be an inclusive project where everyone can participate in a safe environment. The **Well Being** team is doing its best to defuse tensions before they escalate and is available to answer all requests sent its way. When diplomacy fails, the **Moderation** team will be forced to act to put a stop to actions that are contrary to the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+
+## Well Being and Moderation teams
+
+Temporary Well Being and Moderation teams [were appointed 10 November 2022](https://codeberg.org/forgejo/meta/issues/13).
+
+The moderation team will rely on this [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
+
+### Well Being
+
+Their goal is to defuse tensions.
+
+It has no power whatsover. The members are approved by the organization and trusted to:
+
+- Read all communications to detect tensions between people before they escalate.
+- Do their best to defuse tensions.
+
+* https://codeberg.org/Gusted
+
+### Moderation
+
+Their goal is to enforce the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
+
+It has the power to exclude people from a space.
+
+Their decisions must be logical, fact based and transparent to the Forgejo community who trust them with this responsibility.
+
+* https://codeberg.org/circlebuilder
--- a/CONTRIBUTING/DCO.md
+++ b/CONTRIBUTING/DCO.md
@ -0,0 +1,29 @@
+# Developer Certificate of Origin (DCO)
+
+Contributions to Forgejo, in all the repositories in the [Forgejo organization](https://codeberg.org/forgejo) are accepted provided the author agrees to the following Developer Certificate of Origin (DCO).
+
+```
+By making a contribution to Forgejo, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the Free Software license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate Free Software
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same Free Software license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the Free Software license(s) involved.
+```
--- a/CONTRIBUTING/DISCUSSIONS.md
+++ b/CONTRIBUTING/DISCUSSIONS.md
@ -0,0 +1,18 @@
+# Bugs, features and discussions
+
+The [Forgejo issue tracker](https://codeberg.org/forgejo/forgejo/issues) is where **bugs** should be reported and **features** requested.
+
+Dedicated repositories in the [Forgejo organization](https://codeberg.org/forgejo) cover areas such as:
+- the [website](https://codeberg.org/forgejo/website)
+- the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct)
+- the [sustainability and funding](https://codeberg.org/forgejo/sustainability).
+
+Other discussions regarding all **non technical aspects** of Forgejo, such as the governance, happen in the [meta issue tracker](https://codeberg.org/forgejo/meta/issues) and in the [matrix chatroom](https://matrix.to/#/#forgejo-chat:matrix.org).
+
+# Security
+
+The [security team](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md#security) takes care of security vulnerabilities. It handles sensitive security-related issues reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).
+
+The security team also keeps the content of the [security.txt](https://codeberg.org/forgejo/website/src/branch/main/public/.well-known/security.txt) file up to date.
+
+The private GPG key for `security@forgejo.org` is shared among all members of the security team and not stored online.
--- a/CONTRIBUTING/GOVERNANCE.md
+++ b/CONTRIBUTING/GOVERNANCE.md
@ -0,0 +1,19 @@
+# Governance
+
+## Codeberg e.V. custodian of the domains
+
+The Forgejo [domains](https://codeberg.org/forgejo/meta/issues/41) are owned by the democratic non-profit dedicated to Free Software [Codeberg e.V.](https://codeberg.org/Codeberg/org/src/branch/main/en/bylaws.md). Forgejo is therefore ultimately under the control of Codeberg e.V. and its governance. However, although Codeberg e.V. is committed to use and host Forgejo, it is expected that Forgejo defines its own governance, in a way that is compatible with the Codeberg e.V. governance.
+
+## Forgejo Governance
+
+See our [decision-making system](https://codeberg.org/forgejo/meta/src/branch/readme/DECISION-MAKING.md) (contains team agreements and guidelines).
+
+Forgejo was bootstraped in November 2022 and is in the process of [defining its governance](https://codeberg.org/forgejo/meta/issues/19). The [first meeting happened November 24th](https://codeberg.org/forgejo/meta/issues/19#issuecomment-694460) and everyone is welcome to participate.
+
+## Interim Forgejo Governance
+
+While the governance is being defined, there was a need to establish an interim Forgejo governance for safeguarding credentials, enforcing the Code of Conduct and ensuring security vulnerabilities are handled responsibly for the Forgejo releases.
+
+All people with a role in the interim Forgejo governance pledge to resign as soon as the Forgejo governance is in place.
+
+The people and teams that are part of the interim governance are [listed publicly](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md).
--- a/CONTRIBUTING/RELEASE.md
+++ b/CONTRIBUTING/RELEASE.md
@ -0,0 +1,158 @@
+# Release management
+
+## Release numbering
+
+The Forgejo release numbers are composed of the Gitea release number followed by a dash and a serial number. For instance:
+
+* Gitea **v1.18.0** will be Forgejo **v1.18.0-0**, **v1.18.0-1**, etc
+
+The Gitea release candidates are suffixed with **-rcN** which is handled as a special case for packaging: although **X.Y.Z** is lexicographically lower than **X.Y.Z-rc1** is is considered greater. The Forgejo serial number must therefore be inserted before the **-rcN** suffix to preserve the expected version ordering.
+
+* Gitea **v1.18.0-rc0** will be Forgejo **v1.18.0-0-rc0**, **v1.18.0-1-rc0**
+* Gitea **v1.18.0-rc1** will be Forgejo **v1.18.0-2-rc1**, **v1.18.0-3-rc1**, **v1.18.0-4-rc1**
+* Gitea **v1.18.0** will be Forgejo **v1.18.0-5**, **v1.18.0-6**, **v1.18.0-7**
+* etc.
+
+Because Forgejo is a soft fork of Gitea, it must retain the same release numbering scheme to be compatible with libraries and tools that depend on it. For instance, the tea CLI or the Gitea SDK will behave differently depending on the server version they connect to. If Forgejo had a different numbering scheme, it would no longer be compatible with the Gitea ecosystem.
+
+From a [Semantic Versioning](https://semver.org/) standpoint, all Forgejo releases are [pre-releases](https://semver.org/#spec-item-9) because they are suffixed with a dash. They are syntactically correct but do not comply with the Semantic Versioning recommendations. Gitea is not compliant either and as long as Forgejo is a soft fork, it inherits this problem.
+
+## Release process
+
+When publishing the vX.Y.Z-N release, the following steps must be followed:
+
+### Semantic version
+
+* Update the FORGEJO_VERSION variable in the Makefile
+
+### Create a milestone and a check list
+
+* Create a `Forgejo vX.X.Z-N` milestone set to the date of the release
+* Create an issue named `[RELEASE] Forgejo vX.Y.Z-N` with a description that includes a list of what needs to be done for the release with links to follow the progress
+* Set the milestone of this issue to `Forgejo vX.X.Z-N`
+* Close the milestone when the release is complete
+
+### Cherry pick the latest commits from Gitea
+
+The vX.Y/forgejo branch is populated as part of the [rebase on top of Gitea](WORKFLOW.md). The release happens in between rebase and it is worth checking if the matching Gitea branch, release/vX.Y contains commits that should be included in the release.
+
+* `cherry-pick -x` the commits
+* push the vX.Y/forgejo branch including the commits
+* verify that the tests pass
+
+### Release Notes
+
+* Add an entry in RELEASE-NOTES.md
+* Copy/paste the matching entry from CHANGELOG.md
+* Update the PR references prefixing them with https://github.com/go-gitea/gitea/pull/
+
+### Testing
+
+When Forgejo is released, artefacts (packages, binaries, etc.) are first published by the CI/CD pipelines in the https://codeberg.org/forgejo-experimental organization, to be downloaded and verified to work.
+
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo-integration/forgejo
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo-integration (if it fails for whatever reason, the tag and the release can be removed manually)
+  * Binaries are built and uploaded to https://codeberg.org/forgejo/forgejo-integration/releases
+  * Container images are built and uploaded to https://codeberg.org/forgejo-integration/-/packages/container/forgejo/versions
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo-experimental/forgejo
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo/experimental
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo/experimental
+  * Binaries are downloaded from https://codeberg.org/forgejo-integration, signed and copied to https://codeberg.org/forgejo-experimental
+  * Container images are copied from https://codeberg.org/forgejo-integration to https://codeberg.org/forgejo-experimental
+* Fetch the Forgejo release as part of the [forgejo-ci](https://codeberg.org/Codeberg-Infrastructure/scripted-configuration/src/branch/main/hosts/forgejo-ci) test suite. Push the change to a branch of a repository enabled in https://ci.dachary.org/ ([read more...](https://codeberg.org/forgejo/forgejo/issues/208)). It will deploy the release and run high level integration tests.
+* Reach out to packagers and users to manually verify the release works as expected
+
+### Publication
+
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo/release
+  * Binaries are downloaded from https://codeberg.org/forgejo-integration, signed and copied to https://codeberg.org/forgejo
+  * Container images are copied from https://codeberg.org/forgejo-integration to https://codeberg.org/forgejo
+
+### Website update
+
+* Restart the last CI build at https://codeberg.org/forgejo/website/src/branch/main/
+* Verify https://forgejo.org/download/ points to the expected release
+* Update the [documentation link to the latest version](https://codeberg.org/forgejo/website/src/commit/e63c6f8ab64876b10b86de1d18162b6ccb87bd99/.woodpecker.yml#L35)
+* Manually try the instructions to work
+
+### DNS update
+
+* Update the `release.forgejo.org` TXT record that starts with `forgejo_versions=` to be `forgejo_versions=vX.Y.Z-N`
+
+### Standard toot
+
+The following toot can be re-used to announce a minor release at `https://floss.social/@forgejo`. For more significant releases it is best to consider a dedicated and non-standard toot.
+
+```
+#Forgejo vX.Y.Z-N was just released! This is a minor patch. Check out the release notes and download it at https://forgejo.org/releases/. If you experience any issues with this release, please report to https://codeberg.org/forgejo/forgejo/issues.
+```
+
+## Release signing keys management
+
+A GPG master key with no expiration date is created and shared with members of the Owners team via encrypted email. A subkey with a one year expiration date is created and stored in the secrets repository, to be used by the CI pipeline. The public master key is stored in the secrets repository and published where relevant.
+
+### Master key creation
+
+* gpg --expert --full-generate-key
+* key type: ECC and ECC option with Curve 25519 as curve
+* no expiration
+* id: Forgejo Releases <contact@forgejo.org>
+* gpg --export-secret-keys --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 and send via encrypted email to Owners
+* gpg --export --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 > release-team-gpg.pub
+* commit to the secret repository
+
+### Subkey creation and renewal
+
+* gpg --expert --edit-key EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
+* addkey
+* key type: ECC (signature only)
+* key validity: one year
+* create [an issue](https://codeberg.org/forgejo/forgejo/issues) to schedule the renewal
+
+#### 2023
+
+* gpg --export --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg.pub
+* gpg --export-secret-keys --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg
+* commit to the secrets repository
+* renewal issue https://codeberg.org/forgejo/forgejo/issues/58
+
+### CI configuration
+
+In the Woodpecker CI configuration the following secrets must be set:
+
+* `releaseteamgpg` is the secret GPG key used to sign the releases
+* `releaseteamuser` is the user name to authenticate with the Forgejo API and publish the releases
+* `releaseteamtoken` is the token to authenticate `releaseteamuser` with the Forgejo API and publish the releases
+* `domain` is `codeberg.org`
+
+## Users, organizations and repositories
+
+### Shared user: release-team
+
+The [release-team](https://codeberg.org/release-team) user publishes and signs all releases. The associated email is mailto:release@forgejo.org.
+
+The public GPG key used to sign the releases is [EB114F5E6C0DC2BCDD183550A4B61A2DC5923710](https://codeberg.org/release-team.gpg) `Forgejo Releases <release@forgejo.org>`
+
+### Shared user: forgejo-ci
+
+The [forgejo-ci](https://codeberg.org/forgejo-ci) user is dedicated to https://forgejo-ci.codeberg.org/ and provides it with OAuth2 credentials it uses to run.
+
+### Shared user: forgejo-experimental-ci
+
+The [forgejo-experimental-ci](https://codeberg.org/forgejo-experimental-ci) user is dedicated to provide the application tokens used by Woodpecker CI repositories to build releases and publish them to https://codeberg.org/forgejo-experimental. It does not (and must not) have permission to publish releases at https://codeberg.org/forgejo.
+
+### Integration and experimental organization
+
+The https://codeberg.org/forgejo-integration organization is dedicated to integration testing. Its purpose is to ensure all artefacts can effectively be published and retrieved by the CI/CD pipelines. 
+
+The https://codeberg.org/forgejo-experimental organization is dedicated to publishing experimental Forgejo releases. They are copied from the https://codeberg.org/forgejo-integration organization.
+
+The `forgejo-experimental-ci` user as well as all Forgejo contributors working on the CI/CD pipeline should be owners of both organizations.
+
+The https://codeberg.org/forgejo-integration/forgejo repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/forgejo-experimental-ci user. It runs the pipelines found in `releases/woodpecker-build/*.yml` which builds and publishes an unsigned release in https://codeberg.org/forgejo-integration.
+
+### Experimental and release repositories
+
+The https://codeberg.org/forgejo/experimental private repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/forgejo-experimental-ci user. It runs the pipelines found in `releases/woodpecker-publish/*.yml` which signs and copies a release from https://codeberg.org/forgejo-integration into https://codeberg.org/forgejo-experimental.
+
+The https://codeberg.org/forgejo/release private repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/release-team user. It runs the pipelines found in `releases/woodpecker-publish/*.yml` which signs and copies a release from https://codeberg.org/forgejo-integration into https://codeberg.org/forgejo.
--- a/CONTRIBUTING/SECRETS.md
+++ b/CONTRIBUTING/SECRETS.md
@ -0,0 +1,56 @@
+# Secrets
+
+All Forgejo credentials are shared among the [secret keepers](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md#secrets-keeper) teams in a private repository with encrypted content.
+
+## Get started
+
+1. Make sure you have a GPG Key, or [create one](https://github.com/NicoHood/gpgit#12-key-generation)
+2. Send someone else your public key and ask this person to add yourself as a recipient
+```
+# Commands for the other person
+$ gpg --import public_key.asc
+# The following command will open a prompt, with the available public keys. 
+# Choose the one you just added and all secrets will be re-encrypted with this new key.
+$ gopass recipients add
+```
+3. [Install gopass](https://www.gopass.pw/#install)
+> :warning: When installing on Ubuntu or Debian you can either download the deb package, install manually or build from source or use our APT repository ([github comment](https://github.com/gopasspw/gopass/issues/1849#issuecomment-802789285) with more information).
+4. Clone this repo using `gopass` (the name and email are for `git config`)
+```
+$ gopass clone git@codeberg.org:forgejo/gopass.git
+```
+5. Check the consistency of the gopass storage
+```
+$ gopass fsck
+```
+
+## Get a secret
+
+Show the whole secret file:
+```
+$ gopass show ovh.com/manager
+```
+
+Copy the password in the clipboard:
+```
+$ gopass show -c ovh.com/manager
+```
+
+Copy the `user` part of the secret in the clipboard:
+```
+$ gopass show -c ovh.com/manager user
+```
+
+## Insert or edit a secret
+```
+$ gopass edit ovh.com/manager
+```
+In the editor, insert the password on the first line.
+You may then add lines with a `key: value` syntax (`user: username` for instance).
+
+## Debugging and manual git operations
+
+The following command will show the location and status of the git repo (all git commands are available).
+```
+$ gopass git status
+```
--- a/CONTRIBUTING/WORKFLOW.md
+++ b/CONTRIBUTING/WORKFLOW.md
@ -0,0 +1,124 @@
+# Development workflow
+
+Forgejo is a soft fork, i.e. a set of commits applied to the Gitea development branch and the stable branches. On a regular basis those commits are rebased and modified if necessary to keep working. All Forgejo commits are merged into a branch from which binary releases and packages are created and distributed. The development workflow is a set of conventions Forgejo developers are expected to follow to work together.
+
+Discussions on how the workflow should evolve happen [in the isssue tracker](https://codeberg.org/forgejo/forgejo/issues?type=all&state=open&labels=&milestone=0&assignee=0&q=%5BWORKFLOW%5D).
+
+## Naming conventions
+
+### Development
+
+* Gitea: main
+* Forgejo: forgejo
+* Feature branches: forgejo-feature-name
+
+### Stable
+
+* Gitea: release/vX.Y
+* Forgejo: vX.Y/forgejo
+* Feature branches: vX.Y/forgejo-feature-name
+
+### Soft fork history
+
+Before rebasing on top of Gitea, all branches are copied to `soft-fork/YYYY-MM-DD/<branch>` for safekeeping. Older `soft-fork/*/<branch>` branches are converted into references under the same name. Similar to how pull requests store their head, they do not clutter the list of branches but can be retrieved if needed with `git fetch +refs/soft-fork/*:refs/soft-fork/*`. Tooling to automate this archival process [is available](https://codeberg.org/forgejo-contrib/soft-fork-tools/src/branch/master/README.md#archive-branches).
+
+### Tags
+
+Because the branches are rebased on top of Gitea, only the latest tag will be found in a given branch. For instance `v1.18.0-1` won't be found in the `v1.18/forgejo` branch after it is rebased.
+
+## Rebasing
+
+### *Feature branch*
+
+The *Gitea* branches are mirrored with the Gitea development and stable branches.
+
+On a regular basis, each *Feature branch* is rebased against the base *Gitea* branch.
+
+### forgejo branch
+
+The latest *Gitea* branch resets the *forgejo* branch and all *Feature branches* are merged into it.
+
+If tests pass after pushing *forgejo* to the https://codeberg.org/forgejo-integration/forgejo repository, it can be pushed to the https://codeberg.org/forgejo/forgejo repository.
+
+If tests do not pass, an issue is filed to the *Feature branch* that fails the test. Once the issue is resolved, another round of rebasing starts.
+
+### Cherry picking and rebasing
+
+Because Forgejo is a soft fork of Gitea, the commits in feature branches need to be cherry-picked on top of their base branch. They cannot be rebased using `git rebase`, because their base branch has been rebased.
+
+Here is how the commits in the `forgejo-f3` branch can be cherry-picked on top of the latest `forgejo-development` branch:
+
+```
+$ git fetch --all
+$ git remote get-url forgejo
+git@codeberg.org:forgejo/forgejo.git
+$ git checkout -b forgejo/forgejo-f3
+$ git reset --hard forgejo/forgejo-development
+$ git cherry-pick $(git rev-list --reverse forgejo/soft-fork/2022-12-10/forgejo-development..forgejo/soft-fork/2022-12-10/forgejo-f3)
+$ git push --force forgejo-f3 forgejo/forgejo-f3
+```
+
+## Feature branches
+
+All *Feature branches* are based on the {vX.Y/,}forgejo-development branch which provides development tools and documentation.
+
+The `forgejo-development` branch is based on the {vX.Y/,}forgejo-ci branch which provides the Woodpecker CI configuration.
+
+The purpose of each *Feature branch* is documented below:
+
+### General purpose
+
+* [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci) based on [main](https://codeberg.org/forgejo/forgejo/src/branch/main)
+  Woodpecker CI configuration, including the release process.
+  * Backports: [v1.18/forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci)
+
+* [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development) based on [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci)
+  Forgejo development tools and documentation.
+  * Backports: [v1.18/forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-development)
+
+### Dependency
+
+* [forgejo-dependency](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-dependency) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Each commit is prefixed with the name of dependency in uppercase, for instance **[GOTH]** or **[GITEA]**. They are standalone and implement either a bug fix or a feature that is in the process of being contributed to the dependency. It is better to contribute directly to the dependency instead of adding a commit to this branch but it is sometimes not possible, for instance when someone does not have a GitHub account. The author of the commit is responsible for rebasing and resolve conflicts. The ultimate goal of this branch is to be empty and it is expected that a continuous effort is made to reduce its content so that the technical debt it represents does not burden Forgejo long term.
+  * Backports: [v1.18/forgejo-dependency](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-dependency)
+
+### [Privacy](https://codeberg.org/forgejo/forgejo/issues?labels=83271)
+
+* [forgejo-privacy](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-privacy) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Customize Forgejo to have more privacy.
+  * Backports: [v1.18/forgejo-privacy](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-privacy)
+
+### Branding
+* [forgejo-branding](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-branding) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Replacing upstream branding with Forgejo branding
+
+### [Internationalization](https://codeberg.org/forgejo/forgejo/issues?labels=82637)
+* [forgejo-i18n](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-i18n) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Internationalization support for Forgejo with a workflow based on Weblate.
+
+### [Accessibility](https://codeberg.org/forgejo/forgejo/issues?labels=81214)
+* Backports only: [v1.18/forgejo-a11y](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-a11y) based on [v1.18/forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-development)
+  Backport future upstream a11y improvements to the current release of Forgejo
+
+### [Federation](https://codeberg.org/forgejo/forgejo/issues?labels=79349)
+
+* [forgejo-federation](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-federation) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Federation support for Forgejo
+
+* [forgejo-f3](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-f3) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  [F3](https://lab.forgefriends.org/friendlyforgeformat/gof3) support for Forgejo
+
+## Pull requests and feature branches
+
+Most people who are used to contributing will be familiar with the workflow of sending a pull request against the default branch. When that happens the reviewer should change the base branch to the appropriate *Feature branch* instead. If the pull request does not fit in any *Feature branch*, the reviewer needs to make decision to either:
+
+* Decline the pull request because it is best contributed to Gitea
+* Create a new *Feature branch*
+
+Returning contributors can figure out which *Feature branch* to base their pull request on using the list of *Feature branches*.
+
+## Granularity
+
+*Feature branches* can contain a number of commits grouped together, for instance for branding the documentation, the landing page and the footer. It makes it convenient for people working on that topic to get the big picture without browsing multiple branches. Creating a new *Feature branch* for each individual commit, while possible, is likely to be difficult to work with.
+
+Observing the granularity of the existing *Feature branches* is the best way to figure out what works and what does not. It requires adjustments from time to time depending on the number of contributors and the complexity of the Forgejo codebase that sits on top of Gitea.
--- a/56
+++ b/56
@ -1,6 +1,5 @@
-FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
-
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21-alpine3.18 as build-env
+#Build stage
+FROM docker.io/library/golang:1.20-alpine3.17 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -10,48 +9,21 @@ ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

-#
-# Transparently cross compile for the target platform
-#
-COPY --from=xx / /
-ARG TARGETPLATFORM
-RUN apk --no-cache add clang lld
-RUN xx-apk --no-cache add gcc musl-dev
-ENV CGO_ENABLED=1
-RUN xx-go --wrap
-#
-# for go generate and binfmt to find
-# without it the generate phase will fail with
-# #19 25.04 modules/public/public_bindata.go:8: running "go": exit status 1
-# #19 25.39 aarch64-binfmt-P: Could not open '/lib/ld-musl-aarch64.so.1': No such file or directory
-# why exactly is it needed? where is binfmt involved?
-#
-RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true
-
+#Build deps
 RUN apk --no-cache add build-base git nodejs npm

+#Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea

-RUN make clean-all
-RUN make frontend
-RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini
-RUN make go-check generate-backend static-executable && xx-verify gitea
+#Checkout version if set
+RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
+ && make clean-all build

-# Copy local files
-COPY docker/root /tmp/local
+# Begin env-to-ini build
+RUN go build contrib/environment-to-ini/environment-to-ini.go

-# Set permissions
-RUN chmod 755 /tmp/local/usr/bin/entrypoint \
-              /tmp/local/usr/local/bin/gitea \
-              /tmp/local/etc/s6/gitea/* \
-              /tmp/local/etc/s6/openssh/* \
-              /tmp/local/etc/s6/.s6-svscan/* \
-              /go/src/code.gitea.io/gitea/gitea \
-              /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-
-FROM docker.io/library/alpine:3.18
+FROM docker.io/library/alpine:3.17
 LABEL maintainer="contact@forgejo.org"

 EXPOSE 22 3000
@ -67,8 +39,7 @@ RUN apk --no-cache add \
    s6 \
    sqlite \
    su-exec \
-    gnupg \
-    && rm -rf /var/cache/apk/*
+    gnupg

 RUN addgroup \
    -S -g 1000 \
@ -90,8 +61,11 @@ VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]

-COPY --from=build-env /tmp/local /
+COPY docker/root /
 RUN cd /usr/local/bin ; ln -s gitea forgejo
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
+RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
+RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
+RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,6 +1,5 @@
-FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
-
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21-alpine3.18 as build-env
+#Build stage
+FROM docker.io/library/golang:1.20-alpine3.17 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -10,46 +9,21 @@ ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

-#
-# Transparently cross compile for the target platform
-#
-COPY --from=xx / /
-ARG TARGETPLATFORM
-RUN apk --no-cache add clang lld
-RUN xx-apk --no-cache add gcc musl-dev
-ENV CGO_ENABLED=1
-RUN xx-go --wrap
-#
-# for go generate and binfmt to find
-# without it the generate phase will fail with
-# #19 25.04 modules/public/public_bindata.go:8: running "go": exit status 1
-# #19 25.39 aarch64-binfmt-P: Could not open '/lib/ld-musl-aarch64.so.1': No such file or directory
-# why exactly is it needed? where is binfmt involved?
-#
-RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true
-
+#Build deps
 RUN apk --no-cache add build-base git nodejs npm

+#Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea

-RUN make clean-all
-RUN make frontend
-RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini
-RUN make go-check generate-backend static-executable && xx-verify gitea
+#Checkout version if set
+RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
+ && make clean-all build

-# Copy local files
-COPY docker/rootless /tmp/local
+# Begin env-to-ini build
+RUN go build contrib/environment-to-ini/environment-to-ini.go

-# Set permissions
-RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
-              /tmp/local/usr/local/bin/docker-setup.sh \
-              /tmp/local/usr/local/bin/gitea \
-              /go/src/code.gitea.io/gitea/gitea \
-              /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-
-FROM docker.io/library/alpine:3.18
+FROM docker.io/library/alpine:3.17
 LABEL maintainer="contact@forgejo.org"

 EXPOSE 2222 3000
@ -61,8 +35,7 @@ RUN apk --no-cache add \
    gettext \
    git \
    curl \
-    gnupg \
-    && rm -rf /var/cache/apk/*
+    gnupg

 RUN addgroup \
    -S -g 1000 \
@ -78,11 +51,13 @@ RUN addgroup \
 RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea

-COPY --from=build-env /tmp/local /
+COPY docker/rootless /
 RUN cd /usr/local/bin ; ln -s gitea forgejo
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
+RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
+RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh

 #git:git
 USER 1000:1000
--- a/17
+++ b/17
@ -5,6 +5,7 @@ Kees de Vries <bouwko@gmail.com> (@Bwko)
 Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
 LefsFlare <nobody@nobody.tld> (@LefsFlarey)
 Lunny Xiao <xiaolunwen@gmail.com> (@lunny)
+Matthias Loibl <mail@matthiasloibl.com> (@metalmatze)
 Rachid Zarouali <nobody@nobody.tld> (@xinity)
 Rémy Boulanouar <admin@dblk.org> (@DblK)
 Sandro Santilli <strk@kbt.io> (@strk)
@ -41,19 +42,11 @@ Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)
 Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
 Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
-Leon Hofmeister <dev.lh@web.de> (@delvh)
+Leon Hofmeister <dev.lh@web.de> (@delvh) 
 Wim <wim@42.be> (@42wim)
+Xinyu Zhou <i@sourcehut.net> (@xin-u)
 Jason Song <i@wolfogre.com> (@wolfogre)
-Yarden Shoham <git@yardenshoham.com> (@yardenshoham)
+Yarden Shoham <hrsi88@gmail.com> (@yardenshoham)
 Yu Tian <zettat123@gmail.com> (@Zettat123)
 Eddie Yang <576951401@qq.com> (@yp05327)
-Dong Ge <gedong_1994@163.com> (@sillyguodong)
-Xinyi Gong <hestergong@gmail.com> (@HesterG)
-wxiaoguang <wxiaoguang@gmail.com> (@wxiaoguang)
-Gary Moon <gary@garymoon.net> (@garymoon)
-Philip Peterson <philip.c.peterson@gmail.com> (@philip-peterson)
-Denys Konovalov <kontakt@denyskon.de> (@denyskon)
-Punit Inani <punitinani1@gmail.com> (@puni9869)
-CaiCandong  <1290147055@qq.com> (@caicandong)
-Rui Chen  <rui@chenrui.dev> (@chenrui333)
-Nanguan Lin <nanguanlin6@gmail.com> (@lng2020)
+Dong Ge <gedong_1994@163.com> (@sillyguodong)
--- a/280
+++ b/280
@ -20,28 +20,28 @@ IMPORT := code.gitea.io/gitea

 GO ?= go
 SHASUM ?= shasum -a 256
-HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes)
+HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,

-XGO_VERSION := go-1.21.x
+XGO_VERSION := go-1.20.x

-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.44.0
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.7.0
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.5.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.1
-GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.40.4
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.6.0
+ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.2
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.4.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.0
+GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.3
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0
-GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1.0.1
-ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.6.25
+GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.5.0
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
 DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)

-ifeq ($(HAS_GO), yes)
+ifeq ($(HAS_GO), GO)
 	GOPATH ?= $(shell $(GO) env GOPATH)
 	export PATH := $(GOPATH)/bin:$(PATH)

@ -68,7 +68,7 @@ endif

 EXTRA_GOFLAGS ?=

-MAKE_VERSION := $(shell "$(MAKE)" -v | cat | head -n 1)
+MAKE_VERSION := $(shell "$(MAKE)" -v | head -n 1)
 MAKE_EVIDENCE_DIR := .make_evidence

 ifeq ($(RACE_ENABLED),true)
@ -79,19 +79,33 @@ endif
 STORED_VERSION_FILE := VERSION
 HUGO_VERSION ?= 0.111.3

-
-STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null)
-ifneq ($(STORED_VERSION),)
-  GITEA_VERSION ?= $(STORED_VERSION)
+ifneq ($(DRONE_TAG),)
+	VERSION ?= $(subst v,,$(DRONE_TAG))
+	GITEA_VERSION ?= $(VERSION)
 else
-  GITEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
+	ifneq ($(DRONE_BRANCH),)
+		VERSION ?= $(shell echo $(DRONE_BRANCH) | sed -e 's|v\([0-9.][0-9.]*\)/.*|\1|')
+	else
+		VERSION ?= main
+	endif
+
+	STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null)
+	ifneq ($(STORED_VERSION),)
+		GITEA_VERSION ?= $(STORED_VERSION)
+	else
+		GITEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
+	endif
+endif
+
+# if version = "main" then update version to "nightly"
+ifeq ($(VERSION),main)
+	VERSION := main-nightly
 endif
-VERSION = ${GITEA_VERSION}

 # SemVer
-FORGEJO_VERSION := 6.0.11+0-gitea-1.21.11
+FORGEJO_VERSION := 4.2.2+0-gitea-1.19.4

-LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)" -X "main.ForgejoVersion=$(FORGEJO_VERSION)"
+LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)"

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

@ -102,15 +116,15 @@ FOMANTIC_WORK_DIR := web_src/fomantic

 WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
 WEBPACK_CONFIGS := webpack.config.js
-WEBPACK_DEST := public/assets/js/index.js public/assets/css/index.css
-WEBPACK_DEST_ENTRIES := public/assets/js public/assets/css public/assets/fonts public/assets/img/webpack
+WEBPACK_DEST := public/js/index.js public/css/index.css
+WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack public/serviceworker.js

 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))

 GENERATED_GO_DEST := modules/charset/invisible_gen.go modules/charset/ambiguous_gen.go

-SVG_DEST_DIR := public/assets/img/svg
+SVG_DEST_DIR := public/img/svg

 AIR_TMP_DIR := .air

@ -125,7 +139,7 @@ TEST_TAGS ?= sqlite sqlite_unlock_notify

 TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)

-GO_DIRS := build cmd models modules routers services tests
+GO_DIRS := cmd tests models modules routers build services tools
 WEB_DIRS := web_src/js web_src/css

 GO_SOURCES := $(wildcard *.go)
@ -143,7 +157,7 @@ ifdef DEPS_PLAYWRIGHT
 	PLAYWRIGHT_FLAGS += --with-deps
 endif

-FORGEJO_API_SPEC := public/assets/forgejo/api.v1.yml
+FORGEJO_API_SPEC := public/forgejo/api.v1.yml

 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
 SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
@ -188,26 +202,9 @@ help:
 	@echo " - deps                             install dependencies"
 	@echo " - deps-frontend                    install frontend dependencies"
 	@echo " - deps-backend                     install backend dependencies"
-	@echo " - deps-tools                       install tool dependencies"
-	@echo " - deps-py                          install python dependencies"
 	@echo " - lint                             lint everything"
-	@echo " - lint-fix                         lint everything and fix issues"
-	@echo " - lint-actions                     lint action workflow files"
 	@echo " - lint-frontend                    lint frontend files"
-	@echo " - lint-frontend-fix                lint frontend files and fix issues"
 	@echo " - lint-backend                     lint backend files"
-	@echo " - lint-backend-fix                 lint backend files and fix issues"
-	@echo " - lint-go                          lint go files"
-	@echo " - lint-go-fix                      lint go files and fix issues"
-	@echo " - lint-go-vet                      lint go files with vet"
-	@echo " - lint-js                          lint js files"
-	@echo " - lint-js-fix                      lint js files and fix issues"
-	@echo " - lint-css                         lint css files"
-	@echo " - lint-css-fix                     lint css files and fix issues"
-	@echo " - lint-md                          lint markdown files"
-	@echo " - lint-swagger                     lint swagger files"
-	@echo " - lint-templates                   lint template files"
-	@echo " - lint-yaml                        lint yaml files"
 	@echo " - checks                           run various consistency checks"
 	@echo " - checks-frontend                  check frontend files"
 	@echo " - checks-backend                   check backend files"
@ -215,9 +212,6 @@ help:
 	@echo " - test-frontend                    test frontend files"
 	@echo " - test-backend                     test backend files"
 	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
-	@echo " - update                           update js and py dependencies"
-	@echo " - update-js                        update js dependencies"
-	@echo " - update-py                        update py dependencies"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
@ -230,10 +224,13 @@ help:
 	@echo " - forgejo-api-validate             check if the forgejo API matches the specs"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
+	@echo " - golangci-lint                    run golangci-lint linter"
 	@echo " - go-licenses                      regenerate go licenses"
+	@echo " - vet                              examines Go source code and reports suspicious constructs"
 	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]    	    run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
+	@echo " - pr#<index>                       build and start gitea from a PR with integration test data loaded"

 .PHONY: go-check
 go-check:
@ -284,16 +281,12 @@ clean:
 fmt:
 	GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
 	$(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
-	@# strip whitespace after '{{' or '(' and before '}}' or ')' unless there is only
-	@# whitespace before it
-	@$(SED_INPLACE) \
-		-e 's/{{[ 	]\{1,\}/{{/g' -e '/^[ 	]\{1,\}}}/! s/[ 	]\{1,\}}}/}}/g' \
-	  -e 's/([ 	]\{1,\}/(/g' -e '/^[ 	]\{1,\})/! s/[ 	]\{1,\})/)/g' \
-	  $(TEMPLATES)
+	@# strip whitespace after '{{' and before `}}` unless there is only whitespace before it
+	@$(SED_INPLACE) -e 's/{{[ 	]\{1,\}/{{/g' -e '/^[ 	]\{1,\}}}/! s/[ 	]\{1,\}}}/}}/g' $(TEMPLATES)

 .PHONY: fmt-check
 fmt-check: fmt
-	@diff=$$(git diff --color=always $(GO_SOURCES) templates $(WEB_DIRS)); \
+	@diff=$$(git diff $(GO_SOURCES) templates $(WEB_DIRS)); \
 	if [ -n "$$diff" ]; then \
 	  echo "Please run 'make fmt' and commit the result:"; \
 	  echo "$${diff}"; \
@ -304,6 +297,11 @@ fmt-check: fmt
 misspell-check:
 	go run $(MISSPELL_PACKAGE) -error $(GO_DIRS) $(WEB_DIRS)

+.PHONY: vet
+vet:
+	@echo "Running go vet..."
+	@$(GO) vet $(GO_PACKAGES)
+
 .PHONY: $(TAGS_EVIDENCE)
 $(TAGS_EVIDENCE):
 	@mkdir -p $(MAKE_EVIDENCE_DIR)
@ -345,7 +343,7 @@ $(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)

 .PHONY: swagger-check
 swagger-check: generate-swagger
-	@diff=$$(git diff --color=always '$(SWAGGER_SPEC)'); \
+	@diff=$$(git diff '$(SWAGGER_SPEC)'); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make generate-swagger' and commit the result:"; \
 		echo "$${diff}"; \
@ -358,6 +356,11 @@ swagger-validate:
 	$(GO) run $(SWAGGER_PACKAGE) validate './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'

+.PHONY: errcheck
+errcheck:
+	@echo "Running errcheck..."
+	$(GO) run $(ERRCHECK_PACKAGE) $(GO_PACKAGES)
+
 .PHONY: checks
 checks: checks-frontend checks-backend

@ -370,88 +373,23 @@ checks-backend: tidy-check swagger-check fmt-check misspell-check forgejo-api-va
 .PHONY: lint
 lint: lint-frontend lint-backend

-.PHONY: lint-fix
-lint-fix: lint-frontend-fix lint-backend-fix
-
 .PHONY: lint-frontend
-lint-frontend: lint-js lint-css
-
-.PHONY: lint-frontend-fix
-lint-frontend-fix: lint-js-fix lint-css-fix
-
-.PHONY: lint-backend
-lint-backend: lint-go lint-go-vet lint-editorconfig
-
-.PHONY: lint-backend-fix
-lint-backend-fix: lint-go-fix lint-go-vet lint-editorconfig
-
-.PHONY: lint-js
-lint-js: node_modules
-	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js tests/e2e
-
-.PHONY: lint-js-fix
-lint-js-fix: node_modules
-	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js tests/e2e --fix
-
-.PHONY: lint-css
-lint-css: node_modules
-	npx stylelint --color --max-warnings=0 web_src/css web_src/js/components/*.vue
-
-.PHONY: lint-css-fix
-lint-css-fix: node_modules
-	npx stylelint --color --max-warnings=0 web_src/css web_src/js/components/*.vue --fix
-
-.PHONY: lint-swagger
-lint-swagger: node_modules
+lint-frontend: node_modules
+	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
+	npx stylelint --color --max-warnings=0 web_src/css
 	npx spectral lint -q -F hint $(SWAGGER_SPEC)
-
-.PHONY: lint-md
-lint-md: node_modules
 	npx markdownlint docs *.md

-.PHONY: lint-go
-lint-go:
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS)
-
-.PHONY: lint-go-fix
-lint-go-fix:
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS) --fix
-
-# workaround step for the lint-go-windows CI task because 'go run' can not
-# have distinct GOOS/GOARCH for its build and run steps
-.PHONY: lint-go-windows
-lint-go-windows:
-	@GOOS= GOARCH= $(GO) install $(GOLANGCI_LINT_PACKAGE)
-	golangci-lint run
-
-.PHONY: lint-go-vet
-lint-go-vet:
-	@echo "Running go vet..."
-	@$(GO) vet $(GO_PACKAGES)
-
-.PHONY: lint-editorconfig
-lint-editorconfig:
-	$(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates .github/workflows
-
-.PHONY: lint-actions
-lint-actions:
-	$(GO) run $(ACTIONLINT_PACKAGE)
-
-.PHONY: lint-templates
-lint-templates: .venv
-	@poetry run djlint $(shell find templates -type f -iname '*.tmpl')
-
-.PHONY: lint-yaml
-lint-yaml: .venv
-	@poetry run yamllint .
+.PHONY: lint-backend
+lint-backend: golangci-lint vet editorconfig-checker

 .PHONY: watch
 watch:
-	@bash build/watch.sh
+	bash tools/watch.sh

 .PHONY: watch-frontend
 watch-frontend: node-check node_modules
-	@rm -rf $(WEBPACK_DEST_ENTRIES)
+	rm -rf $(WEBPACK_DEST_ENTRIES)
 	NODE_ENV=development npx webpack --watch --progress

 .PHONY: watch-backend
@ -510,7 +448,7 @@ vendor: go.mod go.sum

 .PHONY: tidy-check
 tidy-check: tidy
-	@diff=$$(git diff --color=always go.mod go.sum $(GO_LICENSE_FILE)); \
+	@diff=$$(git diff go.mod go.sum $(GO_LICENSE_FILE)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make tidy' and commit the result:"; \
 		echo "$${diff}"; \
@ -842,7 +780,7 @@ generate-go: $(TAGS_PREREQ) merge-locales

 .PHONY: merge-locales
 merge-locales:
-	@CC= GOOS= GOARCH= $(GO) run build/merge-forgejo-locales.go
+	$(GO) run build/merge-forgejo-locales.go

 .PHONY: security-check
 security-check:
@ -851,18 +789,9 @@ security-check:
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

-forgejo: $(EXECUTABLE)
-	ln -f $(EXECUTABLE) forgejo
-
-static-executable: $(GO_SOURCES) $(TAGS_PREREQ)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags 'netgo osusergo $(TAGS)' -ldflags '-s -w -linkmode external -extldflags "-static" $(LDFLAGS)' -o $(EXECUTABLE)
-
 .PHONY: release
 release: frontend generate release-linux release-copy release-compress vendor release-sources release-check

-# just the sources, with all assets builtin and frontend resources generated
-sources-tarbal: frontend generate vendor release-sources release-check
-
 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)

@ -872,6 +801,9 @@ release-windows: | $(DIST_DIRS)
 ifeq (,$(findstring gogit,$(TAGS)))
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
+ifeq ($(CI),true)
+	cp /build/* $(DIST)/binaries
+endif

 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
@ -883,10 +815,16 @@ endif
 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
+ifeq ($(CI),true)
+	cp /build/* $(DIST)/binaries
+endif

 .PHONY: release-freebsd
 release-freebsd: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
+ifeq ($(CI),true)
+	cp /build/* $(DIST)/binaries
+endif

 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)
@ -898,7 +836,7 @@ release-check: | $(DIST_DIRS)

 .PHONY: release-compress
 release-compress: | $(DIST_DIRS)
-	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PACKAGE) -k -9 $${file}; done;
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PAGAGE) -k -9 $${file}; done;

 .PHONY: release-sources
 release-sources: | $(DIST_DIRS)
@ -912,17 +850,17 @@ release-sources: | $(DIST_DIRS)

 .PHONY: release-docs
 release-docs: | $(DIST_DIRS) docs
-	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs .
+	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs/public .

 .PHONY: docs
 docs:
-	cd docs; bash scripts/trans-copy.sh;
+	@hash hugo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		curl -sL https://github.com/gohugoio/hugo/releases/download/v$(HUGO_VERSION)/hugo_$(HUGO_VERSION)_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
+	fi
+	cd docs; make trans-copy clean build-offline;

 .PHONY: deps
-deps: deps-frontend deps-backend deps-tools deps-py
-
-.PHONY: deps-py
-deps-py: .venv
+deps: deps-frontend deps-backend

 .PHONY: deps-frontend
 deps-frontend: node_modules
@ -930,46 +868,29 @@ deps-frontend: node_modules
 .PHONY: deps-backend
 deps-backend:
 	$(GO) mod download
-
-.PHONY: deps-tools
-deps-tools:
 	$(GO) install $(AIR_PACKAGE)
 	$(GO) install $(EDITORCONFIG_CHECKER_PACKAGE)
+	$(GO) install $(ERRCHECK_PACKAGE)
 	$(GO) install $(GOFUMPT_PACKAGE)
 	$(GO) install $(GOLANGCI_LINT_PACKAGE)
-	$(GO) install $(GXZ_PACKAGE)
+	$(GO) install $(GXZ_PAGAGE)
 	$(GO) install $(MISSPELL_PACKAGE)
 	$(GO) install $(SWAGGER_PACKAGE)
 	$(GO) install $(XGO_PACKAGE)
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
-	$(GO) install $(ACTIONLINT_PACKAGE)

 node_modules: package-lock.json
 	npm install --no-save
 	@touch node_modules

-.venv: poetry.lock
-	poetry install --no-root
-	@touch .venv
-
-.PHONY: update
-update: update-js update-py
-
-.PHONY: update-js
-update-js: node-check | node_modules
-	npx updates -u -f package.json
+.PHONY: npm-update
+npm-update: node-check | node_modules
+	npx updates -cu
 	rm -rf node_modules package-lock.json
 	npm install --package-lock
 	@touch node_modules

-.PHONY: update-py
-update-py: node-check | node_modules
-	npx updates -u -f pyproject.toml
-	rm -rf .venv poetry.lock
-	poetry install
-	@touch .venv
-
 .PHONY: fomantic
 fomantic:
 	rm -rf $(FOMANTIC_WORK_DIR)/build
@ -999,7 +920,7 @@ svg: node-check | node_modules
 .PHONY: svg-check
 svg-check: svg
 	@git add $(SVG_DEST_DIR)
-	@diff=$$(git diff --color=always --cached $(SVG_DEST_DIR)); \
+	@diff=$$(git diff --cached $(SVG_DEST_DIR)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make svg' and 'git add $(SVG_DEST_DIR)' and commit the result:"; \
 		echo "$${diff}"; \
@ -1009,7 +930,7 @@ svg-check: svg
 .PHONY: lockfile-check
 lockfile-check:
 	npm install --package-lock-only
-	@diff=$$(git diff --color=always package-lock.json); \
+	@diff=$$(git diff package-lock.json); \
 	if [ -n "$$diff" ]; then \
 		echo "package-lock.json is inconsistent with package.json"; \
 		echo "Please run 'npm install --package-lock-only' and commit the result:"; \
@ -1042,10 +963,33 @@ generate-manpage:
 	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
 	@#TODO A small script that formats config-cheat-sheet.en-us.md nicely for use as a config man page

+.PHONY: pr\#%
+pr\#%: clean-all
+	$(GO) run contrib/pr/checkout.go $*
+
+.PHONY: golangci-lint
+golangci-lint:
+	$(GO) run $(GOLANGCI_LINT_PACKAGE) run
+
+# workaround step for the lint-backend-windows CI task because 'go run' can not
+# have distinct GOOS/GOARCH for its build and run steps
+.PHONY: golangci-lint-windows
+golangci-lint-windows:
+	@GOOS= GOARCH= $(GO) install $(GOLANGCI_LINT_PACKAGE)
+	golangci-lint run
+
+.PHONY: editorconfig-checker
+editorconfig-checker:
+	$(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates
+
 .PHONY: docker
 docker:
 	docker build --disable-content-trust=false -t $(DOCKER_REF) .
 # support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite sqlite_unlock_notify"  .

+.PHONY: docker-build
+docker-build:
+	docker run -ti --rm -v "$(CURDIR):/srv/app/src/code.gitea.io/gitea" -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" CGO_EXTRA_CFLAGS="$(CGO_EXTRA_CFLAGS)" webhippie/golang:edge make clean build
+
 # This endif closes the if at the top of the file
 endif
--- a/README.md
+++ b/README.md
@ -35,10 +35,11 @@ If you like any of the following, Forgejo is literally meant for you:
 - Privacy: From update checker to default settings: Forgejo is built to be **privacy first** for you and your crew.
 - Federation: (WIP) We are actively working to connect software forges with each other through **ActivityPub**,
  and create a collaborative network of personal instances.
+  Interested? [Read more](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING/WORKFLOW.md#federation-https-codeberg-org-forgejo-forgejo-issues-labels-79349)

 ## Learn more

-Dive into the [documentation](https://forgejo.org/docs/latest/), subscribe to releases and blog post on [our website](https://forgejo.org), <a href="https://floss.social/@forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#forgejo-chat:matrix.org) if you have any questions or want to get involved.
+Subscribe to releases and blog post on [our website](https://forgejo.org), <a href="https://floss.social/@forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#forgejo-chat:matrix.org) if you have any questions or want to get involved.


 ## Get involved
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@ -1,598 +1,8 @@
 # Release Notes

-A Forgejo release is published shortly after a Gitea release is published and they have [matching release numbers](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING/RELEASE.md#release-numbering). Additional Forgejo releases may be published to address urgent security issues or bug fixes.
+A Forgejo release is published shortly after a Gitea release is published and they have [matching release numbers](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING/RELEASE.md#release-numbering). Additional Forgejo releases may be published to address urgent security issues or bug fixes. Forgejo release notes include all Gitea release notes.

-The Forgejo admin should carefully read the required manual actions before upgrading. A point release (e.g. v1.21.1-0 or v1.21.2-0) does not require manual actions but others might (e.g. v1.20, v1.21).
-
-## 1.21.0-0 (DRAFT)
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.21/forgejo) included in the `Forgejo v1.21.0-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges origin/v1.20/forgejo..origin/v1.21/forgejo
-```
-
- **[Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/):**
-  The semantic version was updated to `6.0.0+0-gitea-1.21.0` because it contains breaking changes.
-
- **Breaking:**
-  Note that the modifications related to CSS, templates or assets (images, fonts, etc.) are not documented here.
-  Although they can be extracted and modified, Forgejo does not provide any guarantee that such changes
-  will be portable from one version to another (even a patch version).
-  - [Restrict certificate type for builtin SSH server](https://codeberg.org/forgejo/forgejo/pulls/1172). This is a breaking change for setups where the builtin SSH server is being used and for some reason host certificates were being used for authentication.
-  - [Some Forgejo CLI options have changed](https://codeberg.org/forgejo/forgejo/commit/d0dbe52e76f3038777c3b50066e3636105387ca3) and scripts may need to be updated. For instance `--verbose` is no longer a global option and is implemented on a per sub-command basis. Check `forgejo --help` or `forgejo docs` for more information.
-  - [Remove "CHARSET" config option for MySQL and always use "utf8mb4"](https://codeberg.org/forgejo/forgejo/commit/ce46834b938eb687152a680669ada95a26304178). It has been a requirement for years and specifying anything else is likely to cause issues.
-  - [Set SSH_AUTHORIZED_KEYS_BACKUP to false by default](https://codeberg.org/forgejo/forgejo/commit/469d89b95a1ce18dd34808a95c7230375e828e24). There is no automatic cleanup of these backups and can end up using a significant amount of disk space over time.
-
-(More items to be added here)
-
-## 1.20.5-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.5-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.20.4-1..v1.20.5-0
-```
-
-This stable release contains an **important security fix**, as explained in the [v1.20.5-0 companion blog post](https://forgejo.org/2023-10-release-v1-20-5-0/).
-
-* Recommended Action
-
-  We **strongly recommend** that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version as soon as possible.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/)
-
-  The semantic version was updated to `5.0.5+0-gitea-1.20.5`
-
-* Security fix
-
-  * When a user logs into Forgejo, they can click the **Remember This Device** checkbox and their browser will store a **Long-term authentication** token provided by the server, in a cookie that will allow them to stay logged in for an extended period of time. The implementation was inherently insecure and was [reworked](https://codeberg.org/forgejo/forgejo/commit/51988ef52bc93b63184d28395d10bf3b76914ad0). Read more about this issue in the [v1.20.5-0 blog post](https://forgejo.org/2023-10-release-v1-20-5-0/).
-
-* Bug fixes
-
-  The most prominent bug fixes are described below. Others can be found in the list of commits included in the release as described above.
-
-  * [Fix the display of pull requests waiting for review](https://codeberg.org/forgejo/forgejo/commit/4b23f11864) on the `/pulls` page. It incorrectly included all reviews.
-  * [Fix a v1.20 regression preventing access to files with OAuth2 tokens](https://codeberg.org/forgejo/forgejo/commit/3e8c3b7c09) in private repositories.
-  * [Fix](https://codeberg.org/forgejo/forgejo/commit/101cfc1f82) a bug by which the `doctor` command [complains the `deleted_branch` table is missing](https://codeberg.org/forgejo/forgejo/issues/1522) although it should not.
-  * [Fix the release URL in webhooks](https://codeberg.org/forgejo/forgejo/commit/1b1f878204) so that `URL` points to the API URL and `HTMLURL` points to the web page.
-  * [Fix organization field being null in POST /orgs/{orgid}/teams](https://codeberg.org/forgejo/forgejo/commit/f8bf284794).
-
-## 1.20.4-1
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.4-1` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.20.4-0..v1.20.4-1
-```
-
-This stable release includes bug fixes.
-
-* Recommended Action
-
-  We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/)
-
-  The semantic version was updated to `5.0.4+0-gitea-1.20.4`
-
-* Bug fixes
-
-  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
-
-  * [Fix the followers and following list that only showed the first page](https://codeberg.org/forgejo/forgejo/commit/c041114a20fcaaf0931da81dcb542a930e8f9c5f)
-  * [Fix issue templates preventing the creation of any new issues when blank issues are not authorized](https://codeberg.org/forgejo/forgejo/commit/64a418dfc778665f56cb20d678f3c10dbb62ddca) (regression introduced in v1.20.4-0)
-
-## 1.20.4-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.4-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.20.3-0..v1.20.4-0
-```
-
-This stable release includes bug fixes and two features.
-
-* Recommended Action
-
-  We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.20/admin/upgrade/) to the latest version.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/)
-
-  The semantic version was updated to `5.0.3+0-gitea-1.20.4`
-
-* Features
-
-  * [Log slow SQL queries](https://codeberg.org/forgejo/forgejo/commit/fa25b9eec63c073e16f4595459880e4ee8797913) to help identify bottlenecks on large Forgejo instances
-  * [Add `branch_filter` to hooks API endpoints](https://codeberg.org/forgejo/forgejo/commit/19a49e763a013dec4c3fcf3e9e2be89c7009bb3b)
-
-* Bug fixes
-
-  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
-
-  * [Ignore the trailing slashes when comparing oauth2 redirect_uri](https://codeberg.org/forgejo/forgejo/commit/2f6d011503a35a1eede96f5a13b2a9868c06b3ae)
-  * [Fix the reopen logic for agit flow pull request](https://codeberg.org/forgejo/forgejo/commit/5abca17b644ded3c3ab8869db1d34f9bd678f18e)
-  * [Fix the missing display of user projects](https://codeberg.org/forgejo/forgejo/commit/ef46b01168e251fad92ed46102b5faad75a5bcb1)
-  * [Fix](https://codeberg.org/forgejo/forgejo/commit/08762875d7362ee207bbd320123cbb0ad4cf70d2) issue templates [that failed to save checkboxes](https://codeberg.org/forgejo/forgejo/pulls/1317)
-  * [Fix accessibility issues preventing focus and selection](https://codeberg.org/forgejo/forgejo/commit/66016b3fe3a9646e5d9c8b4c2d88b1da7a908ccf)
-  * [Fix being unable to use a repo that prohibits accepting PRs as a PR source](https://codeberg.org/forgejo/forgejo/commit/1d228e6ee93525bd630c4a915febd98d159f1824)
-  * [Forgejo doctor database fix](https://codeberg.org/forgejo/forgejo/commit/0b1175f21b403ff59c0c3f7a759de8d0fe13bee8) to repair a condition preventing the owner of an organization from creating a repository
-  * [Fix dashboard filters having no effect](https://codeberg.org/forgejo/forgejo/commit/a6c2201dd41706a000ca96bdcd3e89df96e342fd)
-  * [Also check the email blocklists when adding new emails to existing accounts](https://codeberg.org/forgejo/forgejo/commit/d5845521a842418ae8f6dfcad8368ba2a6035f54)
-  * [Sync tags when adopting repos](https://codeberg.org/forgejo/forgejo/commit/6b5ef0fad754a863eb7d91eefa8301dd9a5a84b5)
-  * [Fix an error when pushing a new branch and there is a requirement that all commits are signed](https://codeberg.org/forgejo/forgejo/commit/193e04c43b556e0a25c260149429945ba2164efa)
-
-## 1.20.3-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.3-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.20.2-0..v1.20.3-0
-```
-
-This stable release includes bug fixes and a safeguard against a
-regression that may lead to data loss. The `[storage*]` sections in the
-`app.ini` file may cause the files for some subsystems - Attachments,
-LFS, Avatars, Repository avatars, Repository archives, Packages - to
-be merged together or misplaced.  The safeguard detects this situation
-and Forgejo will not start to prevent data loss. If your instance is in
-this situation, [follow the instructions in the companion blog post](https://forgejo.org/2023-08-release-v1-20-3-0/).
-
-* Recommended Action
-
-  We recommend that all Forgejo installations are upgraded to the latest version.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/)
-
-  The semantic version was updated to `5.0.2+0-gitea-1.20.3`
-
-* Breaking changes
-
-  * [Fix some bugs in how the storage sections are interpreted](https://codeberg.org/forgejo/forgejo/commit/815682c88) in the `app.ini` file. Read more about this issue in the [v1.20.3-0 blog post](https://forgejo.org/2023-08-release-v1-20-3-0/)
-  * [Add sanity checks](https://codeberg.org/forgejo/forgejo/commit/ee0e4848e) to detect an `app.ini` configuration that [needs manual fixing to preserve storage](https://forgejo.org/2023-08-release-v1-20-3-0/)
-
-* Bug fixes
-
-  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
-
-  * [Fix links to pull request reviews sent via mail](https://codeberg.org/forgejo/forgejo/commit/88e179d5ef8ee41f71d068195685ff098b38ca31). The pull request link was correct but it did not go the the review and stayed at the beginning of the page
-  * [Recognize OGG as an audio format](https://codeberg.org/forgejo/forgejo/commit/622ec5c79f299c32ac2667a1aa7b4bf5d7c2d6cf)
-  * [Consistently show the last time a cron job was run in the admin panel](https://codeberg.org/forgejo/forgejo/commit/5f769ef20)
-  * [Fix NuGet registry v2 & v3 API search endpoints](https://codeberg.org/forgejo/forgejo/commit/471138829b0c24fe8c621dbb866ae8bb45ebc674)
-  * [Allow html <img /> code to be parsed in markdown files](https://codeberg.org/forgejo/forgejo/commit/e7d0475e1)
-  * [Fix incorrect color of the selected assignees when creating an issue](https://codeberg.org/forgejo/forgejo/commit/c7d7490b2)
-  * [Add missing MinIO region on client initialization](https://codeberg.org/forgejo/forgejo/commit/927cbe62b)
-  * [Add pull request review request webhook event](https://codeberg.org/forgejo/forgejo/commit/99c8dab9d)
-  * [Fix bad url in the wiki due to incorrect unescaping](https://codeberg.org/forgejo/forgejo/commit/e0f6956a4)
-  * [Fix the sort menu that was broken when displaying a custom profile from the `.profile`  repository](https://codeberg.org/forgejo/forgejo/commit/fa92a6a4c)
-  * [Workaround](https://codeberg.org/forgejo/forgejo/commit/3d211dea2) MariaDB [performance issue on large Forgejo instances](https://codeberg.org/forgejo/forgejo/issues/1161)
-  * [Display human-readable text](https://codeberg.org/forgejo/forgejo/commit/2729bb3c6) instead of [numerical file modes](https://en.wikipedia.org/wiki/File-system_permissions#Numeric_notation)
-  * [The CLI exit code now is different from zero when an error occurs](https://codeberg.org/forgejo/forgejo/commit/089af9ab1)
-  * [Fix error when a Debian package has a double newline character at the end of the control block](https://codeberg.org/forgejo/forgejo/commit/dd7180846)
-  * [Fix a condition that would cause git related tasks to hang for longer than necessary in the queues and use too many resources as a result](https://codeberg.org/forgejo/forgejo/commit/36f8fbe1b)
-  * [Fix the topic validation rule and suport dots](https://codeberg.org/forgejo/forgejo/commit/a578b75d7)
-  * [Fix pull request check list when there are more than 30](https://codeberg.org/forgejo/forgejo/commit/e226b9646)
-  * [Fix attachment clipboard copy on insecure origin](https://codeberg.org/forgejo/forgejo/commit/12ac84c26)
-  * [Fix the profile README rendering](https://codeberg.org/forgejo/forgejo/commit/84c3b60a4) that [was inconsistent with other markdown files renderings](https://codeberg.org/forgejo/forgejo/issues/833)
-  * [Fix API leaking the user email when the caller is not authentified](https://codeberg.org/forgejo/forgejo/commit/d89003cc1)
-
-## 1.20.2-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.2-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.20.1-0..v1.20.2-0
-```
-
-This stable release includes bug fixes and displays [warnings in the administration panel](https://codeberg.org/forgejo/forgejo/commit/28f4029e40) when deprecated entries are found in `app.ini`.
-
-* Recommended Action
-
-  We recommend that all Forgejo installations are upgraded to the latest version.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/)
-
-  The semantic version was updated to `5.0.1+0-gitea-1.20.2`
-
-* Bug fixes
-
-  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
-
-  * [Add missing assets to the Forgejo sources tarbal](https://codeberg.org/forgejo/forgejo/commit/e14d239005)
-  * [Fix user type selection error when creating a user](https://codeberg.org/forgejo/forgejo/commit/268569b462) and selecting `public` or `private`.
-  * [Fix access check for org-level project](https://codeberg.org/forgejo/forgejo/commit/5afb0294f4)
-  * [Warn instead of reporting an error when a webhook cannot be found](https://codeberg.org/forgejo/forgejo/commit/4c3dcdf815)
-  * [Set MAX_WORKERS](https://codeberg.org/forgejo/forgejo/commit/5a4b19435d) to a value lower than 10 if the number of available CPUs is low to avoid overloading the host.
-  * [Fix bug when pushing to a pull request which enabled dismiss approval automatically](https://codeberg.org/forgejo/forgejo/commit/4640c53386)
-  * [Fix handling of plenty Nuget package versions](https://codeberg.org/forgejo/forgejo/commit/7bb8526736)
-  * [Update email-setup.en-us.md](https://codeberg.org/forgejo/forgejo/commit/31f2ce3998)
-  * [Fix bugs](https://codeberg.org/forgejo/forgejo/commit/9654d71bb2) in [LFS meta garbage collection](https://codeberg.org/forgejo/forgejo/issues/1113)
-  * [Fix UI regression of asciinema player](https://codeberg.org/forgejo/forgejo/commit/f3c26de1f4)
-  * [Fix LFS object list style](https://codeberg.org/forgejo/forgejo/commit/f20cfc291c)
-  * [Fix CLI allowing creation of multiple user access tokens with the same name](https://codeberg.org/forgejo/forgejo/commit/b699e1d340)
-  * [Fix](https://codeberg.org/forgejo/forgejo/commit/f4a8f10f64) router logger [preventing separating the logs in different files](https://codeberg.org/forgejo/forgejo/issues/1123).
-  * [added ssh mirror workaround description](https://codeberg.org/forgejo/forgejo/commit/d9d38b6244)
-  * [Fix wrong workflow status when rerun a job in an already finished workflow](https://codeberg.org/forgejo/forgejo/commit/e2101ae572)
-  * [Fix escape problems in the branch selector](https://codeberg.org/forgejo/forgejo/commit/9fae415030)
-  * [Fix handling of Debian files with trailing slash](https://codeberg.org/forgejo/forgejo/commit/4be3270e87)
-  * [fix Missing 404 swagger response docs for /admin/users/{username}](https://codeberg.org/forgejo/forgejo/commit/1cd4d4b00e)
-  * [Use stderr as fallback if the log file can't be opened](https://codeberg.org/forgejo/forgejo/commit/942d02f8e9)
-
-## 1.20.1-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.20/forgejo) included in the `Forgejo v1.20.1-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/forgejo
-```
-
- **[Forgejo Semantic Version](https://forgejo.org/docs/v1.20/user/semver/):**
-  The semantic version was updated to `5.0.0+0-gitea-1.20.1` because it contains breaking changes.
- **Breaking:**
-  - [Scoped access tokens](https://codeberg.org/forgejo/forgejo/commit/18de83b2a3fc120922096b7348d6375094ae1532) or (Personal Access Tokens), were refactored and although existing tokens are still valid, they may have a different scope than before. To ensure that no tokens have a larger scope than expected they must be removed and recreated.
-  - If your `app.ini` has one of the the following `[indexer].ISSUE_INDEXER_QUEUE_TYPE`, `[indexer].ISSUE_INDEXER_QUEUE_BATCH_NUMBER`, `[indexer].`, `[indexer].ISSUE_INDEXER_QUEUE_DIR`, `[indexer].ISSUE_INDEXER_QUEUE_CONN_STR`, `[indexer].UPDATE_BUFFER_LEN`, `[mailer].SEND_BUFFER_LEN`, `[repository].PULL_REQUEST_QUEUE_LENGTH` or `[repository].MIRROR_QUEUE_LENGTH`, Forgejo will abort immediately. Unless you know exactly what you're doing, you must comment them out so the default values are used.
-  - The `-p` option of `environment-to-ini` is [no longer supported](https://codeberg.org/forgejo/forgejo/commit/fa0b5b14c2faa6a5f76bb2e7bc9241a5e4354189)
-  - The ".png" suffix for [user and organizations is now reserved](https://codeberg.org/forgejo/forgejo/commit/2b91841cd3e1213ff3e4ed4209d6a4be89c2fa79)
-  - The section `[git.reflog]` is [now obsolete and its keys have been moved](https://codeberg.org/forgejo/forgejo/commit/2f149c5c9db97f20fbbc65e32d1f3133048b11a2) to the following replacements:
-    * `[git.reflog].ENABLED` → `[git.config].core.logAllRefUpdates`
-    * `[git.reflog].EXPIRATION` → `[git.config].gc.reflogExpire`
-  - The [logger](https://codeberg.org/forgejo/forgejo/commit/4647660776436f0a83129b4ceb8426b1fb0599bb) used to display Forgejo's was refactored and has new settings, different from the previous one found at `log.<mode>.<logger>` in `app.ini`. Check the [documentation](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/#log-log) and `app.example.ini` for more information. The SMTP logger was removed.
-  - Forgejo will refuse to start if [the refactored path & config system](https://codeberg.org/forgejo/forgejo/commit/061b68e99) does not pass sanity checks (e.g. WORK_PATH must be absolute).
-  - Manually set [WORK_PATH](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/#overall-default) in `app.ini`.
-    If the `app.ini` file is writable by the user under which the Forgejo server runs and `WORK_PATH` is not set,
-    the server will add it. Otherwise it will log an error starting with `Unable to update WORK_PATH`.
-    One of the consequences of not setting `WORK_PATH` in `app.ini` is that pushing to a repository via ssh is
-    [likely to fail as explained in the corresponding bug report](https://codeberg.org/forgejo/forgejo/issues/1118).
-    Read the technical details in the [commit that implements the WORK_PATH change](https://codeberg.org/forgejo/forgejo/commit/061b68e99).
-  - The user profile can be customized with [a Markdown file](https://codeberg.org/forgejo/forgejo/commit/c090f87a8db5b51e0aa9c7278b38ddc862c048ac).
-    The profile page of a user is rendered using the `README.md` file of the `.profile` repository, if it exists. It is a
-    breaking change because **it will display the .profile/README.md of a pre-existing repository, private or not**.
-  - The [API endpoint pagination](https://codeberg.org/forgejo/forgejo/commit/0a3c4d4a595cc7e12462dde393ed64186260f26b) for team members was fixed: it now starts at 1 instead of 0, just like all other paginated API endpoints.
-  - The `SSH_KEYGEN_PATH` variable in `app.ini` now defaults to using the [Go SSH key parsing instead of the `ssh-keygen` binary](https://codeberg.org/forgejo/forgejo/commit/7a8a4f54321f208ebbb0f708a5f0e49c4cd4cc04). When `START_SSH_SERVER` is true, the decision to use the Go SSH key parsing or an external binary will now depend on the value of `SSH_KEYGEN_PATH` instead of always using the Go SSH key parsing.
-  - The storage settings were [refactored](https://codeberg.org/forgejo/forgejo/commit/d6dd6d641b593c54fe1a1041c153111ce81dbc20). Read more about [storage settings](https://forgejo.org/docs/v1.20/admin/storage/).
-  - [The [repository.editor] PREVIEWABLE_FILE_MODES setting was removed](https://codeberg.org/forgejo/forgejo/commit/84daddc2fa74393cdc13371b0cc44f0444cfdae0). This setting served no practical purpose and was not working correctly. Instead a preview tab is always shown in the file editor when supported.
-  - In addition to the already deprecated options inside [queue], many options have been dropped as well. Those are WRAP_IF_NECESSARY, MAX_ATTEMPTS, TIMEOUT, WORKERS, BLOCK_TIMEOUT, BOOST_TIMEOUT, BOOST_WORKERS. You can remove them from your app.ini now. Additionally, some default values have changed in this section.
-  - The default CSS and templates included in Forgejo were heavily refactored and a large number of variables renamed. These changes are not documented and there is a very high chance that a tempate extracted and modified for a particular Forgejo instance will no longer work as it did. Browsing through the git history of the template in the sources is the best way to figure out how and why it was modified.
- **Moderation:**
-  Blocking another user is desirable if they are acting maliciously or are spamming your repository. When you block a user, Forgejo does not explicitly notify them, but they may learn through an interaction with you that is blocked. [Read more about blocking users](https://forgejo.org/docs/v1.20/user/blocking-user/).
- **Package:**
-  New registries are available for [SWIFT](https://forgejo.org/docs/v1.20/user/packages/swift), [debian](https://forgejo.org/docs/v1.20/user/packages/debian), [RPM](https://forgejo.org/docs/v1.20/user/packages/rpm), [alpine](https://forgejo.org/docs/v1.20/user/packages/alpine), [Go](https://forgejo.org/docs/v1.20/user/packages/go) and [CRAN](https://forgejo.org/docs/v1.20/user/packages/cran).
- **Accessibility:**
-  numerous improvements for [issue comments](https://codeberg.org/forgejo/forgejo/commit/6c354546547cd3a9595a7db119a6480d9cd506a7), [the menu on the navbar](https://codeberg.org/forgejo/forgejo/commit/a78e0b7dade16bc6509b943fe86e74962f1b95b6), [scoped labels](https://codeberg.org/forgejo/forgejo/commit/e8935606f5f1fff3c59222ebca6d4615ab06fb0b), [checkboxes and dropdowns](https://codeberg.org/forgejo/forgejo/commit/d4f35bd681af0632da988e15306f330e020422b2), [RTL rendering support to Markdown](https://codeberg.org/forgejo/forgejo/commit/32d9c47ec7706d8f06e09b42e09a28d7a0e3c526), [file (re-)views](https://codeberg.org/forgejo/forgejo/commit/e95b42e187cde9ac4bd541cd714bdb4f5c1fd8bc), [interactive tooltips](https://codeberg.org/forgejo/forgejo/commit/87f0f7e670c6c0e6aeab8c4458bfdb9d954eacec), [using a button element](https://codeberg.org/forgejo/forgejo/commit/81fe5d61851c0e586af7d32c29171ceff9a571bb), [repository list](https://codeberg.org/forgejo/forgejo/commit/e82f1b15c7120ad13fd3b67cf7e2c6cb9915c22d) and more.
- **Time:**
-  The display and localization of time was improved for [tooltips](https://codeberg.org/forgejo/forgejo/commit/b7b58348317cbe0145dc453d45c886b8e2764b4c), [milestones](https://codeberg.org/forgejo/forgejo/commit/97176754beb4de23fa0f68df715c4737919c93b0), [due date and translations that contain dates](https://codeberg.org/forgejo/forgejo/commit/70bb4984cdad9a15d676708bd345b590aa42d72a), [commit graphs](https://codeberg.org/forgejo/forgejo/commit/5bc9f7fcf9aece92c3fa2a0ea56e5585261a7f28), [runners](https://codeberg.org/forgejo/forgejo/commit/62ca5825f73ad5a25ffeb6c3ef66f0eaf5d30cdf), [webhooks](https://codeberg.org/forgejo/forgejo/commit/dbb37367854d108ebfffcac27837c0afac199a8e), [tests](https://codeberg.org/forgejo/forgejo/commit/3d266dd0f3dbae7e417c0e790e266aebc0078814) and more. Previously each rendered timestamp would be static, now the real time since an event happend is show. If a comment was added 2 minutes before the page rendered it would show as "2 minutes ago" on the initial render and if another 8 minutes have passed, without a page refresh you'd see "10 minutes ago".
- **[Wiki](https://forgejo.org/docs/v1.20/user/wiki/)**
-  - Improve the [display of the table of content](https://codeberg.org/forgejo/forgejo/commit/1ab16e48cccc086e7f97fb3ae8a293fe47a3a452)
-  - Fixed a bug [preventing team users who have wiki write permission from deleting a page](https://codeberg.org/forgejo/forgejo/commit/284b41f45244bbe46fc8feee15bbfdf66d150e79)
-  - [Shows the External Link icon and URL in the header](https://codeberg.org/forgejo/forgejo/commit/d347208114966166ffa9655adc5b202676546c31) to indicate that the user will be sent to an external side to help prevent fishing
-  - Allow dash in [titles](https://codeberg.org/forgejo/forgejo/commit/b39a5bbbd610ba30651218658caaec1c86d6bca1)
- **[Actions](https://forgejo.org/docs/v1.20/user/actions/)**
-  - The internal CI graduated from **experimental** to **[alpha](https://en.wikipedia.org/wiki/Software_release_life_cycle#Alpha)**. It now has with a [user](https://forgejo.org/docs/v1.20/user/actions) documentation that includes examples and an extensive [administrator](https://forgejo.org/docs/v1.20/admin/actions) guide to set it up.
-  - [Forgejo Actions](https://forgejo.org/docs/v1.20/user/actions/) workflows are [now available](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/.forgejo/workflows) to run tests and publish releases for `Forgejo` itself.
-  - The Woodpecker CI configuration for PR verification and building releases for Forgejo v1.18 and v1.19 is no longer maintained as part of Forgejo itself and was moved to its [own repository](https://codeberg.org/forgejo-contrib/forgejo-ci-woodpecker).
- **[Templates](https://forgejo.org/docs/v1.20/user/issue-pull-request-templates/)**
-  - [Configuration for the issue templates](https://codeberg.org/forgejo/forgejo/commit/f384b13f1cd44be3a87df5553a0099390dacd010). [Read more about issue config](https://forgejo.org/docs/v1.20/user/issue-pull-request-templates/#syntax-for-issue-config) in the documentation.
-  - [Add validations.required check to the dropdown field](https://codeberg.org/forgejo/forgejo/commit/5c0745c0349f0709d0fc36fd8a97dcab86bce28a)
-  - [Issue template support markdown edition](https://codeberg.org/forgejo/forgejo/commit/c4303efc23ea19f16ee826809f43888ee4583ebb)
-  - [Use a general Eval function for expressions in templates](https://codeberg.org/forgejo/forgejo/commit/5b89670a318e52e271f65d96bfe1116d85d20988)
-  - [reload-templates CLI](https://codeberg.org/forgejo/forgejo/commit/3588edbb08f93aaa56defa82dffdbb202cd9aa4a)
- **User Interface and User eXperience**
-  - The web editor used when creating issues, adding comments, etc. [changed](https://codeberg.org/forgejo/forgejo/commit/5cc0801de90d16b4d528e62de11c9b525be5d122) from [EasyMDE](https://github.com/Ionaru/easy-markdown-editor) which was no longer actively maintained to [GitHub markdown](https://github.com/github/markdown-toolbar-element). To help with the transition it is still possible to switch back to using EasyMDE using the double arrow button in the menubar.
-  - [Improve wiki sidebar and TOC](https://codeberg.org/forgejo/forgejo/commit/51789ba12)
-  - [Show outdated comments in the files changed tab of a pull request review](https://codeberg.org/forgejo/forgejo/commit/30a783879)
-  - [Redirect to package after version deletion](https://codeberg.org/forgejo/forgejo/commit/c27a3af72)
-  - Use a [separate admin page to show stats](https://codeberg.org/forgejo/forgejo/commit/520eb57d7642a5fca3df319e5b5d1c7c9018087c)
-  - [Improve avatar compression and resizing](https://codeberg.org/forgejo/forgejo/commit/82224c54e0488738dbd3b7eccf56ab08b6790627)
-  - [Add button to compare force pushed commits in pull requests](https://codeberg.org/forgejo/forgejo/commit/545495dcb0a4cb9d820132dde4f1127f7fe91aa4)
-  - [When creating a new file in a repository via the web user interface allow for a path to be pasted](https://codeberg.org/forgejo/forgejo/commit/7f9d58fab8a3c4fd1a8f18d58e36fbfab7b30f33)
-  - [Allows "video" HTML tag to be used in MarkDown, with the src, autoplay, and controls attributes](https://codeberg.org/forgejo/forgejo/commit/de6c718b46ebd3b7f6362c766eed328044d95ec7)
-  - [Add "Reviewed by you" filter for pull requests](https://codeberg.org/forgejo/forgejo/commit/10cdcb9ea8077098921d72720f9f36fcfd950452)
-  - [Make Ctrl+Enter submit a pending comment (starting review) instead of submitting a single comment](https://codeberg.org/forgejo/forgejo/commit/188c8c12c290e131fb342e3203634828652b0af5)
-  - If an instance chooses to disable new pull or push mirrors or mirrors entirely, an appropriate message will [now be shown to the user in the Repository Settings](https://codeberg.org/forgejo/forgejo/commit/35ce7ca25b5756441949312d79aa6382f98ce8d6)
-  - [Change `Close` to either `Close issue` or `Close pull request`](https://codeberg.org/forgejo/forgejo/commit/39d3711f3036db42d7ddf73dbdb125be611bcbba)
-  - [Make Issue/PR/projects more compact](https://codeberg.org/forgejo/forgejo/commit/4a722c9a45659e7732258397bbb3dd1039ea1952)
-  - [Improve RSS user interface](https://codeberg.org/forgejo/forgejo/commit/59d060622d375c4123ea88e2fa6c4f34d4fea4d3)
-  - [Add details summary for vertical menus in settings to allow toggling](https://codeberg.org/forgejo/forgejo/commit/58536093b3112841bc69edb542189893b57e7a47)
-  - [Show visibility status of email in own profile](https://codeberg.org/forgejo/forgejo/commit/5e1bd8af5f16f9db88cfeb5b80bdf731435cacfb)
-  - [Improve the protected branch setting page](https://codeberg.org/forgejo/forgejo/commit/72e956b79a3b2e055bb5d4d5e20e88eaa2eeec96)
-  - [Improve the display of the pull request branch delete button](https://codeberg.org/forgejo/forgejo/commit/774d1a0fbdadd1136b6af895f8d449b0c8db54cb)
-  - [Fix the color for repository transfer related buttons when having no permission to act](https://codeberg.org/forgejo/forgejo/commit/7abe958f5b507efa676fb3b2e27d30517f6d1908)
-  - [Add a progressbar to Milestone Page](https://codeberg.org/forgejo/forgejo/commit/7d192cb674bc475b123c84b205aca821247c5dd1)
-  - [Nicer display when the list of notifications is empty](https://codeberg.org/forgejo/forgejo/commit/8251b317f7b7a2b5f626a02fa3bb540a1495e81d)
-  - [Rename board to column in projects](https://codeberg.org/forgejo/forgejo/commit/843f81113ebe71fd725210c5a382268333865cc7)
-  - [Improve header bar on issue, pull requests and milestone](https://codeberg.org/forgejo/forgejo/commit/8f4dafcd4e6b0b5d307c3e060ffe908c2a96f047)
-  - [Add organization visibility label when displayed on the dashboard](https://codeberg.org/forgejo/forgejo/commit/97b70a0cd40e8f73cdf6ba4397087b45061de3d8)
-  - [Unification of registration fields order](https://codeberg.org/forgejo/forgejo/commit/b9fad73e9fcf40e81cde3304198105af6c668421)
-  - [Append `(comment)` when a link points at a comment rather than the whole issue](https://codeberg.org/forgejo/forgejo/commit/ca905b82df7f1d2a823d8df4448d485e5902876d)
-  - [Add visibility (private, limited) in the dashboard navbar](https://codeberg.org/forgejo/forgejo/commit/d949d8e074407a96dbcfa98a71ccd80527b5ad78)
-  - [Show all activities in the dashboard, not just the most recent ones](https://codeberg.org/forgejo/forgejo/commit/f4920c9c7f5947d3b6476610f39bc3492ab4ef3b)
-  - [Do not display the stars in the repository list of the dashboard](https://codeberg.org/forgejo/forgejo/commit/06c067bb0f9eeb8873ddc298819b30fc5913943f)
-  - [Improve the display of tags to include the tag message](https://codeberg.org/forgejo/forgejo/commit/b78c955958301dde72d8caf189531f6e53c496b4)
-  - [Hide the target selector if a tag exists when creating a new release](https://codeberg.org/forgejo/forgejo/commit/3de9e63fd04d61e08fcbdec035c9f138347d9f37)
-  - [Show the calculated commit status state of the latest commit on the default branch for each repository in the dashboard repository list](https://codeberg.org/forgejo/forgejo/commit/4810fe55e3e73edb962052df46bef125eb1817b3)
-  - [Sort users and orgs on the explore page by recency](https://codeberg.org/forgejo/forgejo/commit/4daf40505a5f89747982ddd2f1df2a4001720846)
-  - [Show the number of repositories in the user or organization profile](https://codeberg.org/forgejo/forgejo/commit/52b17bfa07fea29441cd961da4edaf1ea97fe348)
-  - [Review management (requesting again and discard) now happens at the top of the pull request](https://codeberg.org/forgejo/forgejo/commit/a70d853d064a97f0be1d3702a9c3912494b546ec)
-  - [Add markdown preview when submitting a review](https://codeberg.org/forgejo/forgejo/commit/b5c26fa825e08122843ad6d27191d399a9af1c37)
-  - [Support no label/assignee filter and batch clearing labels/assignees](https://codeberg.org/forgejo/forgejo/commit/b807d2f6205bf1ba60d3a543e8e1a16f7be956df)
-  - [Display when a repo was archived](https://codeberg.org/forgejo/forgejo/commit/c41bc4f1279c9e1e6e11d7b5fcfe7ef089fc7577)
-  - [Improve squash merge commit author and co-author with private emails](https://codeberg.org/forgejo/forgejo/commit/d647e74502fdf734c89b3e6592a9ad88c3005971)
-  - [Allow adding new files to an empty repo](https://codeberg.org/forgejo/forgejo/commit/e422342eebc18034ef586ec58f1e2fff0340091d)
-  - [Move `Rename branch` from repo settings page to the page of branches list](https://codeberg.org/forgejo/forgejo/commit/e8173c2c33f1dd5b0a2c044255434d414cab62d2)
-  - [Add "Updated" column for admin repositories list](https://codeberg.org/forgejo/forgejo/commit/94d6b5b09d49b2622c2164a03cfae45dced96c74)
-  - [Hide the merge box of a pull request if it is merged and the branch was deleted](https://codeberg.org/forgejo/forgejo/commit/e9b39250b285f1b9cbf9739f33c06fc57401f314)
-  - [The repository migration can be canceled](https://codeberg.org/forgejo/forgejo/commit/f6e029e6c7849d4361abf7f1d749b5d528364ac4)
-  - [Add button on the diff header to copy the file name](https://codeberg.org/forgejo/forgejo/commit/c5ede35124c8d5280219c24049bb0ad7da9f02ed)
-  - [Add --quiet option to the dump CLI](https://codeberg.org/forgejo/forgejo/commit/cb1536471bcef4d78a3fe5cbd738b9f60fabbcc2)
-  - [Support searching for an issue with its number in the the list of issues](https://codeberg.org/forgejo/forgejo/commit/1144b1d129de530b2c07dfdfaf55de383cd82212)
-  - [Improve the list of notifications](https://codeberg.org/forgejo/forgejo/commit/f7ede92f82f7f3ec7bb31a1249f9524e5b728f34)
-  - [When editing a file in the web UI, allow for a preview whenever possible](https://codeberg.org/forgejo/forgejo/commit/ac64c8297444ade63a2a364c4afb7e6c1de5a75f)
-  - [Make release download URLs human readable](https://codeberg.org/forgejo/forgejo/commit/42919ccb7cd32ab67d0878baf2bac6cd007899a8)
-  - [Add a tooltip to `Publish Review` explaining why they are disabled](https://codeberg.org/forgejo/forgejo/commit/a8c30a45fa49a3a551b1dca882960008c254bb3d)
-  - [Show the file tree view by default when browsing the changes in a pull request](https://codeberg.org/forgejo/forgejo/commit/72eedfb91584720da774909d3f078b7d515c9fdd)
-  - [Allow both fullname search in the author dropdown search of the issue list when `DEFAULT_SHOW_FULL_NAME` is true](https://codeberg.org/forgejo/forgejo/commit/661e78bed5c0879c32c53eb60f3d6898b93e1f08)
- **Performance**
-  - [Improve performances when listing issues](https://codeberg.org/forgejo/forgejo/commit/9bbb4d8d6)
-  - [Speedup loading the list of authors in the dropdown of the list of issues](https://codeberg.org/forgejo/forgejo/commit/6eb678374b583079a0a08b7ed0c9ca220c0c0434)
-  - [Use minio/sha256-simd for accelerated SHA256](https://codeberg.org/forgejo/forgejo/commit/1319ba6742a8562453646763adad22379674bab5)
-  - [Speed up HasUserStopwatch & GetActiveStopwatch](https://codeberg.org/forgejo/forgejo/commit/ef4fc302468cc8a9fd8f65c4ebdc6f55138450d1)
-  - [Do not create commit graph for temporary repos](https://codeberg.org/forgejo/forgejo/commit/0268ee5c37b8ad733678f02bc15ec8642da62c10)
-  - [Faster git.GetDivergingCommits](https://codeberg.org/forgejo/forgejo/commit/75ea0d5dba5dbf2f84cef2d12460fdd566d43e62)
-  - [Order pull request conflict checking by recently updated, for each push](https://codeberg.org/forgejo/forgejo/commit/df48af22296ccce8e9bd18e5d35c9a3cdf5acb0f)
-  - [MySQL integration tests](https://codeberg.org/forgejo/forgejo/commit/49f68518c2a2bd36ca0106045bd84de01dec4b61) run twice faster low end machines and use an order of magnitude less disk I/O
- **Authentication**
-  - [Add ntlm authentication support for mail](https://codeberg.org/forgejo/forgejo/commit/8be6da3e2fd0b685aeb6b9e7fd9dee5a4571163a)
-  - [LDAP filters include both username and email address](https://codeberg.org/forgejo/forgejo/commit/b8c19e7a11525da4174b6f80f87ff3e844d03d8a)
-  - [Allow for PKCE flow without client secret](https://codeberg.org/forgejo/forgejo/commit/7d855efb1fe6b97c5d87492f67ed6aefd31b2474)
-  - [Add the ability to set multiple redirect URIs in the OAuth application UI](https://codeberg.org/forgejo/forgejo/commit/ca35dec18b3d3d7dd5cde4c69a10ae830961faf7)
- **Refactor:**
-  Many essential sub-systems were refactored: the [queue system](https://codeberg.org/forgejo/forgejo/commit/6f9c278559789066aa831c1df25b0d866103d02d) that handles background tasks such as checking pull requests, [pull mirror](https://codeberg.org/forgejo/forgejo/commit/99283415bcbaa8acfe4d249ce3040de2f3a8b006), [git internal API](https://codeberg.org/forgejo/forgejo/commit/f4538791f5fc82b173608fcf9c30e36ec01dc9d3), [routes](https://codeberg.org/forgejo/forgejo/commit/92fd3fc4fd369b6a8c0a022a32a80dec2340223a) and [web routes](https://codeberg.org/forgejo/forgejo/commit/b9a97ccd0ea1ee44db85b0fbb80b75255af7c742), [merge & update logic](https://codeberg.org/forgejo/forgejo/commit/8598356df1eb21b6e33ecb9f9268ba36c5488e7c) and [git command calls](https://codeberg.org/forgejo/forgejo/commit/542cec98f8c07e0f046a35f1d516807416536e74), [listing commits](https://codeberg.org/forgejo/forgejo/commit/ec261b63e14f84da3e2d9a6e27c8b831a7750677), [cookie](https://codeberg.org/forgejo/forgejo/commit/5b9557aef59b190c55de9ea218bf51152bc04786), [issue stats](https://codeberg.org/forgejo/forgejo/commit/38cf43d0606c13c38f459659f38e26cf31dceccb), [renaming users and organizations](https://codeberg.org/forgejo/forgejo/commit/c59a057297c782f44a81a3e630b5094a58099edb), [app.ini handling](https://codeberg.org/forgejo/forgejo/commit/de4a21fcb4476772c69c36d086549e89ed4dcf6c), [diffFileInfo / DiffTreeStore](https://codeberg.org/forgejo/forgejo/commit/ee99cf6313ba565523b3c43f61ffda4b71e2c39b).... In theory these changes are transparent to the Forgejo user and admin but the risk of subtle regressions is real: do not hesitate to [reach out](https://codeberg.org/forgejo/forgejo/issues) if you suspect anything.
- **RSS**
-  - [Support "." char as user name for User/Orgs in RSS/ATOM/GPG/KEYS](https://codeberg.org/forgejo/forgejo/commit/88033438aa8214569913899a17b19b57bd609d97)
-  - [Add RSS Feeds for branches and files](https://codeberg.org/forgejo/forgejo/commit/56d4893b2a996da6388801c9c8ff16b9b588ad55)
- **API**
-  - [Add admin API for email](https://codeberg.org/forgejo/forgejo/commit/d56bb7420184c0c2f451f4bcaa96c9b3b00c393d)
-  - [Add admin API to rename a user](https://codeberg.org/forgejo/forgejo/commit/03591f0f95823a0b1dcca969d2a3ed505c7e6d73)
-  - [Add login name and source id to admin user searching API](https://codeberg.org/forgejo/forgejo/commit/6f9cc617fcc42477dec5ccab83d06f0a96544403)
-  - [Add missing units to create and edit repo API](https://codeberg.org/forgejo/forgejo/commit/574d8fe6d6675c8aa05e2b75fdbc01c009efd8be)
-  - [Add API to manage issue dependencies](https://codeberg.org/forgejo/forgejo/commit/3cab9c6b0c050bfcb9f2f067e7dc1b0242875254)
-  - [Add API for activity feeds](https://codeberg.org/forgejo/forgejo/commit/6b0df6d8da76d77a9b5c42dcfa78dbfe197fd56d)
-  - [Add API for license templates](https://codeberg.org/forgejo/forgejo/commit/fb37eefa282543fd8ce63c361cd4cf0dfac9943c)
-  - [Add API for gitignore templates](https://codeberg.org/forgejo/forgejo/commit/36a5d4c2f3b5670e5e921034cd5d25817534a6d4)
-  - [Add API to upuload a file to an empty repository](https://codeberg.org/forgejo/forgejo/commit/cf465b472166ccf6d3e001e3043e4bf43e16e6b3)
-  - [Allow for --not when listing the commits of a repo](https://codeberg.org/forgejo/forgejo/commit/f766b002938b5c81e343c81fda3c0669fa09809f)
-  - [Add `files` and `verification` parameters to improve performances when listing the commits of a a repo](https://codeberg.org/forgejo/forgejo/commit/1dd83dbb917d55bd253001646d6743f247a4d98b)
-  - [Allow for listing a single commit in a repository](https://codeberg.org/forgejo/forgejo/commit/5930ab5fdf7a970fcca3cd50b44cf1cacb615a54)
-  - [Create a branch directly from commit on the create branch API](https://codeberg.org/forgejo/forgejo/commit/cd9a13ebb47d32f46b38439a524e3b2e0c619490)
-  - [Add API for Label templates](https://codeberg.org/forgejo/forgejo/commit/25dc1556cd70b567a4920beb002a0addfbfd6ef2)
-  - [Add API for changing/creating/deleting multiple files](https://codeberg.org/forgejo/forgejo/commit/275d4b7e3f4595206e5c4b1657d4f6d6969d9ce2)
- **Miscellaneous Features**
-  - [Any URL scheme may be used for links](https://codeberg.org/forgejo/forgejo/commit/f5ce2ed292a90041abd749a8db26671645648a43). Previously, non-standard URLs (like matrix:) were not rendered unless explicitly listed in `markdown.CUSTOM_URL_SCHEMES`. Now the default if `markdown.CUSTOM_URL_SCHEMES` is not set, all schemes are allowed and markdown links ([label](URL)) render as links.
-  - [Always use "utf8mb4" for MySQL](https://codeberg.org/forgejo/forgejo/commit/cb3173a1e)
-  - [Add Adopt repository event and handler](https://codeberg.org/forgejo/forgejo/commit/9d69a4758)
-  - Add [meilisearch](https://www.meilisearch.com/) support to [index the content of repositories](https://codeberg.org/forgejo/forgejo/commit/92c160d8e716cb3d05215a97cf521e843596f562).
-  - [Add support](https://codeberg.org/forgejo/forgejo/commit/985f76dc4b0692c4d6c6f37e82500ef859557c16) for [redis v7](https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES)
-  - Allow [webp](https://en.wikipedia.org/wiki/WebP) images [as avatars](https://codeberg.org/forgejo/forgejo/commit/65fe0fb22cfb264f0b756065d0c3ce7a17d7e55b)
-  - [Add support](https://codeberg.org/forgejo/forgejo/commit/58caf422e67c78f87327bc9b00f89083a2432940) for rendering [.livemd](https://livebook.dev/)
-  - The `forgejo forgejo-cli actions` [subcommand is added](https://codeberg.org/forgejo/forgejo/commit/d6efefbb63d59ba0251c10b6031f6b630b184eaf) to implement [offline registration with `actions register`](https://forgejo.org/docs/v1.20/admin/actions/#offline-registration) for the [Forgejo runner](https://code.forgejo.org/forgejo/runner).
-  - When [called as `forgejo-cli`](https://codeberg.org/forgejo/forgejo/commit/935fb85e8b2a5f6a9c9c6c0b78a234abc14df4fe) (with `ln -f forgejo forgejo-cli`), Forgejo provides a new CLI that is not backward compatible with Gitea. It contains Forgejo specific additions such as [offline registration](https://forgejo.org/docs/v1.20/admin/actions/#offline-registration)
-  - [Render list items](https://codeberg.org/forgejo/forgejo/commit/e1829f0728509c4c1b7810fe9f6df1aebb71b4c0) when an [org-mode](https://orgmode.org/) file is displayed
-  - [A user can follow an organization](https://codeberg.org/forgejo/forgejo/commit/cc64a925602d54f3439dd19f16b5280bd0377a7a)
-  - [When playing a video in the web UI, the player control can be dragged to play on the specified position](https://codeberg.org/forgejo/forgejo/commit/023a048f52b5bf8c4b715285245a129f04e05a8c)
-  - The commit status required for a pull request to be merged can now be [specified as patterns](https://codeberg.org/forgejo/forgejo/commit/e7c2231dee356df5cbe5a47c07e31e3a8d090a6f) instead of being a hard coded list
-  - [Support wildcard in email domain allow and block lists](https://codeberg.org/forgejo/forgejo/commit/2cb66fff60c95efbd58b797f1197f2421f4687ce). [Read more about EMAIL_DOMAIN_ALLOWLIST and EMAIL_DOMAIN_BLOCKLIST](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/).
-  - When [installing with docker](https://forgejo.org/docs/v1.20/admin/installation/#installation-with-docker) the value of a configuration variable can now be fetched from a file by [adding the `__FILE` suffix](https://codeberg.org/forgejo/forgejo/commit/c21605951b581440bb08b65d5907b1cd4e0ab6c5). For instance `FORGEJO__security__INTERNAL_TOKEN__FILE=/etc/forgejo/token` can be used instead of `FORGEJO__security__INTERNAL_TOKEN=tokenvalue`.
-  - The [new `[git.config]` section of `app.ini`](https://codeberg.org/forgejo/forgejo/commit/8080ace6fcf73a5fbe4a0dd71881228abd0c68b9) is used to `git set config`. [Read more about the defaults it contains](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/#git---config-options-gitconfig).
-  - [Issues and pull requests can be pinned](https://codeberg.org/forgejo/forgejo/commit/aaa109466350c531b9238a61115b2877daca57d3). They will show on top of the list of issues (or pull requests) and can be re-arranged by dragging them.
-  - [Implement systemd-notify protocol](https://codeberg.org/forgejo/forgejo/commit/7565e5c3de051400a9e3703f707049cbb9054cf3) and allows for using `Type=notify` in service files.
-  - [Provide more control over the repositories that are indexed](https://codeberg.org/forgejo/forgejo/commit/033d92997fc16baee097d2b25f08e0984e628abd). [Read more about REPO_INDEXER_REPO_TYPES](https://forgejo.org/docs/v1.20/admin/config-cheat-sheet/).
- **Webhook**
-  - Similar to organization wide webhooks, it is now possible to have [user wide webhooks](https://codeberg.org/forgejo/forgejo/commit/2173f14708ff3b35d7821fc9b6dcb5fcd06b8494)
-  - [Add webhook trigger when a Pull Request review requests is created](https://codeberg.org/forgejo/forgejo/commit/309354c70ee994a1e8f261d7bc24e7473e601d02)
-
-* Container images upgraded to Alpine 3.18
-
-  The Forgejo container images are now based on [Alpine 3.18](https://alpinelinux.org/posts/Alpine-3.18.0-released.html) instead of Alpine 3.17.
-
-## 1.19.4-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.4-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.19.3-0..v1.19.4-0
-```
-
-This stable release contains security fixes.
-
-* Recommended Action
-
-  We recommend that all Forgejo installations are upgraded to the latest version.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/)
-
-  The semantic version was updated from `4.2.1+0-gitea-1.19.3` to `4.2.2+0-gitea-1.19.4`.
-
-* Security fixes
-
-  * [An additional verification](https://codeberg.org/forgejo/forgejo/commit/a259a928a) was implemented to prevent [open redirects](https://en.wikipedia.org/wiki/Open_redirect). 
-
-* Bug fixes
-
-  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
-
-  * [Fix an edge case](https://codeberg.org/forgejo/forgejo/commit/27796464c) where a user changing their `username` in their profile page could fail
-  * The secrets are only meaningful in the context of `Frogejo Actions`, do not display them if `Forgejo Actions` is disabled ([patch 1](https://codeberg.org/forgejo/forgejo/commit/5883db45c), [patch 2](https://codeberg.org/forgejo/forgejo/commit/5fdac0d46))
-  * Actions can now be triggered on mirrored repositories ([patch 1](https://codeberg.org/forgejo/forgejo/commit/58bdcae61), [patch 2](https://codeberg.org/forgejo/forgejo/commit/8d4d6f9b2))
-  * [Return `404` in the API if the requested webhooks were not found](https://codeberg.org/forgejo/forgejo/commit/16bcceeff) instead of `500`
-  * Ensure topics deleted via the API are [also deleted in the repository](https://codeberg.org/forgejo/forgejo/commit/5dc29fdeb)
-  * [Tentative fix](https://codeberg.org/forgejo/forgejo/commit/9bc4887cb) to suppress the JavaScript error **TypeError: undefined is not an object (evaluating '_i18n.textEdited')** on safari. It is unclear if that fix is effective because it could not be reproduced, please report if it still happens for you.
-  * [Respect original content when creating secrets](https://codeberg.org/forgejo/forgejo/commit/f6919e3e5)
-  * If a mirror failed and left the database in an inconsistent state, make it so the repository page [does not fail with an error `500`](https://codeberg.org/forgejo/forgejo/commit/f37fba567)
-  * If a user that triggered `Actions` is deleted, [allow for the page listing the tasks it launched to show](https://codeberg.org/forgejo/forgejo/commit/f9bf040a5) instead of failing with an error `500`
-  * [Allow the selection of milestones](https://codeberg.org/forgejo/forgejo/commit/55d062003) when acting on multiple issues in the issue list page
-  * [Fix the API error message when trying to create a fork that already exists](https://codeberg.org/forgejo/forgejo/commit/4dccac3db)
-  * [Don't display a `create page` button in a mirror wiki repository](https://codeberg.org/forgejo/forgejo/commit/7a74957c1). A mirrored repository will also mirror a wiki and changes will be overridden.
-  * [Do not allow for a repository to enable actions if it is not enabled in the configuration](https://codeberg.org/forgejo/forgejo/commit/257287954)
-  * Allow for closed PRs to be re-opened and [synchronize with the latest content of the head branch](https://codeberg.org/forgejo/forgejo/commit/306b7b5d1)
-  * [Fix the `close` button of projects within an organization](https://codeberg.org/forgejo/forgejo/commit/306b7b5d1). It was a noop and now effectively closes the project
-
-## 1.19.3-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.3-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.19.2-0..v1.19.3-0
-```
-
-This stable release contains security fixes.
-
-* Recommended Action
-
-  We recommend that all Forgejo installations are upgraded to the latest version.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/)
-
-  The semantic version was updated from `4.2.0+0-gitea-1.19.2` to `4.2.1+0-gitea-1.19.3` because of the rebuild with [Go version 1.20.4](https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved).
-
-* Security fixes
-
-  * Forgejo was recompiled with Go version v1.20.4 published 2 May 2023. It fixes [three vulnerabilities](https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved) ([CVE-2023-29400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400), [CVE-2023-24540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540), [CVE-2023-24539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539)) related to the [html/template](https://pkg.go.dev/html/template) package. The [Forgejo security team](https://forgejo.org/.well-known/security.txt) analyzed the security fixes it contains and concluded that Forgejo is not affected but recommended a rebuild as a precaution.
-
-* Bug fixes
-
-  The most prominent one is described here, others can be found in the list of commits included in the release as described above.
-
-  * [Allow users that are not signed in to browse the tag list](https://codeberg.org/forgejo/forgejo/commit/e76b3f72b23bf778a562682d829744451b27d615). Requiring users to be signed in to view the tag list was a regression introduced in Forgejo v1.19.2-0.
-
-## 1.19.2-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.2-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.19.1-0..v1.19.2-0
-```
-
-This stable release contains **important security fixes**.
-
-* Recommended Action
-
-  We **strongly recommend** that all Forgejo installations are upgraded to the latest version as soon as possible.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/)
-
-  The semantic version was updated from `4.1.0+0-gitea-1.19.1` to `4.2.0+0-gitea-1.19.2` because of the changes introduced in the internal CI.
-
-* Security fixes
-
-  * Token scopes were not enforced in some cases ([patch 1](https://codeberg.org/forgejo/forgejo/commit/7c3ac69c0) and [patch 2](https://codeberg.org/forgejo/forgejo/commit/10d3ed53f1cc6d383b52637bedd7bc3679476eb4)). The [scoped token](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens) were introduced in Forgejo v1.19 allow for the creation of application tokens that only have limited permissions, such as creating packages or accessing repositories. Prior to Forgejo v1.19 tokens could be used to perform any operation the user issuing the token could.
-  * [Permissions to delete secrets was not enforced](https://codeberg.org/forgejo/forgejo/commit/68d80eb56). The experimental internal CI relies on secrets managed via the web interface, for instance to communicate credentials to a job. Secrets are only used in the context of the experimental internal CI.
-
-* Bug fixes
-
-  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
-
-  * [Restore public access to some API endpoints](https://codeberg.org/forgejo/forgejo/commit/b00f7c3c545c6a00a747a5aea7596f45c50157ac). When [scoped token](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens) introduced in Forgejo v1.19, some API endpoints that were previously accessible anonymously became restricted: `/orgs`, `/orgs/{org}`, `/orgs/{org}/repos`, `/orgs/{org}/public_members`, `/orgs/{org}/public_members/{username}`, `/orgs/{org}/labels`.
-  * [Fix 2-dot direct compare to use the right base commit](https://codeberg.org/forgejo/forgejo/commit/494e373292962de34b7ea7efd3f4a8d2f27daa26). For 2-dot direct compare, the base commit should be used in the title and templates, as is used elsewhere, not the common ancestor which is used for 3-dot compare.
-  * [Make CORS work](https://codeberg.org/forgejo/forgejo/commit/2e6e5bc9c96ebb760f28c08423bb0c244ca7e01c). No [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) headers were set, even if CORS was enabled in the configuration.
-  * [Fix issue attachment removal](https://codeberg.org/forgejo/forgejo/commit/d5f2c9d74d63443cc2abbcabc268cf1121f58e8b). When an attachment was removed from an issue or review comment, all of the image/attachment links were broken.
-  * [Fix wiki write permissions for users who do not have repository write permissions](https://codeberg.org/forgejo/forgejo/commit/8c465206e2fea27076fdb986ea0478729653f0b5). When a team member had write access to the wiki but not to the code repository, some operations (deleting a page for instance) were denied.
-  * [Respect the REGISTER_MANUAL_CONFIRM setting when registering via OAuth](https://codeberg.org/forgejo/forgejo/commit/116b6d5b27c40b248281f5fd543f7aa8df0d59d3). Contrary to the local registration, the OAuth registration flow activated a newly registered user regardless of the value of `REGISTER_MANUAL_CONFIRM`.
-  * [Fix tags list for repos whose release setting is disabled](https://codeberg.org/forgejo/forgejo/commit/eeee32cdc3aab4d2086b24aae670a39501c9ea99). When releases was disabled the "tags" button led to a `Not Found` page, even when tags existed.
-
-* Container image upgrades
-
-  In the Forgejo container images the Git version was upgraded to [2.38.5](https://github.com/git/git/blob/master/Documentation/RelNotes/2.38.5.txt) as a precaution. The [Forgejo security team](https://forgejo.org/.well-known/security.txt) analyzed the security fixes it contains and concluded that Forgejo is not affected.
-
-## 1.19.1-0
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.1-0` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.19.0-3..v1.19.1-0
-```
-
-This stable release includes bug fixes. Functional changes related to the experimental CI have also been backported.
-
-* Recommended Action
-
-  We recommend that all installations are upgraded to the latest version.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/)
-
-  The semantic version was updated from `4.0.0+0-gitea-1.19.0` to `4.1.0+0-gitea-1.19.1` because of the changes introduced in the internal CI.
-
-* Bug fixes
-
-  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
-
-  * [Fix RSS/ATOM/GPG/KEYS path for users (or orgs) with a dot in their name](https://codeberg.org/forgejo/forgejo/commit/085b56302cfd9a949319a3a1e32e008b4a0d0772). It is allowed for a user (or an organization) to have a dot in their name, for instance `user.name`. Because of a [bug in Chi](https://codeberg.org/forgejo/forgejo/issues/652) it was not possible to access `/user.name.png`, `/user.name.gpg`, etc. A workaround was implemented while a [proper fix is being discussed](https://github.com/go-chi/chi/pull/811).
-  * [Creating a tag via the web interface no longer requires a title](https://codeberg.org/forgejo/forgejo/commit/1b8ecd179bdb58427b99c2c2eb9ad5a45abf7055).
-  * [Use fully qualified URLs in Dockerfile](https://codeberg.org/forgejo/forgejo/commit/833a4b177596debc138e5723219fd063d067bd5b). The Dockerfile to create the Forgejo container image now uses the fully qualified image `docker.io/library/golang:1.20-alpine3.17` instead of `golang:1.20-alpine3.17`. This allows for building on platforms that don't have docker hub as the default container registry.
-  * [Redis use Get/Set instead of Rename when Regenerate session id](https://codeberg.org/forgejo/forgejo/commit/3a7cb1a83b4ecd89421b5656b8caeb30c2b13c7c). The old sid and new sid may be in different redis cluster slot.
-  * [Do not escape space between PyPI repository url and package name](https://codeberg.org/forgejo/forgejo/commit/cfde557e231417b7fb3cde3e9bab70d05b7d182f). It also adds a trailing slash to the PyPI repository URL in accordance to [Python PEP-503](https://peps.python.org/pep-0503/).
-  * [Fix failure when using the API and an empty rule_name to protect a branch](https://codeberg.org/forgejo/forgejo/commit/abf0386e2ef6b56c048c04cd3d6913f453c87cb1). The `rule_name` parameter for the [/repos/{owner}/{repo}/branch_protections](https://code.forgejo.org/api/swagger#/repository/repoCreateBranchProtection) API now defaults to the branch name instead of being empty.
-  * [Fix branch protection priority](https://codeberg.org/forgejo/forgejo/commit/580da8f35320dbd15b168bf8ccfaff6187ff87e0). Contrary to [the documentation](https://forgejo.org/docs/v1.19/user/protection/#protected-branches) it was possible for a glob rule to take precedence over a non-glob rule.
-  * [Fix deleting an issue when the git repo does not exist](https://codeberg.org/forgejo/forgejo/commit/1d8ae34e57e46b84a885b4f072d949344c5977c4). If a project had an issue tracker (such as the [Forgejo discussion](https://codeberg.org/forgejo/discussions/issues)) but [no git repository](https://codeberg.org/forgejo/discussions/), trying to delete an issue would fail.
-  * [Fix accidental overwriting of LDAP team memberships](https://codeberg.org/forgejo/forgejo/commit/66aa85429684aca45753ac9578492ed3f7507ea3). If an LDAP user is a member of two groups, the LDAP group sync only matched the last group.
-
-## 1.19.0-3
-
-The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.0-3` release can be reviewed from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo/
-$ git -C forgejo log --oneline --no-merges v1.19.0-2..v1.19.0-3
-```
-
-This stable release includes security updates and bug fixes.
-
-* Recommended Action
-
-  We recommend that all installations are upgraded to the latest version.
-
-* Security
-
-  The [Forgejo security team](https://forgejo.org/.well-known/security.txt) analyzed the vulnerabilities fixed in the latest [Go 1.20.3 packages](https://go.dev/doc/devel/release#go1.20.minor) and [Alpine 3.17.3](https://alpinelinux.org/posts/Alpine-3.17.3-released.html) and concluded that Forgejo is not affected.
-
-  As a precaution the Forgejo v1.19.0-3 binaries were compiled with [Go 1.20.3 packages](https://go.dev/doc/devel/release#go1.20.minor) as published on 4 April 2023 and the container images were built with [Alpine 3.17.3](https://alpinelinux.org/posts/Alpine-3.17.3-released.html) as published on 29 March 2023.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.19/user/semver/)
-
-  The semantic version was updated from `3.0.0+0-gitea-1.19.0` to `4.0.0+0-gitea-1.19.0` because of the breaking changes described below.
-
-* Breaking changes
-
-  They should not have a significant impact because they are related to experimental features (federation and CI).
-
-  * [Use User.ID instead of User.Name in ActivityPub API for Person IRI](https://codeberg.org/forgejo/forgejo/commit/2fcd57d5ae5b5926e5b0b87e46f78ad4ac83cbbd)
-
-    The ActivityPub id is an HTTPS URI that should remain constant, even if
-the user changes their name.
-
-  * [Actions unit is repo.actions instead of actions.actions](https://codeberg.org/forgejo/forgejo/commit/9596bd3712caec440859fce93d05e19cf95e5330)
-
-    All instances of `actions.actions` in the `DISABLED_REPO_UNITS` or `DEFAULT_REPO_UNITS` configuration variables must be replaced with `repo.actions`.
-
-* Bug fixes
-
-  They are for the most part about user interface and actions. The most prominent ones are:
-
-  * [Do not filter repositories by default on the explore page](https://codeberg.org/forgejo/forgejo/commit/d15f20b2d2ce613cc8b36536995f29f81797c002). The behavior of the explore page is back to what it was in Forgejo v1.18. Changing it was confusing.
-  * [Skip LFS when disabled in dump and doctor](https://codeberg.org/forgejo/forgejo/commit/b6a2323981a7a89205a382ddf0542e205e292d3d).
-  * [Do not display own email on the profile](https://codeberg.org/forgejo/forgejo/commit/1fed0e1adc8dd2d27d2d7e34dda29c8e79e5e6e8).
-  * [Make minio package support legacy MD5 checksum](https://codeberg.org/forgejo/forgejo/commit/b73d1ac1eb7d5c985749dc721bbea7ebd14f9c83).
-  * [Do not triggers Webhooks and actions on closed PR](https://codeberg.org/forgejo/forgejo/commit/a04535e212b04c0f6643a4f36904a3d1bf30c63f).
+The Forgejo admin should carefully read the required manual actions before upgrading. A point release (e.g. v1.19.1 or v1.19.2) does not require manual actions but others might (e.g. v1.18.0, v1.19.0).

 ## 1.19.0-2

@ -606,13 +16,13 @@ $ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/fo
 * Breaking changes
  * [Scoped access tokens](https://codeberg.org/forgejo/forgejo/commit/de484e86bc)

-    Forgejo access token, used with the [API](https://forgejo.org/docs/v1.19/admin/api-usage/) can now have a "scope" that limits what it can access. Existing tokens stored in the database and created before Forgejo v1.19 had unlimited access. For backward compatibility, their access will remain the same and they will continue to work as before. However, **newly created token that do not specify a scope will now only have read-only access to public user profile and public repositories**.
+    Forgejo access token, used with the [API](https://forgejo.org/docs/v1.19/admin/api-usage/) can now have a "scope" that limits what it can access. Existing tokens stored in the database and created before Forgejo v1.19 had unlimited access.  For backward compatibility, their access will remain the same and they will continue to work as before. However, **newly created token that do not specify a scope will now only have read-only access to public user profile and public repositories**.

    For instance, the `/users/{username}/tokens` API endpoint will require the `scopes: ['all', 'sudo']` parameter and the `forgejo admin user generate-access-token` will require the `--scopes all,sudo` argument obtain tokens with ulimited access as before for admin users.

    [Read more about the scoped tokens](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens).

-  * [Disable all units except code and pulls on forks](https://codeberg.org/forgejo/forgejo/commit/2741546be)
+  * [Disable all units except code and pulls on forks](https://codeberg.org/forgejo/forgejo/commit/2741546be) 

    When forking a repository, the fork will now have issues, projects, releases, packages and wiki disabled. These can be enabled in the repository settings afterwards. To change back to the previous default behavior, configure `DEFAULT_FORK_REPO_UNITS` to be the same value as `DEFAULT_REPO_UNITS`.

@ -630,161 +40,159 @@ $ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/fo
    The algorithm for validating user names was modified and some users may have invalid names. The command `forgejo doctor --run check-user-names` will list all of them so they can be renamed.

    If a Forgejo instance has users or organizations named `forgejo-actions` and `gitea-actions`, they will also need to be renamed before the upgrade. They are now reserved names for the experimental internal CI/CD named `Actions`.
-
-  * [Semantic version](https://forgejo.org/docs/latest/user/semver)
-
-    Since v1.18.5, in addition to the Forgejo release number, a [semantic version](https://semver.org/#semantic-versioning-200) number (e.g. `v3.0.0`) can be obtained from the `number` key of a new `/api/forgejo/v1/version` endpoint.
-
-    Now, it reflects the Gitea version that Forgejo depends on, is no longer prefixed with `v` (e.g. `3.0.0+0-gitea-1.19.0`), and can be obtained from the `version` key of the same endpoint.
 * Features

-  * [Documentation](https://forgejo.org/docs/latest/)
-    The first version of the [Forgejo documentation](https://forgejo.org/docs/latest/) is available and covers the administration of Forgejo, from installation to troubleshooting.
+   * [Documentation](https://forgejo.org/docs/latest/)
+     The first version of the [Forgejo documentation](https://forgejo.org/docs/latest/) is available and covers the administration of Forgejo, from installation to troubleshooting.

-    [Read more about semantic versions](https://forgejo.codeberg.page/docs/v1.19/user/semver)
+   * [Semantic version](https://forgejo.org/docs/latest/user/semver)
+     In addition to the Forgejo release number, a [semantic version](https://semver.org/#semantic-versioning-200) number can be obtained from the
+     `/api/forgejo/v1/version` and now reflects the Gitea version that Forgejo depends on (e.g. `3.0.0+0-gitea-1.19.0`).

-  * [Webhook authorization header](https://codeberg.org/forgejo/forgejo/commit/b6e81357bd6fb80f8ba94c513f89a210beb05313)
-    Forgejo webhooks can be configured to send an [authorization header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) to the target.
+     [Read more about semantic versions](https://forgejo.codeberg.page/docs/v1.19/user/semver)

-    [Read more about the webhook authorization header](https://forgejo.codeberg.page/docs/v1.19/user/webhooks/#authorization-header)
+   * [Webhook authorization header](https://codeberg.org/forgejo/forgejo/commit/b6e81357bd6fb80f8ba94c513f89a210beb05313)
+     Forgejo webhooks can be configured to send an [authorization header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) to the target.

-  * [Incoming emails](https://codeberg.org/forgejo/forgejo/commit/fc037b4b825f0501a1489e10d7c822435d825cb7)
-    You can now set up Forgejo to receive incoming email. When enabled, it is now possible to reply to an email notification from Forgejo and:
-    * Add a comment to an issue or a pull request
-    * Unsubscribe to the notifications
+     [Read more about the webhook authorization header](https://forgejo.codeberg.page/docs/v1.19/user/webhooks/#authorization-header)

-    [Read more about incoming emails](https://forgejo.org/docs/v1.19/admin/incoming-email/)
+   * [Incoming emails](https://codeberg.org/forgejo/forgejo/commit/fc037b4b825f0501a1489e10d7c822435d825cb7)
+     You can now set up Forgejo to receive incoming email. When enabled, it is now possible to reply to an email notification from Forgejo and:
+     * Add a comment to an issue or a pull request
+     * Unsubscribe to the notifications

-  * Packages registries
-    * Support for [Cargo](https://forgejo.org/docs/v1.19/admin/packages/cargo/), [Conda](https://forgejo.org/docs/v1.19/admin/packages/conda/) and [Chef](https://forgejo.org/docs/v1.19/admin/packages/chef/)
-    * [Cleanup rules](https://codeberg.org/forgejo/forgejo/commit/32db62515)
-    * [Quota limits](https://codeberg.org/forgejo/forgejo/commit/20674dd05)
+     [Read more about incoming emails](https://forgejo.org/docs/v1.19/admin/incoming-email/)

-  * [Option to prohibit fork if user reached maximum limit of repositories](https://codeberg.org/forgejo/forgejo/commit/7cc7db73b)
-    It is possible for a user to create as many fork as they want, even when a quota on the number of repositories is imposed. The new `ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT` setting can now be set to `false` so forks are prohibited if that means exceeding the quota.
+   * Packages registries
+     * Support for [Cargo](https://forgejo.org/docs/v1.19/admin/packages/cargo/), [Conda](https://forgejo.org/docs/v1.19/admin/packages/conda/) and [Chef](https://forgejo.org/docs/v1.19/admin/packages/chef/)
+     * [Cleanup rules](https://codeberg.org/forgejo/forgejo/commit/32db62515)
+     * [Quota limits](https://codeberg.org/forgejo/forgejo/commit/20674dd05)

-    [Read more about repository configurations](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#repository-repository)
+   * [Option to prohibit fork if user reached maximum limit of repositories](https://codeberg.org/forgejo/forgejo/commit/7cc7db73b)
+     It is possible for a user to create as many fork as they want, even when a quota on the number of repositories is imposed. The new `ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT` setting can now be set to `false` so forks are prohibited if that means exceeding the quota.

-  * [Scoped labels](https://codeberg.org/forgejo/forgejo/commit/6221a6fd5)
-    Labels that contain a forward slash (**/**) separator are displayed with a slightly different color before and after the separator, as a visual aid. The first part of the label defines its "scope".
+     [Read more about repository configurations](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#repository-repository)

-    [Read more about scoped labels](https://forgejo.org/docs/v1.19/user/labels/).
+   * [Scoped labels](https://codeberg.org/forgejo/forgejo/commit/6221a6fd5)
+     Labels that contain a forward slash (**/**) separator are displayed with a slightly different color before and after the separator, as a visual aid. The first part of the label defines its "scope".

-  * [Support org/user level projects](https://codeberg.org/forgejo/forgejo/commit/6fe3c8b39)
-    It is now possible to create projects (kanban boards) for an organization or a user, in the same way it was possible for an individual repository.
+     [Read more about scoped labels](https://forgejo.org/docs/v1.19/user/labels/).

-  * [Map OIDC groups to Orgs/Teams](https://codeberg.org/forgejo/forgejo/commit/e8186f1c0)
-    When a user logs in Forgejo using an provider such as [Keycloak](https://www.keycloak.org/), they can now automatically be part of a Forgejo team, depending on the OIDC group they belong to. For instance:
+   * [Support org/user level projects](https://codeberg.org/forgejo/forgejo/commit/6fe3c8b39)
+     It is now possible to create projects (kanban boards) for an organization or a user, in the same way it was possible for an individual repository.

-    ```json
-    {"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}}
-    ```
+   * [Map OIDC groups to Orgs/Teams](https://codeberg.org/forgejo/forgejo/commit/e8186f1c0)
+     When a user logs in Forgejo using an provider such as [Keycloak](https://www.keycloak.org/), they can now automatically be part of a Forgejo team, depending on the OIDC group they belong to. For instance:

-    Means that the user who is in the OIDC group `Developer` will automatically be a member of the `MyForgejoTeam1` and `MyForgejoTeam2` teams in the `MyForgejoOrganization` organization.
-    This mapping is set when adding a new `Authentication Source` in the `Site Administration` panel.
+     ```json
+     {"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}}
+     ```

-    <img src="./releases/images/forgejo-v1.19-oidc-part1.png" alt="OIDC Group mapping part1" width="500" />
+     Means that the user who is in the OIDC group `Developer` will automatically be a member of the `MyForgejoTeam1` and `MyForgejoTeam2` teams in the `MyForgejoOrganization` organization.
+     This mapping is set when adding a new `Authentication Source` in the `Site Administration` panel.

-    ...
+     <img src="./releases/images/forgejo-v1.19-oidc-part1.png" alt="OIDC Group mapping part1" width="500" />

-    <img src="./releases/images/forgejo-v1.19-oidc-part2.png" alt="OIDC Group mapping part2" width="500" />
+     ...

-    [Read more about OIDC groups mapping](https://forgejo.org/docs/v1.19/user/oauth2-provider/#endpoints)
+     <img src="./releases/images/forgejo-v1.19-oidc-part2.png" alt="OIDC Group mapping part2" width="500" />

-  * [RSS feed for releases and tags](https://codeberg.org/forgejo/forgejo/commit/48d71b7d6)
+     [Read more about OIDC groups mapping](https://forgejo.org/docs/v1.19/admin/oauth2-provider/#endpoints)

-    A RSS feed is now available for releases at `/{owner}/{repo}/releases.rss` and tags at `/{owner}/{repo}/tags.rss`.
+   * [RSS feed for releases and tags](https://codeberg.org/forgejo/forgejo/commit/48d71b7d6)

-  * [Supports wildcard protected branch](https://codeberg.org/forgejo/forgejo/commit/2782c1439)
+     A RSS feed is now available for releases at `/{owner}/{repo}/releases.rss` and tags at `/{owner}/{repo}/tags.rss`.

-    Instead of selecting a branch to be protected, the name of the branch must be specified and can be a pattern such as `precious*`.
+   * [Supports wildcard protected branch](https://codeberg.org/forgejo/forgejo/commit/2782c1439)

-    [Read more about branch protection](https://forgejo.org/docs/v1.19/user/protection/#protected-branches).
+     Instead of selecting a branch to be protected, the name of the branch must be specified and can be a pattern such as `precious*`.

-  * [Garbage collect LFS](https://codeberg.org/forgejo/forgejo/commit/651fe4bb7)
-    Add a doctor command for full garbage collection of LFS: `forgejo doctor --run gc-lfs`.
+     [Read more about branch protection](https://forgejo.org/docs/v1.19/user/protection/#protected-branches).

-  * Additions to the API
+   * [Garbage collect LFS](https://codeberg.org/forgejo/forgejo/commit/651fe4bb7)
+     Add a doctor command for full garbage collection of LFS: `forgejo doctor --run gc-lfs`.

-    * [Management for issue/pull and comment attachments](https://codeberg.org/forgejo/forgejo/commit/3c59d31bc)
-    * [Get latest release](https://codeberg.org/forgejo/forgejo/commit/4d072a4c4)
-    * [System hook](https://codeberg.org/forgejo/forgejo/commit/c0015979a)
+   * Additions to the API

-  * [Option to disable releases on a repository](https://codeberg.org/forgejo/forgejo/commit/faa96553d)
+     * [Management for issue/pull and comment attachments](https://codeberg.org/forgejo/forgejo/commit/3c59d31bc)
+     * [Get latest release](https://codeberg.org/forgejo/forgejo/commit/4d072a4c4)
+     * [System hook](https://codeberg.org/forgejo/forgejo/commit/c0015979a)

-    It is now possible to disable releases on a repository, in the same way it is possible to disable issues or packages.
+   * [Option to disable releases on a repository](https://codeberg.org/forgejo/forgejo/commit/faa96553d)

-  * [Git reflog support](https://codeberg.org/forgejo/forgejo/commit/757b4c17e)
-    The [git reflog](https://git-scm.com/docs/git-reflog) are now active by default on all repositories and
-    kept around for 90 days. It allows the Forgejo admin to recover the previous tip of a branch after an
-    accidental force push.
+     It is now possible to disable releases on a repository, in the same way it is possible to disable issues or packages.

-    [Read more about reflog](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#git---reflog-settings-gitreflog)
+   * [Git reflog support](https://codeberg.org/forgejo/forgejo/commit/757b4c17e)
+     The [git reflog](https://git-scm.com/docs/git-reflog) are now active by default on all repositories and
+     kept around for 90 days. It allows the Forgejo admin to recover the previous tip of a branch after an
+     accidental force push.

-  * [Actions](https://codeberg.org/forgejo/forgejo/commit/4011821c946e8db032be86266dd9364ccb204118): an experimental CI/CD
+     [Read more about reflog](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#git---reflog-settings-gitreflog)

-    It appears for the first time in this Forgejo release but is not yet fit for production. It is not fully implemented and may be insecure. However, as long as it is not enabled, it presents no risk to existing Forgejo instances.
+   * [Actions](https://codeberg.org/forgejo/forgejo/commit/4011821c946e8db032be86266dd9364ccb204118): an experimental CI/CD

-    If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continous Deployment). The syntax is similar to GitHub Actions and the jobs can be controled from the Forgejo web interface.
+     It appears for the first time in this Forgejo release but is not yet fit for production. It is not fully implemented and may be insecure. However, as long as it is not enabled, it presents no risk to existing Forgejo instances.

-    [Read more about Forgejo Actions](https://forgejo.codeberg.page/2023-02-27-forgejo-actions/)
+     If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continous Deployment). The syntax is similar to GitHub Actions and the jobs can be controled from the Forgejo web interface.

-    <img src="./releases/images/forgejo-v1.19.0-0-rc0.png" alt="Actions" width="600" />
+     [Read more about Forgejo Actions](https://forgejo.codeberg.page/2023-02-27-forgejo-actions/)
+
+     <img src="./releases/images/forgejo-v1.19.0-0-rc0.png" alt="Actions" width="600" />

 * User Interface improvements

-  * [Review box on small screens](https://codeberg.org/forgejo/forgejo/commit/1fcf96ad0)
-    The rendering of the review box is improved on small screens.
+   * [Review box on small screens](https://codeberg.org/forgejo/forgejo/commit/1fcf96ad0)
+     The rendering of the review box is improved on small screens.

-  * [Video element enabled in markdown](https://codeberg.org/forgejo/forgejo/commit/f8a40dafb)
-    The `<video>` HTML tag can now be used in MarkDown, with the `src`, `autoplay`, and `controls` attributes.
+   * [Video element enabled in markdown](https://codeberg.org/forgejo/forgejo/commit/f8a40dafb)
+     The `<video>` HTML tag can now be used in MarkDown, with the `src`, `autoplay`, and `controls` attributes.

-  * [Copy citation file content in APA and BibTex format](https://codeberg.org/forgejo/forgejo/commit/9f8e77891)
-    If a [BibTeX](https://fr.wikipedia.org/wiki/BibTeX) file named `CITATION.bib` is at the root of the repository, it can be conveniently copied and converted in APA by following the `Cite this repository` link.
+   * [Copy citation file content in APA and BibTex format](https://codeberg.org/forgejo/forgejo/commit/9f8e77891)
+     If a [BibTeX](https://fr.wikipedia.org/wiki/BibTeX) file named `CITATION.bib` is at the root of the repository, it can be conveniently copied and converted in APA by following the `Cite this repository` link.

-    <img src="./releases/images/forgejo-v1.19-citation-link.png" alt="Citation link" width="500" />
+     <img src="./releases/images/forgejo-v1.19-citation-link.png" alt="Citation link" width="500" />

-    It will open a dialog box with the available formats and a preview of the content.
+     It will open a dialog box with the available formats and a preview of the content.

-    <img src="./releases/images/forgejo-v1.19-citation-dialog.png" alt="Citation dialog" width="500" />
+     <img src="./releases/images/forgejo-v1.19-citation-dialog.png" alt="Citation dialog" width="500" />

-    The CFF format is also supported when a `CITATION.cff` file used instead.
+     The CFF format is also supported when a `CITATION.cff` file used instead.

-  * [Display asciicast](https://codeberg.org/forgejo/forgejo/commit/d9f748a70)
+   * [Display asciicast](https://codeberg.org/forgejo/forgejo/commit/d9f748a70)

-    Files with the `.cast` extension are displayed in the Forgejo web interface as [asciicast v2](https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md) using [asciinema-player](https://github.com/asciinema/asciinema-player).
+     Files with the `.cast` extension are displayed in the Forgejo web interface as [asciicast v2](https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md) using [asciinema-player](https://github.com/asciinema/asciinema-player).

-  * [Attention blocks Note and Warning](https://codeberg.org/forgejo/forgejo/commit/cb8328853)
+   * [Attention blocks Note and Warning](https://codeberg.org/forgejo/forgejo/commit/cb8328853)

-    For each quote block, the first `**Note**` or `**Warning**` gets an icon prepended to it and its text is colored accordingly.
+     For each quote block, the first `**Note**` or `**Warning**` gets an icon prepended to it and its text is colored accordingly.

-    <img src="./releases/images/forgejo-v1.19-note-warning.png" alt="Attention block" width="400" />
+     <img src="./releases/images/forgejo-v1.19-note-warning.png" alt="Attention block" width="400" />

-  * [Support for commit cross references](https://codeberg.org/forgejo/forgejo/commit/d0d257b24)
+   * [Support for commit cross references](https://codeberg.org/forgejo/forgejo/commit/d0d257b24)

-    A commit hash can now be prefixed by the repository to be referenced from a comment in another repository: `owner/repo@commit`.
+     A commit hash can now be prefixed by the repository to be referenced from a comment in another repository: `owner/repo@commit`.

-  * [Preview images for Issue cards in Project Board view](https://codeberg.org/forgejo/forgejo/commit/fb1a2a13f)
+   * [Preview images for Issue cards in Project Board view](https://codeberg.org/forgejo/forgejo/commit/fb1a2a13f)

-    If the card preview in the project is set to **Images and Text**, it displays images found in the corresponding issue. The most recent is displayed first, up to five images.
+     If the card preview in the project is set to **Images and Text**, it displays images found in the corresponding issue. The most recent is displayed first, up to five images.

-    [Read more about card preview images](https://forgejo.org/docs/v1.19/user/project/#card-previews-images).
+     [Read more about card preview images](https://forgejo.org/docs/v1.19/user/project/#card-previews-images).

-  * [Add "Copy" button to file view of raw text](https://codeberg.org/forgejo/forgejo/commit/e3a7f1579)
+   * [Add "Copy" button to file view of raw text](https://codeberg.org/forgejo/forgejo/commit/e3a7f1579)

-    If a raw text file is displayed, a copy button of the text is enabled.
+     If a raw text file is displayed, a copy button of the text is enabled.

-    **Before**
+     **Before**

-    <img src="./releases/images/forgejo-v1.19-raw-copy-before.png" alt="Raw copy before" width="500" />
+     <img src="./releases/images/forgejo-v1.19-raw-copy-before.png" alt="Raw copy before" width="500" />

-    **After**
+     **After**

-    <img src="./releases/images/forgejo-v1.19-raw-copy-after.png" alt="Raw copy after" width="500" />
+     <img src="./releases/images/forgejo-v1.19-raw-copy-after.png" alt="Raw copy after" width="500" />

-  * [Setting to allow edits on PRs by maintainers](https://codeberg.org/forgejo/forgejo/commit/49919c636)
+   * [Setting to allow edits on PRs by maintainers](https://codeberg.org/forgejo/forgejo/commit/49919c636)

-    Add setting to allow edits by maintainers by default, to avoid having to often ask contributors to enable this.
+     Add setting to allow edits by maintainers by default, to avoid having to often ask contributors to enable this.

 * Container images upgraded to Alpine 3.17

--- a/assets/emoji.json
+++ b/assets/emoji.json
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build/backport-locales.go
+++ b/build/backport-locales.go
@ -1,115 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//go:build ignore
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-
-	"code.gitea.io/gitea/modules/container"
-	"code.gitea.io/gitea/modules/setting"
-)
-
-func main() {
-	if len(os.Args) != 2 {
-		println("usage: backport-locales <to-ref>")
-		println("eg: backport-locales release/v1.19")
-		os.Exit(1)
-	}
-
-	mustNoErr := func(err error) {
-		if err != nil {
-			panic(err)
-		}
-	}
-	collectInis := func(ref string) map[string]setting.ConfigProvider {
-		inis := map[string]setting.ConfigProvider{}
-		err := filepath.WalkDir("options/locale", func(path string, d os.DirEntry, err error) error {
-			if err != nil {
-				return err
-			}
-			if d.IsDir() || !strings.HasSuffix(d.Name(), ".ini") {
-				return nil
-			}
-			cfg, err := setting.NewConfigProviderForLocale(path)
-			mustNoErr(err)
-			inis[path] = cfg
-			fmt.Printf("collecting: %s @ %s\n", path, ref)
-			return nil
-		})
-		mustNoErr(err)
-		return inis
-	}
-
-	// collect new locales from current working directory
-	inisNew := collectInis("HEAD")
-
-	// switch to the target ref, and collect the old locales
-	cmd := exec.Command("git", "checkout", os.Args[1])
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	mustNoErr(cmd.Run())
-	inisOld := collectInis(os.Args[1])
-
-	// use old en-US as the base, and copy the new translations to the old locales
-	enUsOld := inisOld["options/locale/locale_en-US.ini"]
-	brokenWarned := make(container.Set[string])
-	for path, iniOld := range inisOld {
-		if iniOld == enUsOld {
-			continue
-		}
-		iniNew := inisNew[path]
-		if iniNew == nil {
-			continue
-		}
-		for _, secEnUS := range enUsOld.Sections() {
-			secOld := iniOld.Section(secEnUS.Name())
-			secNew := iniNew.Section(secEnUS.Name())
-			for _, keyEnUs := range secEnUS.Keys() {
-				if secNew.HasKey(keyEnUs.Name()) {
-					oldStr := secOld.Key(keyEnUs.Name()).String()
-					newStr := secNew.Key(keyEnUs.Name()).String()
-					broken := oldStr != "" && strings.Count(oldStr, "%") != strings.Count(newStr, "%")
-					broken = broken || strings.Contains(oldStr, "\n") || strings.Contains(oldStr, "\n")
-					if broken {
-						brokenWarned.Add(secOld.Name() + "." + keyEnUs.Name())
-						fmt.Println("----")
-						fmt.Printf("WARNING: skip broken locale: %s , [%s] %s\n", path, secEnUS.Name(), keyEnUs.Name())
-						fmt.Printf("\told: %s\n", strings.ReplaceAll(oldStr, "\n", "\\n"))
-						fmt.Printf("\tnew: %s\n", strings.ReplaceAll(newStr, "\n", "\\n"))
-						continue
-					}
-					secOld.Key(keyEnUs.Name()).SetValue(newStr)
-				}
-			}
-		}
-		mustNoErr(iniOld.SaveTo(path))
-	}
-
-	fmt.Println("========")
-
-	for path, iniNew := range inisNew {
-		for _, sec := range iniNew.Sections() {
-			for _, key := range sec.Keys() {
-				str := sec.Key(key.Name()).String()
-				broken := strings.Contains(str, "\n")
-				broken = broken || strings.HasPrefix(str, "`") != strings.HasSuffix(str, "`")
-				broken = broken || strings.HasPrefix(str, "\"`")
-				broken = broken || strings.HasPrefix(str, "`\"")
-				broken = broken || strings.Count(str, `"`)%2 == 1
-				broken = broken || strings.Count(str, "`")%2 == 1
-				if broken && !brokenWarned.Contains(sec.Name()+"."+key.Name()) {
-					fmt.Printf("WARNING: found broken locale: %s , [%s] %s\n", path, sec.Name(), key.Name())
-					fmt.Printf("\tstr: %s\n", strings.ReplaceAll(str, "\n", "\\n"))
-					fmt.Println("----")
-				}
-			}
-		}
-	}
-}
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@ -25,7 +25,7 @@ import (

 var optionLogVerbose bool

-func logVerbose(msg string, args ...any) {
+func logVerbose(msg string, args ...interface{}) {
 	if optionLogVerbose {
 		log.Printf(msg, args...)
 	}
@ -65,6 +65,7 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 			"modules",
 			"routers",
 			"services",
+			"tools",
 		}
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))

--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@ -25,7 +25,7 @@ import (

 const (
 	gemojiURL         = "https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json"
-	maxUnicodeVersion = 15
+	maxUnicodeVersion = 14
 )

 var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
@ -60,13 +60,13 @@ func main() {
 	// generate data
 	buf, err := generate()
 	if err != nil {
-		log.Fatalf("generate err: %v", err)
+		log.Fatal(err)
 	}

 	// write
 	err = os.WriteFile(*flagOut, buf, 0o644)
 	if err != nil {
-		log.Fatalf("WriteFile err: %v", err)
+		log.Fatal(err)
 	}
 }

--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@ -7,16 +7,13 @@ package main

 import (
 	"encoding/json"
-	"fmt"
 	"io/fs"
 	"os"
-	"path"
+	goPath "path"
 	"path/filepath"
 	"regexp"
 	"sort"
 	"strings"
-
-	"code.gitea.io/gitea/modules/container"
 )

 // regexp is based on go-license, excluding README and NOTICE
@ -30,41 +27,14 @@ type LicenseEntry struct {
 }

 func main() {
-	if len(os.Args) != 3 {
-		fmt.Println("usage: go run generate-go-licenses.go <base-dir> <out-json-file>")
-		os.Exit(1)
-	}
-
 	base, out := os.Args[1], os.Args[2]

-	// Add ext for excluded files because license_test.go will be included for some reason.
-	// And there are more files that should be excluded, check with:
-	//
-	// go run github.com/google/go-licenses@v1.6.0 save . --force --save_path=.go-licenses 2>/dev/null
-	// find .go-licenses -type f | while read FILE; do echo "${$(basename $FILE)##*.}"; done | sort -u
-	//    AUTHORS
-	//    COPYING
-	//    LICENSE
-	//    Makefile
-	//    NOTICE
-	//    gitignore
-	//    go
-	//    md
-	//    mod
-	//    sum
-	//    toml
-	//    txt
-	//    yml
-	//
-	// It could be removed once we have a better regex.
-	excludedExt := container.SetOf(".gitignore", ".go", ".mod", ".sum", ".toml", ".yml")
-
-	var paths []string
+	paths := []string{}
 	err := filepath.WalkDir(base, func(path string, entry fs.DirEntry, err error) error {
 		if err != nil {
 			return err
 		}
-		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) || excludedExt.Contains(filepath.Ext(entry.Name())) {
+		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) {
 			return nil
 		}
 		paths = append(paths, path)
@ -76,27 +46,28 @@ func main() {

 	sort.Strings(paths)

-	var entries []LicenseEntry
-	for _, filePath := range paths {
-		licenseText, err := os.ReadFile(filePath)
+	entries := []LicenseEntry{}
+	for _, path := range paths {
+		path := filepath.ToSlash(path)
+
+		licenseText, err := os.ReadFile(path)
 		if err != nil {
 			panic(err)
 		}

-		pkgPath := filepath.ToSlash(filePath)
-		pkgPath = strings.TrimPrefix(pkgPath, base+"/")
-		pkgName := path.Dir(pkgPath)
+		path = strings.Replace(path, base+"/", "", 1)
+		name := goPath.Dir(path)

 		// There might be a bug somewhere in go-licenses that sometimes interprets the
 		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by
 		// removing both of them for the sake of stable output.
-		if pkgName == "." || pkgName == "code.gitea.io/gitea" {
+		if name == "." || name == "code.gitea.io/gitea" {
 			continue
 		}

 		entries = append(entries, LicenseEntry{
-			Name:        pkgName,
-			Path:        pkgPath,
+			Name:        name,
+			Path:        path,
 			LicenseText: string(licenseText),
 		})
 	}
@ -106,11 +77,6 @@ func main() {
 		panic(err)
 	}

-	// Ensure file has a final newline
-	if jsonBytes[len(jsonBytes)-1] != '\n' {
-		jsonBytes = append(jsonBytes, '\n')
-	}
-
 	err = os.WriteFile(out, jsonBytes, 0o644)
 	if err != nil {
 		panic(err)
--- a/build/generate-images.js
+++ b/build/generate-images.js
@ -69,13 +69,13 @@ async function main() {
  const faviconSvg = await readFile(new URL('../assets/favicon.svg', import.meta.url), 'utf8');

  await Promise.all([
-    generate(logoSvg, '../public/assets/img/logo.svg', {size: 32}),
-    generate(logoSvg, '../public/assets/img/logo.png', {size: 512}),
-    generate(faviconSvg, '../public/assets/img/favicon.svg', {size: 32}),
-    generate(faviconSvg, '../public/assets/img/favicon.png', {size: 180}),
-    generate(logoSvg, '../public/assets/img/avatar_default.png', {size: 200}),
-    generate(logoSvg, '../public/assets/img/apple-touch-icon.png', {size: 180, bg: true}),
-    gitea && generate(logoSvg, '../public/assets/img/gitea.svg', {size: 32}),
+    generate(logoSvg, '../public/img/logo.svg', {size: 32}),
+    generate(logoSvg, '../public/img/logo.png', {size: 512}),
+    generate(faviconSvg, '../public/img/favicon.svg', {size: 32}),
+    generate(faviconSvg, '../public/img/favicon.png', {size: 180}),
+    generate(logoSvg, '../public/img/avatar_default.png', {size: 200}),
+    generate(logoSvg, '../public/img/apple-touch-icon.png', {size: 180, bg: true}),
+    gitea && generate(logoSvg, '../public/img/gitea.svg', {size: 32}),
  ]);
 }

--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@ -25,26 +25,18 @@ async function processFile(file, {prefix, fullName} = {}) {
    if (prefix === 'octicon') name = name.replace(/-[0-9]+$/, ''); // chop of '-16' on octicons
  }

-  // Set the `xmlns` attribute so that the files are displayable in standalone documents
-  // The svg backend module will strip the attribute during startup for inline display
  const {data} = optimize(await readFile(file, 'utf8'), {
    plugins: [
      {name: 'preset-default'},
+      {name: 'removeXMLNS'},
      {name: 'removeDimensions'},
      {name: 'prefixIds', params: {prefix: () => name}},
      {name: 'addClassesToSVGElement', params: {classNames: ['svg', name]}},
-      {
-        name: 'addAttributesToSVGElement', params: {
-          attributes: [
-            {'xmlns': 'http://www.w3.org/2000/svg'},
-            {'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'},
-          ]
-        }
-      },
+      {name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
    ],
  });

-  await writeFile(fileURLToPath(new URL(`../public/assets/img/svg/${name}.svg`, import.meta.url)), data);
+  await writeFile(fileURLToPath(new URL(`../public/img/svg/${name}.svg`, import.meta.url)), data);
 }

 function processFiles(pattern, opts) {
@ -53,13 +45,13 @@ function processFiles(pattern, opts) {

 async function main() {
  try {
-    await mkdir(fileURLToPath(new URL('../public/assets/img/svg', import.meta.url)), {recursive: true});
+    await mkdir(fileURLToPath(new URL('../public/img/svg', import.meta.url)), {recursive: true});
  } catch {}

  await Promise.all([
    ...processFiles('node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
    ...processFiles('web_src/svg/*.svg'),
-    ...processFiles('public/assets/img/gitea.svg', {fullName: 'gitea-gitea'}),
+    ...processFiles('public/img/gitea.svg', {fullName: 'gitea-gitea'}),
  ]);
 }

--- a/build/merge-forgejo-locales.go
+++ b/build/merge-forgejo-locales.go
@ -8,7 +8,6 @@ package main

 import (
 	"bufio"
-	"log"
 	"os"
 	"regexp"
 	"strings"
@ -40,28 +39,17 @@ func renameGiteaForgejo(filename string) []byte {
 		panic(err)
 	}

-	replacements := []string{
+	replacer := strings.NewReplacer(
 		"Gitea", "Forgejo",
-		"https://docs.gitea.com/installation/install-from-binary", "https://forgejo.org/download/#installation-from-binary",
+		"https://docs.gitea.io/en-us/install-from-binary/", "https://forgejo.org/download/#installation-from-binary",
 		"https://github.com/go-gitea/gitea/tree/master/docker", "https://forgejo.org/download/#container-image",
-		"https://docs.gitea.com/installation/install-from-package", "https://forgejo.org/download",
+		"https://docs.gitea.io/en-us/install-from-package/", "https://forgejo.org/download",
 		"https://code.gitea.io/gitea", "https://forgejo.org/download",
 		"code.gitea.io/gitea", "Forgejo",
 		`<a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a>`, `<a href="https://codeberg.org/forgejo/forgejo/issues" target="_blank">Codeberg</a>`,
 		"https://github.com/go-gitea/gitea", "https://codeberg.org/forgejo/forgejo",
 		"https://blog.gitea.io", "https://forgejo.org/news",
-		"https://docs.gitea.com/usage/protected-tags", "https://forgejo.org/docs/latest/user/protection/#protected-tags",
-		"https://docs.gitea.com/usage/webhooks", "https://forgejo.org/docs/latest/user/webhooks/",
-	}
-	replacer := strings.NewReplacer(replacements...)
-	replaced := make(map[string]bool, len(replacements)/2)
-	count_replaced := func(original string) {
-		for i := 0; i < len(replacements); i += 2 {
-			if strings.Contains(original, replacements[i]) {
-				replaced[replacements[i]] = true
-			}
-		}
-	}
+	)

 	out := make([]byte, 0, 1024)
 	scanner := bufio.NewScanner(file)
@ -82,18 +70,10 @@ func renameGiteaForgejo(filename string) []byte {
 			re := regexp.MustCompile(`(.*Gitea)`)
 			out = append(out, []byte(re.ReplaceAllString(line, "${1}/Forgejo")+"\n")...)
 		} else {
-			count_replaced(line)
 			out = append(out, []byte(replacer.Replace(line)+"\n")...)
 		}
 	}
 	file.Close()
-	if strings.HasSuffix(filename, "gitea_en-US.ini") {
-		for i := 0; i < len(replacements); i += 2 {
-			if replaced[replacements[i]] == false {
-				log.Fatalf("%s was never used to replace something in %s, it is obsolete and must be updated", replacements[i], filename)
-			}
-		}
-	}
 	return out
 }

--- a/build/test-echo.go
+++ b/build/test-echo.go
@ -1,20 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//go:build ignore
-
-package main
-
-import (
-	"fmt"
-	"io"
-	"os"
-)
-
-func main() {
-	_, err := io.Copy(os.Stdout, os.Stdin)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Error: %v", err)
-		os.Exit(1)
-	}
-}
--- a/build/update-locales.sh
+++ b/build/update-locales.sh
@ -1,43 +1,14 @@
 #!/bin/sh

-# this script runs in alpine image which only has `sh` shell
-
-set +e
-if sed --version 2>/dev/null | grep -q GNU; then
-  SED_INPLACE="sed -i"
-else
-  SED_INPLACE="sed -i ''"
-fi
-set -e
-
-if [ ! -f ./options/locale/locale_en-US.ini ]; then
-  echo "please run this script in the root directory of the project"
-  exit 1
-fi
-
 mv ./options/locale/locale_en-US.ini ./options/

-# the "ini" library for locale has many quirks, its behavior is different from Crowdin.
-# see i18n_test.go for more details
-
-# this script helps to unquote the Crowdin outputs for the quirky ini library
-# * find all `key="...\"..."` lines
-# * remove the leading quote
-# * remove the trailing quote
-# * unescape the quotes
-# * eg: key="...\"..." => key=..."...
-$SED_INPLACE -r -e '/^[-.A-Za-z0-9_]+[ ]*=[ ]*".*"$/ {
-	s/^([-.A-Za-z0-9_]+)[ ]*=[ ]*"/\1=/
-	s/"$//
+# Make sure to only change lines that have the translation enclosed between quotes
+sed -i -r -e '/^[a-zA-Z0-9_.-]+[ ]*=[ ]*".*"$/ {
+	s/^([a-zA-Z0-9_.-]+)[ ]*="/\1=/
 	s/\\"/"/g
+	s/"$//
 	}' ./options/locale/*.ini

-# * if the escaped line is incomplete like `key="...` or `key=..."`, quote it with backticks
-# * eg: key="... => key=`"...`
-# * eg: key=..." => key=`..."`
-$SED_INPLACE -r -e 's/^([-.A-Za-z0-9_]+)[ ]*=[ ]*(".*[^"])$/\1=`\2`/' ./options/locale/*.ini
-$SED_INPLACE -r -e 's/^([-.A-Za-z0-9_]+)[ ]*=[ ]*([^"].*")$/\1=`\2`/' ./options/locale/*.ini
-
 # Remove translation under 25% of en_us
 baselines=$(wc -l "./options/locale_en-US.ini" | cut -d" " -f1)
 baselines=$((baselines / 4))
--- a/build/watch.sh
+++ b/build/watch.sh
@ -1,8 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-make --no-print-directory watch-frontend &
-make --no-print-directory watch-backend &
-
-trap 'kill $(jobs -p)' EXIT
-wait
--- a/cmd/actions.go
+++ b/cmd/actions.go
@ -1,56 +1,71 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT

 package cmd

 import (
+	"context"
+	"errors"
 	"fmt"
+	"log"

-	"code.gitea.io/gitea/modules/private"
+	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 var (
 	// CmdActions represents the available actions sub-commands.
-	CmdActions = &cli.Command{
+	CmdActions = cli.Command{
 		Name:        "actions",
 		Usage:       "",
-		Description: "Commands for managing Forgejo Actions",
-		Subcommands: []*cli.Command{
+		Description: "Commands for managing Gitea Actions",
+		Subcommands: []cli.Command{
 			subcmdActionsGenRunnerToken,
 		},
 	}

-	subcmdActionsGenRunnerToken = &cli.Command{
+	subcmdActionsGenRunnerToken = cli.Command{
 		Name:    "generate-runner-token",
 		Usage:   "Generate a new token for a runner to use to register with the server",
 		Action:  runGenerateActionsRunnerToken,
 		Aliases: []string{"grt"},
-		Flags: []cli.Flag{
-			&cli.StringFlag{
-				Name:    "scope",
-				Aliases: []string{"s"},
-				Value:   "",
-				Usage:   "{owner}[/{repo}] - leave empty for a global runner",
-			},
-		},
+		Flags:   []cli.Flag{},
 	}
 )

-func runGenerateActionsRunnerToken(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setting.MustInstalled()
-
-	scope := c.String("scope")
-
-	respText, extra := private.GenerateActionsRunnerToken(ctx, scope)
-	if extra.HasError() {
-		return handleCliResponseExtra(extra)
+func maybeInitDB(stdCtx context.Context) error {
+	if setting.Database.Type == "" {
+		if err := initDB(stdCtx); err != nil {
+			return err
+		}
 	}
-	_, _ = fmt.Printf("%s\n", respText)
+	return nil
+}
+
+func runGenerateActionsRunnerToken(ctx *cli.Context) error {
+	stdCtx := context.Background()
+
+	if err := maybeInitDB(stdCtx); err != nil {
+		log.Fatalf("maybeInitDB %v", err)
+	}
+
+	// ownid=0,repo_id=0,means this token is used for global
+	return runActionsRegistrationToken(stdCtx, 0, 0)
+}
+
+func runActionsRegistrationToken(stdCtx context.Context, ownerID, repoID int64) error {
+	var token *actions_model.ActionRunnerToken
+	token, err := actions_model.GetUnactivatedRunnerToken(stdCtx, ownerID, repoID)
+	if errors.Is(err, util.ErrNotExist) {
+		token, err = actions_model.NewRunnerToken(stdCtx, ownerID, repoID)
+		if err != nil {
+			log.Fatalf("CreateRunnerToken %v", err)
+		}
+	} else if err != nil {
+		log.Fatalf("GetUnactivatedRunnerToken %v", err)
+	}
+	fmt.Print(token.Token)
 	return nil
 }
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -5,7 +5,6 @@
 package cmd

 import (
-	"context"
 	"errors"
 	"fmt"
 	"net/url"
@ -27,15 +26,15 @@ import (
 	"code.gitea.io/gitea/services/auth/source/smtp"
 	repo_service "code.gitea.io/gitea/services/repository"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 var (
 	// CmdAdmin represents the available admin sub-command.
-	CmdAdmin = &cli.Command{
+	CmdAdmin = cli.Command{
 		Name:  "admin",
 		Usage: "Command line interface to perform common administrative operations",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			subcmdUser,
 			subcmdRepoSyncReleases,
 			subcmdRegenerate,
@ -44,37 +43,37 @@ var (
 		},
 	}

-	subcmdRepoSyncReleases = &cli.Command{
+	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
 		Action: runRepoSyncReleases,
 	}

-	subcmdRegenerate = &cli.Command{
+	subcmdRegenerate = cli.Command{
 		Name:  "regenerate",
 		Usage: "Regenerate specific files",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			microcmdRegenHooks,
 			microcmdRegenKeys,
 		},
 	}

-	microcmdRegenHooks = &cli.Command{
+	microcmdRegenHooks = cli.Command{
 		Name:   "hooks",
 		Usage:  "Regenerate git-hooks",
 		Action: runRegenerateHooks,
 	}

-	microcmdRegenKeys = &cli.Command{
+	microcmdRegenKeys = cli.Command{
 		Name:   "keys",
 		Usage:  "Regenerate authorized_keys file",
 		Action: runRegenerateKeys,
 	}

-	subcmdAuth = &cli.Command{
+	subcmdAuth = cli.Command{
 		Name:  "auth",
 		Usage: "Modify external auth providers",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			microcmdAuthAddOauth,
 			microcmdAuthUpdateOauth,
 			cmdAuthAddLdapBindDn,
@ -88,44 +87,44 @@ var (
 		},
 	}

-	microcmdAuthList = &cli.Command{
+	microcmdAuthList = cli.Command{
 		Name:   "list",
 		Usage:  "List auth sources",
 		Action: runListAuth,
 		Flags: []cli.Flag{
-			&cli.IntFlag{
+			cli.IntFlag{
 				Name:  "min-width",
 				Usage: "Minimal cell width including any padding for the formatted table",
 				Value: 0,
 			},
-			&cli.IntFlag{
+			cli.IntFlag{
 				Name:  "tab-width",
 				Usage: "width of tab characters in formatted table (equivalent number of spaces)",
 				Value: 8,
 			},
-			&cli.IntFlag{
+			cli.IntFlag{
 				Name:  "padding",
 				Usage: "padding added to a cell before computing its width",
 				Value: 1,
 			},
-			&cli.StringFlag{
+			cli.StringFlag{
 				Name:  "pad-char",
 				Usage: `ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result)`,
 				Value: "\t",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "vertical-bars",
 				Usage: "Set to true to print vertical bars between columns",
 			},
 		},
 	}

-	idFlag = &cli.Int64Flag{
+	idFlag = cli.Int64Flag{
 		Name:  "id",
 		Usage: "ID of authentication source",
 	}

-	microcmdAuthDelete = &cli.Command{
+	microcmdAuthDelete = cli.Command{
 		Name:   "delete",
 		Usage:  "Delete specific auth source",
 		Flags:  []cli.Flag{idFlag},
@ -133,213 +132,207 @@ var (
 	}

 	oauthCLIFlags = []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "name",
 			Value: "",
 			Usage: "Application Name",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "provider",
 			Value: "",
 			Usage: "OAuth2 Provider",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "key",
 			Value: "",
 			Usage: "Client ID (Key)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "secret",
 			Value: "",
 			Usage: "Client Secret",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "auto-discover-url",
 			Value: "",
 			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "use-custom-urls",
 			Value: "false",
 			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-tenant-id",
 			Value: "",
 			Usage: "Use custom Tenant ID for OAuth endpoints",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-auth-url",
 			Value: "",
 			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-token-url",
 			Value: "",
 			Usage: "Use a custom Token URL (option for GitLab/GitHub)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-profile-url",
 			Value: "",
 			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-email-url",
 			Value: "",
 			Usage: "Use a custom Email URL (option for GitHub)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "icon-url",
 			Value: "",
 			Usage: "Custom icon URL for OAuth2 login source",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-local-2fa",
 			Usage: "Set to true to skip local 2fa for users authenticated by this source",
 		},
-		&cli.StringSliceFlag{
+		cli.StringSliceFlag{
 			Name:  "scopes",
 			Value: nil,
 			Usage: "Scopes to request when to authenticate against this OAuth2 source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "required-claim-name",
 			Value: "",
 			Usage: "Claim name that has to be set to allow users to login with this source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "required-claim-value",
 			Value: "",
 			Usage: "Claim value that has to be set to allow users to login with this source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "group-claim-name",
 			Value: "",
 			Usage: "Claim name providing group names for this source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "admin-group",
 			Value: "",
 			Usage: "Group Claim value for administrator users",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "restricted-group",
 			Value: "",
 			Usage: "Group Claim value for restricted users",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "group-team-map",
 			Value: "",
 			Usage: "JSON mapping between groups and org teams",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "group-team-map-removal",
 			Usage: "Activate automatic team membership removal depending on groups",
 		},
 	}

-	microcmdAuthUpdateOauth = &cli.Command{
+	microcmdAuthUpdateOauth = cli.Command{
 		Name:   "update-oauth",
 		Usage:  "Update existing Oauth authentication source",
 		Action: runUpdateOauth,
 		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
 	}

-	microcmdAuthAddOauth = &cli.Command{
+	microcmdAuthAddOauth = cli.Command{
 		Name:   "add-oauth",
 		Usage:  "Add new Oauth authentication source",
 		Action: runAddOauth,
 		Flags:  oauthCLIFlags,
 	}

-	subcmdSendMail = &cli.Command{
+	subcmdSendMail = cli.Command{
 		Name:   "sendmail",
 		Usage:  "Send a message to all users",
 		Action: runSendMail,
 		Flags: []cli.Flag{
-			&cli.StringFlag{
+			cli.StringFlag{
 				Name:  "title",
 				Usage: `a title of a message`,
 				Value: "",
 			},
-			&cli.StringFlag{
+			cli.StringFlag{
 				Name:  "content",
 				Usage: "a content of a message",
 				Value: "",
 			},
-			&cli.BoolFlag{
-				Name:    "force",
-				Aliases: []string{"f"},
-				Usage:   "A flag to bypass a confirmation step",
+			cli.BoolFlag{
+				Name:  "force,f",
+				Usage: "A flag to bypass a confirmation step",
 			},
 		},
 	}

 	smtpCLIFlags = []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "name",
 			Value: "",
 			Usage: "Application Name",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "auth-type",
 			Value: "PLAIN",
 			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "host",
 			Value: "",
 			Usage: "SMTP Host",
 		},
-		&cli.IntFlag{
+		cli.IntFlag{
 			Name:  "port",
 			Usage: "SMTP Port",
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "force-smtps",
 			Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",
-			Value: true,
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "skip-verify",
 			Usage: "Skip TLS verify.",
-			Value: true,
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "helo-hostname",
 			Value: "",
 			Usage: "Hostname sent with HELO. Leave blank to send current hostname",
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "disable-helo",
 			Usage: "Disable SMTP helo.",
-			Value: true,
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "allowed-domains",
 			Value: "",
 			Usage: "Leave empty to allow all domains. Separate multiple domains with a comma (',')",
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "skip-local-2fa",
 			Usage: "Skip 2FA to log on.",
-			Value: true,
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "active",
 			Usage: "This Authentication Source is Activated.",
-			Value: true,
 		},
 	}

-	microcmdAuthAddSMTP = &cli.Command{
+	microcmdAuthAddSMTP = cli.Command{
 		Name:   "add-smtp",
 		Usage:  "Add new SMTP authentication source",
 		Action: runAddSMTP,
 		Flags:  smtpCLIFlags,
 	}

-	microcmdAuthUpdateSMTP = &cli.Command{
+	microcmdAuthUpdateSMTP = cli.Command{
 		Name:   "update-smtp",
 		Usage:  "Update existing SMTP authentication source",
 		Action: runUpdateSMTP,
@ -355,10 +348,6 @@ func runRepoSyncReleases(_ *cli.Context) error {
 		return err
 	}

-	if err := git.InitSimple(ctx); err != nil {
-		return err
-	}
-
 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
 		repos, count, err := repo_model.SearchRepositoryByName(ctx, &repo_model.SearchRepoOptions{
@ -383,19 +372,19 @@ func runRepoSyncReleases(_ *cli.Context) error {
 				continue
 			}

-			oldnum, err := getReleaseCount(ctx, repo.ID)
+			oldnum, err := getReleaseCount(repo.ID)
 			if err != nil {
 				log.Warn(" GetReleaseCountByRepoID: %v", err)
 			}
 			log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)

-			if err = repo_module.SyncReleasesWithTags(ctx, repo, gitRepo); err != nil {
+			if err = repo_module.SyncReleasesWithTags(repo, gitRepo); err != nil {
 				log.Warn(" SyncReleasesWithTags: %v", err)
 				gitRepo.Close()
 				continue
 			}

-			count, err = getReleaseCount(ctx, repo.ID)
+			count, err = getReleaseCount(repo.ID)
 			if err != nil {
 				log.Warn(" GetReleaseCountByRepoID: %v", err)
 				gitRepo.Close()
@ -411,9 +400,9 @@ func runRepoSyncReleases(_ *cli.Context) error {
 	return nil
 }

-func getReleaseCount(ctx context.Context, id int64) (int64, error) {
+func getReleaseCount(id int64) (int64, error) {
 	return repo_model.GetReleaseCountByRepoID(
-		ctx,
+		db.DefaultContext,
 		id,
 		repo_model.FindReleasesOptions{
 			IncludeTags: true,
@ -428,12 +417,6 @@ func runRegenerateHooks(_ *cli.Context) error {
 	if err := initDB(ctx); err != nil {
 		return err
 	}
-
-	// Detection of ProcReceive support relies on Git module being initialized.
-	if err := git.InitFull(ctx); err != nil {
-		return err
-	}
-
 	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
 }

@ -444,7 +427,7 @@ func runRegenerateKeys(_ *cli.Context) error {
 	if err := initDB(ctx); err != nil {
 		return err
 	}
-	return asymkey_model.RewriteAllPublicKeys(ctx)
+	return asymkey_model.RewriteAllPublicKeys()
 }

 func parseOAuth2Config(c *cli.Context) *oauth2.Source {
@ -628,19 +611,19 @@ func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 		conf.AllowedDomains = c.String("allowed-domains")
 	}
 	if c.IsSet("force-smtps") {
-		conf.ForceSMTPS = c.Bool("force-smtps")
+		conf.ForceSMTPS = c.BoolT("force-smtps")
 	}
 	if c.IsSet("skip-verify") {
-		conf.SkipVerify = c.Bool("skip-verify")
+		conf.SkipVerify = c.BoolT("skip-verify")
 	}
 	if c.IsSet("helo-hostname") {
 		conf.HeloHostname = c.String("helo-hostname")
 	}
 	if c.IsSet("disable-helo") {
-		conf.DisableHelo = c.Bool("disable-helo")
+		conf.DisableHelo = c.BoolT("disable-helo")
 	}
 	if c.IsSet("skip-local-2fa") {
-		conf.SkipLocalTwoFA = c.Bool("skip-local-2fa")
+		conf.SkipLocalTwoFA = c.BoolT("skip-local-2fa")
 	}
 	return nil
 }
@ -664,7 +647,7 @@ func runAddSMTP(c *cli.Context) error {
 	}
 	active := true
 	if c.IsSet("active") {
-		active = c.Bool("active")
+		active = c.BoolT("active")
 	}

 	var smtpConfig smtp.Source
@ -713,7 +696,7 @@ func runUpdateSMTP(c *cli.Context) error {
 	}

 	if c.IsSet("active") {
-		source.IsActive = c.Bool("active")
+		source.IsActive = c.BoolT("active")
 	}

 	source.Cfg = smtpConfig
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@ -11,7 +11,7 @@ import (
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/services/auth/source/ldap"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 type (
@ -25,117 +25,117 @@ type (

 var (
 	commonLdapCLIFlags = []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "name",
 			Usage: "Authentication name.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "not-active",
 			Usage: "Deactivate the authentication source.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "active",
 			Usage: "Activate the authentication source.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "security-protocol",
 			Usage: "Security protocol name.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-tls-verify",
 			Usage: "Disable TLS verification.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "host",
 			Usage: "The address where the LDAP server can be reached.",
 		},
-		&cli.IntFlag{
+		cli.IntFlag{
 			Name:  "port",
 			Usage: "The port to use when connecting to the LDAP server.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "user-search-base",
 			Usage: "The LDAP base at which user accounts will be searched for.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "user-filter",
 			Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "admin-filter",
 			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "restricted-filter",
 			Usage: "An LDAP filter specifying if a user should be given restricted status.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "allow-deactivate-all",
 			Usage: "Allow empty search results to deactivate all users.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "username-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user name.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "firstname-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "surname-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "email-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "public-ssh-key-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-local-2fa",
 			Usage: "Set to true to skip local 2fa for users authenticated by this source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "avatar-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
 		},
 	}

 	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "bind-dn",
 			Usage: "The DN to bind to the LDAP server with when searching for the user.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "bind-password",
 			Usage: "The password for the Bind DN, if any.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "attributes-in-bind",
 			Usage: "Fetch attributes in bind DN context.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "synchronize-users",
 			Usage: "Enable user synchronization.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "disable-synchronize-users",
 			Usage: "Disable user synchronization.",
 		},
-		&cli.UintFlag{
+		cli.UintFlag{
 			Name:  "page-size",
 			Usage: "Search page size.",
 		})

 	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "user-dn",
 			Usage: "The user’s DN.",
 		})

-	cmdAuthAddLdapBindDn = &cli.Command{
+	cmdAuthAddLdapBindDn = cli.Command{
 		Name:  "add-ldap",
 		Usage: "Add new LDAP (via Bind DN) authentication source",
 		Action: func(c *cli.Context) error {
@ -144,7 +144,7 @@ var (
 		Flags: ldapBindDnCLIFlags,
 	}

-	cmdAuthUpdateLdapBindDn = &cli.Command{
+	cmdAuthUpdateLdapBindDn = cli.Command{
 		Name:  "update-ldap",
 		Usage: "Update existing LDAP (via Bind DN) authentication source",
 		Action: func(c *cli.Context) error {
@ -153,7 +153,7 @@ var (
 		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
 	}

-	cmdAuthAddLdapSimpleAuth = &cli.Command{
+	cmdAuthAddLdapSimpleAuth = cli.Command{
 		Name:  "add-ldap-simple",
 		Usage: "Add new LDAP (simple auth) authentication source",
 		Action: func(c *cli.Context) error {
@ -162,7 +162,7 @@ var (
 		Flags: ldapSimpleAuthCLIFlags,
 	}

-	cmdAuthUpdateLdapSimpleAuth = &cli.Command{
+	cmdAuthUpdateLdapSimpleAuth = cli.Command{
 		Name:  "update-ldap-simple",
 		Usage: "Update existing LDAP (simple auth) authentication source",
 		Action: func(c *cli.Context) error {
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@ -11,7 +11,7 @@ import (
 	"code.gitea.io/gitea/services/auth/source/ldap"

 	"github.com/stretchr/testify/assert"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 func TestAddLdapBindDn(t *testing.T) {
--- a/cmd/admin_user.go
+++ b/cmd/admin_user.go
@ -4,13 +4,13 @@
 package cmd

 import (
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var subcmdUser = &cli.Command{
+var subcmdUser = cli.Command{
 	Name:  "user",
 	Usage: "Modify users",
-	Subcommands: []*cli.Command{
+	Subcommands: []cli.Command{
 		microcmdUserCreate,
 		microcmdUserList,
 		microcmdUserChangePassword,
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@ -12,25 +12,23 @@ import (
 	pwd "code.gitea.io/gitea/modules/auth/password"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserChangePassword = &cli.Command{
+var microcmdUserChangePassword = cli.Command{
 	Name:   "change-password",
 	Usage:  "Change a user's password",
 	Action: runChangePassword,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "username",
-			Aliases: []string{"u"},
-			Value:   "",
-			Usage:   "The user to change password for",
+		cli.StringFlag{
+			Name:  "username,u",
+			Value: "",
+			Usage: "The user to change password for",
 		},
-		&cli.StringFlag{
-			Name:    "password",
-			Aliases: []string{"p"},
-			Value:   "",
-			Usage:   "New password to set for user",
+		cli.StringFlag{
+			Name:  "password,p",
+			Value: "",
+			Usage: "New password to set for user",
 		},
 	},
 }
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@ -6,6 +6,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"os"

 	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
@ -13,52 +14,52 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserCreate = &cli.Command{
+var microcmdUserCreate = cli.Command{
 	Name:   "create",
 	Usage:  "Create a new user in database",
 	Action: runCreateUser,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "name",
 			Usage: "Username. DEPRECATED: use username instead",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "username",
 			Usage: "Username",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "password",
 			Usage: "User password",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "email",
 			Usage: "User email address",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "admin",
 			Usage: "User is an admin",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "random-password",
 			Usage: "Generate a random password for the user",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "must-change-password",
 			Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
 		},
-		&cli.IntFlag{
+		cli.IntFlag{
 			Name:  "random-password-length",
 			Usage: "Length of the random password to be generated",
 			Value: 12,
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "access-token",
 			Usage: "Generate access token for the user",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "restricted",
 			Usage: "Make a restricted user account",
 		},
@ -86,7 +87,7 @@ func runCreateUser(c *cli.Context) error {
 		username = c.String("username")
 	} else {
 		username = c.String("name")
-		_, _ = fmt.Fprintf(c.App.ErrWriter, "--name flag is deprecated. Use --username instead.\n")
+		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
 	}

 	ctx, cancel := installSignals()
@ -115,7 +116,7 @@ func runCreateUser(c *cli.Context) error {

 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(ctx, nil); n == 0 {
+	if n := user_model.CountUsers(nil); n == 0 {
 		changePassword = false
 	}

@ -146,7 +147,7 @@ func runCreateUser(c *cli.Context) error {
 		IsRestricted: restricted,
 	}

-	if err := user_model.CreateUser(ctx, u, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
 		return fmt.Errorf("CreateUser: %w", err)
 	}

@ -156,7 +157,7 @@ func runCreateUser(c *cli.Context) error {
 			UID:  u.ID,
 		}

-		if err := auth_model.NewAccessToken(ctx, t); err != nil {
+		if err := auth_model.NewAccessToken(t); err != nil {
 			return err
 		}

--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@ -11,28 +11,26 @@ import (
 	"code.gitea.io/gitea/modules/storage"
 	user_service "code.gitea.io/gitea/services/user"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserDelete = &cli.Command{
+var microcmdUserDelete = cli.Command{
 	Name:  "delete",
 	Usage: "Delete specific user by id, name or email",
 	Flags: []cli.Flag{
-		&cli.Int64Flag{
+		cli.Int64Flag{
 			Name:  "id",
 			Usage: "ID of user of the user to delete",
 		},
-		&cli.StringFlag{
-			Name:    "username",
-			Aliases: []string{"u"},
-			Usage:   "Username of the user to delete",
+		cli.StringFlag{
+			Name:  "username,u",
+			Usage: "Username of the user to delete",
 		},
-		&cli.StringFlag{
-			Name:    "email",
-			Aliases: []string{"e"},
-			Usage:   "Email of the user to delete",
+		cli.StringFlag{
+			Name:  "email,e",
+			Usage: "Email of the user to delete",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "purge",
 			Usage: "Purge user, all their repositories, organizations and comments",
 		},
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@ -9,29 +9,27 @@ import (
 	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserGenerateAccessToken = &cli.Command{
+var microcmdUserGenerateAccessToken = cli.Command{
 	Name:  "generate-access-token",
 	Usage: "Generate an access token for a specific user",
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "username",
-			Aliases: []string{"u"},
-			Usage:   "Username",
+		cli.StringFlag{
+			Name:  "username,u",
+			Usage: "Username",
 		},
-		&cli.StringFlag{
-			Name:    "token-name",
-			Aliases: []string{"t"},
-			Usage:   "Token name",
-			Value:   "gitea-admin",
+		cli.StringFlag{
+			Name:  "token-name,t",
+			Usage: "Token name",
+			Value: "gitea-admin",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "raw",
 			Usage: "Display only the token value",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "scopes",
 			Value: "",
 			Usage: "Comma separated list of scopes to apply to access token",
@ -57,29 +55,18 @@ func runGenerateAccessToken(c *cli.Context) error {
 		return err
 	}

-	// construct token with name and user so we can make sure it is unique
-	t := &auth_model.AccessToken{
-		Name: c.String("token-name"),
-		UID:  user.ID,
-	}
-
-	exist, err := auth_model.AccessTokenByNameExists(ctx, t)
+	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
 	if err != nil {
 		return err
 	}
-	if exist {
-		return fmt.Errorf("access token name has been used already")
+
+	t := &auth_model.AccessToken{
+		Name:  c.String("token-name"),
+		UID:   user.ID,
+		Scope: accessTokenScope,
 	}

-	// make sure the scopes are valid
-	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
-	if err != nil {
-		return fmt.Errorf("invalid access token scope provided: %w", err)
-	}
-	t.Scope = accessTokenScope
-
-	// create the token
-	if err := auth_model.NewAccessToken(ctx, t); err != nil {
+	if err := auth_model.NewAccessToken(t); err != nil {
 		return err
 	}

--- a/cmd/admin_user_list.go
+++ b/cmd/admin_user_list.go
@ -10,15 +10,15 @@ import (

 	user_model "code.gitea.io/gitea/models/user"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserList = &cli.Command{
+var microcmdUserList = cli.Command{
 	Name:   "list",
 	Usage:  "List users",
 	Action: runListUsers,
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "admin",
 			Usage: "List only admin users",
 		},
@ -33,7 +33,7 @@ func runListUsers(c *cli.Context) error {
 		return err
 	}

-	users, err := user_model.GetAllUsers(ctx)
+	users, err := user_model.GetAllUsers()
 	if err != nil {
 		return err
 	}
@ -48,7 +48,7 @@ func runListUsers(c *cli.Context) error {
 			}
 		}
 	} else {
-		twofa := user_model.UserList(users).GetTwoFaStatus(ctx)
+		twofa := user_model.UserList(users).GetTwoFaStatus()
 		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
 		for _, u := range users {
 			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
--- a/cmd/admin_user_must_change_password.go
+++ b/cmd/admin_user_must_change_password.go
@ -9,25 +9,23 @@ import (

 	user_model "code.gitea.io/gitea/models/user"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserMustChangePassword = &cli.Command{
+var microcmdUserMustChangePassword = cli.Command{
 	Name:   "must-change-password",
 	Usage:  "Set the must change password flag for the provided users or all users",
 	Action: runMustChangePassword,
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
-			Name:    "all",
-			Aliases: []string{"A"},
-			Usage:   "All users must change password, except those explicitly excluded with --exclude",
+		cli.BoolFlag{
+			Name:  "all,A",
+			Usage: "All users must change password, except those explicitly excluded with --exclude",
 		},
-		&cli.StringSliceFlag{
-			Name:    "exclude",
-			Aliases: []string{"e"},
-			Usage:   "Do not change the must-change-password flag for these users",
+		cli.StringSliceFlag{
+			Name:  "exclude,e",
+			Usage: "Do not change the must-change-password flag for these users",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "unset",
 			Usage: "Instead of setting the must-change-password flag, unset it",
 		},
@ -50,7 +48,7 @@ func runMustChangePassword(c *cli.Context) error {
 		return err
 	}

-	n, err := user_model.SetMustChangePassword(ctx, all, mustChangePassword, c.Args().Slice(), exclude)
+	n, err := user_model.SetMustChangePassword(ctx, all, mustChangePassword, c.Args(), exclude)
 	if err != nil {
 		return err
 	}
--- a/cmd/cert.go
+++ b/cmd/cert.go
@ -20,50 +20,50 @@ import (
 	"strings"
 	"time"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdCert represents the available cert sub-command.
-var CmdCert = &cli.Command{
+var CmdCert = cli.Command{
 	Name:  "cert",
 	Usage: "Generate self-signed certificate",
 	Description: `Generate a self-signed X.509 certificate for a TLS server.
 Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
 	Action: runCert,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "host",
 			Value: "",
 			Usage: "Comma-separated hostnames and IPs to generate a certificate for",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "ecdsa-curve",
 			Value: "",
 			Usage: "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521",
 		},
-		&cli.IntFlag{
+		cli.IntFlag{
 			Name:  "rsa-bits",
-			Value: 3072,
+			Value: 2048,
 			Usage: "Size of RSA key to generate. Ignored if --ecdsa-curve is set",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "start-date",
 			Value: "",
 			Usage: "Creation date formatted as Jan 1 15:04:05 2011",
 		},
-		&cli.DurationFlag{
+		cli.DurationFlag{
 			Name:  "duration",
 			Value: 365 * 24 * time.Hour,
 			Usage: "Duration that certificate is valid for",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "ca",
 			Usage: "whether this cert should be its own Certificate Authority",
 		},
 	},
 }

-func publicKey(priv any) any {
+func publicKey(priv interface{}) interface{} {
 	switch k := priv.(type) {
 	case *rsa.PrivateKey:
 		return &k.PublicKey
@ -74,7 +74,7 @@ func publicKey(priv any) any {
 	}
 }

-func pemBlockForKey(priv any) *pem.Block {
+func pemBlockForKey(priv interface{}) *pem.Block {
 	switch k := priv.(type) {
 	case *rsa.PrivateKey:
 		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
@ -94,7 +94,7 @@ func runCert(c *cli.Context) error {
 		return err
 	}

-	var priv any
+	var priv interface{}
 	var err error
 	switch c.String("ecdsa-curve") {
 	case "":
@ -136,7 +136,7 @@ func runCert(c *cli.Context) error {
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
 			Organization: []string{"Acme Co"},
-			CommonName:   "Forgejo",
+			CommonName:   "Gitea",
 		},
 		NotBefore: notBefore,
 		NotAfter:  notAfter,
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@ -9,7 +9,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io"
 	"os"
 	"os/signal"
 	"strings"
@ -20,7 +19,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // argsSet checks that all the required arguments are set. args is a list of
@ -58,9 +57,10 @@ func confirm() (bool, error) {
 }

 func initDB(ctx context.Context) error {
-	setting.MustInstalled()
+	setting.InitProviderFromExistingFile()
+	setting.LoadCommonSettings()
 	setting.LoadDBSetting()
-	setting.InitSQLLoggersForCli(log.INFO)
+	setting.InitSQLLog(false)

 	if setting.Database.Type == "" {
 		log.Fatal(`Database settings are missing from the configuration file: %q.
@ -94,42 +94,3 @@ func installSignals() (context.Context, context.CancelFunc) {

 	return ctx, cancel
 }
-
-func setupConsoleLogger(level log.Level, colorize bool, out io.Writer) {
-	if out != os.Stdout && out != os.Stderr {
-		panic("setupConsoleLogger can only be used with os.Stdout or os.Stderr")
-	}
-
-	writeMode := log.WriterMode{
-		Level:        level,
-		Colorize:     colorize,
-		WriterOption: log.WriterConsoleOption{Stderr: out == os.Stderr},
-	}
-	writer := log.NewEventWriterConsole("console-default", writeMode)
-	log.GetManager().GetLogger(log.DEFAULT).ReplaceAllWriters(writer)
-}
-
-func globalBool(c *cli.Context, name string) bool {
-	for _, ctx := range c.Lineage() {
-		if ctx.Bool(name) {
-			return true
-		}
-	}
-	return false
-}
-
-// PrepareConsoleLoggerLevel by default, use INFO level for console logger, but some sub-commands (for git/ssh protocol) shouldn't output any log to stdout.
-// Any log appears in git stdout pipe will break the git protocol, eg: client can't push and hangs forever.
-func PrepareConsoleLoggerLevel(defaultLevel log.Level) func(*cli.Context) error {
-	return func(c *cli.Context) error {
-		level := defaultLevel
-		if globalBool(c, "quiet") {
-			level = log.FATAL
-		}
-		if globalBool(c, "debug") || globalBool(c, "verbose") {
-			level = log.TRACE
-		}
-		log.SetConsoleLogger(log.DEFAULT, "console-default", level)
-		return nil
-	}
-}
--- a/cmd/convert.go
+++ b/cmd/convert.go
@ -0,0 +1,56 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"fmt"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/urfave/cli"
+)
+
+// CmdConvert represents the available convert sub-command.
+var CmdConvert = cli.Command{
+	Name:        "convert",
+	Usage:       "Convert the database",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4 or MSSQL database from varchar to nvarchar",
+	Action:      runConvert,
+}
+
+func runConvert(ctx *cli.Context) error {
+	stdCtx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(stdCtx); err != nil {
+		return err
+	}
+
+	log.Info("AppPath: %s", setting.AppPath)
+	log.Info("AppWorkPath: %s", setting.AppWorkPath)
+	log.Info("Custom path: %s", setting.CustomPath)
+	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Configuration file: %s", setting.CustomConf)
+
+	switch {
+	case setting.Database.Type.IsMySQL():
+		if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
+			log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
+			return err
+		}
+		fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
+	case setting.Database.Type.IsMSSQL():
+		if err := db.ConvertVarcharToNVarchar(); err != nil {
+			log.Fatal("Failed to convert database from varchar to nvarchar: %v", err)
+			return err
+		}
+		fmt.Println("Converted successfully, please confirm your database's all columns character is NVARCHAR now")
+	default:
+		fmt.Println("This command can only be used with a MySQL or MSSQL database")
+	}
+
+	return nil
+}
--- a/cmd/docs.go
+++ b/cmd/docs.go
@ -8,14 +8,14 @@ import (
 	"os"
 	"strings"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdDocs represents the available docs sub-command.
-var CmdDocs = &cli.Command{
+var CmdDocs = cli.Command{
 	Name:        "docs",
 	Usage:       "Output CLI documentation",
-	Description: "A command to output Forgejo's CLI documentation, optionally to a file.",
+	Description: "A command to output Gitea's CLI documentation, optionally to a file.",
 	Action:      runDocs,
 	Flags: []cli.Flag{
 		&cli.BoolFlag{
@ -23,9 +23,8 @@ var CmdDocs = &cli.Command{
 			Usage: "Output man pages instead",
 		},
 		&cli.StringFlag{
-			Name:    "output",
-			Aliases: []string{"o"},
-			Usage:   "Path to output to instead of stdout (will overwrite if exists)",
+			Name:  "output, o",
+			Usage: "Path to output to instead of stdout (will overwrite if exists)",
 		},
 	},
 }
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@ -4,10 +4,10 @@
 package cmd

 import (
+	"errors"
 	"fmt"
 	golog "log"
 	"os"
-	"path/filepath"
 	"strings"
 	"text/tabwriter"

@ -18,72 +18,62 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 	"xorm.io/xorm"
 )

-var cmdDoctorCheck = &cli.Command{
-	Name:        "check",
+// CmdDoctor represents the available doctor sub-command.
+var CmdDoctor = cli.Command{
+	Name:        "doctor",
 	Usage:       "Diagnose and optionally fix problems",
-	Description: "A command to diagnose problems with the current Forgejo instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
-	Action:      runDoctorCheck,
+	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
+	Action:      runDoctor,
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "list",
 			Usage: "List the available checks",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "default",
 			Usage: "Run the default checks (if neither --run or --all is set, this is the default behaviour)",
 		},
-		&cli.StringSliceFlag{
+		cli.StringSliceFlag{
 			Name:  "run",
 			Usage: "Run the provided checks - (if --default is set, the default checks will also run)",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "all",
 			Usage: "Run all the available checks",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "fix",
 			Usage: "Automatically fix what we can",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "log-file",
-			Usage: `Name of the log file (no verbose log output by default). Set to "-" to output to stdout`,
+			Usage: `Name of the log file (default: "doctor.log"). Set to "-" to output to stdout, set to "" to disable`,
 		},
-		&cli.BoolFlag{
-			Name:    "color",
-			Aliases: []string{"H"},
-			Usage:   "Use color for outputted information",
+		cli.BoolFlag{
+			Name:  "color, H",
+			Usage: "Use color for outputted information",
 		},
 	},
-}
-
-// CmdDoctor represents the available doctor sub-command.
-var CmdDoctor = &cli.Command{
-	Name:        "doctor",
-	Usage:       "Diagnose and optionally fix problems",
-	Description: "A command to diagnose problems with the current Forgejo instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
-
-	Subcommands: []*cli.Command{
-		cmdDoctorCheck,
+	Subcommands: []cli.Command{
 		cmdRecreateTable,
-		cmdDoctorConvert,
 	},
 }

-var cmdRecreateTable = &cli.Command{
+var cmdRecreateTable = cli.Command{
 	Name:      "recreate-table",
 	Usage:     "Recreate tables from XORM definitions and copy the data.",
 	ArgsUsage: "[TABLE]... : (TABLEs to recreate - leave blank for all)",
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "debug",
 			Usage: "Print SQL commands sent",
 		},
 	},
-	Description: `The database definitions Forgejo uses change across versions, sometimes changing default values and leaving old unused columns.
+	Description: `The database definitions Gitea uses change across versions, sometimes changing default values and leaving old unused columns.

 This command will cause Xorm to recreate tables, copying over the data and deleting the old table.

@ -92,25 +82,24 @@ You should back-up your database before doing this and ensure that your database
 }

 func runRecreateTable(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
 	// Redirect the default golog to here
 	golog.SetFlags(0)
 	golog.SetPrefix("")
-	golog.SetOutput(log.LoggerToWriter(log.GetLogger(log.DEFAULT).Info))
+	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))

-	debug := ctx.Bool("debug")
-	setting.MustInstalled()
+	setting.InitProviderFromExistingFile()
+	setting.LoadCommonSettings()
 	setting.LoadDBSetting()

-	if debug {
-		setting.InitSQLLoggersForCli(log.DEBUG)
-	} else {
-		setting.InitSQLLoggersForCli(log.INFO)
-	}
+	setting.Log.EnableXORMLog = ctx.Bool("debug")
+	setting.Database.LogSQL = ctx.Bool("debug")
+	// FIXME: don't use CfgProvider directly
+	setting.CfgProvider.Section("log").Key("XORM").SetValue(",")
+
+	setting.InitSQLLog(!ctx.Bool("debug"))
+	stdCtx, cancel := installSignals()
+	defer cancel()

-	setting.Database.LogSQL = debug
 	if err := db.InitEngine(stdCtx); err != nil {
 		fmt.Println(err)
 		fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
@ -137,42 +126,67 @@ func runRecreateTable(ctx *cli.Context) error {
 	})
 }

-func setupDoctorDefaultLogger(ctx *cli.Context, colorize bool) {
-	// Silence the default loggers
-	setupConsoleLogger(log.FATAL, log.CanColorStderr, os.Stderr)
-
+func setDoctorLogger(ctx *cli.Context) {
 	logFile := ctx.String("log-file")
-	if logFile == "" {
-		return // if no doctor log-file is set, do not show any log from default logger
-	} else if logFile == "-" {
-		setupConsoleLogger(log.TRACE, colorize, os.Stdout)
-	} else {
-		logFile, _ = filepath.Abs(logFile)
-		writeMode := log.WriterMode{Level: log.TRACE, WriterOption: log.WriterFileOption{FileName: logFile}}
-		writer, err := log.NewEventWriter("console-to-file", "file", writeMode)
-		if err != nil {
-			log.FallbackErrorf("unable to create file log writer: %v", err)
+	if !ctx.IsSet("log-file") {
+		logFile = "doctor.log"
+	}
+	colorize := log.CanColorStdout
+	if ctx.IsSet("color") {
+		colorize = ctx.Bool("color")
+	}
+
+	if len(logFile) == 0 {
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
+		return
+	}
+
+	defer func() {
+		recovered := recover()
+		if recovered == nil {
 			return
 		}
-		log.GetManager().GetLogger(log.DEFAULT).ReplaceAllWriters(writer)
+
+		err, ok := recovered.(error)
+		if !ok {
+			panic(recovered)
+		}
+		if errors.Is(err, os.ErrPermission) {
+			fmt.Fprintf(os.Stderr, "ERROR: Unable to write logs to provided file due to permissions error: %s\n       %v\n", logFile, err)
+		} else {
+			fmt.Fprintf(os.Stderr, "ERROR: Unable to write logs to provided file: %s\n       %v\n", logFile, err)
+		}
+		fmt.Fprintf(os.Stderr, "WARN: Logging will be disabled\n       Use `--log-file` to configure log file location\n")
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
+	}()
+
+	if logFile == "-" {
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"trace","stacktracelevel":"NONE","colorize":%t}`, colorize))
+	} else {
+		log.NewLogger(1000, "doctor", "file", fmt.Sprintf(`{"filename":%q,"level":"trace","stacktracelevel":"NONE"}`, logFile))
 	}
 }

-func runDoctorCheck(ctx *cli.Context) error {
+func runDoctor(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()

+	// Silence the default loggers
+	log.DelNamedLogger("console")
+	log.DelNamedLogger(log.DEFAULT)
+
+	// Now setup our own
+	setDoctorLogger(ctx)
+
 	colorize := log.CanColorStdout
 	if ctx.IsSet("color") {
 		colorize = ctx.Bool("color")
 	}

-	setupDoctorDefaultLogger(ctx, colorize)
-
-	// Finally redirect the default golang's log to here
+	// Finally redirect the default golog to here
 	golog.SetFlags(0)
 	golog.SetPrefix("")
-	golog.SetOutput(log.LoggerToWriter(log.GetLogger(log.DEFAULT).Info))
+	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))

 	if ctx.IsSet("list") {
 		w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
@ -220,5 +234,17 @@ func runDoctorCheck(ctx *cli.Context) error {
 		}
 	}

-	return doctor.RunChecks(stdCtx, colorize, ctx.Bool("fix"), checks)
+	// Now we can set up our own logger to return information about what the doctor is doing
+	if err := log.NewNamedLogger("doctorouter",
+		0,
+		"console",
+		"console",
+		fmt.Sprintf(`{"level":"INFO","stacktracelevel":"NONE","colorize":%t,"flags":-1}`, colorize)); err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	logger := log.GetLogger("doctorouter")
+	defer logger.Close()
+	return doctor.RunChecks(stdCtx, logger, ctx.Bool("fix"), checks)
 }
--- a/Show more
+++ b/Show more