gitea.nulo.in: Use NPM cache

gitea.nulo.in: Use APK cache
gitea.nulo.in: Use script to upgrade
2023-01-23 13:08:44 -03:00 · 2023-01-23 13:08:44 -03:00 · 2023-01-23 13:08:44 -03:00 · 2023-01-23 13:08:44 -03:00 · 2023-01-23 13:08:44 -03:00 · 2023-01-23 08:42:02 -06:00
2212 changed files with 62079 additions and 34879 deletions
--- a/.air.toml
+++ b/.air.toml
@ -5,6 +5,6 @@ tmp_dir = ".air"
 cmd = "make backend"
 bin = "gitea"
 include_ext = ["go", "tmpl"]
-exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
-include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
-exclude_regex = ["_test.go$"]
+exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata", "models/fixtures", "models/migrations/fixtures", "modules/migration/file_format_testdata", "modules/avatar/identicon/testdata"]
+include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
+exclude_regex = ["_test.go$", "_gen.go$"]
--- a/.drone.yml
+++ b/.drone.yml
@ -19,13 +19,13 @@ volumes:

 steps:
  - name: deps-frontend
-    image: node:16
+    image: node:18
    pull: always
    commands:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.18
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@ -34,11 +34,21 @@ steps:
        path: /go

  - name: lint-frontend
-    image: node:16
+    image: node:18
    commands:
      - make lint-frontend
    depends_on: [deps-frontend]

+  - name: security-check
+    image: golang:1.19
+    pull: always
+    commands:
+      - make security-check
+    depends_on: [deps-backend]
+    volumes:
+      - name: deps
+        path: /go
+
  - name: lint-backend
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    pull: always
@ -82,31 +92,31 @@ steps:
        path: /go

  - name: checks-frontend
-    image: node:16
+    image: node:18
    commands:
      - make checks-frontend
    depends_on: [deps-frontend]

  - name: checks-backend
-    image: golang:1.18
+    image: golang:1.19
    commands:
-      - make checks-backend
+      - make --always-make checks-backend # ensure the 'go-licenses' make target runs
    depends_on: [deps-backend]
    volumes:
      - name: deps
        path: /go

  - name: test-frontend
-    image: node:16
+    image: node:18
    commands:
      - make test-frontend
    depends_on: [lint-frontend]

  - name: build-frontend
-    image: node:16
+    image: node:18
    commands:
      - make frontend
-    depends_on: [test-frontend]
+    depends_on: [deps-frontend]

  - name: build-backend-no-gcc
    image: golang:1.18 # this step is kept as the lowest version of golang that we support
@ -122,7 +132,7 @@ steps:
        path: /go

  - name: build-backend-arm64
-    image: golang:1.18
+    image: golang:1.19
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
@ -138,7 +148,7 @@ steps:
        path: /go

  - name: build-backend-windows
-    image: golang:1.18
+    image: golang:1.19
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
@ -153,7 +163,7 @@ steps:
        path: /go

  - name: build-backend-386
-    image: golang:1.18
+    image: golang:1.19
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
@ -243,7 +253,7 @@ steps:
          - pull_request

  - name: deps-backend
-    image: golang:1.18
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@ -360,7 +370,7 @@ steps:
        path: /go

  - name: generate-coverage
-    image: golang:1.18
+    image: golang:1.19
    commands:
      - make coverage
    environment:
@ -436,7 +446,7 @@ steps:
          - pull_request

  - name: deps-backend
-    image: golang:1.18
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@ -498,6 +508,78 @@ steps:
      - name: deps
        path: /go

+---
+kind: pipeline
+type: docker
+name: testing-e2e
+
+platform:
+  os: linux
+  arch: amd64
+
+depends_on:
+  - compliance
+
+trigger:
+  event:
+    - pull_request
+
+volumes:
+  - name: deps
+    temp: {}
+
+services:
+  - name: pgsql
+    pull: default
+    image: postgres:10
+    environment:
+      POSTGRES_DB: testgitea-e2e
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate='en_US.UTF-8' --lc-ctype='en_US.UTF-8'
+
+steps:
+  - name: deps-frontend
+    image: node:18
+    pull: always
+    commands:
+      - make deps-frontend
+
+  - name: build-frontend
+    image: node:18
+    commands:
+      - make frontend
+    depends_on: [deps-frontend]
+
+  - name: deps-backend
+    image: golang:1.18
+    pull: always
+    commands:
+      - make deps-backend
+    volumes:
+      - name: deps
+        path: /go
+
+  # TODO: We should probably build all dependencies into a test image
+  - name: test-e2e
+    image: mcr.microsoft.com/playwright:v1.27.0-focal
+    commands:
+      - curl -sLO https://go.dev/dl/go1.19.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.19.linux-amd64.tar.gz
+      - groupadd --gid 1001 gitea && useradd -m --gid 1001 --uid 1001 gitea
+      - apt-get -qq update && apt-get -qqy install build-essential
+      - export TEST_PGSQL_SCHEMA=''
+      - ./build/test-env-prepare.sh
+      - su gitea bash -c "export PATH=$PATH:/usr/local/go/bin && timeout -s ABRT 40m make test-e2e-pgsql"
+    environment:
+      GOPROXY: https://goproxy.io
+      GOSUMDB: sum.golang.org
+      USE_REPO_TEST_DIR: 1
+      TEST_PGSQL_DBNAME: 'testgitea-e2e'
+      DEBIAN_FRONTEND: noninteractive
+    depends_on: [build-frontend, deps-backend]
+    volumes:
+      - name: deps
+        path: /go
+
 ---
 kind: pipeline
 name: update_translations
@ -544,6 +626,8 @@ steps:
      commit_message: "[skip ci] Updated translations via Crowdin"
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
+      DRONE_COMMIT_AUTHOR_EMAIL: "teabot@gitea.io"
+      DRONE_COMMIT_AUTHOR: GiteaBot
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key

@ -578,7 +662,7 @@ trigger:

 steps:
  - name: download
-    image: golang:1.18
+    image: golang:1.19
    pull: always
    commands:
      - timeout -s ABRT 40m make generate-license generate-gitignore
@ -588,12 +672,14 @@ steps:
    pull: always
    settings:
      author_email: "teabot@gitea.io"
-      author_name: GiteaBot
+      author_name: "GiteaBot"
      branch: main
      commit: true
-      commit_message: "[skip ci] Updated licenses and gitignores "
+      commit_message: "[skip ci] Updated licenses and gitignores"
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
+      DRONE_COMMIT_AUTHOR_EMAIL: "teabot@gitea.io"
+      DRONE_COMMIT_AUTHOR: "GiteaBot"
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key

@ -634,13 +720,13 @@ steps:
      - git fetch --tags --force

  - name: deps-frontend
-    image: node:16
+    image: node:18
    pull: always
    commands:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.18
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@ -649,15 +735,17 @@ steps:
        path: /go

  - name: static
-    image: techknowlogick/xgo:go-1.18.x
+    image: techknowlogick/xgo:go-1.19.x
    pull: always
    commands:
-      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
+      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
+      DEBIAN_FRONTEND: noninteractive
    volumes:
      - name: deps
        path: /go
@ -753,13 +841,13 @@ steps:
      - git fetch --tags --force

  - name: deps-frontend
-    image: node:16
+    image: node:18
    pull: always
    commands:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.18
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@ -768,15 +856,17 @@ steps:
        path: /go

  - name: static
-    image: techknowlogick/xgo:go-1.18.x
+    image: techknowlogick/xgo:go-1.19.x
    pull: always
    commands:
-      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
+      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
+      DEBIAN_FRONTEND: noninteractive
    depends_on: [fetch-tags]
    volumes:
      - name: deps
@ -851,7 +941,8 @@ steps:
    image: plugins/hugo:latest
    pull: always
    commands:
-      - apk add --no-cache make bash curl
+      # https://github.com/drone-plugins/drone-hugo/issues/36
+      - apk upgrade --no-cache libcurl && apk add --no-cache make bash curl
      - cd docs
      - make trans-copy clean build

--- a/.editorconfig
+++ b/.editorconfig
@ -26,6 +26,3 @@ indent_style = tab

 [*.svg]
 insert_final_newline = false
-
-[*.md]
-trim_trailing_whitespace = false
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@ -11,12 +11,8 @@ parserOptions:
 plugins:
  - eslint-plugin-unicorn
  - eslint-plugin-import
-  - eslint-plugin-vue
-  - eslint-plugin-html
  - eslint-plugin-jquery
-
-extends:
-  - plugin:vue/recommended
+  - eslint-plugin-sonarjs

 env:
  es2022: true
@ -25,30 +21,20 @@ env:
 globals:
  __webpack_public_path__: true

-settings:
-  html/html-extensions: [".tmpl"]
-
 overrides:
-  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
+  - files: ["web_src/**/*.js", "docs/**/*.js"]
    env:
      browser: true
      node: false
-  - files: ["templates/**/*.tmpl"]
-    rules:
-      no-tabs: [0]
-      indent: [2, tab, {SwitchCase: 1}]
  - files: ["web_src/**/*worker.js"]
    env:
      worker: true
    rules:
-      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
+      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
  - files: ["build/generate-images.js"]
    rules:
      import/no-unresolved: [0]
      import/no-extraneous-dependencies: [0]
-  - files: ["*.test.js"]
-    env:
-      jest: true
  - files: ["*.config.js"]
    rules:
      import/no-unused-modules: [0]
@ -57,7 +43,7 @@ rules:
  accessor-pairs: [2]
  array-bracket-newline: [0]
  array-bracket-spacing: [2, never]
-  array-callback-return: [0]
+  array-callback-return: [2, {checkForEach: true}]
  array-element-newline: [0]
  arrow-body-style: [0]
  arrow-parens: [2, always]
@ -120,7 +106,7 @@ rules:
  import/no-extraneous-dependencies: [2]
  import/no-import-module-exports: [0]
  import/no-internal-modules: [0]
-  import/no-mutable-exports: [2]
+  import/no-mutable-exports: [0]
  import/no-named-as-default-member: [0]
  import/no-named-as-default: [2]
  import/no-named-default: [0]
@ -132,7 +118,7 @@ rules:
  import/no-restricted-paths: [0]
  import/no-self-import: [2]
  import/no-unassigned-import: [0]
-  import/no-unresolved: [2, {commonjs: true}]
+  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$"]}]
  import/no-unused-modules: [2, {unusedExports: true}]
  import/no-useless-path-segments: [2, {commonjs: true}]
  import/no-webpack-loader-syntax: [2]
@ -196,6 +182,7 @@ rules:
  linebreak-style: [2, unix]
  lines-around-comment: [0]
  lines-between-class-members: [0]
+  logical-assignment-operators: [0]
  max-classes-per-file: [0]
  max-depth: [0]
  max-len: [0]
@ -222,7 +209,7 @@ rules:
  no-compare-neg-zero: [2]
  no-cond-assign: [2, except-parens]
  no-confusing-arrow: [0]
-  no-console: [1, {allow: [info, warn, error]}]
+  no-console: [1, {allow: [debug, info, warn, error]}]
  no-const-assign: [2]
  no-constant-binary-expression: [2]
  no-constant-condition: [0]
@ -256,7 +243,7 @@ rules:
  no-floating-decimal: [0]
  no-func-assign: [2]
  no-global-assign: [2]
-  no-implicit-coercion: [0]
+  no-implicit-coercion: [2]
  no-implicit-globals: [0]
  no-implied-eval: [2]
  no-import-assign: [2]
@ -298,7 +285,7 @@ rules:
  no-redeclare: [2]
  no-regex-spaces: [2]
  no-restricted-exports: [0]
-  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top]
+  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
  no-restricted-imports: [0]
  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
  no-return-assign: [0]
@ -332,8 +319,8 @@ rules:
  no-unused-labels: [2]
  no-unused-private-class-members: [2]
  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
-  no-use-before-define: [2, nofunc]
-  no-useless-backreference: [0]
+  no-use-before-define: [2, {functions: false, classes: true, variables: true, allowNamedExports: true}]
+  no-useless-backreference: [2]
  no-useless-call: [2]
  no-useless-catch: [2]
  no-useless-computed-key: [2]
@ -358,13 +345,13 @@ rules:
  padded-blocks: [2, never]
  padding-line-between-statements: [0]
  prefer-arrow-callback: [2, {allowNamedFunctions: true, allowUnboundThis: true}]
-  prefer-const: [2, {destructuring: all}]
+  prefer-const: [2, {destructuring: all, ignoreReadBeforeAssign: true}]
  prefer-destructuring: [0]
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
  prefer-object-has-own: [0]
-  prefer-object-spread: [0]
+  prefer-object-spread: [2]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
  prefer-rest-params: [2]
@ -381,6 +368,38 @@ rules:
  semi-spacing: [2, {before: false, after: true}]
  semi-style: [2, last]
  semi: [2, always, {omitLastInOneLineBlock: true}]
+  sonarjs/cognitive-complexity: [0]
+  sonarjs/elseif-without-else: [0]
+  sonarjs/max-switch-cases: [0]
+  sonarjs/no-all-duplicated-branches: [2]
+  sonarjs/no-collapsible-if: [0]
+  sonarjs/no-collection-size-mischeck: [2]
+  sonarjs/no-duplicate-string: [0]
+  sonarjs/no-duplicated-branches: [0]
+  sonarjs/no-element-overwrite: [2]
+  sonarjs/no-empty-collection: [2]
+  sonarjs/no-extra-arguments: [0]
+  sonarjs/no-gratuitous-expressions: [2]
+  sonarjs/no-identical-conditions: [2]
+  sonarjs/no-identical-expressions: [0]
+  sonarjs/no-identical-functions: [0]
+  sonarjs/no-ignored-return: [2]
+  sonarjs/no-inverted-boolean-check: [2]
+  sonarjs/no-nested-switch: [0]
+  sonarjs/no-nested-template-literals: [0]
+  sonarjs/no-one-iteration-loop: [2]
+  sonarjs/no-redundant-boolean: [2]
+  sonarjs/no-redundant-jump: [0]
+  sonarjs/no-same-line-conditional: [2]
+  sonarjs/no-small-switch: [0]
+  sonarjs/no-unused-collection: [2]
+  sonarjs/no-use-of-empty-return-value: [2]
+  sonarjs/no-useless-catch: [0]
+  sonarjs/non-existent-operator: [2]
+  sonarjs/prefer-immediate-return: [0]
+  sonarjs/prefer-object-literal: [0]
+  sonarjs/prefer-single-boolean-return: [0]
+  sonarjs/prefer-while: [2]
  sort-imports: [0]
  sort-keys: [0]
  sort-vars: [0]
@ -428,12 +447,13 @@ rules:
  unicorn/no-new-array: [0]
  unicorn/no-new-buffer: [0]
  unicorn/no-null: [0]
-  unicorn/no-object-as-default-parameter: [2]
+  unicorn/no-object-as-default-parameter: [0]
  unicorn/no-process-exit: [0]
  unicorn/no-reduce: [2]
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
+  unicorn/no-unnecessary-await: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unreadable-iife: [2]
  unicorn/no-unsafe-regex: [0]
@ -454,14 +474,16 @@ rules:
  unicorn/prefer-array-index-of: [2]
  unicorn/prefer-array-some: [2]
  unicorn/prefer-at: [0]
-  unicorn/prefer-code-point: [2]
+  unicorn/prefer-code-point: [0]
  unicorn/prefer-dataset: [2]
  unicorn/prefer-date-now: [2]
  unicorn/prefer-default-parameters: [0]
  unicorn/prefer-event-key: [2]
+  unicorn/prefer-event-target: [2]
  unicorn/prefer-export-from: [2]
  unicorn/prefer-includes: [2]
  unicorn/prefer-json-parse-buffer: [0]
+  unicorn/prefer-logical-operator-over-ternary: [2]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
  unicorn/prefer-modern-math-apis: [2]
@ -496,17 +518,13 @@ rules:
  unicorn/require-number-to-fixed-digits-argument: [2]
  unicorn/require-post-message-target-origin: [0]
  unicorn/string-content: [0]
+  unicorn/switch-case-braces: [0]
  unicorn/template-indent: [2]
  unicorn/text-encoding-identifier-case: [0]
  unicorn/throw-new-error: [2]
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
-  vue/attributes-order: [0]
-  vue/component-definition-name-casing: [0]
-  vue/html-closing-bracket-spacing: [0]
-  vue/max-attributes-per-line: [0]
-  vue/one-component-per-file: [0]
  wrap-iife: [2, inside]
  wrap-regex: [0]
  yield-star-spacing: [2, after]
--- a/.gitattributes
+++ b/.gitattributes
@ -1,7 +1,6 @@
 * text=auto eol=lf
 *.tmpl linguist-language=Handlebars
-/.eslintrc linguist-language=YAML
-/.stylelintrc linguist-language=YAML
+/assets/*.json linguist-generated
 /public/vendor/** -text -eol linguist-vendored
 /vendor/** -text -eol linguist-vendored
 /web_src/fomantic/build/** linguist-generated
--- a/.gitignore
+++ b/.gitignore
@ -63,21 +63,14 @@ cpu.out
 /indexers
 /log
 /public/img/avatar
-/integrations/gitea-integration-mysql
-/integrations/gitea-integration-mysql8
-/integrations/gitea-integration-pgsql
-/integrations/gitea-integration-sqlite
-/integrations/gitea-integration-mssql
-/integrations/indexers-mysql
-/integrations/indexers-mysql8
-/integrations/indexers-pgsql
-/integrations/indexers-sqlite
-/integrations/indexers-mssql
-/integrations/sqlite.ini
-/integrations/mysql.ini
-/integrations/mysql8.ini
-/integrations/pgsql.ini
-/integrations/mssql.ini
+/tests/integration/gitea-integration-*
+/tests/integration/indexers-*
+/tests/e2e/gitea-e2e-*
+/tests/e2e/indexers-*
+/tests/e2e/reports
+/tests/e2e/test-artifacts
+/tests/e2e/test-snapshots
+/tests/*.ini
 /node_modules
 /yarn.lock
 /yarn-error.log
@ -102,6 +95,7 @@ cpu.out
 !/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
 /VERSION
 /.air
+/.go-licenses

 # Snapcraft
 snap/.snapcraft/
--- a/.gitpod.yml
+++ b/.gitpod.yml
@ -0,0 +1,42 @@
+tasks:
+  - name: Setup
+    init: |
+      cp -r contrib/ide/vscode .vscode
+      make deps
+      make build
+    command: |
+      gp sync-done setup
+      exit 0
+  - name: Run frontend
+    command: |
+      gp sync-await setup
+      make watch-frontend
+  - name: Run backend
+    command: |
+      gp sync-await setup
+      mkdir -p custom/conf/
+      echo -e "[server]\nROOT_URL=$(gp url 3000)/" > custom/conf/app.ini
+      echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
+      export TAGS="sqlite sqlite_unlock_notify"
+      make watch-backend
+  - name: Run docs
+    before: sudo bash -c "$(grep 'https://github.com/gohugoio/hugo/releases/download' Makefile | tr -d '\')" # install hugo
+    command: cd docs && make clean update && hugo server -D -F --baseUrl $(gp url 1313) --liveReloadPort=443 --appendPort=false --bind=0.0.0.0
+
+vscode:
+  extensions:
+    - editorconfig.editorconfig
+    - dbaeumer.vscode-eslint
+    - golang.go
+    - stylelint.vscode-stylelint
+    - DavidAnson.vscode-markdownlint
+    - johnsoncodehk.volar
+    - ms-azuretools.vscode-docker
+    - zixuanchen.vitest-explorer
+    - alexcvzz.vscode-sqlite
+
+ports:
+  - name: Gitea
+    port: 3000
+  - name: Docs
+    port: 1313
--- a/.golangci.yml
+++ b/.golangci.yml
@ -12,19 +12,23 @@ linters:
    - dupl
    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
-    - misspell
    - gocritic
    - bidichk
    - ineffassign
    - revive
    - gofumpt
    - depguard
+    - nakedret
+    - unconvert
+    - wastedassign
+    - nolintlint
+    - stylecheck
  enable-all: false
  disable-all: true
  fast: false

 run:
-  go: 1.18
+  go: 1.19
  timeout: 10m
  skip-dirs:
    - node_modules
@ -32,6 +36,10 @@ run:
    - web_src

 linters-settings:
+  stylecheck:
+    checks: ["all", "-ST1005", "-ST1003"]
+  nakedret:
+    max-func-lines: 0
  gocritic:
    disabled-checks:
      - ifElseChain
@ -66,7 +74,7 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.18"
+    lang-version: "1.19"
  depguard:
    # TODO: use depguard to replace import checks in gitea-vet
    list-type: denylist
@ -77,6 +85,8 @@ linters-settings:
      - github.com/unknwon/com: "use gitea's util and replacements"

 issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
  exclude-rules:
    # Exclude some linters from running on tests files.
    - path: _test\.go
@ -137,9 +147,6 @@ issues:
    - path: models/issue_comment_list.go
      linters:
        - dupl
-    - linters:
-        - misspell
-      text: '`Unknwon` is a misspelling of `Unknown`'
    - path: models/update.go
      linters:
        - unused
@ -162,3 +169,7 @@ issues:
    - path: models/user/openid.go
      linters:
        - golint
+    - path: models/user/badge.go
+      linters:
+        - revive
+      text: "exported: type name will be used as user.UserBadge by other packages, and that stutters; consider calling this Badge"
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@ -0,0 +1,18 @@
+commands-show-output: false
+fenced-code-language: false
+first-line-h1: false
+header-increment: false
+line-length: {code_blocks: false, tables: false, stern: true, line_length: -1}
+no-alt-text: false
+no-bare-urls: false
+no-blanks-blockquote: false
+no-duplicate-header: {allow_different_nesting: true}
+no-emphasis-as-header: false
+no-empty-links: false
+no-hard-tabs: {code_blocks: false}
+no-inline-html: false
+no-space-in-code: false
+no-space-in-emphasis: false
+no-trailing-punctuation: false
+no-trailing-spaces: {br_spaces: 0}
+single-h1: false
--- a/.spectral.yaml
+++ b/.spectral.yaml
@ -0,0 +1,12 @@
+extends: [[spectral:oas, all]]
+
+rules:
+  info-contact: off
+  oas2-api-host: off
+  oas2-parameter-description: off
+  oas2-schema: off
+  oas2-valid-schema-example: off
+  openapi-tags: off
+  operation-description: off
+  operation-singular-tag: off
+  operation-tag-defined: off
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -0,0 +1,39 @@
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      tags: true
+
+pipeline:
+  build:
+    image: docker.io/alpine:3.16
+    commands:
+      - echo "172.17.0.1 alpine.proxy.coso npm.proxy.coso" >> /etc/hosts
+      - echo "http://alpine.proxy.coso/alpine/v3.16/main" > /etc/apk/repositories
+      - echo "http://alpine.proxy.coso/alpine/v3.16/community" >> /etc/apk/repositories
+      - apk add git nodejs npm go make rsync openssh-client-default
+      - npm set registry http://npm.proxy.coso
+
+      - GOOS=linux GOARCH=amd64 LDFLAGS="-linkmode external -extldflags '-static' $LDFLAGS" TAGS="bindata sqlite sqlite_unlock_notify" make build
+
+      - eval $(ssh-agent -s)
+      - echo "$${SSH_KEY}" | tr -d '\r' | ssh-add -
+      - mkdir -p ~/.ssh
+      - echo "[nulo.in]:420,[186.136.121.7]:420 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGPkgRVWYcVcgjI0xAjDgZQsYuXU9edcya8zna01ibyUMlfKHIMD9yOoq0R+fQPTCqwiol/2tKMPJ2hlKshc+H8=" > ~/.ssh/known_hosts
+
+      # #!/bin/sh
+      # # Editar en https://gitea.nulo.in/Nulo/gitea si se cambia
+      # bin=/usr/local/bin/gitea
+      # new=/usr/local/bin/gitea.new
+      #
+      # rm "$new"
+      # cat /dev/stdin > "$new" || exit $?
+      # chmod +x "$new" || exit $?
+      # mv "$new" "$bin" || exit $?
+      # sv restart gitea || exit $?
+      - ssh -p420 ci-gitea@nulo.in doas /usr/local/sbin/instalar-gitea < gitea
+    when:
+      branch: gitea.nulo.in
+      event: push
+    secrets:
+      - ssh_key
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -81,13 +81,15 @@ Here's how to run the test suite:
 |``make lint-frontend`` | lint frontend files  |
 |``make lint-backend``  | lint backend files   |

- run test code (Suggest run in Linux)  
+- run test code (Suggest run in Linux)

 |                                        |                                                  |
 | :------------------------------------- | :----------------------------------------------- |
 |``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](integrations) test for SQLite |  
-|[More details about integrations](integrations/README.md)  |
+|``make test-sqlite[\#TestSpecificName]``|  run [integration](tests/integration) test for SQLite |
+|[More details about integration tests](tests/integration/README.md)  |
+|``make test-e2e-sqlite[\#TestSpecificFileName]``|  run [end-to-end](tests/e2e) test for SQLite |
+|[More details about e2e tests](tests/e2e/README.md)  |

 ## Vendoring

@ -127,14 +129,14 @@ the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob
 it has lots of useful tips for any project you may want to contribute.
 Some of the key points:

-* Make small pull requests. The smaller, the faster to review and the
+- Make small pull requests. The smaller, the faster to review and the
  more likely it will be merged soon.
-* Don't make changes unrelated to your PR. Maybe there are typos on
+- Don't make changes unrelated to your PR. Maybe there are typos on
  some comments, maybe refactoring would be welcome on a function... but
  if that is not related to your PR, please make *another* PR for that.
-* Split big pull requests into multiple small ones. An incremental change
+- Split big pull requests into multiple small ones. An incremental change
  will be faster to review than a huge PR.
-* Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
+- Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.

 If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:

@ -144,9 +146,20 @@ If your PR could cause a breaking change you must add a BREAKING section to this

 To explain how this could affect users and how to mitigate these changes.

+Once code review starts on your PR, do not rebase nor squash your branch as it makes it
+difficult to review the new changes. Only if there is a need, sync your branch by merging
+the base branch into yours. Don't worry about merge commits messing up your tree as
+the final merge process squashes all commits into one, with the visible commit message (first
+line) being the PR title + PR index and description being the PR's first comment.
+
+Once your PR gets the `lgtm/done` label, don't worry about keeping it up-to-date or breaking
+builds (unless there's a merge conflict or a request is made by a maintainer to make
+modifications). It is the maintainer team's responsibility from this point to get it merged.
+
 ## Styleguide

-For imports you should use the following format (_without_ the comments)
+For imports you should use the following format (*without* the comments)
+
 ```go
 import (
  // stdlib
@ -167,25 +180,34 @@ import (

 To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:

- **integration:** Integrations tests
 - **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
 - **models/fixtures:** Sample model data used in integration tests.
 - **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
- **modules:** Different modules to handle specific functionality in Gitea.
+- **modules:** Different modules to handle specific functionality in Gitea. Shall only depend on other modules but not other packages (models, services).
 - **public:** Frontend files (javascript, images, css, etc.)
- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers
+- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers.
 - **services:** Support functions for common routing operations. Uses models and modules to handle the request.
 - **templates:** Golang templates for generating the html output.
+- **tests/e2e:** End to end tests
+- **tests/integration:** Integration tests
 - **vendor:** External code that Gitea depends on.

+## Documentation
+
+If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated.
+
 ## API v1

 The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
-Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.  
-If Gitea provides functionality that GitHub does not, a new endpoint can be created.  
+
+Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.
+
+If Gitea provides functionality that GitHub does not, a new endpoint can be created.
+
 If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.

 Updating an existing API should not remove existing fields unless there is a really good reason to do so.
+
 The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).

 All expected results (errors, success, fail messages) should be documented
@ -194,49 +216,33 @@ All expected results (errors, success, fail messages) should be documented
 All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
 and referenced in
-[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).  
+[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).
+
 They can then be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).

 All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
 and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))  
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))
+
 They can be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))

 In general, HTTP methods are chosen as follows:
- * **GET** endpoints return requested object and status **OK (200)**
- * **DELETE** endpoints return status **No Content (204)**
- * **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
- * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
- * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
+
+- **GET** endpoints return requested object and status **OK (200)**
+- **DELETE** endpoints return status **No Content (204)**
+- **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
+- **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
+- **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object

 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
+
 ### Endpoints returning lists should
- * support pagination (`page` & `limit` options in query)
- * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))

-## Large Character Comments
-
-Throughout the codebase there are large-text comments for sections of code, e.g.:
-
-```go
-// __________            .__               
-// \______   \ _______  _|__| ______  _  __
-//  |       _// __ \  \/ /  |/ __ \ \/ \/ /
-//  |    |   \  ___/\   /|  \  ___/\     / 
-//  |____|_  /\___  >\_/ |__|\___  >\/\_/  
-//         \/     \/             \/        
-```
-
-These were created using the `figlet` tool with the `graffiti` font.
-
-A simple way of creating these is to use the following:
-
-```bash
-figlet -f graffiti Review | sed  -e's+^+// +' - | xclip -sel clip -in
-```
+- support pagination (`page` & `limit` options in query)
+- set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))

 ## Backports and Frontports

@ -368,35 +374,35 @@ and lead the development of Gitea.
 To honor the past owners, here's the history of the owners and the time
 they served:

-* 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  * [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
+- 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
+  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>

-* 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
-  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+- 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
+  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>

-* 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
-  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+- 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
+  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>

-* 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
-  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  * [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
+- 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
+  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  - [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>

-* 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
-  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+- 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
+  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

-* 2016-11-04 ~ 2017-12-31
-  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  * [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
-  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+- 2016-11-04 ~ 2017-12-31
+  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  - [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
+  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

 ## Versions

@ -413,20 +419,20 @@ be reviewed by two maintainers and must pass the automatic tests.

 ## Releasing Gitea

-* Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
-* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
-* If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
-  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
-  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
-* If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
-* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
-* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
-* If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
-* Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
-* Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
-  * bump the version of https://dl.gitea.io/gitea/version.json
-  * merge the blog post PR
-  * announce the release in discord `#announcements`
+- Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
+- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+- If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
+  - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
+  - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
+- If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
+- Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
+- And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
+- If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
+- Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
+- Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
+  - bump the version of https://dl.gitea.io/gitea/version.json
+  - merge the blog post PR
+  - announce the release in discord `#announcements`

 ## Copyright

--- a/2
+++ b/2
@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.18-alpine3.16 AS build-env
+FROM golang:1.19-alpine3.16 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.18-alpine3.16 AS build-env
+FROM golang:1.19-alpine3.16 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -31,6 +31,7 @@ EXPOSE 2222 3000
 RUN apk --no-cache add \
    bash \
    ca-certificates \
+    dumb-init \
    gettext \
    git \
    curl \
@ -62,12 +63,12 @@ ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea

-#TODO add to docs the ability to define the ini to load (usefull to test and revert a config)
+#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
 ENV GITEA_APP_INI /etc/gitea/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
 WORKDIR /var/lib/gitea

-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD []

--- a/3
+++ b/3
@ -47,3 +47,6 @@ Leon Hofmeister <dev.lh@web.de> (@delvh)
 Gusted <williamzijl7@hotmail.com) (@Gusted)
 silentcode <silentcode@senga.org> (@silentcodeg)
 Wim <wim@42.be> (@42wim)
+xinyu <xinyu@nerv.org.cn> (@penlinux)
+Jason Song <i@wolfogre.com> (@wolfogre)
+Yarden Shoham <hrsi88@gmail.com> (@yardenshoham)
--- a/319
+++ b/319
@ -17,24 +17,25 @@ else
 DIST := dist
 DIST_DIRS := $(DIST)/binaries $(DIST)/release
 IMPORT := code.gitea.io/gitea
-export GO111MODULE=on

 GO ?= go
 SHASUM ?= shasum -a 256
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,

-XGO_VERSION := go-1.18.x
+XGO_VERSION := go-1.19.x

-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.29.0
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.4.0
-ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.0
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.40.4
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.5.0
+ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.1
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.1
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.47.0
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.29.0
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.0
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
+GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.3.0
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@ -99,7 +100,7 @@ LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(G

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

-GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
+GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))

 FOMANTIC_WORK_DIR := web_src/fomantic

@ -111,25 +112,39 @@ WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack pub
 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))

+GENERATED_GO_DEST := modules/charset/invisible_gen.go modules/charset/ambiguous_gen.go
+
 SVG_DEST_DIR := public/img/svg

 AIR_TMP_DIR := .air

+GO_LICENSE_TMP_DIR := .go-licenses
+GO_LICENSE_FILE := assets/go-licenses.json
+
 TAGS ?=
 TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS))
 TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags

 TEST_TAGS ?= sqlite sqlite_unlock_notify

-TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR)
+TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)

-GO_DIRS := cmd integrations models modules routers build services tools
+GO_DIRS := cmd tests models modules routers build services tools
+WEB_DIRS := web_src/js web_src/less

 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
+GO_SOURCES += $(GENERATED_GO_DEST)
+GO_SOURCES_NO_BINDATA := $(GO_SOURCES)

 ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
 	GO_SOURCES += $(BINDATA_DEST)
+	GENERATED_GO_DEST += $(BINDATA_DEST)
+endif
+
+# Force installation of playwright dependencies by setting this flag
+ifdef DEPS_PLAYWRIGHT
+	PLAYWRIGHT_FLAGS += --with-deps
 endif

 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
@ -183,6 +198,7 @@ help:
 	@echo " - test                             test everything"
 	@echo " - test-frontend                    test frontend files"
 	@echo " - test-backend                     test backend files"
+	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
@ -194,6 +210,7 @@ help:
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
+	@echo " - go-licenses                      regenerate go licenses"
 	@echo " - vet                              examines Go source code and reports suspicious constructs"
 	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]    	    run unit test"
@ -202,9 +219,9 @@ help:

 .PHONY: go-check
 go-check:
-	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
-	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
-	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
+	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9]+' go.mod | cut -d' ' -f2))
+	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
+	$(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
 		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
 		exit 1; \
@ -237,14 +254,33 @@ clean:
 	$(GO) clean -i ./...
 	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) $(BINDATA_HASH) \
 		integrations*.test \
-		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
-		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
-		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini man/
+		e2e*.test \
+		tests/integration/gitea-integration-pgsql/ tests/integration/gitea-integration-mysql/ tests/integration/gitea-integration-mysql8/ tests/integration/gitea-integration-sqlite/ \
+		tests/integration/gitea-integration-mssql/ tests/integration/indexers-mysql/ tests/integration/indexers-mysql8/ tests/integration/indexers-pgsql tests/integration/indexers-sqlite \
+		tests/integration/indexers-mssql tests/mysql.ini tests/mysql8.ini tests/pgsql.ini tests/mssql.ini man/ \
+		tests/e2e/gitea-e2e-pgsql/ tests/e2e/gitea-e2e-mysql/ tests/e2e/gitea-e2e-mysql8/ tests/e2e/gitea-e2e-sqlite/ \
+		tests/e2e/gitea-e2e-mssql/ tests/e2e/indexers-mysql/ tests/e2e/indexers-mysql8/ tests/e2e/indexers-pgsql/ tests/e2e/indexers-sqlite/ \
+		tests/e2e/indexers-mssql/ tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/

 .PHONY: fmt
 fmt:
-	@echo "Running gitea-fmt (with gofumpt)..."
-	@MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
+	GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
+	$(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
+	@# strip whitespace after '{{' and before `}}` unless there is only whitespace before it
+	@$(SED_INPLACE) -e 's/{{[ 	]\{1,\}/{{/g' -e '/^[ 	]\{1,\}}}/! s/[ 	]\{1,\}}}/}}/g' $(TEMPLATES)
+
+.PHONY: fmt-check
+fmt-check: fmt
+	@diff=$$(git diff $(GO_SOURCES) templates $(WEB_DIRS)); \
+	if [ -n "$$diff" ]; then \
+	  echo "Please run 'make fmt' and commit the result:"; \
+	  echo "$${diff}"; \
+	  exit 1; \
+	fi
+
+.PHONY: misspell-check
+misspell-check:
+	go run $(MISSPELL_PACKAGE) -error $(GO_DIRS) $(WEB_DIRS)

 .PHONY: vet
 vet:
@ -262,7 +298,9 @@ TAGS_PREREQ := $(TAGS_EVIDENCE)
 endif

 .PHONY: generate-swagger
-generate-swagger:
+generate-swagger: $(SWAGGER_SPEC)
+
+$(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)
 	$(GO) run $(SWAGGER_PACKAGE) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
@ -287,16 +325,6 @@ errcheck:
 	@echo "Running errcheck..."
 	$(GO) run $(ERRCHECK_PACKAGE) $(GO_PACKAGES)

-.PHONY: fmt-check
-fmt-check:
-	# get all go files and run gitea-fmt (with gofmt) on them
-	@diff=$$(MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -l '{file-list}'); \
-	if [ -n "$$diff" ]; then \
-		echo "Please run 'make fmt' and commit the result:"; \
-		echo "$${diff}"; \
-		exit 1; \
-	fi
-
 .PHONY: checks
 checks: checks-frontend checks-backend

@ -304,15 +332,17 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check

 .PHONY: checks-backend
-checks-backend: gomod-check swagger-check swagger-validate
+checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate

 .PHONY: lint
 lint: lint-frontend lint-backend

 .PHONY: lint-frontend
 lint-frontend: node_modules
-	npx eslint --color --max-warnings=0 web_src/js build templates *.config.js docs/assets/js
+	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
 	npx stylelint --color --max-warnings=0 web_src/less
+	npx spectral lint -q -F hint $(SWAGGER_SPEC)
+	npx markdownlint docs *.md

 .PHONY: lint-backend
 lint-backend: golangci-lint vet editorconfig-checker
@ -328,7 +358,7 @@ watch-frontend: node-check node_modules

 .PHONY: watch-backend
 watch-backend: go-check
-	$(GO) run $(AIR_PACKAGE) -c .air.toml
+	GITEA_RUN_MODE=dev $(GO) run $(AIR_PACKAGE) -c .air.toml

 .PHONY: test
 test: test-frontend test-backend
@ -340,7 +370,7 @@ test-backend:

 .PHONY: test-frontend
 test-frontend: node_modules
-	@NODE_OPTIONS="--experimental-vm-modules --no-warnings" npx jest --color
+	npx vitest

 .PHONY: test-check
 test-check:
@ -363,7 +393,7 @@ test\#%:
 coverage:
 	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out
 	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out
-	GO111MODULE=on $(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all || (echo "gocovmerge failed"; echo "integration.coverage.out"; cat integration.coverage.out; echo "coverage.out"; cat coverage.out; exit 1)
+	$(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all

 .PHONY: unit-test-coverage
 unit-test-coverage:
@ -374,40 +404,51 @@ unit-test-coverage:
 tidy:
 	$(eval MIN_GO_VERSION := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
 	$(GO) mod tidy -compat=$(MIN_GO_VERSION)
+	@$(MAKE) --no-print-directory $(GO_LICENSE_FILE)

-.PHONY: vendor
-vendor: tidy
+vendor: go.mod go.sum
 	$(GO) mod vendor
+	@touch vendor

-.PHONY: gomod-check
-gomod-check: tidy
-	@diff=$$(git diff go.sum); \
+.PHONY: tidy-check
+tidy-check: tidy
+	@diff=$$(git diff go.mod go.sum $(GO_LICENSE_FILE)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make tidy' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi

+.PHONY: go-licenses
+go-licenses: $(GO_LICENSE_FILE)
+
+$(GO_LICENSE_FILE): go.mod go.sum
+	-$(GO) run $(GO_LICENSES_PACKAGE) save . --force --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null
+	$(GO) run build/generate-go-licenses.go $(GO_LICENSE_TMP_DIR) $(GO_LICENSE_FILE)
+	@rm -rf $(GO_LICENSE_TMP_DIR)
+
 generate-ini-sqlite:
 	sed -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-			integrations/sqlite.ini.tmpl > integrations/sqlite.ini
+		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
+			tests/sqlite.ini.tmpl > tests/sqlite.ini

 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test

 .PHONY: test-sqlite\#%
 test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)

 .PHONY: test-sqlite-migration
 test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.individual.sqlite.test

 .PHONY: test-sqlite-migration\#%
 test-sqlite-migration\#%:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)


 generate-ini-mysql:
@ -416,20 +457,22 @@ generate-ini-mysql:
 		-e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-			integrations/mysql.ini.tmpl > integrations/mysql.ini
+		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
+			tests/mysql.ini.tmpl > tests/mysql.ini

 .PHONY: test-mysql
 test-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test

 .PHONY: test-mysql\#%
 test-mysql\#%: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)

 .PHONY: test-mysql-migration
 test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.individual.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.individual.mysql.test

 generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
@ -437,20 +480,22 @@ generate-ini-mysql8:
 		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-			integrations/mysql8.ini.tmpl > integrations/mysql8.ini
+		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
+			tests/mysql8.ini.tmpl > tests/mysql8.ini

 .PHONY: test-mysql8
 test-mysql8: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test

 .PHONY: test-mysql8\#%
 test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)

 .PHONY: test-mysql8-migration
 test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.individual.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.individual.mysql8.test

 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
@ -459,20 +504,22 @@ generate-ini-pgsql:
 		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
 		-e 's|{{TEST_PGSQL_SCHEMA}}|${TEST_PGSQL_SCHEMA}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-			integrations/pgsql.ini.tmpl > integrations/pgsql.ini
+		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
+			tests/pgsql.ini.tmpl > tests/pgsql.ini

 .PHONY: test-pgsql
 test-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test

 .PHONY: test-pgsql\#%
 test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)

 .PHONY: test-pgsql-migration
 test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.individual.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.individual.pgsql.test

 generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
@ -480,85 +527,140 @@ generate-ini-mssql:
 		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
 		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-			integrations/mssql.ini.tmpl > integrations/mssql.ini
+		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
+			tests/mssql.ini.tmpl > tests/mssql.ini

 .PHONY: test-mssql
 test-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test

 .PHONY: test-mssql\#%
 test-mssql\#%: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)

 .PHONY: test-mssql-migration
 test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test -test.failfast
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.individual.mssql.test -test.failfast
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test -test.failfast
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.individual.mssql.test -test.failfast
+
+.PHONY: playwright
+playwright: $(PLAYWRIGHT_DIR)
+	npm install --no-save @playwright/test
+	npx playwright install $(PLAYWRIGHT_FLAGS)
+
+.PHONY: test-e2e%
+test-e2e%: TEST_TYPE ?= e2e
+	# Clear display env variable. Otherwise, chromium tests can fail.
+	DISPLAY=
+
+.PHONY: test-e2e
+test-e2e: test-e2e-sqlite
+
+.PHONY: test-e2e-sqlite
+test-e2e-sqlite: playwright e2e.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test
+
+.PHONY: test-e2e-sqlite\#%
+test-e2e-sqlite\#%: playwright e2e.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestE2e/$*
+
+.PHONY: test-e2e-mysql
+test-e2e-mysql: playwright e2e.mysql.test generate-ini-mysql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test
+
+.PHONY: test-e2e-mysql\#%
+test-e2e-mysql\#%: playwright e2e.mysql.test generate-ini-mysql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test -test.run TestE2e/$*
+
+.PHONY: test-e2e-mysql8
+test-e2e-mysql8: playwright e2e.mysql8.test generate-ini-mysql8
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test
+
+.PHONY: test-e2e-mysql8\#%
+test-e2e-mysql8\#%: playwright e2e.mysql8.test generate-ini-mysql8
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test -test.run TestE2e/$*
+
+.PHONY: test-e2e-pgsql
+test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test
+
+.PHONY: test-e2e-pgsql\#%
+test-e2e-pgsql\#%: playwright e2e.pgsql.test generate-ini-pgsql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test -test.run TestE2e/$*
+
+.PHONY: test-e2e-mssql
+test-e2e-mssql: playwright e2e.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test
+
+.PHONY: test-e2e-mssql\#%
+test-e2e-mssql\#%: playwright e2e.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test -test.run TestE2e/$*

 .PHONY: bench-sqlite
 bench-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-mysql
 bench-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-mssql
 bench-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-pgsql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: integration-test-coverage
 integration-test-coverage: integrations.cover.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out

 .PHONY: integration-test-coverage-sqlite
 integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out

 integrations.mysql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test

 integrations.mysql8.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql8.test

 integrations.pgsql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test

 integrations.mssql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mssql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mssql.test

 integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'

 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test

 integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'

 .PHONY: migrations.mysql.test
 migrations.mysql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test

 .PHONY: migrations.mysql8.test
 migrations.mysql8.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql8.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql8.test

 .PHONY: migrations.pgsql.test
 migrations.pgsql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test

 .PHONY: migrations.mssql.test
 migrations.mssql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mssql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mssql.test

 .PHONY: migrations.sqlite.test
 migrations.sqlite.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'

 .PHONY: migrations.individual.mysql.test
 migrations.individual.mysql.test: $(GO_SOURCES)
@ -580,6 +682,21 @@ migrations.individual.mssql.test: $(GO_SOURCES)
 migrations.individual.sqlite.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.sqlite.test -tags '$(TEST_TAGS)'

+e2e.mysql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
+
+e2e.mysql8.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql8.test
+
+e2e.pgsql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test
+
+e2e.mssql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mssql.test
+
+e2e.sqlite.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'
+
 .PHONY: check
 check: test

@ -594,27 +711,38 @@ build: frontend backend
 frontend: $(WEBPACK_DEST)

 .PHONY: backend
-backend: go-check generate $(EXECUTABLE)
+backend: go-check generate-backend $(EXECUTABLE)

+# We generate the backend before the frontend in case we in future we want to generate things in the frontend from generated files in backend
 .PHONY: generate
-generate: $(TAGS_PREREQ)
+generate: generate-backend
+
+.PHONY: generate-backend
+generate-backend: $(TAGS_PREREQ) generate-go
+
+.PHONY: generate-go
+generate-go: $(TAGS_PREREQ)
 	@echo "Running go generate..."
 	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)

+.PHONY: security-check
+security-check:
+	govulncheck -v ./...
+
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check

 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)

 .PHONY: release-windows
 release-windows: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 ifeq (,$(findstring gogit,$(TAGS)))
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
@ -634,6 +762,13 @@ ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif

+.PHONY: release-freebsd
+release-freebsd: | $(DIST_DIRS)
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
+ifeq ($(CI),true)
+	cp /build/* $(DIST)/binaries
+endif
+
 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)
 	cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
@ -685,6 +820,8 @@ deps-backend:
 	$(GO) install $(MISSPELL_PACKAGE)
 	$(GO) install $(SWAGGER_PACKAGE)
 	$(GO) install $(XGO_PACKAGE)
+	$(GO) install $(GO_LICENSES_PACKAGE)
+	$(GO) install $(GOVULNCHECK_PACKAGE)

 node_modules: package-lock.json
 	npm install --no-save
@ -754,11 +891,11 @@ update-translations:

 .PHONY: generate-license
 generate-license:
-	GO111MODULE=on $(GO) run build/generate-licenses.go
+	$(GO) run build/generate-licenses.go

 .PHONY: generate-gitignore
 generate-gitignore:
-	GO111MODULE=on $(GO) run build/generate-gitignores.go
+	$(GO) run build/generate-gitignores.go

 .PHONY: generate-images
 generate-images: | node_modules
@ -771,7 +908,7 @@ generate-manpage:
 	@mkdir -p man/man1/ man/man5
 	@./gitea docs --man > man/man1/gitea.1
 	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
-	@#TODO A smal script witch format config-cheat-sheet.en-us.md nicely to suit as config man page
+	@#TODO A small script that formats config-cheat-sheet.en-us.md nicely for use as a config man page

 .PHONY: pr\#%
 pr\#%: clean-all
--- a/README.md
+++ b/README.md
@ -33,6 +33,12 @@
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
+  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
+  <img
+    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
+    alt="Contribute with Gitpod"
+  />
+  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
@ -45,21 +51,21 @@
 </p>

 <p align="center">
-  <a href="README_ZH.md">View the chinese version of this document</a>
+  <a href="README_ZH.md">View this document in Chinese</a>
 </p>

 ## Purpose

 The goal of this project is to make the easiest, fastest, and most
 painless way of setting up a self-hosted Git service.
-Using Go, this can be done with an independent binary distribution across
-**all platforms** which Go supports, including Linux, macOS, and Windows
-on x86, amd64, ARM and PowerPC architectures.
-Want to try it before doing anything else?
-Do it [with the online demo](https://try.gitea.io/)!
+
+As Gitea is written in Go, it works across **all** the platforms and
+architectures that are supported by Go, including Linux, macOS, and
+Windows on x86, amd64, ARM and PowerPC architectures.
+You can try it out using [the online demo](https://try.gitea.io/).
 This project has been
 [forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
-[Gogs](https://gogs.io) since 2016.11 but changed a lot.
+[Gogs](https://gogs.io) since November of 2016, but a lot has changed.

 ## Building

@ -100,9 +106,9 @@ NOTES:

 ## Translating

-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there. 
+Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.

-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope fo fill it as questions pop up.
+You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.

 https://docs.gitea.io/en-us/translation-guidelines/

@ -113,15 +119,17 @@ https://docs.gitea.io/en-us/translation-guidelines/
 For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
 If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).

-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).  
-The hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).  
+We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
+
+The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
+
 The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).

 ## Authors

-* [Maintainers](https://github.com/orgs/go-gitea/people)
-* [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
-* [Translators](options/locale/TRANSLATORS)
+- [Maintainers](https://github.com/orgs/go-gitea/people)
+- [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
+- [Translators](options/locale/TRANSLATORS)

 ## Backers

@ -143,6 +151,7 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
 <a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
+<a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>

 ## FAQ

@ -161,6 +170,7 @@ See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
 for the full license text.

 ## Screenshots
+
 Looking for an overview of the interface? Check it out!

 |![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
--- a/README_ZH.md
+++ b/README_ZH.md
@ -33,6 +33,12 @@
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
+  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
+  <img
+    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
+    alt="Contribute with Gitpod"
+  />
+  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
@ -45,7 +51,7 @@
 </p>

 <p align="center">
-  <a href="README.md">View the english version of this document</a>
+  <a href="README.md">View this document in English</a>
 </p>

 ## 目标
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,10 +1,83 @@
 # Reporting security issues

-The Gitea maintainers take security seriously.  
+The Gitea maintainers take security seriously.
+
 If you discover a security issue, please bring it to their attention right away!

-### Reporting a Vulnerability
+## Reporting a Vulnerability

 Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.

+## Protecting Security Information
+
+Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
+
+The PGP key is valid until June 24, 2024.
+
+```
+Key ID: 6FCD2D5B
+Key Type: RSA
+Expires: 6/24/2024
+Key Size: 4096/4096
+Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B
+```
+
+UserID: Gitea Security <security@gitea.io>
+
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8
+4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r
+OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w
+k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7
+kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV
+rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR
+3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z
+q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X
+CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F
+lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e
+AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB
+tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE
+PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
+CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94
+njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI
+4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A
+bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa
+ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE
+i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb
+Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo
+srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb
+a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR
+JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5
+kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX
+AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen
+T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN
+GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46
+XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E
+ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX
+03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP
+RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw
+qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T
+s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/
+axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt
+D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x
+Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC
+YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA
+Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN
+D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B
+O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva
+6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U
+GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+
+7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg
+q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik
+ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP
+GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/
+i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G
+zgS/ZdziCvdAutqnGA==
+=gZWO
+-----END PGP PUBLIC KEY BLOCK-----
+
+```
+
 Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/assets/emoji.json
+++ b/assets/emoji.json
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@ -20,7 +20,7 @@ import (
 )

 // Windows has a limitation for command line arguments, the size can not exceed 32KB.
-// So we have to feed the files to some tools (like gofmt/misspell) batch by batch
+// So we have to feed the files to some tools (like gofmt) batch by batch

 // We also introduce a `gitea-fmt` command, it does better import formatting than gofmt/goimports. `gitea-fmt` calls `gofmt` internally.

@ -61,7 +61,7 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 			"build",
 			"cmd",
 			"contrib",
-			"integrations",
+			"tests",
 			"models",
 			"modules",
 			"routers",
@ -71,8 +71,8 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))

 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/gitea-repositories-meta`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/migration-test`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/gitea-repositories-meta`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/integration/migration-test`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
@ -195,7 +195,6 @@ Options:

 Commands:
  %[1]s gofmt ...
-  %[1]s misspell ...

 Arguments:
  {file-list}     the file list
@ -206,6 +205,17 @@ Example:
 `, "file-batch-exec")
 }

+func getGoVersion() string {
+	goModFile, err := os.ReadFile("go.mod")
+	if err != nil {
+		log.Fatalf(`Faild to read "go.mod": %v`, err)
+		os.Exit(1)
+	}
+	goModVersionRegex := regexp.MustCompile(`go \d+\.\d+`)
+	goModVersionLine := goModVersionRegex.Find(goModFile)
+	return string(goModVersionLine[3:])
+}
+
 func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
 	fileFilter := mainOptions["file-filter"]
 	if fileFilter == "" {
@ -228,9 +238,9 @@ func containsString(a []string, s string) bool {
 	return false
 }

-func giteaFormatGoImports(files []string, hasChangedFiles, doWriteFile bool) error {
+func giteaFormatGoImports(files []string, doWriteFile bool) error {
 	for _, file := range files {
-		if err := codeformat.FormatGoImports(file, hasChangedFiles, doWriteFile); err != nil {
+		if err := codeformat.FormatGoImports(file, doWriteFile); err != nil {
 			log.Printf("failed to format go imports: %s, err=%v", file, err)
 			return err
 		}
@ -269,10 +279,8 @@ func main() {
 			if containsString(subArgs, "-d") {
 				log.Print("the -d option is not supported by gitea-fmt")
 			}
-			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", "1.17"}, substArgs...)))
-		case "misspell":
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("MISSPELL_PACKAGE")}, substArgs...)))
+			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-w")))
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", getGoVersion()}, substArgs...)))
 		default:
 			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
 		}
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@ -7,7 +7,6 @@ package codeformat
 import (
 	"bytes"
 	"errors"
-	"fmt"
 	"io"
 	"os"
 	"sort"
@ -159,7 +158,7 @@ func formatGoImports(contentBytes []byte) ([]byte, error) {
 }

 // FormatGoImports format the imports by our rules (see unit tests)
-func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
+func FormatGoImports(file string, doWriteFile bool) error {
 	f, err := os.Open(file)
 	if err != nil {
 		return err
@ -183,10 +182,6 @@ func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
 		return nil
 	}

-	if doChangedFiles {
-		fmt.Println(file)
-	}
-
 	if doWriteFile {
 		f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0o644)
 		if err != nil {
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@ -26,7 +26,7 @@ import (

 const (
 	gemojiURL         = "https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json"
-	maxUnicodeVersion = 12
+	maxUnicodeVersion = 14
 )

 var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
@ -214,8 +214,7 @@ const hdr = `

 package emoji

-// Code generated by gen.go. DO NOT EDIT.
+// Code generated by build/generate-emoji.go. DO NOT EDIT.
 // Sourced from %s
-//
 var GemojiData = %#v
 `
--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@ -0,0 +1,82 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import (
+	"encoding/json"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"regexp"
+	"sort"
+	"strings"
+)
+
+// regexp is based on go-license, excluding README and NOTICE
+// https://github.com/google/go-licenses/blob/master/licenses/find.go
+var licenseRe = regexp.MustCompile(`^(?i)((UN)?LICEN(S|C)E|COPYING).*$`)
+
+type LicenseEntry struct {
+	Name        string `json:"name"`
+	Path        string `json:"path"`
+	LicenseText string `json:"licenseText"`
+}
+
+func main() {
+	base, out := os.Args[1], os.Args[2]
+
+	paths := []string{}
+	err := filepath.WalkDir(base, func(path string, entry fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) {
+			return nil
+		}
+		paths = append(paths, path)
+		return nil
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	sort.Strings(paths)
+
+	entries := []LicenseEntry{}
+	for _, path := range paths {
+		licenseText, err := os.ReadFile(path)
+		if err != nil {
+			panic(err)
+		}
+
+		path := strings.Replace(path, base+string(os.PathSeparator), "", 1)
+		name := filepath.Dir(path)
+
+		// There might be a bug somewhere in go-licenses that sometimes interprets the
+		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by
+		// removing both of them for the sake of stable output.
+		if name == "." || name == "code.gitea.io/gitea" {
+			continue
+		}
+
+		entries = append(entries, LicenseEntry{
+			Name:        name,
+			Path:        path,
+			LicenseText: string(licenseText),
+		})
+	}
+
+	jsonBytes, err := json.MarshalIndent(entries, "", "  ")
+	if err != nil {
+		panic(err)
+	}
+
+	err = os.WriteFile(out, jsonBytes, 0o644)
+	if err != nil {
+		panic(err)
+	}
+}
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@ -39,6 +39,14 @@ func main() {

 	defer util.Remove(file.Name())

+	if err := os.RemoveAll(destination); err != nil {
+		log.Fatalf("Cannot clean destination folder: %v", err)
+	}
+
+	if err := os.MkdirAll(destination, 0o755); err != nil {
+		log.Fatalf("Cannot create destination: %v", err)
+	}
+
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
--- a/build/gitea-format-imports.go
+++ b/build/gitea-format-imports.go
@ -1,26 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build ignore
-
-package main
-
-import (
-	"log"
-	"os"
-
-	"code.gitea.io/gitea/build/codeformat"
-)
-
-func main() {
-	if len(os.Args) <= 1 {
-		log.Fatalf("Usage: gitea-format-imports [files...]")
-	}
-
-	for _, file := range os.Args[1:] {
-		if err := codeformat.FormatGoImports(file); err != nil {
-			log.Fatalf("can not format file %s, err=%v", file, err)
-		}
-	}
-}
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -13,9 +13,8 @@ import (
 	"strings"
 	"text/tabwriter"

-	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	"code.gitea.io/gitea/models/auth"
+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
@ -157,6 +156,10 @@ var (
 				Name:  "email,e",
 				Usage: "Email of the user to delete",
 			},
+			cli.BoolFlag{
+				Name:  "purge",
+				Usage: "Purge user, all their repositories, organizations and comments",
+			},
 		},
 		Action: runDeleteUser,
 	}
@ -585,16 +588,16 @@ func runCreateUser(c *cli.Context) error {
 	}

 	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
-		return fmt.Errorf("CreateUser: %v", err)
+		return fmt.Errorf("CreateUser: %w", err)
 	}

 	if c.Bool("access-token") {
-		t := &models.AccessToken{
+		t := &auth_model.AccessToken{
 			Name: "gitea-admin",
 			UID:  u.ID,
 		}

-		if err := models.NewAccessToken(t); err != nil {
+		if err := auth_model.NewAccessToken(t); err != nil {
 			return err
 		}

@ -628,9 +631,10 @@ func runListUsers(c *cli.Context) error {
 			}
 		}
 	} else {
-		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\n")
+		twofa := user_model.UserList(users).GetTwoFaStatus()
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
 		for _, u := range users {
-			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin)
+			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
 		}

 	}
@ -675,7 +679,7 @@ func runDeleteUser(c *cli.Context) error {
 		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
 	}

-	return user_service.DeleteUser(user)
+	return user_service.DeleteUser(ctx, user, c.Bool("purge"))
 }

 func runGenerateAccessToken(c *cli.Context) error {
@ -695,12 +699,12 @@ func runGenerateAccessToken(c *cli.Context) error {
 		return err
 	}

-	t := &models.AccessToken{
+	t := &auth_model.AccessToken{
 		Name: c.String("token-name"),
 		UID:  user.ID,
 	}

-	if err := models.NewAccessToken(t); err != nil {
+	if err := auth_model.NewAccessToken(t); err != nil {
 		return err
 	}

@ -731,7 +735,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 			Private: true,
 		})
 		if err != nil {
-			return fmt.Errorf("SearchRepositoryByName: %v", err)
+			return fmt.Errorf("SearchRepositoryByName: %w", err)
 		}
 		if len(repos) == 0 {
 			break
@ -774,9 +778,9 @@ func runRepoSyncReleases(_ *cli.Context) error {
 }

 func getReleaseCount(id int64) (int64, error) {
-	return models.GetReleaseCountByRepoID(
+	return repo_model.GetReleaseCountByRepoID(
 		id,
-		models.FindReleasesOptions{
+		repo_model.FindReleasesOptions{
 			IncludeTags: true,
 		},
 	)
@ -839,8 +843,8 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}

-	return auth.CreateSource(&auth.Source{
-		Type:     auth.OAuth2,
+	return auth_model.CreateSource(&auth_model.Source{
+		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
 		Cfg:      parseOAuth2Config(c),
@ -859,7 +863,7 @@ func runUpdateOauth(c *cli.Context) error {
 		return err
 	}

-	source, err := auth.GetSourceByID(c.Int64("id"))
+	source, err := auth_model.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
@ -939,7 +943,7 @@ func runUpdateOauth(c *cli.Context) error {
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config

-	return auth.UpdateSource(source)
+	return auth_model.UpdateSource(source)
 }

 func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
@ -1010,8 +1014,8 @@ func runAddSMTP(c *cli.Context) error {
 		smtpConfig.Auth = "PLAIN"
 	}

-	return auth.CreateSource(&auth.Source{
-		Type:     auth.SMTP,
+	return auth_model.CreateSource(&auth_model.Source{
+		Type:     auth_model.SMTP,
 		Name:     c.String("name"),
 		IsActive: active,
 		Cfg:      &smtpConfig,
@ -1030,7 +1034,7 @@ func runUpdateSMTP(c *cli.Context) error {
 		return err
 	}

-	source, err := auth.GetSourceByID(c.Int64("id"))
+	source, err := auth_model.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
@ -1051,7 +1055,7 @@ func runUpdateSMTP(c *cli.Context) error {

 	source.Cfg = smtpConfig

-	return auth.UpdateSource(source)
+	return auth_model.UpdateSource(source)
 }

 func runListAuth(c *cli.Context) error {
@ -1062,7 +1066,7 @@ func runListAuth(c *cli.Context) error {
 		return err
 	}

-	authSources, err := auth.Sources()
+	authSources, err := auth_model.Sources()
 	if err != nil {
 		return err
 	}
@ -1100,7 +1104,7 @@ func runDeleteAuth(c *cli.Context) error {
 		return err
 	}

-	source, err := auth.GetSourceByID(c.Int64("id"))
+	source, err := auth_model.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@ -34,6 +34,10 @@ var (
 			Name:  "not-active",
 			Usage: "Deactivate the authentication source.",
 		},
+		cli.BoolFlag{
+			Name:  "active",
+			Usage: "Activate the authentication source.",
+		},
 		cli.StringFlag{
 			Name:  "security-protocol",
 			Usage: "Security protocol name.",
@ -117,6 +121,10 @@ var (
 			Name:  "synchronize-users",
 			Usage: "Enable user synchronization.",
 		},
+		cli.BoolFlag{
+			Name:  "disable-synchronize-users",
+			Usage: "Disable user synchronization.",
+		},
 		cli.UintFlag{
 			Name:  "page-size",
 			Usage: "Search page size.",
@ -183,9 +191,15 @@ func parseAuthSource(c *cli.Context, authSource *auth.Source) {
 	if c.IsSet("not-active") {
 		authSource.IsActive = !c.Bool("not-active")
 	}
+	if c.IsSet("active") {
+		authSource.IsActive = c.Bool("active")
+	}
 	if c.IsSet("synchronize-users") {
 		authSource.IsSyncEnabled = c.Bool("synchronize-users")
 	}
+	if c.IsSet("disable-synchronize-users") {
+		authSource.IsSyncEnabled = !c.Bool("disable-synchronize-users")
+	}
 }

 // parseLdapConfig assigns values on config according to command line flags.
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@ -858,6 +858,36 @@ func TestUpdateLdapBindDn(t *testing.T) {
 			},
 			errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",
 		},
+		// case 24
+		{
+			args: []string{
+				"ldap-test",
+				"--id", "24",
+				"--name", "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
+				"--active",
+				"--disable-synchronize-users",
+			},
+			id: 24,
+			existingAuthSource: &auth.Source{
+				Type:          auth.LDAP,
+				IsActive:      false,
+				IsSyncEnabled: true,
+				Cfg: &ldap.Source{
+					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
+					Enabled: true,
+				},
+			},
+			authSource: &auth.Source{
+				Type:          auth.LDAP,
+				Name:          "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
+				IsActive:      true,
+				IsSyncEnabled: false,
+				Cfg: &ldap.Source{
+					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
+					Enabled: true,
+				},
+			},
+		},
 	}

 	for n, c := range cases {
@ -1221,6 +1251,33 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			},
 			errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",
 		},
+		// case 20
+		{
+			args: []string{
+				"ldap-test",
+				"--id", "20",
+				"--name", "ldap (simple auth) flip 'active' attribute",
+				"--active",
+			},
+			id: 20,
+			existingAuthSource: &auth.Source{
+				Type:     auth.DLDAP,
+				IsActive: false,
+				Cfg: &ldap.Source{
+					Name:    "ldap (simple auth) flip 'active' attribute",
+					Enabled: true,
+				},
+			},
+			authSource: &auth.Source{
+				Type:     auth.DLDAP,
+				Name:     "ldap (simple auth) flip 'active' attribute",
+				IsActive: true,
+				Cfg: &ldap.Source{
+					Name:    "ldap (simple auth) flip 'active' attribute",
+					Enabled: true,
+				},
+			},
+		},
 	}

 	for n, c := range cases {
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@ -68,7 +68,7 @@ Ensure you are running in the correct environment or set the correct configurati
 If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
 	}
 	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %v", setting.CustomConf, err)
+		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %w", setting.CustomConf, err)
 	}
 	return nil
 }
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@ -5,6 +5,7 @@
 package cmd

 import (
+	"errors"
 	"fmt"
 	golog "log"
 	"os"
@ -123,20 +124,11 @@ func runRecreateTable(ctx *cli.Context) error {
 	})
 }

-func runDoctor(ctx *cli.Context) error {
-	// Silence the default loggers
-	log.DelNamedLogger("console")
-	log.DelNamedLogger(log.DEFAULT)
-
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	// Now setup our own
+func setDoctorLogger(ctx *cli.Context) {
 	logFile := ctx.String("log-file")
 	if !ctx.IsSet("log-file") {
 		logFile = "doctor.log"
 	}
-
 	colorize := log.CanColorStdout
 	if ctx.IsSet("color") {
 		colorize = ctx.Bool("color")
@ -144,11 +136,50 @@ func runDoctor(ctx *cli.Context) error {

 	if len(logFile) == 0 {
 		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
-	} else if logFile == "-" {
+		return
+	}
+
+	defer func() {
+		recovered := recover()
+		if recovered == nil {
+			return
+		}
+
+		err, ok := recovered.(error)
+		if !ok {
+			panic(recovered)
+		}
+		if errors.Is(err, os.ErrPermission) {
+			fmt.Fprintf(os.Stderr, "ERROR: Unable to write logs to provided file due to permissions error: %s\n       %v\n", logFile, err)
+		} else {
+			fmt.Fprintf(os.Stderr, "ERROR: Unable to write logs to provided file: %s\n       %v\n", logFile, err)
+		}
+		fmt.Fprintf(os.Stderr, "WARN: Logging will be disabled\n       Use `--log-file` to configure log file location\n")
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
+	}()
+
+	if logFile == "-" {
 		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"trace","stacktracelevel":"NONE","colorize":%t}`, colorize))
 	} else {
 		log.NewLogger(1000, "doctor", "file", fmt.Sprintf(`{"filename":%q,"level":"trace","stacktracelevel":"NONE"}`, logFile))
 	}
+}
+
+func runDoctor(ctx *cli.Context) error {
+	stdCtx, cancel := installSignals()
+	defer cancel()
+
+	// Silence the default loggers
+	log.DelNamedLogger("console")
+	log.DelNamedLogger(log.DEFAULT)
+
+	// Now setup our own
+	setDoctorLogger(ctx)
+
+	colorize := log.CanColorStdout
+	if ctx.IsSet("color") {
+		colorize = ctx.Bool("color")
+	}

 	// Finally redirect the default golog to here
 	golog.SetFlags(0)
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -22,7 +22,7 @@ import (
 	"code.gitea.io/gitea/modules/util"

 	"gitea.com/go-chi/session"
-	archiver "github.com/mholt/archiver/v3"
+	"github.com/mholt/archiver/v3"
 	"github.com/urfave/cli"
 )

@ -92,7 +92,7 @@ func (o outputType) String() string {
 }

 var outputTypeEnum = &outputType{
-	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"},
+	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4", "tar.zst"},
 	Default: "zip",
 }

@ -146,6 +146,10 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-package-data",
 			Usage: "Skip package data",
 		},
+		cli.BoolFlag{
+			Name:  "skip-index",
+			Usage: "Skip bleve index data",
+		},
 		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
@ -327,6 +331,11 @@ func runDump(ctx *cli.Context) error {
 			excludes = append(excludes, opts.ProviderConfig)
 		}

+		if ctx.IsSet("skip-index") && ctx.Bool("skip-index") {
+			excludes = append(excludes, setting.Indexer.RepoPath)
+			excludes = append(excludes, setting.Indexer.IssuePath)
+		}
+
 		excludes = append(excludes, setting.RepoRootPath)
 		excludes = append(excludes, setting.LFS.Path)
 		excludes = append(excludes, setting.Attachment.Path)
@ -439,8 +448,23 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 				}
 			}
 		} else {
-			if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
-				return err
+			// only copy regular files and symlink regular files, skip non-regular files like socket/pipe/...
+			shouldAdd := file.Mode().IsRegular()
+			if !shouldAdd && file.Mode()&os.ModeSymlink == os.ModeSymlink {
+				target, err := filepath.EvalSymlinks(currentAbsPath)
+				if err != nil {
+					return err
+				}
+				targetStat, err := os.Stat(target)
+				if err != nil {
+					return err
+				}
+				shouldAdd = targetStat.Mode().IsRegular()
+			}
+			if shouldAdd {
+				if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
+					return err
+				}
 			}
 		}
 	}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@ -7,13 +7,17 @@ package cmd
 import (
 	"context"
 	"errors"
+	"fmt"
+	"os"
 	"strings"

 	"code.gitea.io/gitea/modules/convert"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/migrations"

 	"github.com/urfave/cli"
@ -83,6 +87,11 @@ func runDumpRepository(ctx *cli.Context) error {
 		return err
 	}

+	// migrations.GiteaLocalUploader depends on git module
+	if err := git.InitSimple(context.Background()); err != nil {
+		return err
+	}
+
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
@ -128,7 +137,9 @@ func runDumpRepository(ctx *cli.Context) error {
 	} else {
 		units := strings.Split(ctx.String("units"), ",")
 		for _, unit := range units {
-			switch strings.ToLower(unit) {
+			switch strings.ToLower(strings.TrimSpace(unit)) {
+			case "":
+				continue
 			case "wiki":
 				opts.Wiki = true
 			case "issues":
@ -145,13 +156,29 @@ func runDumpRepository(ctx *cli.Context) error {
 				opts.Comments = true
 			case "pull_requests":
 				opts.PullRequests = true
+			default:
+				return errors.New("invalid unit: " + unit)
 			}
 		}
 	}

+	// the repo_dir will be removed if error occurs in DumpRepository
+	// make sure the directory doesn't exist or is empty, prevent from deleting user files
+	repoDir := ctx.String("repo_dir")
+	if exists, err := util.IsExist(repoDir); err != nil {
+		return fmt.Errorf("unable to stat repo_dir %q: %w", repoDir, err)
+	} else if exists {
+		if isDir, _ := util.IsDir(repoDir); !isDir {
+			return fmt.Errorf("repo_dir %q already exists but it's not a directory", repoDir)
+		}
+		if dir, _ := os.ReadDir(repoDir); len(dir) > 0 {
+			return fmt.Errorf("repo_dir %q is not empty", repoDir)
+		}
+	}
+
 	if err := migrations.DumpRepository(
 		context.Background(),
-		ctx.String("repo_dir"),
+		repoDir,
 		ctx.String("owner_name"),
 		opts,
 	); err != nil {
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@ -123,7 +123,7 @@ func initEmbeddedExtractor(c *cli.Context) error {

 	sections["public"] = &section{Path: "public", Names: public.AssetNames, IsDir: public.AssetIsDir, Asset: public.Asset}
 	sections["options"] = &section{Path: "options", Names: options.AssetNames, IsDir: options.AssetIsDir, Asset: options.Asset}
-	sections["templates"] = &section{Path: "templates", Names: templates.AssetNames, IsDir: templates.AssetIsDir, Asset: templates.Asset}
+	sections["templates"] = &section{Path: "templates", Names: templates.BuiltinAssetNames, IsDir: templates.BuiltinAssetIsDir, Asset: templates.BuiltinAsset}

 	for _, sec := range sections {
 		assets = append(assets, buildAssetList(sec, pats, c)...)
@ -186,11 +186,11 @@ func runViewDo(c *cli.Context) error {

 	data, err := assets[0].Section.Asset(assets[0].Name)
 	if err != nil {
-		return fmt.Errorf("%s: %v", assets[0].Path, err)
+		return fmt.Errorf("%s: %w", assets[0].Path, err)
 	}

 	if _, err = os.Stdout.Write(data); err != nil {
-		return fmt.Errorf("%s: %v", assets[0].Path, err)
+		return fmt.Errorf("%s: %w", assets[0].Path, err)
 	}

 	return nil
@ -251,11 +251,11 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {

 	data, err := a.Section.Asset(a.Name)
 	if err != nil {
-		return fmt.Errorf("%s: %v", a.Path, err)
+		return fmt.Errorf("%s: %w", a.Path, err)
 	}

 	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
-		return fmt.Errorf("%s: %v", dir, err)
+		return fmt.Errorf("%s: %w", dir, err)
 	}

 	perms := os.ModePerm & 0o666
@ -263,7 +263,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 	fi, err := os.Lstat(dest)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
-			return fmt.Errorf("%s: %v", dest, err)
+			return fmt.Errorf("%s: %w", dest, err)
 		}
 	} else if !overwrite && !rename {
 		fmt.Printf("%s already exists; skipped.\n", dest)
@ -272,7 +272,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 		return fmt.Errorf("%s already exists, but it's not a regular file", dest)
 	} else if rename {
 		if err := util.Rename(dest, dest+".bak"); err != nil {
-			return fmt.Errorf("Error creating backup for %s: %v", dest, err)
+			return fmt.Errorf("Error creating backup for %s: %w", dest, err)
 		}
 		// Attempt to respect file permissions mask (even if user:group will be set anew)
 		perms = fi.Mode()
@ -280,12 +280,12 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {

 	file, err := os.OpenFile(dest, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, perms)
 	if err != nil {
-		return fmt.Errorf("%s: %v", dest, err)
+		return fmt.Errorf("%s: %w", dest, err)
 	}
 	defer file.Close()

 	if _, err = file.Write(data); err != nil {
-		return fmt.Errorf("%s: %v", dest, err)
+		return fmt.Errorf("%s: %w", dest, err)
 	}

 	fmt.Println(dest)
@ -325,7 +325,7 @@ func getPatterns(args []string) ([]glob.Glob, error) {
 	pat := make([]glob.Glob, len(args))
 	for i := range args {
 		if g, err := glob.Compile(args[i], '/'); err != nil {
-			return nil, fmt.Errorf("'%s': Invalid glob pattern: %v", args[i], err)
+			return nil, fmt.Errorf("'%s': Invalid glob pattern: %w", args[i], err)
 		} else {
 			pat[i] = g
 		}
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -312,7 +312,7 @@ func runHookPostReceive(c *cli.Context) error {

 	// First of all run update-server-info no matter what
 	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
-		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
+		return fmt.Errorf("Failed to call 'git update-server-info': %w", err)
 	}

 	// Now if we're an internal don't do anything else
@ -792,7 +792,7 @@ func writeDataPktLine(out io.Writer, data []byte) error {
 	if err != nil {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
-	if 4 != lr {
+	if lr != 4 {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}

--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@ -0,0 +1,23 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+func init() {
+	setting.SetCustomPathAndConf("", "", "")
+	setting.LoadForTest()
+}
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: "..",
+	})
+}
--- a/cmd/manager.go
+++ b/cmd/manager.go
@ -82,7 +82,7 @@ var (
 			},
 			cli.BoolFlag{
 				Name:  "no-system",
-				Usage: "Do not show system proceses",
+				Usage: "Do not show system processes",
 			},
 			cli.BoolFlag{
 				Name:  "stacktraces",
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@ -174,6 +174,18 @@ var (
 						Action: runAddSMTPLogger,
 					},
 				},
+			}, {
+				Name:  "log-sql",
+				Usage: "Set LogSQL",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					}, cli.BoolFlag{
+						Name:  "off",
+						Usage: "Switch off SQL logging",
+					},
+				},
+				Action: runSetLogSQL,
 			},
 		},
 	}
@ -381,3 +393,18 @@ func runReleaseReopenLogging(c *cli.Context) error {
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
+
+func runSetLogSQL(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+	setup("manager", c.Bool("debug"))
+
+	statusCode, msg := private.SetLogSQL(ctx, !c.Bool("off"))
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@ -12,9 +12,11 @@ import (
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/migrations"
+	packages_model "code.gitea.io/gitea/models/packages"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
+	packages_module "code.gitea.io/gitea/modules/packages"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"

@ -25,13 +27,13 @@ import (
 var CmdMigrateStorage = cli.Command{
 	Name:        "migrate-storage",
 	Usage:       "Migrate the storage",
-	Description: "This is a command for migrating storage.",
+	Description: "Copies stored files from storage configured in app.ini to parameter-configured storage",
 	Action:      runMigrateStorage,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "type, t",
 			Value: "",
-			Usage: "Kinds of files to migrate, currently only 'attachments' is supported",
+			Usage: "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages'",
 		},
 		cli.StringFlag{
 			Name:  "storage, s",
@ -80,34 +82,50 @@ var CmdMigrateStorage = cli.Command{
 	},
 }

-func migrateAttachments(dstStorage storage.ObjectStorage) error {
-	return repo_model.IterateAttachment(func(attach *repo_model.Attachment) error {
+func migrateAttachments(ctx context.Context, dstStorage storage.ObjectStorage) error {
+	return db.IterateObjects(ctx, func(attach *repo_model.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }

-func migrateLFS(dstStorage storage.ObjectStorage) error {
-	return git_model.IterateLFS(func(mo *git_model.LFSMetaObject) error {
+func migrateLFS(ctx context.Context, dstStorage storage.ObjectStorage) error {
+	return db.IterateObjects(ctx, func(mo *git_model.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }

-func migrateAvatars(dstStorage storage.ObjectStorage) error {
-	return user_model.IterateUser(func(user *user_model.User) error {
+func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
+	return db.IterateObjects(ctx, func(user *user_model.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }

-func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
-	return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
+func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
+	return db.IterateObjects(ctx, func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }

+func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage) error {
+	return db.IterateObjects(ctx, func(archiver *repo_model.RepoArchiver) error {
+		p := archiver.RelativePath()
+		_, err := storage.Copy(dstStorage, p, storage.RepoArchives, p)
+		return err
+	})
+}
+
+func migratePackages(ctx context.Context, dstStorage storage.ObjectStorage) error {
+	return db.IterateObjects(ctx, func(pb *packages_model.PackageBlob) error {
+		p := packages_module.KeyToRelativePath(packages_module.BlobHash256Key(pb.HashSHA256))
+		_, err := storage.Copy(dstStorage, p, storage.Packages, p)
+		return err
+	})
+}
+
 func runMigrateStorage(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
@ -127,8 +145,6 @@ func runMigrateStorage(ctx *cli.Context) error {
 		return err
 	}

-	goCtx := context.Background()
-
 	if err := storage.Init(); err != nil {
 		return err
 	}
@ -145,13 +161,13 @@ func runMigrateStorage(ctx *cli.Context) error {
 			return nil
 		}
 		dstStorage, err = storage.NewLocalStorage(
-			goCtx,
+			stdCtx,
 			storage.LocalStorageConfig{
 				Path: p,
 			})
 	case string(storage.MinioStorageType):
 		dstStorage, err = storage.NewMinioStorage(
-			goCtx,
+			stdCtx,
 			storage.MinioStorageConfig{
 				Endpoint:        ctx.String("minio-endpoint"),
 				AccessKeyID:     ctx.String("minio-access-key-id"),
@ -162,35 +178,29 @@ func runMigrateStorage(ctx *cli.Context) error {
 				UseSSL:          ctx.Bool("minio-use-ssl"),
 			})
 	default:
-		return fmt.Errorf("Unsupported storage type: %s", ctx.String("storage"))
+		return fmt.Errorf("unsupported storage type: %s", ctx.String("storage"))
 	}
 	if err != nil {
 		return err
 	}

-	tp := strings.ToLower(ctx.String("type"))
-	switch tp {
-	case "attachments":
-		if err := migrateAttachments(dstStorage); err != nil {
-			return err
-		}
-	case "lfs":
-		if err := migrateLFS(dstStorage); err != nil {
-			return err
-		}
-	case "avatars":
-		if err := migrateAvatars(dstStorage); err != nil {
-			return err
-		}
-	case "repo-avatars":
-		if err := migrateRepoAvatars(dstStorage); err != nil {
-			return err
-		}
-	default:
-		return fmt.Errorf("Unsupported storage: %s", ctx.String("type"))
+	migratedMethods := map[string]func(context.Context, storage.ObjectStorage) error{
+		"attachments":    migrateAttachments,
+		"lfs":            migrateLFS,
+		"avatars":        migrateAvatars,
+		"repo-avatars":   migrateRepoAvatars,
+		"repo-archivers": migrateRepoArchivers,
+		"packages":       migratePackages,
 	}

-	log.Warn("All files have been copied to the new placement but old files are still on the original placement.")
+	tp := strings.ToLower(ctx.String("type"))
+	if m, ok := migratedMethods[tp]; ok {
+		if err := m(stdCtx, dstStorage); err != nil {
+			return err
+		}
+		log.Info("%s files have successfully been copied to the new storage.", tp)
+		return nil
+	}

-	return nil
+	return fmt.Errorf("unsupported storage: %s", ctx.String("type"))
 }
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@ -0,0 +1,73 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"context"
+	"os"
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/models/packages"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	packages_module "code.gitea.io/gitea/modules/packages"
+	"code.gitea.io/gitea/modules/storage"
+	packages_service "code.gitea.io/gitea/services/packages"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestMigratePackages(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	creator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+
+	content := "package main\n\nfunc main() {\nfmt.Println(\"hi\")\n}\n"
+	buf, err := packages_module.CreateHashedBufferFromReader(strings.NewReader(content), 1024)
+	assert.NoError(t, err)
+	defer buf.Close()
+
+	v, f, err := packages_service.CreatePackageAndAddFile(&packages_service.PackageCreationInfo{
+		PackageInfo: packages_service.PackageInfo{
+			Owner:       creator,
+			PackageType: packages.TypeGeneric,
+			Name:        "test",
+			Version:     "1.0.0",
+		},
+		Creator:           creator,
+		SemverCompatible:  true,
+		VersionProperties: map[string]string{},
+	}, &packages_service.PackageFileCreationInfo{
+		PackageFileInfo: packages_service.PackageFileInfo{
+			Filename: "a.go",
+		},
+		Data:   buf,
+		IsLead: true,
+	})
+	assert.NoError(t, err)
+	assert.NotNil(t, v)
+	assert.NotNil(t, f)
+
+	ctx := context.Background()
+
+	p := t.TempDir()
+
+	dstStorage, err := storage.NewLocalStorage(
+		ctx,
+		storage.LocalStorageConfig{
+			Path: p,
+		})
+	assert.NoError(t, err)
+
+	err = migratePackages(ctx, dstStorage)
+	assert.NoError(t, err)
+
+	entries, err := os.ReadDir(p)
+	assert.NoError(t, err)
+	assert.EqualValues(t, 2, len(entries))
+	assert.EqualValues(t, "01", entries[0].Name())
+	assert.EqualValues(t, "tmp", entries[1].Name())
+}
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@ -7,6 +7,7 @@ package cmd
 import (
 	"errors"
 	"net/http"
+	"strings"

 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
@ -37,10 +38,10 @@ var CmdRestoreRepository = cli.Command{
 			Value: "",
 			Usage: "Restore destination repository name",
 		},
-		cli.StringSliceFlag{
+		cli.StringFlag{
 			Name:  "units",
-			Value: nil,
-			Usage: `Which items will be restored, one or more units should be repeated with this flag.
+			Value: "",
+			Usage: `Which items will be restored, one or more units should be separated as comma.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
 		cli.BoolFlag{
@ -55,13 +56,16 @@ func runRestoreRepository(c *cli.Context) error {
 	defer cancel()

 	setting.LoadFromExisting()
-
+	var units []string
+	if s := c.String("units"); s != "" {
+		units = strings.Split(s, ",")
+	}
 	statusCode, errStr := private.RestoreRepo(
 		ctx,
 		c.String("repo_dir"),
 		c.String("owner_name"),
 		c.String("repo_name"),
-		c.StringSlice("units"),
+		units,
 		c.Bool("validation"),
 	)
 	if statusCode == http.StatusOK {
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -43,7 +43,7 @@ const (
 var CmdServ = cli.Command{
 	Name:        "serv",
 	Usage:       "This command should only be called by SSH shell",
-	Description: `Serv provide access auth for repositories`,
+	Description: "Serv provides access auth for repositories",
 	Action:      runServ,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
--- a/cmd/web.go
+++ b/cmd/web.go
@ -76,7 +76,7 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})

-	err := runHTTP("tcp", source, "HTTP Redirector", handler)
+	err := runHTTP("tcp", source, "HTTP Redirector", handler, setting.RedirectorUseProxyProtocol)
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
 	}
@ -126,8 +126,10 @@ func runWeb(ctx *cli.Context) error {
 				return err
 			}
 		}
-		c := install.Routes()
+		installCtx, cancel := context.WithCancel(graceful.GetManager().HammerContext())
+		c := install.Routes(installCtx)
 		err := listen(c, false)
+		cancel()
 		if err != nil {
 			log.Critical("Unable to open listener for installer. Is Gitea already running?")
 			graceful.GetManager().DoGracefulShutdown()
@ -148,8 +150,9 @@ func runWeb(ctx *cli.Context) error {
 		go func() {
 			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
 			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
+			// The pprof server is for debug purpose only, it shouldn't be exposed on public network. At the moment it's not worth to introduce a configurable option for it.
 			log.Info("Starting pprof server on localhost:6060")
-			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
+			log.Info("Stopped pprof server: %v", http.ListenAndServe("localhost:6060", nil))
 			finished()
 		}()
 	}
@ -174,7 +177,7 @@ func runWeb(ctx *cli.Context) error {
 	}

 	// Set up Chi routes
-	c := routers.NormalRoutes()
+	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
 	err := listen(c, true)
 	<-graceful.GetManager().Done()
 	log.Info("PID: %d Gitea Web Finished", os.Getpid())
@ -200,7 +203,7 @@ func setPort(port string) error {
 		defaultLocalURL += ":" + setting.HTTPPort + "/"

 		// Save LOCAL_ROOT_URL if port changed
-		setting.CreateOrAppendToCustomConf(func(cfg *ini.File) {
+		setting.CreateOrAppendToCustomConf("server.LOCAL_ROOT_URL", func(cfg *ini.File) {
 			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
 		})
 	}
@ -230,40 +233,38 @@ func listen(m http.Handler, handleRedirector bool) error {
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("tcp", listenAddr, "Web", m)
+		err = runHTTP("tcp", listenAddr, "Web", m, setting.UseProxyProtocol)
 	case setting.HTTPS:
 		if setting.EnableAcme {
 			err = runACME(listenAddr, m)
 			break
-		} else {
-			if handleRedirector {
-				if setting.RedirectOtherPort {
-					go runHTTPRedirector()
-				} else {
-					NoHTTPRedirector()
-				}
-			}
-			err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
 		}
+		if handleRedirector {
+			if setting.RedirectOtherPort {
+				go runHTTPRedirector()
+			} else {
+				NoHTTPRedirector()
+			}
+		}
+		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m, setting.UseProxyProtocol, setting.ProxyProtocolTLSBridging)
 	case setting.FCGI:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("tcp", listenAddr, "FCGI Web", m)
+		err = runFCGI("tcp", listenAddr, "FCGI Web", m, setting.UseProxyProtocol)
 	case setting.HTTPUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("unix", listenAddr, "Web", m)
+		err = runHTTP("unix", listenAddr, "Web", m, setting.UseProxyProtocol)
 	case setting.FCGIUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("unix", listenAddr, "Web", m)
+		err = runFCGI("unix", listenAddr, "Web", m, setting.UseProxyProtocol)
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}
-
 	if err != nil {
 		log.Critical("Failed to start server: %v", err)
 	}
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@ -113,14 +113,14 @@ func runACME(listenAddr string, m http.Handler) error {

 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
 			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
+			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)), setting.RedirectorUseProxyProtocol)
 			if err != nil {
 				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 			}
 		}()
 	}

-	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m)
+	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m, setting.UseProxyProtocol, setting.ProxyProtocolTLSBridging)
 }

 func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@ -15,8 +15,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 )

-func runHTTP(network, listenAddr, name string, m http.Handler) error {
-	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
+func runHTTP(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
+	return graceful.HTTPListenAndServe(network, listenAddr, name, m, useProxyProtocol)
 }

 // NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
@ -36,7 +36,7 @@ func NoInstallListener() {
 	graceful.GetManager().InformCleanup()
 }

-func runFCGI(network, listenAddr, name string, m http.Handler) error {
+func runFCGI(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
 	// This needs to handle stdin as fcgi point
 	fcgiServer := graceful.NewServer(network, listenAddr, name)

@ -47,7 +47,7 @@ func runFCGI(network, listenAddr, name string, m http.Handler) error {
 			}
 			m.ServeHTTP(resp, req)
 		}))
-	})
+	}, useProxyProtocol)
 	if err != nil {
 		log.Fatal("Failed to start FCGI main server: %v", err)
 	}
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@ -129,14 +129,14 @@ var (
 	defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
 )

-// runHTTPs listens on the provided network address and then calls
+// runHTTPS listens on the provided network address and then calls
 // Serve to handle requests on incoming TLS connections.
 //
 // Filenames containing a certificate and matching private key for the server must
 // be provided. If the certificate is signed by a certificate authority, the
 // certFile should be the concatenation of the server's certificate followed by the
 // CA's certificate.
-func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
+func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler, useProxyProtocol, proxyProtocolTLSBridging bool) error {
 	tlsConfig := &tls.Config{}
 	if tlsConfig.NextProtos == nil {
 		tlsConfig.NextProtos = []string{"h2", "http/1.1"}
@ -184,9 +184,9 @@ func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handle
 		return err
 	}

-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m, useProxyProtocol, proxyProtocolTLSBridging)
 }

-func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
+func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler, useProxyProtocol, proxyProtocolTLSBridging bool) error {
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m, useProxyProtocol, proxyProtocolTLSBridging)
 }
--- a/contrib/init/gentoo/gitea
+++ b/contrib/init/gentoo/gitea
@ -2,14 +2,43 @@

 DIR=/var/lib/gitea
 USER=git
+HOME=/home/${USER}
+GITEA_WORK_DIR=${DIR}
+EXECUTABLE=/usr/local/bin/gitea

+export USER
+export HOME
+export GITEA_WORK_DIR
+
+name=$RC_SVCNAME
+cfgfile="/etc/$RC_SVCNAME/app.ini"
+command="${EXECUTABLE}"
+command_user="${USER}"
+command_args="web -c /etc/$RC_SVCNAME/app.ini"
+command_background="yes"
+pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
 start_stop_daemon_args="--user ${USER} --chdir ${DIR}"
-command="/usr/local/bin/gitea"
-command_args="web -c /etc/gitea/app.ini"
-command_background=yes
-pidfile=/run/gitea.pid

 depend()
 {
    need net
+    ###
+    # Don't forget to add the database service requirements
+    ###
+    #after postgresql
+    #after mysql
+    #after mariadb
+    #after memcached
+    #after redis
+}
+
+start_pre()
+{
+        checkpath --directory --owner $command_user:$command_user --mode 0750 \
+                /run/$RC_SVCNAME /var/log/$RC_SVCNAME
+        ##
+        # If you want to bind Gitea to a port below 1024, uncomment
+        # the value below
+        ##
+        #setcap cap_net_bind_service=+ep "${EXECUTABLE}"
 }
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@ -14,7 +14,6 @@ import (
 	"fmt"
 	"log"
 	"net/http"
-	"net/url"
 	"os"
 	"os/exec"
 	"os/user"
@ -27,12 +26,14 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	gitea_git "code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/external"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers"
+	markup_service "code.gitea.io/gitea/services/markup"

 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
@ -61,11 +62,7 @@ func runPR() {
 	}
 	setting.AppWorkPath = curDir
 	setting.StaticRootPath = curDir
-	setting.GravatarSourceURL, err = url.Parse("https://secure.gravatar.com/avatar/")
-	if err != nil {
-		log.Fatalf("url.Parse: %v\n", err)
-	}
-
+	setting.GravatarSource = "https://secure.gravatar.com/avatar/"
 	setting.AppURL = "http://localhost:8080/"
 	setting.HTTPPort = "8080"
 	setting.SSH.Domain = "localhost"
@ -80,7 +77,6 @@ func runPR() {
 	setting.RunUser = curUser.Username

 	log.Printf("[PR] Loading fixtures data ...\n")
-	gitea_git.CheckLFSVersion()
 	//models.LoadConfigs()
 	/*
 		setting.Database.Type = "sqlite3"
@ -112,13 +108,13 @@ func runPR() {
 	unittest.LoadFixtures()
 	util.RemoveAll(setting.RepoRootPath)
 	util.RemoveAll(repo_module.LocalCopyPath())
-	unittest.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
+	unittest.CopyDir(path.Join(curDir, "tests/gitea-repositories-meta"), setting.RepoRootPath)

 	log.Printf("[PR] Setting up router\n")
 	// routers.GlobalInit()
 	external.RegisterRenderers()
-	markup.Init()
-	c := routers.NormalRoutes()
+	markup.Init(markup_service.ProcessorHelper())
+	c := routers.NormalRoutes(graceful.GetManager().HammerContext())

 	log.Printf("[PR] Ready for testing !\n")
 	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
--- a/contrib/systemd/gitea.service
+++ b/contrib/systemd/gitea.service
@ -49,12 +49,8 @@ After=network.target
 ###

 [Service]
-# Modify these two values and uncomment them if you have
-# repos with lots of files and get an HTTP error 500 because
-# of that
-###
-#LimitMEMLOCK=infinity
-#LimitNOFILE=65535
+# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
+# LimitNOFILE=524288:524288
 RestartSec=2s
 Type=simple
 User=git
@ -78,6 +74,13 @@ Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
 ###
+# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
+# set the following value to false to allow capabilities to be applied on gitea process. The following
+# value if set to true sandboxes gitea service and prevent any processes from running with privileges
+# in the host user namespace.
+###
+#PrivateUsers=false
+###

 [Install]
 WantedBy=multi-user.target
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -29,6 +29,18 @@ RUN_MODE = ; prod
 ;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
 ;PROTOCOL = http
 ;;
+;; Expect PROXY protocol headers on connections
+;USE_PROXY_PROTOCOL = false
+;;
+;; Use PROXY protocol in TLS Bridging mode
+;PROXY_PROTOCOL_TLS_BRIDGING = false
+;;
+; Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
+;PROXY_PROTOCOL_HEADER_TIMEOUT=5s
+;;
+; Accept PROXY protocol headers with UNKNOWN type
+;PROXY_PROTOCOL_ACCEPT_UNKNOWN=false
+;;
 ;; Set the domain for the server
 ;DOMAIN = localhost
 ;;
@ -51,6 +63,8 @@ RUN_MODE = ; prod
 ;REDIRECT_OTHER_PORT = false
 ;PORT_TO_REDIRECT = 80
 ;;
+;; expect PROXY protocol header on connections to https redirector.
+;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
 ;; Minimum and maximum supported TLS versions
 ;SSL_MIN_VERSION=TLSv1.2
 ;SSL_MAX_VERSION=
@ -76,13 +90,19 @@ RUN_MODE = ; prod
 ;; Do not set this variable if PROTOCOL is set to 'unix'.
 ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ;;
+;; When making local connections pass the PROXY protocol header.
+;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
+;;
 ;; Disable SSH feature when not available
 ;DISABLE_SSH = false
 ;;
 ;; Whether to use the builtin SSH server or not.
 ;START_SSH_SERVER = false
 ;;
-;; Username to use for the builtin SSH server.
+;; Expect PROXY protocol header on connections to the built-in SSH server
+;SSH_SERVER_USE_PROXY_PROTOCOL = false
+;;
+;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
 ;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
 ;;
 ;; Domain name to be exposed in clone URL
@ -313,6 +333,7 @@ USER = root
 ;DB_TYPE = sqlite3
 ;PATH= ; defaults to data/gitea.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
+;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@ -358,14 +379,19 @@ LOG_SQL = false ; if unset defaults to true
 ;; Whether the installer is disabled (set to true to disable the installer)
 INSTALL_LOCK = false
 ;;
-;; Global secret key that will be used - if blank will be regenerated.
+;; Global secret key that will be used
+;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
 SECRET_KEY =
 ;;
+;; Alternative location to specify secret key, instead of this file; you cannot specify both this and SECRET_KEY, and must pick one
+;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
+;SECRET_KEY_URI = file:/etc/gitea/secret_key
+;;
 ;; Secret used to validate communication within Gitea binary.
 INTERNAL_TOKEN=
 ;;
-;; Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: file:/etc/gitea/internal_token)
-;INTERNAL_TOKEN_URI = ;e.g. /etc/gitea/internal_token
+;; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one
+;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token
 ;;
 ;; How long to remember that a user is logged in before requiring relogin (in days)
 ;LOGIN_REMEMBER_DAYS = 7
@ -376,9 +402,10 @@ INTERNAL_TOKEN=
 ;; Name of cookie used to store authentication information.
 ;COOKIE_REMEMBER_NAME = gitea_incredible
 ;;
-;; Reverse proxy authentication header name of user name and email
+;; Reverse proxy authentication header name of user name, email, and full name
 ;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
 ;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
+;REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-WEBAUTH-FULLNAME
 ;;
 ;; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
 ;REVERSE_PROXY_LIMIT = 1
@ -475,20 +502,6 @@ ENABLE = true
 ;; Maximum length of oauth2 token/cookie stored on server
 ;MAX_TOKEN_LENGTH = 32767

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-[U2F]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
-;; Two Factor authentication with security keys
-;; https://developers.yubico.com/U2F/App_ID.html
-;;
-;; DEPRECATED - this only applies to previously registered security keys using the U2F standard
-APP_ID = ; e.g. http://localhost:3000/
-
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [log]
@ -617,7 +630,10 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; The path of git executable. If empty, Gitea searches through the PATH environment.
-PATH =
+;PATH =
+;;
+;; The HOME directory for Git
+;HOME_PATH = %(APP_DATA_PATH)/home
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@ -642,6 +658,7 @@ PATH =
 ;GC_ARGS =
 ;;
 ;; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+;; To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
 ;ENABLE_AUTO_GIT_WIRE_PROTOCOL = true
 ;;
 ;; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
@ -703,13 +720,16 @@ PATH =
 ;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ;ENABLE_REVERSE_PROXY_EMAIL = false
+;ENABLE_REVERSE_PROXY_FULL_NAME = false
 ;;
 ;; Enable captcha validation for registration
 ;ENABLE_CAPTCHA = false
 ;;
-;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha.
 ;CAPTCHA_TYPE = image
 ;;
+;; Change this to use recaptcha.net or other recaptcha service
+;RECAPTCHA_URL = https://www.google.com/recaptcha/
 ;; Enable recaptcha to use Google's recaptcha service
 ;; Go to https://www.google.com/recaptcha/admin to sign up for a key
 ;RECAPTCHA_SECRET =
@ -719,8 +739,13 @@ PATH =
 ;HCAPTCHA_SECRET =
 ;HCAPTCHA_SITEKEY =
 ;;
-;; Change this to use recaptcha.net or other recaptcha service
-;RECAPTCHA_URL = https://www.google.com/recaptcha/
+;; Change this to use demo.mcaptcha.org or your self-hosted mcaptcha.org instance.
+;MCAPTCHA_URL = https://demo.mcaptcha.org
+;;
+;; Go to your configured mCaptcha instance and register a sitekey
+;; and use your account's secret.
+;MCAPTCHA_SECRET =
+;MCAPTCHA_SITEKEY =
 ;;
 ;; Default value for KeepEmailPrivate
 ;; Each new user will get the value of this setting copied into their profile
@ -862,7 +887,7 @@ PATH =
 ;USE_COMPAT_SSH_URI = false
 ;;
 ;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects
 ;DISABLED_REPO_UNITS =
 ;;
 ;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
@ -889,6 +914,9 @@ PATH =
 ;; Allow deletion of unadopted repositories
 ;ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES = false

+;; Don't allow download source archive files from UI
+;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository.editor]
@ -968,6 +996,9 @@ PATH =
 ;;
 ;; Add co-authored-by and co-committed-by trailers if committer does not match author
 ;ADD_CO_COMMITTER_TRAILERS = true
+;;
+;; In addition to testing patches using the three-way merge method, re-test conflicting patches with git apply
+;TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1089,7 +1120,7 @@ PATH =
 ;EXPLORE_PAGING_NUM = 20
 ;;
 ;; Number of issues that are displayed on one page
-;ISSUE_PAGING_NUM = 10
+;ISSUE_PAGING_NUM = 20
 ;;
 ;; Number of maximum commits displayed in one activity feed
 ;FEED_MAX_COMMIT_NUM = 5
@ -1097,6 +1128,9 @@ PATH =
 ;; Number of items that are displayed in home feed
 ;FEED_PAGING_NUM = 20
 ;;
+;; Number of items that are displayed in a single subsitemap
+;SITEMAP_PAGING_NUM = 20
+;;
 ;; Number of maximum commits displayed in commit graph.
 ;GRAPH_MAX_COMMIT_NUM = 100
 ;;
@ -1138,6 +1172,10 @@ PATH =
 ;;
 ;; Whether to enable a Service Worker to cache frontend assets
 ;USE_SERVICE_WORKER = false
+;;
+;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
+;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
+;ONLY_SHOW_RELEVANT_REPOS = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1232,6 +1270,9 @@ PATH =
 ;; List of file extensions that should be rendered/edited as Markdown
 ;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
 ;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
+;;
+;; Enables math inline and block detection
+;ENABLE_MATH = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1242,7 +1283,7 @@ PATH =
 ;; Define allowed algorithms and their minimum key length (use -1 to disable a type)
 ;ED25519 = 256
 ;ECDSA = 256
-;RSA = 2048
+;RSA = 2047 ; we allow 2047 here because an otherwise valid 2048 bit RSA key can be reported as having 2047 bit length
 ;DSA = -1 ; set to 1024 to switch on

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -1499,6 +1540,11 @@ PATH =
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
+;; NOTICE: this section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
+;; please refer to
+;; https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini
+;; https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+;;
 ;ENABLED = false
 ;;
 ;; Buffer length of channel, keep it as it is if you don't know what it is.
@ -1507,30 +1553,42 @@ PATH =
 ;; Prefix displayed before subject in mail
 ;SUBJECT_PREFIX =
 ;;
-;; Mail server
-;; Gmail: smtp.gmail.com:587
-;; QQ: smtp.qq.com:465
-;; As per RFC 8314 using Implicit TLS/SMTPS on port 465 (if supported) is recommended,
-;; otherwise STARTTLS on port 587 should be used.
-;HOST =
+;; Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy".
+;; - sendmail: use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
+;; - dummy: send email messages to the log as a testing phase.
+;; If your provider does not explicitly say which protocol it uses but does provide a port,
+;; you can set SMTP_PORT instead and this will be inferred.
+;; (Before 1.18, see the notice, this was controlled via MAILER_TYPE and IS_TLS_ENABLED.)
+;PROTOCOL =
 ;;
-;; Disable HELO operation when hostnames are different.
-;DISABLE_HELO =
+;; Mail server address, e.g. smtp.gmail.com.
+;; For smtp+unix, this should be a path to a unix socket instead.
+;; (Before 1.18, see the notice, this was combined with SMTP_PORT as HOST.)
+;SMTP_ADDR =
 ;;
-;; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
+;; Mail server port. Common ports are:
+;;   25:  insecure SMTP
+;;   465: SMTP Secure
+;;   587: StartTLS
+;; If no protocol is specified, it will be inferred by this setting.
+;; (Before 1.18, this was combined with SMTP_ADDR as HOST.)
+;SMTP_PORT =
+;;
+;; Enable HELO operation. Defaults to true.
+;ENABLE_HELO = true
+;;
+;; Custom hostname for HELO operation.
+;; If no value is provided, one is retrieved from system.
 ;HELO_HOSTNAME =
 ;;
-;; Whether or not to skip verification of certificates; `true` to disable verification. This option is unsafe. Consider adding the certificate to the system trust store instead.
-;SKIP_VERIFY = false
+;; If set to `true`, completely ignores server certificate validation errors.
+;; This option is unsafe. Consider adding the certificate to the system trust store instead.
+;FORCE_TRUST_SERVER_CERT = false
 ;;
-;; Use client certificate
-;USE_CERTIFICATE = false
-;CERT_FILE = custom/mailer/cert.pem
-;KEY_FILE = custom/mailer/key.pem
-;;
-;; Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)
-;; If this is false but STARTTLS is supported the connection will be upgraded to TLS opportunistically.
-;IS_TLS_ENABLED = false
+;; Use client certificate in connection.
+;USE_CLIENT_CERT = false
+;CLIENT_CERT_FILE = custom/mailer/cert.pem
+;CLIENT_KEY_FILE = custom/mailer/key.pem
 ;;
 ;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
 ;FROM =
@ -1538,19 +1596,15 @@ PATH =
 ;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
 ;ENVELOPE_FROM =
 ;;
-;; Mailer user name and password
-;; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
+;; Mailer user name and password, if required by provider.
 ;USER =
 ;;
 ;; Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;PASSWD =
 ;;
-;; Send mails as plain text
+;; Send mails only in plain text, without HTML alternative
 ;SEND_AS_PLAIN_TEXT = false
 ;;
-;; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
-;MAILER_TYPE = smtp
-;;
 ;; Specify an alternative sendmail binary
 ;SENDMAIL_PATH = sendmail
 ;;
@ -1687,7 +1741,7 @@ PATH =
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.mp4,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@ -2107,7 +2161,7 @@ PATH =
 ;[api]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Enables Swagger. True or false; default is true.
+;; Enables the API documentation endpoints (/api/swagger, /api/v1/swagger, …). True or false.
 ;ENABLE_SWAGGER = true
 ;; Max number of items in a page
 ;MAX_RESPONSE_ITEMS = 50
@ -2115,7 +2169,7 @@ PATH =
 ;DEFAULT_PAGING_NUM = 30
 ;; Default and maximum number of items per page for git trees api
 ;DEFAULT_GIT_TREES_PER_PAGE = 1000
-;; Default size of a blob returned by the blobs API (default is 10MiB)
+;; Default max size of a blob returned by the blobs API (default is 10MiB)
 ;DEFAULT_MAX_BLOB_SIZE = 10485760

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2124,7 +2178,7 @@ PATH =
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
-;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
+;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
 ;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2231,13 +2285,16 @@ PATH =
 ;;
 ;; Allowed domains for migrating, default is blank. Blank means everything will be allowed.
 ;; Multiple domains could be separated by commas.
+;; Wildcard is supported: "github.com, *.github.com"
 ;ALLOWED_DOMAINS =
 ;;
 ;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
 ;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains.
+;; Wildcard is supported.
 ;BLOCKED_DOMAINS =
 ;;
 ;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
+;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored.
 ;ALLOW_LOCALNETWORKS = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2247,10 +2304,27 @@ PATH =
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Enable/Disable federation capabilities
-; ENABLED = true
+;ENABLED = false
 ;;
 ;; Enable/Disable user statistics for nodeinfo if federation is enabled
-; SHARE_USER_STATISTICS = true
+;SHARE_USER_STATISTICS = true
+;;
+;; Maximum federation request and response size (MB)
+;MAX_SIZE = 4
+;;
+;; WARNING: Changing the settings below can break federation.
+;;
+;; HTTP signature algorithms
+;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519
+;;
+;; HTTP signature digest algorithm
+;DIGEST_ALGORITHM = SHA-256
+;;
+;; GET headers for federation requests
+;GET_HEADERS = (request-target), Date
+;;
+;; POST headers for federation requests
+;POST_HEADERS = (request-target), Date, Digest

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/docker/rootless/usr/local/bin/docker-setup.sh
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@ -5,7 +5,7 @@ mkdir -p ${HOME} && chmod 0700 ${HOME}
 if [ ! -w ${HOME} ]; then echo "${HOME} is not writable"; exit 1; fi

 # Prepare custom folder
-mkdir -p ${GITEA_CUSTOM} && chmod 0500 ${GITEA_CUSTOM}
+mkdir -p ${GITEA_CUSTOM} && chmod 0700 ${GITEA_CUSTOM}

 # Prepare temp folder
 mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
--- a/docs/.gitignore
+++ b/docs/.gitignore
@ -2,3 +2,6 @@ public/
 templates/swagger/v1_json.tmpl
 themes/
 resources/
+
+# Temporary lock file while building
+/.hugo_build.lock
--- a/docs/config.yaml
+++ b/docs/config.yaml
@ -18,10 +18,11 @@ params:
  description: Git with a cup of tea
  author: The Gitea Authors
  website: https://docs.gitea.io
-  version: 1.16.8
+  version: 1.17.3
  minGoVersion: 1.18
-  goVersion: 1.18
+  goVersion: 1.19
  minNodeVersion: 14
+  search: nav

 outputs:
  home:
--- a/docs/content/doc/advanced/clone-filter.en-us.md
+++ b/docs/content/doc/advanced/clone-filter.en-us.md
@ -30,7 +30,6 @@ see Git version of the server.
 By default, clone filters are enabled, unless `DISABLE_PARTIAL_CLONE` under
 `[git]` is set to `true`.

-
 See [GitHub blog post: Get up to speed with partial clone](https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/)
 for common use cases of clone filters (blobless and treeless clones), and
 [GitLab docs for partial clone](https://docs.gitlab.com/ee/topics/git/partial_clone.html)
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@ -78,6 +78,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DEFAULT_BRANCH`: **main**: Default branch name of all repositories.
 - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
 - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
+- `DISABLE_DOWNLOAD_SOURCE_ARCHIVES`: **false**: Don't allow download source archive files from UI

 ### Repository - Editor (`repository.editor`)

@ -100,6 +101,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY`: **true**: In default merge messages only include approvers who are officially allowed to review.
 - `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES`: **false**: In default squash-merge messages include the commit message of all commits comprising the pull request.
 - `ADD_CO_COMMITTER_TRAILERS`: **true**: Add co-authored-by and co-committed-by trailers to merge commit messages if committer does not match author.
+- `TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY`: **true**: PR patches are tested using a three-way merge method to discover if there are conflicts. If this setting is set to **true**, conflicting patches will be retested using `git apply` - This was the previous behaviour in 1.18 (and earlier) but is somewhat inefficient. Please report if you find that this setting is required.

 ### Repository - Issue (`repository.issue`)

@ -130,9 +132,9 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
  - `always`: Always sign
  - Options other than `never` and `always` can be combined as a comma separated list.
 - `DEFAULT_TRUST_MODEL`: **collaborator**: \[collaborator, committer, collaboratorcommitter\]: The default trust model used for verifying commits.
-   - `collaborator`: Trust signatures signed by keys of collaborators.
-   - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer).
-   - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the committer.
+  - `collaborator`: Trust signatures signed by keys of collaborators.
+  - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer).
+  - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the committer.
 - `WIKI`: **never**: \[never, pubkey, twofa, always, parentsigned\]: Sign commits to wiki.
 - `CRUD_ACTIONS`: **pubkey, twofa, parentsigned**: \[never, pubkey, twofa, parentsigned, always\]: Sign CRUD actions.
  - Options as above, with the addition of:
@ -152,6 +154,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 Configuration for set the expected MIME type based on file extensions of downloadable files. Configuration presents in key-value pairs and file extensions starts with leading `.`.

 The following configuration set `Content-Type: application/vnd.android.package-archive` header when downloading files with `.apk` file extension.
+
 ```ini
 .apk=application/vnd.android.package-archive
 ```
@ -170,10 +173,11 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 ## UI (`ui`)

 - `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
- `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
+- `ISSUE_PAGING_NUM`: **20**: Number of issues that are shown in one page (for all pages that list issues, milestones, projects).
 - `MEMBERS_PAGING_NUM`: **20**: Number of members that are shown in organization members.
 - `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
 - `FEED_PAGING_NUM`: **20**: Number of items that are displayed in home feed.
+- `SITEMAP_PAGING_NUM`: **20**: Number of items that are displayed in a single subsitemap.
 - `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
 - `CODE_COMMENT_LINES`: **4**: Number of line of codes shown for a code comment.
 - `DEFAULT_THEME`: **auto**: \[auto, gitea, arc-green\]: Set the default theme for the Gitea install.
@ -191,6 +195,8 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
 - `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page.
 - `USE_SERVICE_WORKER`: **false**: Whether to enable a Service Worker to cache frontend assets.
+- `ONLY_SHOW_RELEVANT_REPOS`: **false** Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
+    A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).

 ### UI - Admin (`ui.admin`)

@ -231,10 +237,15 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `CUSTOM_URL_SCHEMES`: Use a comma separated list (ftp,git,svn) to indicate additional
  URL hyperlinks to be rendered in Markdown. URLs beginning in http and https are
  always displayed
+- `ENABLE_MATH`: **true**: Enables detection of `\(...\)`, `\[...\]`, `$...$` and `$$...$$` blocks as math blocks.

 ## Server (`server`)

 - `PROTOCOL`: **http**: \[http, https, fcgi, http+unix, fcgi+unix\]
+- `USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol headers on connections
+- `PROXY_PROTOCOL_TLS_BRIDGING`: **false**: When protocol is https, expect PROXY protocol headers after TLS negotiation.
+- `PROXY_PROTOCOL_HEADER_TIMEOUT`: **5s**: Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
+- `PROXY_PROTOCOL_ACCEPT_UNKNOWN`: **false**: Accept PROXY protocol headers with Unknown type.
 - `DOMAIN`: **localhost**: Domain name of this server.
 - `ROOT_URL`: **%(PROTOCOL)s://%(DOMAIN)s:%(HTTP\_PORT)s/**:
   Overwrite the automatically generated public URL.
@ -247,11 +258,11 @@ The following configuration set `Content-Type: application/vnd.android.package-a
   Requests are then made as `%(ROOT_URL)s/static/css/index.css` and `https://cdn.example.com/css/index.css` respective.
   The static files are located in the `public/` directory of the Gitea source repository.
 - `HTTP_ADDR`: **0.0.0.0**: HTTP listen address.
-   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
+  - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
     defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
-   - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the AppWorkPath.
+  - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the AppWorkPath.
 - `HTTP_PORT`: **3000**: HTTP listen port.
-   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
+  - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
     defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
 - `UNIX_SOCKET_PERMISSION`: **666**: Permissions for the Unix socket.
 - `LOCAL_ROOT_URL`: **%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/**: Local
@ -259,12 +270,15 @@ The following configuration set `Content-Type: application/vnd.android.package-a
   most cases you do not need to change the default value. Alter it only if
   your SSH server node is not the same as HTTP node. Do not set this variable
   if `PROTOCOL` is set to `http+unix`.
+- `LOCAL_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)**: When making local connections pass the PROXY protocol header.
+   This should be set to false if the local connection will go through the proxy.
 - `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to -1 to
   disable all timeouts.)
 - `PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to connections.

 - `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 - `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server.
+- `SSH_SERVER_USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol header on connections to the built-in SSH Server.
 - `BUILTIN_SSH_SERVER_USER`: **%(RUN_USER)s**: Username to use for the built-in SSH Server.
 - `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`.
 - `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
@ -293,13 +307,13 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type.

 - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. From 1.11 paths are relative to `CUSTOM_PATH`.
- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. From 1.11 paths are relative to `CUSTOM_PATH`.
+- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
+- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
 - `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
 - `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
 - `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
 - `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded.
- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on localhost:6060. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
+- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on `localhost:6060`. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
 - `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
 - `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login, **custom**\]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com`
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.
@ -310,6 +324,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `LFS_LOCKS_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page.

 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
+- `REDIRECTOR_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)**: expect PROXY protocol header on connections to https redirector.
 - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
 - `SSL_MIN_VERSION`: **TLSv1.2**: Set the minimum version of ssl support.
 - `SSL_MAX_VERSION`: **\<empty\>**: Set the maximum version of ssl support.
@ -369,17 +384,18 @@ The following configuration set `Content-Type: application/vnd.android.package-a
  (e.g. `ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;`).
 - `SSL_MODE`: **disable**: SSL/TLS encryption mode for connecting to the database. This option is only applied for PostgreSQL and MySQL.
  - Valid values for MySQL:
-     - `true`: Enable TLS with verification of the database server certificate against its root certificate. When selecting this option make sure that the root certificate required to validate the database server certificate (e.g. the CA certificate) is on the system certificate store of both the database and Gitea servers. See your system documentation for instructions on how to add a CA certificate to the certificate store.
-     - `false`: Disable TLS.
-     - `disable`: Alias for `false`, for compatibility with PostgreSQL.
-     - `skip-verify`: Enable TLS without database server certificate verification. Use this option if you have self-signed or invalid certificate on the database server.
-     - `prefer`: Enable TLS with fallback to non-TLS connection.
+    - `true`: Enable TLS with verification of the database server certificate against its root certificate. When selecting this option make sure that the root certificate required to validate the database server certificate (e.g. the CA certificate) is on the system certificate store of both the database and Gitea servers. See your system documentation for instructions on how to add a CA certificate to the certificate store.
+    - `false`: Disable TLS.
+    - `disable`: Alias for `false`, for compatibility with PostgreSQL.
+    - `skip-verify`: Enable TLS without database server certificate verification. Use this option if you have self-signed or invalid certificate on the database server.
+    - `prefer`: Enable TLS with fallback to non-TLS connection.
  - Valid values for PostgreSQL:
-     - `disable`: Disable TLS.
-     - `require`: Enable TLS without any verifications.
-     - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
-     - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
+    - `disable`: Disable TLS.
+    - `require`: Enable TLS without any verifications.
+    - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
+    - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
 - `SQLITE_TIMEOUT`: **500**: Query timeout for SQLite3 only.
+- `SQLITE_JOURNAL_MODE`: **""**: Change journal mode for SQlite3. Can be used to enable [WAL mode](https://www.sqlite.org/wal.html) when high load causes write congestion. See [SQlite3 docs](https://www.sqlite.org/pragma.html#pragma_journal_mode) for possible values. Defaults to the default for the database file, often DELETE.
 - `ITERATE_BUFFER_SIZE`: **50**: Internal buffer size for iterating.
 - `CHARSET`: **utf8mb4**: For MySQL only, either "utf8" or "utf8mb4". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
@ -434,11 +450,11 @@ Configuration at `[queue]` will set defaults for queues with overrides for indiv
 - `MAX_ATTEMPTS`: **10**: Maximum number of attempts to create the wrapped queue
 - `TIMEOUT`: **GRACEFUL_HAMMER_TIME + 30s**: Timeout the creation of the wrapped queue if it takes longer than this to create.
 - Queues by default come with a dynamically scaling worker pool. The following settings configure this:
- `WORKERS`: **0** (v1.14 and before: **1**): Number of initial workers for the queue.
+- `WORKERS`: **0**: Number of initial workers for the queue.
 - `MAX_WORKERS`: **10**: Maximum number of worker go-routines for the queue.
 - `BLOCK_TIMEOUT`: **1s**: If the queue blocks for this time, boost the number of workers - the `BLOCK_TIMEOUT` will then be doubled before boosting again whilst the boost is ongoing.
 - `BOOST_TIMEOUT`: **5m**: Boost workers will timeout after this long.
- `BOOST_WORKERS`: **1** (v1.14 and before: **5**): This many workers will be added to the worker pool if there is a boost.
+- `BOOST_WORKERS`: **1**: This many workers will be added to the worker pool if there is a boost.

 Gitea creates the following non-unique queues:

@ -479,7 +495,8 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 ## Security (`security`)

 - `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible.
- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This should be changed.
+- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
+- `SECRET_KEY_URI`: **<empty>**: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key`). It shouldn't be lost like SECRET_KEY.
 - `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days.
 - `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username.
 - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication
@ -488,6 +505,8 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
   authentication.
 - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
   authentication provided email.
+- `REVERSE_PROXY_AUTHENTICATION_FULL_NAME`: **X-WEBAUTH-FULLNAME**: Header name for reverse proxy
+   authentication provided full name.
 - `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request.
   Number of trusted proxy count. Set to zero to not use these headers.
 - `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
@ -503,25 +522,25 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to Gitea repositories you should set the environment appropriately.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
 - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
+- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining INTERNAL_TOKEN in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
 - `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\], argon2 will spend more memory than others.
 - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
 - `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users.
 - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
-    - lower - use one or more lower latin characters
-    - upper - use one or more upper latin characters
-    - digit - use one or more digits
-    - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
-    - off - do not check password complexity
+  - lower - use one or more lower latin characters
+  - upper - use one or more upper latin characters
+  - digit - use one or more digits
+  - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
+  - off - do not check password complexity
 - `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
 - `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.

 ## Camo (`camo`)

 - `ENABLED`: **false**: Enable media proxy, we support images only at the moment.
- `SERVER_URL`: **<empty>**: url of camo server, it **is required** if camo is enabled.
- `HMAC_KEY`: **<empty>**: Provide the HMAC key for encoding urls, it **is required** if camo is enabled.
- `ALLWAYS`: **false**: Set to true to use camo for https too lese only non https urls are proxyed
+- `SERVER_URL`: **<empty>**: URL of camo server, it **is required** if camo is enabled.
+- `HMAC_KEY`: **<empty>**: Provide the HMAC key for encoding URLs, it **is required** if camo is enabled.
+- `ALLWAYS`: **false**: Set to true to use camo for both HTTP and HTTPS content, otherwise only non-HTTPS URLs are proxied

 ## OpenID (`openid`)

@ -534,18 +553,18 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o

 ## OAuth2 Client (`oauth2_client`)

- `REGISTER_EMAIL_CONFIRM`: *[service]* **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
+- `REGISTER_EMAIL_CONFIRM`: _[service]_ **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
 - `OPENID_CONNECT_SCOPES`: **\<empty\>**: List of additional openid connect scopes. (`openid` is implicitly added)
 - `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users.
 - `USERNAME`: **nickname**: The source of the username for new oauth2 accounts:
-    - userid - use the userid / sub attribute
-    - nickname - use the nickname attribute
-    - email - use the username part of the email attribute
+  - userid - use the userid / sub attribute
+  - nickname - use the nickname attribute
+  - email - use the username part of the email attribute
 - `UPDATE_AVATAR`: **false**: Update avatar if available from oauth2 provider. Update will be performed on each login.
 - `ACCOUNT_LINKING`: **login**: How to handle if an account / email already exists:
-    - disabled - show an error
-    - login - show an account linking login
-    - auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)
+  - disabled - show an error
+  - login - show an account linking login
+  - auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)

 ## Service (`service`)

@ -573,15 +592,20 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
   for reverse authentication.
 - `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a
   provided email rather than a generated email.
+- `ENABLE_REVERSE_PROXY_FULL_NAME`: **false**: Enable this to allow to auto-registration with a
+   provided full name for the user.
 - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
 - `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
-   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You must `ENABLE_CAPTCHA` also.
- `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha\]
+   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You also must enable `ENABLE_CAPTCHA`.
+- `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha, mcaptcha\]
 - `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
 - `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
 - `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
 - `HCAPTCHA_SECRET`: **""**: Sign up at https://www.hcaptcha.com/ to get a secret for hcaptcha.
 - `HCAPTCHA_SITEKEY`: **""**: Sign up at https://www.hcaptcha.com/ to get a sitekey for hcaptcha.
+- `MCAPTCHA_SECRET`: **""**: Go to your mCaptcha instance to get a secret for mCaptcha.
+- `MCAPTCHA_SITEKEY`: **""**: Go to your mCaptcha instance to get a sitekey for mCaptcha.
+- `MCAPTCHA_URL` **https://demo.mcaptcha.org/**: Set the mCaptcha URL.
 - `DEFAULT_KEEP_EMAIL_PRIVATE`: **false**: By default set users to keep their email address private.
 - `DEFAULT_ALLOW_CREATE_ORGANIZATION`: **true**: Allow new users to create organizations by default.
 - `DEFAULT_USER_IS_RESTRICTED`: **false**: Give new users restricted permissions by default
@ -620,14 +644,14 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type

 - `ED25519`: **256**
 - `ECDSA`: **256**
- `RSA`: **2048**
+- `RSA`: **2047**: We set 2047 here because an otherwise valid 2048 RSA key can be reported as 2047 length.
 - `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider

 ## Webhook (`webhook`)

 - `QUEUE_LENGTH`: **1000**: Hook task queue length. Use caution when editing this value.
 - `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
- `ALLOWED_HOST_LIST`: **external**: Since 1.15.7. Default to `*` for 1.15.x, `external` for 1.16 and later. Webhook can only call allowed hosts for security reasons. Comma separated list.
+- `ALLOWED_HOST_LIST`: **external**: Webhook can only call allowed hosts for security reasons. Comma separated list.
  - Built-in networks:
    - `loopback`: 127.0.0.0/8 for IPv4 and ::1/128 for IPv6, localhost is included.
    - `private`: RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and RFC 4193 (FC00::/7). Also called LAN/Intranet.
@ -642,42 +666,42 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type

 ## Mailer (`mailer`)

+⚠️ This section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
+please refer to
+[Gitea 1.17 app.ini example](https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini)
+and
+[Gitea 1.17 configuration document](https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md)
+
 - `ENABLED`: **false**: Enable to use a mail service.
- `DISABLE_HELO`: **\<empty\>**: Disable HELO operation.
- `HELO_HOSTNAME`: **\<empty\>**: Custom hostname for HELO operation.
- `HOST`: **\<empty\>**: SMTP mail host address and port (example: smtp.gitea.io:587).
-  - As per RFC 8314, if supported, Implicit TLS/SMTPS on port 465 is recommended, otherwise opportunistic TLS via STARTTLS on port 587 should be used.
- `IS_TLS_ENABLED` :  **false** : Forcibly use TLS to connect even if not on a default SMTPS port.
-  - Note, if the port ends with `465` Implicit TLS/SMTPS/SMTP over TLS will be used despite this setting.
-  - Otherwise if `IS_TLS_ENABLED=false` and the server supports `STARTTLS` this will be used. Thus if `STARTTLS` is preferred you should set `IS_TLS_ENABLED=false`.
- `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or
-   the "Name" \<email@example.com\> format.
- `ENVELOPE_FROM`: **\<empty\>**: Address set as the From address on the SMTP mail envelope. Set to `<>` to send an empty address.
+- `PROTOCOL`: **\<empty\>**: Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy". _Before 1.18, this was inferred from a combination of `MAILER_TYPE` and `IS_TLS_ENABLED`._
+  - SMTP family, if your provider does not explicitly say which protocol it uses but does provide a port, you can set SMTP_PORT instead and this will be inferred.
+  - **sendmail** Use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
+  - **dummy** Send email messages to the log as a testing phase.
+  - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`, `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
+  - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
+- `SMTP_ADDR`: **\<empty\>**: Mail server address. e.g. smtp.gmail.com. For smtp+unix, this should be a path to a unix socket instead. _Before 1.18, this was combined with `SMTP_PORT` under the name `HOST`._
+- `SMTP_PORT`: **\<empty\>**: Mail server port. If no protocol is specified, it will be inferred by this setting. Common ports are listed below. _Before 1.18, this was combined with `SMTP_ADDR` under the name `HOST`._
+  - 25:  insecure SMTP
+  - 465: SMTP Secure
+  - 587: StartTLS
+- `USE_CLIENT_CERT`: **false**: Use client certificate for TLS/SSL.
+- `CLIENT_CERT_FILE`: **custom/mailer/cert.pem**: Client certificate file.
+- `CLIENT_KEY_FILE`: **custom/mailer/key.pem**: Client key file.
+- `FORCE_TRUST_SERVER_CERT`: **false**: If set to `true`, completely ignores server certificate validation errors. This option is unsafe. Consider adding the certificate to the system trust store instead.
 - `USER`: **\<empty\>**: Username of mailing user (usually the sender's e-mail address).
 - `PASSWD`: **\<empty\>**: Password of mailing user.  Use \`your password\` for quoting if you use special characters in the password.
-   - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or `HOST=localhost`. See [Email Setup]({{< relref "doc/usage/email-setup.en-us.md" >}}) for more information.
- `SEND_AS_PLAIN_TEXT`: **false**: Send mails as plain text.
- `SKIP_VERIFY`: **false**: Whether or not to skip verification of certificates; `true` to disable verification.
-   - **Warning:** This option is unsafe. Consider adding the certificate to the system trust store instead.
-   - **Note:** Gitea only supports SMTP with STARTTLS.
- `USE_CERTIFICATE`: **false**: Use client certificate.
- `CERT_FILE`: **custom/mailer/cert.pem**
- `KEY_FILE`: **custom/mailer/key.pem**
+  - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or SMTP host is localhost. See [Email Setup]({{< relref "doc/usage/email-setup.en-us.md" >}}) for more information.
+- `ENABLE_HELO`: **true**: Enable HELO operation.
+- `HELO_HOSTNAME`: **(retrieved from system)**: HELO hostname.
+- `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or the "Name" \<email@example.com\> format.
+- `ENVELOPE_FROM`: **\<empty\>**: Address set as the From address on the SMTP mail envelope. Set to `<>` to send an empty address.
 - `SUBJECT_PREFIX`: **\<empty\>**: Prefix to be placed before e-mail subject lines.
- `MAILER_TYPE`: **smtp**: \[smtp, sendmail, dummy\]
-   - **smtp** Use SMTP to send mail
-   - **sendmail** Use the operating system's `sendmail` command instead of SMTP.
-   This is common on Linux systems.
-   - **dummy** Send email messages to the log as a testing phase.
-   - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`,
-     `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
-   - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
-   command or full path).
- `SENDMAIL_ARGS`: **_empty_**: Specify any extra sendmail arguments. (NOTE: you should be aware that email addresses can look like options - if your `sendmail` command takes options you must set the option terminator `--`)
+- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be command or full path).
+- `SENDMAIL_ARGS`: **\<empty\>**: Specify any extra sendmail arguments. (NOTE: you should be aware that email addresses can look like options - if your `sendmail` command takes options you must set the option terminator `--`)
 - `SENDMAIL_TIMEOUT`: **5m**: default timeout for sending email through sendmail
 - `SENDMAIL_CONVERT_CRLF`: **true**: Most versions of sendmail prefer LF line endings rather than CRLF line endings. Set this to false if your version of sendmail requires CRLF line endings.
 - `SEND_BUFFER_LEN`: **100**: Buffer length of mailing queue. **DEPRECATED** use `LENGTH` in `[queue.mailer]`
+- `SEND_AS_PLAIN_TEXT`: **false**: Send mails only in plain text, without HTML alternative.

 ## Cache (`cache`)

@ -685,9 +709,9 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
 - `ADAPTER`: **memory**: Cache engine adapter, either `memory`, `redis`, `twoqueue` or `memcache`. (`twoqueue` represents a size limited LRU cache.)
 - `INTERVAL`: **60**: Garbage Collection interval (sec), for memory and twoqueue cache only.
 - `HOST`: **\<empty\>**: Connection string for `redis` and `memcache`. For `twoqueue` sets configuration for the queue.
-   - Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
-   - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
-   - TwoQueue LRU cache: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000` representing the maximum number of objects stored in the cache.
+  - Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+  - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
+  - TwoQueue LRU cache: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000` representing the maximum number of objects stored in the cache.
 - `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to -1 disables caching.

 ## Cache - LastCommitCache settings (`cache.last_commit`)
@ -711,9 +735,9 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type

 - `GRAVATAR_SOURCE`: **gravatar**: Can be `gravatar`, `duoshuo` or anything like
   `http://cn.gravatar.com/avatar/`.
- `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only.
+- `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only. **DEPRECATED [v1.18+]** moved to database. Use admin panel to configure.
 - `ENABLE_FEDERATED_AVATAR`: **false**: Enable support for federated avatars (see
-   [http://www.libravatar.org](http://www.libravatar.org)).
+   [http://www.libravatar.org](http://www.libravatar.org)). **DEPRECATED [v1.18+]** moved to database. Use admin panel to configure.

 - `AVATAR_STORAGE_TYPE`: **default**: Storage type defined in `[storage.xxx]`. Default is `default` which will read `[storage]` if no section `[storage]` will be a type `local`.
 - `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store user avatar image files.
@ -730,7 +754,6 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
  - image = default image will be used (which is set in `REPOSITORY_AVATAR_FALLBACK_IMAGE`)
 - `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)

-
 ## Project (`project`)

 Default templates for project boards:
@ -741,7 +764,7 @@ Default templates for project boards:
 ## Issue and pull request attachments (`attachment`)

 - `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
- `ALLOWED_TYPES`: **.docx,.gif,.gz,.jpeg,.jpg,mp4,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+- `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 - `MAX_SIZE`: **4**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
@ -765,11 +788,13 @@ Default templates for project boards:
 - `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.

 ### Router Log (`log`)
+
 - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
 - `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default Gitea logger.)
  NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.

 ### Access Log (`log`)
+
 - `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
 - `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default Gitea logger.)
 - `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
@ -827,9 +852,9 @@ Default templates for project boards:
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.

 - `SCHEDULE` accept formats
-   - Full crontab specs, e.g. `* * * * * ?`
-   - Descriptors, e.g. `@midnight`, `@every 1h30m` ...
-   - See more: [cron decument](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
+  - Full crontab specs, e.g. `* * * * * ?`
+  - Descriptors, e.g. `@midnight`, `@every 1h30m` ...
+  - See more: [cron documentation](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)

 ### Basic cron tasks - enabled by default

@ -886,6 +911,7 @@ Default templates for project boards:
 ### Extended cron tasks (not enabled by default)

 #### Cron - Garbage collect all repositories ('cron.git_gc_repos')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
@ -894,36 +920,42 @@ Default templates for project boards:
 - `ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. The default value is same with [git] -> GC_ARGS

 #### Cron - Update the '.ssh/authorized_keys' file with Gitea SSH keys ('cron.resync_all_sshkeys')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories ('cron.resync_all_hooks')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Reinitialize all missing Git repositories for which records exist ('cron.reinit_missing_repos')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Delete all repositories missing their Git files ('cron.delete_missing_repos')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron -  Delete generated repository avatars ('cron.delete_generated_repository_avatars')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron -  Delete all old actions from database ('cron.delete_old_actions')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
@ -931,6 +963,7 @@ Default templates for project boards:
 - `OLDER_THAN`: **@every 8760h**: any action older than this expression will be deleted from database, suggest using `8760h` (1 year) because that's the max length of heatmap.

 #### Cron -  Check for new Gitea versions ('cron.update_checker')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `ENABLE_SUCCESS_NOTICE`: **true**: Set to false to switch off success notices.
@ -938,6 +971,7 @@ Default templates for project boards:
 - `HTTP_ENDPOINT`: **https://dl.gitea.io/gitea/version.json**: the endpoint that Gitea will check for newer versions

 #### Cron -  Delete all old system notices from database ('cron.delete_old_system_notices')
+
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
@ -947,6 +981,8 @@ Default templates for project boards:
 ## Git (`git`)

 - `PATH`: **""**: The path of Git executable. If empty, Gitea searches through the PATH environment.
+- `HOME_PATH`: **%(APP_DATA_PATH)/home**: The HOME directory for Git.
+   This directory will be used to contain the `.gitconfig` and possible `.gnupg` directories that Gitea's git calls will use. If you can confirm Gitea is the only application running in this environment, you can set it to the normal home directory for Gitea user.
 - `DISABLE_DIFF_HIGHLIGHT`: **false**: Disables highlight of added and removed changes.
 - `MAX_GIT_DIFF_LINES`: **1000**: Max number of lines allowed of a single file in diff view.
 - `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
@ -954,7 +990,8 @@ Default templates for project boards:
 - `COMMITS_RANGE_SIZE`: **50**: Set the default commits range size
 - `BRANCHES_RANGE_SIZE`: **20**: Set the default branches range size
 - `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use Git wire protocol version 2 when Git version >= 2.18, default is true, set to false when you always want Git wire protocol version 1
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use Git wire protocol version 2 when Git version >= 2.18, default is true, set to false when you always want Git wire protocol version 1.
+  To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
 - `PULL_REQUEST_PUSH_MESSAGE`: **true**: Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
 - `VERBOSE_PUSH`: **true**: Print status information about pushes as they are being processed.
 - `VERBOSE_PUSH_DELAY`: **5s**: Only print verbose information if push takes longer than this delay.
@ -963,6 +1000,7 @@ Default templates for project boards:
 - `DISABLE_PARTIAL_CLONE`: **false** Disable the usage of using partial clones for git.

 ## Git - Timeout settings (`git.timeout`)
+
 - `DEFAUlT`: **360**: Git operations default timeout seconds.
 - `MIGRATE`: **600**: Migrate external repositories timeout seconds.
 - `MIRROR`: **300**: Mirror external repositories timeout seconds.
@ -979,11 +1017,11 @@ Default templates for project boards:

 ## API (`api`)

- `ENABLE_SWAGGER`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
+- `ENABLE_SWAGGER`: **true**: Enables the API documentation endpoints (`/api/swagger`, `/api/v1/swagger`, …). True or false.
 - `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
 - `DEFAULT_PAGING_NUM`: **30**: Default paging number of API.
 - `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for Git trees API.
- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: Default max size of a blob that can be return by the blobs API.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760** (10MiB): Default max size of a blob that can be returned by the blobs API.

 ## OAuth2 (`oauth2`)

@ -998,13 +1036,10 @@ Default templates for project boards:

 ## i18n (`i18n`)

- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
+- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
     List of locales shown in language selector. The first locale will be used as the default if user browser's language doesn't match any locale in the list.
 - `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales

-## U2F (`U2F`) **DEPRECATED**
- `APP_ID`: **`ROOT_URL`**: Declares the facet of the application which is used for authentication of previously registered U2F keys. Requires HTTPS.
-
 ## Markup (`markup`)

 - `MERMAID_MAX_SOURCE_CHARACTERS`: **5000**: Set the maximum size of a Mermaid source. (Set to -1 to disable)
@ -1032,6 +1067,7 @@ IS_INPUT_FILE = false
  - iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.

 Two special environment variables are passed to the render command:
+
 - `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
 - `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.

@ -1047,10 +1083,10 @@ REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
 ALLOW_DATA_URI_IMAGES = true
 ```

- - `ELEMENT`: The element this policy applies to. Must be non-empty.
- - `ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
- - `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
- - `ALLOW_DATA_URI_IMAGES`: **false** Allow data uri images (`<img src="data:image/png;base64,..."/>`).
+- `ELEMENT`: The element this policy applies to. Must be non-empty.
+- `ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
+- `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
+- `ALLOW_DATA_URI_IMAGES`: **false** Allow data uri images (`<img src="data:image/png;base64,..."/>`).

 Multiple sanitisation rules can be defined by adding unique subsections, e.g. `[markup.sanitizer.TeX-2]`.
 To apply a sanitisation rules only for a specify external renderer they must use the renderer name, e.g. `[markup.sanitizer.asciidoc.rule-1]`.
@ -1081,15 +1117,23 @@ Task queue configuration has been moved to `queue.task`. However, the below conf

 - `MAX_ATTEMPTS`: **3**: Max attempts per http/https request on migrations.
 - `RETRY_BACKOFF`: **3**: Backoff time per http/https request retry (seconds)
- `ALLOWED_DOMAINS`: **\<empty\>**: Domains allowlist for migrating repositories, default is blank. It means everything will be allowed. Multiple domains could be separated by commas.
- `BLOCKED_DOMAINS`: **\<empty\>**: Domains blocklist for migrating repositories, default is blank. Multiple domains could be separated by commas. When `ALLOWED_DOMAINS` is not blank, this option has a higher priority to deny domains.
- `ALLOW_LOCALNETWORKS`: **false**: Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291
+- `ALLOWED_DOMAINS`: **\<empty\>**: Domains allowlist for migrating repositories, default is blank. It means everything will be allowed. Multiple domains could be separated by commas. Wildcard is supported: `github.com, *.github.com`.
+- `BLOCKED_DOMAINS`: **\<empty\>**: Domains blocklist for migrating repositories, default is blank. Multiple domains could be separated by commas. When `ALLOWED_DOMAINS` is not blank, this option has a higher priority to deny domains. Wildcard is supported.
+- `ALLOW_LOCALNETWORKS`: **false**: Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291. If a domain is allowed by `ALLOWED_DOMAINS`, this option will be ignored.
 - `SKIP_TLS_VERIFY`: **false**: Allow skip tls verify

 ## Federation (`federation`)

- `ENABLED`: **true**: Enable/Disable federation capabilities
+- `ENABLED`: **false**: Enable/Disable federation capabilities
 - `SHARE_USER_STATISTICS`: **true**: Enable/Disable user statistics for nodeinfo if federation is enabled
+- `MAX_SIZE`: **4**: Maximum federation request and response size (MB)
+
+ WARNING: Changing the settings below can break federation.
+
+- `ALGORITHMS`: **rsa-sha256, rsa-sha512, ed25519**: HTTP signature algorithms
+- `DIGEST_ALGORITHM`: **SHA-256**: HTTP signature digest algorithm
+- `GET_HEADERS`: **(request-target), Date**: GET headers for federation requests
+- `POST_HEADERS`: **(request-target), Date, Digest**: POST headers for federation requests

 ## Packages (`packages`)

@ -1178,6 +1222,7 @@ is `data/repo-archive` and the default of `MINIO_BASE_PATH` is `repo-archive/`.
 - `PROXY_HOSTS`: **\<empty\>**: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.

 i.e.
+
 ```ini
 PROXY_ENABLED = true
 PROXY_URL = socks://127.0.0.1:1080
--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@ -15,7 +15,14 @@ menu:

 # 配置说明

-这是针对Gitea配置文件的说明，你可以了解Gitea的强大配置。需要说明的是，你的所有改变请修改 `custom/conf/app.ini` 文件而不是源文件。所有默认值可以通过 [app.example.ini](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini) 查看到。如果你发现 `%(X)s` 这样的内容，请查看 [ini](https://github.com/go-ini/ini/#recursive-values) 这里的说明。标注了 :exclamation: 的配置项表明除非你真的理解这个配置项的意义，否则最好使用默认值。
+这是针对Gitea配置文件的说明，你可以了解Gitea的强大配置。需要说明的是，你的所有改变请修改 `custom/conf/app.ini` 文件而不是源文件。
+所有默认值可以通过 [app.example.ini](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini) 查看到。
+如果你发现 `%(X)s` 这样的内容，请查看 [ini](https://github.com/go-ini/ini/#recursive-values) 这里的说明。
+标注了 :exclamation: 的配置项表明除非你真的理解这个配置项的意义，否则最好使用默认值。
+
+## ⚠️时效性警告⚠️
+
+此文档的内容可能过于陈旧或者错误，请参考英文文档。

 {{< toc >}}

@ -173,8 +180,8 @@ menu:
 - `ADAPTER`: **memory**: 缓存引擎，可以为 `memory`, `redis` 或 `memcache`。
 - `INTERVAL`: **60**: 只对内存缓存有效，GC间隔，单位秒。
 - `HOST`: **\<empty\>**: 针对redis和memcache有效，主机地址和端口。
-    - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
-    - Memache: `127.0.0.1:9090;127.0.0.1:9091`
+  - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
+  - Memache: `127.0.0.1:9090;127.0.0.1:9091`
 - `ITEM_TTL`: **16h**: 缓存项目失效时间，设置为 -1 则禁用缓存。

 ## Cache - LastCommitCache settings (`cache.last_commit`)
@ -239,7 +246,6 @@ file -I test01.xls
 test01.xls: application/vnd.ms-excel; charset=binary
 ```

-
 ## Log (`log`)

 - `ROOT_PATH`: 日志文件根目录。
@ -251,10 +257,9 @@ test01.xls: application/vnd.ms-excel; charset=binary
 - `ENABLED`: 是否在后台运行定期任务。
 - `RUN_AT_START`: 是否启动时自动运行。
 - `SCHEDULE` 所接受的格式
-   - 完整 crontab 控制, 例如 `* * * * * ?`
-   - 描述符, 例如 `@midnight`, `@every 1h30m` ...
-   - 更多细节参见 [cron api文档](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
-
+  - 完整 crontab 控制, 例如 `* * * * * ?`
+  - 描述符, 例如 `@midnight`, `@every 1h30m` ...
+  - 更多细节参见 [cron api文档](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)

 ### Cron - Update Mirrors (`cron.update_mirrors`)

@ -294,7 +299,7 @@ test01.xls: application/vnd.ms-excel; charset=binary

 ## API (`api`)

- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false; 默认是  true.
+- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false.
 - `MAX_RESPONSE_ITEMS`: **50**: 一个页面最大的项目数。
 - `DEFAULT_PAGING_NUM`: **30**: API中默认分页条数。
 - `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认最大项数.
@ -346,7 +351,7 @@ ALLOW_DATA_URI_IMAGES = true
 - `ALLOW_DATA_URI_IMAGES`: **false** 允许 data uri 图片 (`<img src="data:image/png;base64,..."/>`)。

 多个净化规则可以被同时定义，只要section名称最后一位不重复即可。如： `[markup.sanitizer.TeX-2]`。
-为了针对一种渲染类型进行一个特殊的净化策略，必须使用形如 `[markup.sanitizer.asciidoc.rule-1]` 的方式来命名 seciton。
+为了针对一种渲染类型进行一个特殊的净化策略，必须使用形如 `[markup.sanitizer.asciidoc.rule-1]` 的方式来命名 section。
 如果此规则没有匹配到任何渲染类型，它将会被应用到所有的渲染类型。

 ## Time (`time`)
@ -440,6 +445,7 @@ Repository archive 的存储配置。 如果 `STORAGE_TYPE` 为空，则此配
 - `PROXY_HOSTS`: **\<empty\>**: 逗号分隔的多个需要代理的网址，支持 * 号匹配符号， ** 表示匹配所有网站

 i.e.
+
 ```ini
 PROXY_ENABLED = true
 PROXY_URL = socks://127.0.0.1:1080
--- a/docs/content/doc/advanced/customizing-gitea.en-us.md
+++ b/docs/content/doc/advanced/customizing-gitea.en-us.md
@ -121,7 +121,7 @@ Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful temp
 - `body_inner_pre.tmpl`, before the top navigation bar, but already inside the main container `<div class="full height">`.
 - `body_inner_post.tmpl`, before the end of the main container.
 - `body_outer_post.tmpl`, before the bottom `<footer>` element.
- `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional Javascript.
+- `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional JavaScript.

 #### Example: PlantUML

@ -129,7 +129,7 @@ You can add [PlantUML](https://plantuml.com/) support to Gitea's markdown by usi
 The data is encoded and sent to the PlantUML server which generates the picture. There is an online
 demo server at http://www.plantuml.com/plantuml, but if you (or your users) have sensitive data you
 can set up your own [PlantUML server](https://plantuml.com/server) instead. To set up PlantUML rendering,
-copy javascript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
+copy JavaScript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
 `$GITEA_CUSTOM/public` folder. Then add the following to `custom/footer.tmpl`:

 ```html
@ -137,9 +137,9 @@ copy javascript files from https://gitea.com/davidsvantesson/plantuml-code-highl
  $(async () => {
    if (!$('.language-plantuml').length) return;
    await Promise.all([
-      $.getScript('https://your-server.com/deflate.js'), 
-      $.getScript('https://your-server.com/encode.js'),
-      $.getScript('https://your-server.com/plantuml_codeblock_parse.js'),
+      $.getScript('https://your-gitea-server.com/assets/deflate.js'),
+      $.getScript('https://your-gitea-server.com/assets/encode.js'),
+      $.getScript('https://your-gitea-server.com/assets/plantuml_codeblock_parse.js'),
    ]);
    // Replace call with address to your plantuml server
    parsePlantumlCodeBlocks("https://www.plantuml.com/plantuml");
@ -149,13 +149,13 @@ copy javascript files from https://gitea.com/davidsvantesson/plantuml-code-highl

 You can then add blocks like the following to your markdown:

-    ```plantuml
-        Alice -> Bob: Authentication Request
-        Bob --> Alice: Authentication Response
+```plantuml
+Alice -> Bob: Authentication Request
+Bob --> Alice: Authentication Response

-        Alice -> Bob: Another authentication Request
-        Alice <-- Bob: Another authentication Response
-    ```
+Alice -> Bob: Another authentication Request
+Alice <-- Bob: Another authentication Response
+```

 The script will detect tags with `class="language-plantuml"`, but you can change this by providing a second argument to `parsePlantumlCodeBlocks`.

@ -202,7 +202,7 @@ You can display STL file directly in Gitea by adding:

 to the file `templates/custom/footer.tmpl`

-You also need to download the content of the library [Madeleine.js](https://jinjunho.github.io/Madeleine.js/) and place it under `$GITEA_CUSTOM/public/` folder.
+You also need to download the content of the library [Madeleine.js](https://github.com/beige90/Madeleine.js) and place it under `$GITEA_CUSTOM/public/` folder.

 You should end-up with a folder structure similar to:

@ -335,8 +335,8 @@ The list of themes a user can choose from can be configured with the `THEMES` va

 To make a custom theme available to all users:

-1. Add a CSS file to `$GITEA_PUBLIC/public/css/theme-<theme-name>.css`.
-  The value of `$GITEA_PUBLIC` of your instance can be queried by calling `gitea help` and looking up the value of "CustomPath".
+1. Add a CSS file to `$GITEA_CUSTOM/public/css/theme-<theme-name>.css`.
+  The value of `$GITEA_CUSTOM` of your instance can be queried by calling `gitea help` and looking up the value of "CustomPath".
 2. Add `<theme-name>` to the comma-separated list of setting `THEMES` in `app.ini`

 Community themes are listed in [gitea/awesome-gitea#themes](https://gitea.com/gitea/awesome-gitea#themes).
--- a/docs/content/doc/advanced/environment-variables.zh-cn.md
+++ b/docs/content/doc/advanced/environment-variables.zh-cn.md
@ -25,31 +25,31 @@ GITEA_CUSTOM=/home/gitea/custom ./gitea web

 因为 Gitea 使用 Go 语言编写，因此它使用了一些相关的 Go 的配置参数：

-  * `GOOS`
-  * `GOARCH`
-  * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
+* `GOOS`
+* `GOARCH`
+* [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)

 您可以在[官方文档](https://golang.org/cmd/go/#hdr-Environment_variables)中查阅这些配置参数的详细信息。

 ## Gitea 的文件目录

-  * `GITEA_WORK_DIR`：工作目录的绝对路径
-  * `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
-  * `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
-  * `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
+* `GITEA_WORK_DIR`：工作目录的绝对路径
+* `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
+* `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
+* `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代

 ## 操作系统配置

-  * `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
-  * `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
-  * `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
+* `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
+* `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
+* `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量

 ### 仅限于 Windows 的配置

-  * `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
-  * `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
-  * `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
+* `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
+* `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
+* `HOMEPATH`：在指定主驱动器下的 home 目录相对路径

 ## Miscellaneous

-  * `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。
+* `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。
--- a/docs/content/doc/advanced/external-renderers.en-us.md
+++ b/docs/content/doc/advanced/external-renderers.en-us.md
@ -74,12 +74,13 @@ RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
 IS_INPUT_FILE = false
 ```

-If your external markup relies on additional classes and attributes on the generated HTML elements, you might need to enable custom sanitizer policies. Gitea uses the [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) package as our HTML sanitizier. The example below will support [KaTeX](https://katex.org/) output from [`pandoc`](https://pandoc.org/).
+If your external markup relies on additional classes and attributes on the generated HTML elements, you might need to enable custom sanitizer policies. Gitea uses the [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) package as our HTML sanitizer. The example below could be used to support server-side [KaTeX](https://katex.org/) rendering output from [`pandoc`](https://pandoc.org/).

 ```ini
 [markup.sanitizer.TeX]
 ; Pandoc renders TeX segments as <span>s with the "math" class, optionally
 ; with "inline" or "display" classes depending on context.
+; - note this is different from the built-in math support in our markdown parser which uses <code>
 ELEMENT = span
 ALLOW_ATTR = class
 REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
@ -127,6 +128,7 @@ ALLOW_ATTR = class
 ### Example: Office DOCX

 Display Office DOCX files with [`pandoc`](https://pandoc.org/):
+
 ```ini
 [markup.docx]
 ENABLED = true
@ -138,6 +140,7 @@ ALLOW_DATA_URI_IMAGES = true
 ```

 The template file has the following content:
+
 ```
 $body$
 ```
@ -145,6 +148,7 @@ $body$
 ### Example: Jupyter Notebook

 Display Jupyter Notebook files with [`nbconvert`](https://github.com/jupyter/nbconvert):
+
 ```ini
 [markup.jupyter]
 ENABLED = true
@ -156,9 +160,11 @@ ALLOW_DATA_URI_IMAGES = true
 ```

 ## Customizing CSS
-The external renderer is specified in the .ini in the format `[markup.XXXXX]` and the HTML supplied by your external renderer will be wrapped in a `<div>` with classes `markup` and `XXXXX`. The `markup` class provides out of the box styling (as does `markdown` if `XXXXX` is `markdown`). Otherwise you can use these classes to specifically target the contents of your rendered HTML. 
+
+The external renderer is specified in the .ini in the format `[markup.XXXXX]` and the HTML supplied by your external renderer will be wrapped in a `<div>` with classes `markup` and `XXXXX`. The `markup` class provides out of the box styling (as does `markdown` if `XXXXX` is `markdown`). Otherwise you can use these classes to specifically target the contents of your rendered HTML.

 And so you could write some CSS:
+
 ```css
 .markup.XXXXX html {
  font-size: 100%;
@ -184,6 +190,7 @@ And so you could write some CSS:
 ```

 Add your stylesheet to your custom directory e.g `custom/public/css/my-style-XXXXX.css` and import it using a custom header file `custom/templates/custom/header.tmpl`:
+
 ```html
 <link type="text/css" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
 ```
--- a/docs/content/doc/advanced/logging-documentation.en-us.md
+++ b/docs/content/doc/advanced/logging-documentation.en-us.md
@ -15,12 +15,14 @@ menu:

 # Logging Configuration

-The logging framework has been revamped in Gitea 1.9.0.
-
 **Table of Contents**

 {{< toc >}}

+## Collecting Logs for Help
+
+To collect logs for help and issue report, see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}}).
+
 ## Log Groups

 The fundamental thing to be aware of in Gitea is that there are several
--- a/docs/content/doc/advanced/mail-templates-us.md
+++ b/docs/content/doc/advanced/mail-templates-us.md
@ -251,7 +251,7 @@ This template produces something along these lines:
 >
 > \_********************************\_********************************
 >
-> Mike, I think we should tone down the blues a little.  
+> Mike, I think we should tone down the blues a little.
 > \_********************************\_********************************
 >
 > [View it on Gitea](#).
--- a/docs/content/doc/advanced/protected-tags.en-us.md
+++ b/docs/content/doc/advanced/protected-tags.en-us.md
@ -15,7 +15,7 @@ menu:

 # Protected tags

-Protected tags allow control over who has permission to create or update Git tags. Each rule allows you to match either an individual tag name, or use an appropriate pattern to control multiple tags at once. 
+Protected tags allow control over who has permission to create or update Git tags. Each rule allows you to match either an individual tag name, or use an appropriate pattern to control multiple tags at once.

 **Table of Contents**

--- a/docs/content/doc/advanced/repo-mirror.en-us.md
+++ b/docs/content/doc/advanced/repo-mirror.en-us.md
@ -37,7 +37,7 @@ For an existing remote repository, you can set up pull mirroring as follows:
 3. Enter a repository URL.
 4. If the repository needs authentication fill in your authentication information.
 5. Check the box **This repository will be a mirror**.
-5. Select **Migrate repository** to save the configuration.
+6. Select **Migrate repository** to save the configuration.

 The repository now gets mirrored periodically from the remote repository. You can force a sync by selecting **Synchronize Now** in the repository settings.

--- a/docs/content/doc/advanced/search-engines-indexation.en-us.md
+++ b/docs/content/doc/advanced/search-engines-indexation.en-us.md
@ -25,7 +25,6 @@ create a file called `robots.txt` in the [`custom` folder or `CustomPath`]({{< r

 Examples on how to configure the `robots.txt` can be found at [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt).

-
 ```txt
 User-agent: *
 Disallow: /
--- a/docs/content/doc/advanced/signing.en-us.md
+++ b/docs/content/doc/advanced/signing.en-us.md
@ -97,11 +97,12 @@ repositories, `SIGNING_KEY=default` could be used to provide different
 signing keys on a per-repository basis. However, this is clearly not an
 ideal UI and therefore subject to change.

-**Since 1.17**, Gitea runs git in its own home directory `[repository].ROOT` and uses its own config `{[repository].ROOT}/.gitconfig`.
+**Since 1.17**, Gitea runs git in its own home directory `[git].HOME_PATH` (default to `%(APP_DATA_PATH)/home`)
+and uses its own config `{[git].HOME_PATH}/.gitconfig`.
 If you have your own customized git config for Gitea, you should set these configs in system git config (aka `/etc/gitconfig`)
-or the Gitea internal git config `{[repository].ROOT}/.gitconfig`. 
-Related home files for git command (like `.gnupg`) should also be put in Gitea's git home directory `[repository].ROOT`. 
-
+or the Gitea internal git config `{[git].HOME_PATH}/.gitconfig`.
+Related home files for git command (like `.gnupg`) should also be put in Gitea's git home directory `[git].HOME_PATH`.
+If you like to keep the `.gnupg` directory outside of `{[git].HOME_PATH}/`, consider setting the `$GNUPGHOME` environment variable to your preferred location.

 ### `INITIAL_COMMIT`

--- a/docs/content/doc/advanced/third-party-tools.zh-cn.md
+++ b/docs/content/doc/advanced/third-party-tools.zh-cn.md
@ -14,23 +14,26 @@ menu:
 ---

 # 第三方工具列表
+
 **注意:** 这些工具并没有经过Gitea的检验，在这里列出它们只是为了便捷.

 *此列表并不是完整的列表，可以随时咨询如何添加!*

 ### 持续集成
-[BuildKite 连接器](https://github.com/techknowlogick/gitea-buildkite-connector)  
-[Jenkins 插件](https://github.com/jenkinsci/gitea-plugin)  
+
+[BuildKite 连接器](https://github.com/techknowlogick/gitea-buildkite-connector)
+[Jenkins 插件](https://github.com/jenkinsci/gitea-plugin)
 [Gitea搭配Drone](https://docs.drone.io/installation/gitea)

-
 ### 迁移
-[Gitea安装脚本](https://git.coolaj86.com/coolaj86/gitea-installer.sh)  
+
+[Gitea安装脚本](https://git.coolaj86.com/coolaj86/gitea-installer.sh)
 [GitHub迁移](https://gitea.com/gitea/migrator)

-
 ### 移动端
+
 [安卓客户端GitNex](https://gitlab.com/mmarif4u/gitnex)

-###  编辑器扩展
- - [Gitea的Visual Studio扩展](https://github.com/maikebing/Gitea.VisualStudio)    从   [Visual Studio 扩展市场](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio) 下载
+### 编辑器扩展
+
+- [Gitea的Visual Studio扩展](https://github.com/maikebing/Gitea.VisualStudio)    从   [Visual Studio 扩展市场](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio) 下载
--- a/docs/content/doc/developers/api-usage.en-us.md
+++ b/docs/content/doc/developers/api-usage.en-us.md
@ -48,9 +48,8 @@ A new token can be generated with a `POST` request to
 Note that `/users/:name/tokens` is a special endpoint and requires you
 to authenticate using `BasicAuth` and a password, as follows:

-
 ```sh
-$ curl -XPOST -H "Content-Type: application/json"  -k -d '{"name":"test"}' -u username:password https://gitea.your.host/api/v1/users/<username>/tokens
+$ curl -H "Content-Type: application/json" -d '{"name":"test"}' -u username:password https://gitea.your.host/api/v1/users/<username>/tokens
 {"id":1,"name":"test","sha1":"9fcb1158165773dd010fca5f0cf7174316c3e37d","token_last_eight":"16c3e37d"}
 ```

@ -59,7 +58,7 @@ plain-text.  It will not be displayed when listing tokens with a `GET`
 request; e.g.

 ```sh
-$ curl --request GET --url https://yourusername:password@gitea.your.host/api/v1/users/<username>/tokens
+$ curl --url https://yourusername:password@gitea.your.host/api/v1/users/<username>/tokens
 [{"name":"test","sha1":"","token_last_eight:"........":},{"name":"dev","sha1":"","token_last_eight":"........"}]
 ```

@ -71,7 +70,7 @@ is where you'd place the code from your authenticator.
 Here is how the request would look like in curl:

 ```sh
-$ curl -H "X-Gitea-OTP: 123456" --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+$ curl -H "X-Gitea-OTP: 123456" --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
 ```

 You can also create an API key token via your Gitea installation's web
@ -97,7 +96,7 @@ Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
 In a `curl` command, for instance, this would look like:

 ```sh
-curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
+curl "http://localhost:4000/api/v1/repos/test1/test1/issues" \
    -H "accept: application/json" \
    -H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
    -H "Content-Type: application/json" -d "{ \"body\": \"testing\", \"title\": \"test 20\"}" -i
@ -106,6 +105,18 @@ curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
 As mentioned above, the token used is the same one you would use in
 the `token=` string in a GET request.

+## Pagination
+
+The API supports pagination. The `page` and `limit` parameters are used to specify the page number and the number of items per page. As well, the `Link` header is returned with the next, previous, and last page links if there are more than one pages. The `x-total-count` is also returned to indicate the total number of items.
+
+```sh
+curl -v "http://localhost/api/v1/repos/search?limit=1"
+...
+< link: <http://localhost/api/v1/repos/search?limit=1&page=2>; rel="next",<http://localhost/api/v1/repos/search?limit=1&page=5252>; rel="last"
+...
+< x-total-count: 5252
+```
+
 ## API Guide:

 API Reference guide is auto-generated by swagger and available on:
--- a/docs/content/doc/developers/api-usage.zh-cn.md
+++ b/docs/content/doc/developers/api-usage.zh-cn.md
@ -46,7 +46,7 @@ Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
 以 `curl` 命令为例，它会以如下形式携带在请求中：

 ```
-curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
+curl "http://localhost:4000/api/v1/repos/test1/test1/issues" \
    -H "accept: application/json" \
    -H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
    -H "Content-Type: application/json" -d "{ \"body\": \"testing\", \"title\": \"test 20\"}" -i
@ -62,7 +62,7 @@ curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
 ### 使用 Basic authentication 认证：

 ```
-$ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+$ curl --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
 [{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
 ```

--- a/docs/content/doc/developers/guidelines-backend.md
+++ b/docs/content/doc/developers/guidelines-backend.md
@ -21,8 +21,8 @@ menu:

 ## Background

-Gitea uses Golang as the backend programming language. It uses many third-party packages and also write some itself. 
-For example, Gitea uses [Chi](https://github.com/go-chi/chi) as basic web framework. [Xorm](https://xorm.io) is an ORM framework that is used to interact with the database. 
+Gitea uses Golang as the backend programming language. It uses many third-party packages and also write some itself.
+For example, Gitea uses [Chi](https://github.com/go-chi/chi) as basic web framework. [Xorm](https://xorm.io) is an ORM framework that is used to interact with the database.
 So it's very important to manage these packages. Please take the below guidelines before you start to write backend code.

 ## Package Design Guideline
@ -33,7 +33,9 @@ To maintain understandable code and avoid circular dependencies it is important

 - `build`: Scripts to help build Gitea.
 - `cmd`: All Gitea actual sub commands includes web, doctor, serv, hooks, admin and etc. `web` will start the web service. `serv` and `hooks` will be invoked by Git or OpenSSH. Other sub commands could help to maintain Gitea.
- `integrations`: Integration tests
+- `tests`: Common test utility functions
+  - `tests/integration`: Integration tests, to test back-end regressions
+  - `tests/e2e`: E2e tests, to test test front-end <> back-end compatibility and visual regressions.
 - `models`: Contains the data structures used by xorm to construct database tables. It also contains functions to query and update the database. Dependencies to other Gitea code should be avoided. You can make exceptions in cases such as logging.
  - `models/db`: Basic database operations. All other `models/xxx` packages should depend on this package. The `GetEngine` function should only be invoked from `models/`.
  - `models/fixtures`: Sample data used in unit tests and integration tests. One `yml` file means one table which will be loaded into database when beginning the tests.
@ -43,9 +45,9 @@ To maintain understandable code and avoid circular dependencies it is important
  - `modules/git`: Package to interactive with `Git` command line or Gogit package.
 - `public`: Compiled frontend files (javascript, images, css, etc.)
 - `routers`: Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) must not depend on routers.
-  - `routers/api` Contains routers for `/api/v1` aims to handle RESTful API requests. 
-  - `routers/install` Could only respond when system is in INSTALL mode (INSTALL_LOCK=false). 
-  - `routers/private` will only be invoked by internal sub commands, especially `serv` and `hooks`. 
+  - `routers/api` Contains routers for `/api/v1` aims to handle RESTful API requests.
+  - `routers/install` Could only respond when system is in INSTALL mode (INSTALL_LOCK=false).
+  - `routers/private` will only be invoked by internal sub commands, especially `serv` and `hooks`.
  - `routers/web` will handle HTTP requests from web browsers or Git SMART HTTP protocols.
 - `services`: Support functions for common routing operations or command executions. Uses `models` and `modules` to handle the requests.
 - `templates`: Golang templates for generating the html output.
@ -61,30 +63,26 @@ From left to right, left packages could depend on right packages, but right pack
 **NOTICE**

 Why do we need database transactions outside of `models`? And how?
-Some actions should allow for rollback when database record insertion/update/deletion failed. 
+Some actions should allow for rollback when database record insertion/update/deletion failed.
 So services must be allowed to create a database transaction. Here is some example,

 ```go
-// servcies/repository/repo.go
-func CreateXXXX() error {\
-  ctx, committer, err := db.TxContext()
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
-  // do something, if return err, it will rollback automatically when `committer.Close()` is invoked.
-  if err := issues.UpdateIssue(ctx, repoID); err != nil {
-      // ...
-  }
-
-  // ......
-
-  return committer.Commit()
+// services/repository/repository.go
+func CreateXXXX() error {
+    return db.WithTx(func(ctx context.Context) error {
+        e := db.GetEngine(ctx)
+        // do something, if err is returned, it will rollback automatically
+        if err := issues.UpdateIssue(ctx, repoID); err != nil {
+            // ...
+            return err
+        }
+        // ...
+        return nil
+    })
 }
 ```

-You should **not** use `db.GetEngine(ctx)` in `services` directly, but just write a function under `models/`. 
+You should **not** use `db.GetEngine(ctx)` in `services` directly, but just write a function under `models/`.
 If the function will be used in the transaction, just let `context.Context` as the function's first parameter.

 ```go
@ -92,14 +90,14 @@ If the function will be used in the transaction, just let `context.Context` as t
 func UpdateIssue(ctx context.Context, repoID int64) error {
    e := db.GetEngine(ctx)

-    // ......
+    // ...
 }
 ```

 ### Package Name

 For the top level package, use a plural as package name, i.e. `services`, `models`, for sub packages, use singular,
-i.e. `servcies/user`, `models/repository`.
+i.e. `services/user`, `models/repository`.

 ### Import Alias

--- a/docs/content/doc/developers/guidelines-frontend.en-us.md
+++ b/docs/content/doc/developers/guidelines-frontend.en-us.md
@ -21,11 +21,12 @@ menu:

 ## Background

-Gitea uses [Less CSS](https://lesscss.org), [Fomantic-UI](https://fomantic-ui.com/introduction/getting-started.html) (based on [jQuery](https://api.jquery.com)) and [Vue2](https://vuejs.org/v2/guide/) for its frontend.
+Gitea uses [Less CSS](https://lesscss.org), [Fomantic-UI](https://fomantic-ui.com/introduction/getting-started.html) (based on [jQuery](https://api.jquery.com)) and [Vue3](https://vuejs.org/) for its frontend.

 The HTML pages are rendered by [Go HTML Template](https://pkg.go.dev/html/template).

 The source files can be found in the following directories:
+
 * **Less styles:** `web_src/less/`
 * **JavaScript files:** `web_src/js/`
 * **Vue components:** `web_src/js/components/`
@ -41,10 +42,9 @@ We recommend [Google HTML/CSS Style Guide](https://google.github.io/styleguide/h
 2. HTML ids and classes should use kebab-case.
 3. HTML ids and classes used in JavaScript should be unique for the whole project, and should contain 2-3 feature related keywords. We recommend to use the `js-` prefix for classes that are only used in JavaScript.
 4. jQuery events across different features could use their own namespaces if there are potential conflicts.
-5. CSS styling for classes provided by frameworks should not be overwritten. Always use new class-names with 2-3 feature related keywords to overwrite framework styles.  
+5. CSS styling for classes provided by frameworks should not be overwritten. Always use new class-names with 2-3 feature related keywords to overwrite framework styles.
 6. The backend can pass complex data to the frontend by using `ctx.PageData["myModuleData"] = map[]{}`
-7. Simple pages and SEO-related pages use Go HTML Template render to generate static Fomantic-UI HTML output. Complex pages can use Vue2 (or Vue3 in future).
-
+7. Simple pages and SEO-related pages use Go HTML Template render to generate static Fomantic-UI HTML output. Complex pages can use Vue3.

 ### Framework Usage

@ -52,25 +52,27 @@ Mixing different frameworks together is discouraged, it makes the code difficult
 A JavaScript module should follow one major framework and follow the framework's best practice.

 Recommended implementations:
+
 * Vue + Vanilla JS
 * Fomantic-UI (jQuery)
 * Vanilla JS

 Discouraged implementations:
+
 * Vue + Fomantic-UI (jQuery)
 * jQuery + Vanilla JS

 To make UI consistent, Vue components can use Fomantic-UI CSS classes.
-Although mixing different frameworks is discouraged, 
-it should also work if the mixing is necessary and the code is well-designed and maintainable. 
+Although mixing different frameworks is discouraged,
+it should also work if the mixing is necessary and the code is well-designed and maintainable.

 ### `async` Functions

-Only mark a function as `async` if and only if there are `await` calls 
+Only mark a function as `async` if and only if there are `await` calls
 or `Promise` returns inside the function.

 It's not recommended to use `async` event listeners, which may lead to problems.
-The reason is that the code after await is executed outside the event dispatch. 
+The reason is that the code after await is executed outside the event dispatch.
 Reference: https://github.com/github/eslint-plugin-github/blob/main/docs/rules/async-preventdefault.md

 If we want to call an `async` function in a non-async context,
@ -88,14 +90,13 @@ However, there are still some special cases, so the current guideline is:
  * `$.data()` can be used to bind some non-string data to elements in rare cases, but it is highly discouraged.

 * For new code:
-  * `node.dataset` should not be used, use `node.getAttribute` instead. 
+  * `node.dataset` should not be used, use `node.getAttribute` instead.
  * never bind any user data to a DOM node, use a suitable design pattern to describe the relation between node and data.

-
 ### Legacy Code

 A lot of legacy code already existed before this document's written. It's recommended to refactor legacy code to follow the guidelines.

-### Vue2/Vue3 and JSX
+### Vue3 and JSX

-Gitea is using Vue2 now, we plan to upgrade to Vue3. We decided not to introduce JSX to keep the HTML and the JavaScript code separated.
+Gitea is using Vue3 now. We decided not to introduce JSX to keep the HTML and the JavaScript code separated.
--- a/docs/content/doc/developers/hacking-on-gitea.en-us.md
+++ b/docs/content/doc/developers/hacking-on-gitea.en-us.md
@ -19,6 +19,12 @@ menu:

 {{< toc >}}

+## Quickstart
+
+To get a quick working development environment you could use Gitpod.
+
+[![Open in Gitpod](/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/go-gitea/gitea)
+
 ## Installing go

 You should [install go](https://golang.org/doc/install) and set up your go
@ -35,7 +41,7 @@ on the executable path. If you don't add the go bin directory to the
 executable path you will have to manage this yourself.

 **Note 2**: Go version {{< min-go-version >}} or higher is required.
-Gitea uses `gofmt` to format source code. However, the results of 
+Gitea uses `gofmt` to format source code. However, the results of
 `gofmt` can differ by the version of `go`. Therefore it is
 recommended to install the version of Go that our continuous integration is
 running. As of last update, the Go version should be {{< go-version >}}.
@ -69,7 +75,7 @@ One of these three distributions of Make will run on Windows:
  - [32-bits version](http://www.equation.com/ftpdir/make/32/make.exe)
  - [64-bits version](http://www.equation.com/ftpdir/make/64/make.exe)
 - [MinGW-w64](https://www.mingw-w64.org) / [MSYS2](https://www.msys2.org/).
-  - MSYS2 is a collection of tools and libraries providing you with an easy-to-use environment for building, installing and running native Windows software, it includes MinGW-w64. 
+  - MSYS2 is a collection of tools and libraries providing you with an easy-to-use environment for building, installing and running native Windows software, it includes MinGW-w64.
  - In MingGW-w64, the binary is called `mingw32-make.exe` instead of `make.exe`. Add the `bin` folder to `PATH`.
  - In MSYS2, you can use `make` directly. See [MSYS2 Porting](https://www.msys2.org/wiki/Porting/).
  - To compile Gitea with CGO_ENABLED (eg: SQLite3), you might need to use [tdm-gcc](https://jmeubank.github.io/tdm-gcc/) instead of MSYS2 gcc, because MSYS2 gcc headers lack some Windows-only CRT functions like `_beginthread`.
@ -171,7 +177,7 @@ server as mentioned above.

 ### Working on JS and CSS

-Frontend development should follow [Guidelines for Frontend Development](./guidelines-frontend.md)
+Frontend development should follow [Guidelines for Frontend Development]({{< relref "doc/developers/guidelines-frontend.en-us.md" >}})

 To build with frontend resources, either use the `watch-frontend` target mentioned above or just build once:

@ -212,7 +218,7 @@ SVG icons are built using the `make svg` target which compiles the icon sources

 ### Building the Logo

-The PNG and SVG versions of the Gitea logo are built from a single SVG source file `assets/logo.svg` using the `TAGS="gitea" make generate-images` target. To run it, Node.js and npm must be available. 
+The PNG and SVG versions of the Gitea logo are built from a single SVG source file `assets/logo.svg` using the `TAGS="gitea" make generate-images` target. To run it, Node.js and npm must be available.

 The same process can also be used to generate custom logo PNGs from a SVG source file by updating `assets/logo.svg` and running `make generate-images`. Omitting the `gitea` tag will update only the user-designated logo files.

@ -309,10 +315,9 @@ will run the integration tests in an SQLite environment. Integration tests
 require `git lfs` to be installed. Other database tests are available but
 may need adjustment to the local environment.

-Take a look at [`integrations/README.md`](https://github.com/go-gitea/gitea/blob/main/integrations/README.md)
+Take a look at [`tests/integration/README.md`](https://github.com/go-gitea/gitea/blob/main/tests/integration/README.md)
 for more information and how to run a single test.

-
 ### Testing for a PR

 Our continuous integration will test the code passes its unit tests and that
@ -345,13 +350,13 @@ for more information.

 ## GoLand

-Clicking the `Run Application` arrow on the function `func main()` in `/main.go` 
+Clicking the `Run Application` arrow on the function `func main()` in `/main.go`
 can quickly start a debuggable Gitea instance.

-The `Output Directory` in `Run/Debug Configuration` MUST be set to the 
-gitea project directory (which contains `main.go` and `go.mod`), 
-otherwise, the started instance's working directory is a GoLand's temporary directory 
-and prevents Gitea from loading dynamic resources (eg: templates) in a development environment.  
+The `Output Directory` in `Run/Debug Configuration` MUST be set to the
+gitea project directory (which contains `main.go` and `go.mod`),
+otherwise, the started instance's working directory is a GoLand's temporary directory
+and prevents Gitea from loading dynamic resources (eg: templates) in a development environment.

 To run unit tests with SQLite in GoLand, set `-tags sqlite,sqlite_unlock_notify`
 in `Go tool arguments` of `Run/Debug Configuration`.
--- a/docs/content/doc/developers/migrations.en-us.md
+++ b/docs/content/doc/developers/migrations.en-us.md
@ -16,11 +16,11 @@ menu:
 # Migration Features

 Complete migrations were introduced in Gitea 1.9.0. It defines two interfaces to support migrating
-repository data from other Git host platforms to Gitea or, in the future, migrating Gitea data to other
-Git host platforms.  
+repository data from other Git host platforms to Gitea or, in the future, migrating Gitea data to other Git host platforms.
+
 Currently, migrations from GitHub, GitLab, and other Gitea instances are implemented.

-First of all, Gitea defines some standard objects in packages [modules/migration](https://github.com/go-gitea/gitea/tree/main/modules/migration).  
+First of all, Gitea defines some standard objects in packages [modules/migration](https://github.com/go-gitea/gitea/tree/main/modules/migration).
 They are `Repository`, `Milestone`, `Release`, `ReleaseAsset`, `Label`, `Issue`, `Comment`, `PullRequest`, `Reaction`, `Review`, `ReviewComment`.

 ## Downloader Interfaces
@ -29,7 +29,7 @@ To migrate from a new Git host platform, there are two steps to be updated.

 - You should implement a `Downloader` which will be used to get repository information.
 - You should implement a `DownloaderFactory` which will be used to detect if the URL matches and create the above `Downloader`.
-   - You'll need to register the `DownloaderFactory` via `RegisterDownloaderFactory` on `init()`.
+  - You'll need to register the `DownloaderFactory` via `RegisterDownloaderFactory` on `init()`.

 You can find these interfaces in [downloader.go](https://github.com/go-gitea/gitea/blob/main/modules/migration/downloader.go).

--- a/docs/content/doc/developers/migrations.zh-tw.md
+++ b/docs/content/doc/developers/migrations.zh-tw.md
@ -18,7 +18,7 @@ menu:
 完整的遷移從 Gitea 1.9.0 開始提供。它定義了兩個介面用來從其它 Git 託管平臺遷移儲存庫資料到 Gitea，未來或許會提供遷移到其它 git 託管平臺。
 目前已實作了從 Github, Gitlab 和其它 Gitea 遷移資料。

-Gitea 定義了一些基本物件於套件 [modules/migration](https://github.com/go-gitea/gitea/tree/master/modules/migration)。  
+Gitea 定義了一些基本物件於套件 [modules/migration](https://github.com/go-gitea/gitea/tree/master/modules/migration)。
 分別是 `Repository`, `Milestone`, `Release`, `ReleaseAsset`, `Label`, `Issue`, `Comment`, `PullRequest`, `Reaction`, `Review`, `ReviewComment`。

 ## Downloader 介面
--- a/docs/content/doc/developers/oauth2-provider.md
+++ b/docs/content/doc/developers/oauth2-provider.md
@ -34,6 +34,7 @@ Gitea supports acting as an OAuth2 provider to allow third party applications to
 ## Supported OAuth2 Grants

 At the moment Gitea only supports the [**Authorization Code Grant**](https://tools.ietf.org/html/rfc6749#section-1.3.1) standard with additional support of the following extensions:
+
 - [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636)
 - [OpenID Connect (OIDC)](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)

@ -41,13 +42,19 @@ To use the Authorization Code Grant as a third party application it is required

 ## Scopes

-Currently Gitea does not support scopes (see [#4300](https://github.com/go-gitea/gitea/issues/4300)) and all third party applications will be granted access to all resources of the user and his/her organizations.
+Currently Gitea does not support scopes (see [#4300](https://github.com/go-gitea/gitea/issues/4300)) and all third party applications will be granted access to all resources of the user and their organizations.
+
+## Client types
+
+Gitea supports both confidential and public client types, [as defined by RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1).
+
+For public clients, a redirect URI of a loopback IP address such as `http://127.0.0.1/` allows any port. Avoid using `localhost`, [as recommended by RFC 8252](https://datatracker.ietf.org/doc/html/rfc8252#section-8.3).

 ## Example

 **Note:** This example does not use PKCE.

-1. Redirect to user to the authorization endpoint in order to get his/her consent for accessing the resources:
+1. Redirect to user to the authorization endpoint in order to get their consent for accessing the resources:

   ```curl
   https://[YOUR-GITEA-URL]/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI& response_type=code&state=STATE
--- a/docs/content/doc/developers/oauth2-provider.zh-tw.md
+++ b/docs/content/doc/developers/oauth2-provider.zh-tw.md
@ -46,7 +46,7 @@ Gitea 支援作為 OAuth2 提供者，能讓第三方程式能在使用者同意
 **備註：** 此範例未使用 PKCE。

 1. 重新導向使用者到 authorization endpoint 以獲得他同意授權存取資源：
-    <!-- 1. Redirect to user to the authorization endpoint in order to get his/her consent for accessing the resources: -->
+    <!-- 1. Redirect to user to the authorization endpoint in order to get their consent for accessing the resources: -->

   ```curl
   https://[YOUR-GITEA-URL]/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI& response_type=code&state=STATE
--- a/docs/content/doc/features/authentication.en-us.md
+++ b/docs/content/doc/features/authentication.en-us.md
@ -203,7 +203,7 @@ configure this, set the fields below:

 - Force SMTPS

-  - SMTPS will be used by default for connections to port 465, if you wish to use SMTPS 
+  - SMTPS will be used by default for connections to port 465, if you wish to use SMTPS
  for other ports. Set this value.
  - Otherwise if the server provides the `STARTTLS` extension this will be used.

--- a/docs/content/doc/features/comparison.en-us.md
+++ b/docs/content/doc/features/comparison.en-us.md
@ -21,7 +21,7 @@ menu:

 To help decide if Gitea is suited for your needs, here is how it compares to other Git self hosted options.

-Be warned that we don't regularly check for feature changes in other products, so this list may be outdated. If you find anything that needs to be updated in the table below, please report it in an [issue on GitHub](https://github.com/go-gitea/gitea/issues).
+Be warned that we don't regularly check for feature changes in other products, so this list may be outdated. If you find anything that needs to be updated in the table below, please [open an issue](https://github.com/go-gitea/gitea/issues/new/choose).

 _Symbols used in table:_

@ -33,100 +33,111 @@ _Symbols used in table:_

 ## General Features

-| Feature                             | Gitea                                              | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket      | RhodeCode CE |
-| ----------------------------------- | ---------------------------------------------------| ---- | --------- | --------- | --------- | -------------- | ------------ |
-| Open source and free                | ✓                                                 | ✓    | ✘         | ✓         | ✘         | ✘              | ✓            |
-| Low resource usage (RAM/CPU)        | ✓                                                 | ✓    | ✘         | ✘         | ✘         | ✘              | ✘            |
-| Multiple database support           | ✓                                                 | ✓    | ✘         | ⁄         | ⁄         | ✓              | ✓            |
-| Multiple OS support                 | ✓                                                 | ✓    | ✘         | ✘         | ✘         | ✘              | ✓            |
-| Easy upgrade process                | ✓                                                 | ✓    | ✘         | ✓         | ✓         | ✘              | ✓            |
-| Markdown support                    | ✓                                                 | ✓    | ✓         | ✓         | ✓         | ✓              | ✓            |
-| Orgmode support                     | ✓                                                 | ✘    | ✓         | ✘         | ✘         | ✘              | ?            |
-| CSV support                         | ✓                                                 | ✘    | ✓         | ✘         | ✘         | ✓              | ?            |
-| Third-party render tool support     | ✓                                                 | ✘    | ✘         | ✘         | ✘         | ✓              | ?            |
-| Static Git-powered pages            | [✘](https://github.com/go-gitea/gitea/issues/302) | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
-| Integrated Git-powered wiki         | ✓                                                 | ✓    | ✓         | ✓         | ✓         | ✓ (cloud only) | ✘            |
-| Deploy Tokens                       | ✓                                                 | ✓    | ✓         | ✓         | ✓         | ✓              | ✓            |
-| Repository Tokens with write rights | ✓                                                 | ✘    | ✓         | ✓         | ✓         | ✓              | ✓            |
-| Built-in Package/Container Registry | ✓                                                 | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
-| External git mirroring              | ✓                                                 | ✓    | ✘         | ✘         | ✓         | ✓              | ✓            |
-| WebAuthn (2FA)                      | ✓                                                 | ✘    | ✓         | ✓         | ✓         | ✓              | ?            |
-| Built-in CI/CD                      | ✘                                                 | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
-| Subgroups: groups within groups     | ✘                                                 | ✘    | ✘         | ✓         | ✓         | ✘              | ✓            |
+| Feature                                          | Gitea                                               | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+| ------------------------------------------------ | --------------------------------------------------- | ---- | --------- | --------- | --------- | --------- | ------------ |
+| Open source and free                             | ✓                                                   | ✓    | ✘         | ✓         | ✘         | ✘         | ✓            |
+| Low RAM/ CPU usage                               | ✓                                                   | ✓    | ✘         | ✘         | ✘         | ✘         | ✘            |
+| Multiple database support                        | ✓                                                   | ✓    | ✘         | ⁄         | ⁄         | ✓         | ✓            |
+| Multiple OS support                              | ✓                                                   | ✓    | ✘         | ✘         | ✘         | ✘         | ✓            |
+| Easy upgrades                                    | ✓                                                   | ✓    | ✘         | ✓         | ✓         | ✘         | ✓            |
+| Telemetry                                        | **✘**                                               | ✘    | ✓         | ✓         | ✓         | ✓         | ?            |
+| Third-party render tool support                  | ✓                                                   | ✘    | ✘         | ✘         | ✘         | ✓         | ?            |
+| WebAuthn (2FA)                                   | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ?            |
+| Extensive API                                    | ✓                                                   | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Built-in Package/Container Registry              | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Sync commits to an external repo (push mirror)   | ✓                                                   | ✓    | ✘         | ✓         | ✓         | ✘         | ✓            |
+| Sync commits from an external repo (pull mirror) | ✓                                                   | ✘    | ✘         | ✓         | ✓         | ✘         | ?            |
+| Light and Dark Theme                             | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ?            |
+| Custom Theme Support                             | ✓                                                   | ✓    | ✘         | ✘         | ✘         | ✓         | ✘            |
+| Markdown support                                 | ✓                                                   | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| CSV support                                      | ✓                                                   | ✘    | ✓         | ✘         | ✘         | ✓         | ?            |
+| 'GitHub / GitLab pages'                          | [✘](https://github.com/go-gitea/gitea/issues/302)   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Repo-specific wiki (as a repo itself)            | ✓                                                   | ✓    | ✓         | ✓         | ✓         | /         | ✘            |
+| Deploy Tokens                                    | ✓                                                   | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Repository Tokens with write rights              | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| RSS Feeds                                        | ✓                                                   | ✘    | ✓         | ✘         | ✘         | ✘         | ✘            |
+| Built-in CI/CD                                   | [✘](https://github.com/go-gitea/gitea/issues/13539) | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Subgroups: groups within groups                  | [✘](https://github.com/go-gitea/gitea/issues/1872)  | ✘    | ✘         | ✓         | ✓         | ✘         | ✓            |
+| Interaction with other instances                 | [/](https://github.com/go-gitea/gitea/issues/18240) | ✘    | ✘         | ✘         | ✘         | ✘         | ✘            |
+| Mermaid diagrams in Markdown                     | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Math syntax in Markdown                          | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |

 ## Code management

-| Feature                                      | Gitea                                            | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
-| -------------------------------------------- | ------------------------------------------------ | ---- | --------- | --------- | --------- | --------- | ------------ |
-| Repository topics                            | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| Repository code search                       | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Global code search                           | ✓                                                | ✘    | ✓         | ✘         | ✓         | ✓         | ✓            |
-| Git LFS 2.0                                  | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Group Milestones                             | ✘                                                | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| Granular user roles (Code, Issues, Wiki etc) | ✓                                                | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| Verified Committer                           | ⁄                                                | ✘    | ?         | ✓         | ✓         | ✓         | ✘            |
-| GPG Signed Commits                           | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| SSH Signed Commits                           | ✓                                                | ✘    | ✘         | ✘         | ✘         | ?         | ?            |
-| Reject unsigned commits                      | [✓](https://github.com/go-gitea/gitea/pull/9708) | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Repository Activity page                     | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Branch manager                               | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Create new branches                          | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| Web code editor                              | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Commit graph                                 | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Template Repositories                        | [✓](https://github.com/go-gitea/gitea/pull/8768) | ✘    | ✓         | ✘         | ✓         | ✓         | ✘            |
+| Feature                                     | Gitea                                               | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+| ------------------------------------------- | --------------------------------------------------- | ---- | --------- | --------- | --------- | --------- | ------------ |
+| Repository topics                           | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Repository code search                      | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Global code search                          | ✓                                                   | ✘    | ✓         | ✘         | ✓         | ✓         | ✓            |
+| Git LFS 2.0                                 | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Group Milestones                            | [✘](https://github.com/go-gitea/gitea/issues/14622) | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| Granular user roles (Code, Issues, Wiki, …) | ✓                                                   | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| Verified Committer                          | ⁄                                                   | ✘    | ?         | ✓         | ✓         | ✓         | ✘            |
+| GPG Signed Commits                          | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| SSH Signed Commits                          | ✓                                                   | ✘    | ✓         | ✘         | ✘         | ?         | ?            |
+| Reject unsigned commits                     | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Migrating repos from other services         | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Repository Activity page                    | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Branch manager                              | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Create new branches                         | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Web code editor                             | ✓                                                   | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Commit graph                                | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Template Repositories                       | ✓                                                   | ✘    | ✓         | ✘         | ✓         | ✓         | ✘            |
+| Git Blame                                   | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Visual comparison of image changes          | ✓                                                   | ✘    | ✓         | ?         | ?         | ?         | ?            |

 ## Issue Tracker

-| Feature                         | Gitea                                              | Gogs                                          | GitHub EE | GitLab CE                                                               | GitLab EE | BitBucket | RhodeCode CE |
-| ------------------------------- | -------------------------------------------------- | --------------------------------------------- | --------- | ----------------------------------------------------------------------- | --------- | -------------- | ------------ |
-| Issue tracker                   | ✓                                                  | ✓                                             | ✓         | ✓                                                                       | ✓         | ✓ (cloud only) | ✘            |
-| Issue templates                 | ✓                                                  | ✓                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Labels                          | ✓                                                  | ✓                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Time tracking                   | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Multiple assignees for issues   | ✓                                                  | ✘                                             | ✓         | ✘                                                                       | ✓         | ✘              | ✘            |
-| Related issues                  | ✘                                                  | ✘                                             | ⁄         | [✓](https://docs.gitlab.com/ce/user/project/issues/related_issues.html) | ✓         | ✘              | ✘            |
-| Confidential issues             | [✘](https://github.com/go-gitea/gitea/issues/3217) | ✘                                             | ✘         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Comment reactions               | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Lock Discussion                 | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Batch issue handling            | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Issue Boards (Kanban)           | [✓](https://github.com/go-gitea/gitea/pull/8346)   | ✘                                             | ✘         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Create new branches from issues | ✘                                                  | ✘                                             | ✘         | ✓                                                                       | ✓         | ✘              | ✘            |
-| Issue search                    | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✓              | ✘            |
-| Global issue search             | [✘](https://github.com/go-gitea/gitea/issues/2434) | ✘                                             | ✓         | ✓                                                                       | ✓         | ✓              | ✘            |
-| Issue dependency                | ✓                                                  | ✘                                             | ✘         | ✘                                                                       | ✘         | ✘              | ✘            |
-| Create issue via email          | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘         | ✘                                                                       | ✓         | ✓              | ✘            |
-| Service Desk                    | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘                                             | ✘         | [✓](https://gitlab.com/groups/gitlab-org/-/epics/3103)                  | ✓         | ✘              | ✘            |
+| Feature                       | Gitea                                               | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+| ----------------------------- | --------------------------------------------------- | ---- | --------- | --------- | --------- | --------- | ------------ |
+| Issue tracker                 | ✓                                                   | ✓    | ✓         | ✓         | ✓         | /         | ✘            |
+| Issue templates               | ✓                                                   | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Labels                        | ✓                                                   | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Time tracking                 | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Multiple assignees for issues | ✓                                                   | ✘    | ✓         | ✘         | ✓         | ✘         | ✘            |
+| Related issues                | ✘                                                   | ✘    | ⁄         | ✓         | ✓         | ✘         | ✘            |
+| Confidential issues           | [✘](https://github.com/go-gitea/gitea/issues/3217)  | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| Comment reactions             | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Lock Discussion               | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Batch issue handling          | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Issue Boards (Kanban)         | [/](https://github.com/go-gitea/gitea/issues/14710) | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| Create branch from issue      | [✘](https://github.com/go-gitea/gitea/issues/20226) | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| Convert comment to new issue  | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Issue search                  | ✓                                                   | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Global issue search           | [/](https://github.com/go-gitea/gitea/issues/2434)  | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Issue dependency              | ✓                                                   | ✘    | ✘         | ✘         | ✘         | ✘         | ✘            |
+| Create issue via email        | [✘](https://github.com/go-gitea/gitea/issues/6226)  | ✘    | ✘         | ✘         | ✓         | ✓         | ✘            |
+| Service Desk                  | [✘](https://github.com/go-gitea/gitea/issues/6219)  | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |

 ## Pull/Merge requests

-| Feature                                         | Gitea                                              | Gogs | GitHub EE | GitLab CE                                                                         | GitLab EE | BitBucket                                                                | RhodeCode CE |
-| ----------------------------------------------- | -------------------------------------------------- | ---- | --------- | --------------------------------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | ------------ |
-| Pull/Merge requests                             | ✓                                                  | ✓    | ✓         | ✓                                                                                 | ✓         | ✓                                                                        | ✓            |
-| Squash merging                                  | ✓                                                  | ✘    | ✓         | [✓](https://docs.gitlab.com/ce/user/project/merge_requests/squash_and_merge.html) | ✓         | ✓                                                                        | ✓            |
-| Rebase merging                                  | ✓                                                  | ✓    | ✓         | ✘                                                                                 | ⁄         | ✘                                                                        | ✓            |
-| Pull/Merge request inline comments              | ✓                                                  | ✘    | ✓         | ✓                                                                                 | ✓         | ✓                                                                        | ✓            |
-| Pull/Merge request approval                     | ✓                                                  | ✘    | ⁄         | ✓                                                                                 | ✓         | ✓                                                                        | ✓            |
-| Merge conflict resolution                       | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘    | ✓         | ✓                                                                                 | ✓         | ✓                                                                        | ✘            |
-| Restrict push and merge access to certain users | ✓                                                  | ✘    | ✓         | ⁄                                                                                 | ✓         | ✓                                                                        | ✓            |
-| Revert specific commits or a merge request      | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘    | ✓         | ✓                                                                                 | ✓         | ✓                                                                        | ✘            |
-| Pull/Merge requests templates                   | ✓                                                  | ✓    | ✓         | ✓                                                                                 | ✓         | ✘                                                                        | ✘            |
-| Cherry-picking changes                          | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘    | ✘         | ✓                                                                                 | ✓         | ✘                                                                        | ✘            |
-| Download Patch                                  | ✓                                                  | ✘    | ✓         | ✓                                                                                 | ✓         | [/](https://jira.atlassian.com/plugins/servlet/mobile#issue/BCLOUD-8323) | ✘            |
+| Feature                                         | Gitea                                              | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+| ----------------------------------------------- | -------------------------------------------------- | ---- | --------- | --------- | --------- | --------- | ------------ |
+| Pull/Merge requests                             | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Squash merging                                  | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Rebase merging                                  | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Pull/Merge request inline comments              | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Pull/Merge request approval                     | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Merge conflict resolution                       | [✘](https://github.com/go-gitea/gitea/issues/9014) | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Restrict push and merge access to certain users | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Revert specific commits                         | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Pull/Merge requests templates                   | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Cherry-picking changes                          | ✓                                                  | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| Download Patch                                  | ✓                                                  | ✘    | ✓         | ✓         | ✓         | /         | ✘            |

 ## 3rd-party integrations

-| Feature                                        | Gitea                                            | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
-| ---------------------------------------------- | ------------------------------------------------ | ---- | --------- | --------- | --------- | --------- | ------------ |
-| Webhook support                                | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Custom Git Hooks                               | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| AD / LDAP integration                          | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Multiple LDAP / AD server support              | ✓                                                | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
-| LDAP user synchronization                      | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| OpenId Connect support                         | ✓                                                | ✘    | ✓         | ✓         | ✓         | ?         | ✘            |
-| OAuth 2.0 integration (external authorization) | ✓                                                | ✘    | ⁄         | ✓         | ✓         | ?         | ✓            |
-| Act as OAuth 2.0 provider                      | [✓](https://github.com/go-gitea/gitea/pull/5378) | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| Two factor authentication (2FA)                | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| Mattermost/Slack integration                   | ✓                                                | ✓    | ⁄         | ✓         | ✓         | ⁄         | ✓            |
-| Discord integration                            | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| Microsoft Teams integration                    | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| External CI/CD status display                  | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Feature                                        | Gitea                                              | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+| ---------------------------------------------- | ------------------------------------------------   | ---- | --------- | --------- | --------- | --------- | ------------ |
+| Webhooks                                       | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Git Hooks                                      | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| AD / LDAP integration                          | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Multiple LDAP / AD server support              | ✓                                                  | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
+| LDAP user synchronization                      | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| SAML 2.0 service provider                      | [✘](https://github.com/go-gitea/gitea/issues/5512) | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| OpenID Connect support                         | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ?         | ✘            |
+| OAuth 2.0 integration (external authorization) | ✓                                                  | ✘    | ⁄         | ✓         | ✓         | ?         | ✓            |
+| Act as OAuth 2.0 provider                      | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Two factor authentication (2FA)                | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Integration with the most common services      | ✓                                                  | /    | ⁄         | ✓         | ✓         | ⁄         | ✓            |
+| Incorporate external CI/CD                     | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
--- a/docs/content/doc/features/comparison.zh-cn.md
+++ b/docs/content/doc/features/comparison.zh-cn.md
@ -31,98 +31,101 @@ _表格中的符号含义:_

 #### 主要特性

-| 特性                  | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
-|-----------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
-| 开源免费              | ✓     | ✓    | ✘         | ✓         | ✘         | ✘         | ✓            |
-| 低资源开销 (RAM/CPU)  | ✓     | ✓    | ✘         | ✘         | ✘         | ✘         | ✘            |
-| 支持多种数据库        | ✓     | ✓    | ✘         | ⁄         | ⁄         | ✓         | ✓            |
-| 支持多种操作系统      | ✓     | ✓    | ✘         | ✘         | ✘         | ✘         | ✓            |
-| 升级简便              | ✓     | ✓    | ✘         | ✓         | ✓         | ✘         | ✓            |
-| 支持 Markdown         | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 支持 Orgmode          | ✓     | ✘    | ✓         | ✘         | ✘         | ✘         | ?            |
-| 支持 CSV              | ✓     | ✘    | ✓         | ✘         | ✘         | ✓         | ?            |
-| 支持第三方渲染工具    | ✓     | ✘    | ✘         | ✘         | ✘         | ✓         | ?            |
-| Git 驱动的静态 pages  | ✘     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| Git 驱动的集成化 wiki | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| 部署令牌              | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 仓库写权限令牌        | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✓            |
-| 内置容器 Registry     | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| 外部 Git 镜像         | ✓     | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
-| WebAuthn (2FA)       | ✓       | ✘    | ✓         | ✓         | ✓         | ✓              | ?            |
-| 内置 CI/CD            | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| 子组织：组织内的组织  | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✓            |
+| 特性                  | Gitea                                              | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket      | RhodeCode CE |
+| --------------------- | -------------------------------------------------- | ---- | --------- | --------- | --------- | -------------- | ------------ |
+| 开源免费              | ✓                                                  | ✓    | ✘         | ✓         | ✘         | ✘              | ✓            |
+| 低资源开销 (RAM/CPU)  | ✓                                                  | ✓    | ✘         | ✘         | ✘         | ✘              | ✘            |
+| 支持多种数据库        | ✓                                                  | ✓    | ✘         | ⁄         | ⁄         | ✓              | ✓            |
+| 支持多种操作系统      | ✓                                                  | ✓    | ✘         | ✘         | ✘         | ✘              | ✓            |
+| 升级简便              | ✓                                                  | ✓    | ✘         | ✓         | ✓         | ✘              | ✓            |
+| 支持 Markdown         | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓              | ✓            |
+| 支持 Orgmode          | ✓                                                  | ✘    | ✓         | ✘         | ✘         | ✘              | ?            |
+| 支持 CSV              | ✓                                                  | ✘    | ✓         | ✘         | ✘         | ✓              | ?            |
+| 支持第三方渲染工具    | ✓                                                  | ✘    | ✘         | ✘         | ✘         | ✓              | ?            |
+| Git 驱动的静态 pages  | [✘](https://github.com/go-gitea/gitea/issues/302)  | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
+| Git 驱动的集成化 wiki | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓ (cloud only) | ✘            |
+| 部署令牌              | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓              | ✓            |
+| 仓库写权限令牌        | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓              | ✓            |
+| 内置容器 Registry     | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
+| 外部 Git 镜像         | ✓                                                  | ✓    | ✘         | ✘         | ✓         | ✓              | ✓            |
+| WebAuthn (2FA)        | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓              | ?            |
+| 内置 CI/CD            | ✘                                                  | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
+| 子组织：组织内的组织  | [✘](https://github.com/go-gitea/gitea/issues/1872) | ✘    | ✘         | ✓         | ✓         | ✘              | ✓            |

 #### 代码管理

-| 特性                                     | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
-|------------------------------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
-| 仓库主题描述                             | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| 仓库内代码搜索                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 全局代码搜索                             | ✓     | ✘    | ✓         | ✘         | ✓         | ✓         | ✓            |
-| Git LFS 2.0                              | ✓     | ✘    | ✓         | ✓         | ✓         | ⁄         | ✓            |
-| 组织里程碑                               | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| 细粒度用户角色 (例如 Code, Issues, Wiki) | ✓     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| 提交人的身份验证                         | ✘     | ✘    | ?         | ✓         | ✓         | ✓         | ✘            |
-| GPG 签名的提交                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| SSH 签名的提交                           | ✓      | ✘    | ✘         | ✘         | ✘         | ?         | ?            |
-| 拒绝未用通过验证的提交                   | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✓            |
-| 仓库活跃度页面                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 分支管理                                 | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 建立新分支                               | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| 在线代码编辑                             | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 提交的统计图表                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 特性                                     | Gitea                                            | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+| ---------------------------------------- | ------------------------------------------------ | ---- | --------- | --------- | --------- | --------- | ------------ |
+| 仓库主题描述                             | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 仓库内代码搜索                           | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 全局代码搜索                             | ✓                                                | ✘    | ✓         | ✘         | ✓         | ✓         | ✓            |
+| Git LFS 2.0                              | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 组织里程碑                               | ✘                                                | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| 细粒度用户角色 (例如 Code, Issues, Wiki) | ✓                                                | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| 提交人的身份验证                         | ⁄                                                | ✘    | ?         | ✓         | ✓         | ✓         | ✘            |
+| GPG 签名的提交                           | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| SSH 签名的提交                           | ✓                                                | ✘    | ✘         | ✘         | ✘         | ?         | ?            |
+| 拒绝未用通过验证的提交                   | [✓](https://github.com/go-gitea/gitea/pull/9708) | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 仓库活跃度页面                           | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 分支管理                                 | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 建立新分支                               | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 在线代码编辑                             | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 提交的统计图表                           | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 模板仓库                                 | [✓](https://github.com/go-gitea/gitea/pull/8768) | ✘    | ✓         | ✘         | ✓         | ✓         | ✘            |

-#### Issue 管理
+#### 工单管理

-| 特性                 | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
-|----------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
-| 跟踪 Issue           | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| Issue 模板           | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| 标签                 | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| 跟踪时间             | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| Issue 可有多个负责人 | ✓     | ✘    | ✓         | ✘         | ✓         | ✘         | ✘            |
-| 关联的 issues        | ✘     | ✘    | ⁄         | ✘         | ✓         | ✘         | ✘            |
-| 私密 issues          | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| 评论反馈             | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| 锁定讨论             | ✘     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| Issue 批量处理       | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| Issue 看板           | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| 从 issues 创建分支   | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-| Issue 搜索           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| 全局 Issue 搜索      | ✘     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| Issue 依赖           | ✓     | ✘    | ✘         | ✘         | ✘         | ✘         | ✘            |
-| 通过 Email 创建工单 | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✘ | ✓ | ✓ | ✘ |
-| Service Desk | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘ | ✘ | ✘ | ✓ | ✘ | ✘ |
+| 特性                | Gitea                                              | Gogs                                          | GitHub EE | GitLab CE                                                               | GitLab EE | BitBucket      | RhodeCode CE |
+| ------------------- | -------------------------------------------------- | --------------------------------------------- | --------- | ----------------------------------------------------------------------- | --------- | -------------- | ------------ |
+| 工单跟踪            | ✓                                                  | ✓                                             | ✓         | ✓                                                                       | ✓         | ✓ (cloud only) | ✘            |
+| 工单模板            | ✓                                                  | ✓                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 标签                | ✓                                                  | ✓                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 时间跟踪            | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 支持多个负责人      | ✓                                                  | ✘                                             | ✓         | ✘                                                                       | ✓         | ✘              | ✘            |
+| 关联的工单          | ✘                                                  | ✘                                             | ⁄         | [✓](https://docs.gitlab.com/ce/user/project/issues/related_issues.html) | ✓         | ✘              | ✘            |
+| 私密工单            | [✘](https://github.com/go-gitea/gitea/issues/3217) | ✘                                             | ✘         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 评论反馈            | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 锁定讨论            | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 工单批处理          | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 工单看板            | [✓](https://github.com/go-gitea/gitea/pull/8346)   | ✘                                             | ✘         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 从工单创建分支      | ✘                                                  | ✘                                             | ✘         | ✓                                                                       | ✓         | ✘              | ✘            |
+| 工单搜索            | ✓                                                  | ✘                                             | ✓         | ✓                                                                       | ✓         | ✓              | ✘            |
+| 工单全局搜索        | [✘](https://github.com/go-gitea/gitea/issues/2434) | ✘                                             | ✓         | ✓                                                                       | ✓         | ✓              | ✘            |
+| 工单依赖关系        | ✓                                                  | ✘                                             | ✘         | ✘                                                                       | ✘         | ✘              | ✘            |
+| 通过 Email 创建工单 | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘         | ✘                                                                       | ✓         | ✓              | ✘            |
+| 服务台              | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘                                             | ✘         | [✓](https://gitlab.com/groups/gitlab-org/-/epics/3103)                  | ✓         | ✘              | ✘            |

 #### Pull/Merge requests

-| 特性                                 | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
-|--------------------------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
-| Pull/Merge requests                  | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| Squash merging                       | ✓     | ✘    | ✓         | ✘         | ✓         | ✓         | ✓            |
-| Rebase merging                       | ✓     | ✓    | ✓         | ✘         | ⁄         | ✘         | ✓            |
-| 评论 Pull/Merge request 中的某行代码 | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 指定 Pull/Merge request 的审核人     | ✓     | ✘    | ⁄         | ✓         | ✓         | ✓         | ✓            |
-| 解决 Merge 冲突                      | ✘     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| 限制某些用户的 push 和 merge 权限    | ✓     | ✘    | ✓         | ⁄         | ✓         | ✓         | ✓            |
-| 回退某些 commits 或 merge request    | ✘     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| Pull/Merge requests 模板             | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| 查看 Cherry-picking 的更改           | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
-
+| 特性                                 | Gitea                                              | Gogs | GitHub EE | GitLab CE                                                                         | GitLab EE | BitBucket                                                                | RhodeCode CE |
+| ------------------------------------ | -------------------------------------------------- | ---- | --------- | --------------------------------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | ------------ |
+| Pull/Merge requests                  | ✓                                                  | ✓    | ✓         | ✓                                                                                 | ✓         | ✓                                                                        | ✓            |
+| Squash merging                       | ✓                                                  | ✘    | ✓         | [✓](https://docs.gitlab.com/ce/user/project/merge_requests/squash_and_merge.html) | ✓         | ✓                                                                        | ✓            |
+| Rebase merging                       | ✓                                                  | ✓    | ✓         | ✘                                                                                 | ⁄         | ✘                                                                        | ✓            |
+| 评论 Pull/Merge request 中的某行代码 | ✓                                                  | ✘    | ✓         | ✓                                                                                 | ✓         | ✓                                                                        | ✓            |
+| 指定 Pull/Merge request 的审核人     | ✓                                                  | ✘    | ⁄         | ✓                                                                                 | ✓         | ✓                                                                        | ✓            |
+| 解决 Merge 冲突                      | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘    | ✓         | ✓                                                                                 | ✓         | ✓                                                                        | ✘            |
+| 限制某些用户的 push 和 merge 权限    | ✓                                                  | ✘    | ✓         | ⁄                                                                                 | ✓         | ✓                                                                        | ✓            |
+| 回退某些 commits 或 merge request    | [✓](https://github.com/go-gitea/gitea/issues/5158) | ✘    | ✓         | ✓                                                                                 | ✓         | ✓                                                                        | ✘            |
+| Pull/Merge requests 模板             | ✓                                                  | ✓    | ✓         | ✓                                                                                 | ✓         | ✘                                                                        | ✘            |
+| 查看 Cherry-picking 的更改           | [✓](https://github.com/go-gitea/gitea/issues/5158) | ✘    | ✘         | ✓                                                                                 | ✓         | ✘                                                                        | ✘            |
+| 下载 Patch                           | ✓                                                  | ✘    | ✓         | ✓                                                                                 | ✓         | [/](https://jira.atlassian.com/plugins/servlet/mobile#issue/BCLOUD-8323) | ✘            |

 #### 第三方集成

-| 特性                       | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
-|----------------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
-| 支持 Webhook               | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 自定义 Git 钩子            | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 集成 AD / LDAP             | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 支持多个 LDAP / AD 服务    | ✓     | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
-| LDAP 用户同步              | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| 支持 OpenId 连接           | ✓     | ✘    | ✓         | ✓         | ✓         | ?         | ✘            |
-| 集成 OAuth 2.0（外部授权） | ✓     | ✘    | ⁄         | ✓         | ✓         | ?         | ✓            |
-| 作为 OAuth 2.0 provider    | [✓](https://github.com/go-gitea/gitea/pull/5378)     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| 二次验证 (2FA)             | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
-| 集成 Mattermost/Slack      | ✓     | ✓    | ⁄         | ✓         | ✓         | ⁄         | ✓            |
-| 集成 Discord               | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
-| 显示外部 CI/CD 的状态      | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 特性                       | Gitea                                              | Gogs                                          | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+| -------------------------- | -------------------------------------------------- | --------------------------------------------- | --------- | --------- | --------- | --------- | ------------ |
+| 支持 Webhook               | ✓                                                  | ✓                                             | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 自定义 Git 钩子            | ✓                                                  | ✓                                             | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 集成 AD / LDAP             | ✓                                                  | ✓                                             | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 支持多个 LDAP / AD 服务    | ✓                                                  | ✓                                             | ✘         | ✘         | ✓         | ✓         | ✓            |
+| LDAP 用户同步              | ✓                                                  | ✘                                             | ✓         | ✓         | ✓         | ✓         | ✓            |
+| SAML 2.0 service provider  | [✘](https://github.com/go-gitea/gitea/issues/5512) | [✘](https://github.com/gogs/gogs/issues/1221) | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 支持 OpenId 连接           | ✓                                                  | ✘                                             | ✓         | ✓         | ✓         | ?         | ✘            |
+| 集成 OAuth 2.0（外部授权） | ✓                                                  | ✘                                             | ⁄         | ✓         | ✓         | ?         | ✓            |
+| 作为 OAuth 2.0 provider    | [✓](https://github.com/go-gitea/gitea/pull/5378)   | ✘                                             | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 二次验证 (2FA)             | ✓                                                  | ✓                                             | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 集成 Mattermost/Slack      | ✓                                                  | ✓                                             | ⁄         | ✓         | ✓         | ⁄         | ✓            |
+| 集成 Discord               | ✓                                                  | ✓                                             | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 集成 Microsoft Teams       | ✓                                                  | ✘                                             | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 显示外部 CI/CD 的状态      | ✓                                                  | ✘                                             | ✓         | ✓         | ✓         | ✓         | ✓            |
--- a/docs/content/doc/features/comparison.zh-tw.md
+++ b/docs/content/doc/features/comparison.zh-tw.md
@ -50,7 +50,7 @@ menu:
 | 有寫入權限的儲存庫 Token | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✘         | ✓            |
 | 內建 Container Registry  | [✘](https://github.com/go-gitea/gitea/issues/2316) | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
 | 對外部 Git 鏡像          | ✓                                                  | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
-| FIDO U2F (2FA)           | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| FIDO (2FA)               | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 內建 CI/CD               | ✘                                                  | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
 | 子群組: 群組中的群組     | ✘                                                  | ✘    | ✘         | ✓         | ✓         | ✘         | ✓            |

@ -121,6 +121,7 @@ menu:
 | 整合 AD / LDAP            | ✓                                                | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
 | 支援多重 LDAP / AD 伺服器 | ✓                                                | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
 | 同步 LDAP 使用者          | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| SAML 2.0 service provider                      | [✘](https://github.com/go-gitea/gitea/issues/5512) | [✘](https://github.com/gogs/gogs/issues/1221) | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 支援 OpenId Connect       | ✓                                                | ✘    | ✓         | ✓         | ✓         | ?         | ✘            |
 | 整合 OAuth 2.0 (外部驗證) | ✓                                                | ✘    | ⁄         | ✓         | ✓         | ?         | ✓            |
 | 成為 OAuth 2.0 提供者     | [✓](https://github.com/go-gitea/gitea/pull/5378) | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
--- a/docs/content/doc/features/localization.en-us.md
+++ b/docs/content/doc/features/localization.en-us.md
@ -26,6 +26,8 @@ For changes to a **non-English** translation, refer to the Crowdin project above

 Any language listed in the above Crowdin project will be supported as long as 25% or more has been translated.

-After a translation has been accepted, it will be reflected in the main repository after the next Crowdin sync, which is generally after any PR is merged.  
-At the time of writing, this means that a changed translation may not appear until the following Gitea release.  
+After a translation has been accepted, it will be reflected in the main repository after the next Crowdin sync, which is generally after any PR is merged.
+
+At the time of writing, this means that a changed translation may not appear until the following Gitea release.
+
 If you use a bleeding edge build, it should appear as soon as you update after the change is synced.
--- a/docs/content/doc/features/localization.zh-tw.md
+++ b/docs/content/doc/features/localization.zh-tw.md
@ -25,6 +25,8 @@ menu:

 上述 Crowdin 專案中列出的語言在翻譯超過 25% 後將被支援。

-翻譯被認可後將在下次 Crowdin 同步後進入到主儲存庫，通常是在任何合併請求被合併之後。  
-這表示更改的翻譯要到下次 Gitea 發佈後才會出現。  
+翻譯被認可後將在下次 Crowdin 同步後進入到主儲存庫，通常是在任何合併請求被合併之後。
+
+這表示更改的翻譯要到下次 Gitea 發佈後才會出現。
+
 如果您使用的是最新建置，它將會在同步完成、您更新後出現。
--- a/docs/content/doc/help/faq.en-us.md
+++ b/docs/content/doc/help/faq.en-us.md
@ -15,7 +15,8 @@ menu:

 # Frequently Asked Questions <!-- omit in toc -->

-This page contains some common questions and answers.  
+This page contains some common questions and answers.
+
 For more help resources, check all [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}}).

 **Table of Contents**
@ -24,14 +25,18 @@ For more help resources, check all [Support Options]({{< relref "doc/help/seek-h

 ## Difference between 1.x and 1.x.x downloads

-Version 1.7.x will be used for this example.  
+Version 1.7.x will be used for this example.
+
 **NOTE:** this example applies to Docker images as well!

-On our [downloads page](https://dl.gitea.io/gitea/) you will see a 1.7 directory, as well as directories for 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, and 1.7.6.  
-The 1.7 and 1.7.0 directories are **not** the same. The 1.7 directory is built on each merged commit to the [`release/v1.7`](https://github.com/go-gitea/gitea/tree/release/v1.7) branch.  
+On our [downloads page](https://dl.gitea.io/gitea/) you will see a 1.7 directory, as well as directories for 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, and 1.7.6.
+
+The 1.7 and 1.7.0 directories are **not** the same. The 1.7 directory is built on each merged commit to the [`release/v1.7`](https://github.com/go-gitea/gitea/tree/release/v1.7) branch.
+
 The 1.7.0 directory, however, is a build that was created when the [`v1.7.0`](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) tag was created.

-This means that 1.x downloads will change as commits are merged to their respective branch (think of it as a separate "main" branch for each release).  
+This means that 1.x downloads will change as commits are merged to their respective branch (think of it as a separate "main" branch for each release).
+
 On the other hand, 1.x.x downloads should never change.

 ## How to migrate from Gogs/GitHub/etc. to Gitea
@ -41,11 +46,14 @@ To migrate from Gogs to Gitea:
 - [Gogs version 0.9.146 or less]({{< relref "doc/upgrade/from-gogs.en-us.md" >}})
 - [Gogs version 0.11.46.0418](https://github.com/go-gitea/gitea/issues/4286)

-To migrate from GitHub to Gitea, you can use Gitea's built-in migration form.  
-In order to migrate items such as issues, pull requests, etc. you will need to input at least your username.  
+To migrate from GitHub to Gitea, you can use Gitea's built-in migration form.
+
+In order to migrate items such as issues, pull requests, etc. you will need to input at least your username.
+
 [Example (requires login)](https://try.gitea.io/repo/migrate)

-To migrate from GitLab to Gitea, you can use this non-affiliated tool:  
+To migrate from GitLab to Gitea, you can use this non-affiliated tool:
+
 https://github.com/loganinak/MigrateGitlabToGogs

 ## Where does Gitea store what file
@ -83,9 +91,9 @@ There are a few places that could make this show incorrectly.

 If certain clone options aren't showing up (HTTP/S or SSH), the following options can be checked in your `app.ini`

-`DISABLE_HTTP_GIT`: if set to true, there will be no HTTP/HTTPS link  
-`DISABLE_SSH`: if set to true, there will be no SSH link  
-`SSH_EXPOSE_ANONYMOUS`: if set to false, SSH links will be hidden for anonymous users
+- `DISABLE_HTTP_GIT`: if set to true, there will be no HTTP/HTTPS link
+- `DISABLE_SSH`: if set to true, there will be no SSH link
+- `SSH_EXPOSE_ANONYMOUS`: if set to false, SSH links will be hidden for anonymous users

 ## File upload fails with: 413 Request Entity Too Large

@ -95,19 +103,21 @@ See the [reverse proxy guide]({{< relref "doc/usage/reverse-proxies.en-us.md" >}

 ## Custom Templates not loading or working incorrectly

-Gitea's custom templates must be added to the correct location or Gitea will not find and use them.  
+Gitea's custom templates must be added to the correct location or Gitea will not find and use them.
+
 The correct path for the template(s) will be relative to the `CustomPath`

 1. To find `CustomPath`, look for Custom File Root Path in Site Administration -> Configuration

- If that doesn't exist, you can try `echo $GITEA_CUSTOM`
+    If that doesn't exist, you can try `echo $GITEA_CUSTOM`

-2. If you are still unable to find a path, the default can be [calculated above](#where-does-gitea-store-x-file)
+2. If you are still unable to find a path, the default can be [calculated above](#where-does-gitea-store-what-file)
 3. Once you have figured out the correct custom path, you can refer to the [customizing Gitea]({{< relref "doc/advanced/customizing-gitea.en-us.md" >}}) page to add your template to the correct location.

 ## Active user vs login prohibited user

-In Gitea, an "active" user refers to a user that has activated their account via email.  
+In Gitea, an "active" user refers to a user that has activated their account via email.
+
 A "login prohibited" user is a user that is not allowed to log in to Gitea anymore

 ## Setting up logging
@ -116,11 +126,13 @@ A "login prohibited" user is a user that is not allowed to log in to Gitea anymo

 ## What is Swagger?

-[Swagger](https://swagger.io/) is what Gitea uses for its API.  
-All Gitea instances have the built-in API, though it can be disabled by setting `ENABLE_SWAGGER` to `false` in the `api` section of your `app.ini`  
-For more information, refer to Gitea's [API docs]({{< relref "doc/developers/api-usage.en-us.md" >}})
+[Swagger](https://swagger.io/) is what Gitea uses for its API documentation.

-[Swagger Example](https://try.gitea.io/api/swagger)
+All Gitea instances have the built-in API and there is no way to disable it completely.
+You can, however, disable showing its documentation by setting `ENABLE_SWAGGER` to `false` in the `api` section of your `app.ini`.
+For more information, refer to Gitea's [API docs]({{< relref "doc/developers/api-usage.en-us.md" >}}).
+
+You can see the latest API (for example) on <https://try.gitea.io/api/swagger>.

 ## Adjusting your server for public/private use

@ -139,7 +151,8 @@ You can configure `EMAIL_DOMAIN_WHITELIST` or `EMAIL_DOMAIN_BLOCKLIST` in your a

 ### Only allow/block certain OpenID providers

-You can configure `WHITELISTED_URIS` or `BLACKLISTED_URIS` under `[openid]` in your `app.ini`  
+You can configure `WHITELISTED_URIS` or `BLACKLISTED_URIS` under `[openid]` in your `app.ini`
+
 **NOTE:** whitelisted takes precedence, so if it is non-blank then blacklisted is ignored

 ### Issue only users
@ -163,47 +176,58 @@ Use [Fail2Ban]({{< relref "doc/usage/fail2ban-setup.en-us.md" >}}) to monitor an
 Gitea supports three official themes right now, `gitea` (light), `arc-green` (dark), and `auto` (automatically switches between the previous two depending on operating system settings).
 To add your own theme, currently the only way is to provide a complete theme (not just color overrides)

-As an example, let's say our theme is `arc-blue` (this is a real theme, and can be found [in this issue](https://github.com/go-gitea/gitea/issues/6011))  
-Name the `.css` file `theme-arc-blue.css` and add it to your custom folder in `custom/public/css`  
+As an example, let's say our theme is `arc-blue` (this is a real theme, and can be found [in this issue](https://github.com/go-gitea/gitea/issues/6011))
+
+Name the `.css` file `theme-arc-blue.css` and add it to your custom folder in `custom/public/css`
+
 Allow users to use it by adding `arc-blue` to the list of `THEMES` in your `app.ini`

 ## SSHD vs built-in SSH

-SSHD is the built-in SSH server on most Unix systems.  
+SSHD is the built-in SSH server on most Unix systems.
+
 Gitea also provides its own SSH server, for usage when SSHD is not available.

 ## Gitea is running slow

-The most common culprit for this is loading federated avatars.  
-This can be turned off by setting `ENABLE_FEDERATED_AVATAR` to `false` in your `app.ini`  
+The most common culprit for this is loading federated avatars.
+
+This can be turned off by setting `ENABLE_FEDERATED_AVATAR` to `false` in your `app.ini`
+
 Another option that may need to be changed is setting `DISABLE_GRAVATAR` to `true` in your `app.ini`

 ## Can't create repositories/files

-Make sure that Gitea has sufficient permissions to write to its home directory and data directory.  
-See [AppDataPath and RepoRootPath](#where-does-gitea-store-x-file)
+Make sure that Gitea has sufficient permissions to write to its home directory and data directory.
+
+See [AppDataPath and RepoRootPath](#where-does-gitea-store-what-file)

 **Note for Arch users:** At the time of writing this, there is an issue with the Arch package's systemd file including this line:
-`ReadWritePaths=/etc/gitea/app.ini`  
+
+`ReadWritePaths=/etc/gitea/app.ini`
+
 Which makes all other paths non-writeable to Gitea.

 ## Translation is incorrect/how to add more translations

-Our translations are currently crowd-sourced on our [Crowdin project](https://crowdin.com/project/gitea)  
+Our translations are currently crowd-sourced on our [Crowdin project](https://crowdin.com/project/gitea)
+
 Whether you want to change a translation or add a new one, it will need to be there as all translations are overwritten in our CI via the Crowdin integration.

-## Hooks aren't running
+## Push Hook / Webhook aren't running

-If Gitea is not running hooks, a common cause is incorrect setup of SSH keys.  
-See [SSH Issues](#ssh-issues) for more information.
+If you can push but can't see push activities on the home dashboard, or the push doesn't trigger webhook, there are a few possibilities:

-You can also try logging into the administration panel and running the `Resynchronize pre-receive, update and post-receive hooks of all repositories.` option.
+1. The git hooks are out of sync: run "Resynchronize pre-receive, update and post-receive hooks of all repositories" on the site admin panel
+2. The git repositories (and hooks) are stored on some filesystems (ex: mounted by NAS) which don't support script execution, make sure the filesystem supports `chmod a+x any-script`
+3. If you are using docker, make sure Docker Server (not the client) >= 20.10.6

 ## SSH issues

 If you cannot reach repositories over `ssh`, but `https` works fine, consider looking into the following.

-First, make sure you can access Gitea via SSH.  
+First, make sure you can access Gitea via SSH.
+
 `ssh git@myremote.example`

 If the connection is successful, you should receive an error message like the following:
@ -236,7 +260,8 @@ following things:
 - On the server:
  - Make sure the repository exists and is correctly named.
  - Check the permissions of the `.ssh` directory in the system user's home directory.
-  - Verify that the correct public keys are added to `.ssh/authorized_keys`.  
+  - Verify that the correct public keys are added to `.ssh/authorized_keys`.
+
    Try to run `Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys)` on the
    Gitea admin panel.
  - Read Gitea logs.
@ -289,7 +314,8 @@ Check that you have proper access to the repository
 error: failed to push some refs to '<GIT_REPO_URL>'
 ```

-Check the value of `LFS_HTTP_AUTH_EXPIRY` in your `app.ini` file.  
+Check the value of `LFS_HTTP_AUTH_EXPIRY` in your `app.ini` file.
+
 By default, your LFS token will expire after 20 minutes. If you have a slow connection or a large file (or both), it may not finish uploading within the time limit.

 You may want to set this value to `60m` or `120m`.
@ -306,17 +332,21 @@ There is no setting for password resets. It is enabled when a [mail service]({{<

 - As an **admin**, you can change any user's password (and optionally force them to change it on next login)...
  - By navigating to your `Site Administration -> User Accounts` page and editing a user.
-  - By using the [admin CLI commands]({{< relref "doc/usage/command-line.en-us.md#admin" >}}).  
+  - By using the [admin CLI commands]({{< relref "doc/usage/command-line.en-us.md#admin" >}}).
+
    Keep in mind most commands will also need a [global flag]({{< relref "doc/usage/command-line.en-us.md#global-options" >}}) to point the CLI at the correct configuration.
 - As a **user** you can change it...
  - In your account `Settings -> Account` page (this method **requires** you to know your current password).
-  - By using the `Forgot Password` link.  
+  - By using the `Forgot Password` link.
+
    If the `Forgot Password/Account Recovery` page is disabled, please contact your administrator to configure a [mail service]({{< relref "doc/usage/email-setup.en-us.md" >}}).

 ## Why is my markdown broken

-In Gitea version `1.11` we moved to [goldmark](https://github.com/yuin/goldmark) for markdown rendering, which is [CommonMark](https://commonmark.org/) compliant.  
-If you have markdown that worked as you expected prior to version `1.11` and after upgrading it's not working anymore, please look through the CommonMark spec to see whether the problem is due to a bug or non-compliant syntax.  
+In Gitea version `1.11` we moved to [goldmark](https://github.com/yuin/goldmark) for markdown rendering, which is [CommonMark](https://commonmark.org/) compliant.
+
+If you have markdown that worked as you expected prior to version `1.11` and after upgrading it's not working anymore, please look through the CommonMark spec to see whether the problem is due to a bug or non-compliant syntax.
+
 If it is the latter, _usually_ there is a compliant alternative listed in the spec.

 ## Upgrade errors with MySQL
@ -332,8 +362,10 @@ is too small. Gitea requires that the `ROWFORMAT` for its tables is `DYNAMIC`.

 If you are receiving an error line containing `Error 1071: Specified key was too long; max key length is 1000 bytes...`
 then you are attempting to run Gitea on tables which use the ISAM engine. While this may have worked by chance in previous versions of Gitea, it has never been officially supported and
-you must use InnoDB. You should run `ALTER TABLE table_name ENGINE=InnoDB;` for each table in the database.  
+you must use InnoDB. You should run `ALTER TABLE table_name ENGINE=InnoDB;` for each table in the database.
+
 If you are using MySQL 5, another possible fix is
+
 ```mysql
 SET GLOBAL innodb_file_format=Barracuda;
 SET GLOBAL innodb_file_per_table=1;
@ -360,7 +392,9 @@ Gitea requires the system or browser to have one of the supported Emoji fonts in

 Stdout on systemd goes to the journal by default. Try using `journalctl`, `journalctl  -u gitea`, or `journalctl <path-to-gitea-binary>`.

-Similarly stdout on docker can be viewed using `docker logs <container>`
+Similarly, stdout on docker can be viewed using `docker logs <container>`.
+
+To collect logs for help and issue report, see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}}).

 ## Initial logging

@ -381,7 +415,7 @@ unchanged in the database schema. This may lead to warning such as:
 2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync2() [W] Table user Column keep_activity_private db default is , struct default is 0
 ```

-These can safely be ignored but you may able to stop these warnings by getting Gitea to recreate these tables using:
+These can safely be ignored, but you are able to stop these warnings by getting Gitea to recreate these tables using:

 ```
 gitea doctor recreate-table user
@ -403,3 +437,9 @@ gitea doctor recreate-table
 ```

 It is highly recommended to back-up your database before running these commands.
+
+## Why are tabs/indents wrong when viewing files
+
+If you are using Cloudflare, turn off the auto-minify option in the dashboard.
+
+`Speed` -> `Optimization` -> Uncheck `HTML` within the `Auto-Minify` settings.
--- a/docs/content/doc/help/search.de-de.md
+++ b/docs/content/doc/help/search.de-de.md
@ -0,0 +1,18 @@
+---
+date: "2019-11-12T16:00:00+02:00"
+title: "Search"
+slug: "search"
+weight: 4
+toc: false
+draft: false
+sitemap:
+  priority : 0.1
+layout: "search"
+---
+
+
+This file exists solely to respond to /search URL with the related `search` layout template.
+
+No content shown here is rendered, all content is based in the template layouts/doc/search.html
+
+Setting a very low sitemap priority will tell search engines this is not important content.
--- a/docs/content/doc/help/search.en-us.md
+++ b/docs/content/doc/help/search.en-us.md
@ -5,12 +5,6 @@ slug: "search"
 weight: 4
 toc: false
 draft: false
-menu:
-  sidebar:
-    parent: "help"
-    name: "Search"
-    weight: 4
-    identifier: "search"
 sitemap:
  priority : 0.1
 layout: "search"
--- a/docs/content/doc/help/search.fr-fr.md
+++ b/docs/content/doc/help/search.fr-fr.md
@ -5,12 +5,6 @@ slug: "search"
 weight: 4
 toc: false
 draft: false
-menu:
-  sidebar:
-    parent: "help"
-    name: "Chercher"
-    weight: 4
-    identifier: "search"
 sitemap:
  priority : 0.1
 layout: "search"
--- a/docs/content/doc/help/search.nl-nl.md
+++ b/docs/content/doc/help/search.nl-nl.md
@ -0,0 +1,18 @@
+---
+date: "2019-11-12T16:00:00+02:00"
+title: "Search"
+slug: "search"
+weight: 4
+toc: false
+draft: false
+sitemap:
+  priority : 0.1
+layout: "search"
+---
+
+
+This file exists solely to respond to /search URL with the related `search` layout template.
+
+No content shown here is rendered, all content is based in the template layouts/doc/search.html
+
+Setting a very low sitemap priority will tell search engines this is not important content.
--- a/docs/content/doc/help/search.pt-br.md
+++ b/docs/content/doc/help/search.pt-br.md
@ -0,0 +1,18 @@
+---
+date: "2019-11-12T16:00:00+02:00"
+title: "Search"
+slug: "search"
+weight: 4
+toc: false
+draft: false
+sitemap:
+  priority : 0.1
+layout: "search"
+---
+
+
+This file exists solely to respond to /search URL with the related `search` layout template.
+
+No content shown here is rendered, all content is based in the template layouts/doc/search.html
+
+Setting a very low sitemap priority will tell search engines this is not important content.
--- a/docs/content/doc/help/search.zh-cn.md
+++ b/docs/content/doc/help/search.zh-cn.md
@ -5,12 +5,6 @@ slug: "search"
 weight: 4
 toc: false
 draft: false
-menu:
-  sidebar:
-    parent: "help"
-    name: "搜索"
-    weight: 4
-    identifier: "search"
 sitemap:
  priority : 0.1
 layout: "search"
--- a/docs/content/doc/help/search.zh-tw.md
+++ b/docs/content/doc/help/search.zh-tw.md
@ -5,12 +5,6 @@ slug: "search"
 weight: 4
 toc: false
 draft: false
-menu:
-  sidebar:
-    parent: "help"
-    name: "搜尋"
-    weight: 4
-    identifier: "search"
 sitemap:
  priority : 0.1
 layout: "search"
--- a/docs/content/doc/help/seek-help.en-us.md
+++ b/docs/content/doc/help/seek-help.en-us.md
@ -20,20 +20,43 @@ menu:

 **NOTE:** When asking for support, it may be a good idea to have the following available so that the person helping has all the info they need:

-1. Your `app.ini` (with any sensitive data scrubbed as necessary)
-2. The `gitea.log` (and any other appropriate log files for the situation)
-    * e.g. If the error is related to the database, the `xorm.log` might be helpful
-3. Any error messages you are seeing
+1. Your `app.ini` (with any sensitive data scrubbed as necessary).
+2. The Gitea logs, and any other appropriate log files for the situation.
+    - When using systemd, use `journalctl --lines 1000 --unit gitea` to collect logs.
+    - When using docker, use `docker logs --tail 1000 <gitea-container>` to collect logs.
+    - By default, the logs are outputted to console. If you need to collect logs from files,
+      you could copy the following config into your `app.ini` (remove all other `[log]` sections),
+      then you can find the `*.log` files in Gitea's log directory (default: `%(GITEA_WORK_DIR)/log`).
+
+    ```ini
+    ; To show all SQL logs, you can also set LOG_SQL=true in the [database] section
+    [log]
+    LEVEL=debug
+    MODE=console,file
+    ROUTER=console,file
+    XORM=console,file
+    ENABLE_XORM_LOG=true
+    FILE_NAME=gitea.log
+    [log.file.router]
+    FILE_NAME=router.log
+    [log.file.xorm]
+    FILE_NAME=xorm.log
+    ```
+
+3. Any error messages you are seeing.
 4. When possible, try to replicate the issue on [try.gitea.io](https://try.gitea.io) and include steps so that others can reproduce the issue.
-    * This will greatly improve the chance that the root of the issue can be quickly discovered and resolved.
+    - This will greatly improve the chance that the root of the issue can be quickly discovered and resolved.
 5. If you meet slow/hanging/deadlock problems, please report the stack trace when the problem occurs:
    1. Enable pprof in `app.ini` and restart Gitea
-    ```
-    [server]
-    ENABLE_PPROF = true
-    ```
-    2. Trigger the bug, when Gitea gets stuck, use curl or browser to visit: `http://127.0.0.1:6060/debug/pprof/goroutine?debug=1` (IP is `127.0.0.1` and port is `6060`)
-    3. Report the output (the stack trace doesn't contain sensitive data)
+
+        ```ini
+        [server]
+        ENABLE_PPROF = true
+        ```
+
+    2. Trigger the bug, when Gitea gets stuck, use curl or browser to visit: `http://127.0.0.1:6060/debug/pprof/goroutine?debug=1` (IP must be `127.0.0.1` and port must be `6060`).
+    3. If you are using Docker, please use `docker exec -it <container-name> curl "http://127.0.0.1:6060/debug/pprof/goroutine?debug=1"`.
+    4. Report the output (the stack trace doesn't contain sensitive data)

 ## Bugs

--- a/docs/content/doc/help/seek-help.zh-tw.md
+++ b/docs/content/doc/help/seek-help.zh-tw.md
@ -22,10 +22,10 @@ menu:

 1. 您的 `app.ini` (必要時清除掉任何機密資訊)
 2. `gitea.log` (以及任何有關的日誌檔案)
-    * 例：如果錯誤和資料庫相關，提供 `xorm.log` 可能會有幫助
+    - 例：如果錯誤和資料庫相關，提供 `xorm.log` 可能會有幫助
 3. 您看到的任何錯誤訊息
 4. 儘可能地在 [try.gitea.io](https://try.gitea.io) 觸發您的問題並記下步驟，以便其他人能重現那個問題。
-    * 這將讓我們更有機會快速地找出問題的根源並解決它。
+    - 這將讓我們更有機會快速地找出問題的根源並解決它。
 5. 堆棧跟踪，[請參考英文文檔](https://docs.gitea.io/en-us/seek-help/)

 ## 錯誤回報
--- a/docs/content/doc/installation/database-preparation.en-us.md
+++ b/docs/content/doc/installation/database-preparation.en-us.md
@ -27,13 +27,13 @@ Note: All steps below requires that the database engine of your choice is instal

 ## MySQL

-1.  For remote database setup, you will need to make MySQL listen to your IP address. Edit `bind-address` option on `/etc/mysql/my.cnf` on database instance to:
+1. For remote database setup, you will need to make MySQL listen to your IP address. Edit `bind-address` option on `/etc/mysql/my.cnf` on database instance to:

    ```ini
    bind-address = 203.0.113.3
    ```

-2.  On database instance, login to database console as root:
+2. On database instance, login to database console as root:

    ```
    mysql -u root -p
@ -41,7 +41,7 @@ Note: All steps below requires that the database engine of your choice is instal

    Enter the password as prompted.

-3.  Create database user which will be used by Gitea, authenticated by password. This example uses `'gitea'` as password. Please use a secure password for your instance.
+3. Create database user which will be used by Gitea, authenticated by password. This example uses `'gitea'` as password. Please use a secure password for your instance.

    For local database:

@ -61,7 +61,7 @@ Note: All steps below requires that the database engine of your choice is instal

    Replace username and password above as appropriate.

-4.  Create database with UTF-8 charset and collation. Make sure to use `utf8mb4` charset instead of `utf8` as the former supports all Unicode characters (including emojis) beyond _Basic Multilingual Plane_. Also, collation chosen depending on your expected content. When in doubt, use either `unicode_ci` or `general_ci`.
+4. Create database with UTF-8 charset and collation. Make sure to use `utf8mb4` charset instead of `utf8` as the former supports all Unicode characters (including emojis) beyond _Basic Multilingual Plane_. Also, collation chosen depending on your expected content. When in doubt, use either `unicode_ci` or `general_ci`.

    ```sql
    CREATE DATABASE giteadb CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';
@ -69,7 +69,7 @@ Note: All steps below requires that the database engine of your choice is instal

    Replace database name as appropriate.

-5.  Grant all privileges on the database to database user created above.
+5. Grant all privileges on the database to database user created above.

    For local database:

@ -85,9 +85,9 @@ Note: All steps below requires that the database engine of your choice is instal
    FLUSH PRIVILEGES;
    ```

-6.  Quit from database console by `exit`.
+6. Quit from database console by `exit`.

-7.  On your Gitea server, test connection to the database:
+7. On your Gitea server, test connection to the database:

    ```
    mysql -u gitea -h 203.0.113.3 -p giteadb
@ -99,13 +99,13 @@ Note: All steps below requires that the database engine of your choice is instal

 ## PostgreSQL

-1.  For remote database setup, configure PostgreSQL on database instance to listen to your IP address by editing `listen_addresses` on `postgresql.conf` to:
+1. For remote database setup, configure PostgreSQL on database instance to listen to your IP address by editing `listen_addresses` on `postgresql.conf` to:

    ```ini
    listen_addresses = 'localhost, 203.0.113.3'
    ```

-2.  PostgreSQL uses `md5` challenge-response encryption scheme for password authentication by default. Nowadays this scheme is not considered secure anymore. Use SCRAM-SHA-256 scheme instead by editing the `postgresql.conf` configuration file on the database server to:
+2. PostgreSQL uses `md5` challenge-response encryption scheme for password authentication by default. Nowadays this scheme is not considered secure anymore. Use SCRAM-SHA-256 scheme instead by editing the `postgresql.conf` configuration file on the database server to:

    ```ini
    password_encryption = scram-sha-256
@ -113,13 +113,13 @@ Note: All steps below requires that the database engine of your choice is instal

    Restart PostgreSQL to apply the setting.

-3.  On the database server, login to the database console as superuser:
+3. On the database server, login to the database console as superuser:

    ```
    su -c "psql" - postgres
    ```

-4.  Create database user (role in PostgreSQL terms) with login privilege and password. Please use a secure, strong password instead of `'gitea'` below:
+4. Create database user (role in PostgreSQL terms) with login privilege and password. Please use a secure, strong password instead of `'gitea'` below:

    ```sql
    CREATE ROLE gitea WITH LOGIN PASSWORD 'gitea';
@ -127,7 +127,7 @@ Note: All steps below requires that the database engine of your choice is instal

    Replace username and password as appropriate.

-5.  Create database with UTF-8 charset and owned by the database user created earlier. Any `libc` collations can be specified with `LC_COLLATE` and `LC_CTYPE` parameter, depending on expected content:
+5. Create database with UTF-8 charset and owned by the database user created earlier. Any `libc` collations can be specified with `LC_COLLATE` and `LC_CTYPE` parameter, depending on expected content:

    ```sql
    CREATE DATABASE giteadb WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
@ -135,7 +135,7 @@ Note: All steps below requires that the database engine of your choice is instal

    Replace database name as appropriate.

-6.  Allow the database user to access the database created above by adding the following authentication rule to `pg_hba.conf`.
+6. Allow the database user to access the database created above by adding the following authentication rule to `pg_hba.conf`.

    For local database:

@ -155,7 +155,7 @@ Note: All steps below requires that the database engine of your choice is instal

    Restart PostgreSQL to apply new authentication rules.

-7.  On your Gitea server, test connection to the database.
+7. On your Gitea server, test connection to the database.

    For local database:

@ -188,13 +188,13 @@ If the communication between Gitea and your database instance is performed throu

 The PostgreSQL driver used by Gitea supports two-way TLS. In two-way TLS, both database client and server authenticate each other by sending their respective certificates to their respective opposite for validation. In other words, the server verifies client certificate, and the client verifies server certificate.

-1.  On the server with the database instance, place the following credentials:
+1. On the server with the database instance, place the following credentials:

    - `/path/to/postgresql.crt`: Database instance certificate
    - `/path/to/postgresql.key`: Database instance private key
    - `/path/to/root.crt`: CA certificate chain to validate client certificates

-2.  Add following options to `postgresql.conf`:
+2. Add following options to `postgresql.conf`:

    ```ini
    ssl = on
@ -204,14 +204,14 @@ The PostgreSQL driver used by Gitea supports two-way TLS. In two-way TLS, both d
    ssl_min_protocol_version = 'TLSv1.2'
    ```

-3.  Adjust credentials ownership and permission, as required by PostgreSQL:
+3. Adjust credentials ownership and permission, as required by PostgreSQL:

    ```
    chown postgres:postgres /path/to/root.crt /path/to/postgresql.crt /path/to/postgresql.key
    chmod 0600 /path/to/root.crt /path/to/postgresql.crt /path/to/postgresql.key
    ```

-4.  Edit `pg_hba.conf` rule to only allow Gitea database user to connect over SSL, and to require client certificate verification.
+4. Edit `pg_hba.conf` rule to only allow Gitea database user to connect over SSL, and to require client certificate verification.

    For PostgreSQL 12:

@ -227,9 +227,9 @@ The PostgreSQL driver used by Gitea supports two-way TLS. In two-way TLS, both d

    Replace database name, user, and IP address of Gitea instance as appropriate.

-5.  Restart PostgreSQL to apply configurations above.
+5. Restart PostgreSQL to apply configurations above.

-6.  On the server running the Gitea instance, place the following credentials under the home directory of the user who runs Gitea (e.g. `git`):
+6. On the server running the Gitea instance, place the following credentials under the home directory of the user who runs Gitea (e.g. `git`):

    - `~/.postgresql/postgresql.crt`: Database client certificate
    - `~/.postgresql/postgresql.key`: Database client private key
@ -237,14 +237,14 @@ The PostgreSQL driver used by Gitea supports two-way TLS. In two-way TLS, both d

    Note: Those file names above are hardcoded in PostgreSQL and it is not possible to change them.

-7.  Adjust credentials, ownership and permission as required:
+7. Adjust credentials, ownership and permission as required:

    ```
    chown git:git ~/.postgresql/postgresql.crt ~/.postgresql/postgresql.key ~/.postgresql/root.crt
    chown 0600 ~/.postgresql/postgresql.crt ~/.postgresql/postgresql.key ~/.postgresql/root.crt
    ```

-8.  Test the connection to the database:
+8. Test the connection to the database:

    ```
    psql "postgres://gitea@example.db/giteadb?sslmode=verify-full"
@ -258,13 +258,13 @@ While the MySQL driver used by Gitea also supports two-way TLS, Gitea currently

 In one-way TLS, the database client verifies the certificate sent from server during the connection handshake, and the server assumes that the connected client is legitimate, since client certificate verification doesn't take place.

-1.  On the database instance, place the following credentials:
+1. On the database instance, place the following credentials:

    - `/path/to/mysql.crt`: Database instance certificate
    - `/path/to/mysql.key`: Database instance key
    - `/path/to/ca.crt`: CA certificate chain. This file isn't used on one-way TLS, but is used to validate client certificates on two-way TLS.

-2.  Add following options to `my.cnf`:
+2. Add following options to `my.cnf`:

    ```ini
    [mysqld]
@ -274,16 +274,16 @@ In one-way TLS, the database client verifies the certificate sent from server du
    tls-version = TLSv1.2,TLSv1.3
    ```

-3.  Adjust credentials ownership and permission:
+3. Adjust credentials ownership and permission:

    ```
    chown mysql:mysql /path/to/ca.crt /path/to/mysql.crt /path/to/mysql.key
    chmod 0600 /path/to/ca.crt /path/to/mysql.crt /path/to/mysql.key
    ```

-4.  Restart MySQL to apply the setting.
+4. Restart MySQL to apply the setting.

-5.  The database user for Gitea may have been created earlier, but it would authenticate only against the IP addresses of the server running Gitea. To authenticate against its domain name, recreate the user, and this time also set it to require TLS for connecting to the database:
+5. The database user for Gitea may have been created earlier, but it would authenticate only against the IP addresses of the server running Gitea. To authenticate against its domain name, recreate the user, and this time also set it to require TLS for connecting to the database:

    ```sql
    DROP USER 'gitea'@'192.0.2.10';
@ -294,9 +294,9 @@ In one-way TLS, the database client verifies the certificate sent from server du

    Replace database user name, password, and Gitea instance domain as appropriate.

-6.  Make sure that the CA certificate chain required to validate the database server certificate is on the system certificate store of both the database and Gitea servers. Consult your system documentation for instructions on adding a CA certificate to the certificate store.
+6. Make sure that the CA certificate chain required to validate the database server certificate is on the system certificate store of both the database and Gitea servers. Consult your system documentation for instructions on adding a CA certificate to the certificate store.

-7.  On the server running Gitea, test connection to the database:
+7. On the server running Gitea, test connection to the database:

    ```
    mysql -u gitea -h example.db -p --ssl
--- a/docs/content/doc/installation/from-binary.en-us.md
+++ b/docs/content/doc/installation/from-binary.en-us.md
@ -24,14 +24,31 @@ embedded assets. This can be different for older releases.

 ## Download

-Choose the file matching the destination platform from the [downloads page](https://dl.gitea.io/gitea/), copy the URL and replace the URL within the commands below:
+You can find the file matching your platform from the [downloads page](https://dl.gitea.io/gitea/) after navigating to the version you want to download.
+
+### Choosing the right file
+
+**For Linux**, you will likely want `linux-amd64`. It's for 64-bit Intel/AMD platforms, but there are other platforms available, including `arm64` (e.g. Raspberry PI 4), `386` (i.e. 32-bit), `arm-5`, and `arm-6`.
+
+**For Windows**, you will likely want `windows-4.0-amd64`. It's for all modern versions of Windows, but there is also a `386` platform available designed for older, 32-bit versions of Windows.
+
+*Note: there is also a `gogit-windows` file available that was created to help with some [performance problems](https://github.com/go-gitea/gitea/pull/15482) reported by some Windows users on older systems/versions. You should consider using this file if you're experiencing performance issues, and let us know if it improves performance.*
+
+**For macOS**, you should choose `darwin-arm64` if your hardware uses Apple Silicon, or `darwin-amd64` for Intel.
+
+### Downloading with wget
+
+Copy the commands below and replace the URL within the one you wish to download.

 ```sh
 wget -O gitea https://dl.gitea.io/gitea/{{< version >}}/gitea-{{< version >}}-linux-amd64
 chmod +x gitea
 ```

+Note that the above command will download Gitea {{< version >}} for 64-bit Linux.
+
 ## Verify GPG signature
+
 Gitea signs all binaries with a [GPG key](https://keys.openpgp.org/search?q=teabot%40gitea.io) to prevent against unwanted modification of binaries.
 To validate the binary, download the signature file which ends in `.asc` for the binary you downloaded and use the GPG command line tool.

@ -56,7 +73,8 @@ Check that Git is installed on the server. If it is not, install it first. Gitea
 git --version
 ```

-Create user to run Gitea (ex. `git`)
+Create a user to run Gitea (e.g. `git`)
+
 ```sh
 adduser \
   --system \
@ -79,29 +97,39 @@ chown root:git /etc/gitea
 chmod 770 /etc/gitea
 ```

-**NOTE:** `/etc/gitea` is temporary set with write rights for user `git` so that Web installer could write configuration file. After installation is done, it is recommended to set rights to read-only using:
-```
-chmod 750 /etc/gitea
-chmod 640 /etc/gitea/app.ini
-```
-If you don't want the web installer to be able to write the config file at all, it is also possible to make the config file read-only for the Gitea user (owner/group `root:git`, mode `0640`), and set `INSTALL_LOCK = true`. In that case all database configuration details must be set beforehand in the config file, as well as the `SECRET_KEY` and `INTERNAL_TOKEN` values. See the [command line documentation]({{< relref "doc/usage/command-line.en-us.md" >}}) for information on using `gitea generate secret INTERNAL_TOKEN`.
+> **NOTE:** `/etc/gitea` is temporarily set with write permissions for user `git` so that the web installer can write the configuration file. After the installation is finished, it is recommended to set permissions to read-only using:
+>
+> ```sh
+> chmod 750 /etc/gitea
+> chmod 640 /etc/gitea/app.ini
+> ```
+
+If you don't want the web installer to be able to write to the config file, it is possible to make the config file read-only for the Gitea user (owner/group `root:git`, mode `0640`) however you will need to edit your config file manually to:
+
+* Set `INSTALL_LOCK= true`,
+* Ensure all database configuration details are set correctly
+* Ensure that the `SECRET_KEY` and `INTERNAL_TOKEN` values are set. (You may want to use the `gitea generate secret` to generate these secret keys.)
+* Ensure that any other secret keys you need are set.
+
+See the [command line documentation]({{< relref "doc/usage/command-line.en-us.md" >}}) for information on using `gitea generate secret`.

 ### Configure Gitea's working directory

-**NOTE:** If you plan on running Gitea as a Linux service, you can skip this step as the service file allows you to set `WorkingDirectory`. Otherwise, consider setting this environment variable (semi-)permanently so that Gitea consistently uses the correct working directory.
-```
+**NOTE:** If you plan on running Gitea as a Linux service, you can skip this step, as the service file allows you to set `WorkingDirectory`. Otherwise, consider setting this environment variable (semi-)permanently so that Gitea consistently uses the correct working directory.
+
+```sh
 export GITEA_WORK_DIR=/var/lib/gitea/
 ```

-### Copy Gitea binary to global location
+### Copy the Gitea binary to a global location

-```
+```sh
 cp gitea /usr/local/bin/gitea
 ```

 ## Running Gitea

-After the above steps, two options to run Gitea are:
+After you complete the above steps, you can run Gitea two ways:

 ### 1. Creating a service file to start Gitea automatically (recommended)

@ -109,32 +137,31 @@ See how to create [Linux service]({{< relref "run-as-service-in-ubuntu.en-us.md"

 ### 2. Running from command-line/terminal

-```
+```sh
 GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini
 ```

 ## Updating to a new version

 You can update to a new version of Gitea by stopping Gitea, replacing the binary at `/usr/local/bin/gitea` and restarting the instance.
-The binary file name should not be changed during the update to avoid problems
-in existing repositories.
+The binary file name should not be changed during the update to avoid problems in existing repositories.

-It is recommended you do a [backup]({{< relref "doc/usage/backup-and-restore.en-us.md" >}}) before updating your installation.
+It is recommended that you make a [backup]({{< relref "doc/usage/backup-and-restore.en-us.md" >}}) before updating your installation.

 If you have carried out the installation steps as described above, the binary should
 have the generic name `gitea`. Do not change this, i.e. to include the version number.

 ### 1. Restarting Gitea with systemd (recommended)

-As explained before, we recommend to use systemd as service manager. In this case ```systemctl restart gitea``` should be enough.
+As we explained before, we recommend to use systemd as the service manager. In this case, `systemctl restart gitea` should be fine.

 ### 2. Restarting Gitea without systemd

-To restart your Gitea instance, we recommend to use SIGHUP signal. If you know your Gitea PID use ```kill -1 $GITEA_PID``` otherwise you can use ```killall -1 gitea``` or ```pkill -1 gitea```
+To restart your Gitea instance, we recommend to use SIGHUP signal. If you know your Gitea PID, use `kill -1 $GITEA_PID`, otherwise you can use `killall -1 gitea`.

-To gracefully stop the Gitea instance, a simple ```kill $GITEA_PID``` or ```killall gitea``` is enough.
+To gracefully stop the Gitea instance, a simple `kill $GITEA_PID` or `killall gitea` is enough.

-**NOTE:** We don't recommend to use SIGKILL signal (know also as `-9`), you may be forcefully stopping some of Gitea internal tasks and it will not gracefully stop (tasks in queues, indexers processes, etc.)
+**NOTE:** We don't recommend to use the SIGKILL signal (`-9`); you may be forcefully stopping some of Gitea's internal tasks, and it will not gracefully stop (tasks in queues, indexers, etc.)

 See below for troubleshooting instructions to repair broken repositories after
 an update of your Gitea version.
@ -144,31 +171,31 @@ an update of your Gitea version.
 ### Old glibc versions

 Older Linux distributions (such as Debian 7 and CentOS 6) may not be able to load the
-Gitea binary, usually producing an error such as ```./gitea: /lib/x86_64-linux-gnu/libc.so.6:
-version `GLIBC\_2.14' not found (required by ./gitea)```. This is due to the integrated
+Gitea binary, usually producing an error such as `./gitea: /lib/x86_64-linux-gnu/libc.so.6:
+version 'GLIBC\_2.14' not found (required by ./gitea)`. This is due to the integrated
 SQLite support in the binaries provided by dl.gitea.io. In this situation, it is usually
-possible to [install from source]({{< relref "from-source.en-us.md" >}}) without SQLite
-support.
+possible to [install from source]({{< relref "from-source.en-us.md" >}}), without including
+SQLite support.

 ### Running Gitea on another port

 For errors like `702 runWeb()] [E] Failed to start server: listen tcp 0.0.0.0:3000:
-bind: address already in use` Gitea needs to be started on another free port. This
+bind: address already in use`, Gitea needs to be started on another free port. This
 is possible using `./gitea web -p $PORT`. It's possible another instance of Gitea
 is already running.

 ### Running Gitea on Raspbian

-As of v1.8, there is a problem with the arm7 version of Gitea and it doesn't run on Raspberry Pi and similar devices.
+As of v1.8, there is a problem with the arm7 version of Gitea, and it doesn't run on Raspberry Pis and similar devices.

-It is therefore recommended to switch to the arm6 version which has been tested and shown to work on Raspberry Pi and similar devices.
+It is recommended to switch to the arm6 version, which has been tested and shown to work on Raspberry Pis and similar devices.

 <!---
 please remove after fixing the arm7 bug
 --->
 ### Git error after updating to a new version of Gitea

-If the binary file name has been changed during the update to a new version of Gitea,
+If during the update, the binary file name has been changed to a new version of Gitea,
 Git Hooks in existing repositories will not work any more. In that case, a Git
 error will be displayed when pushing to the repository.

@ -181,9 +208,9 @@ binary.

 To solve this, go to the admin options and run the task `Resynchronize pre-receive,
 update and post-receive hooks of all repositories` to update all hooks to contain
-the new binary path. Please note that this overwrite all Git Hooks including ones
+the new binary path. Please note that this overwrites all Git Hooks, including ones
 with customizations made.

-If you aren't using the built-in to Gitea SSH server you will also need to re-write
+If you aren't using the Gitea built-in SSH server, you will also need to re-write
 the authorized key file by running the `Update the '.ssh/authorized_keys' file with
 Gitea SSH keys.` task in the admin options.
--- a/docs/content/doc/installation/from-package.en-us.md
+++ b/docs/content/doc/installation/from-package.en-us.md
@ -47,13 +47,13 @@ pacman -S gitea

 There is a [Gitea Snap](https://snapcraft.io/gitea) package which follows the latest stable version.

-``sh
+```sh
 snap install gitea
-``
+```

 ## SUSE and openSUSE

-OpenSUSE build service provides packages for [openSUSE and SLE](https://software.opensuse.org/download/package?package=gitea&project=devel%3Atools%3Ascm) 
+OpenSUSE build service provides packages for [openSUSE and SLE](https://software.opensuse.org/download/package?package=gitea&project=devel%3Atools%3Ascm)
 in the Development Software Configuration Management Repository

 ## Windows
--- a/docs/content/doc/installation/from-package.zh-cn.md
+++ b/docs/content/doc/installation/from-package.zh-cn.md
@ -71,7 +71,7 @@ choco install gitea
 macOS 平台下当前我们仅支持通过 `brew` 来安装。如果你没有安装 [Homebrew](http://brew.sh/)，你也可以查看 [从二进制安装]({{< relref "from-binary.zh-cn.md" >}})。在你安装了 `brew` 之后， 你可以执行以下命令：

 ```
-brew tap go-gitea/gitea
+brew tap gitea/tap https://gitea.com/gitea/homebrew-gitea
 brew install gitea
 ```

--- a/docs/content/doc/installation/from-source.en-us.md
+++ b/docs/content/doc/installation/from-source.en-us.md
@ -101,7 +101,7 @@ Depending on requirements, the following build tags can be included.
 - `pam`: Enable support for PAM (Linux Pluggable Authentication Modules). Can
  be used to authenticate local users or extend authentication to methods
  available to PAM.
-* `gogit`: (EXPERIMENTAL) Use go-git variants of Git commands.
+- `gogit`: (EXPERIMENTAL) Use go-git variants of Git commands.

 Bundling assets into the binary using the `bindata` build tag is recommended for
 production deployments. It is possible to serve the static assets directly via a reverse proxy,
--- a/docs/content/doc/installation/from-source.fr-fr.md
+++ b/docs/content/doc/installation/from-source.fr-fr.md
@ -30,7 +30,6 @@ cd $GOPATH/src/code.gitea.io/gitea

 Maintenant, il est temps de décider quelle version de Gitea vous souhaitez compiler et installer. Actuellement, ils existent plusieurs options possibles. Si vous voulez compiler notre branche `master`, vous pouvez directement passer à la [section compilation](#compilation), cette branche représente la dernière version en cours de développement et n'a pas vocation à être utiliser en production.

-
 Si vous souhaitez compiler la dernière version stable, utilisez les étiquettes ou les différentes branches disponibles. Vous pouvez voir les branches disponibles et comment utiliser cette branche avec ces commandes:

 ```
--- a/Show more
+++ b/Show more