fix yaml indentation

Also group branches into categories as the F3 branch is motivated
because it contributes to federation.

Signed-off-by: Loïc Dachary <loic@dachary.org>

.dockerignore

@@ -0,0 +1,114 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# IntelliJ
+.idea
+# Goland's output filename can not be set manually
+/go_build_*
+
+# MS VSCode
+.vscode
+__debug_bin
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+
+*coverage.out
+coverage.all
+cpu.out
+
+/modules/migration/bindata.go
+/modules/migration/bindata.go.hash
+/modules/options/bindata.go
+/modules/options/bindata.go.hash
+/modules/public/bindata.go
+/modules/public/bindata.go.hash
+/modules/templates/bindata.go
+/modules/templates/bindata.go.hash
+
+*.db
+*.log
+
+/gitea
+/gitea-vet
+/debug
+/integrations.test
+
+/bin
+/dist
+/custom/*
+!/custom/conf
+/custom/conf/*
+!/custom/conf/app.example.ini
+/data
+/indexers
+/log
+/public/img/avatar
+/tests/integration/gitea-integration-*
+/tests/integration/indexers-*
+/tests/e2e/gitea-e2e-*
+/tests/e2e/indexers-*
+/tests/e2e/reports
+/tests/e2e/test-artifacts
+/tests/e2e/test-snapshots
+/tests/*.ini
+/node_modules
+/yarn.lock
+/yarn-error.log
+/npm-debug.log*
+/public/js
+/public/serviceworker.js
+/public/css
+/public/fonts
+/public/img/webpack
+/vendor
+/web_src/fomantic/node_modules
+/web_src/fomantic/build/*
+!/web_src/fomantic/build/semantic.js
+!/web_src/fomantic/build/semantic.css
+!/web_src/fomantic/build/themes
+/web_src/fomantic/build/themes/*
+!/web_src/fomantic/build/themes/default
+/web_src/fomantic/build/themes/default/assets/*
+!/web_src/fomantic/build/themes/default/assets/fonts
+/web_src/fomantic/build/themes/default/assets/fonts/*
+!/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2
+!/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
+/VERSION
+/.air
+/.go-licenses
+
+# Snapcraft
+snap/.snapcraft/
+parts/
+stage/
+prime/
+*.snap
+*.snap-build
+*_source.tar.bz2
+.DS_Store
+
+# Make evidence files
+/.make_evidence
+
+# Manpage
+/man

.drone.yml

@@ -39,16 +39,6 @@ steps:
       - make lint-frontend
     depends_on: [deps-frontend]
 
-  - name: security-check
-    image: golang:1.19
-    pull: always
-    commands:
-      - make security-check
-    depends_on: [deps-backend]
-    volumes:
-      - name: deps
-        path: /go
-
   - name: lint-backend
     image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
     pull: always
@@ -561,7 +551,7 @@ steps:
 
   # TODO: We should probably build all dependencies into a test image
   - name: test-e2e
-    image: mcr.microsoft.com/playwright:v1.27.1-focal
+    image: mcr.microsoft.com/playwright:v1.28.0-focal
     commands:
       - curl -sLO https://go.dev/dl/go1.19.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.19.linux-amd64.tar.gz
       - groupadd --gid 1001 gitea && useradd -m --gid 1001 --uid 1001 gitea
@@ -610,7 +600,7 @@ steps:
         from_secret: crowdin_key
 
   - name: update
-    image: alpine:3.13
+    image: alpine:3.17
     pull: always
     commands:
       - ./build/update-locales.sh

.eslintrc.yaml

@@ -199,7 +199,7 @@ rules:
   newline-per-chained-call: [0]
   no-alert: [0]
   no-array-constructor: [2]
-  no-async-promise-executor: [2]
+  no-async-promise-executor: [0]
   no-await-in-loop: [0]
   no-bitwise: [0]
   no-buffer-constructor: [0]
@@ -229,6 +229,7 @@ rules:
   no-empty-character-class: [2]
   no-empty-function: [0]
   no-empty-pattern: [2]
+  no-empty-static-block: [2]
   no-empty: [2, {allowEmptyCatch: true}]
   no-eq-null: [2]
   no-eval: [2]
@@ -269,6 +270,7 @@ rules:
   no-negated-condition: [0]
   no-nested-ternary: [0]
   no-new-func: [2]
+  no-new-native-nonconstructor: [2]
   no-new-object: [2]
   no-new-symbol: [2]
   no-new-wrappers: [2]
@@ -443,6 +445,7 @@ rules:
   unicorn/no-invalid-remove-event-listener: [2]
   unicorn/no-keyword-prefix: [0]
   unicorn/no-lonely-if: [2]
+  unicorn/no-negated-condition: [0]
   unicorn/no-nested-ternary: [0]
   unicorn/no-new-array: [0]
   unicorn/no-new-buffer: [0]
@@ -453,6 +456,7 @@ rules:
   unicorn/no-static-only-class: [2]
   unicorn/no-thenable: [2]
   unicorn/no-this-assignment: [2]
+  unicorn/no-typeof-undefined: [2]
   unicorn/no-unnecessary-await: [2]
   unicorn/no-unreadable-array-destructuring: [0]
   unicorn/no-unreadable-iife: [2]
@@ -503,6 +507,7 @@ rules:
   unicorn/prefer-regexp-test: [2]
   unicorn/prefer-replace-all: [0]
   unicorn/prefer-set-has: [0]
+  unicorn/prefer-set-size: [2]
   unicorn/prefer-spread: [0]
   unicorn/prefer-starts-ends-with: [2]
   unicorn/prefer-string-slice: [0]

.gitea/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,53 @@
+---
+name: "Bug Report"
+about: "Found something you weren't expecting? Report it here!"
+title: "[BUG] "
+---
+<!--
+NOTE: If your issue is a security concern, please email security@forgejo.org (GPG: A4676E79) instead of opening a public issue.
+
+1. Please speak English, as this is the language all maintainers can
+   speak and write.
+
+2. Please ask questions or troubleshoot configuration/deploy problems
+   in our Matrix space (https://matrix.to/#/#forgejo:matrix.org).
+
+3. Please make sure you are using the latest release of Forgejo and
+   take a moment to check that your issue hasn't been reported before.
+
+4. Please give all relevant information below for bug reports, because
+   incomplete details will be handled as an invalid report.
+
+5. If you are using a proxy or a CDN (e.g. CloudFlare) in front of
+   Forgejo, please disable the proxy/CDN fully and connect to Forgejo
+   directly to confirm the issue still persists without those services.
+-->
+
+- Forgejo version (or commit ref):
+- Git version:
+- Operating system:
+- Database (use `[x]`):
+  - [ ] PostgreSQL
+  - [ ] MySQL
+  - [ ] MSSQL
+  - [ ] SQLite
+- How are you running Forgejo?
+<!--
+Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
+Please also tell us how you are running Forgejo, e.g. if it is being run from docker, a command-line, systemd etc.
+If you are using a package or systemd tell us what distribution you are using.
+-->
+
+## Description
+<!-- Please describe the issue you are having as clearly and succinctly as possible. -->
+
+## Logs
+<!--
+It is really important to provide pertinent logs. We need DEBUG level logs.
+Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
+In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of `app.ini`.
+Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden.
+-->
+
+## Screenshots
+<!-- If this issue involves the Web Interface, please provide one or more screenshots -->

.gitea/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,21 @@
+---
+name: "Feature Request"
+about: "Got an idea for a feature that Forgejo doesn't have yet? Submit it here!"
+title: "[FEAT] "
+---
+<!--
+1. Please speak English, as this is the language all maintainers can
+   speak and write.
+
+2. Please ask questions or troubleshoot configuration/deploy problems
+   in our Matrix space (https://matrix.to/#/#forgejo:matrix.org).
+
+3. Please make sure you are using the latest release of Forgejo and
+   take a moment to check that your feature hasn't already been suggested.
+-->
+
+## Feature Description
+<!-- Please describe the feature you would like to see added as clearly and succinctly as possible. -->
+
+## Screenshots
+<!-- If you can, provide screenshots of an implementation on another site, e.g. GitHub. -->

.gitea/issue_template.md

@@ -1,42 +0,0 @@
-<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
-
-<!--
-    1. Please speak English, this is the language all maintainers can speak and write.
-    2. Please ask questions or configuration/deploy problems on our Discord
-       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-    3. Please take a moment to check that your issue doesn't already exist.
-    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-    5. Please give all relevant information below for bug reports, because
-       incomplete details will be handled as an invalid report.
--->
-
-- Gitea version (or commit ref):
-- Git version:
-- Operating system:
-  <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package -->
-  <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. --->
-  <!-- If you are using a package or systemd tell us what distribution you are using -->
-- Database (use `[x]`):
-  - [ ] PostgreSQL
-  - [ ] MySQL
-  - [ ] MSSQL
-  - [ ] SQLite
-- Can you reproduce the bug at https://try.gitea.io:
-  - [ ] Yes (provide example URL)
-  - [ ] No
-- Log gist:
-<!-- It really is important to provide pertinent logs -->
-<!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems -->
-<!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->
-
-## Description
-<!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please
-     disable the proxy/CDN fully and connect to gitea directly to confirm
-     the issue still persists without those services. -->
-
-...
-
-
-## Screenshots
-
-<!-- **If this issue involves the Web Interface, please include a screenshot** -->

.gitea/pull_request_template.md

@@ -0,0 +1,4 @@
+<!--
+Before submitting a PR, please read the contributing guidelines:
+https://codeberg.org/forgejo/forgejo/src/branch/main/CONTRIBUTING.md
+-->

.github/FUNDING.yml

@@ -1,2 +0,0 @@
-open_collective: gitea
-custom: https://www.bountysource.com/teams/gitea

.github/ISSUE_TEMPLATE/bug-report.yaml

@@ -1,94 +0,0 @@
-name: Bug Report
-description: Found something you weren't expecting? Report it here!
-labels: kind/bug
-body:
-- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
-- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Make sure you are using the latest release and
-         take a moment to check that your issue hasn't been reported before.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
-         Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-         In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
-- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
-- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) of your instance
-  validations:
-    required: true
-- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
-- type: markdown
-  attributes:
-    value: |
-      It's really important to provide pertinent logs
-      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
-- type: input
-  id: logs
-  attributes:
-    label: Log Gist
-    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
-- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If this issue involves the Web Interface, please provide one or more screenshots
-- type: input
-  id: git-ver
-  attributes:
-    label: Git Version
-    description: The version of git running on the server
-- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to run Gitea
-- type: textarea
-  id: run-info
-  attributes:
-    label: How are you running Gitea?
-    description: |
-      Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
-      Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
-      If you are using a package or systemd tell us what distribution you are using
-  validations:
-    required: true
-- type: dropdown
-  id: database
-  attributes:
-    label: Database
-    description: What database system are you running?
-    options:
-    - PostgreSQL
-    - MySQL
-    - MSSQL
-    - SQLite

.github/ISSUE_TEMPLATE/config.yml

@@ -1,17 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Security Concern
-    url: https://tinyurl.com/security-gitea
-    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
-  - name: Discord Server
-    url: https://discord.gg/Gitea
-    about: Please ask questions and discuss configuration or deployment problems here.
-  - name: Discourse Forum
-    url: https://discourse.gitea.io
-    about: Questions and configuration or deployment problems can also be discussed on our forum.    
-  - name: Frequently Asked Questions
-    url: https://docs.gitea.io/en-us/faq
-    about: Please check if your question isn't mentioned here.
-  - name: Crowdin Translations
-    url: https://crowdin.com/project/gitea
-    about: Translations are managed here.

.github/ISSUE_TEMPLATE/feature-request.yaml

@@ -1,24 +0,0 @@
-name: Feature Request
-description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-labels: ["kind/feature", "kind/proposal"]
-body:
-- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your feature hasn't already been suggested.
-- type: textarea
-  id: description
-  attributes:
-    label: Feature Description
-    placeholder: |
-      I think it would be great if Gitea had...
-  validations:
-    required: true
-- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If you can, provide screenshots of an implementation on another site e.g. GitHub

.github/ISSUE_TEMPLATE/ui.bug-report.yaml

@@ -1,66 +0,0 @@
-name: Web Interface Bug Report
-description: Something doesn't look quite as it should?  Report it here!
-labels: ["kind/bug", "kind/ui"]
-body:
-- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
-- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your issue doesn't already exist.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
-         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-         DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
-- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
-- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: Please provide at least 1 screenshot showing the issue.
-  validations:
-    required: true
-- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) your instance is running
-  validations:
-    required: true
-- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
-- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to access Gitea
-- type: input
-  id: browser-ver
-  attributes:
-    label: Browser Version
-    description: The browser and version that you are using to access Gitea
-  validations:
-    required: true

.github/lock.yml

@@ -1,23 +0,0 @@
-# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
-
-# Number of days of inactivity before a closed issue or pull request is locked
-daysUntilLock: 60
-
-# Skip issues and pull requests created before a given timestamp. Timestamp must
-# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
-skipCreatedBefore: false
-
-# Issues and pull requests with these labels will be ignored.
-exemptLabels: []
-
-# Label to add before locking, such as `outdated`. `false` is disabled
-lockLabel: false
-
-# Comment to post before locking.
-lockComment: >
-  This thread has been automatically locked since there has not been
-  any recent activity after it was closed. Please open a new issue for
-  related bugs and link to relevant comments in this thread.
-
-# Assign `resolved` as the reason for locking. Set to `false` to disable
-setLockReason: true

.github/pull_request_template.md

@@ -1,9 +0,0 @@
-<!--
-
-Please check the following:
-
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
-2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
-3. Describe what your pull request does and which issue you're targeting (if any)
-
--->  

.github/stale.yml

@@ -1,54 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 60
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 14
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - status/blocked 
-  - kind/security 
-  - lgtm/done
-  - reviewed/confirmed
-  - priority/critical
-  - kind/proposal
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Comment to post when marking as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had recent activity. 
-  I am here to help clear issues left open even if solved or waiting for more insight.
-  This issue will be closed if no further activity occurs during the next 2 weeks.
-  If the issue is still valid just add a comment to keep it alive.
-  Thank you for your contributions.
-
-# Comment to post when closing a stale Issue or Pull Request.
-closeComment: >
-  This issue has been automatically closed because of inactivity.
-  You can re-open it if needed.
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 1
-
-# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
-pulls:
-  daysUntilStale: 60
-  daysUntilClose: 60
-  markComment: >
-    This pull request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you
-    for your contributions.
-  closeComment: >
-    This pull request has been automatically closed because of inactivity.
-    You can re-open it if needed.

.stylelintrc.yaml

@@ -1,8 +1,19 @@
 extends: stylelint-config-standard
 
+plugins:
+  - stylelint-declaration-strict-value
+
 overrides:
   - files: ["**/*.less"]
     customSyntax: postcss-less
+  - files: ["**/*.less"]
+    rules:
+      scale-unlimited/declaration-strict-value: [color, {
+        ignoreValues: /^(inherit|transparent|unset|initial)$/
+      }]
+  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console/*"]
+    rules:
+      scale-unlimited/declaration-strict-value: null
 
 rules:
   alpha-value-notation: null

.woodpecker/compliance.yml

@@ -0,0 +1,32 @@
+platform: linux/amd64
+
+workspace:
+  base: /go
+  path: src/codeberg/gitea
+
+pipeline:
+  deps-backend:
+    image: golang:1.19
+    pull: true
+    commands:
+    - make deps-backend
+
+  security-check:
+    image: golang:1.19
+    pull: true
+    commands:
+    - make security-check
+
+  lint-backend:
+    image: gitea/test_env:linux-amd64
+    pull: true
+    environment:
+    - TAGS=bindata sqlite sqlite_unlock_notify
+    - GOSUMDB=sum.golang.org
+    commands:
+    - make lint-backend
+
+  checks-backend:
+    image: golang:1.19
+    commands:
+    - make --always-make checks-backend

.woodpecker/docker-linux-amd64-release-version.yml

@@ -0,0 +1,28 @@
+platform: linux/amd64
+
+depends_on:
+- testing-amd64
+
+pipeline:
+  fetch-tags:
+    image: docker:git
+    pull: true
+    commands:
+     - git config --add safe.directory '*'
+     - git fetch --tags --force
+
+  publish:
+    image: woodpeckerci/plugin-docker-buildx
+    pull: true
+    settings:
+      platforms: linux/amd64
+      registry:
+        from_secret: domain
+      tag: ${CI_COMMIT_TAG##v}
+      repo: ${CI_REPO_LINK##https://}
+      password:
+        from_secret: releaseteamtoken
+      username:
+        from_secret: releaseteamuser
+    when:
+      event: tag

.woodpecker/release-version.yml

@@ -0,0 +1,65 @@
+platform: linux/amd64
+
+depends_on:
+- testing-amd64
+
+workspace:
+  base: /source
+  path: /
+
+pipeline:
+  fetch-tags:
+    image: docker:git
+    pull: true
+    commands:
+     - git config --add safe.directory '*'
+     - git fetch --tags --force
+
+  deps-frontend:
+    image: node:18
+    pull: true
+    commands:
+      - make deps-frontend
+
+  deps-backend:
+    image: golang:1.19
+    pull: true
+    commands:
+     - make deps-backend
+
+  static:
+    image: techknowlogick/xgo:go-1.19.x
+    pull: true
+    commands:
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
+      - export PATH=$PATH:$GOPATH/bin
+      - make CI=true LINUX_ARCHS=linux/amd64,linux/arm64 release
+    environment:
+      TAGS: bindata sqlite sqlite_unlock_notify
+      DEBIAN_FRONTEND: noninteractive
+
+  gpg-sign:
+    image: plugins/gpgsign:1
+    pull: true
+    settings:
+      detach_sign: true
+      excludes:
+        - "dist/release/*.sha256"
+      files:
+        - "dist/release/*"
+      key:
+        from_secret: releaseteamgpg
+
+  release:
+    image: golang:1.19
+    commands:
+    - curl -sL https://dl.gitea.io/tea/0.9.0/tea-0.9.0-linux-amd64 > /bin/tea && chmod +x /bin/tea
+    - REMOTE=$(echo $CI_REPO_LINK | sed -e 's|.*://||' -e 's|/.*||')
+    - GITEA_SERVER_URL=$CI_REPO_LINK GITEA_SERVER_TOKEN=$RELEASETEAMTOKEN tea login add --name $RELEASETEAMUSER --url $REMOTE
+    - ASSETS=$(ls dist/release/* | sed -e 's/^/-a /')
+    - tea release create $ASSETS --tag $CI_COMMIT_TAG --title $CI_COMMIT_TAG
+    when:
+      event: tag
+    secrets:
+      - releaseteamtoken
+      - releaseteamuser

.woodpecker/testing-amd64.yml

@@ -0,0 +1,63 @@
+platform: linux/amd64
+
+depends_on:
+- compliance
+
+workspace:
+  base: /go
+  path: src/codeberg/gitea
+
+pipeline:
+  fetch-tags:
+    image: docker:git
+    pull: true
+    commands:
+    - git config --add safe.directory '*'
+    - git fetch --tags --force
+
+  deps-backend:
+    image: golang:1.19
+    pull: true
+    commands:
+    - make deps-backend
+
+  tag-pre-condition:
+    image: drone/git
+    pull: true
+    commands:
+    - git update-ref refs/heads/tag_test ${CI_COMMIT_SHA}
+
+  prepare-test-env:
+    image: gitea/test_env:linux-amd64
+    pull: true
+    commands:
+    - ./build/test-env-prepare.sh
+
+  build:
+    image: gitea/test_env:linux-amd64
+    environment:
+    - GOSUMDB=sum.golang.org
+    - TAGS=bindata sqlite sqlite_unlock_notify
+    commands:
+    - su gitea -c './build/test-env-check.sh'
+    - su gitea -c 'make backend'
+
+  unit-test:
+    image: gitea/test_env:linux-amd64
+    environment:
+    - TAGS=bindata sqlite sqlite_unlock_notify
+    - RACE_ENABLED=true
+    secrets:
+    - github_read_token
+    commands:
+    - su gitea -c 'make unit-test-coverage test-check'
+
+  test-sqlite:
+    image: gitea/test_env:linux-amd64
+    environment:
+    - USE_REPO_TEST_DIR=1
+    - GOPROXY=off
+    - TAGS=bindata gogit sqlite sqlite_unlock_notify
+    - TEST_TAGS=bindata gogit sqlite sqlite_unlock_notify
+    commands:
+    - su gitea -c 'timeout -s ABRT 120m make test-sqlite-migration test-sqlite'

CONTRIBUTING.md

@@ -1,449 +1,23 @@
-# Contribution Guidelines
+# Forgejo Contributor Guide
 
-## Table of Contents
+The Forgejo project is run by a community of people who are expected to follow this guide when cooperating on a simple bug fix as well as when changing the governance. For more information about the project, take a look at [the documentation explaining what Forgejo provides](README.md).
 
-- [Contribution Guidelines](#contribution-guidelines)
-  - [Table of Contents](#table-of-contents)
-  - [Introduction](#introduction)
-  - [Bug reports](#bug-reports)
-  - [Discuss your design](#discuss-your-design)
-  - [Testing redux](#testing-redux)
-  - [Vendoring](#vendoring)
-  - [Translation](#translation)
-  - [Building Gitea](#building-gitea)
-  - [Code review](#code-review)
-  - [Styleguide](#styleguide)
-  - [Design guideline](#design-guideline)
-  - [API v1](#api-v1)
-  - [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco)
-  - [Release Cycle](#release-cycle)
-  - [Maintainers](#maintainers)
-  - [Owners](#owners)
-  - [Versions](#versions)
-  - [Releasing Gitea](#releasing-gitea)
-  - [Copyright](#copyright)
+Sensitive security-related issues should be reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).
 
-## Introduction
+## For everyone involved
 
-This document explains how to contribute changes to the Gitea project.
-It assumes you have followed the
-[installation instructions](https://docs.gitea.io/en-us/).
-Sensitive security-related issues should be reported to
-[security@gitea.io](mailto:security@gitea.io).
+- [Code of Conduct](CONTRIBUTING/COC.md)
+- [Bugs, features, security and others discussions](CONTRIBUTING/DISCUSSIONS.md)
+- [Governance](CONTRIBUTING/GOVERNANCE.md)
+- [Funding](CONTRIBUTING/FUNDING.md)
 
-For configuring IDE or code editor to develop Gitea see [IDE and code editor configuration](contrib/ide/)
+## For contributors
 
-## Bug reports
+- [Developer Certificate of Origin (DCO)](CONTRIBUTING/DCO.md)
+- [Development workflow](CONTRIBUTING/WORKFLOW.md)
 
-Please search the issues on the issue tracker with a variety of keywords
-to ensure your bug is not already reported.
+## For maintainers
 
-If unique, [open an issue](https://github.com/go-gitea/gitea/issues/new)
-and answer the questions so we can understand and reproduce the
-problematic behavior.
+- [Release management](CONTRIBUTING/RELEASE.md)
+- [Secrets](CONTRIBUTING/SECRETS.md)
 
-To show us that the issue you are having is in Gitea itself, please
-write clear, concise instructions so we can reproduce the behavior—
-even if it seems obvious. The more detailed and specific you are,
-the faster we can fix the issue. Check out [How to Report Bugs
-Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).
-
-Please be kind, remember that Gitea comes at no cost to you, and you're
-getting free help.
-
-## Discuss your design
-
-The project welcomes submissions. If you want to change or add something,
-please let everyone know what you're working on—[file an issue](https://github.com/go-gitea/gitea/issues/new)!
-Significant changes must go through the change proposal process
-before they can be accepted. To create a proposal, file an issue with
-your proposed changes documented, and make sure to note in the title
-of the issue that it is a proposal.
-
-This process gives everyone a chance to validate the design, helps
-prevent duplication of effort, and ensures that the idea fits inside
-the goals for the project and tools. It also checks that the design is
-sound before code is written; the code review tool is not the place for
-high-level discussions.
-
-## Testing redux
-
-Before submitting a pull request, run all the tests for the whole tree
-to make sure your changes don't cause regression elsewhere.
-
-Here's how to run the test suite:
-
-- code lint
-
-|                       |                                                                   |
-| :-------------------- | :---------------------------------------------------------------- |
-|``make lint``          | lint everything (not suggest if you only change one type code)    |
-|``make lint-frontend`` | lint frontend files  |
-|``make lint-backend``  | lint backend files   |
-
-- run test code (Suggest run in Linux)
-
-|                                        |                                                  |
-| :------------------------------------- | :----------------------------------------------- |
-|``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](tests/integration) test for SQLite |
-|[More details about integration tests](tests/integration/README.md)  |
-|``make test-e2e-sqlite[\#TestSpecificFileName]``|  run [end-to-end](tests/e2e) test for SQLite |
-|[More details about e2e tests](tests/e2e/README.md)  |
-
-## Vendoring
-
-We manage dependencies via [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance), more details: [go mod](https://go.dev/ref/mod).
-
-Pull requests should only include `go.mod`, `go.sum` updates if they are part of
-the same change, be it a bugfix or a feature addition.
-
-The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
-and must be verified by the reviewers and/or merger to always reference
-an existing upstream commit.
-
-You can find more information on how to get started with it on the [Modules Wiki](https://github.com/golang/go/wiki/Modules).
-
-## Translation
-
-We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
-The only translation that is maintained in this Git repository is
-[`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
-and is synced regularly to Crowdin. Once a translation has reached
-A SATISFACTORY PERCENTAGE it will be synced back into this repo and
-included in the next released version.
-
-## Building Gitea
-
-See the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/).
-
-## Code review
-
-Changes to Gitea must be reviewed before they are accepted—no matter who
-makes the change, even if they are an owner or a maintainer. We use GitHub's
-pull request workflow to do that. And, we also use [LGTM](http://lgtm.co)
-to ensure every PR is reviewed by at least 2 maintainers.
-
-Please try to make your pull request easy to review for us. And, please read
-the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob/261cb0fd089b64002c91e8eddceebf032462ccd6/contributors/guide/pull-requests.md#best-practices-for-faster-reviews)* guide;
-it has lots of useful tips for any project you may want to contribute.
-Some of the key points:
-
-- Make small pull requests. The smaller, the faster to review and the
-  more likely it will be merged soon.
-- Don't make changes unrelated to your PR. Maybe there are typos on
-  some comments, maybe refactoring would be welcome on a function... but
-  if that is not related to your PR, please make *another* PR for that.
-- Split big pull requests into multiple small ones. An incremental change
-  will be faster to review than a huge PR.
-- Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
-
-If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
-
-```
-## :warning: BREAKING :warning:
-```
-
-To explain how this could affect users and how to mitigate these changes.
-
-Once code review starts on your PR, do not rebase nor squash your branch as it makes it
-difficult to review the new changes. Only if there is a need, sync your branch by merging
-the base branch into yours. Don't worry about merge commits messing up your tree as
-the final merge process squashes all commits into one, with the visible commit message (first
-line) being the PR title + PR index and description being the PR's first comment.
-
-Once your PR gets the `lgtm/done` label, don't worry about keeping it up-to-date or breaking
-builds (unless there's a merge conflict or a request is made by a maintainer to make
-modifications). It is the maintainer team's responsibility from this point to get it merged.
-
-## Styleguide
-
-For imports you should use the following format (*without* the comments)
-
-```go
-import (
-  // stdlib
-  "fmt"
-  "math"
-
-  // local packages
-  "code.gitea.io/gitea/models"
-  "code.gitea.io/sdk/gitea"
-
-  // external packages
-  "github.com/foo/bar"
-  "gopkg.io/baz.v1"
-)
-```
-
-## Design guideline
-
-To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
-
-- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
-- **models/fixtures:** Sample model data used in integration tests.
-- **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
-- **modules:** Different modules to handle specific functionality in Gitea. Shall only depend on other modules but not other packages (models, services).
-- **public:** Frontend files (javascript, images, css, etc.)
-- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers.
-- **services:** Support functions for common routing operations. Uses models and modules to handle the request.
-- **templates:** Golang templates for generating the html output.
-- **tests/e2e:** End to end tests
-- **tests/integration:** Integration tests
-- **vendor:** External code that Gitea depends on.
-
-## Documentation
-
-If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated.
-
-## API v1
-
-The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
-
-Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.
-
-If Gitea provides functionality that GitHub does not, a new endpoint can be created.
-
-If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.
-
-Updating an existing API should not remove existing fields unless there is a really good reason to do so.
-
-The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
-
-All expected results (errors, success, fail messages) should be documented
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)).
-
-All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
-and referenced in
-[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).
-
-They can then be used like the following:
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
-
-All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
-and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))
-
-They can be used like the following:
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
-
-In general, HTTP methods are chosen as follows:
-
-- **GET** endpoints return requested object and status **OK (200)**
-- **DELETE** endpoints return status **No Content (204)**
-- **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
-- **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
-- **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
-
-An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
-
-### Endpoints returning lists should
-
-- support pagination (`page` & `limit` options in query)
-- set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
-
-## Backports and Frontports
-
-Occasionally backports of PRs are required.
-
-The backported PR title should be:
-
-```
-Title of backported PR (#ORIGINAL_PR_NUMBER)
-```
-
-The first two lines of the summary of the backporting PR should be:
-
-```
-Backport #ORIGINAL_PR_NUMBER
-
-```
-
-with the rest of the summary matching the original PR. Similarly for frontports
-
----
-
-The below is a script that may be helpful in creating backports. YMMV.
-
-```bash
-#!/bin/sh
-PR="$1"
-SHA="$2"
-VERSION="$3"
-
-if [ -z "$SHA" ]; then
-    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
-fi
-
-if [ -z "$VERSION" ]; then
-    VERSION="v1.16"
-fi
-
-echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
-git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
-git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
-
-```
-
-## Developer Certificate of Origin (DCO)
-
-We consider the act of contributing to the code by submitting a Pull
-Request as the "Sign off" or agreement to the certifications and terms
-of the [DCO](DCO) and [MIT license](LICENSE). No further action is required.
-Additionally you could add a line at the end of your commit message.
-
-```
-Signed-off-by: Joe Smith <joe.smith@email.com>
-```
-
-If you set your `user.name` and `user.email` Git configs, you can add the
-line to the end of your commit automatically with `git commit -s`.
-
-We assume in good faith that the information you provide is legally binding.
-
-## Release Cycle
-
-We adopted a release schedule to streamline the process of working
-on, finishing, and issuing releases. The overall goal is to make a
-minor release every three or four months, which breaks down into two or three months of
-general development followed by one month of testing and polishing
-known as the release freeze. All the feature pull requests should be
-merged before feature freeze. And, during the frozen period, a corresponding
-release branch is open for fixes backported from main branch. Release candidates
-are made during this period for user testing to
-obtain a final version that is maintained in this branch. A release is
-maintained by issuing patch releases to only correct critical problems
-such as crashes or security issues.
-
-Major release cycles are seasonal. They always begin on the 25th and end on
-the 24th (i.e., the 25th of December to March 24th).
-
-During a development cycle, we may also publish any necessary minor releases
-for the previous version. For example, if the latest, published release is
-v1.2, then minor changes for the previous release—e.g., v1.1.0 -> v1.1.1—are
-still possible.
-
-## Maintainers
-
-To make sure every PR is checked, we have [team
-maintainers](MAINTAINERS). Every PR **MUST** be reviewed by at least
-two maintainers (or owners) before it can get merged. A maintainer
-should be a contributor of Gitea (or Gogs) and contributed at least
-4 accepted PRs. A contributor should apply as a maintainer in the
-[Discord](https://discord.gg/NsatcWJ) #develop channel. The owners
-or the team maintainers may invite the contributor. A maintainer
-should spend some time on code reviews. If a maintainer has no
-time to do that, they should apply to leave the maintainers team
-and we will give them the honor of being a member of the [advisors
-team](https://github.com/orgs/go-gitea/teams/advisors). Of course, if
-an advisor has time to code review, we will gladly welcome them back
-to the maintainers team. If a maintainer is inactive for more than 3
-months and forgets to leave the maintainers team, the owners may move
-him or her from the maintainers team to the advisors team.
-For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide GPG signed commits.
-https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
-https://help.github.com/articles/signing-commits-with-gpg/
-
-## Owners
-
-Since Gitea is a pure community organization without any company support,
-to keep the development healthy we will elect three owners every year. All
-contributors may vote to elect up to three candidates, one of which will
-be the main owner, and the other two the assistant owners. When the new
-owners have been elected, the old owners will give up ownership to the
-newly elected owners. If an owner is unable to do so, the other owners
-will assist in ceding ownership to the newly elected owners.
-For security reasons, Owners or any account with write access (like a bot)
-must use 2FA.
-https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
-
-After the election, the new owners should proactively agree
-with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the
-[Discord](https://discord.gg/NsatcWJ) #general channel. Below are the
-words to speak:
-
-```
-I'm honored to having been elected an owner of Gitea, I agree with
-[CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea
-and lead the development of Gitea.
-```
-
-To honor the past owners, here's the history of the owners and the time
-they served:
-
-- 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
-
-- 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-
-- 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-
-- 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
-
-- 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
-
-- 2016-11-04 ~ 2017-12-31
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
-
-## Versions
-
-Gitea has the `main` branch as a tip branch and has version branches
-such as `release/v0.9`. `release/v0.9` is a release branch and we will
-tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
-pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
-after bringing the bug fix also to the main branch.
-
-Since the `main` branch is a tip version, if you wish to use Gitea
-in production, please download the latest release tag version. All the
-branches will be protected via GitHub, all the PRs to every branch must
-be reviewed by two maintainers and must pass the automatic tests.
-
-## Releasing Gitea
-
-- Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
-- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
-- If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
-  - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
-  - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
-- If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
-- Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
-- And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
-- If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
-- Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
-- Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
-  - bump the version of https://dl.gitea.io/gitea/version.json
-  - merge the blog post PR
-  - announce the release in discord `#announcements`
-
-## Copyright
-
-Code that you contribute should use the standard copyright header:
-
-```
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-```
-
-Files in the repository contain copyright from the year they are added
-to the year they are last changed. If the copyright author is changed,
-just paste the header below the old one.

CONTRIBUTING/COC.md

@@ -0,0 +1,26 @@
+# Code of Conduct, Well Being and Moderation teams
+
+Forgejo strives to be an inclusive project where everyone can participate in a safe environment. The [Well Being](https://codeberg.org/org/forgejo/teams/well-being) team is doing its best to defuse tensions before they escalate and is available to answer all requests sent its way. When diplomacy fails, the [Moderation](https://codeberg.org/org/forgejo/teams/moderation) will be forced to act to put a stop to actions that are contrary to the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+
+## Well Being and Moderation teams
+
+Temporary Well Being and Moderation teams [were appointed 10 November 2022](https://codeberg.org/forgejo/meta/issues/13).
+
+The moderation team will rely on this [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
+
+### [Well Being](https://codeberg.org/org/forgejo/teams/well-being)
+
+Their goal is to defuse tensions.
+
+It has no power whatsover. The members are approved by the organization and trusted to:
+
+- Read all communications to detect tensions between people before they escalate.
+- Do their best to defuse tensions.
+
+### [Moderation](https://codeberg.org/org/forgejo/teams/moderation)
+
+Their goal is to enforce the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
+
+It has the power to exclude people from a space.
+
+Their decisions must be logical, fact based and transparent to the organization trusting them with the task.

CONTRIBUTING/DCO.md

@@ -0,0 +1,29 @@
+# Developer Certificate of Origin (DCO)
+
+Contributions to Forgejo, in all the repositories in the [Forgejo organization](https://codeberg.org/forgejo) are accepted provided the author agrees to the following Developer Certificate of Origin (DCO).
+
+```
+By making a contribution to Forgejo, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the Free Software
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate Free Software
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same Free Software license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the Free Software license(s) involved.
+```

CONTRIBUTING/DISCUSSIONS.md

@@ -0,0 +1,18 @@
+# Bugs, features and discussions
+
+The [Forgejo issue tracker](https://codeberg.org/forgejo/forgejo/issues) is where **bugs** should be reported and **features** requested.
+
+Dedicated repositories in the [Forgejo organization](https://codeberg.org/forgejo) cover areas such as:
+- the [website](https://codeberg.org/forgejo/website)
+- the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct)
+- the [funding](https://codeberg.org/forgejo/funding).
+
+Other discussions regarding all **non technical aspects** of Forgejo, such as the governance, happen in the [meta issue tracker](https://codeberg.org/forgejo/meta/issues) and in the [matrix chatroom](https://matrix.to/#/#forgejo-chat:matrix.org).
+
+# Security
+
+The [security team](https://codeberg.org/org/forgejo/teams/security) handle security vulnerabilities. It handles sensitive security-related issues reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).
+
+The security team also keeps the content of the [security.txt](https://codeberg.org/forgejo/website/src/branch/main/public/.well-known/security.txt) file up to date.
+
+The private GPG key for `security@forgejo.org` is shared among all members of the security team and not stored online.

CONTRIBUTING/FUNDING.md

@@ -0,0 +1,21 @@
+# Funding per year
+
+## 2022
+
+* 50,000€ [to further forge federation](https://forum.forgefriends.org/t/nlnet-grant-application-for-federation-in-gitea-deadline-august-1st-2022/823)
+* 10,000€ (1,400€ October, 5,600€ November, 2,800€ December) employee delegation from Easter-eggs (Loïc Dachary)
+
+# Funding ideas and prospects
+
+## Grant applications
+
+* [Forgejo NLnet December 1st 2022](https://codeberg.org/forgejo/funding/issues/1)
+* [UX/UI NLnet December 1st 2022](https://codeberg.org/forgejo/funding/issues/4)
+
+## Discussions
+
+* [Proposition](https://codeberg.org/forgejo/meta/issues/51) to log volunteers time so that it is accounted for at a 60€ per hour rate.
+* [A solution for sustaining Free Software forge development](https://blog.dachary.org/2022/11/05/a-solution-for-sustaining-forge-development/)
+    * A French company delegates an employee for X month
+    * The employee's time is paid for by [R&D incentive](https://fr.wikipedia.org/wiki/Cr%C3%A9dit_d%27imp%C3%B4t_recherche)
+* [Donations to Codeberg](https://codeberg.org/forgejo/meta/issues/26)

CONTRIBUTING/GOVERNANCE.md

@@ -0,0 +1,21 @@
+# Governance
+
+## Codeberg e.V. stewards of the domains
+
+The Forgejo [domains](https://codeberg.org/forgejo/meta/issues/41) are owned by the democratic non-profit dedicated to Free Software [Codeberg e.V.](https://codeberg.org/Codeberg/org/src/branch/main/en/bylaws.md). Forgejo is therefore ultimately under the control of Codeberg e.V. and its governance. However, although Codeberg e.V. is committed to use and host Forgejo, it is expected that Forgejo defines its own governance, in a way that is compatible with the Codeberg e.V. governance.
+
+## Interim Forgejo Governance
+
+Although Codeberg e.V. guarantees Forgejo is ultimately under the control of a trusted organization, there was a need to establish an interim Forgejo governance for safeguarding credentials, enforcing the Code of Conduct and ensuring security vulnerabilities are handled responsibly for the Forgejo releases.
+
+All people with a role in the interim Forgejo governance pledge to resign as soon as the Forgejo governance is in place.
+
+* [release managers](https://codeberg.org/org/forgejo/teams/releases) safeguard the keys used to sign Forgejo releases
+* [secret keepers](https://codeberg.org/org/Forgejo/teams/owners) safeguard all credentials (registrar, social accounts, etc.)
+* [security team](https://codeberg.org/org/forgejo/teams/security) handle security vulnerabilities
+* [Well Being](https://codeberg.org/org/forgejo/teams/well-being) and [Moderation](https://codeberg.org/org/forgejo/teams/moderation) teams help keep Forgejo an inclusive space
+
+## Forgejo Governance
+
+Forgejo was bootstraped in November 2022 and is [defining its governance](https://codeberg.org/forgejo/meta/issues/19). The [first meeting happened November 24th](https://codeberg.org/forgejo/meta/issues/19#issuecomment-694460) and was recorded. Everyone is welcome to participate in this fully transparent and cooperative process.
+

CONTRIBUTING/RELEASE.md

@@ -0,0 +1,62 @@
+# Release management
+
+## Shared user: release-team
+
+The [release-team](https://codeberg.org/release-team) user publishes and signs all releases. The associated email is mailto:release@forgejo.org.
+
+The public GPG key used to sign the releases is [EB114F5E6C0DC2BCDD183550A4B61A2DC5923710](https://codeberg.org/release-team.gpg) `Forgejo Releases <release@forgejo.org>`
+
+## Release numbering
+
+The Forgejo release numbers are composed of the Gitea release number followed by a dash and a serial number. For instance:
+
+* Gitea **v1.18.0** will be Forgejo **v1.18.0-0**, **v1.18.0-1**, etc
+
+The Gitea release candidates are suffixed with **-rcN** which is handled as a special case for packaging: although **X.Y.Z** is lexicographically lower than **X.Y.Z-rc1** is is considered greater. The Forgejo serial number must therefore be inserted before the **-rcN** suffix to preserve the expected version ordering.
+
+* Gitea **v1.18.0-rc0** will be Forgejo **v1.18.0-0-rc0**, **v1.18.0-1-rc0**
+* Gitea **v1.18.0-rc1** will be Forgejo **v1.18.0-2-rc1**, **v1.18.0-3-rc1**, **v1.18.0-4-rc1**
+* Gitea **v1.18.0** will be Forgejo **v1.18.0-5**, **v1.18.0-6**, **v1.18.0-7**
+* etc.
+
+## Release process
+
+* Reset the vX.Y/forgejo-integration branch to the Gitea tag vX.Y.Z
+* Merge all feature branches into the vX.Y/forgejo-integration branch
+* If the CI passes reset the vX.Y/forgejo branch to the tip of vX.Y/forgejo-integration
+* Set the vX.Y.Z-N tag to the tip of the vX.Y/forgejo branch
+* [Binaries](https://codeberg.org/forgejo/forgejo/releases) are built, signed and uploaded by the CI.
+* [Container images](https://codeberg.org/forgejo/-/packages/container/forgejo/versions) are built and uploaded by the CI.
+
+## Release signing keys management
+
+A GPG master key with no expiration date is created and shared with members of the Owners team via encrypted email. A subkey with a one year expiration date is created and stored in the secrets repository, to be used by the CI pipeline. The public master key is stored in the secrets repository and published where relevant.
+
+### Master key creation
+
+* gpg --expert --full-generate-key
+* key type: ECC and ECC option with Curve 25519 as curve
+* no expiration
+* id: Forgejo Releases <contact@forgejo.org>
+* gpg --export-secret-keys --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 and send via encrypted email to Owners
+* gpg --export --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 > release-team-gpg.pub
+* commit to the secret repository
+
+### Subkey creation and renewal
+
+* gpg --expert --edit-key EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
+* addkey
+* key type: ECC (signature only)
+* key validity: one year
+* create [an issue](https://codeberg.org/forgejo/forgejo/issues) to schedule the renewal
+
+#### 2023
+
+* gpg --export --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg.pub
+* gpg --export-secret-keys --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg
+* commit to the secrets repository
+* renewal issue https://codeberg.org/forgejo/forgejo/issues/58
+
+### CI configuration
+
+The `releaseteamgpg` secret in the Woodpecker CI configuration is set with the subkey.

CONTRIBUTING/SECRETS.md

@@ -0,0 +1,56 @@
+# Secrets
+
+All Forgejo credentials are shared among the [secret keepers](https://codeberg.org/org/Forgejo/teams/owners) teams in a private repository with encrypted content.
+
+## Get started
+
+1. Make sure you have a GPG Key, or [create one](https://github.com/NicoHood/gpgit#12-key-generation)
+2. Send someone else your public key and ask this person to add yourself as a recipient
+```
+# Commands for the other person
+$ gpg --import public_key.asc
+# The following command will open a prompt, with the available public keys. 
+# Choose the one you just added and all secrets will be re-encrypted with this new key.
+$ gopass recipients add
+```
+3. [Install gopass](https://www.gopass.pw/#install)
+> :warning: When installing on Ubuntu or Debian you can either download the deb package, install manually or build from source or use our APT repository ([github comment](https://github.com/gopasspw/gopass/issues/1849#issuecomment-802789285) with more information).
+4. Clone this repo using `gopass` (the name and email are for `git config`)
+```
+$ gopass clone git@codeberg.org:Forgejo/gopass.git
+```
+5. Check the consistency of the gopass storage
+```
+$ gopass fsck
+```
+
+## Get a secret
+
+Show the whole secret file:
+```
+$ gopass show ovh.com/manager
+```
+
+Copy the password in the clipboard:
+```
+$ gopass show -c ovh.com/manager
+```
+
+Copy the `user` part of the secret in the clipboard:
+```
+$ gopass show -c ovh.com/manager user
+```
+
+## Insert or edit a secret
+```
+$ gopass edit ovh.com/manager
+```
+In the editor, insert the password on the first line.
+You may then add lines with a `key: value` syntax (`user: username` for instance).
+
+## Debugging and manual git operations
+
+The following command will show the location and status of the git repo (all git commands are available).
+```
+$ gopass git status
+```

CONTRIBUTING/WORKFLOW.md

@@ -0,0 +1,79 @@
+# Development workflow
+
+Forgejo is a soft fork, i.e. a set of commits applied to the Gitea development branch and the stable branches. On a regular basis those commits are rebased and modified if necessary to keep working. All Forgejo commits are merged into a branch from which binary releases and packages are created and distributed. The development workflow is a set of conventions Forgejo developers are expected to follow to work together.
+
+Discussions on how the workflow should evolve happen [in the isssue tracker](https://codeberg.org/forgejo/forgejo/issues?type=all&state=open&labels=&milestone=0&assignee=0&q=%5BWORKFLOW%5D).
+
+## Naming conventions
+
+### Development
+
+* Gitea: main
+* Forgejo: forgejo
+* Integration: forgejo-integration
+* Feature branches: forgejo-feature-name
+
+### Stable
+
+* Gitea: release/vX.Y
+* Forgejo: vX.Y/forgejo
+* Integration: vX.Y/forgejo-integration
+* Feature branches: vX.Y/forgejo-feature-name
+
+## Rebasing
+
+### *Feature branch*
+
+The *Gitea* branches are mirrored with the Gitea development and stable branches.
+
+On a regular basis, each *Feature branch* is rebased against the base *Gitea* branch.
+
+### *Integration* and *Forgejo*
+
+The latest *Gitea* branch resets the *Integration* branch and all *Feature branches* are merged into it. 
+
+If tests pass, the *Forgejo* branch is reset to the tip of the *Integration* branch.
+
+If tests do not pass, an issue is filed to the *Feature branch* that fails the test. Once the issue is resolved, another round of rebasing starts.
+
+## Releasing
+
+When a tag is set to a *Stable* *Forgejo* branch, the CI pipeline creates and uploads binaries and packages.
+
+## Feature branches
+
+All *Feature branches* are based on the {vX.Y/,}forgejo-development branch which provides and other development tools and documenation.
+
+The \*forgejo-development branch is based on the {vX.Y/,}forgejo-ci branch which provides the Woodpecker CI configuration.
+
+The purpose of each *Feature branch* is documented below:
+
+### General purpose
+
+* [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci) based on [main](https://codeberg.org/forgejo/forgejo/src/branch/main)
+  Woodpecker CI configuration, including the release process.
+  * Backports: [v1.18/forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci)
+
+* [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development) based on [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci)
+  Forgejo development tools and documentation.
+  * Backports: [v1.18/forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-development)
+
+### [Federation](https://codeberg.org/forgejo/forgejo/issues?labels=79349)
+
+* [forgejo-federation](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-federation) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Federation support for Forgejo
+
+## Pull requests and feature branches
+
+Most people who are used to contributing will be familiar with the workflow of sending a pull request against the default branch. When that happens the reviewer should change the base branch to the appropriate *Feature branch* instead. If the pull request does not fit in any *Feature branch*, the reviewer needs to make decision to either:
+
+* Decline the pull request because it is best contributed to Gitea
+* Create a new *Feature branch*
+
+Returning contributors can figure out which *Feature branch* to base their pull request on using the list of *Feature branches*.
+
+## Granularity
+
+*Feature branches* can contain a number of commits grouped together, for instance for branding the documentation, the landing page and the footer. It makes it convenient for people working on that topic to get the big picture without browsing multiple branches. Creating a new *Feature branch* for each individual commit, while possible, is likely to be difficult to work with.
+
+Observing the granularity of the existing *Feature branches* is the best way to figure out what works and what does not. It requires adjustments from time to time depending on the number of contributors and the complexity of the Forgejo codebase that sits on top of Gitea.

Dockerfile

@@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.19-alpine3.16 AS build-env
+FROM codeberg.org/forgejo/golang:1.19-alpine3.17 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,8 +23,8 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 
-FROM alpine:3.16
-LABEL maintainer="maintainers@gitea.io"
+FROM codeberg.org/forgejo/alpine:3.17.0
+LABEL maintainer="contact@forgejo.org"
 
 EXPOSE 22 3000
 
@@ -64,5 +64,9 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
+#
+# s/755/775/ in the following is to avoid the corrupted layer 4f4fb700ef54
+# https://codeberg.org/Codeberg/Community/issues/800#issue-210309
+#
+RUN chmod 775 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
+RUN chmod 775 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*

Dockerfile.rootless

@@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.19-alpine3.16 AS build-env
+FROM golang:1.19-alpine3.17 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer="maintainers@gitea.io"
 
 EXPOSE 2222 3000

Dockerfile.tmp

@@ -0,0 +1,4 @@
+FROM golang:1.19-alpine3.16
+
+RUN pwd
+

Makefile

@@ -83,7 +83,7 @@ ifneq ($(DRONE_TAG),)
 	GITEA_VERSION ?= $(VERSION)
 else
 	ifneq ($(DRONE_BRANCH),)
-		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
+		VERSION ?= $(shell echo $(DRONE_BRANCH) | sed -e 's|v\([0-9.][0-9.]*\)/.*|\1|')
 	else
 		VERSION ?= main
 	endif
@@ -333,7 +333,7 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check
 
 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate
+checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
 
 .PHONY: lint
 lint: lint-frontend lint-backend
@@ -745,13 +745,13 @@ generate-go: $(TAGS_PREREQ)
 
 .PHONY: security-check
 security-check:
-	govulncheck -v ./...
+	go run $(GOVULNCHECK_PACKAGE) -v ./...
 
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
 
 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-linux release-copy release-compress vendor release-sources release-check
 
 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)
@@ -768,7 +768,7 @@ endif
 
 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out forgejo-$(VERSION) .
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
@@ -798,8 +798,8 @@ release-sources: | $(DIST_DIRS)
 # bsdtar needs a ^ to prevent matching subdirectories
 	$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
 # use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s
-	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./gitea-src-$(VERSION)/'" || echo "--transform 's|^./|gitea-src-$(VERSION)/|'"))
-	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
+	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./forgejo-src-$(VERSION)/'" || echo "--transform 's|^./|forgejo-src-$(VERSION)/|'"))
+	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/forgejo-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)
 
 .PHONY: release-docs

README.md

@@ -1,180 +1,46 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
+# Welcome to Forgejo
 
-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
+Hi there! Tired of big platforms playing monopoly?
+Providing Git hosting for your project, friends, company or community?
+**Forgejo** (inspired by forĝejo \ˈfor.d͡ʒe.jo\ – the Esperanto word for *forge*) has you covered with its intuitive interface,
+light and easy hosting and a lot of builtin functionality.
 
-<p align="center">
-  <a href="README_ZH.md">View this document in Chinese</a>
-</p>
+Forgejo was forked from the well-known [Gitea](https://gitea.io) project in 2022,
+because we think that the project should be owned by an independent community instead of a for-profit company.
+If you second that, then Forgejo is for you!
+Our promise: **Independent Free/Libre Software forever!**
 
-## Purpose
 
-The goal of this project is to make the easiest, fastest, and most
-painless way of setting up a self-hosted Git service.
+## What does Forgejo offer?
 
-As Gitea is written in Go, it works across **all** the platforms and
-architectures that are supported by Go, including Linux, macOS, and
-Windows on x86, amd64, ARM and PowerPC architectures.
-You can try it out using [the online demo](https://try.gitea.io/).
-This project has been
-[forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
-[Gogs](https://gogs.io) since November of 2016, but a lot has changed.
+If you want to know what Forgejo is like,
+you can check out public instances<!-- could become link to list -->,
+e.g. [Codeberg.org](https://codeberg.org).
 
-## Building
+If you like any of the following, Forgejo is literally meant for you:
 
-From the root of the source tree, run:
+- Lightweight: Forgejo can easily be hosted on nearly **every machine**.
+  Running on a Raspberry? Small cloud instance? No problem!
+- Intuitive: We aim for a user experience that is **friendly** to newcomers and **productive** for power users.
+- Project management: Besides Git hosting, Forgejo offers issues,
+  pull requests, wikis, kanban boards and much more to **coordinate with your team**.
+- Publishing: Have something to share? Use **releases** to host your software for download,
+  or use the **package registry** to publish it for docker, npm and many other package managers.
+- Customizable: Want to change your look? Change some settings?
+  There are many **config switches** to make Forgejo work exactly like you want.
+- Powerful: Organizations & team permissions, CI integration, Code Search, LDAP, OAuth and much more.
+  If you have **advanced needs**, Forgejo has you covered.
+- Privacy: From update checker to default settings: Forgejo is built to be **privacy first** for you and your crew.
+- Federation: (WIP) We are actively working to connect software forges with each other through **ActivityPub**,
+  and create a collaborative network of personal instances.
+  Interested? [Read more below](#Status-of-federation)
 
-    TAGS="bindata" make build
+## Learn more
 
-or if SQLite support is required:
+We're still working on our website.
+In the meantime, you can <a href="https://floss.social/@Forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#Forgejo-chat:matrix.org) if you have any questions or want to get involved.
 
-    TAGS="bindata sqlite sqlite_unlock_notify" make build
 
-The `build` target is split into two sub-targets:
+## Get involved
 
-- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
-- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
-
-When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.
-
-Parallelism (`make -j <num>`) is not supported.
-
-More info: https://docs.gitea.io/en-us/install-from-source/
-
-## Using
-
-    ./gitea web
-
-NOTE: If you're interested in using our APIs, we have experimental
-support with [documentation](https://try.gitea.io/api/swagger).
-
-## Contributing
-
-Expected workflow is: Fork -> Patch -> Push -> Pull Request
-
-NOTES:
-
-1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
-2. If you have found a vulnerability in the project, please write privately to **security@gitea.io**. Thanks!
-
-## Translating
-
-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.
-
-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
-
-https://docs.gitea.io/en-us/translation-guidelines/
-
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
-## Further information
-
-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
-If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
-
-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
-
-The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
-
-The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
-
-## Authors
-
-- [Maintainers](https://github.com/orgs/go-gitea/people)
-- [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
-- [Translators](options/locale/TRANSLATORS)
-
-## Backers
-
-Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/gitea#backer)]
-
-<a href="https://opencollective.com/gitea#backers" target="_blank"><img src="https://opencollective.com/gitea/backers.svg?width=890"></a>
-
-## Sponsors
-
-Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/gitea#sponsor)]
-
-<a href="https://opencollective.com/gitea/sponsor/0/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/0/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/1/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/1/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/2/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/2/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/3/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/3/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/4/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/4/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/5/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/5/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/6/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/6/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
-<a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>
-
-## FAQ
-
-**How do you pronounce Gitea?**
-
-Gitea is pronounced [/ɡɪ’ti:/](https://youtu.be/EM71-2uDAoY) as in "gi-tea" with a hard g.
-
-**Why is this not hosted on a Gitea instance?**
-
-We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
-
-## License
-
-This project is licensed under the MIT License.
-See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
-for the full license text.
-
-## Screenshots
-
-Looking for an overview of the interface? Check it out!
-
-|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
-|:---:|:---:|:---:|
-|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
+If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please [take a look at the contribution guide](CONTRIBUTING.md).

README_ZH.md

@@ -1,98 +0,0 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
-
-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
-
-<p align="center">
-  <a href="README.md">View this document in English</a>
-</p>
-
-## 目标
-
-Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。
-
-如果您想试用一下，请访问 [在线Demo](https://try.gitea.io/)！
-
-## 提示
-
-1. **开始贡献代码之前请确保你已经看过了 [贡献者向导（英文）](CONTRIBUTING.md)**.
-2. 所有的安全问题，请私下发送邮件给 **security@gitea.io**。谢谢！
-3. 如果你要使用API，请参见 [API 文档](https://godoc.org/code.gitea.io/sdk/gitea).
-
-## 文档
-
-关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。
-
-## 贡献流程
-
-Fork -> Patch -> Push -> Pull Request
-
-## 翻译
-
-多语言翻译是基于Crowdin进行的.
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
-## 作者
-
-* [Maintainers](https://github.com/orgs/go-gitea/people)
-* [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
-* [Translators](options/locale/TRANSLATORS)
-
-## 授权许可
-
-本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) 文件中。
-
-## 截图
-
-|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
-|:---:|:---:|:---:|
-|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|

SECURITY.md

@@ -1,83 +0,0 @@
-# Reporting security issues
-
-The Gitea maintainers take security seriously.
-
-If you discover a security issue, please bring it to their attention right away!
-
-## Reporting a Vulnerability
-
-Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
-
-## Protecting Security Information
-
-Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
-
-The PGP key is valid until June 24, 2024.
-
-```
-Key ID: 6FCD2D5B
-Key Type: RSA
-Expires: 6/24/2024
-Key Size: 4096/4096
-Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B
-```
-
-UserID: Gitea Security <security@gitea.io>
-
-```
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8
-4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r
-OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w
-k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7
-kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV
-rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR
-3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z
-q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X
-CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F
-lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e
-AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB
-tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE
-PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
-CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94
-njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI
-4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A
-bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa
-ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE
-i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb
-Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo
-srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb
-a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR
-JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5
-kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX
-AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen
-T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN
-GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46
-XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E
-ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX
-03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP
-RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw
-qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T
-s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/
-axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt
-D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x
-Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC
-YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA
-Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN
-D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B
-O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva
-6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U
-GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+
-7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg
-q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik
-ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP
-GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/
-i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G
-zgS/ZdziCvdAutqnGA==
-=gZWO
------END PGP PUBLIC KEY BLOCK-----
-
-```
-
-Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.

build.go

@@ -1,6 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
+
 
 //go:build vendor
 

build/code-batch-process.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 //go:build ignore
 

build/codeformat/formatimports.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package codeformat
 

build/codeformat/formatimports_test.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package codeformat
 

build/generate-bindata.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 //go:build ignore
 

build/generate-emoji.go

@@ -1,7 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright 2015 Kenneth Shaw
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 //go:build ignore
 
@@ -209,8 +208,8 @@ func generate() ([]byte, error) {
 
 const hdr = `
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
+
 
 package emoji
 

build/generate-go-licenses.go

@@ -1,6 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 //go:build ignore
 

build/gocovmerge.go

@@ -1,7 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright (c) 2015, Wade Simmons
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 // gocovmerge takes the results from multiple `go test -coverprofile` runs and
 // merges them into one profile

cmd/admin.go

@@ -1,7 +1,6 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 
@@ -413,9 +412,9 @@ var (
 			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
 		},
 		cli.StringFlag{
-			Name:  "addr",
+			Name:  "host",
 			Value: "",
-			Usage: "SMTP Addr",
+			Usage: "SMTP Host",
 		},
 		cli.IntFlag{
 			Name:  "port",
@@ -666,7 +665,7 @@ func runDeleteUser(c *cli.Context) error {
 	} else if c.IsSet("username") {
 		user, err = user_model.GetUserByName(ctx, c.String("username"))
 	} else {
-		user, err = user_model.GetUserByID(c.Int64("id"))
+		user, err = user_model.GetUserByID(ctx, c.Int64("id"))
 	}
 	if err != nil {
 		return err
@@ -727,7 +726,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 
 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
+		repos, count, err := repo_model.SearchRepositoryByName(ctx, &repo_model.SearchRepoOptions{
 			ListOptions: db.ListOptions{
 				PageSize: repo_model.RepositoryListDefaultPageSize,
 				Page:     page,
@@ -955,8 +954,8 @@ func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 		}
 		conf.Auth = c.String("auth-type")
 	}
-	if c.IsSet("addr") {
-		conf.Addr = c.String("addr")
+	if c.IsSet("host") {
+		conf.Host = c.String("host")
 	}
 	if c.IsSet("port") {
 		conf.Port = c.Int("port")

cmd/admin_auth_ldap.go

@@ -1,6 +1,5 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/admin_auth_ldap_test.go

@@ -1,6 +1,5 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/cert.go

@@ -1,8 +1,7 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/cmd.go

@@ -1,6 +1,5 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 // Package cmd provides subcommands to the gitea binary - such as "web" or
 // "admin".

cmd/convert.go

@@ -1,6 +1,5 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/docs.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/doctor.go

@@ -1,6 +1,5 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/dump.go

@@ -1,7 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/dump_repo.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/embedded.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 //go:build bindata
 

cmd/embedded_stub.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 //go:build !bindata
 

cmd/generate.go

@@ -1,7 +1,6 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/hook.go

@@ -1,6 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 
@@ -218,9 +217,9 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}
 
-	supportProcRecive := false
+	supportProcReceive := false
 	if git.CheckGitVersionAtLeast("2.29") == nil {
-		supportProcRecive = true
+		supportProcReceive = true
 	}
 
 	for scanner.Scan() {
@@ -241,9 +240,9 @@ Gitea or set your environment appropriately.`, "")
 		lastline++
 
 		// If the ref is a branch or tag, check if it's protected
-		// if supportProcRecive all ref should be checked because
+		// if supportProcReceive all ref should be checked because
 		// permission check was delayed
-		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
+		if supportProcReceive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
 			oldCommitIDs[count] = oldCommitID
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName

cmd/hook_test.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/keys.go

@@ -1,6 +1,5 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/mailer.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/main_test.go

@@ -1,6 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/manager.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/manager_logging.go

@@ -1,6 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/migrate.go

@@ -1,6 +1,5 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/migrate_storage.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/migrate_storage_test.go

@@ -1,6 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 
@@ -44,6 +43,7 @@ func TestMigratePackages(t *testing.T) {
 		PackageFileInfo: packages_service.PackageFileInfo{
 			Filename: "a.go",
 		},
+		Creator: creator,
 		Data:    buf,
 		IsLead:  true,
 	})

cmd/restore_repo.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/serv.go

@@ -1,7 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/web.go

@@ -1,6 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/web_acme.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/web_graceful.go

@@ -1,6 +1,5 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

cmd/web_https.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package cmd
 

contrib/environment-to-ini/environment-to-ini.go

@@ -1,6 +1,5 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package main
 

contrib/fixtures/fixture_generation.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package main
 

contrib/pr/checkout.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package main
 

custom/conf/app.example.ini

@@ -7,6 +7,38 @@
 ;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
 
 
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Default Configuration (non-`app.ini` configuration)
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; These values are environment-dependent but form the basis of a lot of values. They will be
+;; reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
+;;
+;; - _`AppPath`_: This is the absolute path of the running gitea binary.
+;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
+;;   - The `--work-path` flag passed to the binary
+;;   - The environment variable `$GITEA_WORK_DIR`
+;;   - A built-in value set at build time (see building from source)
+;;   - Otherwise it defaults to the directory of the _`AppPath`_
+;;   - If any of the above are relative paths then they are made absolute against the
+;; the directory of the _`AppPath`_
+;; - _`CustomPath`_: This is the base directory for custom templates and other options.
+;; It is determined by using the first set thing in the following hierarchy:
+;;   - The `--custom-path` flag passed to the binary
+;;   - The environment variable `$GITEA_CUSTOM`
+;;   - A built-in value set at build time (see building from source)
+;;   - Otherwise it defaults to _`AppWorkPath`_`/custom`
+;;   - If any of the above are relative paths then they are made absolute against the
+;; the directory of the _`AppWorkPath`_
+;; - _`CustomConf`_: This is the path to the `app.ini` file.
+;;   - The `--config` flag passed to the binary
+;;   - A built-in value set at build time (see building from source)
+;;   - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
+;;   - If any of the above are relative paths then they are made absolute against the
+;; the directory of the _`CustomPath`_
+;;
+;; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; General Settings
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -26,7 +58,7 @@ RUN_MODE = ; prod
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
+;; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http'
 ;PROTOCOL = http
 ;;
 ;; Expect PROXY protocol headers on connections
@@ -51,6 +83,8 @@ RUN_MODE = ; prod
 ;STATIC_URL_PREFIX =
 ;;
 ;; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
+;; If PROTOCOL is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use.
+;; Relative paths will be made absolute against the _`AppWorkPath`_.
 ;HTTP_ADDR = 0.0.0.0
 ;;
 ;; The port to listen on. Leave empty when using a unix socket.
@@ -64,7 +98,7 @@ RUN_MODE = ; prod
 ;PORT_TO_REDIRECT = 80
 ;;
 ;; expect PROXY protocol header on connections to https redirector.
-;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
+;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
 ;; Minimum and maximum supported TLS versions
 ;SSL_MIN_VERSION=TLSv1.2
 ;SSL_MAX_VERSION=
@@ -91,7 +125,7 @@ RUN_MODE = ; prod
 ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ;;
 ;; When making local connections pass the PROXY protocol header.
-;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
+;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
 ;;
 ;; Disable SSH feature when not available
 ;DISABLE_SSH = false
@@ -145,7 +179,7 @@ RUN_MODE = ; prod
 ;;
 ;; For the built-in SSH server, choose the keypair to offer as the host key
 ;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
-;; relative paths are made absolute relative to the APP_DATA_PATH
+;; relative paths are made absolute relative to the %(APP_DATA_PATH)s
 ;SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
 ;;
 ;; Directory to create temporary files in when testing public keys using ssh-keygen,
@@ -241,10 +275,10 @@ RUN_MODE = ; prod
 ;;
 ;; Root directory containing templates and static files.
 ;; default is the path where Gitea is executed
-;STATIC_ROOT_PATH =
+;STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_
 ;;
 ;; Default path for App data
-;APP_DATA_PATH = data
+;APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_
 ;;
 ;; Enable gzip compression for runtime-generated content, static resources excluded
 ;ENABLE_GZIP = false
@@ -255,7 +289,7 @@ RUN_MODE = ; prod
 ;ENABLE_PPROF = false
 ;;
 ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
-;PPROF_DATA_PATH = data/tmp/pprof
+;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_
 ;;
 ;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
 ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
@@ -633,7 +667,7 @@ ROUTER = console
 ;PATH =
 ;;
 ;; The HOME directory for Git
-;HOME_PATH = %(APP_DATA_PATH)/home
+;HOME_PATH = %(APP_DATA_PATH)s/home
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@@ -725,6 +759,9 @@ ROUTER = console
 ;; Enable captcha validation for registration
 ;ENABLE_CAPTCHA = false
 ;;
+;; Enable this to require captcha validation for login
+;REQUIRE_CAPTCHA_FOR_LOGIN = false
+;;
 ;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha.
 ;CAPTCHA_TYPE = image
 ;;
@@ -838,8 +875,8 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
-;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
+;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
+;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
 ;ROOT =
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
@@ -1104,6 +1141,9 @@ ROUTER = console
 ;; allow request with credentials
 ;ALLOW_CREDENTIALS = false
 ;;
+;; headers to permit
+;HEADERS = Content-Type,User-Agent
+;;
 ;; set X-FRAME-OPTIONS header
 ;X_FRAME_OPTIONS = SAMEORIGIN
 
@@ -1296,7 +1336,7 @@ ROUTER = console
 ;ISSUE_INDEXER_TYPE = bleve
 ;;
 ;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-;ISSUE_INDEXER_PATH = indexers/issues.bleve
+;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
 ;;
 ;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
 ;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
@@ -1314,7 +1354,7 @@ ROUTER = console
 ;; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
 ;; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
 ;; default is queues/common
-;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
 ;;
 ;; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
 ;; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of
@@ -1370,7 +1410,7 @@ ROUTER = console
 ;TYPE = persistable-channel
 ;;
 ;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared.
-;DATADIR = queues/
+;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
 ;;
 ;; Default queue length before a channel queue will block
 ;LENGTH = 20
@@ -1550,7 +1590,7 @@ ROUTER = console
 ;; Prefix displayed before subject in mail
 ;SUBJECT_PREFIX =
 ;;
-;; Mail server protocol. One of "smtp", "smtps", "smtp+startls", "smtp+unix", "sendmail", "dummy".
+;; Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy".
 ;; - sendmail: use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
 ;; - dummy: send email messages to the log as a testing phase.
 ;; If your provider does not explicitly say which protocol it uses but does provide a port,
@@ -1672,7 +1712,7 @@ ROUTER = console
 ;; file: session file path, e.g. `data/sessions`
 ;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-;PROVIDER_CONFIG = data/sessions
+;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
 ;;
 ;; Session cookie name
 ;COOKIE_NAME = i_like_gitea
@@ -2198,6 +2238,8 @@ ROUTER = console
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
 ;; Generate sitemap. Defaults to `true`.
 ;ENABLE_SITEMAP = true
+;; Enable/Disable RSS/Atom feed
+;ENABLE_FEED = true
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2335,6 +2377,35 @@ ROUTER = console
 ;;
 ;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
 ;CHUNKED_UPLOAD_PATH = tmp/package-upload
+;;
+;; Maximum count of package versions a single owner can have (`-1` means no limits)
+;LIMIT_TOTAL_OWNER_COUNT = -1
+;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_TOTAL_OWNER_SIZE = -1
+;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_COMPOSER = -1
+;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_CONAN = -1
+;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_CONTAINER = -1
+;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_GENERIC = -1
+;; Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_HELM = -1
+;; Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_MAVEN = -1
+;; Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_NPM = -1
+;; Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_NUGET = -1
+;; Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_PUB = -1
+;; Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_PYPI = -1
+;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_RUBYGEMS = -1
+;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_VAGRANT = -1
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -27,23 +27,56 @@ accurately recorded in [app.example.ini](https://github.com/go-gitea/gitea/blob/
 (s/main/\<tag|release\>). Any string in the format `%(X)s` is a feature powered
 by [ini](https://github.com/go-ini/ini/#recursive-values), for reading values recursively.
 
+In the default values below, a value in the form `$XYZ` refers to an environment variable. (However, see `environment-to-ini`.) Values in the form  _`XxYyZz`_ refer to values listed as part of the default configuration. These notation forms will not work in your own `app.ini` file and are only listed here as documentation.
+
 Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 
 **Note:** A full restart is required for Gitea configuration changes to take effect.
 
 {{< toc >}}
 
+## Default Configuration (non-`app.ini` configuration)
+
+These values are environment-dependent but form the basis of a lot of values. They will be
+reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
+
+- _`AppPath`_: This is the absolute path of the running gitea binary.
+- _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
+  - The `--work-path` flag passed to the binary
+  - The environment variable `$GITEA_WORK_DIR`
+  - A built-in value set at build time (see building from source)
+  - Otherwise it defaults to the directory of the _`AppPath`_
+  - If any of the above are relative paths then they are made absolute against the
+the directory of the _`AppPath`_
+- _`CustomPath`_: This is the base directory for custom templates and other options.
+It is determined by using the first set thing in the following hierarchy:
+  - The `--custom-path` flag passed to the binary
+  - The environment variable `$GITEA_CUSTOM`
+  - A built-in value set at build time (see building from source)
+  - Otherwise it defaults to _`AppWorkPath`_`/custom`
+  - If any of the above are relative paths then they are made absolute against the
+the directory of the _`AppWorkPath`_
+- _`CustomConf`_: This is the path to the `app.ini` file.
+  - The `--config` flag passed to the binary
+  - A built-in value set at build time (see building from source)
+  - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
+  - If any of the above are relative paths then they are made absolute against the
+the directory of the _`CustomPath`_
+
+In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
+
 ## Overall (`DEFAULT`)
 
 - `APP_NAME`: **Gitea: Git with a cup of tea**: Application name, used in the page title.
-- `RUN_USER`: **git**: The user Gitea will run as. This should be a dedicated system
-   (non-user) account. Setting this incorrectly will cause Gitea to not start.
+- `RUN_USER`: **_current OS username_/`$USER`/`$USERNAME` e.g. git**: The user Gitea will run as.
+   This should be a dedicated system (non-user) account. Setting this incorrectly will cause Gitea
+   to not start.
 - `RUN_MODE`: **prod**: Application run mode, affects performance and debugging. Either "dev", "prod" or "test".
 
 ## Repository (`repository`)
 
-- `ROOT`: **%(APP_DATA_PATH)/gitea-repositories**: Root path for storing all repository data.
-   A relative path is interpreted as **%(GITEA_WORK_DIR)/%(ROOT)**.
+- `ROOT`: **%(APP_DATA_PATH)s/gitea-repositories**: Root path for storing all repository data.
+   A relative path is interpreted as **_`AppWorkPath`_/%(ROOT)s**.
 - `SCRIPT_TYPE`: **bash**: The script type this server supports. Usually this is `bash`,
    but some users report that only `sh` is available.
 - `DETECTED_CHARSETS_ORDER`: **UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr**: Tie-break order of detected charsets - if the detected charsets have equal confidence, charsets earlier in the list will be chosen in preference to those later. Adding `defaults` will place the unnamed charsets at that point.
@@ -167,6 +200,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
 - `MAX_AGE`: **10m**: max time to cache response
 - `ALLOW_CREDENTIALS`: **false**: allow request with credentials
+- `HEADERS`: **Content-Type,User-Agent**: additional headers that are permitted in requests
 - `X_FRAME_OPTIONS`: **SAMEORIGIN**: Set the `X-Frame-Options` header value.
 
 ## UI (`ui`)
@@ -240,6 +274,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 
 ## Server (`server`)
 
+- `APP_DATA_PATH`: **_`AppWorkPath`_/data**: This is the default root path for storing data.
 - `PROTOCOL`: **http**: \[http, https, fcgi, http+unix, fcgi+unix\]
 - `USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol headers on connections
 - `PROXY_PROTOCOL_TLS_BRIDGING`: **false**: When protocol is https, expect PROXY protocol headers after TLS negotiation.
@@ -254,12 +289,17 @@ The following configuration set `Content-Type: application/vnd.android.package-a
    This includes CSS files, images, JS files and web fonts.
    Avatar images are dynamic resources and still served by Gitea.
    The option can be just a different path, as in `/static`, or another domain, as in `https://cdn.example.com`.
-   Requests are then made as `%(ROOT_URL)s/static/css/index.css` and `https://cdn.example.com/css/index.css` respective.
+   Requests are then made as `%(ROOT_URL)s/static/assets/css/index.css` or `https://cdn.example.com/assets/css/index.css` respectively.
    The static files are located in the `public/` directory of the Gitea source repository.
+   You can proxy the STATIC_URL_PREFIX requests to Gitea server to serve the static
+   assets, or copy the manually built Gitea assets from `$GITEA_BUILD/public` to
+   the assets location, eg: `/var/www/assets`, make sure `$STATIC_URL_PREFIX/assets/css/index.css`
+   points to `/var/www/assets/css/index.css`.
+
 - `HTTP_ADDR`: **0.0.0.0**: HTTP listen address.
   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
      defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
-  - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the AppWorkPath.
+  - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the _`AppWorkPath`_.
 - `HTTP_PORT`: **3000**: HTTP listen port.
   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
      defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
@@ -269,7 +309,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
    most cases you do not need to change the default value. Alter it only if
    your SSH server node is not the same as HTTP node. Do not set this variable
    if `PROTOCOL` is set to `http+unix`.
-- `LOCAL_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)**: When making local connections pass the PROXY protocol header.
+- `LOCAL_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)s**: When making local connections pass the PROXY protocol header.
    This should be set to false if the local connection will go through the proxy.
 - `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to -1 to
    disable all timeouts.)
@@ -279,7 +319,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server.
 - `SSH_SERVER_USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol header on connections to the built-in SSH Server.
 - `BUILTIN_SSH_SERVER_USER`: **%(RUN_USER)s**: Username to use for the built-in SSH Server.
-- `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`.
+- `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)s**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`.
 - `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
 - `SSH_PORT`: **22**: SSH port displayed in clone URL.
 - `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server.
@@ -308,22 +348,22 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
 - `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
 - `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
-- `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
-- `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
+- `STATIC_ROOT_PATH`: **_`StaticRootPath`_**: Upper level of template and static files path.
+- `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data. Relative paths will be made absolute against _`AppWorkPath`_.
 - `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
 - `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded.
 - `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on `localhost:6060`. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
-- `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
+- `PPROF_DATA_PATH`: **_`AppWorkPath`_/data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
 - `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login, **custom**\]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com`
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.
-- `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`.
+- `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)s/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
 - `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
 - `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit).
 - `LFS_LOCKS_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page.
 
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
-- `REDIRECTOR_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)**: expect PROXY protocol header on connections to https redirector.
+- `REDIRECTOR_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)s**: expect PROXY protocol header on connections to https redirector.
 - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
 - `SSL_MIN_VERSION`: **TLSv1.2**: Set the minimum version of ssl support.
 - `SSL_MAX_VERSION`: **\<empty\>**: Set the maximum version of ssl support.
@@ -413,10 +453,10 @@ relation to port exhaustion.
 - `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently supported: `bleve`, `db` or `elasticsearch`.
 - `ISSUE_INDEXER_CONN_STR`: ****: Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch. i.e. http://elastic:changeme@localhost:9200
 - `ISSUE_INDEXER_NAME`: **gitea_issues**: Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
-- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch.
+- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch. Relative paths will be made absolute against _`AppWorkPath`_.
 - The next 4 configuration values are deprecated and should be set in `queue.issue_indexer` however are kept for backwards compatibility:
 - `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`. **DEPRECATED** use settings in `[queue.issue_indexer]`.
-- `ISSUE_INDEXER_QUEUE_DIR`: **queues/common**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the path where the queue will be saved. **DEPRECATED** use settings in `[queue.issue_indexer]`.
+- `ISSUE_INDEXER_QUEUE_DIR`: **queues/common**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the path where the queue will be saved. **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
 - `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string. When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`. **DEPRECATED** use settings in `[queue.issue_indexer]`.
 - `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: Batch queue number. **DEPRECATED** use settings in `[queue.issue_indexer]`.
 
@@ -438,7 +478,7 @@ relation to port exhaustion.
 Configuration at `[queue]` will set defaults for queues with overrides for individual queues at `[queue.*]`. (However see below.)
 
 - `TYPE`: **persistable-channel**: General queue type, currently support: `persistable-channel` (uses a LevelDB internally), `channel`, `level`, `redis`, `dummy`
-- `DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for individual queues can be set in `queue.name` sections but will default to `DATADIR/`**`common`**. (Previously each queue would default to `DATADIR/`**`name`**.)
+- `DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for individual queues can be set in `queue.name` sections but will default to `DATADIR/`**`common`**. (Previously each queue would default to `DATADIR/`**`name`**.) Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
 - `LENGTH`: **20**: Maximal queue size before channel queues block
 - `BATCH_LENGTH`: **20**: Batch data before passing to the handler
 - `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the redis queue type. Options can be set using query params. Similarly LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR`
@@ -594,6 +634,7 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 - `ENABLE_REVERSE_PROXY_FULL_NAME`: **false**: Enable this to allow to auto-registration with a
    provided full name for the user.
 - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
+- `REQUIRE_CAPTCHA_FOR_LOGIN`: **false**: Enable this to require captcha validation for login. You also must enable `ENABLE_CAPTCHA`.
 - `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
    even for External Accounts (i.e. GitHub, OpenID Connect, etc). You also must enable `ENABLE_CAPTCHA`.
 - `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha, mcaptcha\]
@@ -672,7 +713,7 @@ and
 [Gitea 1.17 configuration document](https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md)
 
 - `ENABLED`: **false**: Enable to use a mail service.
-- `PROTOCOL`: **\<empty\>**: Mail server protocol. One of "smtp", "smtps", "smtp+startls", "smtp+unix", "sendmail", "dummy". _Before 1.18, this was inferred from a combination of `MAILER_TYPE` and `IS_TLS_ENABLED`._
+- `PROTOCOL`: **\<empty\>**: Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy". _Before 1.18, this was inferred from a combination of `MAILER_TYPE` and `IS_TLS_ENABLED`._
   - SMTP family, if your provider does not explicitly say which protocol it uses but does provide a port, you can set SMTP_PORT instead and this will be inferred.
   - **sendmail** Use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
   - **dummy** Send email messages to the log as a testing phase.
@@ -722,7 +763,7 @@ and
 ## Session (`session`)
 
 - `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, db, mysql, couchbase, memcache, postgres\]. Setting `db` will reuse the configuration in `[database]`
-- `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for db, empty (database config will be used); for others, the connection string.
+- `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for db, empty (database config will be used); for others, the connection string. Relative paths will be made absolute against _`AppWorkPath`_.
 - `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
 - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.
 - `GC_INTERVAL_TIME`: **86400**: GC interval in seconds.
@@ -980,7 +1021,7 @@ Default templates for project boards:
 ## Git (`git`)
 
 - `PATH`: **""**: The path of Git executable. If empty, Gitea searches through the PATH environment.
-- `HOME_PATH`: **%(APP_DATA_PATH)/home**: The HOME directory for Git.
+- `HOME_PATH`: **%(APP_DATA_PATH)s/home**: The HOME directory for Git.
    This directory will be used to contain the `.gitconfig` and possible `.gnupg` directories that Gitea's git calls will use. If you can confirm Gitea is the only application running in this environment, you can set it to the normal home directory for Gitea user.
 - `DISABLE_DIFF_HIGHLIGHT`: **false**: Disables highlight of added and removed changes.
 - `MAX_GIT_DIFF_LINES`: **1000**: Max number of lines allowed of a single file in diff view.
@@ -1138,6 +1179,20 @@ Task queue configuration has been moved to `queue.task`. However, the below conf
 
 - `ENABLED`: **true**: Enable/Disable package registry capabilities
 - `CHUNKED_UPLOAD_PATH`: **tmp/package-upload**: Path for chunked uploads. Defaults to `APP_DATA_PATH` + `tmp/package-upload`
+- `LIMIT_TOTAL_OWNER_COUNT`: **-1**: Maximum count of package versions a single owner can have (`-1` means no limits)
+- `LIMIT_TOTAL_OWNER_SIZE`: **-1**: Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_COMPOSER`: **-1**: Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_CONAN`: **-1**: Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_CONTAINER`: **-1**: Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_GENERIC`: **-1**: Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_HELM`: **-1**: Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_MAVEN`: **-1**: Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_NPM`: **-1**: Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_NUGET`: **-1**: Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_PUB`: **-1**: Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_PYPI`: **-1**: Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_RUBYGEMS`: **-1**: Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_VAGRANT`: **-1**: Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 
 ## Mirror (`mirror`)
 
@@ -1234,3 +1289,4 @@ PROXY_HOSTS = *.github.com
 - `SHOW_FOOTER_VERSION`: **true**: Show Gitea and Go version information in the footer.
 - `SHOW_FOOTER_TEMPLATE_LOAD_TIME`: **true**: Show time of template execution in the footer.
 - `ENABLE_SITEMAP`: **true**: Generate sitemap.
+- `ENABLE_FEED`: **true**: Enable/Disable RSS/Atom feed.

docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

@@ -145,7 +145,8 @@ menu:
 - `ENABLE_NOTIFY_MAIL`: 是否发送工单创建等提醒邮件，需要 `Mailer` 被激活。
 - `ENABLE_REVERSE_PROXY_AUTHENTICATION`: 允许反向代理认证，更多细节见：https://github.com/gogits/gogs/issues/165
 - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: 允许通过反向认证做自动注册。
-- `ENABLE_CAPTCHA`: 注册时使用图片验证码。
+- `ENABLE_CAPTCHA`: **false**: 注册时使用图片验证码。
+- `REQUIRE_CAPTCHA_FOR_LOGIN`: **false**: 登录时需要图片验证码。需要同时开启 `ENABLE_CAPTCHA`。
 
 ### Service - Expore (`service.explore`)
 

docs/content/doc/advanced/logging-documentation.en-us.md

@@ -15,6 +15,14 @@ menu:
 
 # Logging Configuration
 
+The logging configuration of Gitea mainly consists of 3 types of components:
+
+- The `[log]` section for general configuration
+- `[log.<sublogger>]` sections for the configuration of different log outputs
+- `[log.<sublogger>.<group>]` sections for output specific configuration of a log group
+
+As mentioned below, there is a fully functional log output by default, so it is not necessary to define one.
+
 **Table of Contents**
 
 {{< toc >}}
@@ -23,6 +31,166 @@ menu:
 
 To collect logs for help and issue report, see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}}).
 
+## The `[log]` section
+
+Configuration of logging facilities in Gitea happen in the `[log]` section and it's subsections.
+
+In the top level `[log]` section the following configurations can be placed:
+
+- `ROOT_PATH`: (Default: **%(GITEA_WORK_DIR)/log**): Base path for log files
+- `MODE`: (Default: **console**) List of log outputs to use for the Default logger.
+- `ROUTER`: (Default: **console**): List of log outputs to use for the Router logger.
+- `ACCESS`: List of log outputs to use for the Access logger.
+- `XORM`: (Default: **,**) List of log outputs to use for the XORM logger.
+- `ENABLE_ACCESS_LOG`: (Default: **false**): whether the Access logger is allowed to emit logs
+- `ENABLE_XORM_LOG`: (Default: **true**): whether the XORM logger is allowed to emit logs
+
+For details on the loggers check the "Log Groups" section.
+Important: log outputs won't be used if you don't enable them for the desired loggers in the corresponding list value.
+
+Lists are specified as comma separated values. This format also works in subsection.
+
+This section may be used for defining default values for subsections.
+Examples:
+
+- `LEVEL`: (Default: **Info**) Least severe log events to persist. Case insensitive. The full list of levels as of v1.17.3 can be read [here](https://github.com/go-gitea/gitea/blob/v1.17.3/custom/conf/app.example.ini#L507).
+- `STACKTRACE_LEVEL`: (Default: **None**) For this and more severe events the stacktrace will be printed upon getting logged.
+
+Some values are not inherited by subsections. For details see the "Non-inherited default values" section.
+
+## Log outputs
+
+Log outputs are the targets to which log messages will be sent.
+The content and the format of the log messages to be saved can be configured in these.
+
+Log outputs are also called subloggers.
+
+Gitea provides 4 possible log outputs:
+
+- `console` - Log to `os.Stdout` or `os.Stderr`
+- `file` - Log to a file
+- `conn` - Log to a socket (network or unix)
+- `smtp` - Log via email
+
+By default, Gitea has a `console` output configured, which is used by the loggers as seen in the section "The log section" above.
+
+### Common configuration
+
+Certain configuration is common to all modes of log output:
+
+- `MODE` is the mode of the log output. It will default to the sublogger
+  name, thus `[log.console.router]` will default to `MODE = console`.
+  For mode specific confgurations read further.
+- `LEVEL` is the lowest level that this output will log. This value
+  is inherited from `[log]` and in the case of the non-default loggers
+  from `[log.sublogger]`.
+- `STACKTRACE_LEVEL` is the lowest level that this output will print
+  a stacktrace. This value is inherited.
+- `COLORIZE` will default to `true` for `console` as
+  described, otherwise it will default to `false`.
+
+### Non-inherited default values
+
+There are several values which are not inherited as described above but
+rather default to those specific to type of logger, these are:
+`EXPRESSION`, `FLAGS`, `PREFIX` and `FILE_NAME`.
+
+#### `EXPRESSION`
+
+`EXPRESSION` represents a regular expression that log events must match to be logged by the sublogger. Either the log message, (with colors removed), must match or the `longfilename:linenumber:functionname` must match. NB: the whole message or string doesn't need to completely match.
+
+Please note this expression will be run in the sublogger's goroutine
+not the logging event subroutine. Therefore it can be complicated.
+
+#### `FLAGS`
+
+`FLAGS` represents the preceding logging context information that is
+printed before each message. It is a comma-separated string set. The order of values does not matter.
+
+Possible values are:
+
+- `none` or `,` - No flags.
+- `date` - the date in the local time zone: `2009/01/23`.
+- `time` - the time in the local time zone: `01:23:23`.
+- `microseconds` - microsecond resolution: `01:23:23.123123`. Assumes
+  time.
+- `longfile` - full file name and line number: `/a/b/c/d.go:23`.
+- `shortfile` - final file name element and line number: `d.go:23`.
+- `funcname` - function name of the caller: `runtime.Caller()`.
+- `shortfuncname` - last part of the function name. Overrides
+  `funcname`.
+- `utc` - if date or time is set, use UTC rather than the local time
+  zone.
+- `levelinitial` - Initial character of the provided level in brackets eg. `[I]` for info.
+- `level` - Provided level in brackets `[INFO]`
+- `medfile` - Last 20 characters of the filename - equivalent to
+  `shortfile,longfile`.
+- `stdflags` - Equivalent to `date,time,medfile,shortfuncname,levelinitial`
+
+### Console mode
+
+In this mode the logger will forward log messages to the stdout and
+stderr streams attached to the Gitea process.
+
+For loggers in console mode, `COLORIZE` will default to `true` if not
+on windows, or the windows terminal can be set into ANSI mode or is a
+cygwin or Msys pipe.
+
+Settings:
+
+- `STDERR`: **false**: Whether the logger should print to `stderr` instead of `stdout`.
+
+### File mode
+
+In this mode the logger will save log messages to a file.
+
+Settings:
+
+- `FILE_NAME`: The file to write the log events to. For details see below.
+- `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file. 28 represents 256Mb. For details see below.
+- `LOG_ROTATE` **true**: Whether to rotate the log files. TODO: if false, will it delete instead on daily rotate, or do nothing?.
+- `DAILY_ROTATE`: **true**: Whether to rotate logs daily.
+- `MAX_DAYS`: **7**: Delete rotated log files after this number of days.
+- `COMPRESS`: **true**: Whether to compress old log files by default with gzip.
+- `COMPRESSION_LEVEL`: **-1**: Compression level. For details see below.
+
+The default value of `FILE_NAME` depends on the respective logger facility.
+If unset, their own default will be used.
+If set it will be relative to the provided `ROOT_PATH` in the master `[log]` section.
+
+`MAX_SIZE_SHIFT` defines the maximum size of a file by left shifting 1 the given number of times (`1 << x`).
+The exact behavior at the time of v1.17.3 can be seen [here](https://github.com/go-gitea/gitea/blob/v1.17.3/modules/setting/log.go#L185).
+
+The useful values of `COMPRESSION_LEVEL` are from 1 to (and including) 9, where higher numbers mean better compression.
+Beware that better compression might come with higher resource usage.
+Must be preceded with a `-` sign.
+
+### Conn mode
+
+In this mode the logger will send log messages over a network socket.
+
+Settings:
+
+- `ADDR`: **:7020**: Sets the address to connect to.
+- `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
+- `RECONNECT`: **false**: Try to reconnect when connection is lost.
+- `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
+
+### SMTP mode
+
+In this mode the logger will send log messages in email.
+
+It is not recommended to use this logger to send general logging
+messages. However, you could perhaps set this logger to work on `FATAL` messages only.
+
+Settings:
+
+- `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
+- `USER`: User email address to send from.
+- `PASSWD`: Password for the smtp server.
+- `RECEIVERS`: Email addresses to send to.
+- `SUBJECT`: **Diagnostic message from Gitea**. The content of the email's subject field.
+
 ## Log Groups
 
 The fundamental thing to be aware of in Gitea is that there are several
@@ -172,106 +340,6 @@ which will not be inherited from the `[log]` or relevant
 - `EXPRESSION` will default to `""`
 - `PREFIX` will default to `""`
 
-## Log outputs
-
-Gitea provides 4 possible log outputs:
-
-- `console` - Log to `os.Stdout` or `os.Stderr`
-- `file` - Log to a file
-- `conn` - Log to a keep-alive TCP connection
-- `smtp` - Log via email
-
-Certain configuration is common to all modes of log output:
-
-- `LEVEL` is the lowest level that this output will log. This value
-  is inherited from `[log]` and in the case of the non-default loggers
-  from `[log.sublogger]`.
-- `STACKTRACE_LEVEL` is the lowest level that this output will print
-  a stacktrace. This value is inherited.
-- `MODE` is the mode of the log output. It will default to the sublogger
-  name. Thus `[log.console.router]` will default to `MODE = console`.
-- `COLORIZE` will default to `true` for `console` as
-  described, otherwise it will default to `false`.
-
-### Non-inherited default values
-
-There are several values which are not inherited as described above but
-rather default to those specific to type of logger, these are:
-`EXPRESSION`, `FLAGS`, `PREFIX` and `FILE_NAME`.
-
-#### `EXPRESSION`
-
-`EXPRESSION` represents a regular expression that log events must match to be logged by the sublogger. Either the log message, (with colors removed), must match or the `longfilename:linenumber:functionname` must match. NB: the whole message or string doesn't need to completely match.
-
-Please note this expression will be run in the sublogger's goroutine
-not the logging event subroutine. Therefore it can be complicated.
-
-#### `FLAGS`
-
-`FLAGS` represents the preceding logging context information that is
-printed before each message. It is a comma-separated string set. The order of values does not matter.
-
-Possible values are:
-
-- `none` or `,` - No flags.
-- `date` - the date in the local time zone: `2009/01/23`.
-- `time` - the time in the local time zone: `01:23:23`.
-- `microseconds` - microsecond resolution: `01:23:23.123123`. Assumes
-  time.
-- `longfile` - full file name and line number: `/a/b/c/d.go:23`.
-- `shortfile` - final file name element and line number: `d.go:23`.
-- `funcname` - function name of the caller: `runtime.Caller()`.
-- `shortfuncname` - last part of the function name. Overrides
-  `funcname`.
-- `utc` - if date or time is set, use UTC rather than the local time
-  zone.
-- `levelinitial` - Initial character of the provided level in brackets eg. `[I]` for info.
-- `level` - Provided level in brackets `[INFO]`
-- `medfile` - Last 20 characters of the filename - equivalent to
-  `shortfile,longfile`.
-- `stdflags` - Equivalent to `date,time,medfile,shortfuncname,levelinitial`
-
-### Console mode
-
-For loggers in console mode, `COLORIZE` will default to `true` if not
-on windows, or the windows terminal can be set into ANSI mode or is a
-cygwin or Msys pipe.
-
-If `STDERR` is set to `true` the logger will use `os.Stderr` instead of
-`os.Stdout`.
-
-### File mode
-
-The `FILE_NAME` defaults as described above. If set it will be relative
-to the provided `ROOT_PATH` in the master `[log]` section.
-
-Other values:
-
-- `LOG_ROTATE`: **true**: Rotate the log files.
-- `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
-- `DAILY_ROTATE`: **true**: Rotate logs daily.
-- `MAX_DAYS`: **7**: Delete the log file after n days
-- `COMPRESS`: **true**: Compress old log files by default with gzip
-- `COMPRESSION_LEVEL`: **-1**: Compression level
-
-### Conn mode
-
-- `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
-- `RECONNECT`: **false**: Try to reconnect when connection is lost.
-- `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
-- `ADDR`: **:7020**: Sets the address to connect to.
-
-### SMTP mode
-
-It is not recommended to use this logger to send general logging
-messages. However, you could perhaps set this logger to work on `FATAL`.
-
-- `USER`: User email address to send from.
-- `PASSWD`: Password for the smtp server.
-- `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
-- `RECEIVERS`: Email addresses to send to.
-- `SUBJECT`: **Diagnostic message from Gitea**
-
 ## Debugging problems
 
 When submitting logs in Gitea issues it is often helpful to submit

docs/content/doc/advanced/repo-mirror.en-us.md

@@ -41,13 +41,15 @@ For an existing remote repository, you can set up pull mirroring as follows:
 
 The repository now gets mirrored periodically from the remote repository. You can force a sync by selecting **Synchronize Now** in the repository settings.
 
+:exclamation::exclamation: **NOTE:** You can only set up pull mirroring for repos that don't exist yet on your instance. Once the repo is created, you can't convert it into a pull mirror anymore. :exclamation::exclamation:
+
 ## Pushing to a remote repository
 
 For an existing repository, you can set up push mirroring as follows:
 
 1. In your repository, go to **Settings** > **Repository**, and then the **Mirror Settings** section.
 2. Enter a repository URL.
-3. If the repository needs authentication expand the **Authorization** section and fill in your authentication information.
+3. If the repository needs authentication expand the **Authorization** section and fill in your authentication information. Note that the requested **password** can also be your access token.
 4. Select **Add Push Mirror** to save the configuration.
 
 The repository now gets mirrored periodically to the remote repository. You can force a sync by selecting **Synchronize Now**. In case of an error a message displayed to help you resolve it.
@@ -59,9 +61,11 @@ The repository now gets mirrored periodically to the remote repository. You can
 To set up a mirror from Gitea to GitHub, you need to follow these steps:
 
 1. Create a [GitHub personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) with the *public_repo* box checked.
-2. Fill in the **Git Remote Repository URL**: `https://github.com/<your_github_group>/<your_github_project>.git`.
-3. Fill in the **Authorization** fields with your GitHub username and the personal access token.
-4. Select **Add Push Mirror** to save the configuration.
+2. Create a repository with that name on GitHub. Unlike Gitea, GitHub does not support creating repositories by pushing to the remote. You can also use an existing remote repo if it has the same commit history as your Gitea repo.
+3. In the settings of your Gitea repo, fill in the **Git Remote Repository URL**: `https://github.com/<your_github_group>/<your_github_project>.git`.
+4. Fill in the **Authorization** fields with your GitHub username and the personal access token as **Password**.
+5. (Optional, available on Gitea 1.18+) Select `Sync when new commits are pushed` so that the mirror will be updated as well as soon as there are changes. You can also disable the periodic sync if you like.
+6. Select **Add Push Mirror** to save the configuration.
 
 The repository pushes shortly thereafter. To force a push, select the **Synchronize Now** button.
 

docs/content/doc/features/authentication.en-us.md

@@ -166,11 +166,47 @@ Uses the following fields:
 
 ## PAM (Pluggable Authentication Module)
 
-To configure PAM, set the 'PAM Service Name' to a filename in `/etc/pam.d/`. To
-work with normal Linux passwords, the user running Gitea must have read access
-to `/etc/shadow`.
+This procedure enables PAM authentication.  Users may still be added to the
+system manually using the user administration.  PAM provides a mechanism to
+automatically add users to the current database by testing them against PAM
+authentication.  To work with normal Linux passwords, the user running Gitea
+must also have read access to `/etc/shadow` in order to check the validity of
+the account when logging in using a public key.
 
-**Note**: PAM support is added via [build-time flags](https://docs.gitea.io/en-us/install-from-source/#build), and the official binaries provided do not have this enabled.
+**Note**: If a user has added SSH public keys into Gitea, the use of these
+keys _may_ bypass the login check system.  Therefore, if you wish to disable a user who
+authenticates with PAM, you _should_ also manually disable the account in Gitea using the
+built-in user manager.
+
+1. Configure and prepare the installation.
+    - It is recommended that you create an administrative user.
+    - Deselecting automatic sign-up may also be desired.
+1. Once the database has been initialized, log in as the newly created
+administrative user.
+1. Navigate to the user setting (icon in top-right corner), and select
+`Site Administration` -> `Authentication Sources`, and select
+`Add Authentication Source`.
+1. Fill out the field as follows:
+    - `Authentication Type` : `PAM`
+    - `Name` : Any value should be valid here, use "System Authentication" if
+    you'd like.
+    - `PAM Service Name` : Select the appropriate file listed under `/etc/pam.d/`
+    that performs the authentication desired.[^1]
+    - `PAM Email Domain` : The e-mail suffix to append to user authentication.
+    For example, if the login system expects a user called `gituser`, and this
+    field is set to `mail.com`, then Gitea will expect the `user email` field
+    for an authenticated GIT instance to be `gituser@mail.com`.[^2]
+
+**Note**: PAM support is added via [build-time flags](https://docs.gitea.io/en-us/install-from-source/#build),
+and the official binaries provided do not have this enabled.  PAM requires that
+the necessary libpam dynamic library be available and the necessary PAM
+development headers be accessible to the compiler.
+
+[^1]: For example, using standard Linux log-in on Debian "Bullseye" use
+`common-session-noninteractive` - this value may be valid for other flavors of
+Debian including Ubuntu and Mint, consult your distribution's documentation.
+[^2]: **This is a required field for PAM**.  Be aware: In the above example, the
+user will log into the Gitea web interface as `gituser` and not `gituser@mail.com`
 
 ## SMTP (Simple Mail Transfer Protocol)
 

docs/content/doc/help/faq.en-us.md

@@ -58,29 +58,33 @@ https://github.com/loganinak/MigrateGitlabToGogs
 
 ## Where does Gitea store what file
 
-- WorkPath
-  - Environment variable `GITEA_WORK_DIR`
-  - Else `--work-path` flag
+- _`AppWorkPath`_
+  - The `--work-path` flag
+  - Else Environment variable `GITEA_WORK_DIR`
+  - Else a built-in value set at build time
   - Else the directory that contains the Gitea binary
-- AppDataPath (default for database, indexers, etc.)
+- `%(APP_DATA_PATH)` (default for database, indexers, etc.)
   - `APP_DATA_PATH` from `app.ini`
-  - Else `%(WorkPath)/data`
-- CustomPath (custom templates)
-  - Environment variable `GITEA_CUSTOM`
-  - Else `%(WorkPath)/custom`
+  - Else _`AppWorkPath`_`/data`
+- _`CustomPath`_ (custom templates)
+  - The `--custom-path` flag
+  - Else Environment variable `GITEA_CUSTOM`
+  - Else a built-in value set at build time
+  - Else _`AppWorkPath`_`/custom`
 - HomeDir
   - Unix: Environment variable `HOME`
   - Windows: Environment variable `USERPROFILE`, else environment variables `HOMEDRIVE`+`HOMEPATH`
 - RepoRootPath
   - `ROOT` in the \[repository] section of `app.ini` if absolute
-  - Else `%(AppWorkPath)/ROOT` if `ROOT` in the \[repository] section of `app.ini` if relative
-  - Default `%(AppDataPath)/gitea-repositories`
+  - Else _`AppWorkPath`_`/ROOT` if `ROOT` in the \[repository] section of `app.ini` if relative
+  - Default `%(APP_DATA_PATH)/gitea-repositories`
 - INI (config file)
-  - `-c` flag
-  - Else `%(CustomPath)/conf/app.ini`
+  - `--config` flag
+  - A possible built-in value set a build time
+  - Else _`CustomPath`_`/conf/app.ini`
 - SQLite Database
   - `PATH` in `database` section of `app.ini`
-  - Else `%(AppDataPath)/gitea.db`
+  - Else `%(APP_DATA_PATH)/gitea.db`
 
 ## Not seeing a clone URL or the clone URL being incorrect
 

docs/content/doc/installation/from-source.en-us.md

@@ -94,7 +94,7 @@ are provided to keep the build process as simple as possible.
 
 Depending on requirements, the following build tags can be included.
 
-- `bindata`: Build a single monolithic binary, with all assets included.
+- `bindata`: Build a single monolithic binary, with all assets included. Required for production build.
 - `sqlite sqlite_unlock_notify`: Enable support for a
   [SQLite3](https://sqlite.org/) database. Suggested only for tiny
   installations.
@@ -103,11 +103,10 @@ Depending on requirements, the following build tags can be included.
   available to PAM.
 - `gogit`: (EXPERIMENTAL) Use go-git variants of Git commands.
 
-Bundling assets into the binary using the `bindata` build tag is recommended for
-production deployments. It is possible to serve the static assets directly via a reverse proxy,
-but in most cases it is not necessary, and assets should still be bundled in the binary.
-You may want to exclude bindata while developing/testing Gitea.
-To include assets, add the `bindata` tag:
+Bundling all assets (JS/CSS/templates, etc) into the binary. Using the `bindata` build tag is required for
+production deployments. You could exclude `bindata` when you are developing/testing Gitea or able to separate the assets correctly.
+
+To include all assets, use the `bindata` tag:
 
 ```bash
 TAGS="bindata" make build
@@ -144,11 +143,11 @@ launched manually from command line, it can be killed by pressing `Ctrl + C`.
 
 ## Changing default paths
 
-Gitea will search for a number of things from the `CustomPath`. By default this is
+Gitea will search for a number of things from the _`CustomPath`_. By default this is
 the `custom/` directory in the current working directory when running Gitea. It will also
-look for its configuration file `CustomConf` in `$CustomPath/conf/app.ini`, and will use the
-current working directory as the relative base path `AppWorkPath` for a number configurable
-values. Finally the static files will be served from `StaticRootPath` which defaults to the `AppWorkPath`.
+look for its configuration file _`CustomConf`_ in _`CustomPath`_/conf/app.ini`, and will use the
+current working directory as the relative base path _`AppWorkPath`_ for a number configurable
+values. Finally the static files will be served from _`StaticRootPath`_ which defaults to the _`AppWorkPath`_.
 
 These values, although useful when developing, may conflict with downstream users preferences.
 
@@ -156,10 +155,10 @@ One option is to use a script file to shadow the `gitea` binary and create an ap
 environment before running Gitea. However, when building you can change these defaults
 using the `LDFLAGS` environment variable for `make`. The appropriate settings are as follows
 
-- To set the `CustomPath` use `LDFLAGS="-X \"code.gitea.io/gitea/modules/setting.CustomPath=custom-path\""`
-- For `CustomConf` you should use `-X \"code.gitea.io/gitea/modules/setting.CustomConf=conf.ini\"`
-- For `AppWorkPath` you should use `-X \"code.gitea.io/gitea/modules/setting.AppWorkPath=working-path\"`
-- For `StaticRootPath` you should use `-X \"code.gitea.io/gitea/modules/setting.StaticRootPath=static-root-path\"`
+- To set the _`CustomPath`_ use `LDFLAGS="-X \"code.gitea.io/gitea/modules/setting.CustomPath=custom-path\""`
+- For _`CustomConf`_ you should use `-X \"code.gitea.io/gitea/modules/setting.CustomConf=conf.ini\"`
+- For _`AppWorkPath`_ you should use `-X \"code.gitea.io/gitea/modules/setting.AppWorkPath=working-path\"`
+- For _`StaticRootPath`_ you should use `-X \"code.gitea.io/gitea/modules/setting.StaticRootPath=static-root-path\"`
 - To change the default PID file location use `-X \"code.gitea.io/gitea/modules/setting.PIDFile=/run/gitea.pid\"`
 
 Add as many of the strings with their preceding `-X` to the `LDFLAGS` variable and run `make build`

docs/content/doc/installation/with-docker-rootless.en-us.md

@@ -29,10 +29,16 @@ the official [install instructions](https://docs.docker.com/compose/install/).
 
 The most simple setup just creates a volume and a network and starts the `gitea/gitea:latest-rootless`
 image as a service. Since there is no database available, one can be initialized using SQLite3.
-Create a directory for `data` and `config` then paste the following content into a file named `docker-compose.yml`.
-Note that the volume should be owned by the user/group with the UID/GID specified in the config file. By default Gitea in docker will use uid:1000 gid:1000. If needed you can set ownership on those folders with the command: `sudo chown 1000:1000 config/ data/`
-If you don't give the volume correct permissions, the container may not start.
-For a stable release you could use `:latest-rootless`, `:1-rootless` or specify a certain release like `:{{< version >}}-rootless`, but if you'd like to use the latest development version then `:dev-rootless` would be an appropriate tag. If you'd like to run the latest commit from a release branch you can use the `:1.x-dev-rootless` tag, where x is the minor version of Gitea. (e.g. `:1.16-dev-rootless`)
+
+Create a directory for `data` and `config`:
+
+```sh
+mkdir -p gitea/{data,config}
+cd gitea
+touch docker-compose.yml
+```
+
+Then paste the following content into a file named `docker-compose.yml`:
 
 ```yaml
 version: "2"
@@ -51,6 +57,16 @@ services:
       - "2222:2222"
 ```
 
+Note that the volume should be owned by the user/group with the UID/GID specified in the config file. By default Gitea in docker will use uid:1000 gid:1000. If needed you can set ownership on those folders with the command:
+
+```sh
+sudo chown 1000:1000 config/ data/
+```
+
+> If you don't give the volume correct permissions, the container may not start.
+
+For a stable release you could use `:latest-rootless`, `:1-rootless` or specify a certain release like `:{{< version >}}-rootless`, but if you'd like to use the latest development version then `:dev-rootless` would be an appropriate tag. If you'd like to run the latest commit from a release branch you can use the `:1.x-dev-rootless` tag, where x is the minor version of Gitea. (e.g. `:1.16-dev-rootless`)
+
 ## Custom port
 
 To bind the integrated ssh and the webserver on a different port, adjust

docs/content/doc/packages/overview.en-us.md

@@ -32,7 +32,7 @@ The following package managers are currently supported:
 | [Generic]({{< relref "doc/packages/generic.en-us.md" >}}) | - | any HTTP client |
 | [Helm]({{< relref "doc/packages/helm.en-us.md" >}}) | - | any HTTP client, `cm-push` |
 | [Maven]({{< relref "doc/packages/maven.en-us.md" >}}) | Java | `mvn`, `gradle` |
-| [npm]({{< relref "doc/packages/npm.en-us.md" >}}) | JavaScript | `npm`, `yarn` |
+| [npm]({{< relref "doc/packages/npm.en-us.md" >}}) | JavaScript | `npm`, `yarn`, `pnpm` |
 | [NuGet]({{< relref "doc/packages/nuget.en-us.md" >}}) | .NET | `nuget` |
 | [Pub]({{< relref "doc/packages/pub.en-us.md" >}}) | Dart | `dart`, `flutter` |
 | [PyPI]({{< relref "doc/packages/pypi.en-us.md" >}}) | Python | `pip`, `twine` |

docs/content/doc/packages/storage.en-us.md

@@ -0,0 +1,84 @@
+---
+date: "2022-11-01T00:00:00+00:00"
+title: "Storage"
+slug: "packages/storage"
+draft: false
+toc: false
+menu:
+  sidebar:
+    parent: "packages"
+    name: "Storage"
+    weight: 5
+    identifier: "storage"
+---
+
+# Storage
+
+This document describes the storage of the package registry and how it can be managed.
+
+**Table of Contents**
+
+{{< toc >}}
+
+## Deduplication
+
+The package registry has a build-in deduplication of uploaded blobs.
+If two identical files are uploaded only one blob is saved on the filesystem.
+This ensures no space is wasted for duplicated files.
+
+If two packages are uploaded with identical files, both packages will display the same size but on the filesystem they require only half of the size.
+Whenever a package gets deleted only the references to the underlaying blobs are removed.
+The blobs get not removed at this moment, so they still require space on the filesystem.
+When a new package gets uploaded the existing blobs may get referenced again.
+
+These unreferenced blobs get deleted by a [clean up job]({{< relref "doc/advanced/config-cheat-sheet.en-us.md#cron---cleanup-expired-packages-croncleanup_packages" >}}).
+The config setting `OLDER_THAN` configures how long unreferenced blobs are kept before they get deleted.
+
+## Cleanup Rules
+
+Package registries can become large over time without cleanup.
+It's recommended to delete unnecessary packages and set up cleanup rules to automatically manage the package registry usage.
+Every package owner (user or organization) manages the cleanup rules which are applied to their packages.
+
+|Setting|Description|
+|-|-|
+|Enabled|Turn the cleanup rule on or off.|
+|Type|Every rule manages a specific package type.|
+|Apply pattern to full package name|If enabled, the patterns below are applied to the full package name (`package/version`). Otherwise only the version (`version`) is used.|
+|Keep the most recent|How many versions to *always* keep for each package.|
+|Keep versions matching|The regex pattern that determines which versions to keep. An empty pattern keeps no version while `.+` keeps all versions. The container registry will always keep the `latest` version even if not configured.|
+|Remove versions older than|Remove only versions older than the selected days.|
+|Remove versions matching|The regex pattern that determines which versions to remove. An empty pattern or `.+` leads to the removal of every package if no other setting tells otherwise.|
+
+Every cleanup rule can show a preview of the affected packages.
+This can be used to check if the cleanup rules is proper configured.
+
+### Regex examples
+
+Regex patterns are automatically surrounded with `\A` and `\z` anchors.
+Do not include any `\A`, `\z`, `^` or `$` token in the regex patterns as they are not necessary.
+The patterns are case-insensitive which matches the behaviour of the package registry in Gitea.
+
+|Pattern|Description|
+|-|-|
+|`.*`|Match every possible version.|
+|`v.+`|Match versions that start with `v`.|
+|`release`|Match only the version `release`.|
+|`release.*`|Match versions that are either named or start with `release`.|
+|`.+-temp-.+`|Match versions that contain `-temp-`.|
+|`v.+\|release`|Match versions that either start with `v` or are named `release`.|
+|`package/v.+\|other/release`|Match versions of the package `package` that start with `v` or the version `release` of the package `other`. This needs the setting *Apply pattern to full package name* enabled.|
+
+### How the cleanup rules work
+
+The cleanup rules are part of the [clean up job]({{< relref "doc/advanced/config-cheat-sheet.en-us.md#cron---cleanup-expired-packages-croncleanup_packages" >}}) and run periodicly.
+
+The cleanup rule:
+
+1. Collects all packages of the package type for the owners registry.
+1. For every package it collects all versions.
+1. Excludes from the list the # versions based on the *Keep the most recent* value.
+1. Excludes from the list any versions matching the *Keep versions matching* value.
+1. Excludes from the list the versions more recent than the *Remove versions older than* value.
+1. Excludes from the list any versions not matching the *Remove versions matching* value.
+1. Deletes the remaining versions.

docs/content/doc/packages/vagrant.en-us.md

@@ -7,7 +7,7 @@ toc: false
 menu:
   sidebar:
     parent: "packages"
-    name: "vagrant"
+    name: "Vagrant"
     weight: 120
     identifier: "vagrant"
 ---

docs/content/doc/translation/guidelines.de-de.md

@@ -45,15 +45,15 @@ Beispiel: Wenn der Button mit `löschen` beschriftet ist, sollte im Modal die Fr
 ## Artikeldefinitionen für Anglizismen
 
 * _Der_ Commit (m.)
-* _Der_ Branch (m.)
+* _Der_ Branch (m.), plural: die Branches
 * _Das_ Issue (n.)
 * _Der_ Fork (m.)
-* _Das_ Repository (n.)
+* _Das_ Repository (n.), plural: die Repositories
 * _Der_ Pull-Request (m.)
-* _Der_ Token (m.)
+* _Der_ Token (m.), plural: die Token
 * _Das_ Review (n.)
 * _Der_ Key (m.)
-* _Der_ Committer (m.)
+* _Der_ Committer (m.), plural: die Committer
 
 ## Weiterführende Links
 

go.mod

@@ -3,7 +3,7 @@ module code.gitea.io/gitea
 go 1.18
 
 require (
-	code.gitea.io/gitea-vet v0.2.2-0.20220122151748-48ebc902541b
+	code.gitea.io/gitea-vet v0.2.2
 	code.gitea.io/sdk/gitea v0.15.1
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
 	gitea.com/go-chi/binding v0.0.0-20221013104517-b29891619681
@@ -15,7 +15,7 @@ require (
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/PuerkitoBio/goquery v1.8.0
-	github.com/alecthomas/chroma/v2 v2.3.0
+	github.com/alecthomas/chroma/v2 v2.4.0
 	github.com/blevesearch/bleve/v2 v2.3.4
 	github.com/buildkite/terminal-to-html/v3 v3.7.0
 	github.com/caddyserver/certmagic v0.17.2
@@ -94,15 +94,14 @@ require (
 	github.com/yuin/goldmark-meta v1.1.0
 	go.jolheiser.com/hcaptcha v0.0.4
 	go.jolheiser.com/pwn v0.0.3
-	golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be
-	golang.org/x/net v0.0.0-20220927171203-f486391704dc
+	golang.org/x/crypto v0.2.1-0.20221112162523-6fad3dfc1891
+	golang.org/x/net v0.2.0
 	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
-	golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec
-	golang.org/x/text v0.3.8
+	golang.org/x/sys v0.2.0
+	golang.org/x/text v0.4.0
 	golang.org/x/tools v0.1.12
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
-	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	mvdan.cc/xurls/v2 v2.4.0
 	strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251
@@ -293,6 +292,7 @@ require (
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	sigs.k8s.io/yaml v1.2.0 // indirect
 )
 

go.sum

@@ -65,8 +65,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
 code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
-code.gitea.io/gitea-vet v0.2.2-0.20220122151748-48ebc902541b h1:uv9a8eGSdQ8Dr4HyUcuHFfDsk/QuwO+wf+Y99RYdxY0=
-code.gitea.io/gitea-vet v0.2.2-0.20220122151748-48ebc902541b/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
+code.gitea.io/gitea-vet v0.2.2 h1:TEOV/Glf38iGmKzKP0EB++Z5OSL4zGg3RrAvlwaMuvk=
+code.gitea.io/gitea-vet v0.2.2/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
 code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY=
 code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M=
 code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA=
@@ -160,9 +160,10 @@ github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
+github.com/alecthomas/assert/v2 v2.2.0 h1:f6L/b7KE2bfA+9O4FL3CM/xJccDEwPVYd5fALBiuwvw=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
-github.com/alecthomas/chroma/v2 v2.3.0 h1:83xfxrnjv8eK+Cf8qZDzNo3PPF9IbTWHs7z28GY6D0U=
-github.com/alecthomas/chroma/v2 v2.3.0/go.mod h1:mZxeWZlxP2Dy+/8cBob2PYd8O2DwNAzave5AY7A2eQw=
+github.com/alecthomas/chroma/v2 v2.4.0 h1:Loe2ZjT5x3q1bcWwemqyqEi8p11/IV/ncFCeLYDpWC4=
+github.com/alecthomas/chroma/v2 v2.4.0/go.mod h1:6kHzqF5O6FUSJzBXW7fXELjb+e+7OXW4UpoPqMO7IBQ=
 github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE=
 github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
 github.com/alecthomas/repr v0.1.0 h1:ENn2e1+J3k09gyj2shc0dHr/yjaWSHRlrJ4DPMevDqE=
@@ -830,6 +831,7 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
+github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo=
 github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
@@ -1608,8 +1610,8 @@ golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
-golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.2.1-0.20221112162523-6fad3dfc1891 h1:WhEPFM1Ck5gaKybeSWvzI7Y/cd8K9K5tJGRxXMACOBA=
+golang.org/x/crypto v0.2.1-0.20221112162523-6fad3dfc1891/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1721,8 +1723,8 @@ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/net v0.0.0-20220927171203-f486391704dc h1:FxpXZdoBqT8RjqTy6i1E8nXHhW21wK7ptQ/EPIGxzPQ=
-golang.org/x/net v0.0.0-20220927171203-f486391704dc/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1876,13 +1878,13 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec h1:BkDtF2Ih9xZ7le9ndzTA7KJow28VbQW3odyk/8drmuI=
-golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1892,8 +1894,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

main.go

@@ -1,7 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 // Gitea (git with a cup of tea) is a painless self-hosted Git Service.
 package main // import "code.gitea.io/gitea"

models/activities/action.go

@@ -1,7 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package activities
 
@@ -115,12 +114,12 @@ func (a *Action) GetOpType() ActionType {
 }
 
 // LoadActUser loads a.ActUser
-func (a *Action) LoadActUser() {
+func (a *Action) LoadActUser(ctx context.Context) {
 	if a.ActUser != nil {
 		return
 	}
 	var err error
-	a.ActUser, err = user_model.GetUserByID(a.ActUserID)
+	a.ActUser, err = user_model.GetUserByID(ctx, a.ActUserID)
 	if err == nil {
 		return
 	} else if user_model.IsErrUserNotExist(err) {
@@ -130,12 +129,12 @@ func (a *Action) LoadActUser() {
 	}
 }
 
-func (a *Action) loadRepo() {
+func (a *Action) loadRepo(ctx context.Context) {
 	if a.Repo != nil {
 		return
 	}
 	var err error
-	a.Repo, err = repo_model.GetRepositoryByID(a.RepoID)
+	a.Repo, err = repo_model.GetRepositoryByID(ctx, a.RepoID)
 	if err != nil {
 		log.Error("repo_model.GetRepositoryByID(%d): %v", a.RepoID, err)
 	}
@@ -143,13 +142,13 @@ func (a *Action) loadRepo() {
 
 // GetActFullName gets the action's user full name.
 func (a *Action) GetActFullName() string {
-	a.LoadActUser()
+	a.LoadActUser(db.DefaultContext)
 	return a.ActUser.FullName
 }
 
 // GetActUserName gets the action's user name.
 func (a *Action) GetActUserName() string {
-	a.LoadActUser()
+	a.LoadActUser(db.DefaultContext)
 	return a.ActUser.Name
 }
 
@@ -180,7 +179,7 @@ func (a *Action) GetDisplayNameTitle() string {
 
 // GetRepoUserName returns the name of the action repository owner.
 func (a *Action) GetRepoUserName() string {
-	a.loadRepo()
+	a.loadRepo(db.DefaultContext)
 	return a.Repo.OwnerName
 }
 
@@ -192,7 +191,7 @@ func (a *Action) ShortRepoUserName() string {
 
 // GetRepoName returns the name of the action repository.
 func (a *Action) GetRepoName() string {
-	a.loadRepo()
+	a.loadRepo(db.DefaultContext)
 	return a.Repo.Name
 }
 
@@ -380,7 +379,7 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
 	cond := builder.NewCond()
 
 	if opts.RequestedTeam != nil && opts.RequestedUser == nil {
-		org, err := user_model.GetUserByID(opts.RequestedTeam.OrgID)
+		org, err := user_model.GetUserByID(db.DefaultContext, opts.RequestedTeam.OrgID)
 		if err != nil {
 			return nil, err
 		}
@@ -461,7 +460,8 @@ func DeleteOldActions(olderThan time.Duration) (err error) {
 	return err
 }
 
-func notifyWatchers(ctx context.Context, actions ...*Action) error {
+// NotifyWatchers creates batch of actions for every watcher.
+func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 	var watchers []*repo_model.Watch
 	var repo *repo_model.Repository
 	var err error
@@ -489,7 +489,7 @@ func notifyWatchers(ctx context.Context, actions ...*Action) error {
 		}
 
 		if repoChanged {
-			act.loadRepo()
+			act.loadRepo(ctx)
 			repo = act.Repo
 
 			// check repo owner exist.
@@ -514,7 +514,7 @@ func notifyWatchers(ctx context.Context, actions ...*Action) error {
 			permIssue = make([]bool, len(watchers))
 			permPR = make([]bool, len(watchers))
 			for i, watcher := range watchers {
-				user, err := user_model.GetUserByIDCtx(ctx, watcher.UserID)
+				user, err := user_model.GetUserByID(ctx, watcher.UserID)
 				if err != nil {
 					permCode[i] = false
 					permIssue[i] = false
@@ -565,20 +565,15 @@ func notifyWatchers(ctx context.Context, actions ...*Action) error {
 	return nil
 }
 
-// NotifyWatchers creates batch of actions for every watcher.
-func NotifyWatchers(actions ...*Action) error {
-	return notifyWatchers(db.DefaultContext, actions...)
-}
-
 // NotifyWatchersActions creates batch of actions for every watcher.
 func NotifyWatchersActions(acts []*Action) error {
-	ctx, committer, err := db.TxContext()
+	ctx, committer, err := db.TxContext(db.DefaultContext)
 	if err != nil {
 		return err
 	}
 	defer committer.Close()
 	for _, act := range acts {
-		if err := notifyWatchers(ctx, act); err != nil {
+		if err := NotifyWatchers(ctx, act); err != nil {
 			return err
 		}
 	}
@@ -603,17 +598,17 @@ func DeleteIssueActions(ctx context.Context, repoID, issueID int64) error {
 }
 
 // CountActionCreatedUnixString count actions where created_unix is an empty string
-func CountActionCreatedUnixString() (int64, error) {
+func CountActionCreatedUnixString(ctx context.Context) (int64, error) {
 	if setting.Database.UseSQLite3 {
-		return db.GetEngine(db.DefaultContext).Where(`created_unix = ""`).Count(new(Action))
+		return db.GetEngine(ctx).Where(`created_unix = ""`).Count(new(Action))
 	}
 	return 0, nil
 }
 
 // FixActionCreatedUnixString set created_unix to zero if it is an empty string
-func FixActionCreatedUnixString() (int64, error) {
+func FixActionCreatedUnixString(ctx context.Context) (int64, error) {
 	if setting.Database.UseSQLite3 {
-		res, err := db.GetEngine(db.DefaultContext).Exec(`UPDATE action SET created_unix = 0 WHERE created_unix = ""`)
+		res, err := db.GetEngine(ctx).Exec(`UPDATE action SET created_unix = 0 WHERE created_unix = ""`)
 		if err != nil {
 			return 0, err
 		}

models/activities/action_list.go

@@ -1,6 +1,5 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package activities
 
@@ -82,7 +81,7 @@ func (actions ActionList) loadRepoOwner(ctx context.Context, userMap map[int64]*
 		}
 		repoOwner, ok := userMap[action.Repo.OwnerID]
 		if !ok {
-			repoOwner, err = user_model.GetUserByIDCtx(ctx, action.Repo.OwnerID)
+			repoOwner, err = user_model.GetUserByID(ctx, action.Repo.OwnerID)
 			if err != nil {
 				if user_model.IsErrUserNotExist(err) {
 					continue

models/activities/action_test.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package activities_test
 
@@ -188,7 +187,7 @@ func TestNotifyWatchers(t *testing.T) {
 		RepoID:    1,
 		OpType:    activities_model.ActionStarRepo,
 	}
-	assert.NoError(t, activities_model.NotifyWatchers(action))
+	assert.NoError(t, activities_model.NotifyWatchers(db.DefaultContext, action))
 
 	// One watchers are inactive, thus action is only created for user 8, 1, 4, 11
 	unittest.AssertExistsAndLoadBean(t, &activities_model.Action{
@@ -256,17 +255,17 @@ func TestConsistencyUpdateAction(t *testing.T) {
 	//
 	// Get rid of incorrectly set created_unix
 	//
-	count, err := activities_model.CountActionCreatedUnixString()
+	count, err := activities_model.CountActionCreatedUnixString(db.DefaultContext)
 	assert.NoError(t, err)
 	assert.EqualValues(t, 1, count)
-	count, err = activities_model.FixActionCreatedUnixString()
+	count, err = activities_model.FixActionCreatedUnixString(db.DefaultContext)
 	assert.NoError(t, err)
 	assert.EqualValues(t, 1, count)
 
-	count, err = activities_model.CountActionCreatedUnixString()
+	count, err = activities_model.CountActionCreatedUnixString(db.DefaultContext)
 	assert.NoError(t, err)
 	assert.EqualValues(t, 0, count)
-	count, err = activities_model.FixActionCreatedUnixString()
+	count, err = activities_model.FixActionCreatedUnixString(db.DefaultContext)
 	assert.NoError(t, err)
 	assert.EqualValues(t, 0, count)
 

models/activities/main_test.go

@@ -1,6 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package activities_test
 

models/activities/notification.go

@@ -1,6 +1,5 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package activities
 
@@ -136,18 +135,13 @@ func GetNotifications(ctx context.Context, options *FindNotificationOptions) (nl
 }
 
 // CountNotifications count all notifications that fit to the given options and ignore pagination.
-func CountNotifications(opts *FindNotificationOptions) (int64, error) {
-	return db.GetEngine(db.DefaultContext).Where(opts.ToCond()).Count(&Notification{})
+func CountNotifications(ctx context.Context, opts *FindNotificationOptions) (int64, error) {
+	return db.GetEngine(ctx).Where(opts.ToCond()).Count(&Notification{})
 }
 
 // CreateRepoTransferNotification creates  notification for the user a repository was transferred to
-func CreateRepoTransferNotification(doer, newOwner *user_model.User, repo *repo_model.Repository) error {
-	ctx, committer, err := db.TxContext()
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
+func CreateRepoTransferNotification(ctx context.Context, doer, newOwner *user_model.User, repo *repo_model.Repository) error {
+	return db.AutoTx(ctx, func(ctx context.Context) error {
 		var notify []*Notification
 
 		if newOwner.IsOrganization() {
@@ -174,18 +168,15 @@ func CreateRepoTransferNotification(doer, newOwner *user_model.User, repo *repo_
 			}}
 		}
 
-	if err := db.Insert(ctx, notify); err != nil {
-		return err
-	}
-
-	return committer.Commit()
+		return db.Insert(ctx, notify)
+	})
 }
 
 // CreateOrUpdateIssueNotifications creates an issue notification
 // for each watcher, or updates it if already exists
 // receiverID > 0 just send to receiver, else send to all watcher
 func CreateOrUpdateIssueNotifications(issueID, commentID, notificationAuthorID, receiverID int64) error {
-	ctx, committer, err := db.TxContext()
+	ctx, committer, err := db.TxContext(db.DefaultContext)
 	if err != nil {
 		return err
 	}
@@ -254,7 +245,7 @@ func createOrUpdateIssueNotifications(ctx context.Context, issueID, commentID, n
 	// notify
 	for userID := range toNotify {
 		issue.Repo.Units = nil
-		user, err := user_model.GetUserByIDCtx(ctx, userID)
+		user, err := user_model.GetUserByID(ctx, userID)
 		if err != nil {
 			if user_model.IsErrUserNotExist(err) {
 				continue
@@ -379,11 +370,7 @@ func CountUnread(ctx context.Context, userID int64) int64 {
 }
 
 // LoadAttributes load Repo Issue User and Comment if not loaded
-func (n *Notification) LoadAttributes() (err error) {
-	return n.loadAttributes(db.DefaultContext)
-}
-
-func (n *Notification) loadAttributes(ctx context.Context) (err error) {
+func (n *Notification) LoadAttributes(ctx context.Context) (err error) {
 	if err = n.loadRepo(ctx); err != nil {
 		return
 	}
@@ -401,7 +388,7 @@ func (n *Notification) loadAttributes(ctx context.Context) (err error) {
 
 func (n *Notification) loadRepo(ctx context.Context) (err error) {
 	if n.Repository == nil {
-		n.Repository, err = repo_model.GetRepositoryByIDCtx(ctx, n.RepoID)
+		n.Repository, err = repo_model.GetRepositoryByID(ctx, n.RepoID)
 		if err != nil {
 			return fmt.Errorf("getRepositoryByID [%d]: %w", n.RepoID, err)
 		}
@@ -438,7 +425,7 @@ func (n *Notification) loadComment(ctx context.Context) (err error) {
 
 func (n *Notification) loadUser(ctx context.Context) (err error) {
 	if n.User == nil {
-		n.User, err = user_model.GetUserByIDCtx(ctx, n.UserID)
+		n.User, err = user_model.GetUserByID(ctx, n.UserID)
 		if err != nil {
 			return fmt.Errorf("getUserByID [%d]: %w", n.UserID, err)
 		}
@@ -481,10 +468,10 @@ func (n *Notification) APIURL() string {
 type NotificationList []*Notification
 
 // LoadAttributes load Repo Issue User and Comment if not loaded
-func (nl NotificationList) LoadAttributes() error {
+func (nl NotificationList) LoadAttributes(ctx context.Context) error {
 	var err error
 	for i := 0; i < len(nl); i++ {
-		err = nl[i].LoadAttributes()
+		err = nl[i].LoadAttributes(ctx)
 		if err != nil && !issues_model.IsErrCommentNotExist(err) {
 			return err
 		}
@@ -504,7 +491,7 @@ func (nl NotificationList) getPendingRepoIDs() []int64 {
 }
 
 // LoadRepos loads repositories from database
-func (nl NotificationList) LoadRepos() (repo_model.RepositoryList, []int, error) {
+func (nl NotificationList) LoadRepos(ctx context.Context) (repo_model.RepositoryList, []int, error) {
 	if len(nl) == 0 {
 		return repo_model.RepositoryList{}, []int{}, nil
 	}
@@ -517,7 +504,7 @@ func (nl NotificationList) LoadRepos() (repo_model.RepositoryList, []int, error)
 		if left < limit {
 			limit = left
 		}
-		rows, err := db.GetEngine(db.DefaultContext).
+		rows, err := db.GetEngine(ctx).
 			In("id", repoIDs[:limit]).
 			Rows(new(repo_model.Repository))
 		if err != nil {
@@ -578,7 +565,7 @@ func (nl NotificationList) getPendingIssueIDs() []int64 {
 }
 
 // LoadIssues loads issues from database
-func (nl NotificationList) LoadIssues() ([]int, error) {
+func (nl NotificationList) LoadIssues(ctx context.Context) ([]int, error) {
 	if len(nl) == 0 {
 		return []int{}, nil
 	}
@@ -591,7 +578,7 @@ func (nl NotificationList) LoadIssues() ([]int, error) {
 		if left < limit {
 			limit = left
 		}
-		rows, err := db.GetEngine(db.DefaultContext).
+		rows, err := db.GetEngine(ctx).
 			In("id", issueIDs[:limit]).
 			Rows(new(issues_model.Issue))
 		if err != nil {
@@ -662,7 +649,7 @@ func (nl NotificationList) getPendingCommentIDs() []int64 {
 }
 
 // LoadComments loads comments from database
-func (nl NotificationList) LoadComments() ([]int, error) {
+func (nl NotificationList) LoadComments(ctx context.Context) ([]int, error) {
 	if len(nl) == 0 {
 		return []int{}, nil
 	}
@@ -675,7 +662,7 @@ func (nl NotificationList) LoadComments() ([]int, error) {
 		if left < limit {
 			limit = left
 		}
-		rows, err := db.GetEngine(db.DefaultContext).
+		rows, err := db.GetEngine(ctx).
 			In("id", commentIDs[:limit]).
 			Rows(new(issues_model.Comment))
 		if err != nil {
@@ -775,8 +762,8 @@ func SetRepoReadBy(ctx context.Context, userID, repoID int64) error {
 }
 
 // SetNotificationStatus change the notification status
-func SetNotificationStatus(notificationID int64, user *user_model.User, status NotificationStatus) (*Notification, error) {
-	notification, err := getNotificationByID(db.DefaultContext, notificationID)
+func SetNotificationStatus(ctx context.Context, notificationID int64, user *user_model.User, status NotificationStatus) (*Notification, error) {
+	notification, err := GetNotificationByID(ctx, notificationID)
 	if err != nil {
 		return notification, err
 	}
@@ -787,16 +774,12 @@ func SetNotificationStatus(notificationID int64, user *user_model.User, status N
 
 	notification.Status = status
 
-	_, err = db.GetEngine(db.DefaultContext).ID(notificationID).Update(notification)
+	_, err = db.GetEngine(ctx).ID(notificationID).Update(notification)
 	return notification, err
 }
 
 // GetNotificationByID return notification by ID
-func GetNotificationByID(notificationID int64) (*Notification, error) {
-	return getNotificationByID(db.DefaultContext, notificationID)
-}
-
-func getNotificationByID(ctx context.Context, notificationID int64) (*Notification, error) {
+func GetNotificationByID(ctx context.Context, notificationID int64) (*Notification, error) {
 	notification := new(Notification)
 	ok, err := db.GetEngine(ctx).
 		Where("id = ?", notificationID).
@@ -813,9 +796,9 @@ func getNotificationByID(ctx context.Context, notificationID int64) (*Notificati
 }
 
 // UpdateNotificationStatuses updates the statuses of all of a user's notifications that are of the currentStatus type to the desiredStatus
-func UpdateNotificationStatuses(user *user_model.User, currentStatus, desiredStatus NotificationStatus) error {
+func UpdateNotificationStatuses(ctx context.Context, user *user_model.User, currentStatus, desiredStatus NotificationStatus) error {
 	n := &Notification{Status: desiredStatus, UpdatedBy: user.ID}
-	_, err := db.GetEngine(db.DefaultContext).
+	_, err := db.GetEngine(ctx).
 		Where("user_id = ? AND status = ?", user.ID, currentStatus).
 		Cols("status", "updated_by", "updated_unix").
 		Update(n)

models/activities/notification_test.go

@@ -1,6 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package activities_test
 
@@ -82,14 +81,14 @@ func TestSetNotificationStatus(t *testing.T) {
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 	notf := unittest.AssertExistsAndLoadBean(t,
 		&activities_model.Notification{UserID: user.ID, Status: activities_model.NotificationStatusRead})
-	_, err := activities_model.SetNotificationStatus(notf.ID, user, activities_model.NotificationStatusPinned)
+	_, err := activities_model.SetNotificationStatus(db.DefaultContext, notf.ID, user, activities_model.NotificationStatusPinned)
 	assert.NoError(t, err)
 	unittest.AssertExistsAndLoadBean(t,
 		&activities_model.Notification{ID: notf.ID, Status: activities_model.NotificationStatusPinned})
 
-	_, err = activities_model.SetNotificationStatus(1, user, activities_model.NotificationStatusRead)
+	_, err = activities_model.SetNotificationStatus(db.DefaultContext, 1, user, activities_model.NotificationStatusRead)
 	assert.Error(t, err)
-	_, err = activities_model.SetNotificationStatus(unittest.NonexistentID, user, activities_model.NotificationStatusRead)
+	_, err = activities_model.SetNotificationStatus(db.DefaultContext, unittest.NonexistentID, user, activities_model.NotificationStatusRead)
 	assert.Error(t, err)
 }
 
@@ -102,7 +101,7 @@ func TestUpdateNotificationStatuses(t *testing.T) {
 		&activities_model.Notification{UserID: user.ID, Status: activities_model.NotificationStatusRead})
 	notfPinned := unittest.AssertExistsAndLoadBean(t,
 		&activities_model.Notification{UserID: user.ID, Status: activities_model.NotificationStatusPinned})
-	assert.NoError(t, activities_model.UpdateNotificationStatuses(user, activities_model.NotificationStatusUnread, activities_model.NotificationStatusRead))
+	assert.NoError(t, activities_model.UpdateNotificationStatuses(db.DefaultContext, user, activities_model.NotificationStatusUnread, activities_model.NotificationStatusRead))
 	unittest.AssertExistsAndLoadBean(t,
 		&activities_model.Notification{ID: notfUnread.ID, Status: activities_model.NotificationStatusRead})
 	unittest.AssertExistsAndLoadBean(t,

models/activities/repo_activity.go

@@ -1,6 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package activities
 

models/activities/statistic.go

@@ -1,6 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
+// SPDX-License-Identifier: MIT
 
 package activities