Add Matrix and Fedi links to Readme

CONTRIBUTING.md: merge WORKFLOW.md & RELEASE.md
Having the development documentation in a single file may not be the best structure but it is how Gitea does it and there is value in keeping something familiar to existing contributors. Signed-off-by: Loïc Dachary <loic@dachary.org>
2022-11-26 00:16:30 +01:00 · 2022-11-26 00:16:20 +01:00 · 2022-11-26 00:16:05 +01:00 · 2022-11-26 00:16:00 +01:00 · 2022-11-26 00:15:55 +01:00 · 2022-11-26 00:15:50 +01:00
1915 changed files with 5065 additions and 3567 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -600,7 +600,7 @@ steps:
        from_secret: crowdin_key
  - name: update
-    image: alpine:3.17
+    image: alpine:3.13
    pull: always
    commands:
      - ./build/update-locales.sh
--- a/.woodpecker/testing-amd64.yml
+++ b/.woodpecker/testing-amd64.yml
@ -52,12 +52,12 @@ pipeline:
    commands:
    - su gitea -c 'make unit-test-coverage test-check'
-  test-sqlite:
+  # test-sqlite:
-    image: gitea/test_env:linux-amd64
+  #   image: gitea/test_env:linux-amd64
-    environment:
+  #   environment:
-    - USE_REPO_TEST_DIR=1
+  #   - USE_REPO_TEST_DIR=1
-    - GOPROXY=off
+  #   - GOPROXY=off
-    - TAGS=bindata gogit sqlite sqlite_unlock_notify
+  #   - TAGS=bindata gogit sqlite sqlite_unlock_notify
-    - TEST_TAGS=bindata gogit sqlite sqlite_unlock_notify
+  #   - TEST_TAGS=bindata gogit sqlite sqlite_unlock_notify
-    commands:
+  #   commands:
-    - su gitea -c 'timeout -s ABRT 120m make test-sqlite-migration test-sqlite'
+  #   - su gitea -c 'timeout -s ABRT 120m make test-sqlite-migration test-sqlite'
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,23 +1,118 @@
 # Forgejo Contributor Guide
-The Forgejo project is run by a community of people who are expected to follow this guide when cooperating on a simple bug fix as well as when changing the governance. For more information about the project, take a look at [the documentation explaining what Forgejo provides](README.md).
+This document explains how to contribute changes to the Forgejo project.
 Sensitive security-related issues should be reported to
 [security@forgejo.org](mailto:security@forgejo.org).
-Sensitive security-related issues should be reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).
+# Development workflow
-## For everyone involved
+Forgejo is a soft fork, i.e. a set of commits applied to the Gitea development branch and the stable branches. On a regular basis those commits are rebased and modified if necessary to keep working. All Forgejo commits are merged into a branch from which binary releases and packages are created and distributed. The development workflow is a set of conventions Forgejo developers are expected to follow to work together.
- [Code of Conduct](CONTRIBUTING/COC.md)
+## Naming conventions
 - [Bugs, features, security and others discussions](CONTRIBUTING/DISCUSSIONS.md)
 - [Governance](CONTRIBUTING/GOVERNANCE.md)
 - [Funding](CONTRIBUTING/FUNDING.md)
-## For contributors
+### Development
- [Developer Certificate of Origin (DCO)](CONTRIBUTING/DCO.md)
+* Gitea: main
- [Development workflow](CONTRIBUTING/WORKFLOW.md)
+* Forgejo: forgejo
 * Integration: forgejo-integration
 * Feature branches: forgejo-feature-name
-## For maintainers
+### Stable
- [Release management](CONTRIBUTING/RELEASE.md)
+* Gitea: release/vX.Y
- [Secrets](CONTRIBUTING/SECRETS.md)
+* Forgejo: vX.Y/forgejo
 * Integration: vX.Y/forgejo-integration
 * Feature branches: vX.Y/forgejo-feature-name
 ## Rebasing
 ### *Feature branch*
 The *Gitea* branches are mirrored with the Gitea development and stable branches.
 On a regular basis, each *Feature branch* is rebased against the base *Gitea* branch.
 ### *Integration* and *Forgejo*
 The latest *Gitea* branch resets the *Integration* branch and all *Feature branches* are merged into it. 
 If tests pass, the *Forgejo* branch is reset to the tip of the *Integration* branch.
 If tests do not pass, an issue is filed to the *Feature branch* that fails the test. Once the issue is resolved, another round of rebasing starts.
 ## Releasing
 When a tag is set to a *Stable* *Forgejo* branch, the CI pipeline creates and uploads binaries and packages.
 ## Feature branches
 All *Feature branches* are based on the \*forgejo-development branch which provides the Woodpecker CI configuration and other development tools.
 The purpose of each *Feature branch* is documented in CONTRIBUTING.md as follows:
 * Name of the *Feature branch* and name of the base *Feature branch* (for instance forgejo-federation based on forgejo-development)
    * Backports: list of the versions in which this *Feature branch* is supported (for instance v1.18, v1.19)
    * Description: explains what the focus of the *Feature branch* is (for instance: forge federation features)
 ## Contributing
 Most people who are used to contributing will be familiar with the workflow of sending a pull request against the default branch. When that happens the reviewer should change the base branch to the appropriate *Feature branch* instead. If the pull request does not fit in any *Feature branch*, the reviewer needs to make decision to either:
 * Decline the pull request because it is best contributed to Gitea
 * Create a new *Feature branch*
 Returning contributors can figure out which *Feature branch* to base their pull request on using the list of *Feature branches* found in CONTRIBUTING.md
 ## Granularity
 *Feature branches* can contain a number of commits grouped together, for instance for branding the documentation, the landing page and the footer. It makes it convenient for people working on that topic to get the big picture without browsing multiple branches. Creating a new *Feature branch* for each individual commit, while possible, is likely to be difficult to work with.
 Observing the granularity of the existing *Feature branches* is the best way to figure out what works and what does not. It requires adjustments from time to time depending on the number of contributors and the complexity of the Forgejo codebase that sits on top of Gitea.
 # Release management
 ## Shared user: release-team
 The [release-team](https://codeberg.org/release-team) user authors and signs all releases. The associated email is release@forgejo.org.
 The public GPG key used to sign the releases is [EB114F5E6C0DC2BCDD183550A4B61A2DC5923710](https://codeberg.org/release-team.gpg) `Forgejo Releases <release@forgejo.org>`
 ## Release process
 * Reset the vX.Y/forgejo-integration branch to the Gitea tag vX.Y.Z
 * Merge all feature branches into the vX.Y/forgejo-integration branch
 * If the CI passes reset the vX.Y/forgejo branch to the tip of vX.Y/forgejo-integration
 * Set the vX.Y.Z tag to the tip of the vX.Y/forgejo branch
 * [Binaries](https://codeberg.org/forgejo/forgejo/releases) are built, signed and uploaded by the CI.
 * [Container images](https://codeberg.org/forgejo/-/packages/container/forgejo/versions) are built and uploaded by the CI.
 ## Release signing keys management
 A GPG master key with no expiration date is created and shared with members of the Owners team via encrypted email. A subkey with a one year expiration date is created and stored in the secrets repository, to be used by the CI pipeline. The public master key is stored in the secrets repository and published where relevant.
 ### Master key creation
 * gpg --expert --full-generate-key
 * key type: ECC and ECC option with Curve 25519 as curve
 * no expiration
 * id: Forgejo Releases <contact@forgejo.org>
 * gpg --export-secret-keys --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 and send via encrypted email to Owners
 * gpg --export --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 > release-team-gpg.pub
 * commit to the secret repository
 ### Subkey creation and renewal
 * gpg --expert --edit-key EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
 * addkey
 * key type: ECC (signature only)
 * key validity: one year
 #### 2023
 * gpg --export --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg.pub
 * gpg --export-secret-keys --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg
 * commit to the secret repository
 ### CI configuration
 The `releaseteamgpg` secret in the Woodpecker CI configuration is set with the subkey.
--- a/CONTRIBUTING/COC.md
+++ b/CONTRIBUTING/COC.md
@ -1,26 +0,0 @@
 # Code of Conduct, Well Being and Moderation teams
 Forgejo strives to be an inclusive project where everyone can participate in a safe environment. The [Well Being](https://codeberg.org/org/forgejo/teams/well-being) team is doing its best to defuse tensions before they escalate and is available to answer all requests sent its way. When diplomacy fails, the [Moderation](https://codeberg.org/org/forgejo/teams/moderation) will be forced to act to put a stop to actions that are contrary to the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
 ## Well Being and Moderation teams
 Temporary Well Being and Moderation teams [were appointed 10 November 2022](https://codeberg.org/forgejo/meta/issues/13).
 The moderation team will rely on this [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
 ### [Well Being](https://codeberg.org/org/forgejo/teams/well-being)
 Their goal is to defuse tensions.
 It has no power whatsover. The members are approved by the organization and trusted to:
 - Read all communications to detect tensions between people before they escalate.
 - Do their best to defuse tensions.
 ### [Moderation](https://codeberg.org/org/forgejo/teams/moderation)
 Their goal is to enforce the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
 It has the power to exclude people from a space.
 Their decisions must be logical, fact based and transparent to the organization trusting them with the task.
--- a/CONTRIBUTING/DCO.md
+++ b/CONTRIBUTING/DCO.md
@ -1,29 +0,0 @@
 # Developer Certificate of Origin (DCO)
 Contributions to Forgejo, in all the repositories in the [Forgejo organization](https://codeberg.org/forgejo) are accepted provided the author agrees to the following Developer Certificate of Origin (DCO).
 ```
 By making a contribution to Forgejo, I certify that:
 (a) The contribution was created in whole or in part by me and I
    have the right to submit it under the Free Software
    indicated in the file; or
 (b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate Free Software
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same Free Software license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or
 (c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.
 (d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the Free Software license(s) involved.
 ```
--- a/CONTRIBUTING/DISCUSSIONS.md
+++ b/CONTRIBUTING/DISCUSSIONS.md
@ -1,18 +0,0 @@
 # Bugs, features and discussions
 The [Forgejo issue tracker](https://codeberg.org/forgejo/forgejo/issues) is where **bugs** should be reported and **features** requested.
 Dedicated repositories in the [Forgejo organization](https://codeberg.org/forgejo) cover areas such as:
 - the [website](https://codeberg.org/forgejo/website)
 - the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct)
 - the [funding](https://codeberg.org/forgejo/funding).
 Other discussions regarding all **non technical aspects** of Forgejo, such as the governance, happen in the [meta issue tracker](https://codeberg.org/forgejo/meta/issues) and in the [matrix chatroom](https://matrix.to/#/#forgejo-chat:matrix.org).
 # Security
 The [security team](https://codeberg.org/org/forgejo/teams/security) handle security vulnerabilities. It handles sensitive security-related issues reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).
 The security team also keeps the content of the [security.txt](https://codeberg.org/forgejo/website/src/branch/main/public/.well-known/security.txt) file up to date.
 The private GPG key for `security@forgejo.org` is shared among all members of the security team and not stored online.
--- a/CONTRIBUTING/FUNDING.md
+++ b/CONTRIBUTING/FUNDING.md
@ -1,21 +0,0 @@
 # Funding per year
 ## 2022
 * 50,000€ [to further forge federation](https://forum.forgefriends.org/t/nlnet-grant-application-for-federation-in-gitea-deadline-august-1st-2022/823)
 * 10,000€ (1,400€ October, 5,600€ November, 2,800€ December) employee delegation from Easter-eggs (Loïc Dachary)
 # Funding ideas and prospects
 ## Grant applications
 * [Forgejo NLnet December 1st 2022](https://codeberg.org/forgejo/funding/issues/1)
 * [UX/UI NLnet December 1st 2022](https://codeberg.org/forgejo/funding/issues/4)
 ## Discussions
 * [Proposition](https://codeberg.org/forgejo/meta/issues/51) to log volunteers time so that it is accounted for at a 60€ per hour rate.
 * [A solution for sustaining Free Software forge development](https://blog.dachary.org/2022/11/05/a-solution-for-sustaining-forge-development/)
    * A French company delegates an employee for X month
    * The employee's time is paid for by [R&D incentive](https://fr.wikipedia.org/wiki/Cr%C3%A9dit_d%27imp%C3%B4t_recherche)
 * [Donations to Codeberg](https://codeberg.org/forgejo/meta/issues/26)
--- a/CONTRIBUTING/GOVERNANCE.md
+++ b/CONTRIBUTING/GOVERNANCE.md
@ -1,21 +0,0 @@
 # Governance
 ## Codeberg e.V. stewards of the domains
 The Forgejo [domains](https://codeberg.org/forgejo/meta/issues/41) are owned by the democratic non-profit dedicated to Free Software [Codeberg e.V.](https://codeberg.org/Codeberg/org/src/branch/main/en/bylaws.md). Forgejo is therefore ultimately under the control of Codeberg e.V. and its governance. However, although Codeberg e.V. is committed to use and host Forgejo, it is expected that Forgejo defines its own governance, in a way that is compatible with the Codeberg e.V. governance.
 ## Interim Forgejo Governance
 Although Codeberg e.V. guarantees Forgejo is ultimately under the control of a trusted organization, there was a need to establish an interim Forgejo governance for safeguarding credentials, enforcing the Code of Conduct and ensuring security vulnerabilities are handled responsibly for the Forgejo releases.
 All people with a role in the interim Forgejo governance pledge to resign as soon as the Forgejo governance is in place.
 * [release managers](https://codeberg.org/org/forgejo/teams/releases) safeguard the keys used to sign Forgejo releases
 * [secret keepers](https://codeberg.org/org/Forgejo/teams/owners) safeguard all credentials (registrar, social accounts, etc.)
 * [security team](https://codeberg.org/org/forgejo/teams/security) handle security vulnerabilities
 * [Well Being](https://codeberg.org/org/forgejo/teams/well-being) and [Moderation](https://codeberg.org/org/forgejo/teams/moderation) teams help keep Forgejo an inclusive space
 ## Forgejo Governance
 Forgejo was bootstraped in November 2022 and is [defining its governance](https://codeberg.org/forgejo/meta/issues/19). The [first meeting happened November 24th](https://codeberg.org/forgejo/meta/issues/19#issuecomment-694460) and was recorded. Everyone is welcome to participate in this fully transparent and cooperative process.
--- a/CONTRIBUTING/RELEASE.md
+++ b/CONTRIBUTING/RELEASE.md
@ -1,62 +0,0 @@
 # Release management
 ## Shared user: release-team
 The [release-team](https://codeberg.org/release-team) user publishes and signs all releases. The associated email is mailto:release@forgejo.org.
 The public GPG key used to sign the releases is [EB114F5E6C0DC2BCDD183550A4B61A2DC5923710](https://codeberg.org/release-team.gpg) `Forgejo Releases <release@forgejo.org>`
 ## Release numbering
 The Forgejo release numbers are composed of the Gitea release number followed by a dash and a serial number. For instance:
 * Gitea **v1.18.0** will be Forgejo **v1.18.0-0**, **v1.18.0-1**, etc
 The Gitea release candidates are suffixed with **-rcN** which is handled as a special case for packaging: although **X.Y.Z** is lexicographically lower than **X.Y.Z-rc1** is is considered greater. The Forgejo serial number must therefore be inserted before the **-rcN** suffix to preserve the expected version ordering.
 * Gitea **v1.18.0-rc0** will be Forgejo **v1.18.0-0-rc0**, **v1.18.0-1-rc0**
 * Gitea **v1.18.0-rc1** will be Forgejo **v1.18.0-2-rc1**, **v1.18.0-3-rc1**, **v1.18.0-4-rc1**
 * Gitea **v1.18.0** will be Forgejo **v1.18.0-5**, **v1.18.0-6**, **v1.18.0-7**
 * etc.
 ## Release process
 * Reset the vX.Y/forgejo-integration branch to the Gitea tag vX.Y.Z
 * Merge all feature branches into the vX.Y/forgejo-integration branch
 * If the CI passes reset the vX.Y/forgejo branch to the tip of vX.Y/forgejo-integration
 * Set the vX.Y.Z-N tag to the tip of the vX.Y/forgejo branch
 * [Binaries](https://codeberg.org/forgejo/forgejo/releases) are built, signed and uploaded by the CI.
 * [Container images](https://codeberg.org/forgejo/-/packages/container/forgejo/versions) are built and uploaded by the CI.
 ## Release signing keys management
 A GPG master key with no expiration date is created and shared with members of the Owners team via encrypted email. A subkey with a one year expiration date is created and stored in the secrets repository, to be used by the CI pipeline. The public master key is stored in the secrets repository and published where relevant.
 ### Master key creation
 * gpg --expert --full-generate-key
 * key type: ECC and ECC option with Curve 25519 as curve
 * no expiration
 * id: Forgejo Releases <contact@forgejo.org>
 * gpg --export-secret-keys --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 and send via encrypted email to Owners
 * gpg --export --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 > release-team-gpg.pub
 * commit to the secret repository
 ### Subkey creation and renewal
 * gpg --expert --edit-key EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
 * addkey
 * key type: ECC (signature only)
 * key validity: one year
 * create [an issue](https://codeberg.org/forgejo/forgejo/issues) to schedule the renewal
 #### 2023
 * gpg --export --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg.pub
 * gpg --export-secret-keys --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg
 * commit to the secrets repository
 * renewal issue https://codeberg.org/forgejo/forgejo/issues/58
 ### CI configuration
 The `releaseteamgpg` secret in the Woodpecker CI configuration is set with the subkey.
--- a/CONTRIBUTING/SECRETS.md
+++ b/CONTRIBUTING/SECRETS.md
@ -1,56 +0,0 @@
 # Secrets
 All Forgejo credentials are shared among the [secret keepers](https://codeberg.org/org/Forgejo/teams/owners) teams in a private repository with encrypted content.
 ## Get started
 1. Make sure you have a GPG Key, or [create one](https://github.com/NicoHood/gpgit#12-key-generation)
 2. Send someone else your public key and ask this person to add yourself as a recipient
 ```
 # Commands for the other person
 $ gpg --import public_key.asc
 # The following command will open a prompt, with the available public keys. 
 # Choose the one you just added and all secrets will be re-encrypted with this new key.
 $ gopass recipients add
 ```
 3. [Install gopass](https://www.gopass.pw/#install)
 > :warning: When installing on Ubuntu or Debian you can either download the deb package, install manually or build from source or use our APT repository ([github comment](https://github.com/gopasspw/gopass/issues/1849#issuecomment-802789285) with more information).
 4. Clone this repo using `gopass` (the name and email are for `git config`)
 ```
 $ gopass clone git@codeberg.org:Forgejo/gopass.git
 ```
 5. Check the consistency of the gopass storage
 ```
 $ gopass fsck
 ```
 ## Get a secret
 Show the whole secret file:
 ```
 $ gopass show ovh.com/manager
 ```
 Copy the password in the clipboard:
 ```
 $ gopass show -c ovh.com/manager
 ```
 Copy the `user` part of the secret in the clipboard:
 ```
 $ gopass show -c ovh.com/manager user
 ```
 ## Insert or edit a secret
 ```
 $ gopass edit ovh.com/manager
 ```
 In the editor, insert the password on the first line.
 You may then add lines with a `key: value` syntax (`user: username` for instance).
 ## Debugging and manual git operations
 The following command will show the location and status of the git repo (all git commands are available).
 ```
 $ gopass git status
 ```
--- a/CONTRIBUTING/WORKFLOW.md
+++ b/CONTRIBUTING/WORKFLOW.md
@ -1,79 +0,0 @@
 # Development workflow
 Forgejo is a soft fork, i.e. a set of commits applied to the Gitea development branch and the stable branches. On a regular basis those commits are rebased and modified if necessary to keep working. All Forgejo commits are merged into a branch from which binary releases and packages are created and distributed. The development workflow is a set of conventions Forgejo developers are expected to follow to work together.
 Discussions on how the workflow should evolve happen [in the isssue tracker](https://codeberg.org/forgejo/forgejo/issues?type=all&state=open&labels=&milestone=0&assignee=0&q=%5BWORKFLOW%5D).
 ## Naming conventions
 ### Development
 * Gitea: main
 * Forgejo: forgejo
 * Integration: forgejo-integration
 * Feature branches: forgejo-feature-name
 ### Stable
 * Gitea: release/vX.Y
 * Forgejo: vX.Y/forgejo
 * Integration: vX.Y/forgejo-integration
 * Feature branches: vX.Y/forgejo-feature-name
 ## Rebasing
 ### *Feature branch*
 The *Gitea* branches are mirrored with the Gitea development and stable branches.
 On a regular basis, each *Feature branch* is rebased against the base *Gitea* branch.
 ### *Integration* and *Forgejo*
 The latest *Gitea* branch resets the *Integration* branch and all *Feature branches* are merged into it. 
 If tests pass, the *Forgejo* branch is reset to the tip of the *Integration* branch.
 If tests do not pass, an issue is filed to the *Feature branch* that fails the test. Once the issue is resolved, another round of rebasing starts.
 ## Releasing
 When a tag is set to a *Stable* *Forgejo* branch, the CI pipeline creates and uploads binaries and packages.
 ## Feature branches
 All *Feature branches* are based on the {vX.Y/,}forgejo-development branch which provides and other development tools and documenation.
 The \*forgejo-development branch is based on the {vX.Y/,}forgejo-ci branch which provides the Woodpecker CI configuration.
 The purpose of each *Feature branch* is documented below:
 ### General purpose
 * [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci) based on [main](https://codeberg.org/forgejo/forgejo/src/branch/main)
  Woodpecker CI configuration, including the release process.
  * Backports: [v1.18/forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci)
 * [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development) based on [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci)
  Forgejo development tools and documentation.
  * Backports: [v1.18/forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-development)
 ### [Federation](https://codeberg.org/forgejo/forgejo/issues?labels=79349)
 * [forgejo-federation](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-federation) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
  Federation support for Forgejo
 ## Pull requests and feature branches
 Most people who are used to contributing will be familiar with the workflow of sending a pull request against the default branch. When that happens the reviewer should change the base branch to the appropriate *Feature branch* instead. If the pull request does not fit in any *Feature branch*, the reviewer needs to make decision to either:
 * Decline the pull request because it is best contributed to Gitea
 * Create a new *Feature branch*
 Returning contributors can figure out which *Feature branch* to base their pull request on using the list of *Feature branches*.
 ## Granularity
 *Feature branches* can contain a number of commits grouped together, for instance for branding the documentation, the landing page and the footer. It makes it convenient for people working on that topic to get the big picture without browsing multiple branches. Creating a new *Feature branch* for each individual commit, while possible, is likely to be difficult to work with.
 Observing the granularity of the existing *Feature branches* is the best way to figure out what works and what does not. It requires adjustments from time to time depending on the number of contributors and the complexity of the Forgejo codebase that sits on top of Gitea.
--- a/4
+++ b/4
@ -1,5 +1,5 @@
 #Build stage
-FROM codeberg.org/forgejo/golang:1.19-alpine3.17 AS build-env
+FROM codeberg.org/forgejo/golang:1.19-alpine3.16 AS build-env
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
-FROM codeberg.org/forgejo/alpine:3.17.0
+FROM codeberg.org/forgejo/alpine:3.16.3
 LABEL maintainer="contact@forgejo.org"
 EXPOSE 22 3000
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.19-alpine3.17 AS build-env
+FROM golang:1.19-alpine3.16 AS build-env
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
-FROM alpine:3.17
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 2222 3000
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 Hi there! Tired of big platforms playing monopoly?
 Providing Git hosting for your project, friends, company or community?
-**Forgejo** (inspired by forĝejo \ˈfor.d͡ʒe.jo\ – the Esperanto word for *forge*) has you covered with its intuitive interface,
+**Forgejo** (\ˈfor.d͡ʒe.jo\ – the Esperanto word for *forge*) has you covered with its intuitive interface,
 light and easy hosting and a lot of builtin functionality.
 Forgejo was forked from the well-known [Gitea](https://gitea.io) project in 2022,
@ -38,9 +38,32 @@ If you like any of the following, Forgejo is literally meant for you:
 ## Learn more
 We're still working on our website.
-In the meantime, you can <a href="https://floss.social/@Forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#Forgejo-chat:matrix.org) if you have any questions or want to get involved.
+In the meantime, you can <a href="https://floss.social/@forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#forgejo-chat:matrix.org) if you have any questions or want to get involved.
-## Get involved
+## Getting started
-If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please [take a look at the contribution guide](CONTRIBUTING.md).
+We're working towards our first release.
 The download options will be published here.
 ### Documentation
 ...
 ## Roadmap
 We're currently working on ... for the next release.
 ### Status of Federation
 ...
 ## Contributing
 ... 
 ### Translating
 ## Thanks to ...
--- a/build.go
+++ b/build.go
@ -1,6 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
-
+// license that can be found in the LICENSE file.
 //go:build vendor
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package codeformat
--- a/build/codeformat/formatimports_test.go
+++ b/build/codeformat/formatimports_test.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package codeformat
--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright 2015 Kenneth Shaw
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
@ -208,8 +209,8 @@ func generate() ([]byte, error) {
 const hdr = `
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
-
+// license that can be found in the LICENSE file.
 package emoji
--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright (c) 2015, Wade Simmons
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 // gocovmerge takes the results from multiple `go test -coverprofile` runs and
 // merges them into one profile
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -1,6 +1,7 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@ -665,7 +666,7 @@ func runDeleteUser(c *cli.Context) error {
 	} else if c.IsSet("username") {
 		user, err = user_model.GetUserByName(ctx, c.String("username"))
 	} else {
-		user, err = user_model.GetUserByID(ctx, c.Int64("id"))
+		user, err = user_model.GetUserByID(c.Int64("id"))
 	}
 	if err != nil {
 		return err
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/cert.go
+++ b/cmd/cert.go
@ -1,7 +1,8 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 // Package cmd provides subcommands to the gitea binary - such as "web" or
 // "admin".
--- a/cmd/convert.go
+++ b/cmd/convert.go
@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/docs.go
+++ b/cmd/docs.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build bindata
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build !bindata
--- a/cmd/generate.go
+++ b/cmd/generate.go
@ -1,6 +1,7 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@ -217,9 +218,9 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}
-	supportProcReceive := false
+	supportProcRecive := false
 	if git.CheckGitVersionAtLeast("2.29") == nil {
-		supportProcReceive = true
+		supportProcRecive = true
 	}
 	for scanner.Scan() {
@ -240,9 +241,9 @@ Gitea or set your environment appropriately.`, "")
 		lastline++
 		// If the ref is a branch or tag, check if it's protected
-		// if supportProcReceive all ref should be checked because
+		// if supportProcRecive all ref should be checked because
 		// permission check was delayed
-		if supportProcReceive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
+		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
 			oldCommitIDs[count] = oldCommitID
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/keys.go
+++ b/cmd/keys.go
@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/manager.go
+++ b/cmd/manager.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/web.go
+++ b/cmd/web.go
@ -1,5 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@ -1,5 +1,6 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package main
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package main
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package main
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -1590,7 +1590,7 @@ ROUTER = console
 ;; Prefix displayed before subject in mail
 ;SUBJECT_PREFIX =
 ;;
-;; Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy".
+;; Mail server protocol. One of "smtp", "smtps", "smtp+startls", "smtp+unix", "sendmail", "dummy".
 ;; - sendmail: use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
 ;; - dummy: send email messages to the log as a testing phase.
 ;; If your provider does not explicitly say which protocol it uses but does provide a port,
@ -2378,33 +2378,33 @@ ROUTER = console
 ;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
 ;CHUNKED_UPLOAD_PATH = tmp/package-upload
 ;;
-;; Maximum count of package versions a single owner can have (`-1` means no limits)
+;; Maxmimum count of package versions a single owner can have (`-1` means no limits)
 ;LIMIT_TOTAL_OWNER_COUNT = -1
-;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_TOTAL_OWNER_SIZE = -1
-;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_COMPOSER = -1
-;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONAN = -1
-;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONTAINER = -1
-;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_GENERIC = -1
-;; Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_HELM = -1
-;; Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_MAVEN = -1
-;; Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_NPM = -1
-;; Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_NUGET = -1
-;; Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_PUB = -1
-;; Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_PYPI = -1
-;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_RUBYGEMS = -1
-;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;; Maxmimum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_VAGRANT = -1
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@ -713,7 +713,7 @@ and
 [Gitea 1.17 configuration document](https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md)
 - `ENABLED`: **false**: Enable to use a mail service.
- `PROTOCOL`: **\<empty\>**: Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy". _Before 1.18, this was inferred from a combination of `MAILER_TYPE` and `IS_TLS_ENABLED`._
+- `PROTOCOL`: **\<empty\>**: Mail server protocol. One of "smtp", "smtps", "smtp+startls", "smtp+unix", "sendmail", "dummy". _Before 1.18, this was inferred from a combination of `MAILER_TYPE` and `IS_TLS_ENABLED`._
  - SMTP family, if your provider does not explicitly say which protocol it uses but does provide a port, you can set SMTP_PORT instead and this will be inferred.
  - **sendmail** Use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
  - **dummy** Send email messages to the log as a testing phase.
@ -1179,20 +1179,20 @@ Task queue configuration has been moved to `queue.task`. However, the below conf
 - `ENABLED`: **true**: Enable/Disable package registry capabilities
 - `CHUNKED_UPLOAD_PATH`: **tmp/package-upload**: Path for chunked uploads. Defaults to `APP_DATA_PATH` + `tmp/package-upload`
- `LIMIT_TOTAL_OWNER_COUNT`: **-1**: Maximum count of package versions a single owner can have (`-1` means no limits)
+- `LIMIT_TOTAL_OWNER_COUNT`: **-1**: Maxmimum count of package versions a single owner can have (`-1` means no limits)
- `LIMIT_TOTAL_OWNER_SIZE`: **-1**: Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_TOTAL_OWNER_SIZE`: **-1**: Maxmimum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_COMPOSER`: **-1**: Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_COMPOSER`: **-1**: Maxmimum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_CONAN`: **-1**: Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_CONAN`: **-1**: Maxmimum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_CONTAINER`: **-1**: Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_CONTAINER`: **-1**: Maxmimum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_GENERIC`: **-1**: Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_GENERIC`: **-1**: Maxmimum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_HELM`: **-1**: Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_HELM`: **-1**: Maxmimum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_MAVEN`: **-1**: Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_MAVEN`: **-1**: Maxmimum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_NPM`: **-1**: Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_NPM`: **-1**: Maxmimum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_NUGET`: **-1**: Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_NUGET`: **-1**: Maxmimum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_PUB`: **-1**: Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_PUB`: **-1**: Maxmimum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_PYPI`: **-1**: Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_PYPI`: **-1**: Maxmimum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_RUBYGEMS`: **-1**: Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_RUBYGEMS`: **-1**: Maxmimum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_VAGRANT`: **-1**: Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+- `LIMIT_SIZE_VAGRANT`: **-1**: Maxmimum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ## Mirror (`mirror`)
--- a/docs/content/doc/packages/overview.en-us.md
+++ b/docs/content/doc/packages/overview.en-us.md
@ -32,7 +32,7 @@ The following package managers are currently supported:
 | [Generic]({{< relref "doc/packages/generic.en-us.md" >}}) | - | any HTTP client |
 | [Helm]({{< relref "doc/packages/helm.en-us.md" >}}) | - | any HTTP client, `cm-push` |
 | [Maven]({{< relref "doc/packages/maven.en-us.md" >}}) | Java | `mvn`, `gradle` |
-| [npm]({{< relref "doc/packages/npm.en-us.md" >}}) | JavaScript | `npm`, `yarn`, `pnpm` |
+| [npm]({{< relref "doc/packages/npm.en-us.md" >}}) | JavaScript | `npm`, `yarn` |
 | [NuGet]({{< relref "doc/packages/nuget.en-us.md" >}}) | .NET | `nuget` |
 | [Pub]({{< relref "doc/packages/pub.en-us.md" >}}) | Dart | `dart`, `flutter` |
 | [PyPI]({{< relref "doc/packages/pypi.en-us.md" >}}) | Python | `pip`, `twine` |
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,7 @@ module code.gitea.io/gitea
 go 1.18
 require (
-	code.gitea.io/gitea-vet v0.2.2
+	code.gitea.io/gitea-vet v0.2.2-0.20220122151748-48ebc902541b
 	code.gitea.io/sdk/gitea v0.15.1
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
 	gitea.com/go-chi/binding v0.0.0-20221013104517-b29891619681
@ -15,7 +15,7 @@ require (
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/PuerkitoBio/goquery v1.8.0
-	github.com/alecthomas/chroma/v2 v2.4.0
+	github.com/alecthomas/chroma/v2 v2.3.0
 	github.com/blevesearch/bleve/v2 v2.3.4
 	github.com/buildkite/terminal-to-html/v3 v3.7.0
 	github.com/caddyserver/certmagic v0.17.2
--- a/go.sum
+++ b/go.sum
@ -65,8 +65,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
 code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
-code.gitea.io/gitea-vet v0.2.2 h1:TEOV/Glf38iGmKzKP0EB++Z5OSL4zGg3RrAvlwaMuvk=
+code.gitea.io/gitea-vet v0.2.2-0.20220122151748-48ebc902541b h1:uv9a8eGSdQ8Dr4HyUcuHFfDsk/QuwO+wf+Y99RYdxY0=
-code.gitea.io/gitea-vet v0.2.2/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
+code.gitea.io/gitea-vet v0.2.2-0.20220122151748-48ebc902541b/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
 code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY=
 code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M=
 code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA=
@ -160,10 +160,9 @@ github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
 github.com/alecthomas/assert/v2 v2.2.0 h1:f6L/b7KE2bfA+9O4FL3CM/xJccDEwPVYd5fALBiuwvw=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
-github.com/alecthomas/chroma/v2 v2.4.0 h1:Loe2ZjT5x3q1bcWwemqyqEi8p11/IV/ncFCeLYDpWC4=
+github.com/alecthomas/chroma/v2 v2.3.0 h1:83xfxrnjv8eK+Cf8qZDzNo3PPF9IbTWHs7z28GY6D0U=
-github.com/alecthomas/chroma/v2 v2.4.0/go.mod h1:6kHzqF5O6FUSJzBXW7fXELjb+e+7OXW4UpoPqMO7IBQ=
+github.com/alecthomas/chroma/v2 v2.3.0/go.mod h1:mZxeWZlxP2Dy+/8cBob2PYd8O2DwNAzave5AY7A2eQw=
 github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE=
 github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
 github.com/alecthomas/repr v0.1.0 h1:ENn2e1+J3k09gyj2shc0dHr/yjaWSHRlrJ4DPMevDqE=
@ -831,7 +830,6 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo=
 github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
--- a/main.go
+++ b/main.go
@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 // Gitea (git with a cup of tea) is a painless self-hosted Git Service.
 package main // import "code.gitea.io/gitea"
--- a/models/activities/action.go
+++ b/models/activities/action.go
@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activities
@ -114,12 +115,12 @@ func (a *Action) GetOpType() ActionType {
 }
 // LoadActUser loads a.ActUser
-func (a *Action) LoadActUser(ctx context.Context) {
+func (a *Action) LoadActUser() {
 	if a.ActUser != nil {
 		return
 	}
 	var err error
-	a.ActUser, err = user_model.GetUserByID(ctx, a.ActUserID)
+	a.ActUser, err = user_model.GetUserByID(a.ActUserID)
 	if err == nil {
 		return
 	} else if user_model.IsErrUserNotExist(err) {
@ -129,12 +130,12 @@ func (a *Action) LoadActUser(ctx context.Context) {
 	}
 }
-func (a *Action) loadRepo(ctx context.Context) {
+func (a *Action) loadRepo() {
 	if a.Repo != nil {
 		return
 	}
 	var err error
-	a.Repo, err = repo_model.GetRepositoryByID(ctx, a.RepoID)
+	a.Repo, err = repo_model.GetRepositoryByID(a.RepoID)
 	if err != nil {
 		log.Error("repo_model.GetRepositoryByID(%d): %v", a.RepoID, err)
 	}
@ -142,13 +143,13 @@ func (a *Action) loadRepo(ctx context.Context) {
 // GetActFullName gets the action's user full name.
 func (a *Action) GetActFullName() string {
-	a.LoadActUser(db.DefaultContext)
+	a.LoadActUser()
 	return a.ActUser.FullName
 }
 // GetActUserName gets the action's user name.
 func (a *Action) GetActUserName() string {
-	a.LoadActUser(db.DefaultContext)
+	a.LoadActUser()
 	return a.ActUser.Name
 }
@ -179,7 +180,7 @@ func (a *Action) GetDisplayNameTitle() string {
 // GetRepoUserName returns the name of the action repository owner.
 func (a *Action) GetRepoUserName() string {
-	a.loadRepo(db.DefaultContext)
+	a.loadRepo()
 	return a.Repo.OwnerName
 }
@ -191,7 +192,7 @@ func (a *Action) ShortRepoUserName() string {
 // GetRepoName returns the name of the action repository.
 func (a *Action) GetRepoName() string {
-	a.loadRepo(db.DefaultContext)
+	a.loadRepo()
 	return a.Repo.Name
 }
@ -379,7 +380,7 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
 	cond := builder.NewCond()
 	if opts.RequestedTeam != nil && opts.RequestedUser == nil {
-		org, err := user_model.GetUserByID(db.DefaultContext, opts.RequestedTeam.OrgID)
+		org, err := user_model.GetUserByID(opts.RequestedTeam.OrgID)
 		if err != nil {
 			return nil, err
 		}
@ -489,7 +490,7 @@ func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 		}
 		if repoChanged {
-			act.loadRepo(ctx)
+			act.loadRepo()
 			repo = act.Repo
 			// check repo owner exist.
@ -514,7 +515,7 @@ func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 			permIssue = make([]bool, len(watchers))
 			permPR = make([]bool, len(watchers))
 			for i, watcher := range watchers {
-				user, err := user_model.GetUserByID(ctx, watcher.UserID)
+				user, err := user_model.GetUserByIDCtx(ctx, watcher.UserID)
 				if err != nil {
 					permCode[i] = false
 					permIssue[i] = false
--- a/models/activities/action_list.go
+++ b/models/activities/action_list.go
@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activities
@ -81,7 +82,7 @@ func (actions ActionList) loadRepoOwner(ctx context.Context, userMap map[int64]*
 		}
 		repoOwner, ok := userMap[action.Repo.OwnerID]
 		if !ok {
-			repoOwner, err = user_model.GetUserByID(ctx, action.Repo.OwnerID)
+			repoOwner, err = user_model.GetUserByIDCtx(ctx, action.Repo.OwnerID)
 			if err != nil {
 				if user_model.IsErrUserNotExist(err) {
 					continue
--- a/models/activities/action_test.go
+++ b/models/activities/action_test.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activities_test
--- a/models/activities/main_test.go
+++ b/models/activities/main_test.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activities_test
--- a/models/activities/notification.go
+++ b/models/activities/notification.go
@ -1,5 +1,6 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activities
@ -245,7 +246,7 @@ func createOrUpdateIssueNotifications(ctx context.Context, issueID, commentID, n
 	// notify
 	for userID := range toNotify {
 		issue.Repo.Units = nil
-		user, err := user_model.GetUserByID(ctx, userID)
+		user, err := user_model.GetUserByIDCtx(ctx, userID)
 		if err != nil {
 			if user_model.IsErrUserNotExist(err) {
 				continue
@ -388,7 +389,7 @@ func (n *Notification) LoadAttributes(ctx context.Context) (err error) {
 func (n *Notification) loadRepo(ctx context.Context) (err error) {
 	if n.Repository == nil {
-		n.Repository, err = repo_model.GetRepositoryByID(ctx, n.RepoID)
+		n.Repository, err = repo_model.GetRepositoryByIDCtx(ctx, n.RepoID)
 		if err != nil {
 			return fmt.Errorf("getRepositoryByID [%d]: %w", n.RepoID, err)
 		}
@ -425,7 +426,7 @@ func (n *Notification) loadComment(ctx context.Context) (err error) {
 func (n *Notification) loadUser(ctx context.Context) (err error) {
 	if n.User == nil {
-		n.User, err = user_model.GetUserByID(ctx, n.UserID)
+		n.User, err = user_model.GetUserByIDCtx(ctx, n.UserID)
 		if err != nil {
 			return fmt.Errorf("getUserByID [%d]: %w", n.UserID, err)
 		}
--- a/models/activities/notification_test.go
+++ b/models/activities/notification_test.go
@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activities_test
--- a/models/activities/repo_activity.go
+++ b/models/activities/repo_activity.go
@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activities
--- a/models/activities/statistic.go
+++ b/models/activities/statistic.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package activities
--- a/models/activities/user_heatmap.go
+++ b/models/activities/user_heatmap.go
@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.package models
 package activities
--- a/models/activities/user_heatmap_test.go
+++ b/models/activities/user_heatmap_test.go
@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.package models
 package activities_test
--- a/models/admin/task.go
+++ b/models/admin/task.go
@ -1,5 +1,6 @@
 // Copyright 2019 Gitea. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package admin
--- a/models/asymkey/error.go
+++ b/models/asymkey/error.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/gpg_key.go
+++ b/models/asymkey/gpg_key.go
@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/gpg_key_add.go
+++ b/models/asymkey/gpg_key_add.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/gpg_key_commit_verification.go
+++ b/models/asymkey/gpg_key_commit_verification.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
@ -426,7 +427,7 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *use
 			Email: email,
 		}
 		if key.OwnerID != 0 {
-			owner, err := user_model.GetUserByID(db.DefaultContext, key.OwnerID)
+			owner, err := user_model.GetUserByID(key.OwnerID)
 			if err == nil {
 				signer = owner
 			} else if !user_model.IsErrUserNotExist(err) {
--- a/models/asymkey/gpg_key_common.go
+++ b/models/asymkey/gpg_key_common.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/gpg_key_import.go
+++ b/models/asymkey/gpg_key_import.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/gpg_key_test.go
+++ b/models/asymkey/gpg_key_test.go
@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/gpg_key_verify.go
+++ b/models/asymkey/gpg_key_verify.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/main_test.go
+++ b/models/asymkey/main_test.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key.go
+++ b/models/asymkey/ssh_key.go
@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_authorized_keys.go
+++ b/models/asymkey/ssh_key_authorized_keys.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_authorized_principals.go
+++ b/models/asymkey/ssh_key_authorized_principals.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_commit_verification.go
+++ b/models/asymkey/ssh_key_commit_verification.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_deploy.go
+++ b/models/asymkey/ssh_key_deploy.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_fingerprint.go
+++ b/models/asymkey/ssh_key_fingerprint.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_parse.go
+++ b/models/asymkey/ssh_key_parse.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_principals.go
+++ b/models/asymkey/ssh_key_principals.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_test.go
+++ b/models/asymkey/ssh_key_test.go
@ -1,6 +1,7 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/asymkey/ssh_key_verify.go
+++ b/models/asymkey/ssh_key_verify.go
@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package asymkey
--- a/models/auth/main_test.go
+++ b/models/auth/main_test.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth_test
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth
--- a/models/auth/oauth2_test.go
+++ b/models/auth/oauth2_test.go
@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth_test
--- a/models/auth/session.go
+++ b/models/auth/session.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth
--- a/models/auth/source.go
+++ b/models/auth/source.go
@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth
--- a/models/auth/source_test.go
+++ b/models/auth/source_test.go
@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth_test
--- a/models/auth/token.go
+++ b/models/auth/token.go
@ -1,20 +1,22 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth
 import (
 	"crypto/subtle"
 	"encoding/hex"
 	"fmt"
 	"time"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 	gouuid "github.com/google/uuid"
 	lru "github.com/hashicorp/golang-lru"
 )
@ -99,12 +101,8 @@ func NewAccessToken(t *AccessToken) error {
 	if err != nil {
 		return err
 	}
 	token, err := util.CryptoRandomBytes(20)
 	if err != nil {
 		return err
 	}
 	t.TokenSalt = salt
-	t.Token = hex.EncodeToString(token)
+	t.Token = base.EncodeSha1(gouuid.New().String())
 	t.TokenHash = HashToken(t.Token, t.TokenSalt)
 	t.TokenLastEight = t.Token[len(t.Token)-8:]
 	_, err = db.GetEngine(db.DefaultContext).Insert(t)
--- a/models/auth/token_test.go
+++ b/models/auth/token_test.go
@ -1,5 +1,6 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth_test
--- a/models/auth/twofactor.go
+++ b/models/auth/twofactor.go
@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth
@ -9,7 +10,6 @@ import (
 	"crypto/subtle"
 	"encoding/base32"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
 	"code.gitea.io/gitea/models/db"
@ -79,7 +79,7 @@ func (t *TwoFactor) GenerateScratchToken() (string, error) {
 // HashToken return the hashable salt
 func HashToken(token, salt string) string {
 	tempHash := pbkdf2.Key([]byte(token), []byte(salt), 10000, 50, sha256.New)
-	return hex.EncodeToString(tempHash)
+	return fmt.Sprintf("%x", tempHash)
 }
 // VerifyScratchToken verifies if the specified scratch token is valid.
--- a/models/auth/webauthn.go
+++ b/models/auth/webauthn.go
@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package auth
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Caesar Schinas	7af1457faf	Add Matrix and Fedi links to Readme	2022-11-26 00:16:30 +01:00
Loïc Dachary	eb7bb3ea83	CONTRIBUTING.md: merge WORKFLOW.md & RELEASE.md Having the development documentation in a single file may not be the best structure but it is how Gitea does it and there is value in keeping something familiar to existing contributors. Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-26 00:16:20 +01:00
Otto	b8587f8383	Update README as per !21	2022-11-26 00:16:05 +01:00
Otto	b262308667	README draft with skeleton	2022-11-26 00:16:00 +01:00
Loïc Dachary	e60e5e6907	RELEASE.md: the release GPG key email is now release@forgejo.org Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-26 00:15:55 +01:00
Loïc Dachary	611b114f1b	RELEASE.md: document the release process Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-26 00:15:50 +01:00
Loïc Dachary	b1a18b845d	RELEASE.md: add email of the release-team user Fixes: https://codeberg.org/forgejo/forgejo/issues/6 Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-26 00:15:43 +01:00
Caesar Schinas	ebf577fcf8	Fix incorrect GPG key in issue template	2022-11-26 00:14:27 +01:00
Caesar Schinas	ad36290d47	Update issue templates for Forgejo	2022-11-26 00:14:13 +01:00
Gusted	a35b97e6b6	Add `--expert` option for subkey creation - If this isn't specified, the ECC option wouldn't be shown.	2022-11-26 00:14:04 +01:00
Loïc Dachary	2c1f372d68	delete Gitea specific files that need rewriting for Forgejo Although it would be possible to modify these files, it would create conflicts when rebasing. Instead, this commit removes them entirely and another commit can start from scratch, borrowing content from the original files. The drawback of this approach is that some content updates from Gitea that also need updating in Forgejo will have to be copy/pasted instead of being merged. Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-26 00:13:59 +01:00
Loïc Dachary	e32ca83cbe	Release management documentation Fixes: https://codeberg.org/Forgejo/forgejo/issues/4 Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-26 00:13:54 +01:00
Loïc Dachary	a99deecbcd	Forgejo development workflow Fixes: https://codeberg.org/forgejo/forgejo/issues/5 Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-26 00:13:49 +01:00
Loïc Dachary	d3b008fab9	workaround: deactivate test-sqlite because it is too slow Refs: https://codeberg.org/forgejo/forgejo/issues/31 Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-25 20:09:57 +01:00
Loïc Dachary	e2426ca0f2	workaround: Dockerfile for codeberg.org corrupted container images https://codeberg.org/forgejo/forgejo/issues/26 https://codeberg.org/Codeberg/Community/issues/800 sed -i -e 's\|^FROM.golang.\|FROM codeberg.org/forgejo/golang:1.19-alpine3.16 AS build-env\|' Dockerfile sed -i -e 's\|^FROM.alpine:.\|FROM codeberg.org/forgejo/alpine:3.16.3\|' Dockerfile Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-25 20:09:48 +01:00
Loïc Dachary	0c7a1bf11a	implementation: forgejo container images Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-25 20:09:44 +01:00
Loïc Dachary	446e235742	implementation: Woodpecker based CI Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-25 20:09:34 +01:00
Loïc Dachary	054925327f	implementation: publish forgejo- binaries instead of gitea- Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-25 20:09:24 +01:00
Loïc Dachary	6fddbf49f0	upstream: remove unstable test Fixes: https://codeberg.org/forgejo/forgejo/issues/30 Signed-off-by: Loïc Dachary <loic@dachary.org>	2022-11-25 20:09:11 +01:00