Merge pull request 'Translation backports to v7' (#5401) from 0ko/forgejo:i18n-backport-20240926-v7 into v7.0/forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5401
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>

.air.toml

@@ -2,10 +2,9 @@ root = "."
 tmp_dir = ".air"
 
 [build]
-pre_cmd = ["killall -9 gitea 2>/dev/null || true"] # kill off potential zombie processes from previous runs
 cmd = "make --no-print-directory backend"
 bin = "gitea"
-delay = 2000
+delay = 1000
 include_ext = ["go", "tmpl"]
 include_file = ["main.go"]
 include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
@@ -16,11 +15,8 @@ exclude_dir = [
   "modules/avatar/testdata",
   "modules/git/tests",
   "modules/migration/file_format_testdata",
-  "modules/markup/tests/repo/repo1_filepreview",
   "routers/private/tests",
   "services/gitdiff/testdata",
-  "services/migrations/testdata",
-  "services/webhook/sourcehut/testdata",
 ]
 exclude_regex = ["_test.go$", "_gen.go$"]
 stop_on_error = true

.changelog.yml

@@ -0,0 +1,57 @@
+# The full repository name
+repo: go-gitea/gitea
+
+# Service type (gitea or github)
+service: github
+
+# Base URL for Gitea instance if using gitea service type (optional)
+# Default: https://gitea.com
+base-url:
+
+# Changelog groups and which labeled PRs to add to each group
+groups:
+  -
+    name: BREAKING
+    labels:
+      - pr/breaking
+  -
+    name: SECURITY
+    labels:
+      - topic/security
+  -
+    name: FEATURES
+    labels:
+      - type/feature
+  -
+    name: API
+    labels:
+      - modifies/api
+  -
+    name: ENHANCEMENTS
+    labels:
+      - type/enhancement
+      - type/refactoring
+      - topic/ui
+  -
+    name: BUGFIXES
+    labels:
+      - type/bug
+  -
+    name: TESTING
+    labels:
+      - type/testing
+  -
+    name: BUILD
+    labels:
+      - topic/build
+      - topic/code-linting
+  -
+    name: DOCS
+    labels:
+      - type/docs
+  -
+    name: MISC
+    default: true
+
+# regex indicating which labels to skip for the changelog
+skip-labels: skip-changelog|backport\/.+

.deadcode-out

@@ -1,303 +1,344 @@
-code.gitea.io/gitea/cmd
-	NoMainListener
-
-code.gitea.io/gitea/cmd/forgejo
-	ContextSetNoInit
-	ContextSetNoExit
-	ContextSetStderr
-	ContextGetStderr
-	ContextSetStdout
-	ContextSetStdin
-
-code.gitea.io/gitea/models
-	IsErrUpdateTaskNotExist
-	ErrUpdateTaskNotExist.Error
-	ErrUpdateTaskNotExist.Unwrap
-	IsErrSHANotFound
-	IsErrMergeDivergingFastForwardOnly
-	GetYamlFixturesAccess
-
-code.gitea.io/gitea/models/actions
-	ScheduleList.GetUserIDs
-	ScheduleList.GetRepoIDs
-	ScheduleList.LoadTriggerUser
-	ScheduleList.LoadRepos
-
-code.gitea.io/gitea/models/asymkey
-	ErrGPGKeyAccessDenied.Error
-	ErrGPGKeyAccessDenied.Unwrap
-	HasDeployKey
-
-code.gitea.io/gitea/models/auth
-	GetSourceByName
-	WebAuthnCredentials
-
-code.gitea.io/gitea/models/db
-	TruncateBeans
-	InTransaction
-	DumpTables
-
-code.gitea.io/gitea/models/dbfs
-	file.renameTo
-	Create
-	Rename
-
-code.gitea.io/gitea/models/forgefed
-	GetFederationHost
-
-code.gitea.io/gitea/models/forgejo/semver
-	GetVersion
-	SetVersionString
-	SetVersion
-
-code.gitea.io/gitea/models/git
-	RemoveDeletedBranchByID
-
-code.gitea.io/gitea/models/issues
-	IsErrUnknownDependencyType
-	ErrNewIssueInsert.Error
-	IsErrIssueWasClosed
-	ChangeMilestoneStatus
-
-code.gitea.io/gitea/models/organization
-	GetTeamNamesByID
-	UpdateTeamUnits
-	SearchMembersOptions.ToConds
-	UsersInTeamsCount
-
-code.gitea.io/gitea/models/perm/access
-	GetRepoWriters
-
-code.gitea.io/gitea/models/project
-	UpdateColumnSorting
-	ChangeProjectStatus
-
-code.gitea.io/gitea/models/repo
-	DeleteAttachmentsByIssue
-	FindReposMapByIDs
-	IsErrTopicNotExist
-	ErrTopicNotExist.Error
-	ErrTopicNotExist.Unwrap
-	GetTopicByName
-	WatchRepoMode
-
-code.gitea.io/gitea/models/user
-	ErrUserInactive.Error
-	ErrUserInactive.Unwrap
-	IsErrExternalLoginUserAlreadyExist
-	IsErrExternalLoginUserNotExist
-	NewFederatedUser
-	IsErrUserSettingIsNotExist
-	GetUserAllSettings
-	DeleteUserSetting
-	GetUserEmailsByNames
-	GetUserNamesByIDs
-
-code.gitea.io/gitea/modules/activitypub
-	NewContext
-	Context.APClientFactory
-
-code.gitea.io/gitea/modules/assetfs
-	Bindata
-
-code.gitea.io/gitea/modules/auth/password/hash
-	DummyHasher.HashWithSaltBytes
-	NewDummyHasher
-
-code.gitea.io/gitea/modules/auth/password/pwn
-	WithHTTP
-
-code.gitea.io/gitea/modules/base
-	SetupGiteaRoot
-
-code.gitea.io/gitea/modules/cache
-	GetInt
-	WithNoCacheContext
-	RemoveContextData
-
-code.gitea.io/gitea/modules/charset
-	BreakWriter.Write
-
-code.gitea.io/gitea/modules/emoji
-	ReplaceCodes
-
-code.gitea.io/gitea/modules/eventsource
-	Event.String
-
-code.gitea.io/gitea/modules/forgefed
-	GetItemByType
-	JSONUnmarshalerFn
-	NotEmpty
-	ToRepository
-	OnRepository
-
-code.gitea.io/gitea/modules/git
-	AllowLFSFiltersArgs
-	AddChanges
-	AddChangesWithArgs
-	CommitChanges
-	CommitChangesWithArgs
-	SetUpdateHook
-	openRepositoryWithDefaultContext
-	IsTagExist
-	ToEntryMode
-	LimitedReaderCloser.Read
-	LimitedReaderCloser.Close
-
-code.gitea.io/gitea/modules/gitgraph
-	Parser.Reset
-
-code.gitea.io/gitea/modules/gitrepo
-	GetBranchCommitID
-	GetWikiDefaultBranch
-
-code.gitea.io/gitea/modules/graceful
-	Manager.TerminateContext
-	Manager.Err
-	Manager.Value
-	Manager.Deadline
-
-code.gitea.io/gitea/modules/hcaptcha
-	WithHTTP
-
-code.gitea.io/gitea/modules/hostmatcher
-	HostMatchList.AppendPattern
-
-code.gitea.io/gitea/modules/json
-	StdJSON.Marshal
-	StdJSON.Unmarshal
-	StdJSON.NewEncoder
-	StdJSON.NewDecoder
-	StdJSON.Indent
-
-code.gitea.io/gitea/modules/markup
-	GetRendererByType
-	RenderString
-	IsMarkupFile
-
-code.gitea.io/gitea/modules/markup/console
-	Render
-	RenderString
-
-code.gitea.io/gitea/modules/markup/markdown
-	IsDetails
-	IsSummary
-	IsTaskCheckBoxListItem
-	IsIcon
-	RenderRawString
-
-code.gitea.io/gitea/modules/markup/markdown/math
-	WithInlineDollarParser
-	WithBlockDollarParser
-
-code.gitea.io/gitea/modules/markup/mdstripper
-	stripRenderer.AddOptions
-	StripMarkdown
-
-code.gitea.io/gitea/modules/markup/orgmode
-	RenderString
-
-code.gitea.io/gitea/modules/private
-	ActionsRunnerRegister
-
-code.gitea.io/gitea/modules/process
-	Manager.ExecTimeout
-
-code.gitea.io/gitea/modules/queue
-	newBaseChannelSimple
-	newBaseChannelUnique
-	newBaseRedisSimple
-	newBaseRedisUnique
-	testStateRecorder.Records
-	testStateRecorder.Reset
-	newWorkerPoolQueueForTest
-
-code.gitea.io/gitea/modules/queue/lqinternal
-	QueueItemIDBytes
-	QueueItemKeyBytes
-	ListLevelQueueKeys
-
-code.gitea.io/gitea/modules/setting
-	NewConfigProviderFromData
-	GitConfigType.GetOption
-	InitLoggersForTest
-
-code.gitea.io/gitea/modules/storage
-	ErrInvalidConfiguration.Error
-	IsErrInvalidConfiguration
-
-code.gitea.io/gitea/modules/structs
-	ParseCreateHook
-	ParsePushHook
-
-code.gitea.io/gitea/modules/sync
-	StatusTable.Start
-	StatusTable.IsRunning
-
-code.gitea.io/gitea/modules/timeutil
-	GetExecutableModTime
-	MockSet
-	MockUnset
-
-code.gitea.io/gitea/modules/translation
-	MockLocale.Language
-	MockLocale.TrString
-	MockLocale.Tr
-	MockLocale.TrN
-	MockLocale.TrSize
-	MockLocale.PrettyNumber
-
-code.gitea.io/gitea/modules/util
-	OptionalArg
-
-code.gitea.io/gitea/modules/util/filebuffer
-	CreateFromReader
-
-code.gitea.io/gitea/modules/validation
-	IsErrNotValid
-
-code.gitea.io/gitea/modules/web
-	RouteMock
-	RouteMockReset
-
-code.gitea.io/gitea/modules/web/middleware
-	DeleteLocaleCookie
-
-code.gitea.io/gitea/modules/zstd
-	NewWriter
-	Writer.Write
-	Writer.Close
-
-code.gitea.io/gitea/routers/web
-	NotFound
-
-code.gitea.io/gitea/routers/web/org
-	MustEnableProjects
-
-code.gitea.io/gitea/services/context
-	GetPrivateContext
-
-code.gitea.io/gitea/services/convert
-	ToSecret
-
-code.gitea.io/gitea/services/forms
-	DeadlineForm.Validate
-
-code.gitea.io/gitea/services/pull
-	IsCommitStatusContextSuccess
-
-code.gitea.io/gitea/services/repository
-	IsErrForkAlreadyExist
-
-code.gitea.io/gitea/services/repository/archiver
-	ArchiveRepository
-
-code.gitea.io/gitea/services/repository/files
-	ContentType.String
-	GetFileResponseFromCommit
-	TemporaryUploadRepository.GetLastCommit
-	TemporaryUploadRepository.GetLastCommitByRef
-
-code.gitea.io/gitea/services/webhook
-	NewNotifier
+package "code.gitea.io/gitea/cmd"
+	func NoMainListener
+
+package "code.gitea.io/gitea/cmd/forgejo"
+	func ContextSetNoInit
+	func ContextSetNoExit
+	func ContextSetStderr
+	func ContextGetStderr
+	func ContextSetStdout
+	func ContextSetStdin
+
+package "code.gitea.io/gitea/models"
+	func IsErrUpdateTaskNotExist
+	func (ErrUpdateTaskNotExist).Error
+	func (ErrUpdateTaskNotExist).Unwrap
+	func IsErrSHANotFound
+	func IsErrMergeDivergingFastForwardOnly
+	func GetYamlFixturesAccess
+
+package "code.gitea.io/gitea/models/actions"
+	func (ScheduleList).GetUserIDs
+	func (ScheduleList).GetRepoIDs
+	func (ScheduleList).LoadTriggerUser
+	func (ScheduleList).LoadRepos
+	func GetVariableByID
+
+package "code.gitea.io/gitea/models/asymkey"
+	func (ErrGPGKeyAccessDenied).Error
+	func (ErrGPGKeyAccessDenied).Unwrap
+	func HasDeployKey
+
+package "code.gitea.io/gitea/models/auth"
+	func GetSourceByName
+	func GetWebAuthnCredentialByID
+	func WebAuthnCredentials
+
+package "code.gitea.io/gitea/models/db"
+	func TruncateBeans
+	func InTransaction
+	func DumpTables
+
+package "code.gitea.io/gitea/models/dbfs"
+	func (*file).renameTo
+	func Create
+	func Rename
+
+package "code.gitea.io/gitea/models/forgejo/semver"
+	func GetVersion
+	func SetVersionString
+	func SetVersion
+
+package "code.gitea.io/gitea/models/git"
+	func RemoveDeletedBranchByID
+
+package "code.gitea.io/gitea/models/issues"
+	func IsErrUnknownDependencyType
+	func (ErrNewIssueInsert).Error
+	func IsErrIssueWasClosed
+	func ChangeMilestoneStatus
+
+package "code.gitea.io/gitea/models/migrations/base"
+	func removeAllWithRetry
+	func newXORMEngine
+	func deleteDB
+	func PrepareTestEnv
+	func MainTest
+
+package "code.gitea.io/gitea/models/organization"
+	func GetTeamNamesByID
+	func UpdateTeamUnits
+	func (SearchMembersOptions).ToConds
+	func UsersInTeamsCount
+
+package "code.gitea.io/gitea/models/perm/access"
+	func GetRepoWriters
+
+package "code.gitea.io/gitea/models/project"
+	func UpdateBoardSorting
+	func ChangeProjectStatus
+
+package "code.gitea.io/gitea/models/repo"
+	func DeleteAttachmentsByIssue
+	func (*releaseSorter).Len
+	func (*releaseSorter).Less
+	func (*releaseSorter).Swap
+	func SortReleases
+	func FindReposMapByIDs
+	func (SearchOrderBy).String
+	func IsErrTopicNotExist
+	func (ErrTopicNotExist).Error
+	func (ErrTopicNotExist).Unwrap
+	func GetTopicByName
+	func WatchRepoMode
+
+package "code.gitea.io/gitea/models/unittest"
+	func CheckConsistencyFor
+	func checkForConsistency
+	func GetXORMEngine
+	func OverrideFixtures
+	func InitFixtures
+	func LoadFixtures
+	func Copy
+	func CopyDir
+	func NewMockWebServer
+	func NormalizedFullPath
+	func FixturesDir
+	func fatalTestError
+	func InitSettings
+	func MainTest
+	func CreateTestEngine
+	func PrepareTestDatabase
+	func PrepareTestEnv
+	func Cond
+	func OrderBy
+	func LoadBeanIfExists
+	func BeanExists
+	func AssertExistsAndLoadBean
+	func GetCount
+	func AssertNotExistsBean
+	func AssertExistsIf
+	func AssertSuccessfulInsert
+	func AssertCount
+	func AssertInt64InRange
+
+package "code.gitea.io/gitea/models/user"
+	func IsErrPrimaryEmailCannotDelete
+	func (ErrUserInactive).Error
+	func (ErrUserInactive).Unwrap
+	func IsErrExternalLoginUserAlreadyExist
+	func IsErrExternalLoginUserNotExist
+	func IsErrUserSettingIsNotExist
+	func GetUserAllSettings
+	func DeleteUserSetting
+	func GetUserEmailsByNames
+	func GetUserNamesByIDs
+
+package "code.gitea.io/gitea/modules/activitypub"
+	func CurrentTime
+	func containsRequiredHTTPHeaders
+	func NewClient
+	func (*Client).NewRequest
+	func (*Client).Post
+	func GetPrivateKey
+
+package "code.gitea.io/gitea/modules/assetfs"
+	func Bindata
+
+package "code.gitea.io/gitea/modules/auth/password/hash"
+	func (*DummyHasher).HashWithSaltBytes
+	func NewDummyHasher
+
+package "code.gitea.io/gitea/modules/auth/password/pwn"
+	func WithHTTP
+
+package "code.gitea.io/gitea/modules/base"
+	func SetupGiteaRoot
+
+package "code.gitea.io/gitea/modules/cache"
+	func GetInt
+	func WithNoCacheContext
+	func RemoveContextData
+
+package "code.gitea.io/gitea/modules/charset"
+	func (*BreakWriter).Write
+
+package "code.gitea.io/gitea/modules/emoji"
+	func ReplaceCodes
+
+package "code.gitea.io/gitea/modules/eventsource"
+	func (*Event).String
+
+package "code.gitea.io/gitea/modules/git"
+	func AllowLFSFiltersArgs
+	func AddChanges
+	func AddChangesWithArgs
+	func CommitChanges
+	func CommitChangesWithArgs
+	func IsErrExecTimeout
+	func (ErrExecTimeout).Error
+	func (ErrUnsupportedVersion).Error
+	func SetUpdateHook
+	func openRepositoryWithDefaultContext
+	func IsTagExist
+	func ToEntryMode
+	func (*LimitedReaderCloser).Read
+	func (*LimitedReaderCloser).Close
+
+package "code.gitea.io/gitea/modules/gitgraph"
+	func (*Parser).Reset
+
+package "code.gitea.io/gitea/modules/gitrepo"
+	func GetBranchCommitID
+	func GetWikiDefaultBranch
+
+package "code.gitea.io/gitea/modules/graceful"
+	func (*Manager).TerminateContext
+	func (*Manager).Err
+	func (*Manager).Value
+	func (*Manager).Deadline
+
+package "code.gitea.io/gitea/modules/hcaptcha"
+	func WithHTTP
+
+package "code.gitea.io/gitea/modules/json"
+	func (StdJSON).Marshal
+	func (StdJSON).Unmarshal
+	func (StdJSON).NewEncoder
+	func (StdJSON).NewDecoder
+	func (StdJSON).Indent
+
+package "code.gitea.io/gitea/modules/markup"
+	func IsSameDomain
+	func GetRendererByType
+	func RenderString
+	func IsMarkupFile
+
+package "code.gitea.io/gitea/modules/markup/console"
+	func Render
+	func RenderString
+
+package "code.gitea.io/gitea/modules/markup/markdown"
+	func IsDetails
+	func IsSummary
+	func IsTaskCheckBoxListItem
+	func IsIcon
+	func RenderRawString
+
+package "code.gitea.io/gitea/modules/markup/markdown/math"
+	func WithInlineDollarParser
+	func WithBlockDollarParser
+
+package "code.gitea.io/gitea/modules/markup/mdstripper"
+	func StripMarkdown
+
+package "code.gitea.io/gitea/modules/markup/orgmode"
+	func RenderString
+
+package "code.gitea.io/gitea/modules/private"
+	func ActionsRunnerRegister
+
+package "code.gitea.io/gitea/modules/process"
+	func (*Manager).ExecTimeout
+
+package "code.gitea.io/gitea/modules/queue"
+	func newBaseChannelSimple
+	func newBaseChannelUnique
+	func newBaseRedisSimple
+	func newBaseRedisUnique
+	func newWorkerPoolQueueForTest
+
+package "code.gitea.io/gitea/modules/queue/lqinternal"
+	func QueueItemIDBytes
+	func QueueItemKeyBytes
+	func ListLevelQueueKeys
+
+package "code.gitea.io/gitea/modules/setting"
+	func NewConfigProviderFromData
+	func (*GitConfigType).GetOption
+	func InitLoggersForTest
+
+package "code.gitea.io/gitea/modules/storage"
+	func (ErrInvalidConfiguration).Error
+	func IsErrInvalidConfiguration
+
+package "code.gitea.io/gitea/modules/structs"
+	func ParseCreateHook
+	func ParsePushHook
+
+package "code.gitea.io/gitea/modules/sync"
+	func (*StatusTable).Start
+	func (*StatusTable).IsRunning
+
+package "code.gitea.io/gitea/modules/testlogger"
+	func (*testLoggerWriterCloser).pushT
+	func (*testLoggerWriterCloser).Log
+	func (*testLoggerWriterCloser).recordError
+	func (*testLoggerWriterCloser).printMsg
+	func (*testLoggerWriterCloser).popT
+	func (*testLoggerWriterCloser).Reset
+	func PrintCurrentTest
+	func Printf
+	func NewTestLoggerWriter
+	func (*TestLogEventWriter).Base
+	func (*TestLogEventWriter).GetLevel
+	func (*TestLogEventWriter).GetWriterName
+	func (*TestLogEventWriter).GetWriterType
+	func (*TestLogEventWriter).Run
+
+package "code.gitea.io/gitea/modules/timeutil"
+	func GetExecutableModTime
+	func MockSet
+	func MockUnset
+
+package "code.gitea.io/gitea/modules/translation"
+	func (MockLocale).Language
+	func (MockLocale).TrString
+	func (MockLocale).Tr
+	func (MockLocale).TrN
+	func (MockLocale).TrSize
+	func (MockLocale).PrettyNumber
+
+package "code.gitea.io/gitea/modules/util/filebuffer"
+	func CreateFromReader
+
+package "code.gitea.io/gitea/modules/web"
+	func RouteMock
+	func RouteMockReset
+
+package "code.gitea.io/gitea/modules/web/middleware"
+	func DeleteLocaleCookie
+
+package "code.gitea.io/gitea/routers/web"
+	func NotFound
+
+package "code.gitea.io/gitea/routers/web/org"
+	func MustEnableProjects
+
+package "code.gitea.io/gitea/services/context"
+	func GetPrivateContext
+
+package "code.gitea.io/gitea/services/convert"
+	func ToSecret
+
+package "code.gitea.io/gitea/services/forms"
+	func (*DeadlineForm).Validate
+
+package "code.gitea.io/gitea/services/pull"
+	func IsCommitStatusContextSuccess
+
+package "code.gitea.io/gitea/services/repository"
+	func IsErrForkAlreadyExist
+
+package "code.gitea.io/gitea/services/repository/archiver"
+	func ArchiveRepository
+
+package "code.gitea.io/gitea/services/repository/files"
+	func (*ContentType).String
+	func GetFileResponseFromCommit
+	func (*TemporaryUploadRepository).GetLastCommit
+	func (*TemporaryUploadRepository).GetLastCommitByRef
+
+package "code.gitea.io/gitea/services/webhook"
+	func NewNotifier
 

.devcontainer/devcontainer.json

@@ -1,17 +1,16 @@
 {
   "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.23-bullseye",
+  "image": "mcr.microsoft.com/devcontainers/go:1.21-bullseye",
   "features": {
     // installs nodejs into container
     "ghcr.io/devcontainers/features/node:1": {
       "version": "20"
     },
-    "ghcr.io/devcontainers/features/git-lfs:1.2.3": {},
+    "ghcr.io/devcontainers/features/git-lfs:1.1.0": {},
     "ghcr.io/devcontainers-contrib/features/poetry:2": {},
     "ghcr.io/devcontainers/features/python:1": {
       "version": "3.12"
-    },
-    "ghcr.io/warrenbuckley/codespace-features/sqlite:1": {}
+    }
   },
   "customizations": {
     "vscode": {
@@ -26,9 +25,8 @@
         "Vue.volar",
         "ms-azuretools.vscode-docker",
         "vitest.explorer",
-        "cweijan.vscode-database-client2",
-        "GitHub.vscode-pull-request-github",
-        "Azurite.azurite"
+        "qwtel.sqlite-viewer",
+        "GitHub.vscode-pull-request-github"
       ]
     }
   },

.dockerignore

@@ -77,6 +77,7 @@ cpu.out
 /public/assets/css
 /public/assets/fonts
 /public/assets/img/avatar
+/public/assets/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
@@ -94,9 +95,6 @@ cpu.out
 /.air
 /.go-licenses
 
-# Files and folders that were previously generated
-/public/assets/img/webpack
-
 # Snapcraft
 snap/.snapcraft/
 parts/

.editorconfig

@@ -9,7 +9,7 @@ charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
 
-[{*.{go,tmpl,html},Makefile,go.mod}]
+[*.{go,tmpl,html}]
 indent_style = tab
 
 [templates/custom/*.tmpl]
@@ -21,6 +21,9 @@ indent_style = space
 [templates/user/auth/oidc_wellknown.tmpl]
 indent_style = space
 
+[Makefile]
+indent_style = tab
+
 [*.svg]
 insert_final_newline = false
 

.eslintrc.yaml

@@ -0,0 +1,841 @@
+root: true
+reportUnusedDisableDirectives: true
+
+ignorePatterns:
+  - /web_src/js/vendor
+
+parserOptions:
+  sourceType: module
+  ecmaVersion: latest
+
+plugins:
+  - "@eslint-community/eslint-plugin-eslint-comments"
+  - "@stylistic/eslint-plugin-js"
+  - eslint-plugin-array-func
+  - eslint-plugin-github
+  - eslint-plugin-i
+  - eslint-plugin-jquery
+  - eslint-plugin-no-jquery
+  - eslint-plugin-no-use-extend-native
+  - eslint-plugin-regexp
+  - eslint-plugin-sonarjs
+  - eslint-plugin-unicorn
+  - eslint-plugin-vitest
+  - eslint-plugin-vitest-globals
+  - eslint-plugin-wc
+
+env:
+  es2024: true
+  node: true
+
+overrides:
+  - files: ["web_src/**/*"]
+    globals:
+      __webpack_public_path__: true
+      process: false # https://github.com/webpack/webpack/issues/15833
+  - files: ["web_src/**/*", "docs/**/*"]
+    env:
+      browser: true
+      node: false
+  - files: ["web_src/**/*worker.*"]
+    env:
+      worker: true
+    rules:
+      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
+  - files: ["*.config.*"]
+    rules:
+      i/no-unused-modules: [0]
+  - files: ["**/*.test.*", "web_src/js/test/setup.js"]
+    env:
+      vitest-globals/env: true
+    rules:
+      vitest/consistent-test-filename: [0]
+      vitest/consistent-test-it: [0]
+      vitest/expect-expect: [0]
+      vitest/max-expects: [0]
+      vitest/max-nested-describe: [0]
+      vitest/no-alias-methods: [0]
+      vitest/no-commented-out-tests: [0]
+      vitest/no-conditional-expect: [0]
+      vitest/no-conditional-in-test: [0]
+      vitest/no-conditional-tests: [0]
+      vitest/no-disabled-tests: [0]
+      vitest/no-done-callback: [0]
+      vitest/no-duplicate-hooks: [0]
+      vitest/no-focused-tests: [0]
+      vitest/no-hooks: [0]
+      vitest/no-identical-title: [2]
+      vitest/no-interpolation-in-snapshots: [0]
+      vitest/no-large-snapshots: [0]
+      vitest/no-mocks-import: [0]
+      vitest/no-restricted-matchers: [0]
+      vitest/no-restricted-vi-methods: [0]
+      vitest/no-standalone-expect: [0]
+      vitest/no-test-prefixes: [0]
+      vitest/no-test-return-statement: [0]
+      vitest/prefer-called-with: [0]
+      vitest/prefer-comparison-matcher: [0]
+      vitest/prefer-each: [0]
+      vitest/prefer-equality-matcher: [0]
+      vitest/prefer-expect-resolves: [0]
+      vitest/prefer-hooks-in-order: [0]
+      vitest/prefer-hooks-on-top: [2]
+      vitest/prefer-lowercase-title: [0]
+      vitest/prefer-mock-promise-shorthand: [0]
+      vitest/prefer-snapshot-hint: [0]
+      vitest/prefer-spy-on: [0]
+      vitest/prefer-strict-equal: [0]
+      vitest/prefer-to-be: [0]
+      vitest/prefer-to-be-falsy: [0]
+      vitest/prefer-to-be-object: [0]
+      vitest/prefer-to-be-truthy: [0]
+      vitest/prefer-to-contain: [0]
+      vitest/prefer-to-have-length: [0]
+      vitest/prefer-todo: [0]
+      vitest/require-hook: [0]
+      vitest/require-to-throw-message: [0]
+      vitest/require-top-level-describe: [0]
+      vitest/valid-describe-callback: [2]
+      vitest/valid-expect: [2]
+      vitest/valid-title: [2]
+  - files: ["web_src/js/modules/fetch.js", "web_src/js/standalone/**/*"]
+    rules:
+      no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression]
+
+rules:
+  "@eslint-community/eslint-comments/disable-enable-pair": [2]
+  "@eslint-community/eslint-comments/no-aggregating-enable": [2]
+  "@eslint-community/eslint-comments/no-duplicate-disable": [2]
+  "@eslint-community/eslint-comments/no-restricted-disable": [0]
+  "@eslint-community/eslint-comments/no-unlimited-disable": [2]
+  "@eslint-community/eslint-comments/no-unused-disable": [2]
+  "@eslint-community/eslint-comments/no-unused-enable": [2]
+  "@eslint-community/eslint-comments/no-use": [0]
+  "@eslint-community/eslint-comments/require-description": [0]
+  "@stylistic/js/array-bracket-newline": [0]
+  "@stylistic/js/array-bracket-spacing": [2, never]
+  "@stylistic/js/array-element-newline": [0]
+  "@stylistic/js/arrow-parens": [2, always]
+  "@stylistic/js/arrow-spacing": [2, {before: true, after: true}]
+  "@stylistic/js/block-spacing": [0]
+  "@stylistic/js/brace-style": [2, 1tbs, {allowSingleLine: true}]
+  "@stylistic/js/comma-dangle": [2, always-multiline]
+  "@stylistic/js/comma-spacing": [2, {before: false, after: true}]
+  "@stylistic/js/comma-style": [2, last]
+  "@stylistic/js/computed-property-spacing": [2, never]
+  "@stylistic/js/dot-location": [2, property]
+  "@stylistic/js/eol-last": [2]
+  "@stylistic/js/function-call-spacing": [2, never]
+  "@stylistic/js/function-call-argument-newline": [0]
+  "@stylistic/js/function-paren-newline": [0]
+  "@stylistic/js/generator-star-spacing": [0]
+  "@stylistic/js/implicit-arrow-linebreak": [0]
+  "@stylistic/js/indent": [2, 2, {ignoreComments: true, SwitchCase: 1}]
+  "@stylistic/js/key-spacing": [2]
+  "@stylistic/js/keyword-spacing": [2]
+  "@stylistic/js/linebreak-style": [2, unix]
+  "@stylistic/js/lines-around-comment": [0]
+  "@stylistic/js/lines-between-class-members": [0]
+  "@stylistic/js/max-len": [0]
+  "@stylistic/js/max-statements-per-line": [0]
+  "@stylistic/js/multiline-ternary": [0]
+  "@stylistic/js/new-parens": [2]
+  "@stylistic/js/newline-per-chained-call": [0]
+  "@stylistic/js/no-confusing-arrow": [0]
+  "@stylistic/js/no-extra-parens": [0]
+  "@stylistic/js/no-extra-semi": [2]
+  "@stylistic/js/no-floating-decimal": [0]
+  "@stylistic/js/no-mixed-operators": [0]
+  "@stylistic/js/no-mixed-spaces-and-tabs": [2]
+  "@stylistic/js/no-multi-spaces": [2, {ignoreEOLComments: true, exceptions: {Property: true}}]
+  "@stylistic/js/no-multiple-empty-lines": [2, {max: 1, maxEOF: 0, maxBOF: 0}]
+  "@stylistic/js/no-tabs": [2]
+  "@stylistic/js/no-trailing-spaces": [2]
+  "@stylistic/js/no-whitespace-before-property": [2]
+  "@stylistic/js/nonblock-statement-body-position": [2]
+  "@stylistic/js/object-curly-newline": [0]
+  "@stylistic/js/object-curly-spacing": [2, never]
+  "@stylistic/js/object-property-newline": [0]
+  "@stylistic/js/one-var-declaration-per-line": [0]
+  "@stylistic/js/operator-linebreak": [2, after]
+  "@stylistic/js/padded-blocks": [2, never]
+  "@stylistic/js/padding-line-between-statements": [0]
+  "@stylistic/js/quote-props": [0]
+  "@stylistic/js/quotes": [2, single, {avoidEscape: true, allowTemplateLiterals: true}]
+  "@stylistic/js/rest-spread-spacing": [2, never]
+  "@stylistic/js/semi": [2, always, {omitLastInOneLineBlock: true}]
+  "@stylistic/js/semi-spacing": [2, {before: false, after: true}]
+  "@stylistic/js/semi-style": [2, last]
+  "@stylistic/js/space-before-blocks": [2, always]
+  "@stylistic/js/space-before-function-paren": [2, {anonymous: ignore, named: never, asyncArrow: always}]
+  "@stylistic/js/space-in-parens": [2, never]
+  "@stylistic/js/space-infix-ops": [2]
+  "@stylistic/js/space-unary-ops": [2]
+  "@stylistic/js/spaced-comment": [2, always]
+  "@stylistic/js/switch-colon-spacing": [2]
+  "@stylistic/js/template-curly-spacing": [2, never]
+  "@stylistic/js/template-tag-spacing": [2, never]
+  "@stylistic/js/wrap-iife": [2, inside]
+  "@stylistic/js/wrap-regex": [0]
+  "@stylistic/js/yield-star-spacing": [2, after]
+  accessor-pairs: [2]
+  array-callback-return: [2, {checkForEach: true}]
+  array-func/avoid-reverse: [2]
+  array-func/from-map: [2]
+  array-func/no-unnecessary-this-arg: [2]
+  array-func/prefer-array-from: [2]
+  array-func/prefer-flat-map: [0] # handled by unicorn/prefer-array-flat-map
+  array-func/prefer-flat: [0] # handled by unicorn/prefer-array-flat
+  arrow-body-style: [0]
+  block-scoped-var: [2]
+  camelcase: [0]
+  capitalized-comments: [0]
+  class-methods-use-this: [0]
+  complexity: [0]
+  consistent-return: [0]
+  consistent-this: [0]
+  constructor-super: [2]
+  curly: [0]
+  default-case-last: [2]
+  default-case: [0]
+  default-param-last: [0]
+  dot-notation: [0]
+  eqeqeq: [2]
+  for-direction: [2]
+  func-name-matching: [2]
+  func-names: [0]
+  func-style: [0]
+  getter-return: [2]
+  github/a11y-aria-label-is-well-formatted: [0]
+  github/a11y-no-title-attribute: [0]
+  github/a11y-no-visually-hidden-interactive-element: [0]
+  github/a11y-role-supports-aria-props: [0]
+  github/a11y-svg-has-accessible-name: [0]
+  github/array-foreach: [0]
+  github/async-currenttarget: [2]
+  github/async-preventdefault: [2]
+  github/authenticity-token: [0]
+  github/get-attribute: [0]
+  github/js-class-name: [0]
+  github/no-blur: [0]
+  github/no-d-none: [0]
+  github/no-dataset: [2]
+  github/no-dynamic-script-tag: [2]
+  github/no-implicit-buggy-globals: [2]
+  github/no-inner-html: [0]
+  github/no-innerText: [2]
+  github/no-then: [2]
+  github/no-useless-passive: [2]
+  github/prefer-observers: [2]
+  github/require-passive-events: [2]
+  github/unescaped-html-literal: [0]
+  grouped-accessor-pairs: [2]
+  guard-for-in: [0]
+  id-blacklist: [0]
+  id-length: [0]
+  id-match: [0]
+  i/consistent-type-specifier-style: [0]
+  i/default: [0]
+  i/dynamic-import-chunkname: [0]
+  i/export: [2]
+  i/exports-last: [0]
+  i/extensions: [2, always, {ignorePackages: true}]
+  i/first: [2]
+  i/group-exports: [0]
+  i/max-dependencies: [0]
+  i/named: [2]
+  i/namespace: [0]
+  i/newline-after-import: [0]
+  i/no-absolute-path: [0]
+  i/no-amd: [2]
+  i/no-anonymous-default-export: [0]
+  i/no-commonjs: [2]
+  i/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
+  i/no-default-export: [0]
+  i/no-deprecated: [0]
+  i/no-dynamic-require: [0]
+  i/no-empty-named-blocks: [2]
+  i/no-extraneous-dependencies: [2]
+  i/no-import-module-exports: [0]
+  i/no-internal-modules: [0]
+  i/no-mutable-exports: [0]
+  i/no-named-as-default-member: [0]
+  i/no-named-as-default: [2]
+  i/no-named-default: [0]
+  i/no-named-export: [0]
+  i/no-namespace: [0]
+  i/no-nodejs-modules: [0]
+  i/no-relative-packages: [0]
+  i/no-relative-parent-imports: [0]
+  i/no-restricted-paths: [0]
+  i/no-self-import: [2]
+  i/no-unassigned-import: [0]
+  i/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$", ^vitest/]}]
+  i/no-unused-modules: [2, {unusedExports: true}]
+  i/no-useless-path-segments: [2, {commonjs: true}]
+  i/no-webpack-loader-syntax: [2]
+  i/order: [0]
+  i/prefer-default-export: [0]
+  i/unambiguous: [0]
+  init-declarations: [0]
+  jquery/no-ajax-events: [2]
+  jquery/no-ajax: [2]
+  jquery/no-animate: [2]
+  jquery/no-attr: [2]
+  jquery/no-bind: [2]
+  jquery/no-class: [0]
+  jquery/no-clone: [2]
+  jquery/no-closest: [0]
+  jquery/no-css: [2]
+  jquery/no-data: [0]
+  jquery/no-deferred: [2]
+  jquery/no-delegate: [2]
+  jquery/no-each: [0]
+  jquery/no-extend: [2]
+  jquery/no-fade: [2]
+  jquery/no-filter: [0]
+  jquery/no-find: [0]
+  jquery/no-global-eval: [2]
+  jquery/no-grep: [2]
+  jquery/no-has: [2]
+  jquery/no-hide: [2]
+  jquery/no-html: [0]
+  jquery/no-in-array: [2]
+  jquery/no-is-array: [2]
+  jquery/no-is-function: [2]
+  jquery/no-is: [2]
+  jquery/no-load: [2]
+  jquery/no-map: [2]
+  jquery/no-merge: [2]
+  jquery/no-param: [2]
+  jquery/no-parent: [0]
+  jquery/no-parents: [0]
+  jquery/no-parse-html: [2]
+  jquery/no-prop: [2]
+  jquery/no-proxy: [2]
+  jquery/no-ready: [2]
+  jquery/no-serialize: [2]
+  jquery/no-show: [2]
+  jquery/no-size: [2]
+  jquery/no-sizzle: [0]
+  jquery/no-slide: [0]
+  jquery/no-submit: [0]
+  jquery/no-text: [0]
+  jquery/no-toggle: [2]
+  jquery/no-trigger: [0]
+  jquery/no-trim: [2]
+  jquery/no-val: [0]
+  jquery/no-when: [2]
+  jquery/no-wrap: [2]
+  line-comment-position: [0]
+  logical-assignment-operators: [0]
+  max-classes-per-file: [0]
+  max-depth: [0]
+  max-lines-per-function: [0]
+  max-lines: [0]
+  max-nested-callbacks: [0]
+  max-params: [0]
+  max-statements: [0]
+  multiline-comment-style: [2, separate-lines]
+  new-cap: [0]
+  no-alert: [0]
+  no-array-constructor: [2]
+  no-async-promise-executor: [0]
+  no-await-in-loop: [0]
+  no-bitwise: [0]
+  no-buffer-constructor: [0]
+  no-caller: [2]
+  no-case-declarations: [2]
+  no-class-assign: [2]
+  no-compare-neg-zero: [2]
+  no-cond-assign: [2, except-parens]
+  no-console: [1, {allow: [debug, info, warn, error]}]
+  no-const-assign: [2]
+  no-constant-binary-expression: [2]
+  no-constant-condition: [0]
+  no-constructor-return: [2]
+  no-continue: [0]
+  no-control-regex: [0]
+  no-debugger: [1]
+  no-delete-var: [2]
+  no-div-regex: [0]
+  no-dupe-args: [2]
+  no-dupe-class-members: [2]
+  no-dupe-else-if: [2]
+  no-dupe-keys: [2]
+  no-duplicate-case: [2]
+  no-duplicate-imports: [2]
+  no-else-return: [2]
+  no-empty-character-class: [2]
+  no-empty-function: [0]
+  no-empty-pattern: [2]
+  no-empty-static-block: [2]
+  no-empty: [2, {allowEmptyCatch: true}]
+  no-eq-null: [2]
+  no-eval: [2]
+  no-ex-assign: [2]
+  no-extend-native: [2]
+  no-extra-bind: [2]
+  no-extra-boolean-cast: [2]
+  no-extra-label: [0]
+  no-fallthrough: [2]
+  no-func-assign: [2]
+  no-global-assign: [2]
+  no-implicit-coercion: [2]
+  no-implicit-globals: [0]
+  no-implied-eval: [2]
+  no-import-assign: [2]
+  no-inline-comments: [0]
+  no-inner-declarations: [2]
+  no-invalid-regexp: [2]
+  no-invalid-this: [0]
+  no-irregular-whitespace: [2]
+  no-iterator: [2]
+  no-jquery/no-ajax-events: [2]
+  no-jquery/no-ajax: [2]
+  no-jquery/no-and-self: [2]
+  no-jquery/no-animate-toggle: [2]
+  no-jquery/no-animate: [2]
+  no-jquery/no-append-html: [2]
+  no-jquery/no-attr: [2]
+  no-jquery/no-bind: [2]
+  no-jquery/no-box-model: [2]
+  no-jquery/no-browser: [2]
+  no-jquery/no-camel-case: [2]
+  no-jquery/no-class-state: [0]
+  no-jquery/no-class: [0]
+  no-jquery/no-clone: [2]
+  no-jquery/no-closest: [0]
+  no-jquery/no-constructor-attributes: [2]
+  no-jquery/no-contains: [2]
+  no-jquery/no-context-prop: [2]
+  no-jquery/no-css: [2]
+  no-jquery/no-data: [0]
+  no-jquery/no-deferred: [2]
+  no-jquery/no-delegate: [2]
+  no-jquery/no-each-collection: [0]
+  no-jquery/no-each-util: [0]
+  no-jquery/no-each: [0]
+  no-jquery/no-error-shorthand: [2]
+  no-jquery/no-error: [2]
+  no-jquery/no-escape-selector: [2]
+  no-jquery/no-event-shorthand: [2]
+  no-jquery/no-extend: [2]
+  no-jquery/no-fade: [2]
+  no-jquery/no-filter: [0]
+  no-jquery/no-find-collection: [0]
+  no-jquery/no-find-util: [2]
+  no-jquery/no-find: [0]
+  no-jquery/no-fx-interval: [2]
+  no-jquery/no-global-eval: [2]
+  no-jquery/no-global-selector: [0]
+  no-jquery/no-grep: [2]
+  no-jquery/no-has: [2]
+  no-jquery/no-hold-ready: [2]
+  no-jquery/no-html: [0]
+  no-jquery/no-in-array: [2]
+  no-jquery/no-is-array: [2]
+  no-jquery/no-is-empty-object: [2]
+  no-jquery/no-is-function: [2]
+  no-jquery/no-is-numeric: [2]
+  no-jquery/no-is-plain-object: [2]
+  no-jquery/no-is-window: [2]
+  no-jquery/no-is: [2]
+  no-jquery/no-jquery-constructor: [0]
+  no-jquery/no-live: [2]
+  no-jquery/no-load-shorthand: [2]
+  no-jquery/no-load: [2]
+  no-jquery/no-map-collection: [0]
+  no-jquery/no-map-util: [2]
+  no-jquery/no-map: [2]
+  no-jquery/no-merge: [2]
+  no-jquery/no-node-name: [2]
+  no-jquery/no-noop: [2]
+  no-jquery/no-now: [2]
+  no-jquery/no-on-ready: [2]
+  no-jquery/no-other-methods: [0]
+  no-jquery/no-other-utils: [2]
+  no-jquery/no-param: [2]
+  no-jquery/no-parent: [0]
+  no-jquery/no-parents: [0]
+  no-jquery/no-parse-html-literal: [0]
+  no-jquery/no-parse-html: [2]
+  no-jquery/no-parse-json: [2]
+  no-jquery/no-parse-xml: [2]
+  no-jquery/no-prop: [2]
+  no-jquery/no-proxy: [2]
+  no-jquery/no-ready-shorthand: [2]
+  no-jquery/no-ready: [2]
+  no-jquery/no-selector-prop: [2]
+  no-jquery/no-serialize: [2]
+  no-jquery/no-size: [2]
+  no-jquery/no-sizzle: [0]
+  no-jquery/no-slide: [2]
+  no-jquery/no-sub: [2]
+  no-jquery/no-support: [2]
+  no-jquery/no-text: [0]
+  no-jquery/no-trigger: [0]
+  no-jquery/no-trim: [2]
+  no-jquery/no-type: [2]
+  no-jquery/no-unique: [2]
+  no-jquery/no-unload-shorthand: [2]
+  no-jquery/no-val: [0]
+  no-jquery/no-visibility: [2]
+  no-jquery/no-when: [2]
+  no-jquery/no-wrap: [2]
+  no-jquery/variable-pattern: [2]
+  no-label-var: [2]
+  no-labels: [0] # handled by no-restricted-syntax
+  no-lone-blocks: [2]
+  no-lonely-if: [0]
+  no-loop-func: [0]
+  no-loss-of-precision: [2]
+  no-magic-numbers: [0]
+  no-misleading-character-class: [2]
+  no-multi-assign: [0]
+  no-multi-str: [2]
+  no-negated-condition: [0]
+  no-nested-ternary: [0]
+  no-new-func: [2]
+  no-new-native-nonconstructor: [2]
+  no-new-object: [2]
+  no-new-symbol: [2]
+  no-new-wrappers: [2]
+  no-new: [0]
+  no-nonoctal-decimal-escape: [2]
+  no-obj-calls: [2]
+  no-octal-escape: [2]
+  no-octal: [2]
+  no-param-reassign: [0]
+  no-plusplus: [0]
+  no-promise-executor-return: [0]
+  no-proto: [2]
+  no-prototype-builtins: [2]
+  no-redeclare: [2]
+  no-regex-spaces: [2]
+  no-restricted-exports: [0]
+  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
+  no-restricted-imports: [0]
+  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression, {selector: "CallExpression[callee.name='fetch']", message: "use modules/fetch.js instead"}]
+  no-return-assign: [0]
+  no-script-url: [2]
+  no-self-assign: [2, {props: true}]
+  no-self-compare: [2]
+  no-sequences: [2]
+  no-setter-return: [2]
+  no-shadow-restricted-names: [2]
+  no-shadow: [0]
+  no-sparse-arrays: [2]
+  no-template-curly-in-string: [2]
+  no-ternary: [0]
+  no-this-before-super: [2]
+  no-throw-literal: [2]
+  no-undef-init: [2]
+  no-undef: [2, {typeof: true}]
+  no-undefined: [0]
+  no-underscore-dangle: [0]
+  no-unexpected-multiline: [2]
+  no-unmodified-loop-condition: [2]
+  no-unneeded-ternary: [0]
+  no-unreachable-loop: [2]
+  no-unreachable: [2]
+  no-unsafe-finally: [2]
+  no-unsafe-negation: [2]
+  no-unused-expressions: [2]
+  no-unused-labels: [2]
+  no-unused-private-class-members: [2]
+  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
+  no-use-before-define: [2, {functions: false, classes: true, variables: true, allowNamedExports: true}]
+  no-use-extend-native/no-use-extend-native: [2]
+  no-useless-backreference: [2]
+  no-useless-call: [2]
+  no-useless-catch: [2]
+  no-useless-computed-key: [2]
+  no-useless-concat: [2]
+  no-useless-constructor: [2]
+  no-useless-escape: [2]
+  no-useless-rename: [2]
+  no-useless-return: [2]
+  no-var: [2]
+  no-void: [2]
+  no-warning-comments: [0]
+  no-with: [0] # handled by no-restricted-syntax
+  object-shorthand: [2, always]
+  one-var-declaration-per-line: [0]
+  one-var: [0]
+  operator-assignment: [2, always]
+  operator-linebreak: [2, after]
+  prefer-arrow-callback: [2, {allowNamedFunctions: true, allowUnboundThis: true}]
+  prefer-const: [2, {destructuring: all, ignoreReadBeforeAssign: true}]
+  prefer-destructuring: [0]
+  prefer-exponentiation-operator: [2]
+  prefer-named-capture-group: [0]
+  prefer-numeric-literals: [2]
+  prefer-object-has-own: [2]
+  prefer-object-spread: [2]
+  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
+  prefer-regex-literals: [2]
+  prefer-rest-params: [2]
+  prefer-spread: [2]
+  prefer-template: [2]
+  radix: [2, as-needed]
+  regexp/confusing-quantifier: [2]
+  regexp/control-character-escape: [2]
+  regexp/hexadecimal-escape: [0]
+  regexp/letter-case: [0]
+  regexp/match-any: [2]
+  regexp/negation: [2]
+  regexp/no-contradiction-with-assertion: [0]
+  regexp/no-control-character: [0]
+  regexp/no-dupe-characters-character-class: [2]
+  regexp/no-dupe-disjunctions: [2]
+  regexp/no-empty-alternative: [2]
+  regexp/no-empty-capturing-group: [2]
+  regexp/no-empty-character-class: [0]
+  regexp/no-empty-group: [2]
+  regexp/no-empty-lookarounds-assertion: [2]
+  regexp/no-empty-string-literal: [2]
+  regexp/no-escape-backspace: [2]
+  regexp/no-extra-lookaround-assertions: [0]
+  regexp/no-invalid-regexp: [2]
+  regexp/no-invisible-character: [2]
+  regexp/no-lazy-ends: [2]
+  regexp/no-legacy-features: [2]
+  regexp/no-misleading-capturing-group: [0]
+  regexp/no-misleading-unicode-character: [0]
+  regexp/no-missing-g-flag: [2]
+  regexp/no-non-standard-flag: [2]
+  regexp/no-obscure-range: [2]
+  regexp/no-octal: [2]
+  regexp/no-optional-assertion: [2]
+  regexp/no-potentially-useless-backreference: [2]
+  regexp/no-standalone-backslash: [2]
+  regexp/no-super-linear-backtracking: [0]
+  regexp/no-super-linear-move: [0]
+  regexp/no-trivially-nested-assertion: [2]
+  regexp/no-trivially-nested-quantifier: [2]
+  regexp/no-unused-capturing-group: [0]
+  regexp/no-useless-assertions: [2]
+  regexp/no-useless-backreference: [2]
+  regexp/no-useless-character-class: [2]
+  regexp/no-useless-dollar-replacements: [2]
+  regexp/no-useless-escape: [2]
+  regexp/no-useless-flag: [2]
+  regexp/no-useless-lazy: [2]
+  regexp/no-useless-non-capturing-group: [2]
+  regexp/no-useless-quantifier: [2]
+  regexp/no-useless-range: [2]
+  regexp/no-useless-set-operand: [2]
+  regexp/no-useless-string-literal: [2]
+  regexp/no-useless-two-nums-quantifier: [2]
+  regexp/no-zero-quantifier: [2]
+  regexp/optimal-lookaround-quantifier: [2]
+  regexp/optimal-quantifier-concatenation: [0]
+  regexp/prefer-character-class: [0]
+  regexp/prefer-d: [0]
+  regexp/prefer-escape-replacement-dollar-char: [0]
+  regexp/prefer-lookaround: [0]
+  regexp/prefer-named-backreference: [0]
+  regexp/prefer-named-capture-group: [0]
+  regexp/prefer-named-replacement: [0]
+  regexp/prefer-plus-quantifier: [2]
+  regexp/prefer-predefined-assertion: [2]
+  regexp/prefer-quantifier: [0]
+  regexp/prefer-question-quantifier: [2]
+  regexp/prefer-range: [2]
+  regexp/prefer-regexp-exec: [2]
+  regexp/prefer-regexp-test: [2]
+  regexp/prefer-result-array-groups: [0]
+  regexp/prefer-set-operation: [2]
+  regexp/prefer-star-quantifier: [2]
+  regexp/prefer-unicode-codepoint-escapes: [2]
+  regexp/prefer-w: [0]
+  regexp/require-unicode-regexp: [0]
+  regexp/simplify-set-operations: [2]
+  regexp/sort-alternatives: [0]
+  regexp/sort-character-class-elements: [0]
+  regexp/sort-flags: [0]
+  regexp/strict: [2]
+  regexp/unicode-escape: [0]
+  regexp/use-ignore-case: [0]
+  require-atomic-updates: [0]
+  require-await: [0]
+  require-unicode-regexp: [0]
+  require-yield: [2]
+  sonarjs/cognitive-complexity: [0]
+  sonarjs/elseif-without-else: [0]
+  sonarjs/max-switch-cases: [0]
+  sonarjs/no-all-duplicated-branches: [2]
+  sonarjs/no-collapsible-if: [0]
+  sonarjs/no-collection-size-mischeck: [2]
+  sonarjs/no-duplicate-string: [0]
+  sonarjs/no-duplicated-branches: [0]
+  sonarjs/no-element-overwrite: [2]
+  sonarjs/no-empty-collection: [2]
+  sonarjs/no-extra-arguments: [2]
+  sonarjs/no-gratuitous-expressions: [2]
+  sonarjs/no-identical-conditions: [2]
+  sonarjs/no-identical-expressions: [2]
+  sonarjs/no-identical-functions: [2, 5]
+  sonarjs/no-ignored-return: [2]
+  sonarjs/no-inverted-boolean-check: [2]
+  sonarjs/no-nested-switch: [0]
+  sonarjs/no-nested-template-literals: [0]
+  sonarjs/no-one-iteration-loop: [2]
+  sonarjs/no-redundant-boolean: [2]
+  sonarjs/no-redundant-jump: [2]
+  sonarjs/no-same-line-conditional: [2]
+  sonarjs/no-small-switch: [0]
+  sonarjs/no-unused-collection: [2]
+  sonarjs/no-use-of-empty-return-value: [2]
+  sonarjs/no-useless-catch: [2]
+  sonarjs/non-existent-operator: [2]
+  sonarjs/prefer-immediate-return: [0]
+  sonarjs/prefer-object-literal: [0]
+  sonarjs/prefer-single-boolean-return: [0]
+  sonarjs/prefer-while: [2]
+  sort-imports: [0]
+  sort-keys: [0]
+  sort-vars: [0]
+  strict: [0]
+  symbol-description: [2]
+  unicode-bom: [2, never]
+  unicorn/better-regex: [0]
+  unicorn/catch-error-name: [0]
+  unicorn/consistent-destructuring: [2]
+  unicorn/consistent-function-scoping: [2]
+  unicorn/custom-error-definition: [0]
+  unicorn/empty-brace-spaces: [2]
+  unicorn/error-message: [0]
+  unicorn/escape-case: [0]
+  unicorn/expiring-todo-comments: [0]
+  unicorn/explicit-length-check: [0]
+  unicorn/filename-case: [0]
+  unicorn/import-index: [0]
+  unicorn/import-style: [0]
+  unicorn/new-for-builtins: [2]
+  unicorn/no-abusive-eslint-disable: [0]
+  unicorn/no-array-callback-reference: [0]
+  unicorn/no-array-for-each: [2]
+  unicorn/no-array-method-this-argument: [2]
+  unicorn/no-array-push-push: [2]
+  unicorn/no-array-reduce: [2]
+  unicorn/no-await-expression-member: [0]
+  unicorn/no-console-spaces: [0]
+  unicorn/no-document-cookie: [2]
+  unicorn/no-empty-file: [2]
+  unicorn/no-for-loop: [0]
+  unicorn/no-hex-escape: [0]
+  unicorn/no-instanceof-array: [0]
+  unicorn/no-invalid-remove-event-listener: [2]
+  unicorn/no-keyword-prefix: [0]
+  unicorn/no-lonely-if: [2]
+  unicorn/no-negated-condition: [0]
+  unicorn/no-nested-ternary: [0]
+  unicorn/no-new-array: [0]
+  unicorn/no-new-buffer: [0]
+  unicorn/no-null: [0]
+  unicorn/no-object-as-default-parameter: [0]
+  unicorn/no-process-exit: [0]
+  unicorn/no-static-only-class: [2]
+  unicorn/no-thenable: [2]
+  unicorn/no-this-assignment: [2]
+  unicorn/no-typeof-undefined: [2]
+  unicorn/no-unnecessary-await: [2]
+  unicorn/no-unnecessary-polyfills: [2]
+  unicorn/no-unreadable-array-destructuring: [0]
+  unicorn/no-unreadable-iife: [2]
+  unicorn/no-unused-properties: [2]
+  unicorn/no-useless-fallback-in-spread: [2]
+  unicorn/no-useless-length-check: [2]
+  unicorn/no-useless-promise-resolve-reject: [2]
+  unicorn/no-useless-spread: [2]
+  unicorn/no-useless-switch-case: [2]
+  unicorn/no-useless-undefined: [0]
+  unicorn/no-zero-fractions: [2]
+  unicorn/number-literal-case: [0]
+  unicorn/numeric-separators-style: [0]
+  unicorn/prefer-add-event-listener: [2]
+  unicorn/prefer-array-find: [2]
+  unicorn/prefer-array-flat-map: [2]
+  unicorn/prefer-array-flat: [2]
+  unicorn/prefer-array-index-of: [2]
+  unicorn/prefer-array-some: [2]
+  unicorn/prefer-at: [0]
+  unicorn/prefer-blob-reading-methods: [2]
+  unicorn/prefer-code-point: [0]
+  unicorn/prefer-date-now: [2]
+  unicorn/prefer-default-parameters: [0]
+  unicorn/prefer-dom-node-append: [2]
+  unicorn/prefer-dom-node-dataset: [0]
+  unicorn/prefer-dom-node-remove: [2]
+  unicorn/prefer-dom-node-text-content: [2]
+  unicorn/prefer-event-target: [2]
+  unicorn/prefer-export-from: [0]
+  unicorn/prefer-includes: [2]
+  unicorn/prefer-json-parse-buffer: [0]
+  unicorn/prefer-keyboard-event-key: [2]
+  unicorn/prefer-logical-operator-over-ternary: [2]
+  unicorn/prefer-math-trunc: [2]
+  unicorn/prefer-modern-dom-apis: [0]
+  unicorn/prefer-modern-math-apis: [2]
+  unicorn/prefer-module: [2]
+  unicorn/prefer-native-coercion-functions: [2]
+  unicorn/prefer-negative-index: [2]
+  unicorn/prefer-node-protocol: [2]
+  unicorn/prefer-number-properties: [0]
+  unicorn/prefer-object-from-entries: [2]
+  unicorn/prefer-object-has-own: [0]
+  unicorn/prefer-optional-catch-binding: [2]
+  unicorn/prefer-prototype-methods: [0]
+  unicorn/prefer-query-selector: [0]
+  unicorn/prefer-reflect-apply: [0]
+  unicorn/prefer-regexp-test: [2]
+  unicorn/prefer-set-has: [0]
+  unicorn/prefer-set-size: [2]
+  unicorn/prefer-spread: [0]
+  unicorn/prefer-string-replace-all: [0]
+  unicorn/prefer-string-slice: [0]
+  unicorn/prefer-string-starts-ends-with: [2]
+  unicorn/prefer-string-trim-start-end: [2]
+  unicorn/prefer-switch: [0]
+  unicorn/prefer-ternary: [0]
+  unicorn/prefer-text-content: [2]
+  unicorn/prefer-top-level-await: [0]
+  unicorn/prefer-type-error: [0]
+  unicorn/prevent-abbreviations: [0]
+  unicorn/relative-url-style: [2]
+  unicorn/require-array-join-separator: [2]
+  unicorn/require-number-to-fixed-digits-argument: [2]
+  unicorn/require-post-message-target-origin: [0]
+  unicorn/string-content: [0]
+  unicorn/switch-case-braces: [0]
+  unicorn/template-indent: [2]
+  unicorn/text-encoding-identifier-case: [0]
+  unicorn/throw-new-error: [2]
+  use-isnan: [2]
+  valid-typeof: [2, {requireStringLiterals: true}]
+  vars-on-top: [0]
+  wc/attach-shadow-constructor: [2]
+  wc/define-tag-after-class-definition: [0]
+  wc/expose-class-on-global: [0]
+  wc/file-name-matches-element: [2]
+  wc/guard-define-call: [0]
+  wc/guard-super-call: [2]
+  wc/max-elements-per-file: [0]
+  wc/no-child-traversal-in-attributechangedcallback: [2]
+  wc/no-child-traversal-in-connectedcallback: [2]
+  wc/no-closed-shadow-root: [2]
+  wc/no-constructor-attributes: [2]
+  wc/no-constructor-params: [2]
+  wc/no-constructor: [2]
+  wc/no-customized-built-in-elements: [2]
+  wc/no-exports-with-element: [0]
+  wc/no-invalid-element-name: [2]
+  wc/no-invalid-extends: [2]
+  wc/no-method-prefixed-with-on: [2]
+  wc/no-self-class: [2]
+  wc/no-typos: [2]
+  wc/require-listener-teardown: [2]
+  wc/tag-name-matches-class: [2]
+  yoda: [2, never]

.forgejo/cascading-pr-end-to-end

@@ -13,22 +13,21 @@ minor_version=$(make show-version-minor)
 
 cd $end_to_end
 
-if ! test -f forgejo/sources/$minor_version; then
-  echo "FAIL: forgejo/sources/$minor_version does not exist in the end-to-end repository"
-  false
+if ! test -f forgejo/sources/$minor_version ; then
+    echo "FAIL: forgejo/sources/$minor_version does not exist in the end-to-end repository"
+    false
 fi
 
-echo -n $minor_version >forgejo/build-from-sources
-date >last-upgrade
+date > last-upgrade
 
-if test -f "$forgejo_pr_or_ref"; then
-  forgejo_pr=$forgejo_pr_or_ref
-  head_url=$(jq --raw-output .head.repo.html_url <$forgejo_pr)
-  test "$head_url" != null
-  branch=$(jq --raw-output .head.ref <$forgejo_pr)
-  test "$branch" != null
-  echo $head_url $branch $full_version >forgejo/sources/$minor_version
+if test -f "$forgejo_pr_or_ref" ; then
+    forgejo_pr=$forgejo_pr_or_ref
+    head_url=$(jq --raw-output .head.repo.html_url < $forgejo_pr)
+    test "$head_url" != null
+    branch=$(jq --raw-output .head.ref < $forgejo_pr)
+    test "$branch" != null
+    echo $head_url $branch $full_version > forgejo/sources/$minor_version
 else
-  forgejo_ref=$forgejo_pr_or_ref
-  echo $GITHUB_SERVER_URL/$GITHUB_REPOSITORY ${forgejo_ref#refs/heads/} $full_version >forgejo/sources/$minor_version
+    forgejo_ref=$forgejo_pr_or_ref
+    echo $GITHUB_SERVER_URL/$GITHUB_REPOSITORY ${forgejo_ref#refs/heads/} $full_version > forgejo/sources/$minor_version
 fi

.forgejo/cascading-release-end-to-end

@@ -8,15 +8,15 @@ forgejo=$3
 forgejo_ref=$4
 
 cd $end_to_end
-date >last-upgrade
+date > last-upgrade
 organizations=lib/ORGANIZATIONS
-if ! test -f $organizations; then
-  echo "$organizations file not found"
-  false
+if ! test -f $organizations ; then
+    echo "$organizations file not found"
+    false
 fi
 #
-# Inverse the order of lookup because the goal in the release built
-# pipeline is to test the latest build, if available, instead of the
-# stable version by the same version.
+# do not include forgejo-experimental so that 7.0-test is found
+# in forgejo-integration where it was just built instead of
+# forgejo-experimental which was published by the previous build
 #
-echo forgejo-integration forgejo-experimental forgejo >$organizations
+echo forgejo forgejo-integration > $organizations

.forgejo/pull_request_template.md

@@ -1,33 +0,0 @@
----
-
-name: "Pull Request Template"
-about: "Template for all Pull Requests"
-labels:
-
-- test/needed
-
----
-
-## Checklist
-
-The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
-
-### Tests
-
-- I added test coverage for Go changes...
-  - [ ] in their respective `*_test.go` for unit tests.
-  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
-- I added test coverage for JavaScript changes...
-  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
-  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
-
-### Documentation
-
-- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
-- [ ] I did not document these changes and I do not expect someone else to do it.
-
-### Release notes
-
-- [ ] I do not want this change to show in the release notes.
-- [ ] I want the title to show in the release notes with a link to this pull request.
-- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

.forgejo/testdata/build-release/Dockerfile

@@ -1,4 +1,4 @@
-FROM code.forgejo.org/oci/alpine:3.20
+FROM code.forgejo.org/oci/alpine:3.19
 ARG RELEASE_VERSION=unkown
 LABEL maintainer="contact@forgejo.org" \
       org.opencontainers.image.version="${RELEASE_VERSION}"

.forgejo/testdata/build-release/go.mod

@@ -1,3 +0,0 @@
-module code.gitea.io/gitea
-
-go 1.23.3

.forgejo/workflows-composite/apt-install-from/action.yaml

@@ -1,29 +0,0 @@
-inputs:
-  packages:
-    description: 'Packages to install'
-    required: true
-  release:
-    description: 'Release to install from'
-    default: testing
-
-runs:
-  using: "composite"
-  steps:
-    - name: setup apt package source
-      run: |
-        export DEBIAN_FRONTEND=noninteractive
-        echo "deb http://deb.debian.org/debian/ ${RELEASE} main" > "/etc/apt/sources.list.d/${RELEASE}.list"
-      env:
-        RELEASE: ${{inputs.release}}
-    - name: install packages
-      run: |
-        apt-get update -qq
-        apt-get -q install -qq -y ${PACKAGES}
-      env:
-        PACKAGES: ${{inputs.packages}}
-    - name: remove temporary package list to prevent using it in other steps
-      run: |
-        rm "/etc/apt/sources.list.d/${RELEASE}.list"
-        apt-get update -qq
-      env:
-        RELEASE: ${{inputs.release}}

.forgejo/workflows-composite/build-backend/action.yaml

@@ -1,15 +0,0 @@
-runs:
-  using: "composite"
-  steps:
-    - run: |
-        su forgejo -c 'make deps-backend'
-    - uses: actions/cache@v4
-      id: cache-backend
-      with:
-        path: ${{github.workspace}}/gitea
-        key: backend-build-${{ github.sha }}
-    - if: steps.cache-backend.outputs.cache-hit != 'true'
-      run: |
-        su forgejo -c 'make backend'
-      env:
-        TAGS: bindata

.forgejo/workflows-composite/setup-env/action.yaml

@@ -1,12 +0,0 @@
-runs:
-  using: "composite"
-  steps:
-    - name: setup user and permissions
-      run: |
-        git config --add safe.directory '*'
-        # ignore if the user already exists (like with the playwright image)
-        adduser --quiet --comment forgejo --disabled-password forgejo || true
-        chown -R forgejo:forgejo .
-    - uses: https://codeberg.org/fnetx/setup-cache-go@b2214eaf6fb44c7e8512c0f462a2c3ec31f86a73
-      with:
-        username: forgejo

.forgejo/workflows/backport.yml

@@ -31,29 +31,53 @@ on:
 jobs:
   backporting:
     if: >
-      ( vars.ROLE == 'forgejo-coding' ) && (
+      !startsWith(vars.ROLE, 'forgejo-') && (
         github.event.pull_request.merged
         &&
         contains(toJSON(github.event.pull_request.labels), 'backport/v')
       )
     runs-on: docker
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'docker.io/node:20-bookworm'
     steps:
       - name: event info
         run: |
           cat <<'EOF'
           ${{ toJSON(github) }}
           EOF
-      - uses: https://code.forgejo.org/actions/git-backporting@v4.8.4
+      - name: Fetch labels
+        id: fetch-labels
+        shell: bash
+        run: |
+          set -x
+          echo "Labels retrieved below"
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update -qq
+          apt-get -q install -qq -y jq
+          filtered_labels=$(echo "$LABELS" | jq -c 'map(select(.name | startswith("backport/v")))')
+          echo "FILTERED_LABELS=${filtered_labels}" >> $GITHUB_ENV
+        env:
+          LABELS: ${{ toJSON(github.event.pull_request.labels) }}
+      - name: Extract targets
+        id: extract-targets
+        shell: bash
+        run: |
+          set -x
+          targets="$(echo $FILTERED_LABELS | jq -c '[.[] | .name | sub("backport/"; "")]')"
+          echo "targets=$(echo $targets)" >> $GITHUB_OUTPUT
+
+      - name: Printing info
+        shell: bash
+        run: |
+          echo "targets: ${{ steps.extract-targets.outputs.targets }}"
+          echo "target-branch: ${{ fromJSON(steps.extract-targets.outputs.targets)[0] }}"
+          echo "pull-request: ${{ github.event.pull_request.url }}"
+
+      - uses: https://code.forgejo.org/actions/git-backporting@v4.6.0
         with:
-          target-branch-pattern: "^backport/(?<target>(v.*))$"
+          target-branch: ${{ fromJSON(steps.extract-targets.outputs.targets)[0] }}/forgejo
           strategy: ort
           strategy-option: find-renames
-          cherry-pick-options: -x
+          no-squash: true
           auth: ${{ secrets.BACKPORT_TOKEN }}
           pull-request: ${{ github.event.pull_request.url }}
-          auto-no-squash: true
-          enable-err-notification: true
-          git-user: forgejo-backport-action
-          git-email: forgejo-backport-action@noreply.codeberg.org

.forgejo/workflows/build-release-integration.yml

@@ -22,10 +22,10 @@ on:
 
 jobs:
   release-simulation:
-    if: vars.ROLE == 'forgejo-coding'
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: self-hosted
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
 
       - id: forgejo
         uses: https://code.forgejo.org/actions/setup-forgejo@v1

.forgejo/workflows/build-release.yml

@@ -1,5 +1,5 @@
 #
-# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
+# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
 #
 # https://codeberg.org/forgejo-integration/forgejo
 #
@@ -27,7 +27,7 @@ jobs:
     # root is used for testing, allow it
     if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
@@ -37,13 +37,14 @@ jobs:
           repository="${{ github.repository }}"
           echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
 
-      - uses: https://code.forgejo.org/actions/setup-node@v4
+      - uses: https://code.forgejo.org/actions/setup-node@v3
         with:
           node-version: 20
 
-      - uses: https://code.forgejo.org/actions/setup-go@v5
+      - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          go-version-file: "go.mod"
+          go-version: "1.22"
+          check-latest: true
 
       - name: version from ref
         id: release-info
@@ -87,7 +88,7 @@ jobs:
 
       - name: cache node_modules
         id: node
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: https://code.forgejo.org/actions/cache@v3
         with:
           path: |
             node_modules
@@ -194,7 +195,7 @@ jobs:
           verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
 
       - name: end-to-end tests
-        if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' && vars.SKIP_END_TO_END != 'true' }}
+        if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' }}
         uses: https://code.forgejo.org/actions/cascading-pr@v2
         with:
           origin-url: ${{ env.GITHUB_SERVER_URL }}

.forgejo/workflows/cascade-setup-end-to-end.yml

@@ -12,10 +12,8 @@
 #    whatever is in the default branch instead
 #
 #  - after it is merged, double check it works by setting the
-#    run-end-to-end-test on a pull request (any pull request will do)
+#    run-end-to-end-test on a pull request (any pull request will doe
 #
-name: end-to-end
-
 on:
   push:
     branches:
@@ -26,18 +24,19 @@ on:
 
 jobs:
   info:
-    if: vars.ROLE == 'forgejo-coding'
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: docker
     container:
-      image: code.forgejo.org/oci/node:20-bookworm
+      image: node:20-bookworm
     steps:
       - name: event
         run: |
           echo github.event.pull_request.head.repo.fork = ${{ github.event.pull_request.head.repo.fork }}
           echo github.event.action = ${{ github.event.action }}
-          echo github.event.label
+          echo github.event.pull_request.merged = ${{ github.event.pull_request.merged }}
+          echo github.event.pull_request.labels.*.name
           cat <<'EOF'
-          ${{ toJSON(github.event.label) }}
+          ${{ toJSON(github.event.pull_request.labels.*.name) }}
           EOF
           cat <<'EOF'
           ${{ toJSON(github.event) }}
@@ -45,15 +44,15 @@ jobs:
 
   cascade:
     if: >
-      vars.ROLE == 'forgejo-coding' && (
+      !startsWith(vars.ROLE, 'forgejo-') && (
         github.event_name == 'push' ||
         (
-          github.event.action == 'label_updated' && github.event.label.name == 'run-end-to-end-tests'
+          github.event.action == 'label_updated' && contains(github.event.pull_request.labels.*.name, 'run-end-to-end-tests')
         )
       )
     runs-on: docker
     container:
-      image: code.forgejo.org/oci/node:20-bookworm
+      image: node:20-bookworm
     steps:
       - uses: actions/checkout@v4
         with:

.forgejo/workflows/e2e.yml

@@ -0,0 +1,39 @@
+name: e2e
+
+on:
+  pull_request:
+    paths:
+      - Makefile
+      - playwright.config.js
+      - .forgejo/workflows/e2e.yml
+      - tests/e2e/**
+      - web_src/js/**
+
+jobs:
+  test-e2e:
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
+    runs-on: docker
+    container:
+      image: 'docker.io/node:20-bookworm'
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@v4
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.22"
+          check-latest: true
+      - run: |
+          apt-get -qq update
+          apt-get -qq install -q sudo
+          sed -i -e 's/%sudo.*/%sudo   ALL=(ALL:ALL) NOPASSWD:ALL/' /etc/sudoers
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          adduser forgejo sudo
+          chown -R forgejo:forgejo .
+      - run: |
+          su forgejo -c 'make deps-frontend frontend deps-backend'
+      - run: |
+          su forgejo -c 'make generate test-e2e-sqlite'
+        timeout-minutes: 40
+        env:
+          DEPS_PLAYWRIGHT: 1
+          USE_REPO_TEST_DIR: 1

.forgejo/workflows/forgejo-integration-cleanup.yml

@@ -1,39 +0,0 @@
-on:
-  workflow_dispatch:
-
-  schedule:
-    - cron: '@daily'
-
-jobs:
-  integration-cleanup:
-    if: vars.ROLE == 'forgejo-integration'
-    runs-on: docker
-    container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
-    steps:
-
-      - name: apt install curl jq
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt-get update -qq
-          apt-get -q install -qq -y curl jq
-
-      - name: remove old releases and tags
-        run: |
-          url=https://any:${{ secrets.TOKEN }}@codeberg.org
-          curl -sS "$url/api/v1/repos/forgejo-integration/forgejo/releases" | jq -r '.[] | "\(.published_at) \(.tag_name)"' | sort  | while read published_at version ; do
-            if echo $version | grep -e '-test$' >/dev/null; then
-              old="18 months"
-            else
-              old="1 day"
-            fi
-            too_old=$(env -i date --date="- $old" +%F)
-            too_old_seconds=$(env -i date --date="- $old" +%s)
-            published_at_seconds=$(env -i date --date="$published_at" +%s)
-            if test $published_at_seconds -le $too_old_seconds ; then
-              echo "$version was published more than $old ago ($published_at <= $too_old) and will be removed"
-              curl -X DELETE -sS "$url/api/v1/repos/forgejo-integration/forgejo/releases/tags/$version"
-            else
-              echo "$version was published less than $old ago"
-            fi
-          done

.forgejo/workflows/merge-requirements.yml

@@ -1,45 +0,0 @@
-# Copyright 2024 The Forgejo Authors
-# SPDX-License-Identifier: MIT
-
-name: requirements
-
-on:
-  pull_request:
-    types:
-      - labeled
-      - edited
-      - opened
-      - synchronize
-
-jobs:
-  merge-conditions:
-    if: vars.ROLE == 'forgejo-coding'
-    runs-on: docker
-    container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
-    steps:
-      - name: Debug output
-        run: |
-          cat <<'EOF'
-          ${{ toJSON(github.event) }}
-          EOF
-      - name: Missing test label
-        if: >
-          !(
-            contains(toJSON(github.event.pull_request.labels), 'test/present')
-            || contains(toJSON(github.event.pull_request.labels), 'test/not-needed')
-            || contains(toJSON(github.event.pull_request.labels), 'test/manual')
-          )
-        run: |
-          echo "Test label must be set to either 'present', 'not-needed' or 'manual'."
-          exit 1
-      - name: Missing manual test instructions
-        if: >
-          (
-            contains(toJSON(github.event.pull_request.labels), 'test/manual')
-            && !contains(toJSON(github.event.pull_request.body), '# Test')
-          )
-        run: |
-          echo "Manual test label is set. The PR description needs to contain test steps introduced by a heading like:"
-          echo "# Testing"
-          exit 1

.forgejo/workflows/mirror.yml

@@ -1,8 +1,6 @@
 name: mirror
 
 on:
-  workflow_dispatch:
-
   schedule:
     - cron: '@daily'
 
@@ -11,7 +9,7 @@ jobs:
     if: ${{ secrets.MIRROR_TOKEN != '' }}
     runs-on: docker
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'docker.io/node:20-bookworm'
     steps:
       - name: git push {v*/,}forgejo
         run: |

.forgejo/workflows/publish-release.yml

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: MIT
 #
-# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
+# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
 #
 # https://codeberg.org/forgejo-experimental/forgejo
 #
@@ -39,7 +39,7 @@ jobs:
     runs-on: self-hosted
     if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
 
       - name: copy & sign
         uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5
@@ -59,37 +59,13 @@ jobs:
           gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
           verbose: ${{ vars.VERBOSE }}
 
-      - name: get trigger mirror issue
-        id: mirror
-        uses: https://code.forgejo.org/infrastructure/issue-action/get@v1.1.0
-        with:
-          forgejo: https://code.forgejo.org
-          repository: forgejo/forgejo
-          labels: mirror-trigger
-
-      - name: trigger the mirror
-        uses: https://code.forgejo.org/infrastructure/issue-action/set@v1.1.0
-        with:
-          forgejo: https://code.forgejo.org
-          repository: forgejo/forgejo
-          token: ${{ secrets.LABEL_ISSUE_FORGEJO_MIRROR_TOKEN }}
-          numbers: ${{ steps.mirror.outputs.numbers }}
-          label-wait-if-exists: 3600
-          label: trigger
-
-      - name: upgrade v*.next.forgejo.org
-        uses: https://code.forgejo.org/infrastructure/next-digest@v1.1.0
-        with:
-          url: https://placeholder:${{ secrets.TOKEN_NEXT_DIGEST }}@code.forgejo.org/infrastructure/next-digest
-          ref_name: '${{ github.ref_name }}'
-          image: 'codeberg.org/forgejo-experimental/forgejo'
-          tag_suffix: '-rootless'
 
       - name: set up go for the DNS update below
         if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
-        uses: https://code.forgejo.org/actions/setup-go@v5
+        uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          go-version-file: "go.mod"
+          go-version: "1.22"
+          check-latest: true
       - name: update the _release.experimental DNS record
         if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
         uses: https://code.forgejo.org/actions/ovh-dns-update@v1

.forgejo/workflows/release-notes-assistant-milestones.yml

@@ -1,33 +0,0 @@
-on:
-  workflow_dispatch:
-
-  schedule:
-    - cron: '@daily'
-
-jobs:
-  release-notes:
-    if: vars.ROLE == 'forgejo-coding'
-    runs-on: docker
-    container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-
-      - uses: https://code.forgejo.org/actions/setup-go@v5
-        with:
-          go-version-file: "go.mod"
-          cache: false
-
-      - name: apt install jq
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt-get update -qq
-          apt-get -q install -y -qq jq
-
-      - name: update open milestones
-        run: |
-          set -x
-          curl -sS $GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/milestones?state=open | jq -r '.[] | .title' | while read forgejo version ; do
-            milestone="$forgejo $version"
-            go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage milestone --storage-location "$milestone"  --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} release $version
-          done

.forgejo/workflows/release-notes-assistant.yml

@@ -1,39 +0,0 @@
-on:
-  pull_request_target:
-    types:
-      - edited
-      - synchronize
-      - labeled
-
-jobs:
-  release-notes:
-    if: ( vars.ROLE == 'forgejo-coding' ) && contains(github.event.pull_request.labels.*.name, 'worth a release-note')
-    runs-on: docker
-    container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-
-      - name: event
-        run: |
-          cat <<'EOF'
-          ${{ toJSON(github.event.pull_request.labels.*.name) }}
-          EOF
-          cat <<'EOF'
-          ${{ toJSON(github.event) }}
-          EOF
-
-      - uses: https://code.forgejo.org/actions/setup-go@v5
-        with:
-          go-version-file: "go.mod"
-          cache: false
-
-      - name: apt install jq
-        run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt-get update -qq
-          apt-get -q install -y -qq jq
-
-      - name: release-notes-assistant preview
-        run: |
-          go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage pr --storage-location ${{ github.event.pull_request.number }}  --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} preview ${{ github.event.pull_request.number }}

.forgejo/workflows/renovate.yml

@@ -1,19 +1,11 @@
-#
-# Runs every 2 hours, but Renovate is limited to create new PR before 4am.
-# See renovate.json for more settings.
-# Automerge is enabled for Renovate PR's but need to be approved before.
-#
 name: renovate
 
 on:
   push:
     branches:
-      - renovate/** # self-test updates
-    paths:
-      - .forgejo/workflows/renovate.yml
+      - 'renovate/**' # self-test updates
   schedule:
-    - cron: '0 0/2 * * *'
-  workflow_dispatch:
+    - cron: '*/30 * * * *'
 
 env:
   RENOVATE_DRY_RUN: ${{ (github.event_name != 'schedule' && github.ref_name != github.event.repository.default_branch) && 'full' || '' }}
@@ -21,26 +13,22 @@ env:
 
 jobs:
   renovate:
-    if: vars.ROLE == 'forgejo-coding' && secrets.RENOVATE_TOKEN != ''
+    if: ${{ secrets.RENOVATE_TOKEN != '' }}
 
-    runs-on: docker-runner-one
+    runs-on: docker
     container:
-      image: code.forgejo.org/forgejo-contrib/renovate:39.9.1
+      image: ghcr.io/visualon/renovate:37.272.0
 
     steps:
-      - name: Load renovate repo cache
-        uses: https://code.forgejo.org/actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+      - uses: https://code.forgejo.org/actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: |
             .tmp/cache/renovate/repository
-            .tmp/cache/renovate/renovate-cache-sqlite
-            .tmp/osv
           key: repo-cache-${{ github.run_id }}
           restore-keys: |
             repo-cache-
 
-      - name: Run renovate
-        run: renovate
+      - run: renovate
         env:
           GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
           LOG_LEVEL: debug
@@ -51,21 +39,15 @@ jobs:
           RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
           RENOVATE_GIT_AUTHOR: 'Renovate Bot <forgejo-renovate-action@forgejo.org>'
 
-          RENOVATE_X_SQLITE_PACKAGE_CACHE: true
-
           GIT_AUTHOR_NAME: 'Renovate Bot'
           GIT_AUTHOR_EMAIL: 'forgejo-renovate-action@forgejo.org'
           GIT_COMMITTER_NAME: 'Renovate Bot'
           GIT_COMMITTER_EMAIL: 'forgejo-renovate-action@forgejo.org'
 
-          OSV_OFFLINE_ROOT_DIR: ${{ github.workspace }}/.tmp/osv
-
       - name: Save renovate repo cache
-        if: always() && env.RENOVATE_DRY_RUN != 'full'
-        uses: https://code.forgejo.org/actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        if: always() && env.RENOVATE_DRY_RUN == 'true'
+        uses: https://code.forgejo.org/actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: |
             .tmp/cache/renovate/repository
-            .tmp/cache/renovate/renovate-cache-sqlite
-            .tmp/osv
           key: repo-cache-${{ github.run_id }}

.forgejo/workflows/testing.yml

@@ -6,271 +6,211 @@ on:
     branches:
       - 'forgejo*'
       - 'v*/forgejo*'
-  workflow_dispatch:
 
 jobs:
   backend-checks:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: docker
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'docker.io/node:20-bookworm'
     steps:
       - name: event info
         run: |
           cat <<'EOF'
           ${{ toJSON(github) }}
           EOF
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - run: su forgejo -c 'make deps-backend deps-tools'
-      - run: su forgejo -c 'make --always-make -j$(nproc) lint-backend tidy-check swagger-check fmt-check swagger-validate' # ensure the "go-licenses" make target runs
-      - uses: ./.forgejo/workflows-composite/build-backend
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: "1.22"
+          check-latest: true
+      - run: make deps-backend deps-tools
+      - run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs
   frontend-checks:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: docker
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'docker.io/node:20-bookworm'
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
+      - uses: https://code.forgejo.org/actions/checkout@v3
       - run: make deps-frontend
       - run: make lint-frontend
       - run: make checks-frontend
-      - run: make test-frontend-coverage
+      - run: make test-frontend
       - run: make frontend
-      - name: Install zstd for cache saving
-        # works around https://github.com/actions/cache/issues/1169, because the
-        # consuming job has zstd and doesn't restore the cache otherwise
-        run: |
-          apt-get update -qq
-          apt-get -q install -qq -y zstd
-      - name: "Cache frontend build for playwright testing"
-        uses: actions/cache/save@v4
-        with:
-          path: ${{github.workspace}}/public/assets
-          key: frontend-build-${{ github.sha }}
   test-unit:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'docker.io/node:20-bookworm'
     services:
-      elasticsearch:
-        image: code.forgejo.org/oci/bitnami/elasticsearch:7
-        options: --tmpfs /bitnami/elasticsearch/data
-        env:
-          discovery.type: single-node
-          ES_JAVA_OPTS: "-Xms512m -Xmx512m"
       minio:
-        image: code.forgejo.org/oci/bitnami/minio:2024.8.17
+        image: bitnami/minio:2024.2.26
         options: >-
-          --hostname gitea.minio --tmpfs /bitnami/minio/data
+          --hostname gitea.minio
         env:
           MINIO_DOMAIN: minio
           MINIO_ROOT_USER: 123456
           MINIO_ROOT_PASSWORD: 12345678
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          packages: git
-      - name: test release-notes-assistant.sh
+          go-version: "1.22"
+      - run: |
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          chown -R forgejo:forgejo .
+      - name: install git >= 2.42
         run: |
-          apt-get -q install -qq -y jq
-          ./release-notes-assistant.sh test_main
-      - uses: ./.forgejo/workflows-composite/build-backend
+          export DEBIAN_FRONTEND=noninteractive
+          echo deb http://deb.debian.org/debian/ testing  main > /etc/apt/sources.list.d/testing.list
+          apt-get update -qq
+          apt-get -q install -qq -y git
+          rm /etc/apt/sources.list.d/testing.list
+          apt-get update -qq
+      - run: |
+          su forgejo -c 'make deps-backend'
+      - run: |
+          su forgejo -c 'make backend'
+        env:
+          TAGS: bindata
       - run: |
           su forgejo -c 'make test-backend test-check'
-        timeout-minutes: 120
+        timeout-minutes: 50
         env:
           RACE_ENABLED: 'true'
           TAGS: bindata
-          TEST_ELASTICSEARCH_URL: http://elasticsearch:9200
-  test-e2e:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
-    runs-on: docker
-    needs: [backend-checks, frontend-checks]
-    container:
-      image: 'code.forgejo.org/oci/playwright:latest'
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-        with:
-          fetch-depth: 20
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: "Restore frontend build"
-        uses: actions/cache/restore@v4
-        id: cache-frontend
-        with:
-          path: ${{github.workspace}}/public/assets
-          key: frontend-build-${{ github.sha }}
-      - name: "Build frontend (if not cached)"
-        if: steps.cache-frontend.outputs.cache-hit != 'true'
-        run: |
-          su forgejo -c 'make deps-frontend frontend'
-      - uses: ./.forgejo/workflows-composite/build-backend
-      - name: Get changed files
-        id: changed-files
-        uses: https://code.forgejo.org/tj-actions/changed-files@v45
-        with:
-          separator: '\n'
-      - run: |
-          su forgejo -c 'make generate test-e2e-sqlite'
-        timeout-minutes: 120
-        env:
-          USE_REPO_TEST_DIR: 1
-          PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
-          CHANGED_FILES: ${{steps.changed-files.outputs.all_changed_files}}
-      - name: Upload test artifacts on failure
-        if: failure()
-        uses: https://code.forgejo.org/forgejo/upload-artifact@v4
-        with:
-          name: test-artifacts.zip
-          path: tests/e2e/test-artifacts/
-          retention-days: 3
-  test-remote-cacher:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
-    runs-on: docker
-    needs: [backend-checks, frontend-checks, test-unit]
-    container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
-    name: ${{ format('test-remote-cacher ({0})', matrix.cacher.name) }}
-    strategy:
-      matrix:
-        cacher:
-          - name: redis
-            image: code.forgejo.org/oci/bitnami/redis:7.2
-            options: --tmpfs /bitnami/redis/data
-          - name: redict
-            image: registry.redict.io/redict:7.3.0-scratch
-            options: --tmpfs /data
-          - name: valkey
-            image: code.forgejo.org/oci/bitnami/valkey:7.2
-            options: --tmpfs /bitnami/redis/data
-          - name: garnet
-            image: ghcr.io/microsoft/garnet-alpine:1.0.14
-            options: --tmpfs /data
-    services:
-      cacher:
-        image: ${{ matrix.cacher.image }}
-        options: ${{ matrix.cacher.options }}
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git
-      - uses: ./.forgejo/workflows-composite/build-backend
-      - run: |
-          su forgejo -c 'make test-remote-cacher test-check'
-        timeout-minutes: 120
-        env:
-          RACE_ENABLED: 'true'
-          TAGS: bindata
-          TEST_REDIS_SERVER: cacher:${{ matrix.cacher.port }}
   test-mysql:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'docker.io/node:20-bookworm'
     services:
       mysql:
-        image: 'code.forgejo.org/oci/bitnami/mysql:8.4'
+        image: 'docker.io/mysql:8-debian'
         env:
-          ALLOW_EMPTY_PASSWORD: yes
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
           MYSQL_DATABASE: testgitea
-          #
-          # See also https://codeberg.org/forgejo/forgejo/issues/976
-          #
-          MYSQL_EXTRA_FLAGS: --innodb-adaptive-flushing=OFF --innodb-buffer-pool-size=4G --innodb-log-buffer-size=128M --innodb-flush-log-at-trx-commit=0 --innodb-flush-log-at-timeout=30 --innodb-flush-method=nosync --innodb-fsync-threshold=1000000000 --disable-log-bin
-        options: --tmpfs /bitnami/mysql/data
+        #
+        # See also https://codeberg.org/forgejo/forgejo/issues/976
+        #
+        cmd: ['mysqld', '--innodb-adaptive-flushing=OFF', '--innodb-buffer-pool-size=4G', '--innodb-log-buffer-size=128M', '--innodb-flush-log-at-trx-commit=0', '--innodb-flush-log-at-timeout=30', '--innodb-flush-method=nosync', '--innodb-fsync-threshold=1000000000']
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install dependencies & git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          packages: git git-lfs
-      - uses: ./.forgejo/workflows-composite/build-backend
+          go-version: "1.22"
+      - name: install dependencies & git >= 2.42
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          echo deb http://deb.debian.org/debian/ testing  main > /etc/apt/sources.list.d/testing.list
+          apt-get update -qq
+          apt-get install --no-install-recommends -qq -y git git-lfs
+          rm /etc/apt/sources.list.d/testing.list
+          apt-get update -qq
+      - name: setup user and permissions
+        run: |
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          chown -R forgejo:forgejo .
+      - run: |
+          su forgejo -c 'make deps-backend'
+      - run: |
+          su forgejo -c 'make backend'
+        env:
+          TAGS: bindata
       - run: |
           su forgejo -c 'make test-mysql-migration test-mysql'
-        timeout-minutes: 120
+        timeout-minutes: 50
         env:
+          TAGS: bindata
           USE_REPO_TEST_DIR: 1
   test-pgsql:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'docker.io/node:20-bookworm'
     services:
       minio:
-        image: code.forgejo.org/oci/bitnami/minio:2024.8.17
+        image: bitnami/minio:2024.2.26
         env:
           MINIO_ROOT_USER: 123456
           MINIO_ROOT_PASSWORD: 12345678
-        options: --tmpfs /bitnami/minio/data
-      ldap:
-        image: code.forgejo.org/oci/test-openldap:latest
       pgsql:
-        image: 'code.forgejo.org/oci/postgres:15'
+        image: 'docker.io/postgres:15'
         env:
           POSTGRES_DB: test
           POSTGRES_PASSWORD: postgres
-        options: --tmpfs /var/lib/postgresql/data
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install dependencies & git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          packages: git git-lfs
-      - uses: ./.forgejo/workflows-composite/build-backend
+          go-version: "1.22"
+      - name: install dependencies & git >= 2.42
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          echo deb http://deb.debian.org/debian/ testing  main > /etc/apt/sources.list.d/testing.list
+          apt-get update -qq
+          apt-get install --no-install-recommends -qq -y git git-lfs
+          rm /etc/apt/sources.list.d/testing.list
+          apt-get update -qq
+      - name: setup user and permissions
+        run: |
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          chown -R forgejo:forgejo .
+      - run: |
+          su forgejo -c 'make deps-backend'
+      - run: |
+          su forgejo -c 'make backend'
+        env:
+          TAGS: bindata
       - run: |
           su forgejo -c 'make test-pgsql-migration test-pgsql'
-        timeout-minutes: 120
+        timeout-minutes: 50
         env:
+          TAGS: bindata
           RACE_ENABLED: true
           USE_REPO_TEST_DIR: 1
-          TEST_LDAP: 1
   test-sqlite:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+    if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
+      image: 'docker.io/node:20-bookworm'
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install dependencies & git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
+      - uses: https://code.forgejo.org/actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
         with:
-          packages: git git-lfs
-      - uses: ./.forgejo/workflows-composite/build-backend
+          go-version: "1.22"
+      - name: install dependencies & git >= 2.42
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          echo deb http://deb.debian.org/debian/ testing  main > /etc/apt/sources.list.d/testing.list
+          apt-get update -qq
+          apt-get install --no-install-recommends -qq -y git git-lfs
+          rm /etc/apt/sources.list.d/testing.list
+          apt-get update -qq
+      - name: setup user and permissions
+        run: |
+          git config --add safe.directory '*'
+          adduser --quiet --comment forgejo --disabled-password forgejo
+          chown -R forgejo:forgejo .
+      - run: |
+          su forgejo -c 'make deps-backend'
+      - run: |
+          su forgejo -c 'make backend'
+        env:
+          TAGS: bindata sqlite sqlite_unlock_notify
       - run: |
           su forgejo -c 'make test-sqlite-migration test-sqlite'
-        timeout-minutes: 120
+        timeout-minutes: 50
         env:
-          TAGS: sqlite sqlite_unlock_notify
+          TAGS: bindata sqlite sqlite_unlock_notify
           RACE_ENABLED: true
           TEST_TAGS: sqlite sqlite_unlock_notify
           USE_REPO_TEST_DIR: 1
-  security-check:
-    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
-    runs-on: docker
-    needs:
-      - test-sqlite
-      - test-pgsql
-      - test-mysql
-      - test-remote-cacher
-      - test-unit
-    container:
-      image: 'code.forgejo.org/oci/node:20-bookworm'
-    steps:
-      - uses: https://code.forgejo.org/actions/checkout@v4
-      - uses: ./.forgejo/workflows-composite/setup-env
-      - run: su forgejo -c 'make deps-backend deps-tools'
-      - run: su forgejo -c 'make security-check'

.gitattributes

@@ -1,6 +1,5 @@
 * text=auto eol=lf
 *.tmpl linguist-language=go-html-template
-*.pb.go linguist-generated
 /assets/*.json linguist-generated
 /public/assets/img/svg/*.svg linguist-generated
 /templates/swagger/v1_json.tmpl linguist-generated

.gitea/issue_template/bug-report-ui.yaml

@@ -1,6 +1,6 @@
 name: 🦋 Bug Report (web interface / frontend)
 description: Something doesn't look quite as it should?  Report it here!
-title: "bug: "
+title: "[BUG] "
 labels: ["bug/new-report", "forgejo/ui"]
 body:
 - type: markdown
@@ -13,29 +13,16 @@ body:
       - Please speak English, as this is the language all maintainers can speak and write.
       - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way.
       - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
-      - Take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137).
-- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Forgejo test instance?
-    description: |
-      Please try reproducing your issue at https://dev.next.forgejo.org.
-      It is running the latest development branch and will confirm the problem is not already fixed.
-      If you can reproduce it, provide a URL in the description.
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
+      - Please make sure you are using the latest release of Forgejo and take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137).
+      - Please give all relevant information below for bug reports, as incomplete details may result in the issue not being considered.
 - type: textarea
   id: description
   attributes:
     label: Description
     description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above).
-      If you think this is a JavaScript error, include a copy of the JavaScript console.
-  validations:
-    required: true
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below).
+      If you think this is a JavaScript error, show us the JavaScript console.
+      If the error appears to relate to Forgejo the server, please also give us `DEBUG` level logs. (See https://forgejo.org/docs/latest/admin/logging-documentation/)
 - type: textarea
   id: screenshots
   attributes:
@@ -48,6 +35,20 @@ body:
   attributes:
     label: Forgejo Version
     description: Forgejo version (or commit reference) your instance is running
+  validations:
+    required: true
+- type: dropdown
+  id: can-reproduce
+  attributes:
+    label: Can you reproduce the bug on Forgejo Next?
+    description: |
+      Please try reproducing your issue at [Forgejo Next](https://next.forgejo.org).
+      If you can reproduce it, please provide a URL in the Description field.
+    options:
+    - "Yes"
+    - "No"
+  validations:
+    required: true
 - type: input
   id: browser-ver
   attributes:
@@ -55,3 +56,8 @@ body:
     description: The browser and version that you are using to access Forgejo
   validations:
     required: true
+- type: input
+  id: os-ver
+  attributes:
+    label: Operating System
+    description: The operating system you are using to access Forgejo

.gitea/issue_template/bug-report.yaml

@@ -1,6 +1,6 @@
 name: 🐛 Bug Report (server / backend)
 description: Found something you weren't expecting? Report it here!
-title: "bug: "
+title: "[BUG] "
 labels: bug/new-report
 body:
 - type: markdown
@@ -13,26 +13,14 @@ body:
       - Please speak English, as this is the language all maintainers can speak and write.
       - Be as clear and concise as possible. A very verbose report is harder to interpret in a concrete way.
       - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
-      - Take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137).
-- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Forgejo test instance?
-    description: |
-      Please try reproducing your issue at https://dev.next.forgejo.org.
-      It is running the latest development branch and will confirm the problem is not already fixed.
-      If you can reproduce it, provide a URL in the description.
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
+      - Please make sure you are using the latest release of Forgejo and take a moment to [check that your issue hasn't been reported before](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137).
+      - Please give all relevant information below for bug reports, as incomplete details may result in the issue not being considered.
 - type: textarea
   id: description
   attributes:
     label: Description
     description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above).
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below).
   validations:
     required: true
 - type: input
@@ -40,14 +28,18 @@ body:
   attributes:
     label: Forgejo Version
     description: Forgejo version (or commit reference) of your instance
-- type: textarea
-  id: run-info
+  validations:
+    required: true
+- type: dropdown
+  id: can-reproduce
   attributes:
-    label: How are you running Forgejo?
+    label: Can you reproduce the bug on Forgejo Next?
     description: |
-      Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
-      Please also tell us how you are running Forgejo, e.g. if it is being run from a container, a command-line, systemd etc.
-      If you are using a package or systemd tell us what distribution you are using.
+      Please try reproducing your issue at [Forgejo Next](https://next.forgejo.org).
+      If you can reproduce it, please provide a URL in the Description field.
+    options:
+    - "Yes"
+    - "No"
   validations:
     required: true
 - type: textarea
@@ -61,6 +53,31 @@ body:
 
       Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden.
       You can wrap your logs in `<details>...</details>` tags so it doesn't take up too much space in the issue.
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: If this issue involves the Web Interface, please provide one or more screenshots
+- type: input
+  id: git-ver
+  attributes:
+    label: Git Version
+    description: The version of git running on the server
+- type: input
+  id: os-ver
+  attributes:
+    label: Operating System
+    description: The operating system you are using to run Forgejo
+- type: textarea
+  id: run-info
+  attributes:
+    label: How are you running Forgejo?
+    description: |
+      Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
+      Please also tell us how you are running Forgejo, e.g. if it is being run from docker, a command-line, systemd etc.
+      If you are using a package or systemd tell us what distribution you are using.
+  validations:
+    required: true
 - type: dropdown
   id: database
   attributes:
@@ -70,3 +87,4 @@ body:
     - SQLite
     - PostgreSQL
     - MySQL
+    - MSSQL

.gitea/issue_template/config.yml

@@ -1,7 +1,7 @@
 contact_links:
   - name: 🔓 Security Reports
     url: mailto:security@forgejo.org
-    about: "Please email <security@forgejo.org> (See https://forgejo.org/.well-known/security.txt)."
+    about: "Please email <security@forgejo.org> (GPG: `A4676E79`) instead of opening a public issue."
   - name: 💬 Matrix Chat Room
     url: https://matrix.to/#/#forgejo-chat:matrix.org
     about: Please ask questions and discuss configuration or deployment problems here.

.gitea/issue_template/feature-request.yaml

@@ -1,6 +1,6 @@
 name: 💡 Feature Request
 description: Got an idea for a feature that Forgejo doesn't have yet? Suggest it here!
-title: "feat: "
+title: "[FEAT] "
 labels: ["enhancement/feature"]
 body:
 - type: markdown

.gitea/pull_request_template.md

@@ -0,0 +1,13 @@
+---
+
+name: "Pull Request Template"
+about: "Template for all Pull Requests"
+labels:
+
+- test/needed
+
+---
+<!--
+Before submitting a PR, please read the contributing guidelines:
+https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING.md
+-->

.gitignore

@@ -83,6 +83,7 @@ cpu.out
 /public/assets/css
 /public/assets/fonts
 /public/assets/licenses.txt
+/public/assets/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
@@ -101,9 +102,6 @@ cpu.out
 /.go-licenses
 /.cur-deadcode-out
 
-# Files and folders that were previously generated
-/public/assets/img/webpack
-
 # Snapcraft
 /gitea_a*.txt
 snap/.snapcraft/
@@ -115,9 +113,6 @@ prime/
 *_source.tar.bz2
 .DS_Store
 
-# Direnv configuration
-/.envrc
-
 # nix-direnv generated files
 .direnv/
 

.gitpod.yml

@@ -43,7 +43,7 @@ vscode:
     - Vue.volar
     - ms-azuretools.vscode-docker
     - vitest.explorer
-    - cweijan.vscode-database-client2
+    - qwtel.sqlite-viewer
     - GitHub.vscode-pull-request-github
 
 ports:

.golangci.yml

@@ -1,14 +1,13 @@
 linters:
-  enable-all: false
-  disable-all: true
-  fast: false
   enable:
     - bidichk
+    # - deadcode # deprecated - https://github.com/golangci/golangci-lint/issues/1841
     - depguard
     - dupl
     - errcheck
     - forbidigo
     - gocritic
+    # - gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
     - gofmt
     - gofumpt
     - gosimple
@@ -18,23 +17,22 @@ linters:
     - nolintlint
     - revive
     - staticcheck
+    # - structcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
     - stylecheck
     - tenv
     - testifylint
     - typecheck
     - unconvert
     - unused
-    - unparam
+    # - varcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
     - wastedassign
+  enable-all: false
+  disable-all: true
+  fast: false
 
 run:
   timeout: 10m
 
-output:
-  sort-results: true
-  sort-order: [file]
-  show-stats: true
-
 linters-settings:
   stylecheck:
     checks: ["all", "-ST1005", "-ST1003"]
@@ -43,42 +41,35 @@ linters-settings:
   gocritic:
     disabled-checks:
       - ifElseChain
+      - singleCaseSwitch # Every time this occurred in the code, there  was no other way.
   revive:
-    severity: error
+    ignore-generated-header: false
+    severity: warning
+    confidence: 0.8
+    errorCode: 1
+    warningCode: 1
     rules:
-      - name: atomic
-      - name: bare-return
       - name: blank-imports
-      - name: constant-logical-expr
       - name: context-as-argument
       - name: context-keys-type
       - name: dot-imports
-      - name: duplicated-imports
-      - name: empty-lines
-      - name: error-naming
       - name: error-return
       - name: error-strings
-      - name: errorf
+      - name: error-naming
       - name: exported
-      - name: identical-branches
       - name: if-return
       - name: increment-decrement
-      - name: indent-error-flow
-      - name: modifies-value-receiver
+      - name: var-naming
+      - name: var-declaration
       - name: package-comments
       - name: range
       - name: receiver-naming
-      - name: redefines-builtin-id
-      - name: string-of-int
-      - name: superfluous-else
       - name: time-naming
-      - name: unconditional-recursion
       - name: unexported-return
-      - name: unreachable-code
-      - name: var-declaration
-      - name: var-naming
-      - name: redefines-builtin-id
-        disabled: true
+      - name: indent-error-flow
+      - name: errorf
+      - name: duplicated-imports
+      - name: modifies-value-receiver
   gofumpt:
     extra-rules: true
   depguard:
@@ -106,12 +97,8 @@ linters-settings:
 issues:
   max-issues-per-linter: 0
   max-same-issues: 0
-  exclude-dirs: [node_modules, public, web_src]
-  exclude-case-sensitive: true
   exclude-rules:
-    - path: models/db/sql_postgres_with_schema.go
-      linters:
-        - nolintlint
+    # Exclude some linters from running on tests files.
     - path: _test\.go
       linters:
         - gocyclo
@@ -129,19 +116,19 @@ issues:
     - path: cmd
       linters:
         - forbidigo
-    - text: "webhook"
-      linters:
+    - linters:
         - dupl
-    - text: "`ID' should not be capitalized"
-      linters:
+      text: "webhook"
+    - linters:
         - gocritic
-    - text: "swagger"
-      linters:
+      text: "`ID' should not be capitalized"
+    - linters:
         - unused
         - deadcode
-    - text: "argument x is overwritten before first use"
-      linters:
+      text: "swagger"
+    - linters:
         - staticcheck
+      text: "argument x is overwritten before first use"
     - text: "commentFormatting: put a space between `//` and comment text"
       linters:
         - gocritic

.ignore

@@ -4,8 +4,6 @@
 /modules/options/bindata.go
 /modules/public/bindata.go
 /modules/templates/bindata.go
-/options/gitignore
-/options/license
-/public/assets
 /vendor
+/public/assets
 node_modules

.mailmap

@@ -1,2 +0,0 @@
-Unknwon <u@gogs.io> <joe2010xtmf@163.com>
-Unknwon <u@gogs.io> 无闻 <u@gogs.io>

.release-notes-assistant.yaml

@@ -1,27 +0,0 @@
-categorize: './release-notes-assistant.sh'
-branch-development: 'forgejo'
-branch-pattern: 'v*/forgejo'
-branch-find-version: 'v(?P<version>\d+\.\d+)/forgejo'
-branch-to-version: '${version}.0'
-branch-from-version: 'v%[1]d.%[2]d/forgejo'
-tag-from-version: 'v%[1]d.%[2]d.%[3]d'
-branch-known:
-  - 'v7.0/forgejo'
-cleanup-line: 'sed -Ee "s/^(feat|fix):\s*//g" -e "s/^\[WIP\] //" -e "s/^WIP: //" -e "s;\[(UI|BUG|FEAT|v.*?/forgejo)\]\s*;;g"'
-render-header: |
-
-  ## Release notes
-comment: |
-  <details>
-  <summary>Where does that come from?</summary>
-  The following is a preview of the release notes for this pull request, as they will appear in the upcoming release. They are derived from the content of the `%[2]s/%[3]s.md` file, if it exists, or the title of the pull request. They were also added at the bottom of the description of this pull request for easier reference.
-
-  This message and the release notes originate from a call to the [release-notes-assistant](https://code.forgejo.org/forgejo/release-notes-assistant).
-
-  ```diff
-  %[4]s
-  ```
-
-  </details>
-
-  %[1]s

.stylelintrc.yaml

@@ -0,0 +1,223 @@
+plugins:
+  - stylelint-declaration-strict-value
+  - stylelint-declaration-block-no-ignored-properties
+  - "@stylistic/stylelint-plugin"
+
+ignoreFiles:
+  - "**/*.go"
+
+overrides:
+  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console.css", "font_i18n.css"]
+    rules:
+      scale-unlimited/declaration-strict-value: null
+  - files: ["**/chroma/*", "**/codemirror/*"]
+    rules:
+      block-no-empty: null
+  - files: ["**/*.vue"]
+    customSyntax: postcss-html
+
+rules:
+  "@stylistic/at-rule-name-case": null
+  "@stylistic/at-rule-name-newline-after": null
+  "@stylistic/at-rule-name-space-after": null
+  "@stylistic/at-rule-semicolon-newline-after": null
+  "@stylistic/at-rule-semicolon-space-before": null
+  "@stylistic/block-closing-brace-empty-line-before": null
+  "@stylistic/block-closing-brace-newline-after": null
+  "@stylistic/block-closing-brace-newline-before": null
+  "@stylistic/block-closing-brace-space-after": null
+  "@stylistic/block-closing-brace-space-before": null
+  "@stylistic/block-opening-brace-newline-after": null
+  "@stylistic/block-opening-brace-newline-before": null
+  "@stylistic/block-opening-brace-space-after": null
+  "@stylistic/block-opening-brace-space-before": always
+  "@stylistic/color-hex-case": lower
+  "@stylistic/declaration-bang-space-after": never
+  "@stylistic/declaration-bang-space-before": null
+  "@stylistic/declaration-block-semicolon-newline-after": null
+  "@stylistic/declaration-block-semicolon-newline-before": null
+  "@stylistic/declaration-block-semicolon-space-after": null
+  "@stylistic/declaration-block-semicolon-space-before": never
+  "@stylistic/declaration-block-trailing-semicolon": null
+  "@stylistic/declaration-colon-newline-after": null
+  "@stylistic/declaration-colon-space-after": null
+  "@stylistic/declaration-colon-space-before": never
+  "@stylistic/function-comma-newline-after": null
+  "@stylistic/function-comma-newline-before": null
+  "@stylistic/function-comma-space-after": null
+  "@stylistic/function-comma-space-before": null
+  "@stylistic/function-max-empty-lines": 0
+  "@stylistic/function-parentheses-newline-inside": never-multi-line
+  "@stylistic/function-parentheses-space-inside": null
+  "@stylistic/function-whitespace-after": null
+  "@stylistic/indentation": 2
+  "@stylistic/linebreaks": null
+  "@stylistic/max-empty-lines": 1
+  "@stylistic/max-line-length": null
+  "@stylistic/media-feature-colon-space-after": null
+  "@stylistic/media-feature-colon-space-before": never
+  "@stylistic/media-feature-name-case": null
+  "@stylistic/media-feature-parentheses-space-inside": null
+  "@stylistic/media-feature-range-operator-space-after": always
+  "@stylistic/media-feature-range-operator-space-before": always
+  "@stylistic/media-query-list-comma-newline-after": null
+  "@stylistic/media-query-list-comma-newline-before": null
+  "@stylistic/media-query-list-comma-space-after": null
+  "@stylistic/media-query-list-comma-space-before": null
+  "@stylistic/named-grid-areas-alignment": null
+  "@stylistic/no-empty-first-line": null
+  "@stylistic/no-eol-whitespace": true
+  "@stylistic/no-extra-semicolons": true
+  "@stylistic/no-missing-end-of-source-newline": null
+  "@stylistic/number-leading-zero": null
+  "@stylistic/number-no-trailing-zeros": null
+  "@stylistic/property-case": lower
+  "@stylistic/selector-attribute-brackets-space-inside": null
+  "@stylistic/selector-attribute-operator-space-after": null
+  "@stylistic/selector-attribute-operator-space-before": null
+  "@stylistic/selector-combinator-space-after": null
+  "@stylistic/selector-combinator-space-before": null
+  "@stylistic/selector-descendant-combinator-no-non-space": null
+  "@stylistic/selector-list-comma-newline-after": null
+  "@stylistic/selector-list-comma-newline-before": null
+  "@stylistic/selector-list-comma-space-after": always-single-line
+  "@stylistic/selector-list-comma-space-before": never-single-line
+  "@stylistic/selector-max-empty-lines": 0
+  "@stylistic/selector-pseudo-class-case": lower
+  "@stylistic/selector-pseudo-class-parentheses-space-inside": never
+  "@stylistic/selector-pseudo-element-case": lower
+  "@stylistic/string-quotes": double
+  "@stylistic/unicode-bom": null
+  "@stylistic/unit-case": lower
+  "@stylistic/value-list-comma-newline-after": null
+  "@stylistic/value-list-comma-newline-before": null
+  "@stylistic/value-list-comma-space-after": null
+  "@stylistic/value-list-comma-space-before": null
+  "@stylistic/value-list-max-empty-lines": 0
+  alpha-value-notation: null
+  annotation-no-unknown: true
+  at-rule-allowed-list: null
+  at-rule-disallowed-list: null
+  at-rule-empty-line-before: null
+  at-rule-no-unknown: [true, {ignoreAtRules: [tailwind]}]
+  at-rule-no-vendor-prefix: true
+  at-rule-property-required-list: null
+  block-no-empty: true
+  color-function-notation: null
+  color-hex-alpha: null
+  color-hex-length: null
+  color-named: null
+  color-no-hex: null
+  color-no-invalid-hex: true
+  comment-empty-line-before: null
+  comment-no-empty: true
+  comment-pattern: null
+  comment-whitespace-inside: null
+  comment-word-disallowed-list: null
+  custom-media-pattern: null
+  custom-property-empty-line-before: null
+  custom-property-no-missing-var-function: true
+  custom-property-pattern: null
+  declaration-block-no-duplicate-custom-properties: true
+  declaration-block-no-duplicate-properties: [true, {ignore: [consecutive-duplicates-with-different-values]}]
+  declaration-block-no-redundant-longhand-properties: null
+  declaration-block-no-shorthand-property-overrides: null
+  declaration-block-single-line-max-declarations: null
+  declaration-empty-line-before: null
+  declaration-no-important: null
+  declaration-property-max-values: null
+  declaration-property-unit-allowed-list: null
+  declaration-property-unit-disallowed-list: {line-height: [em]}
+  declaration-property-value-allowed-list: null
+  declaration-property-value-disallowed-list: null
+  declaration-property-value-no-unknown: true
+  font-family-name-quotes: always-where-recommended
+  font-family-no-duplicate-names: true
+  font-family-no-missing-generic-family-keyword: true
+  font-weight-notation: null
+  function-allowed-list: null
+  function-calc-no-unspaced-operator: true
+  function-disallowed-list: null
+  function-linear-gradient-no-nonstandard-direction: true
+  function-name-case: lower
+  function-no-unknown: true
+  function-url-no-scheme-relative: null
+  function-url-quotes: always
+  function-url-scheme-allowed-list: null
+  function-url-scheme-disallowed-list: null
+  hue-degree-notation: null
+  import-notation: string
+  keyframe-block-no-duplicate-selectors: true
+  keyframe-declaration-no-important: true
+  keyframe-selector-notation: null
+  keyframes-name-pattern: null
+  length-zero-no-unit: [true, ignore: [custom-properties], ignoreFunctions: [var]]
+  max-nesting-depth: null
+  media-feature-name-allowed-list: null
+  media-feature-name-disallowed-list: null
+  media-feature-name-no-unknown: true
+  media-feature-name-no-vendor-prefix: true
+  media-feature-name-unit-allowed-list: null
+  media-feature-name-value-allowed-list: null
+  media-feature-name-value-no-unknown: true
+  media-feature-range-notation: null
+  media-query-no-invalid: true
+  named-grid-areas-no-invalid: true
+  no-descending-specificity: null
+  no-duplicate-at-import-rules: true
+  no-duplicate-selectors: true
+  no-empty-source: true
+  no-invalid-double-slash-comments: true
+  no-invalid-position-at-import-rule: [true, ignoreAtRules: [tailwind]]
+  no-irregular-whitespace: true
+  no-unknown-animations: null
+  no-unknown-custom-properties: null
+  number-max-precision: null
+  plugin/declaration-block-no-ignored-properties: true
+  property-allowed-list: null
+  property-disallowed-list: null
+  property-no-unknown: true
+  property-no-vendor-prefix: null
+  rule-empty-line-before: null
+  rule-selector-property-disallowed-list: null
+  scale-unlimited/declaration-strict-value: [[/color$/, font-weight], {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor|none)$/, ignoreFunctions: false, disableFix: true, expandShorthand: true}]
+  selector-anb-no-unmatchable: true
+  selector-attribute-name-disallowed-list: null
+  selector-attribute-operator-allowed-list: null
+  selector-attribute-operator-disallowed-list: null
+  selector-attribute-quotes: always
+  selector-class-pattern: null
+  selector-combinator-allowed-list: null
+  selector-combinator-disallowed-list: null
+  selector-disallowed-list: null
+  selector-id-pattern: null
+  selector-max-attribute: null
+  selector-max-class: null
+  selector-max-combinators: null
+  selector-max-compound-selectors: null
+  selector-max-id: null
+  selector-max-pseudo-class: null
+  selector-max-specificity: null
+  selector-max-type: null
+  selector-max-universal: null
+  selector-nested-pattern: null
+  selector-no-qualifying-type: null
+  selector-no-vendor-prefix: true
+  selector-not-notation: null
+  selector-pseudo-class-allowed-list: null
+  selector-pseudo-class-disallowed-list: null
+  selector-pseudo-class-no-unknown: true
+  selector-pseudo-element-allowed-list: null
+  selector-pseudo-element-colon-notation: double
+  selector-pseudo-element-disallowed-list: null
+  selector-pseudo-element-no-unknown: true
+  selector-type-case: lower
+  selector-type-no-unknown: [true, {ignore: [custom-elements]}]
+  shorthand-property-no-redundant-values: true
+  string-no-newline: true
+  time-min-milliseconds: null
+  unit-allowed-list: null
+  unit-disallowed-list: null
+  unit-no-unknown: true
+  value-keyword-case: null
+  value-no-vendor-prefix: [true, {ignoreValues: [box, inline-box]}]

CODEOWNERS

@@ -6,6 +6,9 @@
 
 # Please mind the alphabetic order of reviewers.
 
+# Files related to the CI of the Forgejo project.
+.forgejo/.* @dachary @earl-warren
+
 # Files related to frontend development.
 
 # Javascript and CSS code.
@@ -13,28 +16,17 @@ web_src/.* @caesar @crystal @gusted
 
 # HTML templates used by the backend.
 templates/.* @caesar @crystal @gusted
-## the issue sidebar was touched by fnetx
-templates/repo/issue/view_content/sidebar.* @fnetx
-
-# Playwright tests
-tests/e2e/.* @fnetx
 
 # Files related to Go development.
 
 # The modules usually don't require much knowledge about Forgejo and could
 # be reviewed by Go developers.
-modules/.* @gusted
+modules/.* @dachary @earl-warren @gusted
 
 # Models has code related to SQL queries, general database knowledge and XORM.
-models/.* @gusted
+models/.* @dachary @earl-warren @gusted
 
 # The routers directory contains the most amount code that requires a good grasp
 # of how Forgejo comes together. It's tedious to write good integration testing
 # for code that lives in here.
-routers/.* @gusted
-
-# Let new strings be checked by the translation team.
-options/locale/locale_en-US.ini @0ko
-
-# Personal interest
-.*/webhook.* @oliverpool
+routers/.* @dachary @earl-warren @gusted

CONTRIBUTING.md

@@ -4,4 +4,4 @@ The Forgejo project is run by a community of people who are expected to follow t
 
 Sensitive security-related issues should be reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).
 
-You can find links to the different aspects of Developer documentation on this page: [Forgejo Contributor Guide](https://forgejo.org/docs/next/contributor/).
+You can find links to the different aspects of Developer documentation on this page: [Forgejo developer guide](https://forgejo.org/docs/next/developer/).

Dockerfile

@@ -1,13 +1,13 @@
 FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
 
-FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 as build-env
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22-alpine3.19 as build-env
 
 ARG GOPROXY
-ENV GOPROXY=${GOPROXY:-direct}
+ENV GOPROXY ${GOPROXY:-direct}
 
 ARG RELEASE_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS="bindata timetzdata $TAGS"
+ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS
 
 #
@@ -36,7 +36,7 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN make clean
 RUN make frontend
 RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini
-RUN LDFLAGS="-buildid=" make RELEASE_VERSION=$RELEASE_VERSION GOFLAGS="-trimpath" go-check generate-backend static-executable && xx-verify gitea
+RUN make RELEASE_VERSION=$RELEASE_VERSION go-check generate-backend static-executable && xx-verify gitea
 
 # Copy local files
 COPY docker/root /tmp/local
@@ -51,7 +51,7 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
               /go/src/code.gitea.io/gitea/environment-to-ini
 RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
 
-FROM code.forgejo.org/oci/alpine:3.20
+FROM docker.io/library/alpine:3.19
 ARG RELEASE_VERSION
 LABEL maintainer="contact@forgejo.org" \
       org.opencontainers.image.authors="Forgejo" \
@@ -60,7 +60,7 @@ LABEL maintainer="contact@forgejo.org" \
       org.opencontainers.image.source="https://codeberg.org/forgejo/forgejo" \
       org.opencontainers.image.version="${RELEASE_VERSION}" \
       org.opencontainers.image.vendor="Forgejo" \
-      org.opencontainers.image.licenses="GPL-3.0-or-later" \
+      org.opencontainers.image.licenses="MIT" \
       org.opencontainers.image.title="Forgejo. Beyond coding. We forge." \
       org.opencontainers.image.description="Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job."
 
@@ -92,8 +92,8 @@ RUN addgroup \
     git && \
   echo "git:*" | chpasswd -e
 
-ENV USER=git
-ENV GITEA_CUSTOM=/data/gitea
+ENV USER git
+ENV GITEA_CUSTOM /data/gitea
 
 VOLUME ["/data"]
 
@@ -103,6 +103,5 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY --from=build-env /tmp/local /
 RUN cd /usr/local/bin ; ln -s gitea forgejo
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
-RUN ln -s /app/gitea/gitea /app/gitea/forgejo-cli
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh

Dockerfile.rootless

@@ -1,13 +1,13 @@
 FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
 
-FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 as build-env
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22-alpine3.19 as build-env
 
 ARG GOPROXY
-ENV GOPROXY=${GOPROXY:-direct}
+ENV GOPROXY ${GOPROXY:-direct}
 
 ARG RELEASE_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS="bindata timetzdata $TAGS"
+ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS
 
 #
@@ -49,7 +49,7 @@ RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
               /go/src/code.gitea.io/gitea/environment-to-ini
 RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
 
-FROM code.forgejo.org/oci/alpine:3.20
+FROM docker.io/library/alpine:3.19
 LABEL maintainer="contact@forgejo.org" \
       org.opencontainers.image.authors="Forgejo" \
       org.opencontainers.image.url="https://forgejo.org" \
@@ -57,7 +57,7 @@ LABEL maintainer="contact@forgejo.org" \
       org.opencontainers.image.source="https://codeberg.org/forgejo/forgejo" \
       org.opencontainers.image.version="${RELEASE_VERSION}" \
       org.opencontainers.image.vendor="Forgejo" \
-      org.opencontainers.image.licenses="GPL-3.0-or-later" \
+      org.opencontainers.image.licenses="MIT" \
       org.opencontainers.image.title="Forgejo. Beyond coding. We forge." \
       org.opencontainers.image.description="Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job."
 
@@ -90,25 +90,22 @@ RUN chown git:git /var/lib/gitea /etc/gitea
 COPY --from=build-env /tmp/local /
 RUN cd /usr/local/bin ; ln -s gitea forgejo
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
-RUN ln -s /app/gitea/gitea /app/gitea/forgejo-cli
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 
 #git:git
 USER 1000:1000
-ENV GITEA_WORK_DIR=/var/lib/gitea
-ENV GITEA_CUSTOM=/var/lib/gitea/custom
-ENV GITEA_TEMP=/tmp/gitea
-ENV TMPDIR=/tmp/gitea
+ENV GITEA_WORK_DIR /var/lib/gitea
+ENV GITEA_CUSTOM /var/lib/gitea/custom
+ENV GITEA_TEMP /tmp/gitea
+ENV TMPDIR /tmp/gitea
 
-# Legacy config file for backwards compatibility
-# TODO: remove on next major version release
-ENV GITEA_APP_INI_LEGACY=/etc/gitea/app.ini
-
-ENV GITEA_APP_INI=${GITEA_CUSTOM}/conf/app.ini
-ENV HOME="/var/lib/gitea/git"
+#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+ENV GITEA_APP_INI /etc/gitea/app.ini
+ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
 WORKDIR /var/lib/gitea
 
 ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD []
+

LICENSE

@@ -1,674 +1,21 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<https://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<https://www.gnu.org/licenses/why-not-lgpl.html>.
+Copyright (c) 2022 The Forgejo Authors
+Copyright (c) 2016 The Gitea Authors
+Copyright (c) 2015 The Gogs Authors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

MAINTAINERS

@@ -0,0 +1,61 @@
+Alexey Makhov <amakhov@avito.ru> (@makhov)
+Bo-Yi Wu <appleboy.tw@gmail.com> (@appleboy)
+Ethan Koenig <ethantkoenig@gmail.com> (@ethantkoenig)
+Kees de Vries <bouwko@gmail.com> (@Bwko)
+Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
+LefsFlare <nobody@nobody.tld> (@LefsFlarey)
+Lunny Xiao <xiaolunwen@gmail.com> (@lunny)
+Rachid Zarouali <nobody@nobody.tld> (@xinity)
+Rémy Boulanouar <admin@dblk.org> (@DblK)
+Sandro Santilli <strk@kbt.io> (@strk)
+Thibault Meyer <meyer.thibault@gmail.com> (@0xbaadf00d)
+Thomas Boerger <thomas@webhippie.de> (@tboerger)
+Patrick G <geek1011@outlook.com> (@geek1011)
+Antoine Girard <sapk@sapk.fr> (@sapk)
+Lauris Bukšis-Haberkorns <lauris@nix.lv> (@lafriks)
+Jonas Östanbäck <jonas.ostanback@gmail.com> (@cez81)
+David Schneiderbauer <dschneiderbauer@gmail.com> (@daviian)
+Peter Žeby <morlinest@gmail.com> (@morlinest)
+Matti Ranta <techknowlogick@gitea.io> (@techknowlogick)
+Jonas Franz <info@jonasfranz.software> (@jonasfranz)
+Alexey Terentyev <axifnx@gmail.com> (@axifive)
+Lanre Adelowo <yo@lanre.wtf> (@adelowo)
+Konrad Langenberg <k@knt.li> (@kolaente)
+He-Long Zhang <outman99@hotmail.com> (@BetaCat0)
+Andrew Thornton <art27@cantab.net> (@zeripath)
+John Olheiser <john.olheiser@gmail.com> (@jolheiser)
+Richard Mahn <rich.mahn@unfoldingword.org> (@richmahn)
+Mrsdizzie <info@mrsdizzie.com> (@mrsdizzie)
+silverwind <me@silverwind.io> (@silverwind)
+Gary Kim <gary@garykim.dev> (@gary-kim)
+Guillermo Prandi <gitea.maint@mailfilter.com.ar> (@guillep2k)
+Mura Li <typeless@ctli.io> (@typeless)
+6543 <6543@obermui.de> (@6543)
+jaqra <jaqra@hotmail.com> (@jaqra)
+David Svantesson <davidsvantesson@gmail.com> (@davidsvantesson)
+a1012112796 <1012112796@qq.com> (@a1012112796)
+Karl Heinz Marbaise <kama@soebes.de> (@khmarbaise)
+Norwin Roosen <git@nroo.de> (@noerw)
+Kyle Dumont <kdumontnu@gmail.com> (@kdumontnu)
+Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)
+Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
+Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
+Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
+Leon Hofmeister <dev.lh@web.de> (@delvh)
+Wim <wim@42.be> (@42wim)
+Jason Song <i@wolfogre.com> (@wolfogre)
+Yarden Shoham <git@yardenshoham.com> (@yardenshoham)
+Yu Tian <zettat123@gmail.com> (@Zettat123)
+Eddie Yang <576951401@qq.com> (@yp05327)
+Dong Ge <gedong_1994@163.com> (@sillyguodong)
+Xinyi Gong <hestergong@gmail.com> (@HesterG)
+wxiaoguang <wxiaoguang@gmail.com> (@wxiaoguang)
+Gary Moon <gary@garymoon.net> (@garymoon)
+Philip Peterson <philip.c.peterson@gmail.com> (@philip-peterson)
+Denys Konovalov <kontakt@denyskon.de> (@denyskon)
+Punit Inani <punitinani1@gmail.com> (@puni9869)
+CaiCandong  <1290147055@qq.com> (@caicandong)
+Rui Chen  <rui@chenrui.dev> (@chenrui333)
+Nanguan Lin <nanguanlin6@gmail.com> (@lng2020)
+kerwin612 <kerwin612@qq.com> (@kerwin612)
+Gary Wang <git@blumia.net> (@BLumia)

Makefile

@@ -24,32 +24,24 @@ HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes)
 COMMA := ,
 DIFF ?= diff --unified
 
-ifeq ($(USE_GOTESTSUM), yes)
-	GOTEST ?= gotestsum --
-	GOTESTCOMPILEDRUNPREFIX ?= gotestsum --raw-command -- go tool test2json -t
-	GOTESTCOMPILEDRUNSUFFIX ?= -test.v=test2json
-else
-	GOTEST ?= $(GO) test
-	GOTESTCOMPILEDRUNPREFIX ?=
-	GOTESTCOMPILEDRUNSUFFIX ?=
-endif
-
 XGO_VERSION := go-1.21.x
 
-AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.0.3 # renovate: datasource=go
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.7.0 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.0 # renovate: datasource=go
-GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11 # renovate: datasource=go
-MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.6.0 # renovate: datasource=go
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.49.0
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker@2.8.0
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.6.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.56.1
+GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
+MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.4.1
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.6-0.20240201115257-bcc7c78b7786
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
-GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.26.0 # renovate: datasource=go
-GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.4.0 # renovate: datasource=go
-GOPLS_PACKAGE ?= golang.org/x/tools/gopls@v0.16.2 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@39.9.1 # renovate: datasource=docker packageName=code.forgejo.org/forgejo-contrib/renovate
+GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1.0.3
+ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.6.26
+DEADCODE_PACKAGE ?= golang.org/x/tools/internal/cmd/deadcode@v0.14.0
+
+DOCKER_IMAGE ?= gitea/gitea
+DOCKER_TAG ?= latest
+DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
 
 ifeq ($(HAS_GO), yes)
 	CGO_EXTRA_CFLAGS := -DSQLITE_MAX_VARIABLE_NUMBER=32766
@@ -90,7 +82,7 @@ endif
 STORED_VERSION_FILE := VERSION
 HUGO_VERSION ?= 0.111.3
 
-GITEA_COMPATIBILITY ?= gitea-1.22.0
+GITEA_COMPATIBILITY ?= gitea-1.21.11
 
 STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null)
 ifneq ($(STORED_VERSION),)
@@ -129,17 +121,15 @@ LDFLAGS := $(LDFLAGS) -X "main.ReleaseVersion=$(RELEASE_VERSION)" -X "main.MakeV
 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64
 
 ifeq ($(HAS_GO), yes)
-	GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) $(shell $(GO) list code.gitea.io/gitea/models/forgejo_migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./...))
+	GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) $(shell $(GO) list code.gitea.io/gitea/models/forgejo_migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
 endif
-REMOTE_CACHER_MODULES ?= cache nosql session queue
-GO_TEST_REMOTE_CACHER_PACKAGES ?= $(addprefix code.gitea.io/gitea/modules/,$(REMOTE_CACHER_MODULES))
 
 FOMANTIC_WORK_DIR := web_src/fomantic
 
 WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
 WEBPACK_CONFIGS := webpack.config.js tailwind.config.js
 WEBPACK_DEST := public/assets/js/index.js public/assets/css/index.css
-WEBPACK_DEST_ENTRIES := public/assets/js public/assets/css public/assets/fonts
+WEBPACK_DEST_ENTRIES := public/assets/js public/assets/css public/assets/fonts public/assets/img/webpack
 
 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))
@@ -164,8 +154,9 @@ TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMAN
 GO_DIRS := build cmd models modules routers services tests
 WEB_DIRS := web_src/js web_src/css
 
+ESLINT_FILES := web_src/js tools *.config.js tests/e2e
 STYLELINT_FILES := web_src/css web_src/js/components/*.vue
-SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github $(wildcard *.go *.js *.ts *.vue *.md *.yml *.yaml *.toml)
+SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github
 
 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go)
@@ -194,10 +185,9 @@ SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape}}/api/v1"|"basePa
 SWAGGER_EXCLUDE := code.gitea.io/sdk
 SWAGGER_NEWLINE_COMMAND := -e '$$a\'
 SWAGGER_SPEC_BRANDING := s|Gitea API|Forgejo API|g
-SWAGGER_SPEC_LICENSE := s|"name": "MIT"|"name": "This file is distributed under the MIT license for the purpose of interoperability"|
 
 TEST_MYSQL_HOST ?= mysql:3306
-TEST_MYSQL_DBNAME ?= testgitea?multiStatements=true
+TEST_MYSQL_DBNAME ?= testgitea
 TEST_MYSQL_USERNAME ?= root
 TEST_MYSQL_PASSWORD ?=
 TEST_PGSQL_HOST ?= pgsql:5432
@@ -205,6 +195,10 @@ TEST_PGSQL_DBNAME ?= testgitea
 TEST_PGSQL_USERNAME ?= postgres
 TEST_PGSQL_PASSWORD ?= postgres
 TEST_PGSQL_SCHEMA ?= gtestschema
+TEST_MSSQL_HOST ?= mssql:1433
+TEST_MSSQL_DBNAME ?= gitea
+TEST_MSSQL_USERNAME ?= sa
+TEST_MSSQL_PASSWORD ?= MwantsaSecurePassword1
 
 .PHONY: all
 all: build
@@ -212,7 +206,7 @@ all: build
 .PHONY: help
 help:
 	@echo "Make Routines:"
-	@echo " - \"\"                             equivalent to \"build\""
+	@echo " - \"\"                               equivalent to \"build\""
 	@echo " - build                            build everything"
 	@echo " - frontend                         build frontend files"
 	@echo " - backend                          build backend files"
@@ -228,17 +222,14 @@ help:
 	@echo " - deps-py                          install python dependencies"
 	@echo " - lint                             lint everything"
 	@echo " - lint-fix                         lint everything and fix issues"
+	@echo " - lint-actions                     lint action workflow files"
 	@echo " - lint-frontend                    lint frontend files"
 	@echo " - lint-frontend-fix                lint frontend files and fix issues"
 	@echo " - lint-backend                     lint backend files"
 	@echo " - lint-backend-fix                 lint backend files and fix issues"
-	@echo " - lint-codespell                   lint typos"
-	@echo " - lint-codespell-fix               lint typos and fix them automatically"
-	@echo " - lint-codespell-fix-i             lint typos and fix them interactively"
 	@echo " - lint-go                          lint go files"
 	@echo " - lint-go-fix                      lint go files and fix issues"
 	@echo " - lint-go-vet                      lint go files with vet"
-	@echo " - lint-go-gopls                    lint go files with gopls"
 	@echo " - lint-js                          lint js files"
 	@echo " - lint-js-fix                      lint js files and fix issues"
 	@echo " - lint-css                         lint css files"
@@ -246,7 +237,6 @@ help:
 	@echo " - lint-md                          lint markdown files"
 	@echo " - lint-swagger                     lint swagger files"
 	@echo " - lint-templates                   lint template files"
-	@echo " - lint-renovate                    lint renovate files"
 	@echo " - lint-yaml                        lint yaml files"
 	@echo " - lint-spell                       lint spelling"
 	@echo " - lint-spell-fix                   lint spelling and fix issues"
@@ -257,10 +247,11 @@ help:
 	@echo " - show-version-full                show the same version as the API endpoint"
 	@echo " - show-version-major               show major release number only"
 	@echo " - test-frontend                    test frontend files"
-	@echo " - test-frontend-coverage           test frontend files and display code coverage"
 	@echo " - test-backend                     test backend files"
-	@echo " - test-remote-cacher               test backend files that use a remote cache"
-	@echo " - test-e2e-sqlite[\#name.test.e2e] test end to end using playwright and sqlite"
+	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
+	@echo " - update                           update js and py dependencies"
+	@echo " - update-js                        update js dependencies"
+	@echo " - update-py                        update py dependencies"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
@@ -269,20 +260,14 @@ help:
 	@echo " - generate-license                 update license files"
 	@echo " - generate-gitignore               update gitignore files"
 	@echo " - generate-manpage                 generate manpage"
-	@echo " - generate-gomock                  generate gomock files"
 	@echo " - generate-forgejo-api             generate the forgejo API from spec"
 	@echo " - forgejo-api-validate             check if the forgejo API matches the specs"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - go-licenses                      regenerate go licenses"
 	@echo " - tidy                             run go mod tidy"
-	@echo " - test[\#TestSpecificName]         run unit test"
+	@echo " - test[\#TestSpecificName]    	    run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
-	@echo " - reproduce-build\#version         build a reproducible binary for the specified release version"
-
-###
-# Check system and environment requirements
-###
 
 .PHONY: go-check
 go-check:
@@ -290,14 +275,14 @@ go-check:
 	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
 	$(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
-		echo "Forgejo requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
+		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
 		exit 1; \
 	fi
 
 .PHONY: git-check
 git-check:
 	@if git lfs >/dev/null 2>&1 ; then : ; else \
-		echo "Forgejo requires git with lfs support to run tests." ; \
+		echo "Gitea requires git with lfs support to run tests." ; \
 		exit 1; \
 	fi
 
@@ -308,14 +293,10 @@ node-check:
 	$(eval NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell node -v | cut -c2- | tr '.' ' ');))
 	$(eval NPM_MISSING := $(shell hash npm > /dev/null 2>&1 || echo 1))
 	@if [ "$(NODE_VERSION)" -lt "$(MIN_NODE_VERSION)" -o "$(NPM_MISSING)" = "1" ]; then \
-		echo "Forgejo requires Node.js $(MIN_NODE_VERSION_STR) or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \
+		echo "Gitea requires Node.js $(MIN_NODE_VERSION_STR) or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \
 		exit 1; \
 	fi
 
-###
-# Basic maintenance, check and lint targets
-###
-
 .PHONY: clean-all
 clean-all: clean
 	rm -rf $(WEBPACK_DEST_ENTRIES) node_modules
@@ -327,14 +308,14 @@ clean:
 		e2e*.test \
 		tests/integration/gitea-integration-* \
 		tests/integration/indexers-* \
-		tests/mysql.ini tests/pgsql.ini man/ \
+		tests/mysql.ini tests/pgsql.ini tests/mssql.ini man/ \
 		tests/e2e/gitea-e2e-*/ \
 		tests/e2e/indexers-*/ \
 		tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/
 
 .PHONY: fmt
 fmt:
-	@GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
+	GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
 	$(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
 	@# strip whitespace after '{{' or '(' and before '}}' or ')' unless there is only
 	@# whitespace before it
@@ -382,7 +363,6 @@ $(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_BRANDING)' './$(SWAGGER_SPEC)'
-	$(SED_INPLACE) '$(SWAGGER_SPEC_LICENSE)' './$(SWAGGER_SPEC)'
 
 .PHONY: swagger-check
 swagger-check: generate-swagger
@@ -417,30 +397,18 @@ lint-frontend: lint-js lint-css
 lint-frontend-fix: lint-js-fix lint-css-fix
 
 .PHONY: lint-backend
-lint-backend: lint-go lint-go-vet lint-editorconfig lint-renovate lint-locale
+lint-backend: lint-go lint-go-vet lint-editorconfig
 
 .PHONY: lint-backend-fix
 lint-backend-fix: lint-go-fix lint-go-vet lint-editorconfig
 
-.PHONY: lint-codespell
-lint-codespell:
-	codespell
-
-.PHONY: lint-codespell-fix
-lint-codespell-fix:
-	codespell -w
-
-.PHONY: lint-codespell-fix-i
-lint-codespell-fix-i:
-	codespell -w -i 3 -C 2
-
 .PHONY: lint-js
 lint-js: node_modules
-	npx eslint --color --max-warnings=0
+	npx eslint --color --max-warnings=0 --ext js,vue $(ESLINT_FILES)
 
 .PHONY: lint-js-fix
 lint-js-fix: node_modules
-	npx eslint --color --max-warnings=0 --fix
+	npx eslint --color --max-warnings=0 --ext js,vue $(ESLINT_FILES) --fix
 
 .PHONY: lint-css
 lint-css: node_modules
@@ -454,41 +422,29 @@ lint-css-fix: node_modules
 lint-swagger: node_modules
 	npx spectral lint -q -F hint $(SWAGGER_SPEC)
 
-.PHONY: lint-renovate
-lint-renovate: node_modules
-	npx --yes --package $(RENOVATE_NPM_PACKAGE) -- renovate-config-validator --strict > .lint-renovate 2>&1 || true
-	@if grep --quiet --extended-regexp -e '^( WARN:|ERROR:)' .lint-renovate ; then cat .lint-renovate ; rm .lint-renovate ; exit 1 ; fi
-	@rm .lint-renovate
-
-.PHONY: lint-locale
-lint-locale:
-	$(GO) run build/lint-locale.go
-
 .PHONY: lint-md
 lint-md: node_modules
 	npx markdownlint docs *.md
 
 .PHONY: lint-spell
-lint-spell: lint-codespell
+lint-spell:
 	@go run $(MISSPELL_PACKAGE) -error $(SPELLCHECK_FILES)
 
 .PHONY: lint-spell-fix
-lint-spell-fix: lint-codespell-fix
+lint-spell-fix:
 	@go run $(MISSPELL_PACKAGE) -w $(SPELLCHECK_FILES)
 
-RUN_DEADCODE = $(GO) run $(DEADCODE_PACKAGE) -generated=false -f='{{println .Path}}{{range .Funcs}}{{printf "\t%s\n" .Name}}{{end}}{{println}}' -test code.gitea.io/gitea
-
 .PHONY: lint-go
 lint-go:
 	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS)
-	$(RUN_DEADCODE) > .cur-deadcode-out
+	$(GO) run $(DEADCODE_PACKAGE) -generated=false -test code.gitea.io/gitea > .cur-deadcode-out
 	@$(DIFF) .deadcode-out .cur-deadcode-out \
 	|| (code=$$?; echo "Please run 'make lint-go-fix' and commit the result"; exit $${code})
 
 .PHONY: lint-go-fix
 lint-go-fix:
 	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS) --fix
-	$(RUN_DEADCODE) > .deadcode-out
+	$(GO) run $(DEADCODE_PACKAGE) -generated=false -test code.gitea.io/gitea > .deadcode-out
 
 # workaround step for the lint-go-windows CI task because 'go run' can not
 # have distinct GOOS/GOARCH for its build and run steps
@@ -502,15 +458,14 @@ lint-go-vet:
 	@echo "Running go vet..."
 	@$(GO) vet ./...
 
-.PHONY: lint-go-gopls
-lint-go-gopls:
-	@echo "Running gopls check..."
-	@GO=$(GO) GOPLS_PACKAGE=$(GOPLS_PACKAGE) tools/lint-go-gopls.sh $(GO_SOURCES_NO_BINDATA)
-
 .PHONY: lint-editorconfig
 lint-editorconfig:
 	$(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates .forgejo/workflows
 
+.PHONY: lint-actions
+lint-actions:
+	$(GO) run $(ACTIONLINT_PACKAGE)
+
 .PHONY: lint-templates
 lint-templates: .venv node_modules
 	@node tools/lint-templates-svg.js
@@ -520,14 +475,6 @@ lint-templates: .venv node_modules
 lint-yaml: .venv
 	@poetry run yamllint .
 
-.PHONY: security-check
-security-check:
-	go run $(GOVULNCHECK_PACKAGE) ./...
-
-###
-# Development and testing targets
-###
-
 .PHONY: watch
 watch:
 	@bash tools/watch.sh
@@ -547,21 +494,12 @@ test: test-frontend test-backend
 .PHONY: test-backend
 test-backend:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
-
-.PHONY: test-remote-cacher
-test-remote-cacher:
-	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_REMOTE_CACHER_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
 
 .PHONY: test-frontend
 test-frontend: node_modules
 	npx vitest
 
-.PHONY: test-frontend-coverage
-test-frontend-coverage: node_modules
-	npx vitest --coverage --coverage.include 'web_src/**'
-
 .PHONY: test-check
 test-check:
 	@echo "Running test-check...";
@@ -577,7 +515,7 @@ test-check:
 .PHONY: test\#%
 test\#%:
 	@echo "Running go test with -tags '$(TEST_TAGS)'..."
-	@$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
 
 .PHONY: coverage
 coverage:
@@ -588,7 +526,7 @@ coverage:
 .PHONY: unit-test-coverage
 unit-test-coverage:
 	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GOTEST) $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
 
 .PHONY: tidy
 tidy:
@@ -609,7 +547,7 @@ tidy-check: tidy
 go-licenses: $(GO_LICENSE_FILE)
 
 $(GO_LICENSE_FILE): go.mod go.sum
-	-$(shell $(GO) env GOROOT)/bin/go run $(GO_LICENSES_PACKAGE) save . --force --ignore code.gitea.io/gitea --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null
+	-$(shell $(GO) env GOROOT)/bin/go run $(GO_LICENSES_PACKAGE) save . --force --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null
 	$(GO) run build/generate-go-licenses.go $(GO_LICENSE_TMP_DIR) $(GO_LICENSE_FILE)
 	@rm -rf $(GO_LICENSE_TMP_DIR)
 
@@ -621,11 +559,11 @@ generate-ini-sqlite:
 
 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test
 
 .PHONY: test-sqlite\#%
 test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
 
 .PHONY: test-sqlite-migration
 test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test
@@ -642,11 +580,11 @@ generate-ini-mysql:
 
 .PHONY: test-mysql
 test-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.mysql.test $(GOTESTCOMPILEDRUNSUFFIX)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test
 
 .PHONY: test-mysql\#%
 test-mysql\#%: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
 
 .PHONY: test-mysql-migration
 test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test
@@ -660,20 +598,40 @@ generate-ini-pgsql:
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
 		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
-		-e 's|{{TEST_STORAGE_TYPE}}|$(or $(TEST_STORAGE_TYPE),minio)|g' \
 			tests/pgsql.ini.tmpl > tests/pgsql.ini
 
 .PHONY: test-pgsql
 test-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test
 
 .PHONY: test-pgsql\#%
 test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./integrations.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
 
 .PHONY: test-pgsql-migration
 test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test
 
+generate-ini-mssql:
+	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
+		-e 's|{{TEST_MSSQL_DBNAME}}|${TEST_MSSQL_DBNAME}|g' \
+		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
+		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
+		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
+		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
+			tests/mssql.ini.tmpl > tests/mssql.ini
+
+.PHONY: test-mssql
+test-mssql: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test
+
+.PHONY: test-mssql\#%
+test-mssql\#%: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
+
+.PHONY: test-mssql-migration
+test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test
+
 .PHONY: playwright
 playwright: deps-frontend
 	npx playwright install $(PLAYWRIGHT_FLAGS)
@@ -688,34 +646,39 @@ test-e2e: test-e2e-sqlite
 
 .PHONY: test-e2e-sqlite
 test-e2e-sqlite: playwright e2e.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestE2e
 
 .PHONY: test-e2e-sqlite\#%
 test-e2e-sqlite\#%: playwright e2e.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$*
-
-.PHONY: test-e2e-sqlite-firefox\#%
-test-e2e-sqlite-firefox\#%: playwright e2e.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini PLAYWRIGHT_PROJECT=firefox $(GOTESTCOMPILEDRUNPREFIX) ./e2e.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestE2e/$*
 
 .PHONY: test-e2e-mysql
 test-e2e-mysql: playwright e2e.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test -test.run TestE2e
 
 .PHONY: test-e2e-mysql\#%
 test-e2e-mysql\#%: playwright e2e.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.mysql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test -test.run TestE2e/$*
 
 .PHONY: test-e2e-pgsql
 test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test -test.run TestE2e
 
 .PHONY: test-e2e-pgsql\#%
 test-e2e-pgsql\#%: playwright e2e.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./e2e.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX) -test.run TestE2e/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test -test.run TestE2e/$*
+
+.PHONY: test-e2e-mssql
+test-e2e-mssql: playwright e2e.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test -test.run TestE2e
+
+.PHONY: test-e2e-mssql\#%
+test-e2e-mssql\#%: playwright e2e.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test -test.run TestE2e/$*
 
 .PHONY: test-e2e-debugserver
 test-e2e-debugserver: e2e.sqlite.test generate-ini-sqlite
+	sed -i s/3003/3000/g tests/sqlite.ini
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestDebugserver -test.timeout 24h
 
 .PHONY: bench-sqlite
@@ -726,6 +689,10 @@ bench-sqlite: integrations.sqlite.test generate-ini-sqlite
 bench-mysql: integrations.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
+.PHONY: bench-mssql
+bench-mssql: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+
 .PHONY: bench-pgsql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
@@ -739,81 +706,99 @@ integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sq
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
 
 integrations.mysql.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test
 
 integrations.pgsql.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test
+
+integrations.mssql.test: git-check $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mssql.test
 
 integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'
 
 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
 
 integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
 
 .PHONY: migrations.mysql.test
 migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.mysql.test $(GOTESTCOMPILEDRUNSUFFIX)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test
 
 .PHONY: migrations.pgsql.test
 migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test
+
+.PHONY: migrations.mssql.test
+migrations.mssql.test: $(GO_SOURCES) generate-ini-mssql
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mssql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test
 
 .PHONY: migrations.sqlite.test
 migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test
 
 .PHONY: migrations.individual.mysql.test
 migrations.individual.mysql.test: $(GO_SOURCES)
 	for pkg in $(MIGRATION_PACKAGES); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1; \
+		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1; \
 	done
 
 .PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 
 .PHONY: migrations.individual.pgsql.test
 migrations.individual.pgsql.test: $(GO_SOURCES)
 	for pkg in $(MIGRATION_PACKAGES); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1;\
+		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1;\
 	done
 
 .PHONY: migrations.individual.pgsql.test\#%
 migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+
+
+.PHONY: migrations.individual.mssql.test
+migrations.individual.mssql.test: $(GO_SOURCES) generate-ini-mssql
+	for pkg in $(MIGRATION_PACKAGES); do \
+		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' -test.failfast $$pkg || exit 1; \
+	done
+
+.PHONY: migrations.individual.mssql.test\#%
+migrations.individual.mssql.test\#%: $(GO_SOURCES) generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 
 .PHONY: migrations.individual.sqlite.test
 migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
 	for pkg in $(MIGRATION_PACKAGES); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1; \
+		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg || exit 1; \
 	done
 
 .PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 
 e2e.mysql.test: $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
 
 e2e.pgsql.test: $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test
+
+e2e.mssql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mssql.test
 
 e2e.sqlite.test: $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'
 
 .PHONY: check
 check: test
 
-###
-# Production / build targets
-###
-
 .PHONY: install $(TAGS_PREREQ)
 install: $(wildcard *.go)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) install -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)'
@@ -837,12 +822,16 @@ generate-backend: $(TAGS_PREREQ) generate-go
 .PHONY: generate-go
 generate-go: $(TAGS_PREREQ)
 	@echo "Running go generate..."
-	@CC= GOOS= GOARCH= CGO_ENABLED=0 $(GO) generate -tags '$(TAGS)' ./...
+	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' ./...
 
 .PHONY: merge-locales
 merge-locales:
 	@echo "NOT NEEDED: THIS IS A NOOP AS OF Forgejo 7.0 BUT KEPT FOR BACKWARD COMPATIBILITY"
 
+.PHONY: security-check
+security-check:
+	go run $(GOVULNCHECK_PACKAGE) ./...
+
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
 
@@ -864,6 +853,9 @@ $(DIST_DIRS):
 .PHONY: release-windows
 release-windows: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+ifeq (,$(findstring gogit,$(TAGS)))
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
+endif
 
 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
@@ -906,30 +898,6 @@ release-sources: | $(DIST_DIRS)
 release-docs: | $(DIST_DIRS) docs
 	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs .
 
-.PHONY: reproduce-build
-reproduce-build:
-# Start building the Dockerfile with the RELEASE_VERSION tag set. GOPROXY is set
-# for convience, because the default of the Dockerfile is `direct` which can be
-# quite slow.
-	@docker build --build-arg="RELEASE_VERSION=$(RELEASE_VERSION)" --build-arg="GOPROXY=$(shell $(GO) env GOPROXY)" --tag "forgejo-reproducibility" .
-	@id=$$(docker create forgejo-reproducibility); \
-	docker cp $$id:/app/gitea/gitea ./forgejo; \
-	docker rm -v $$id; \
-	docker image rm forgejo-reproducibility:latest
-
-.PHONY: reproduce-build\#%
-reproduce-build\#%:
-	@git switch -d "$*"
-# All the current variables are based on information before the git checkout happened.
-# Call the makefile again, so these variables are correct and can be used for building
-# a reproducible binary. Always execute git switch -, to go back to the previous branch.
-	@make reproduce-build; \
-	(code=$$?; git switch -; exit $${code})
-
-###
-# Dependency management
-###
-
 .PHONY: deps
 deps: deps-frontend deps-backend deps-tools deps-py
 
@@ -955,15 +923,31 @@ deps-tools:
 	$(GO) install $(XGO_PACKAGE)
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
-	$(GO) install $(GOMOCK_PACKAGE)
-	$(GO) install $(GOPLS_PACKAGE)
+	$(GO) install $(ACTIONLINT_PACKAGE)
 
 node_modules: package-lock.json
 	npm install --no-save
 	@touch node_modules
 
 .venv: poetry.lock
-	poetry install
+	poetry install --no-root
+	@touch .venv
+
+.PHONY: update
+update: update-js update-py
+
+.PHONY: update-js
+update-js: node-check | node_modules
+	npx updates -u -f package.json
+	rm -rf node_modules package-lock.json
+	npm install --package-lock
+	@touch node_modules
+
+.PHONY: update-py
+update-py: node-check | node_modules
+	npx updates -u -f pyproject.toml
+	rm -rf .venv poetry.lock
+	poetry install --no-root
 	@touch .venv
 
 .PHONY: fomantic
@@ -984,9 +968,8 @@ webpack: $(WEBPACK_DEST)
 
 $(WEBPACK_DEST): $(WEBPACK_SOURCES) $(WEBPACK_CONFIGS) package-lock.json
 	@$(MAKE) -s node-check node_modules
-	@rm -rf $(WEBPACK_DEST_ENTRIES)
-	@echo "Running webpack..."
-	@BROWSERSLIST_IGNORE_OLD_DATA=true npx webpack
+	rm -rf $(WEBPACK_DEST_ENTRIES)
+	npx webpack
 	@touch $(WEBPACK_DEST)
 
 .PHONY: svg
@@ -1006,6 +989,16 @@ lockfile-check:
 	@git diff --exit-code --color=always package-lock.json \
 	|| (code=$$?; echo "Please run 'npm install --package-lock-only' and commit the result"; exit $${code})
 
+.PHONY: update-translations
+update-translations:
+	mkdir -p ./translations
+	cd ./translations && curl -L https://crowdin.com/download/project/gitea.zip > gitea.zip && unzip gitea.zip
+	rm ./translations/gitea.zip
+	$(SED_INPLACE) -e 's/="/=/g' -e 's/"$$//g' ./translations/*.ini
+	$(SED_INPLACE) -e 's/\\"/"/g' ./translations/*.ini
+	mv ./translations/*.ini ./options/locale/
+	rmdir ./translations
+
 .PHONY: generate-license
 generate-license:
 	$(GO) run build/generate-licenses.go
@@ -1014,13 +1007,9 @@ generate-license:
 generate-gitignore:
 	$(GO) run build/generate-gitignores.go
 
-.PHONY: generate-gomock
-generate-gomock:
-	$(GO) run $(GOMOCK_PACKAGE) -package mock -destination ./modules/queue/mock/redisuniversalclient.go code.gitea.io/gitea/modules/nosql RedisClient
-
 .PHONY: generate-images
 generate-images: | node_modules
-	npm install --no-save fabric@6 imagemin-zopfli@7
+	npm install --no-save fabric@6.0.0-beta20 imagemin-zopfli@7
 	node tools/generate-images.js $(TAGS)
 
 .PHONY: generate-manpage
@@ -1031,6 +1020,11 @@ generate-manpage:
 	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
 	@#TODO A small script that formats config-cheat-sheet.en-us.md nicely for use as a config man page
 
+.PHONY: docker
+docker:
+	docker build --disable-content-trust=false -t $(DOCKER_REF) .
+# support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite sqlite_unlock_notify"  .
+
 # This endif closes the if at the top of the file
 endif
 

README.md

@@ -40,11 +40,6 @@ If you like any of the following, Forgejo is literally meant for you:
 
 Dive into the [documentation](https://forgejo.org/docs/latest/), subscribe to releases and blog post on [our website](https://forgejo.org), <a href="https://floss.social/@forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#forgejo-chat:matrix.org) if you have any questions or want to get involved.
 
-## License
-
-Forgejo is distributed under the terms of the [GPL version 3.0](LICENSE) or any later version.
-
-The agreement for this license [was documented in June 2023](https://codeberg.org/forgejo/governance/pulls/24) and implemented during the development of Forgejo v9.0. All Forgejo versions before v9.0 are distributed under the MIT license.
 
 ## Get involved
 

RELEASE-NOTES.md

@@ -1,278 +1,9 @@
 # Release Notes
 
-A minor or major Forgejo release is published every [three months](https://forgejo.org/docs/latest/developer/release/#release-cycle), with more patch releases in between depending on the severity of the bug and security fixes it contains.
+A minor or major Forgejo release is published every [three months](https://forgejo.org/docs/latest/user/versions/), with more patch releases in between depending on the severity of the bug and security fixes it contains.
 
 A [patch or minor release](https://semver.org/spec/v2.0.0.html) (e.g. upgrading from v7.0.0 to v7.0.1 or v7.1.0) does not require manual intervention. But [major releases](https://semver.org/spec/v2.0.0.html#spec-item-8) where the first version number changes (e.g. upgrading from v1.21 to v7.0) contain breaking changes and the release notes explain how to deal with them.
 
-The release notes of each release [are available in the corresponding milestone](https://codeberg.org/forgejo/forgejo/milestones), starting with [Forgejo 7.0.7](https://codeberg.org/forgejo/forgejo/milestone/7683) and [Forgejo 8.0.1](https://codeberg.org/forgejo/forgejo/milestone/7682).
-
-## 9.0.2
-
-The Forgejo v9.0.2 release notes are [available in the v9.0.2 milestone](https://codeberg.org/forgejo/forgejo/milestone/8610).
-
-## 9.0.1
-
-The Forgejo v9.0.1 release notes are [available in the v9.0.1 milestone](https://codeberg.org/forgejo/forgejo/milestone/8544).
-
-## 9.0.0
-
-The Forgejo v9.0.0 release notes are [available in the v9.0.0 milestone](https://codeberg.org/forgejo/forgejo/milestone/7235).
-
-## 8.0.3
-
-The Forgejo v8.0.3 release notes are [available in the v8.0.3 milestone](https://codeberg.org/forgejo/forgejo/milestone/8231).
-
-## 8.0.2
-
-The Forgejo v8.0.2 release notes are [available in the v8.0.2 milestone](https://codeberg.org/forgejo/forgejo/milestone/7728).
-
-## 8.0.1
-
-The Forgejo v8.0.1 release notes are [available in the v8.0.1 milestone](https://codeberg.org/forgejo/forgejo/milestone/7682).
-
-## 8.0.0
-
-A [companion blog post](https://forgejo.org/2024-07-release-v8-0/) provides additional context on this release. In addition to the pull requests listed below, you will find a complete list in the [v8.0 milestone](https://codeberg.org/forgejo/forgejo/milestone/6042).
-
-- Two frontend features were removed because a license incompatibility was discovered. [Read more in the dedicated blog post](https://forgejo.org/2024-07-non-free-dependency-found/).
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4670): [Mermaid](https://mermaid.js.org/) rendering: `%%{init: {"flowchart": {"defaultRenderer": "elk"}} }%%` will now fail because [ELK](https://github.com/kieler/elkjs) is no longer included.
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4595): Repository citation: Removed the ability to export citations in APA format.
-<!--start release-notes-assistant-->
-<!--URL:https://codeberg.org/forgejo/forgejo-->
-- **Breaking**
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3040): <!--number 3040 --><!--number--><!--description -->remove Microsoft SQL Server support see [the discussion](https://codeberg.org/forgejo/discussions/issues/122).<!--description-->
-- **User interface features & enhancements**
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4590) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4571)): <!--number 4590 --><!--number--><!--description -->Replace `vue-bar-graph` with `chart.js`<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4201): <!--number 4201 --><!--number--><!--description Make tooltip of Author label in comments more clear-->make the tooltip of the author label in comments clearer.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4189): <!--number 4189 --><!--number--><!--description User profiles: only show RSS feed button and Public activity tab when the activity can be accessed, add messages about visibility-->only show the RSS feed button and Public activity tab in user profiles when the activity can be accessed and add messages about visibility.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4139): <!--number 4139 --><!--number--><!--description reorder repo tabs for better UX: (i) `Actions` is now the last tab (ii) `Packages` are located after Releases (iii) this puts Projects after Pull requests. (tab positions may depend on which units are enabled in the repo).-->reorder repo tabs for better UX: (i) `Actions` is now the last tab (ii) `Packages` are located after Releases (iii) this puts Projects after Pull requests. (tab positions may depend on which units are enabled in the repo).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4134): <!--number 4134 --><!--number--><!--description Code Search results are now displayed in a foldable box-->code search results are now displayed in a foldable box.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4095): <!--number 4095 --><!--number--><!--description Disable Subscribe button for guest users.-->disable the `Subscribe` button for guest users.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4072): <!--number 4072 --><!--number--><!--description multine placeholder-->
-    - Added Enter key handling to the new Markdown editor: Pressing Enter while in a list, quote or code block will copy the prefix to the new line - Ordered list index will be increased for the new line, and task list "checkbox" will be unchecked.
-    - Added indent/unindent function for a line or selection. Currently available as toolbar buttons ([#4263](https://codeberg.org/forgejo/forgejo/pulls/4263)).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3985): <!--number 3985 --><!--number--><!--description Added support for displaying images based on the users current color code by using an anchor of `#dark-mode-only` or `#light-mode-only` respectively. Also supporting the github variants (e.g. `#gh-dark-mode-only`).-->added support for displaying images based on the users current color code by using an anchor of `#dark-mode-only` or `#light-mode-only` respectively. Also supporting the github variants (e.g. `#gh-dark-mode-only`).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3870): <!--number 3870 --><!--number--><!--description Use CSS-native pattern for image diff background, add dark theme support-->use CSS-native pattern for image diff background, add dark theme support.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3642): <!--number 3642 --><!--number--><!--description Allow navigating to the organization dashboard from the organization view-->allow navigating to the organization dashboard from the organization view.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3434): <!--number 3434 --><!--number--><!--description When PDFs are displayed in the repository, the [full height of the screen](https://codeberg.org/forgejo/forgejo/pulls/3434) is now used instead of a predefined fixed height-->when PDFs are displayed in the repository, the full height of the screen is now used instead of a predefined fixed height.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3337): <!--number 3337 --><!--number--><!--description Added support for grouping of log-lines inside steps between the special `::group::{title}` and `::endgroup::` workflow commands. A runner of v3.4.2 or later is needed.-->added support for grouping of log-lines inside steps between the special `::group::{title}` and `::endgroup::` workflow commands. A runner of v3.4.2 or later is needed.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3285): <!--number 3285 --><!--number--><!--description The default for `[repository].USE_COMPAT_SSH_URI` has been changed to `true`. With this change, Forgejo defaults to using the same URL style for SSH clone URLs as for HTTPS ones, instead of the former scp-style.-->the default for `[repository].USE_COMPAT_SSH_URI` has been changed to `true`. With this change, Forgejo defaults to using the same URL style for SSH clone URLs as for HTTPS ones, instead of the former scp-style.<!--description-->
-- **Features & Enhancements**
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4283) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4266)): <!--number 4283 --><!--number--><!--description - add support for LFS server implementations which have batch API responses in an older/deprecated schema-->add support for LFS server implementations which have batch API responses in an older/deprecated schema.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4262): <!--number 4262 --><!--number--><!--description Introduced branch/tag dropdown in code search page if using git-grep.-->introduce a branch/tag dropdown in the code search page if using git-grep.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4160): <!--number 4160 --><!--number--><!--description Added support for fuzzy searching issues and pulls - support for `/issues` and `/pulls` were ported from [`gitea#be5be0ac81`](https://github.com/go-gitea/gitea/commit/be5be0ac81ce50ad5adb079af6ca4e8c396aaece) - support for `/user/repo/issues` and `/user/repo/pulls` were added-->added support for fuzzy searching in `/user/repo/issues` and `/user/repo/pulls`.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4145): <!--number 4145 --><!--number--><!--description multine placeholder-->
-    - feat(perf): [commit](https://codeberg.org/forgejo/forgejo/commit/358cd67c4f316f2d4f1d3be6dcb891dc04a2ff07) reduce memory usage for chunked artifact uploads to S3.
-    - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/b60e3ac7b4aeeb9b8760f43eea9576c0e23309e9) allow downloading draft releases assets.
-    - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/1fca15529ac8fefb60d86b0c1f4bec8dae9a8566) API endpoints for managing tag protection.
-    - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/4334c705b5f9388b16af23c7e75a69d027d07d5e) extract and display readme and comments for Composer packages.
-    - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/364922c6e4f28264add9e2501a352c25ad6a0993) when a repository is adopted, its object format is not set in the database.
-    - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/e7f332a55d6a48a3f3b4f2bfa43d18455ac00acc) during a migration from bitbucket, LFS downloads fail.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4143): <!--number 4143 --><!--number--><!--description a help overlay, triggered by "?" key can be displayed when viewing [asciinema](https://asciinema.org/) files (.cast extension) and [SGR color sequence](https://github.com/asciinema/avt/issues/9) are supported.-->a help overlay, triggered by "?" key can be displayed when viewing [asciinema](https://asciinema.org/) files (.cast extension) and [SGR color sequence](https://github.com/asciinema/avt/issues/9) are supported.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4136): <!--number 4136 --><!--number--><!--description - strikethrough in markdown can be achieved with [a single ~ in addition to ~~](https://github.github.com/gfm/#strikethrough-extension-)-->strikethrough in markdown can be achieved with [a single ~ in addition to ~~](https://github.github.com/gfm/#strikethrough-extension-).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4083): <!--number 4083 --><!--number--><!--description multine placeholder-->
-    - feat: add [Reviewed-on and Reviewed-by variables](https://codeberg.org/forgejo/forgejo/commit/4ddd9af50fbfcfb2ebf629697a803b3bce56c4af) to the merge template.
-    - feat(perf): [add the `[ui.csv].MAX_ROWS` setting](https://codeberg.org/forgejo/forgejo/commit/433b6c6910f8699dc41787ef8f5148b122b4677e) to avoid displaying a large number of lines (defaults to 2500).
-    - feat: [add a setting to override or add headers of all outgoing emails](https://codeberg.org/forgejo/forgejo/commit/1d4bff4f65d5e4a3969871ef91d3612daf272b45), for instance `Reply-To` or `In-Reply-To`.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4027): <!--number 4027 --><!--number--><!--description - Gitea/Forgejo webhook payload include additional fields (`html_url`, `additions`, `deletions`, `review_comments`...) for better compatibility with [OpenProject](https://www.openproject.org/), ported from [gitea#28435](https://github.com/go-gitea/gitea/pull/28435).-->the Gitea/Forgejo webhook payload includes additional fields (`html_url`, `additions`, `deletions`, `review_comments`...) for better compatibility with [OpenProject](https://www.openproject.org/).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4026): <!--number 4026 --><!--number--><!--description - when an OAuth grant request submitted to a Forgejo user is denied, the server from which the request originates is not notified that it has been denied-->when an OAuth grant request submitted to a Forgejo user is denied, the server from which the request originates is notified that it has been denied.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3989): <!--number 3989 --><!--number--><!--description multine placeholder-->
-    - feat: API endpoints that return a repository now [also include the topics](https://codeberg.org/forgejo/forgejo/commit/ee2247d77c0b13b0b45df704d7589b541db03899).
-    - feat: display an error when an issue comment is [edited simultaneously by two users](https://codeberg.org/forgejo/forgejo/commit/ca0921a95aa9a37d8820538458c15fd0a3b0c97c) instead of silently overriding one of them.
-    - feat: add [support for a credentials chain for minio](https://codeberg.org/forgejo/forgejo/commit/73706ae26d138684ef9da9e1164846a040fd4a7d).
-    - feat(perf): improve performances when [retrieving pull requests via the API](https://codeberg.org/forgejo/forgejo/commit/47a2102694c47bc30a2a7c673c328471839ef206).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3934): <!--number 3934 --><!--number--><!--description When installing Forgejo through the built-in installer, open (self-) registration is now disabled by default.-->when installing Forgejo through the built-in installer, open (self-) registration is now disabled by default.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917): <!--number 3917 --><!--number--><!--description support [setting the default attribute of the issue template dropdown field](https://codeberg.org/forgejo/forgejo/commit/df15abd07264138fd07e003d0cf056f7da514b8f)-->support [setting the default attribute of the issue template dropdown field](https://codeberg.org/forgejo/forgejo/commit/df15abd07264138fd07e003d0cf056f7da514b8f)<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3886): <!--number 3886 --><!--number--><!--description For federated-star we introduce a new repository setting to define following repositories. That is a workaround till we find a better way to express repository federation.-->For federated-star we introduce a new repository setting to define following repositories. That is a workaround till we find a better way to express repository federation.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3847): <!--number 3847 --><!--number--><!--description Basic wiki content search using git-grep. The search results include the first ten matched files. Only the first three matches per file are displayed.-->Basic wiki content search using git-grep. The search results include the first ten matched files. Only the first three matches per file are displayed.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3838): <!--number 3838 --><!--number--><!--description - [Support using label names when changing issue labels](https://codeberg.org/forgejo/forgejo/commit/8e1de85980f1e4ae05b240cafbf9eaf33c94a203)-->support using label names when changing issue labels.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3836): <!--number 3836 --><!--number--><!--description Parse prefix parameter from redis URI for queues and use that as prefix to keys-->parse prefix parameter from redis URI for queues and use that as prefix to keys.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3830): <!--number 3830 --><!--number--><!--description Neutralize delete runners' UUID to prevent collisions with new records-->neutralize delete runners' UUID to prevent collisions with new records.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3811): <!--number 3811 --><!--number--><!--description Implement a non-caching version of the [RubyGems compact API](https://guides.rubygems.org/rubygems-org-compact-index-api/) for bundler dependency resolution.-->implement a non-caching version of the [RubyGems compact API](https://guides.rubygems.org/rubygems-org-compact-index-api/) for bundler dependency resolution.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3808): <!--number 3808 --><!--number--><!--description - Add support for the [reddit](https://github.com/markbates/goth/pull/523) and [Hubspot](https://github.com/markbates/goth/pull/531) OAuth providers.-->add support for the [reddit](https://github.com/markbates/goth/pull/523) and [Hubspot](https://github.com/markbates/goth/pull/531) OAuth providers.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3791): <!--number 3791 --><!--number--><!--description - when parsing [incoming emails](https://forgejo.org/docs/v8.0/user/incoming/), [remove tspecials from type/subtype](https://github.com/jhillyerd/enmime/pull/317). According to the RFC, content type and subtype cannot contain special characters and any such character will fail parsing. Removing the characters from the type/subtype can help successfully parsing the content type that contains some extra garbage.-->when parsing [incoming emails](https://forgejo.org/docs/v8.0/user/incoming/), [remove tspecials from type/subtype](https://github.com/jhillyerd/enmime/pull/317). According to the RFC, content type and subtype cannot contain special characters and any such character will fail parsing. Removing the characters from the type/subtype can help successfully parsing the content type that contains some extra garbage.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3752): <!--number 3752 --><!--number--><!--description There are a couple of new configs to define the name of the instance. The more important is `APP_SLOGAN`. It permits to configure a slogan for the site and it is optional. The other is `APP_DISPLAY_NAME_FORMAT` and permits to customize the aspect of the full display name for the instance used in some parts of the UI as: (i) Title page, (ii) Homepage head title (ii) Open Graph site and title meta tags. Its default value is `APP_NAME: APP_SLOGAN`. The config `APP_DISPLAY_NAME_FORMAT` is used only if `APP_SLOGAN` is set otherwise the full display name shows only `APP_NAME` value.-->there are a couple of new configs to define the name of the instance. The more important is `APP_SLOGAN`. It permits to configure a slogan for the site and it is optional. The other is `APP_DISPLAY_NAME_FORMAT` and permits to customize the aspect of the full display name for the instance used in some parts of the UI as: (i) Title page, (ii) Homepage head title (ii) Open Graph site and title meta tags. Its default value is `APP_NAME: APP_SLOGAN`. The config `APP_DISPLAY_NAME_FORMAT` is used only if `APP_SLOGAN` is set otherwise the full display name shows only `APP_NAME` value.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3729): <!--number 3729 --><!--number--><!--description multine placeholder-->
-    - feat: [commit](https://codeberg.org/forgejo/forgejo/commit/7028fe0b4d89c045b64ae891d2716e89965bc012): add actions-artifacts to the [storage migrate CLI](https://forgejo.org/docs/v8.0/admin/command-line/#migrate).
-    - fix: [commit](https://codeberg.org/forgejo/forgejo/commit/8f0f6bf89cdcd12cd4daa761aa259fdba7e32b50): pull request search shows closed pull requests in the open tab.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3724): <!--number 3724 --><!--number--><!--description multine placeholder-->
-    - [CERT management was improved](https://codeberg.org/forgejo/forgejo/pulls/3724) when [`ENABLE_ACME=true`](https://forgejo.org/docs/v7.0/admin/config-cheat-sheet/#server-server)
-      -   Draft support for draft-03 of [ACME Renewal Information (ARI)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status.
-      -   New [`ZeroSSLIssuer`](https://pkg.go.dev/github.com/caddyserver/certmagic@v0.21.0#ZeroSSLIssuer) uses the [ZeroSSL API](https://zerossl.com/documentation/api/) to get certificates. ZeroSSL also has an ACME endpoint, which can still be accessed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support.
-      -   DNS challenges should be smoother in some cases as we've improved propagation checking.
-      -   In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.)
-      -   ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3723): <!--number 3723 --><!--number--><!--description multine placeholder-->
-    - With the go-enry upgrade to [v2.8.8](https://github.com/go-enry/go-enry/releases/tag/v2.8.8), language detection in the repository [now includes](https://github.com/github-linguist/linguist/releases/tag/v7.29.0):
-      - New languages
-        - [Roc](https://github.com/github-linguist/linguist/pull/6633)
-        - [BitBake](https://github.com/github-linguist/linguist/pull/6665) with `.bbappend`, `.bbclass` and `.inc` extensions
-        - [Glimmer TS](https://github.com/github-linguist/linguist/pull/6680)
-        - [Edge](https://github.com/github-linguist/linguist/pull/6695)
-        - [Pip Requirements](https://github.com/github-linguist/linguist/pull/6739)
-        - [Mojo](https://github.com/github-linguist/linguist/pull/6400)
-        - [Slint](https://github.com/github-linguist/linguist/pull/6750)
-        - [Oberon](https://github.com/github-linguist/linguist/pull/4645)
-      - New data formats
-        - [TextGrid](https://github.com/github-linguist/linguist/pull/6719)
-      - File names and extensions:
-        - The [rebornix.Ruby extension is deprecated in favor of Shopify.ruby-lsp](https://github.com/github-linguist/linguist/pull/6738)
-        - [Add .bicepparam to list of Bicep file extensions](https://github.com/github-linguist/linguist/pull/6664)
-        - [Add cs.pp extension to C#](https://github.com/github-linguist/linguist/pull/6679)
-        - [Add tmux.conf and .tmux.conf as shell filenames](https://github.com/github-linguist/linguist/pull/6726)
-        - [Add .env.sample as Dotenv filename](https://github.com/github-linguist/linguist/pull/6732)<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3654): <!--number 3654 --><!--number--><!--description Code Search for non-default branches and tags when repository indexer is disabled-->support Code Search for non-default branches and tags when the repository indexer is disabled.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3615): <!--number 3615 --><!--number--><!--description -->add an immutable tarball link to archive download headers for Nix.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3414): <!--number 3414 --><!--number--><!--description Allow to customize the domain name used as a fallback when synchronizing sources from ldap [`ldap: default domain name`](https://codeberg.org/forgejo/forgejo/pulls/3414)-->allow to customize the domain name used as a fallback when synchronizing sources from ldap default domain name.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3383): <!--number 3383 --><!--number--><!--description The default config for `database.MAX_OPEN_CONNS` changed from 0 (unlimited) to 100 to avoid problems if it exceeds the limit by the database server. If you require high concurrency, try to increase this value for both Forgejo **and your database server**. [`Limit database max connections by default`](https://codeberg.org/forgejo/forgejo/pulls/3383)-->the default config for `database.MAX_OPEN_CONNS` changed from 0 (unlimited) to 100 to avoid problems if it exceeds the limit by the database server. If you require high concurrency, try to increase this value for both Forgejo **and your database server**.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3366): <!--number 3366 --><!--number--><!--description -->infer the `[email.incoming].PORT` setting from `.USE_TLS`.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3363): <!--number 3363 --><!--number--><!--description Reverted the rootless container image path in `GITEA_APP_INI` from `/etc/gitea/app.ini` to its default value of `/var/lib/gitea/custom/conf/app.ini`. This allows container users to not have to mount two separate volumes (one for the configuration data and one for the configuration `.ini` file). A warning is issued for users with the legacy configuration on how to update to the new path.-->reverted the rootless container image path in `GITEA_APP_INI` from `/etc/gitea/app.ini` to its default value of `/var/lib/gitea/custom/conf/app.ini`. This allows container users to not have to mount two separate volumes (one for the configuration data and one for the configuration `.ini` file). A warning is issued for users with the legacy configuration on how to update to the new path.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3334): <!--number 3334 --><!--number--><!--description Added support for the `workflow_dispatch` workflow trigger-->added support for the [`workflow_dispatch` trigger](https://forgejo.org/docs/v8.0/user/actions/#onworkflow_dispatch) in Forgejo Actions.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3307): <!--number 3307 --><!--number--><!--description Support [Proof Key for Code Exchange (PKCE - RFC7636)](https://www.rfc-editor.org/rfc/rfc7636) for external login using the OpenID Connect authentication source.-->support [Proof Key for Code Exchange (PKCE - RFC7636)](https://www.rfc-editor.org/rfc/rfc7636) for external login using the OpenID Connect authentication source.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3139): <!--number 3139 --><!--number--><!--description Allow hiding auto generated release archives-->allow hiding auto generated release archives.<!--description-->
-- **Bug fixes**
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4732) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4715)): <!--number 4732 --><!--number--><!--description -->Show the AGit label on merged pull requests.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4689) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4687)): <!--number 4689 --><!--number--><!--description -->Fixed: issue state change via the API is not idempotent.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4547) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4546)): <!--number 4547 --><!--number--><!--description The milestone section in the sidebar on the issue and pull request page now uses HTMX. If you update the milestone of a issue or pull request it will no longer reload the whole page and instead update the current page with the new information about the milestone update. This should provide a smoother user experience.-->The milestone section in the sidebar on the issue and pull request page now uses HTMX. If you update the milestone of a issue or pull request it will no longer reload the whole page and instead update the current page with the new information about the milestone update. This should provide a smoother user experience.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4402) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4382)): <!--number 4402 --><!--number--><!--description -->Fix mobile UI for organisation creation.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4621) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4618)): <!--number 4621 --><!--number--><!--description -->Fixes: Forgejo Actions does not trigger an edited event when the title of an issue or pull request is changed.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4529) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4523)): <!--number 4529 --><!--number--><!--description -->Load attachments for `/issues/comments/{id}`.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4423) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4375)): <!--number 4423 --><!--number--><!--description the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible-->Fixed: the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4380) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4377)): <!--number 4380 --><!--number--><!--description -->Use correct SHA in `GetCommitPullRequest`<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4288) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4253)): <!--number 4288 --><!--number--><!--description - unknown git push options are rejected instead of being ignored-->Fixed: unknown git push options are rejected instead of being ignored.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4240): <!--number 4240 --><!--number--><!--description - markdown `[*[a]*](b)` [is incorrectly rendered as `<p><a href="b"><em>[a]</em></a></p>`](https://github.com/yuin/goldmark/issues/457)-->Fixed: markdown `[*[a]*](b)` [is incorrectly rendered as `<p><a href="b"><em>[a]</em></a></p>`](https://github.com/yuin/goldmark/issues/457).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4222): <!--number 4222 --><!--number--><!--description - markdown files displayed in the UI that have an unescaped backtick in the image alt [could (accidentally) trigger an inline code](https://github.com/yuin/goldmark/issues/456)-->Fixed: markdown files displayed in the UI that have an unescaped backtick in the image alt [could (accidentally) trigger an inline code](https://github.com/yuin/goldmark/issues/456).<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3562): <!--number 3562 --><!--number--><!--description -->Fixed: when the git repository is empty, it is not possible to unsubscribe from an issue.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3442): <!--number 3442 --><!--number--><!--description Save updated empty comments instead of skipping the update silently, [which prevented the removal of attachments of such comments](https://codeberg.org/forgejo/forgejo/issues/3424).-->Fixed: it is not possible to remove attachments from an empty comment.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3430): <!--number 3430 --><!--number--><!--description Fixed a bug where the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints were using a hardcoded "master" branch for the wiki, rather than the branch they really use.-->Fixed: the `/api/v1/repos/{owner}/{repo}/wiki` API endpoints is using a hardcoded "master" branch for the wiki, rather than the branch they really use.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3379): <!--number 3379 --><!--number--><!--description -->Fixed: using the API to search for users, the results are not paged by default an the default paging limits are not respected.<!--description-->
-- **Localization**
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4661) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4568)): <!--number 4661 --><!--number--><!--description -->24 July updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4565) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4451)): <!--number 4565 --><!--number--><!--description -->19 July updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4445) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4330)): <!--number 4445 --><!--number--><!--description -->11 July updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4316) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4251)): <!--number 4316 --><!--number--><!--description -->4 July updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4168): <!--number 4168 --><!--number--><!--description -->18 June updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4098): <!--number 4098 --><!--number--><!--description -->10 June updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3992): <!--number 3992 --><!--number--><!--description -->2 June updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3908): <!--number 3908 --><!--number--><!--description -->25 May updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3851): <!--number 3851 --><!--number--><!--description -->20 May updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3759): <!--number 3759 --><!--number--><!--description -->14 May updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3637): <!--number 3637 --><!--number--><!--description -->5 May updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3508): <!--number 3508 --><!--number--><!--description -->28 April updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3359): <!--number 3359 --><!--number--><!--description -->22 April updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3244): <!--number 3244 --><!--number--><!--description -->15 April updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3138): <!--number 3138 --><!--number--><!--description -->10 April updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3064): <!--number 3064 --><!--number--><!--description -->5 April updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/2982): <!--number 2982 --><!--number--><!--description -->3 April updates<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/2937): <!--number 2937 --><!--number--><!--description -->31 March updates<!--description-->
-<!--end release-notes-assistant-->
-
-## 7.0.11
-
-The Forgejo v7.0.11 release notes are [available in the v7.0.11 milestone](https://codeberg.org/forgejo/forgejo/milestone/8609).
-
-## 7.0.10
-
-The Forgejo v7.0.10 release notes are [available in the v7.0.10 milestone](https://codeberg.org/forgejo/forgejo/milestone/8286).
-
-## 7.0.9
-
-The Forgejo v7.0.9 release notes are [available in the v7.0.9 milestone](https://codeberg.org/forgejo/forgejo/milestone/8232).
-
-## 7.0.8
-
-The Forgejo v7.0.8 release notes are [available in the v7.0.8 milestone](https://codeberg.org/forgejo/forgejo/milestone/7729).
-
-## 7.0.7
-
-The Forgejo v7.0.7 release notes are [available in the v7.0.7 milestone](https://codeberg.org/forgejo/forgejo/milestone/7683).
-
-## 7.0.6
-
-This is a bug fix release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/). In addition to the pull requests listed below, you will find a complete list in the [v7.0.6 milestone](https://codeberg.org/forgejo/forgejo/milestone/7252).
-
-- Two frontend features were removed because a license incompatibility was discovered. [Read more in the companion blog post](https://forgejo.org/2024-07-non-free-dependency-found/).
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4679) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4670)): <!--number 4679 --><!--line 0 --><!--description W0NIT1JFXSBEb24ndCBidW5kbGUgYGVsa2pzYA==-->[Mermaid](https://mermaid.js.org/) rendering: `%%{init: {"flowchart": {"defaultRenderer": "elk"}} }%%` will now fail because [ELK](https://github.com/kieler/elkjs) is no longer included.<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4600) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4595)): <!--number 4600 --><!--line 0 --><!--description UmVwb3NpdG9yeSBjaXRhdGlvbjogUmVtb3ZlZCB0aGUgYWJpbGl0eSB0byBleHBvcnQgY2l0YXRpb25zIGluIEFQQSBmb3JtYXQuIFtSZWFkIG1vcmUgaW4gdGhlIGNvbXBhbmlvbiBibG9nIHBvc3RdKGh0dHBzOi8vZm9yZ2Vqby5vcmcvMjAyNC0wNy1ub24tZnJlZS1kZXBlbmRlbmN5LWZvdW5kLyk=-->Repository citation: Removed the ability to export citations in APA format.<!--description-->
-- **User Interface bug fixes**
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4593) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4571)): <!--number 4593 --><!--line 0 --><!--description UmVwbGFjZSBgdnVlLWJhci1ncmFwaGAgd2l0aCBgY2hhcnQuanNg-->Replace `vue-bar-graph` with `chart.js`<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4731) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4715)): <!--number 4731 --><!--line 0 --><!--description U2hvdyBBR2l0IGxhYmVsIG9uIG1lcmdlZCBQUg==-->Show AGit label on merged PR<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4424) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4382)): <!--number 4424 --><!--line 0 --><!--description Rml4IG1vYmlsZSBVSSBmb3Igb3JnYW5pc2F0aW9uIGNyZWF0aW9u-->Fix mobile UI for organisation creation<!--description-->
-- **Bug fixes**
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4688) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4687)): <!--number 4688 --><!--line 0 --><!--description Zml4KGFwaSk6IGlzc3VlIHN0YXRlIGNoYW5nZSBpcyBub3QgaWRlbXBvdGVudA==-->fix(api): issue state change is not idempotent<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4647) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4638)): <!--number 4647 --><!--line 0 --><!--description UmVzZXJ2ZSB0aGUgYGRldnRlc3RgIHVzZXJuYW1l-->Reserve the `devtest` username<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4620) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4618)): <!--number 4620 --><!--line 0 --><!--description Zml4KGFjdGlvbnMpOiBubyBlZGl0ZWQgZXZlbnQgdHJpZ2dlcmVkIHdoZW4gYSB0aXRsZSBpcyBjaGFuZ2Vk-->fix(actions): no edited event triggered when a title is changed<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4528) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4523)): <!--number 4528 --><!--line 0 --><!--description TG9hZCBhdHRhY2htZW50cyBmb3IgYC9pc3N1ZXMvY29tbWVudHMve2lkfWA=-->Load attachments for `/issues/comments/{id}`<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4526) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/3379)): <!--number 4526 --><!--line 0 --><!--description V2hlbiBzZWFyY2hpbmcgZm9yIHVzZXJzLCBwYWdlIHRoZSByZXN1bHRzIGJ5IGRlZmF1bHQsIGFuZCByZXNwZWN0IHRoZSBkZWZhdWx0IHBhZ2luZyBsaW1pdHM=-->When searching for users, page the results by default, and respect the default paging limits<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4422) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4375)): <!--number 4422 --><!--line 0 --><!--description dGhlICJWaWV3IGNvbW1hbmQgbGluZSBpbnN0cnVjdGlvbnMiIGxpbmsgaW4gcHVsbCByZXF1ZXN0cyBhbmQgdGhlICJDb3B5IGNvbnRlbnQiIGJ1dHRvbiBpbiBmaWxlIGVkaXRvciBhcmUgbm90IGFjY2Vzc2libGU=-->the "View command line instructions" link in pull requests and the "Copy content" button in file editor are not accessible<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4379) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4377)): <!--number 4379 --><!--line 0 --><!--description VXNlIGNvcnJlY3QgU0hBIGluIGBHZXRDb21taXRQdWxsUmVxdWVzdGA=-->Use correct SHA in `GetCommitPullRequest`<!--description-->
-- Localization
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4594) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4451)): <!--number 4594 --><!--line 0 --><!--description VXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIFdlYmxhdGU=-->Update of translations from Weblate<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4447): <!--number 4447 --><!--line 0 --><!--description VXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIFdlYmxhdGU=-->Update of translations from Weblate<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4420) ([backported from](https://codeberg.org/forgejo/forgejo/pulls/4098)): <!--number 4420 --><!--line 0 --><!--description MyB0cmFuc2xhdGlvbiB1cGRhdGVzIGZyb20gV2VibGF0ZQ==-->3 translation updates from Weblate - [PR 1](https://codeberg.org/forgejo/forgejo/pulls/4098), [PR 2](https://codeberg.org/forgejo/forgejo/pulls/4168), [PR 3](https://codeberg.org/forgejo/forgejo/pulls/4251)<!--description-->
-
-## 7.0.5
-
-This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).
-
-In addition to the following notable bug fixes, you can browse the [full list of pull requests](https://codeberg.org/forgejo/forgejo/pulls?milestone=6654) included in this release.
-
-* **regreSSHion**
-
-  Recommended action when running Forgejo from a:
-  * binary - upgrade the OpenSSH server that was installed independently.
-  * root OCI image - upgrade to [Forgejo 7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5).
-  * rootless OCI image - no upgrade is necessary.
-
-  [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387) also known as [regreSSHion](https://www.qualys.com/regresshion-cve-2024-6387/) is an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. It is **strongly recommended** that an OpenSSH server installed independently of Forgejo is upgraded as soon as possible.
-
-  All Forgejo OCI root images, including [7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5) contain an OpenSSH server. They are based on https://alpinelinux.org/ which relies on https://musl.libc.org/ and not https://en.wikipedia.org/wiki/Glibc. As a precaution the [Forgejo v7.0.5 root OCI image](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5) contains an [updated OpenSSH server](https://pkgs.alpinelinux.org/packages?name=openssh&branch=v3.19) patched for [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387).
-
-  The Forgejo OCI rootless images, including [7.0.5](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.5-rootless), do not contain an OpenSSH server, they rely on the internal Forgejo implementation of the SSH protocol.
-
-* **Security:**
-  * Compiled with Go v1.22.5. Fixed: [CVE-2024-24791](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) - [GO-2024-2963](https://pkg.go.dev/vuln/GO-2024-2963): Denial of service due to improper 100-continue handling in net/http. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
-
-* **Bug fixes:**
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4059) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4194): Fixed: authentication Source Administration page wrongfully handles the "Custom URLs Instead of Default URLs" checkbox (missing checkbox, irrelevant fields).
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4151) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4149): Fixed: git push to an adopted repository fails.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4215) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4213) - [commit](https://codeberg.org/forgejo/forgejo/commit/4ed5044dea94872e025f585debf7a16e6bd6bbdb): Fixed: markdown doesn't render math within brackets
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4219) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4145) - [commit](https://codeberg.org/forgejo/forgejo/commit/9aa3ae955ff506d883737e576dd62f674a3ee372): Fixed: selecting the "No Project" filter in the issue/pull request list has no effect
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4248) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4241): Fixed: error 500 when processing crafted TIFF files.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4261) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4258): Fixed: wrong placeholder text in the form for adding repository collaborator.
-
-## 7.0.4
-
-This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).
-
-In addition to the following notable bug fixes, you can browse the [full list of commits](https://codeberg.org/forgejo/forgejo/compare/v7.0.3...v7.0.4) included in this release.
-
-* **Security:**
-  * [PR](https://codeberg.org/forgejo/forgejo/pulls/4054). Fixed: [CVE-2024-24789](https://pkg.go.dev/vuln/GO-2024-2888): the archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file.
-  * [PR](https://codeberg.org/forgejo/forgejo/pulls/3639) - ([fix](https://codeberg.org/forgejo/forgejo/commit/1b088fade6c69e63843d1bdf402454c363b22ce2) & [test](https://codeberg.org/forgejo/forgejo/pulls/4032)). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of [RFC 6749 Section 10.2](https://datatracker.ietf.org/doc/html/rfc6749#section-10.2). A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential.
-
-* **Bug fixes:**
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4086) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4085). Fixed: `forgejo migrate-storage --type actions-artifacts` always fails because it picks the wrong path.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4017) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4015). Fixed: avatar files can be found in storage while they do not exist in the database.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3997) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3976). Fixed: repository admins are always denied the right to force merge and instance admins are subject to restrictions to merge that must only apply to repository admins.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3946) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3615). Fixed: non conformance with the [Nix tarball fetcher immutable link protocol](https://github.com/nixos/nix/blob/56763ff918eb308db23080e560ed2ea3e00c80a7/doc/manual/src/protocols/tarball-fetcher.md).
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3936) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3935). Fixed: migrated activities (such as reviews) are mapped to the user who initiated the migration rather than the Ghost user, if the external user cannot be mapped to a local one. This mapping mismatch leads to internal server errors in some cases.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3906) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3904). Fixed: a v7.0.0 regression causes `[admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER=true` to always be ignored.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3888) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3865). Fixed: using a subquery for user deletion is a performance bottleneck when using mariadb 10 because only mariadb 11 takes advantage of the available index.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3887) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3885). Fixed: a v7.0.3 regression causes the expanding diffs in pull requests to fail with a 404 error.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3881) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3864). Fixed: SourceHut Builds webhook fail when the `triggers` field is used.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3877) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3242). Fixed: the label list rendering in the issue and pull request timeline is displayed on multiple lines instead of a single one.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4084) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4083) - [commit](https://codeberg.org/forgejo/forgejo/commit/c6e04c3c9eddfa6c4bec541f681c8d300b157cdb). Fixed: NuGet Package fails `choco info pkgname` when `pkgname` is also a substring of another package Id.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4004) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3989) - [commit](https://codeberg.org/forgejo/forgejo/commit/62448bfb931882859388b2fd472cb89428c25323). Fixed: "Git hooks of this repository seem to be broken." warning when pushing more than one branch at a time.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/7d7ea45465d6cd1ea0ec549a71f67b4a8ff930cf). Fixed: automerge does not happen when the approval count reaches the required threshold.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3942) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3917) - [commit](https://codeberg.org/forgejo/forgejo/commit/a649610d6175d1994b838f5672261400df9fdb92). Fixed: the `FORCE_PRIVATE=true` setting is not consistently enforced.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/3859) - [PR](https://codeberg.org/forgejo/forgejo/pulls/3838) - [commit](https://codeberg.org/forgejo/forgejo/commit/193ac67176afc72e9d108bc1730c354bfbf9a442). Fixed: CSRF validation errors when OAuth is not enabled.
-  * [backport](https://codeberg.org/forgejo/forgejo/pulls/4107) - [PR](https://codeberg.org/forgejo/forgejo/pulls/4076). Fixed: headlines in rendered org-mode do not have a margin on the top
-
-* **Localization:**
-  * Improvements to English locale: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3914), [[2]](https://codeberg.org/forgejo/forgejo/pulls/4114).
-  * Translation updates: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3907), [[2]](https://codeberg.org/forgejo/forgejo/pulls/3990), [[3]](https://codeberg.org/forgejo/forgejo/pulls/4099).
-
 ## 7.0.3
 
 This is a security release. See the documentation for more information on the [upgrade procedure](https://forgejo.org/docs/v7.0/admin/upgrade/).
@@ -376,7 +107,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.21/forgejo..origin/v7.0/for
     * `process-description` to `processDescription`
     This allows for those endpoints to be scraped by services requiring prometheus style labels such as [grafana-agent](https://grafana.com/docs/agent/latest/).
   * The repository description [imposes additional restrictions on what it contains](https://codeberg.org/forgejo/forgejo/commit/1075ff74b5050f671c5f9824ae39390230b3c85d) to prevent abuse. You may use [the v7.0 test instance](https://v7.next.forgejo.org/) to check how it will be modified.
-  * The [Gitea themes were renamed](https://codeberg.org/forgejo/forgejo/commit/023e937141dd891bce3370c869d4db2c60f971ed) and the `[ui].THEMES` setting must be changed as follows:
+  * The [Gitea themes were renamed](https://codeberg.org/forgejo/forgejo/commit/023e937141dd891bce3370c869d4db2c60f971ed) and the `[ui].THEMES` setting must be changed as follows: 
     * `gitea` is replaced by `gitea-light`
     * `arc-green` is replaced by `gitea-dark`
     * `auto` is replaced by `gitea-auto`
@@ -809,28 +540,6 @@ $ git -C forgejo log --oneline --no-merges origin/v1.21/forgejo..origin/v7.0/for
   * [Align ISSUE_TEMPLATE with the new label system](https://codeberg.org/forgejo/forgejo/commit/248b7ee850ecdb538b22ddcfbe80b6f91be32b70).
   * [Improve the list header in milestone page](https://codeberg.org/forgejo/forgejo/commit/8abc1aae4ab5b03be0bcbdd390bb903b54ccd21a).
 
-## 1.21.11-2
-
-[The complete list of new commits included in the Forgejo v1.21.11-2 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.11-1...v1.21.11-2), or from the command line with:
-
-```shell
-$ git clone https://codeberg.org/forgejo/forgejo
-$ git -C forgejo log --oneline --no-merges v1.21.11-1..v1.21.11-2
-```
-
-This stable release contains a **security fix**.
-
-* Recommended Action
-
-  We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible.
-
-* [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/)
-
-  The semantic version was updated to `6.0.13+0-gitea-1.21.10`
-
-* Security fix
-  * [PR](https://codeberg.org/forgejo/forgejo/pulls/4047). Fixed: the OAuth2 implementation does not always require authentication for public clients, a requirement of [RFC 6749 Section 10.2](https://datatracker.ietf.org/doc/html/rfc6749#section-10.2). A malicious client can impersonate another client and obtain access to protected resources if the impersonated client fails to, or is unable to, keep its client credentials confidential.
-
 ## 1.21.11-1
 
 This stable release contains a single bug fix for a regression introduced in v1.21.11-0 by which creating a tag via the API would fail with error 500 on a repository a where Forgejo Actions workflow triggered by tags exists.
@@ -849,7 +558,7 @@ This stable release contains a single bug fix for a regression introduced in v1.
 
 ## 1.21.11-0
 
-[The complete list of new commits included in the Forgejo v1.21.11-0 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.10-0...v1.21.11-0), or from the command line with:
+[The complete list of new commits included in the Forgejo v1.21.11-0 release can be reviewed here](https://codeberg.org/forgejo/forgejo/compare/v1.21.10-0...v1.21.11-0), or from the comand line with:
 
 ```shell
 $ git clone https://codeberg.org/forgejo/forgejo
@@ -917,7 +626,7 @@ Note that there is no `Forgejo v1.21.9-0` release. The release numbering of the
   * [Fix paths when finding files via the web interface that were not escaped](https://codeberg.org/forgejo/forgejo/commit/b22be0c03fa4814c1b8b892346de5d4547782ce7).
   * [Respect `DEFAULT_ORG_MEMBER_VISIBLE` setting when adding creator to org](https://codeberg.org/forgejo/forgejo/commit/5e5574c7b328e2c500d497517047b8d1fd0ca478).
   * [Fix duplicate migrated milestones](https://codeberg.org/forgejo/forgejo/commit/706ff7aa9fcfe4c43893dc12e27d064064e80635).
-  * [Fix inline math blocks can't be preceded/followed by alphanumerical characters](https://codeberg.org/forgejo/forgejo/commit/0d3f446460b22a29c259e7d42ed89f90fd216ca7).
+  * [Fix inline math blocks can't be preceeded/followed by alphanumerical characters](https://codeberg.org/forgejo/forgejo/commit/0d3f446460b22a29c259e7d42ed89f90fd216ca7).
 
 ## 1.21.8-0
 
@@ -1024,7 +733,7 @@ This stable release contains bug fixes and a **security fix**, as explained in t
   * [Fix push to create with capitalize repo name](https://codeberg.org/forgejo/forgejo/commit/8782275c9c66ad6fc7c44503d7df9dae7196aa65).
   * In Markdown [don't try to make the link absolute if the link has a schema that's defined in `[markdown].CUSTOM_URL_SCHEMES`](https://codeberg.org/forgejo/forgejo/commit/6c100083c29fb0ccf0cc52e8767e540a260d9468), because they can't be made absolute.
   * [Fix Ctrl+Enter on submitting review comment](https://codeberg.org/forgejo/forgejo/commit/1c3a31d85112d10fb948d6f0b763191ed6f68e90).
-  * In Git version v2.43.1, the behavior of `GIT_FLUSH` was accidentally flipped. This causes Forgejo to hang on the `check-attr` command, because no output was being flushed. [Workaround this by detecting if Git v2.43.1 is used and set `GIT_FLUSH=0` thus getting the correct behavior](https://codeberg.org/forgejo/forgejo/commit/ff468ab5e426582b068586ce13d5a5348365e783).
+  * In Git version v2.43.1, the behavior of `GIT_FLUSH` was accidentially flipped. This causes Forgejo to hang on the `check-attr` command, because no output was being flushed. [Workaround this by detecting if Git v2.43.1 is used and set `GIT_FLUSH=0` thus getting the correct behavior](https://codeberg.org/forgejo/forgejo/commit/ff468ab5e426582b068586ce13d5a5348365e783).
   * [When setting `url.host` on a URL object with no port specified (like is the case of default port), the resulting URL's port will not change. Workaround this quirk in the URL standard by explicitly setting port for the http and https protocols](https://codeberg.org/forgejo/forgejo/commit/628e1036cfbcfae442cb6494249fe11410447056).
   * [Fix elasticsearch Request Entity Too Large](https://codeberg.org/forgejo/forgejo/commit/e6f59f6e1489d63d53de0da1de406a7a71a82adb).
   * [Do not send update/delete release notifications when it is in a draft state](https://codeberg.org/forgejo/forgejo/commit/3c54a1dbf62e56d948feb1008512900140033737).
@@ -1114,7 +823,7 @@ This stable release includes security and bug fixes as well as documentation imp
   * [Gracefully handle missing branches](https://codeberg.org/forgejo/forgejo/commit/c2fa9c308f5cdb08dd84fb8ec6623a57e75d5152) when a branch is missing from Git but still lingering in the database.
   * [Fix panic in `canSoftDeleteContentHistory`](https://codeberg.org/forgejo/forgejo/commit/ab1ccc55dca7fd05e59a01343e6dfe53be6195d0)
   * [Check for Commit in opengraph](https://codeberg.org/forgejo/forgejo/commit/b473a44a2bb59591f3e24bfcdeed1d8fbb0f9204)
-  * [Handle non-existent commit in Archive request](https://codeberg.org/forgejo/forgejo/commit/0fbf761d1930f9336be6da8d17ae6032203a9381)
+  * [Handle non-existant commit in Archive request](https://codeberg.org/forgejo/forgejo/commit/0fbf761d1930f9336be6da8d17ae6032203a9381)
   * [Fix NPE in `ToPullReviewList`](https://codeberg.org/forgejo/forgejo/commit/f5349b66b78968301d7dc4c45e8e08b46910aa6e)
   * [Fix URL in the mail to include the host](https://codeberg.org/forgejo/forgejo/commit/ac889d42903b2ce2129a02ace620a10a6f940920)
   * [Fix the event of a scheduled action](https://codeberg.org/forgejo/forgejo/commit/892a8e1f4a5cc09cc3136e0b0e6487c154c5ed2b) to be "schedule" instead of a semi-random event from the default branch.
@@ -1225,7 +934,7 @@ $ git clone https://codeberg.org/forgejo/forgejo/
 $ git -C forgejo log --oneline --no-merges v1.21.1-0..v1.21.2-0
 ```
 
-This stable release includes bug fixes. It was built with Go v1.21.5 that fixes [CVE-2023-39326](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) which a malicious HTTP client can exploit to cause a server to automatically read a large amount of data. It allows for memory exhaustion in the situation that HTTP chunked encoding requests can reach Forgejo.
+This stable release includes bug fixes. It was built with Go v1.21.5 that fixes [CVE-2023-39326](https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo) which a malicious HTTP client can exploit to cause a server to automatically read a large amount of data. It allows for memory exhaustion in the situation that HTTP chuncked encoding requests can reach Forgejo.
 
 * Recommended Action
 
@@ -1290,7 +999,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.20/forgejo..origin/v1.21/fo
   - [Add](https://codeberg.org/forgejo/forgejo/commit/0d55f64e6cd3de2e1e5c0ee795605823efb14231) support for [recurring actions similar to cron jobs](https://forgejo.org/docs/v1.21/user/actions/#onschedule).
   - [Add](https://codeberg.org/forgejo/forgejo/commit/19872063a3c14256a1d89b2a104d63e7538a3a28) the possibility to [disable workflows from the user interface](https://forgejo.org/docs/v1.21/user/actions/#list-of-runners-and-their-tasks).
   - [Add](https://codeberg.org/forgejo/forgejo/commit/460a2b0edffe71d9e64633beaa1071fcf4a33369) automatic [cleanup of artificats](https://forgejo.org/docs/v1.21/user/actions/#artifacts).
-  - [Add](https://codeberg.org/forgejo/forgejo/commit/44781f9f5c4ede618660d8cfe42437f0e8dc22a0) automatic cancellation [of jobs when pushing new commits](https://forgejo.org/docs/v1.21/user/actions/#auto-cancellation-of-workflows) to a PR.
+  - [Add](https://codeberg.org/forgejo/forgejo/commit/44781f9f5c4ede618660d8cfe42437f0e8dc22a0) automatic cancelation [of jobs when pushing new commits](https://forgejo.org/docs/v1.21/user/actions/#auto-cancelation-of-workflows) to a PR.
   - [Add](https://codeberg.org/forgejo/forgejo/commit/f3d293d2bbe0b2eab047bdd403046069cffbc0c4) support for [uploading multiple artificats](https://forgejo.org/docs/v1.21/user/actions/#artifacts).
   - [Add](https://codeberg.org/forgejo/forgejo/commit/48e5a74f215d78813a816c57fc5a85a909a003d5) support for the [`pull_request_target` event](https://forgejo.org/docs/v1.21/user/actions/#onpull_request_target) which has access to secrets because it runs using the workflows from the base branch instead of the pull request.
   - [Add](https://codeberg.org/forgejo/forgejo/commit/8228751c55d6a4263f0fec2932ca16181c09c97d) support for reading labels from the runner [instead of specifying them during registration](https://forgejo.org/docs/v1.21/admin/actions/#registration).
@@ -1605,7 +1314,7 @@ this situation, [follow the instructions in the companion blog post](https://for
   * [The CLI exit code now is different from zero when an error occurs](https://codeberg.org/forgejo/forgejo/commit/089af9ab1)
   * [Fix error when a Debian package has a double newline character at the end of the control block](https://codeberg.org/forgejo/forgejo/commit/dd7180846)
   * [Fix a condition that would cause git related tasks to hang for longer than necessary in the queues and use too many resources as a result](https://codeberg.org/forgejo/forgejo/commit/36f8fbe1b)
-  * [Fix the topic validation rule and support dots](https://codeberg.org/forgejo/forgejo/commit/a578b75d7)
+  * [Fix the topic validation rule and suport dots](https://codeberg.org/forgejo/forgejo/commit/a578b75d7)
   * [Fix pull request check list when there are more than 30](https://codeberg.org/forgejo/forgejo/commit/e226b9646)
   * [Fix attachment clipboard copy on insecure origin](https://codeberg.org/forgejo/forgejo/commit/12ac84c26)
   * [Fix the profile README rendering](https://codeberg.org/forgejo/forgejo/commit/84c3b60a4) that [was inconsistent with other markdown files renderings](https://codeberg.org/forgejo/forgejo/issues/833)
@@ -1634,7 +1343,7 @@ This stable release includes bug fixes and displays [warnings in the administrat
 
   The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
 
-  * [Add missing assets to the Forgejo sources tarball](https://codeberg.org/forgejo/forgejo/commit/e14d239005)
+  * [Add missing assets to the Forgejo sources tarbal](https://codeberg.org/forgejo/forgejo/commit/e14d239005)
   * [Fix user type selection error when creating a user](https://codeberg.org/forgejo/forgejo/commit/268569b462) and selecting `public` or `private`.
   * [Fix access check for org-level project](https://codeberg.org/forgejo/forgejo/commit/5afb0294f4)
   * [Warn instead of reporting an error when a webhook cannot be found](https://codeberg.org/forgejo/forgejo/commit/4c3dcdf815)
@@ -1689,7 +1398,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/fo
   - The storage settings were [refactored](https://codeberg.org/forgejo/forgejo/commit/d6dd6d641b593c54fe1a1041c153111ce81dbc20). Read more about [storage settings](https://forgejo.org/docs/v1.20/admin/storage/).
   - [The [repository.editor] PREVIEWABLE_FILE_MODES setting was removed](https://codeberg.org/forgejo/forgejo/commit/84daddc2fa74393cdc13371b0cc44f0444cfdae0). This setting served no practical purpose and was not working correctly. Instead a preview tab is always shown in the file editor when supported.
   - In addition to the already deprecated options inside [queue], many options have been dropped as well. Those are WRAP_IF_NECESSARY, MAX_ATTEMPTS, TIMEOUT, WORKERS, BLOCK_TIMEOUT, BOOST_TIMEOUT, BOOST_WORKERS. You can remove them from your app.ini now. Additionally, some default values have changed in this section.
-  - The default CSS and templates included in Forgejo were heavily refactored and a large number of variables renamed. These changes are not documented and there is a very high chance that a template extracted and modified for a particular Forgejo instance will no longer work as it did. Browsing through the git history of the template in the sources is the best way to figure out how and why it was modified.
+  - The default CSS and templates included in Forgejo were heavily refactored and a large number of variables renamed. These changes are not documented and there is a very high chance that a tempate extracted and modified for a particular Forgejo instance will no longer work as it did. Browsing through the git history of the template in the sources is the best way to figure out how and why it was modified.
 - **Moderation:**
   Blocking another user is desirable if they are acting maliciously or are spamming your repository. When you block a user, Forgejo does not explicitly notify them, but they may learn through an interaction with you that is blocked. [Read more about blocking users](https://forgejo.org/docs/v1.20/user/blocking-user/).
 - **Package:**
@@ -1697,7 +1406,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/fo
 - **Accessibility:**
   numerous improvements for [issue comments](https://codeberg.org/forgejo/forgejo/commit/6c354546547cd3a9595a7db119a6480d9cd506a7), [the menu on the navbar](https://codeberg.org/forgejo/forgejo/commit/a78e0b7dade16bc6509b943fe86e74962f1b95b6), [scoped labels](https://codeberg.org/forgejo/forgejo/commit/e8935606f5f1fff3c59222ebca6d4615ab06fb0b), [checkboxes and dropdowns](https://codeberg.org/forgejo/forgejo/commit/d4f35bd681af0632da988e15306f330e020422b2), [RTL rendering support to Markdown](https://codeberg.org/forgejo/forgejo/commit/32d9c47ec7706d8f06e09b42e09a28d7a0e3c526), [file (re-)views](https://codeberg.org/forgejo/forgejo/commit/e95b42e187cde9ac4bd541cd714bdb4f5c1fd8bc), [interactive tooltips](https://codeberg.org/forgejo/forgejo/commit/87f0f7e670c6c0e6aeab8c4458bfdb9d954eacec), [using a button element](https://codeberg.org/forgejo/forgejo/commit/81fe5d61851c0e586af7d32c29171ceff9a571bb), [repository list](https://codeberg.org/forgejo/forgejo/commit/e82f1b15c7120ad13fd3b67cf7e2c6cb9915c22d) and more.
 - **Time:**
-  The display and localization of time was improved for [tooltips](https://codeberg.org/forgejo/forgejo/commit/b7b58348317cbe0145dc453d45c886b8e2764b4c), [milestones](https://codeberg.org/forgejo/forgejo/commit/97176754beb4de23fa0f68df715c4737919c93b0), [due date and translations that contain dates](https://codeberg.org/forgejo/forgejo/commit/70bb4984cdad9a15d676708bd345b590aa42d72a), [commit graphs](https://codeberg.org/forgejo/forgejo/commit/5bc9f7fcf9aece92c3fa2a0ea56e5585261a7f28), [runners](https://codeberg.org/forgejo/forgejo/commit/62ca5825f73ad5a25ffeb6c3ef66f0eaf5d30cdf), [webhooks](https://codeberg.org/forgejo/forgejo/commit/dbb37367854d108ebfffcac27837c0afac199a8e), [tests](https://codeberg.org/forgejo/forgejo/commit/3d266dd0f3dbae7e417c0e790e266aebc0078814) and more. Previously each rendered timestamp would be static, now the real time since an event happened is show. If a comment was added 2 minutes before the page rendered it would show as "2 minutes ago" on the initial render and if another 8 minutes have passed, without a page refresh you'd see "10 minutes ago".
+  The display and localization of time was improved for [tooltips](https://codeberg.org/forgejo/forgejo/commit/b7b58348317cbe0145dc453d45c886b8e2764b4c), [milestones](https://codeberg.org/forgejo/forgejo/commit/97176754beb4de23fa0f68df715c4737919c93b0), [due date and translations that contain dates](https://codeberg.org/forgejo/forgejo/commit/70bb4984cdad9a15d676708bd345b590aa42d72a), [commit graphs](https://codeberg.org/forgejo/forgejo/commit/5bc9f7fcf9aece92c3fa2a0ea56e5585261a7f28), [runners](https://codeberg.org/forgejo/forgejo/commit/62ca5825f73ad5a25ffeb6c3ef66f0eaf5d30cdf), [webhooks](https://codeberg.org/forgejo/forgejo/commit/dbb37367854d108ebfffcac27837c0afac199a8e), [tests](https://codeberg.org/forgejo/forgejo/commit/3d266dd0f3dbae7e417c0e790e266aebc0078814) and more. Previously each rendered timestamp would be static, now the real time since an event happend is show. If a comment was added 2 minutes before the page rendered it would show as "2 minutes ago" on the initial render and if another 8 minutes have passed, without a page refresh you'd see "10 minutes ago".
 - **[Wiki](https://forgejo.org/docs/v1.20/user/wiki/)**
   - Improve the [display of the table of content](https://codeberg.org/forgejo/forgejo/commit/1ab16e48cccc086e7f97fb3ae8a293fe47a3a452)
   - Fixed a bug [preventing team users who have wiki write permission from deleting a page](https://codeberg.org/forgejo/forgejo/commit/284b41f45244bbe46fc8feee15bbfdf66d150e79)
@@ -2038,7 +1747,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/fo
 
     Forgejo access token, used with the [API](https://forgejo.org/docs/v1.19/admin/api-usage/) can now have a "scope" that limits what it can access. Existing tokens stored in the database and created before Forgejo v1.19 had unlimited access. For backward compatibility, their access will remain the same and they will continue to work as before. However, **newly created token that do not specify a scope will now only have read-only access to public user profile and public repositories**.
 
-    For instance, the `/users/{username}/tokens` API endpoint will require the `scopes: ['all', 'sudo']` parameter and the `forgejo admin user generate-access-token` will require the `--scopes all,sudo` argument obtain tokens with unlimited access as before for admin users.
+    For instance, the `/users/{username}/tokens` API endpoint will require the `scopes: ['all', 'sudo']` parameter and the `forgejo admin user generate-access-token` will require the `--scopes all,sudo` argument obtain tokens with ulimited access as before for admin users.
 
     [Read more about the scoped tokens](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens).
 
@@ -2155,7 +1864,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/fo
 
     It appears for the first time in this Forgejo release but is not yet fit for production. It is not fully implemented and may be insecure. However, as long as it is not enabled, it presents no risk to existing Forgejo instances.
 
-    If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continuous Deployment). The syntax is similar to GitHub Actions and the jobs can be controlled from the Forgejo web interface.
+    If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continous Deployment). The syntax is similar to GitHub Actions and the jobs can be controled from the Forgejo web interface.
 
     [Read more about Forgejo Actions](https://forgejo.codeberg.page/2023-02-27-forgejo-actions/)
 
@@ -2261,7 +1970,7 @@ This stable release includes a security fix for `git` and bug fixes.
 
 ### Git
 
-Git [recently announced](https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/) new versions to address two CVEs ([CVE-2023-22490](https://cve.circl.lu/cve/CVE-2023-22490), [CVE-2023-23946](https://cve.circl.lu/cve/CVE-2023-23946)). On 14 February 2023, Git published the maintenance release v2.39.2, together with releases for older maintenance tracks v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. All major GNU/Linux distributions also provide updated packages via their security update channels.
+Git [recently announced](https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/) new versions to address two CVEs ([CVE-2023-22490](https://cve.circl.lu/cve/CVE-2023-22490), [CVE-2023-23946](https://cve.circl.lu/cve/CVE-2023-23946)). On 14 Februrary 2023, Git published the maintenance release v2.39.2, together with releases for older maintenance tracks v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. All major GNU/Linux distributions also provide updated packages via their security update channels.
 
 We recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
 

build/backport-locales.go

@@ -18,8 +18,8 @@ import (
 
 func main() {
 	if len(os.Args) != 2 {
-		fmt.Println("usage: backport-locales <to-ref>")
-		fmt.Println("eg: backport-locales release/v1.19")
+		println("usage: backport-locales <to-ref>")
+		println("eg: backport-locales release/v1.19")
 		os.Exit(1)
 	}
 

build/code-batch-process.go

@@ -69,7 +69,6 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))
 
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`\.pb\.go$`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/gitea-repositories-meta`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/integration/migration-test`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
@@ -204,6 +203,17 @@ Example:
 `, "file-batch-exec")
 }
 
+func getGoVersion() string {
+	goModFile, err := os.ReadFile("go.mod")
+	if err != nil {
+		log.Fatalf(`Faild to read "go.mod": %v`, err)
+		os.Exit(1)
+	}
+	goModVersionRegex := regexp.MustCompile(`go \d+\.\d+`)
+	goModVersionLine := goModVersionRegex.Find(goModFile)
+	return string(goModVersionLine[3:])
+}
+
 func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
 	fileFilter := mainOptions["file-filter"]
 	if fileFilter == "" {
@@ -268,8 +278,7 @@ func main() {
 				log.Print("the -d option is not supported by gitea-fmt")
 			}
 			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-w")))
-			cmdErrors = append(cmdErrors, passThroughCmd("gofmt", append([]string{"-w", "-r", "interface{} -> any"}, substArgs...)))
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra"}, substArgs...)))
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", getGoVersion()}, substArgs...)))
 		default:
 			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
 		}

build/generate-emoji.go

@@ -53,6 +53,8 @@ func (e Emoji) MarshalJSON() ([]byte, error) {
 }
 
 func main() {
+	var err error
+
 	flag.Parse()
 
 	// generate data
@@ -81,6 +83,8 @@ var replacer = strings.NewReplacer(
 var emojiRE = regexp.MustCompile(`\{Emoji:"([^"]*)"`)
 
 func generate() ([]byte, error) {
+	var err error
+
 	// load gemoji data
 	res, err := http.Get(gemojiURL)
 	if err != nil {

build/generate-go-licenses.go

@@ -77,20 +77,6 @@ func main() {
 	sort.Strings(paths)
 
 	var entries []LicenseEntry
-
-	{
-		licenseText, err := os.ReadFile("LICENSE")
-		if err != nil {
-			panic(err)
-		}
-
-		entries = append(entries, LicenseEntry{
-			Name:        "codeberg.org/forgejo/forgejo",
-			Path:        "codeberg.org/forgejo/forgejo/GPL-3.0-or-later",
-			LicenseText: string(licenseText),
-		})
-	}
-
 	for _, filePath := range paths {
 		licenseText, err := os.ReadFile(filePath)
 		if err != nil {

build/lint-locale.go

@@ -1,156 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//nolint:forbidigo
-package main
-
-import (
-	"fmt"
-	"html"
-	"io/fs"
-	"os"
-	"path/filepath"
-	"regexp"
-	"slices"
-	"strings"
-
-	"github.com/microcosm-cc/bluemonday"
-	"github.com/sergi/go-diff/diffmatchpatch"
-	"gopkg.in/ini.v1" //nolint:depguard
-)
-
-var (
-	policy     *bluemonday.Policy
-	tagRemover *strings.Replacer
-	safeURL    = "https://TO-BE-REPLACED.COM"
-
-	// Matches href="", href="#", href="%s", href="#%s", href="%[1]s" and href="#%[1]s".
-	placeHolderRegex = regexp.MustCompile(`href="#?(%s|%\[\d\]s)?"`)
-)
-
-func initBlueMondayPolicy() {
-	policy = bluemonday.NewPolicy()
-
-	policy.RequireParseableURLs(true)
-	policy.AllowURLSchemes("https")
-
-	// Only allow safe URL on href.
-	// Only allow target="_blank".
-	// Only allow rel="nopener noreferrer", rel="noopener" and rel="noreferrer".
-	// Only allow placeholder on id and class.
-	policy.AllowAttrs("href").Matching(regexp.MustCompile("^" + regexp.QuoteMeta(safeURL) + "$")).OnElements("a")
-	policy.AllowAttrs("target").Matching(regexp.MustCompile("^_blank$")).OnElements("a")
-	policy.AllowAttrs("rel").Matching(regexp.MustCompile("^(noopener|noreferrer|noopener noreferrer)$")).OnElements("a")
-	policy.AllowAttrs("id", "class").Matching(regexp.MustCompile(`^%s|%\[\d\]s$`)).OnElements("a")
-
-	// Only allow positional placeholder as class.
-	positionalPlaceholderRe := regexp.MustCompile(`^%\[\d\]s$`)
-	policy.AllowAttrs("class").Matching(positionalPlaceholderRe).OnElements("strong")
-	policy.AllowAttrs("id").Matching(positionalPlaceholderRe).OnElements("code")
-
-	// Allowed elements with no attributes. Must be a recognized tagname.
-	policy.AllowElements("strong", "br", "b", "strike", "code", "i")
-
-	// TODO: Remove <c> in `actions.workflow.dispatch.trigger_found`.
-	policy.AllowNoAttrs().OnElements("c")
-}
-
-func initRemoveTags() {
-	oldnew := []string{}
-	for _, el := range []string{
-		"email@example.com", "correu@example.com", "epasts@domens.lv", "email@exemplo.com", "eposta@ornek.com", "email@példa.hu", "email@esempio.it",
-		"user", "utente", "lietotājs", "gebruiker", "usuário", "Benutzer", "Bruker",
-		"server", "servidor", "kiszolgáló", "serveris",
-		"label", "etichetta", "etiķete", "rótulo", "Label", "utilizador",
-		"filename", "bestandsnaam", "dosyaadi", "fails", "nome do arquivo", "datnes nosaukums",
-	} {
-		oldnew = append(oldnew, "<"+el+">", "REPLACED-TAG")
-	}
-
-	tagRemover = strings.NewReplacer(oldnew...)
-}
-
-func preprocessTranslationValue(value string) string {
-	// href should be a parsable URL, replace placeholder strings with a safe url.
-	value = placeHolderRegex.ReplaceAllString(value, `href="`+safeURL+`"`)
-
-	// Remove tags that aren't tags but will be parsed as tags. We already know they are safe and sound.
-	value = tagRemover.Replace(value)
-
-	return value
-}
-
-func checkLocaleContent(localeContent []byte) []string {
-	// Same configuration as Forgejo uses.
-	cfg := ini.Empty(ini.LoadOptions{
-		IgnoreContinuation: true,
-	})
-	cfg.NameMapper = ini.SnackCase
-
-	if err := cfg.Append(localeContent); err != nil {
-		panic(err)
-	}
-
-	dmp := diffmatchpatch.New()
-	errors := []string{}
-
-	for _, section := range cfg.Sections() {
-		for _, key := range section.Keys() {
-			var trKey string
-			if section.Name() == "" || section.Name() == "DEFAULT" || section.Name() == "common" {
-				trKey = key.Name()
-			} else {
-				trKey = section.Name() + "." + key.Name()
-			}
-
-			keyValue := preprocessTranslationValue(key.Value())
-
-			if html.UnescapeString(policy.Sanitize(keyValue)) != keyValue {
-				// Create a nice diff of the difference.
-				diffs := dmp.DiffMain(keyValue, html.UnescapeString(policy.Sanitize(keyValue)), false)
-				diffs = dmp.DiffCleanupSemantic(diffs)
-				diffs = dmp.DiffCleanupEfficiency(diffs)
-
-				errors = append(errors, trKey+": "+dmp.DiffPrettyText(diffs))
-			}
-		}
-	}
-	return errors
-}
-
-func main() {
-	initBlueMondayPolicy()
-	initRemoveTags()
-
-	localeDir := filepath.Join("options", "locale")
-	localeFiles, err := os.ReadDir(localeDir)
-	if err != nil {
-		panic(err)
-	}
-
-	if !slices.ContainsFunc(localeFiles, func(e fs.DirEntry) bool { return strings.HasSuffix(e.Name(), ".ini") }) {
-		fmt.Println("No locale files found")
-		os.Exit(1)
-	}
-
-	exitCode := 0
-	for _, localeFile := range localeFiles {
-		if !strings.HasSuffix(localeFile.Name(), ".ini") {
-			continue
-		}
-
-		localeContent, err := os.ReadFile(filepath.Join(localeDir, localeFile.Name()))
-		if err != nil {
-			panic(err)
-		}
-
-		if err := checkLocaleContent(localeContent); len(err) > 0 {
-			fmt.Println(localeFile.Name())
-			fmt.Println(strings.Join(err, "\n"))
-			fmt.Println()
-			exitCode = 1
-		}
-	}
-
-	os.Exit(exitCode)
-}

build/lint-locale_test.go

@@ -1,65 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-package main
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestLocalizationPolicy(t *testing.T) {
-	initBlueMondayPolicy()
-	initRemoveTags()
-
-	t.Run("Remove tags", func(t *testing.T) {
-		assert.Empty(t, checkLocaleContent([]byte(`hidden_comment_types_description = Comment types checked here will not be shown inside issue pages. Checking "Label" for example removes all "<user> added/removed <label>" comments.`)))
-
-		assert.EqualValues(t, []string{"key: \x1b[31m<not-an-allowed-key>\x1b[0m REPLACED-TAG"}, checkLocaleContent([]byte(`key = "<not-an-allowed-key> <label>"`)))
-		assert.EqualValues(t, []string{"key: \x1b[31m<user@example.com>\x1b[0m REPLACED-TAG"}, checkLocaleContent([]byte(`key = "<user@example.com> <email@example.com>"`)))
-		assert.EqualValues(t, []string{"key: \x1b[31m<tag>\x1b[0m REPLACED-TAG \x1b[31m</tag>\x1b[0m"}, checkLocaleContent([]byte(`key = "<tag> <email@example.com> </tag>"`)))
-	})
-
-	t.Run("Specific exception", func(t *testing.T) {
-		assert.Empty(t, checkLocaleContent([]byte(`workflow.dispatch.trigger_found = This workflow has a <c>workflow_dispatch</c> event trigger.`)))
-		assert.Empty(t, checkLocaleContent([]byte(`pulls.title_desc_one = wants to merge %[1]d commit from <code>%[2]s</code> into <code id="%[4]s">%[3]s</code>`)))
-		assert.Empty(t, checkLocaleContent([]byte(`editor.commit_directly_to_this_branch = Commit directly to the <strong class="%[2]s">%[1]s</strong> branch.`)))
-
-		assert.EqualValues(t, []string{"workflow.dispatch.trigger_found: This workflow has a \x1b[31m<d>\x1b[0mworkflow_dispatch\x1b[31m</d>\x1b[0m event trigger."}, checkLocaleContent([]byte(`workflow.dispatch.trigger_found = This workflow has a <d>workflow_dispatch</d> event trigger.`)))
-		assert.EqualValues(t, []string{"key: <code\x1b[31m id=\"branch_targe\"\x1b[0m>%[3]s</code>"}, checkLocaleContent([]byte(`key = <code id="branch_targe">%[3]s</code>`)))
-		assert.EqualValues(t, []string{"key: <a\x1b[31m class=\"ui sh\"\x1b[0m href=\"https://TO-BE-REPLACED.COM\">"}, checkLocaleContent([]byte(`key = <a class="ui sh" href="%[3]s">`)))
-		assert.EqualValues(t, []string{"key: <a\x1b[31m class=\"js-click-me\"\x1b[0m href=\"https://TO-BE-REPLACED.COM\">"}, checkLocaleContent([]byte(`key = <a class="js-click-me" href="%[3]s">`)))
-		assert.EqualValues(t, []string{"key: <strong\x1b[31m class=\"branch-target\"\x1b[0m>%[1]s</strong>"}, checkLocaleContent([]byte(`key = <strong class="branch-target">%[1]s</strong>`)))
-	})
-
-	t.Run("General safe tags", func(t *testing.T) {
-		assert.Empty(t, checkLocaleContent([]byte("error404 = The page you are trying to reach either <strong>does not exist</strong> or <strong>you are not authorized</strong> to view it.")))
-		assert.Empty(t, checkLocaleContent([]byte("teams.specific_repositories_helper = Members will only have access to repositories explicitly added to the team. Selecting this <strong>will not</strong> automatically remove repositories already added with <i>All repositories</i>.")))
-		assert.Empty(t, checkLocaleContent([]byte("sqlite_helper = File path for the SQLite3 database.<br>Enter an absolute path if you run Forgejo as a service.")))
-		assert.Empty(t, checkLocaleContent([]byte("hi_user_x = Hi <b>%s</b>,")))
-
-		assert.EqualValues(t, []string{"error404: The page you are trying to reach either <strong\x1b[31m title='aaa'\x1b[0m>does not exist</strong> or <strong>you are not authorized</strong> to view it."}, checkLocaleContent([]byte("error404 = The page you are trying to reach either <strong title='aaa'>does not exist</strong> or <strong>you are not authorized</strong> to view it.")))
-	})
-
-	t.Run("<a>", func(t *testing.T) {
-		assert.Empty(t, checkLocaleContent([]byte(`admin.new_user.text = Please <a href="%s">click here</a> to manage this user from the admin panel.`)))
-		assert.Empty(t, checkLocaleContent([]byte(`access_token_desc = Selected token permissions limit authorization only to the corresponding <a href="%[1]s" target="_blank">API</a> routes. Read the <a href="%[2]s" target="_blank">documentation</a> for more information.`)))
-		assert.Empty(t, checkLocaleContent([]byte(`webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a> standard.`)))
-		assert.Empty(t, checkLocaleContent([]byte("issues.closed_at = `closed this issue <a id=\"%[1]s\" href=\"#%[1]s\">%[2]s</a>`")))
-
-		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"https://example.com\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com">`)))
-		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"javascript:alert('1')\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="javascript:alert('1')">`)))
-		assert.EqualValues(t, []string{"key: <a href=\"https://TO-BE-REPLACED.COM\"\x1b[31m download\x1b[0m>"}, checkLocaleContent([]byte(`key = <a href="%s" download>`)))
-		assert.EqualValues(t, []string{"key: <a href=\"https://TO-BE-REPLACED.COM\"\x1b[31m target=\"_self\"\x1b[0m>"}, checkLocaleContent([]byte(`key = <a href="%s" target="_self">`)))
-		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"https://example.com/%s\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com/%s">`)))
-		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"https://example.com/?q=%s\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com/?q=%s">`)))
-		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"%s/open-redirect\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="%s/open-redirect">`)))
-		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"%s?q=open-redirect\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="%s?q=open-redirect">`)))
-	})
-
-	t.Run("Escaped HTML characters", func(t *testing.T) {
-		assert.Empty(t, checkLocaleContent([]byte("activity.git_stats_push_to_branch = `إلى %s و\"`")))
-
-		assert.EqualValues(t, []string{"key: و\x1b[31m&nbsp\x1b[0m\x1b[32m\u00a0\x1b[0m"}, checkLocaleContent([]byte(`key = و&nbsp;`)))
-	})
-}

cmd/admin_auth.go

@@ -4,7 +4,6 @@
 package cmd
 
 import (
-	"errors"
 	"fmt"
 	"os"
 	"text/tabwriter"
@@ -92,7 +91,7 @@ func runListAuth(c *cli.Context) error {
 
 func runDeleteAuth(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return errors.New("--id flag is missing")
+		return fmt.Errorf("--id flag is missing")
 	}
 
 	ctx, cancel := installSignals()

cmd/admin_auth_ldap.go

@@ -386,7 +386,7 @@ func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
 	return a.createAuthSource(ctx, authSource)
 }
 
-// updateLdapSimpleAuth updates a new LDAP (simple auth) authentication source.
+// updateLdapBindDn updates a new LDAP (simple auth) authentication source.
 func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

cmd/admin_auth_oauth.go

@@ -4,7 +4,6 @@
 package cmd
 
 import (
-	"errors"
 	"fmt"
 	"net/url"
 
@@ -194,7 +193,7 @@ func runAddOauth(c *cli.Context) error {
 
 func runUpdateOauth(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return errors.New("--id flag is missing")
+		return fmt.Errorf("--id flag is missing")
 	}
 
 	ctx, cancel := installSignals()

cmd/admin_auth_stmp.go

@@ -5,6 +5,7 @@ package cmd
 
 import (
 	"errors"
+	"fmt"
 	"strings"
 
 	auth_model "code.gitea.io/gitea/models/auth"
@@ -165,7 +166,7 @@ func runAddSMTP(c *cli.Context) error {
 
 func runUpdateSMTP(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return errors.New("--id flag is missing")
+		return fmt.Errorf("--id flag is missing")
 	}
 
 	ctx, cancel := installSignals()

cmd/admin_user_delete.go

@@ -4,7 +4,6 @@
 package cmd
 
 import (
-	"errors"
 	"fmt"
 	"strings"
 
@@ -43,7 +42,7 @@ var microcmdUserDelete = &cli.Command{
 
 func runDeleteUser(c *cli.Context) error {
 	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
-		return errors.New("You must provide the id, username or email of a user to delete")
+		return fmt.Errorf("You must provide the id, username or email of a user to delete")
 	}
 
 	ctx, cancel := installSignals()

cmd/admin_user_generate_access_token.go

@@ -4,7 +4,6 @@
 package cmd
 
 import (
-	"errors"
 	"fmt"
 
 	auth_model "code.gitea.io/gitea/models/auth"
@@ -43,7 +42,7 @@ var microcmdUserGenerateAccessToken = &cli.Command{
 
 func runGenerateAccessToken(c *cli.Context) error {
 	if !c.IsSet("username") {
-		return errors.New("You must provide a username to generate a token for")
+		return fmt.Errorf("You must provide a username to generate a token for")
 	}
 
 	ctx, cancel := installSignals()
@@ -69,7 +68,7 @@ func runGenerateAccessToken(c *cli.Context) error {
 		return err
 	}
 	if exist {
-		return errors.New("access token name has been used already")
+		return fmt.Errorf("access token name has been used already")
 	}
 
 	// make sure the scopes are valid

cmd/doctor_convert.go

@@ -17,7 +17,7 @@ import (
 var cmdDoctorConvert = &cli.Command{
 	Name:        "convert",
 	Usage:       "Convert the database",
-	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4 or MSSQL database from varchar to nvarchar",
 	Action:      runDoctorConvert,
 }
 
@@ -35,14 +35,21 @@ func runDoctorConvert(ctx *cli.Context) error {
 	log.Info("Log path: %s", setting.Log.RootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
 
-	if setting.Database.Type.IsMySQL() {
+	switch {
+	case setting.Database.Type.IsMySQL():
 		if err := db.ConvertDatabaseTable(); err != nil {
 			log.Fatal("Failed to convert database & table: %v", err)
 			return err
 		}
 		fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
-	} else {
-		fmt.Println("This command can only be used with a MySQL database")
+	case setting.Database.Type.IsMSSQL():
+		if err := db.ConvertVarcharToNVarchar(); err != nil {
+			log.Fatal("Failed to convert database from varchar to nvarchar: %v", err)
+			return err
+		}
+		fmt.Println("Converted successfully, please confirm your database's all columns character is NVARCHAR now")
+	default:
+		fmt.Println("This command can only be used with a MySQL or MSSQL database")
 	}
 
 	return nil

cmd/dump.go

@@ -20,7 +20,7 @@ import (
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
 
-	"code.forgejo.org/go-chi/session"
+	"gitea.com/go-chi/session"
 	"github.com/mholt/archiver/v3"
 	"github.com/urfave/cli/v2"
 )
@@ -128,7 +128,7 @@ It can be used for backup and capture Forgejo server image to send to maintainer
 		&cli.StringFlag{
 			Name:    "database",
 			Aliases: []string{"d"},
-			Usage:   "Specify the database SQL syntax: sqlite3, mysql, postgres",
+			Usage:   "Specify the database SQL syntax: sqlite3, mysql, mssql, postgres",
 		},
 		&cli.BoolFlag{
 			Name:    "skip-repository",

cmd/embedded.go

@@ -157,9 +157,9 @@ func runViewDo(c *cli.Context) error {
 	}
 
 	if len(matchedAssetFiles) == 0 {
-		return errors.New("no files matched the given pattern")
+		return fmt.Errorf("no files matched the given pattern")
 	} else if len(matchedAssetFiles) > 1 {
-		return errors.New("too many files matched the given pattern, try to be more specific")
+		return fmt.Errorf("too many files matched the given pattern, try to be more specific")
 	}
 
 	data, err := matchedAssetFiles[0].fs.ReadFile(matchedAssetFiles[0].name)
@@ -180,7 +180,7 @@ func runExtractDo(c *cli.Context) error {
 	}
 
 	if c.NArg() == 0 {
-		return errors.New("a list of pattern of files to extract is mandatory (e.g. '**' for all)")
+		return fmt.Errorf("a list of pattern of files to extract is mandatory (e.g. '**' for all)")
 	}
 
 	destdir := "."

cmd/forgejo/actions.go

@@ -86,11 +86,6 @@ func SubcmdActionsRegister(ctx context.Context) *cli.Command {
 				Value: "",
 				Usage: "comma separated list of labels supported by the runner (e.g. docker,ubuntu-latest,self-hosted)  (not required since v1.21)",
 			},
-			&cli.BoolFlag{
-				Name:  "keep-labels",
-				Value: false,
-				Usage: "do not affect the labels when updating an existing runner",
-			},
 			&cli.StringFlag{
 				Name:  "name",
 				Value: "runner",
@@ -138,20 +133,9 @@ func validateSecret(secret string) error {
 	return nil
 }
 
-func getLabels(cliCtx *cli.Context) (*[]string, error) {
-	if !cliCtx.Bool("keep-labels") {
-		lblValue := strings.Split(cliCtx.String("labels"), ",")
-		return &lblValue, nil
-	}
-	if cliCtx.String("labels") != "" {
-		return nil, fmt.Errorf("--labels and --keep-labels should not be used together")
-	}
-	return nil, nil
-}
-
 func RunRegister(ctx context.Context, cliCtx *cli.Context) error {
-	var cancel context.CancelFunc
 	if !ContextGetNoInit(ctx) {
+		var cancel context.CancelFunc
 		ctx, cancel = installSignals(ctx)
 		defer cancel()
 
@@ -169,12 +153,9 @@ func RunRegister(ctx context.Context, cliCtx *cli.Context) error {
 		return err
 	}
 	scope := cliCtx.String("scope")
+	labels := cliCtx.String("labels")
 	name := cliCtx.String("name")
 	version := cliCtx.String("version")
-	labels, err := getLabels(cliCtx)
-	if err != nil {
-		return err
-	}
 
 	//
 	// There are two kinds of tokens
@@ -198,7 +179,7 @@ func RunRegister(ctx context.Context, cliCtx *cli.Context) error {
 		return err
 	}
 
-	runner, err := actions_model.RegisterRunner(ctx, owner, repo, secret, labels, name, version)
+	runner, err := actions_model.RegisterRunner(ctx, owner, repo, secret, strings.Split(labels, ","), name, version)
 	if err != nil {
 		return fmt.Errorf("error while registering runner: %v", err)
 	}

cmd/forgejo/actions_test.go

@@ -1,88 +0,0 @@
-// Copyright The Forgejo Authors.
-// SPDX-License-Identifier: MIT
-
-package forgejo
-
-import (
-	"fmt"
-	"testing"
-
-	"code.gitea.io/gitea/services/context"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/urfave/cli/v2"
-)
-
-func TestActions_getLabels(t *testing.T) {
-	type testCase struct {
-		args      []string
-		hasLabels bool
-		hasError  bool
-		labels    []string
-	}
-	type resultType struct {
-		labels *[]string
-		err    error
-	}
-
-	cases := []testCase{
-		{
-			args:      []string{"x"},
-			hasLabels: true,
-			hasError:  false,
-			labels:    []string{""},
-		}, {
-			args:      []string{"x", "--labels", "a,b"},
-			hasLabels: true,
-			hasError:  false,
-			labels:    []string{"a", "b"},
-		}, {
-			args:      []string{"x", "--keep-labels"},
-			hasLabels: false,
-			hasError:  false,
-		}, {
-			args:      []string{"x", "--keep-labels", "--labels", "a,b"},
-			hasLabels: false,
-			hasError:  true,
-		}, {
-			// this edge-case exists because that's what actually happens
-			// when no '--labels ...' options are present
-			args:      []string{"x", "--keep-labels", "--labels", ""},
-			hasLabels: false,
-			hasError:  false,
-		},
-	}
-
-	flags := SubcmdActionsRegister(context.Context{}).Flags
-	for _, c := range cases {
-		t.Run(fmt.Sprintf("args: %v", c.args), func(t *testing.T) {
-			// Create a copy of command to test
-			var result *resultType
-			app := cli.NewApp()
-			app.Flags = flags
-			app.Action = func(ctx *cli.Context) error {
-				labels, err := getLabels(ctx)
-				result = &resultType{labels, err}
-				return nil
-			}
-
-			// Run it
-			_ = app.Run(c.args)
-
-			// Test the results
-			require.NotNil(t, result)
-			if c.hasLabels {
-				assert.NotNil(t, result.labels)
-				assert.Equal(t, c.labels, *result.labels)
-			} else {
-				assert.Nil(t, result.labels)
-			}
-			if c.hasError {
-				require.Error(t, result.err)
-			} else {
-				assert.NoError(t, result.err)
-			}
-		})
-	}
-}

cmd/forgejo/f3.go

@@ -1,77 +0,0 @@
-// Copyright Earl Warren <contact@earl-warren.org>
-// Copyright Loïc Dachary <loic@dachary.org>
-// SPDX-License-Identifier: MIT
-
-package forgejo
-
-import (
-	"context"
-	"errors"
-
-	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-	"code.gitea.io/gitea/services/f3/util"
-
-	_ "code.gitea.io/gitea/services/f3/driver" // register the driver
-
-	f3_cmd "code.forgejo.org/f3/gof3/v3/cmd"
-	f3_logger "code.forgejo.org/f3/gof3/v3/logger"
-	f3_util "code.forgejo.org/f3/gof3/v3/util"
-	"github.com/urfave/cli/v2"
-)
-
-func CmdF3(ctx context.Context) *cli.Command {
-	ctx = f3_logger.ContextSetLogger(ctx, util.NewF3Logger(nil, log.GetLogger(log.DEFAULT)))
-	return &cli.Command{
-		Name:  "f3",
-		Usage: "F3",
-		Subcommands: []*cli.Command{
-			SubcmdF3Mirror(ctx),
-		},
-	}
-}
-
-func SubcmdF3Mirror(ctx context.Context) *cli.Command {
-	mirrorCmd := f3_cmd.CreateCmdMirror(ctx)
-	mirrorCmd.Before = prepareWorkPathAndCustomConf(ctx)
-	f3Action := mirrorCmd.Action
-	mirrorCmd.Action = func(c *cli.Context) error { return runMirror(ctx, c, f3Action) }
-	return mirrorCmd
-}
-
-func runMirror(ctx context.Context, c *cli.Context, action cli.ActionFunc) error {
-	setting.LoadF3Setting()
-	if !setting.F3.Enabled {
-		return errors.New("F3 is disabled, it is not ready to be used and is only present for development purposes")
-	}
-
-	var cancel context.CancelFunc
-	if !ContextGetNoInit(ctx) {
-		ctx, cancel = installSignals(ctx)
-		defer cancel()
-
-		if err := initDB(ctx); err != nil {
-			return err
-		}
-
-		if err := storage.Init(); err != nil {
-			return err
-		}
-
-		if err := git.InitSimple(ctx); err != nil {
-			return err
-		}
-		if err := models.Init(ctx); err != nil {
-			return err
-		}
-	}
-
-	err := action(c)
-	if panicError, ok := err.(f3_util.PanicError); ok {
-		log.Debug("F3 Stack trace\n%s", panicError.Stack())
-	}
-	return err
-}

cmd/forgejo/forgejo.go

@@ -36,7 +36,6 @@ func CmdForgejo(ctx context.Context) *cli.Command {
 		Flags: []cli.Flag{},
 		Subcommands: []*cli.Command{
 			CmdActions(ctx),
-			CmdF3(ctx),
 		},
 	}
 }

cmd/hook.go

@@ -15,7 +15,6 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/git/pushoptions"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 	repo_module "code.gitea.io/gitea/modules/repository"
@@ -193,7 +192,7 @@ Forgejo or set your environment appropriately.`, "")
 		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
-		GitPushOptions:                  pushoptions.New().ReadEnv().Map(),
+		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		DeployKeyID:                     deployKeyID,
 		ActionPerm:                      int(actionPerm),
@@ -322,8 +321,7 @@ func runHookUpdate(c *cli.Context) error {
 		return fail(ctx, fmt.Sprintf("The deletion of %s is skipped as it's an internal reference.", refFullName), "")
 	}
 
-	// If the new comment isn't empty it means modification.
-	return fail(ctx, fmt.Sprintf("The modification of %s is skipped as it's an internal reference.", refFullName), "")
+	return nil
 }
 
 func runHookPostReceive(c *cli.Context) error {
@@ -377,7 +375,7 @@ Forgejo or set your environment appropriately.`, "")
 		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
-		GitPushOptions:                  pushoptions.New().ReadEnv().Map(),
+		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		PushTrigger:                     repo_module.PushTrigger(os.Getenv(repo_module.EnvPushTrigger)),
 	}
@@ -486,10 +484,25 @@ func hookPrintResults(results []private.HookPostReceiveBranchResult) {
 			fmt.Fprintf(os.Stderr, "  %s\n", res.URL)
 		}
 		fmt.Fprintln(os.Stderr, "")
-		_ = os.Stderr.Sync()
+		os.Stderr.Sync()
 	}
 }
 
+func pushOptions() map[string]string {
+	opts := make(map[string]string)
+	if pushCount, err := strconv.Atoi(os.Getenv(private.GitPushOptionCount)); err == nil {
+		for idx := 0; idx < pushCount; idx++ {
+			opt := os.Getenv(fmt.Sprintf("GIT_PUSH_OPTION_%d", idx))
+			key, value, found := strings.Cut(opt, "=")
+			if !found {
+				value = "true"
+			}
+			opts[key] = value
+		}
+	}
+	return opts
+}
+
 func runHookProcReceive(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -536,14 +549,14 @@ Forgejo or set your environment appropriately.`, "")
 
 	index := bytes.IndexByte(rs.Data, byte(0))
 	if index >= len(rs.Data) {
-		return fail(ctx, "Protocol: format error", "pkt-line: format error %s", rs.Data)
+		return fail(ctx, "Protocol: format error", "pkt-line: format error "+fmt.Sprint(rs.Data))
 	}
 
 	if index < 0 {
 		if len(rs.Data) == 10 && rs.Data[9] == '\n' {
 			index = 9
 		} else {
-			return fail(ctx, "Protocol: format error", "pkt-line: format error %s", rs.Data)
+			return fail(ctx, "Protocol: format error", "pkt-line: format error "+fmt.Sprint(rs.Data))
 		}
 	}
 
@@ -614,7 +627,6 @@ Forgejo or set your environment appropriately.`, "")
 	hookOptions.GitPushOptions = make(map[string]string)
 
 	if hasPushOptions {
-		pushOptions := pushoptions.NewFromMap(&hookOptions.GitPushOptions)
 		for {
 			rs, err = readPktLine(ctx, reader, pktLineTypeUnknown)
 			if err != nil {
@@ -624,7 +636,12 @@ Forgejo or set your environment appropriately.`, "")
 			if rs.Type == pktLineTypeFlush {
 				break
 			}
-			pushOptions.Parse(string(rs.Data))
+
+			key, value, found := strings.Cut(string(rs.Data), "=")
+			if !found {
+				value = "true"
+			}
+			hookOptions.GitPushOptions[key] = value
 		}
 	}
 
@@ -766,7 +783,7 @@ func writeFlushPktLine(ctx context.Context, out io.Writer) error {
 	return nil
 }
 
-// Write an Pkt-Line based on `data` to `out` according to the specification.
+// Write an Pkt-Line based on `data` to `out` according to the specifcation.
 // https://git-scm.com/docs/protocol-common
 func writeDataPktLine(ctx context.Context, out io.Writer, data []byte) error {
 	// Implementations SHOULD NOT send an empty pkt-line ("0004").

cmd/hook_test.go

@@ -15,6 +15,7 @@ import (
 	"testing"
 	"time"
 
+	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/test"
 
@@ -117,7 +118,7 @@ func TestDelayWriter(t *testing.T) {
 	defer test.MockVariableValue(&setting.InternalToken, "Random")()
 	defer test.MockVariableValue(&setting.InstallLock, true)()
 	defer test.MockVariableValue(&setting.Git.VerbosePush, true)()
-	t.Setenv("SSH_ORIGINAL_COMMAND", "true")
+	require.NoError(t, os.Setenv("SSH_ORIGINAL_COMMAND", "true"))
 
 	// Setup the Stdin.
 	f, err := os.OpenFile(t.TempDir()+"/stdin", os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o666)
@@ -163,6 +164,20 @@ func TestDelayWriter(t *testing.T) {
 	})
 }
 
+func TestPushOptions(t *testing.T) {
+	require.NoError(t, os.Setenv(private.GitPushOptionCount, "3"))
+	require.NoError(t, os.Setenv("GIT_PUSH_OPTION_0", "force-push"))
+	require.NoError(t, os.Setenv("GIT_PUSH_OPTION_1", "option=value"))
+	require.NoError(t, os.Setenv("GIT_PUSH_OPTION_2", "option-double=another=value"))
+	require.NoError(t, os.Setenv("GIT_PUSH_OPTION_3", "not=valid"))
+
+	assert.Equal(t, map[string]string{
+		"force-push":    "true",
+		"option":        "value",
+		"option-double": "another=value",
+	}, pushOptions())
+}
+
 func TestRunHookUpdate(t *testing.T) {
 	app := cli.NewApp()
 	app.Commands = []*cli.Command{subcmdHookUpdate}
@@ -180,15 +195,8 @@ func TestRunHookUpdate(t *testing.T) {
 	})
 
 	t.Run("Update of internal reference", func(t *testing.T) {
-		defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
-		defer test.MockVariableValue(&setting.IsProd, false)()
-		finish := captureOutput(t, os.Stderr)
-
 		err := app.Run([]string{"./forgejo", "update", "refs/pull/1/head", "0a51ae26bc73c47e2f754560c40904cf14ed51a9", "0000000000000000000000000000000000000001"})
-		out := finish()
-		require.Error(t, err)
-
-		assert.Contains(t, out, "The modification of refs/pull/1/head is skipped as it's an internal reference.")
+		require.NoError(t, err)
 	})
 
 	t.Run("Removal of branch", func(t *testing.T) {

cmd/main.go

@@ -124,7 +124,6 @@ func NewMainApp(version, versionExtra string) *cli.App {
 
 	var subCmdsStandalone []*cli.Command = make([]*cli.Command, 0, 10)
 	var subCmdWithConfig []*cli.Command = make([]*cli.Command, 0, 10)
-	var globalFlags []cli.Flag = make([]cli.Flag, 0, 10)
 
 	//
 	// If the executable is forgejo-cli, provide a Forgejo specific CLI
@@ -132,15 +131,6 @@ func NewMainApp(version, versionExtra string) *cli.App {
 	//
 	if executable == "forgejo-cli" {
 		subCmdsStandalone = append(subCmdsStandalone, forgejo.CmdActions(context.Background()))
-		subCmdWithConfig = append(subCmdWithConfig, forgejo.CmdF3(context.Background()))
-		globalFlags = append(globalFlags, []cli.Flag{
-			&cli.BoolFlag{
-				Name: "quiet",
-			},
-			&cli.BoolFlag{
-				Name: "verbose",
-			},
-		}...)
 	} else {
 		//
 		// Otherwise provide a Gitea compatible CLI which includes Forgejo
@@ -152,10 +142,10 @@ func NewMainApp(version, versionExtra string) *cli.App {
 		subCmdWithConfig = append(subCmdWithConfig, CmdActions)
 	}
 
-	return innerNewMainApp(version, versionExtra, subCmdsStandalone, subCmdWithConfig, globalFlags)
+	return innerNewMainApp(version, versionExtra, subCmdsStandalone, subCmdWithConfig)
 }
 
-func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmdWithConfigArgs []*cli.Command, globalFlagsArgs []cli.Flag) *cli.App {
+func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmdWithConfigArgs []*cli.Command) *cli.App {
 	app := cli.NewApp()
 	app.HelpName = "forgejo"
 	app.Name = "Forgejo"
@@ -195,7 +185,6 @@ func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmd
 	app.DefaultCommand = CmdWeb.Name
 
 	globalFlags := appGlobalFlags()
-	globalFlags = append(globalFlags, globalFlagsArgs...)
 	app.Flags = append(app.Flags, cli.VersionFlag)
 	app.Flags = append(app.Flags, globalFlags...)
 	app.HideHelp = true // use our own help action to show helps (with more information like default config)

cmd/manager_logging.go

@@ -4,7 +4,6 @@
 package cmd
 
 import (
-	"errors"
 	"fmt"
 	"os"
 
@@ -250,7 +249,7 @@ func runAddFileLogger(c *cli.Context) error {
 	if c.IsSet("filename") {
 		vals["filename"] = c.String("filename")
 	} else {
-		return errors.New("filename must be set when creating a file logger")
+		return fmt.Errorf("filename must be set when creating a file logger")
 	}
 	if c.IsSet("rotate") {
 		vals["rotate"] = c.Bool("rotate")

cmd/migrate.go

@@ -18,7 +18,7 @@ import (
 var CmdMigrate = &cli.Command{
 	Name:        "migrate",
 	Usage:       "Migrate the database",
-	Description: "This is a command for migrating the database, so that you can run gitea admin user create before starting the server.",
+	Description: "This is a command for migrating the database, so that you can run gitea admin create-user before starting the server.",
 	Action:      runMigrate,
 }
 

cmd/migrate_storage_test.go

@@ -91,7 +91,7 @@ func TestMigrateActionsArtifacts(t *testing.T) {
 
 	srcStorage, _ := createLocalStorage(t)
 	defer test.MockVariableValue(&storage.ActionsArtifacts, srcStorage)()
-	id := int64(42)
+	id := int64(0)
 
 	addArtifact := func(storagePath string, status actions.ArtifactStatus) {
 		id++

cmd/serv.go

@@ -136,7 +136,7 @@ func runServ(c *cli.Context) error {
 	setup(ctx, c.Bool("debug"))
 
 	if setting.SSH.Disabled {
-		fmt.Println("Forgejo: SSH has been disabled")
+		println("Forgejo: SSH has been disabled")
 		return nil
 	}
 
@@ -147,12 +147,6 @@ func runServ(c *cli.Context) error {
 		return nil
 	}
 
-	defer func() {
-		if err := recover(); err != nil {
-			_ = fail(ctx, "Internal Server Error", "Panic: %v\n%s", err, log.Stack(2))
-		}
-	}()
-
 	keys := strings.Split(c.Args().First(), "-")
 	if len(keys) != 2 || keys[0] != "key" {
 		return fail(ctx, "Key ID format error", "Invalid key argument: %s", c.Args().First())
@@ -170,13 +164,13 @@ func runServ(c *cli.Context) error {
 		}
 		switch key.Type {
 		case asymkey_model.KeyTypeDeploy:
-			fmt.Println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Forgejo does not provide shell access.")
+			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Forgejo does not provide shell access.")
 		case asymkey_model.KeyTypePrincipal:
-			fmt.Println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Forgejo does not provide shell access.")
+			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Forgejo does not provide shell access.")
 		default:
-			fmt.Println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Forgejo does not provide shell access.")
+			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Forgejo does not provide shell access.")
 		}
-		fmt.Println("If this is unexpected, please log in with password and setup Forgejo under another user.")
+		println("If this is unexpected, please log in with password and setup Forgejo under another user.")
 		return nil
 	} else if c.Bool("debug") {
 		log.Debug("SSH_ORIGINAL_COMMAND: %s", os.Getenv("SSH_ORIGINAL_COMMAND"))
@@ -199,7 +193,10 @@ func runServ(c *cli.Context) error {
 	}
 
 	verb := words[0]
-	repoPath := strings.TrimPrefix(words[1], "/")
+	repoPath := words[1]
+	if repoPath[0] == '/' {
+		repoPath = repoPath[1:]
+	}
 
 	var lfsVerb string
 	if verb == lfsAuthenticateVerb {

contrib/backport/README

@@ -11,7 +11,7 @@ The default version will read from `docs/config.yml`. You can override this
 using the option `--version`.
 
 The upstream branches will be fetched, using the remote `origin`. This can
-be overridden using `--upstream`, and fetching can be avoided using
+be overrided using `--upstream`, and fetching can be avoided using
 `--no-fetch`.
 
 By default the branch created will be called `backport-$PR-$VERSION`. You

contrib/backport/backport.go

@@ -17,7 +17,7 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/google/go-github/v64/github"
+	"github.com/google/go-github/v57/github"
 	"github.com/urfave/cli/v2"
 	"gopkg.in/yaml.v3"
 )

contrib/gitea-monitoring-mixin/jsonnetfile.lock.json

@@ -8,8 +8,8 @@
           "subdir": "grafonnet"
         }
       },
-      "version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
-      "sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc="
+      "version": "3626fc4dc2326931c530861ac5bebe39444f6cbf",
+      "sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w="
     }
   ],
   "legacyImports": false

contrib/ide/vscode/settings.json

@@ -1,6 +1,4 @@
 {
-  "go.buildTags": "sqlite,sqlite_unlock_notify",
-  "go.testFlags": ["-v"],
-  "go.lintTool": "golangci-lint",
-  "go.lintFlags": ["--fast"]
+    "go.buildTags": "sqlite,sqlite_unlock_notify",
+    "go.testFlags": ["-v"]
 }

contrib/legal/privacy.html.sample

@@ -150,7 +150,7 @@
 
    <p>In general, Your Gitea Instance retains User Personal Information for as long as your account is active, or as needed to provide you service.</p>
 
-   <p>If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. Feel free to contact our support to request erasure of the data we process on the basis of consent within 30 days.</p>
+   <p>If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. Feel free to contact our support to request erasure of the data we process on the bassis of consent within 30 days.</p>
 
    <p>After an account has been deleted, certain data, such as contributions to other Users' repositories and comments in others' issues, will remain. However, we will delete or de-identify your User Personal Information, including your username and email address, from the author field of issues, pull requests, and comments by associating them with a ghost user.</p>
 

contrib/systemd/forgejo.service

@@ -61,7 +61,7 @@ WorkingDirectory=/var/lib/forgejo/
 #RuntimeDirectory=forgejo
 ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
 Restart=always
-Environment=USER=git HOME=/home/git FORGEJO_WORK_DIR=/var/lib/forgejo
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/forgejo
 # If you install Git to directory prefix other than default PATH (which happens
 # for example if you install other versions of Git side-to-side with
 # distribution version), uncomment below line and add that prefix to PATH

custom/conf/app.example.ini

@@ -1,10 +1,10 @@
-; This file lists the default values used by Forgejo
+; This file lists the default values used by Gitea
 ;; Copy required sections to your own app.ini (default is custom/conf/app.ini)
 ;; and modify as needed.
 ;; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes.
 ;; If you don't know what a setting is you should not set it.
 ;;
-;; see https://forgejo.org/docs/next/admin/config-cheat-sheet for additional documentation.
+;; see https://docs.gitea.com/administration/config-cheat-sheet for additional documentation.
 
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -41,14 +41,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; App name that shows in every page title
-APP_NAME = ; Forgejo: Beyond coding. We Forge.
-;;
-;; APP_SLOGAN shows a slogan near the App name in every page title.
-;APP_SLOGAN =
-;;
-;; APP_DISPLAY_NAME_FORMAT defines how the AppDisplayName should be presented
-;; It is used only if APP_SLOGAN is set.
-;APP_DISPLAY_NAME_FORMAT = {APP_NAME}: {APP_SLOGAN}
+APP_NAME = ; Gitea: Git with a cup of tea
 ;;
 ;; RUN_USER will automatically detect the current user - but you can set it here change it if you run locally
 RUN_USER = ; git
@@ -328,10 +321,6 @@ RUN_USER = ; git
 ;; Maximum number of locks returned per page
 ;LFS_LOCKS_PAGING_NUM = 50
 ;;
-;; When clients make lfs batch requests, reject them if there are more pointers than this number
-;; zero means 'unlimited'
-;LFS_MAX_BATCH_SIZE = 0
-;;
 ;; Allow graceful restarts using SIGHUP to fork
 ;ALLOW_GRACEFUL_RESTARTS = true
 ;;
@@ -353,25 +342,16 @@ RUN_USER = ; git
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Database to use. Either "sqlite3", "mySQL" or "postgres".
-;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; SQLite Configuration
-;;
-DB_TYPE = sqlite3
-;PATH= ; defaults to data/forgejo.db
-;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
-;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
+;; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3".
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; MySQL Configuration
 ;;
-;DB_TYPE = mysql
-;HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock
-;NAME = gitea
-;USER = root
+DB_TYPE = mysql
+HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock
+NAME = gitea
+USER = root
 ;PASSWD = ;Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;SSL_MODE = false ; either "false" (default), "true", or "skip-verify"
 ;CHARSET_COLLATION = ; Empty as default, Gitea will try to find a case-sensitive collation. Don't change it unless you clearly know what you need.
@@ -390,6 +370,26 @@ DB_TYPE = sqlite3
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
+;; SQLite Configuration
+;;
+;DB_TYPE = sqlite3
+;PATH= ; defaults to data/forgejo.db
+;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
+;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; MSSQL Configuration
+;;
+;DB_TYPE = mssql
+;HOST = 172.17.0.2:1433
+;NAME = gitea
+;USER = SA
+;PASSWD = MwantsaSecurePassword1
+;CHARSET_COLLATION = ; Empty as default, Gitea will try to find a case-sensitive collation. Don't change it unless you clearly know what you need.
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
 ;; Other settings
 ;;
 ;; For iterate buffer, default is 50
@@ -413,8 +413,8 @@ DB_TYPE = sqlite3
 ;; Database connection max idle time, 0 prevents closing due to idle time.
 ;CONN_MAX_IDLETIME = 0
 ;;
-;; Database maximum number of open connections, default is 100 which is the lowest default from Postgres (MariaDB + MySQL default to 151). Ensure you only increase the value if you configured your database server accordingly.
-;MAX_OPEN_CONNS = 100
+;; Database maximum number of open connections, default is 0 meaning no maximum
+;MAX_OPEN_CONNS = 0
 ;;
 ;; Whether execute database models migrations automatically
 ;AUTO_MIGRATION = true
@@ -522,8 +522,7 @@ INTERNAL_TOKEN =
 ;; HMAC to encode urls with, it **is required** if camo is enabled.
 ;HMAC_KEY =
 ;; Set to true to use camo for https too lese only non https urls are proxyed
-;; ALLWAYS is deprecated and will be removed in the future
-;ALWAYS = false
+;ALLWAYS = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -629,7 +628,7 @@ LEVEL = Info
 ;[log.%(WriterMode)]
 ;MODE=console/file/conn/...
 ;LEVEL=
-;FLAGS = stdflags or journald
+;FLAGS = stdflags
 ;EXPRESSION =
 ;PREFIX =
 ;COLORIZE = false
@@ -726,7 +725,6 @@ LEVEL = Info
 ;CLONE = 300
 ;PULL = 300
 ;GC = 60
-;GREP = 2
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Git config options
@@ -918,24 +916,6 @@ LEVEL = Info
 ;; Valid site url schemes for user profiles
 ;VALID_SITE_URL_SCHEMES=http,https
 
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[service.explore]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Only allow signed in users to view the explore pages.
-;REQUIRE_SIGNIN_VIEW = false
-;;
-;; Disable the users explore page.
-;DISABLE_USERS_PAGE = false
-;;
-;; Disable the organizations explore page.
-;DISABLE_ORGANIZATIONS_PAGE = false
-;;
-;; Disable the code explore page.
-;DISABLE_CODE_PAGE = false
-;;
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -997,7 +977,7 @@ LEVEL = Info
 ;ACCESS_CONTROL_ALLOW_ORIGIN =
 ;;
 ;; Force ssh:// clone url instead of scp-style uri when default SSH port is used
-;USE_COMPAT_SSH_URI = true
+;USE_COMPAT_SSH_URI = false
 ;;
 ;; Value for the "go get" request returns the repository url as https or ssh, default is https
 ;GO_GET_CLONE_URL_PROTOCOL = https
@@ -1362,9 +1342,9 @@ LEVEL = Info
 ;[ui.meta]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;AUTHOR = Forgejo – Beyond coding. We forge.
-;DESCRIPTION = Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.
-;KEYWORDS = git,forge,forgejo
+;AUTHOR = Gitea - Git with a cup of tea
+;DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
+;KEYWORDS = go,git,self-hosted,gitea
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1400,9 +1380,6 @@ LEVEL = Info
 ;;
 ;; Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit).
 ;MAX_FILE_SIZE = 524288
-;;
-;; Maximum allowed rows to render CSV files. (Set to 0 for no limit)
-;MAX_ROWS = 2500
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1530,7 +1507,7 @@ LEVEL = Info
 ;; Batch size to send for batched queues
 ;BATCH_LENGTH = 20
 ;;
-;; Connection string for redis queues this will store the redis (or Redis cluster) connection string.
+;; Connection string for redis queues this will store the redis or redis-cluster connection string.
 ;; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
 ;; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
 ;CONN_STR = "redis://127.0.0.1:6379/0"
@@ -1562,11 +1539,6 @@ LEVEL = Info
 ;; - manage_ssh_keys: a user cannot configure ssh keys
 ;; - manage_gpg_keys: a user cannot configure gpg keys
 ;USER_DISABLED_FEATURES =
-;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
-;; - deletion: a user cannot delete their own account
-;; - manage_ssh_keys: a user cannot configure ssh keys
-;; - manage_gpg_keys: a user cannot configure gpg keys
-;;EXTERNAL_USER_DISABLE_FEATURES =
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1740,10 +1712,6 @@ LEVEL = Info
 ;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
 ;ENVELOPE_FROM =
 ;;
-;; If gitea sends mails on behave of users, it will just use the name also displayed in the WebUI. If you want e.g. `Mister X (by CodeIt) <gitea@codeit.net>`,
-;; set it to `{{ .DisplayName }} (by {{ .AppName }})`. Available Variables: `.DisplayName`, `.AppName` and `.Domain`.
-;FROM_DISPLAY_NAME_FORMAT = {{ .DisplayName }}
-;;
 ;; Mailer user name and password, if required by provider.
 ;USER =
 ;;
@@ -1766,16 +1734,6 @@ LEVEL = Info
 ;; convert \r\n to \n for Sendmail
 ;SENDMAIL_CONVERT_CRLF = true
 
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[mailer.override_header]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; This is empty by default, use it only if you know what you need it for.
-;Reply-To = test@example.com, test2@example.com
-;Content-Type = text/html; charset=utf-8
-;In-Reply-To =
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[email.incoming]
@@ -1829,8 +1787,9 @@ LEVEL = Info
 ;; For "memory" only, GC interval in seconds, default is 60
 ;INTERVAL = 60
 ;;
-;; For "redis" and "memcache", connection host address
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster)
+;; For "redis", "redis-cluster" and "memcache", connection host address
+;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
 ;; memcache: `127.0.0.1:11211`
 ;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
 ;HOST =
@@ -1860,14 +1819,15 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
+;; Either "memory", "file", "redis", "redis-cluster", "db", "mysql", "couchbase", "memcache" or "postgres"
 ;; Default is "memory". "db" will reuse the configuration in [database]
 ;PROVIDER = memory
 ;;
 ;; Provider config options
 ;; memory: doesn't have any config yet
 ;; file: session file path, e.g. `data/sessions`
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster)
+;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
 ;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
 ;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
 ;;
@@ -1938,7 +1898,7 @@ LEVEL = Info
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 2048MB
 ;MAX_SIZE = 2048
@@ -1961,10 +1921,7 @@ LEVEL = Info
 ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ENDPOINT = localhost:9000
 ;;
-;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`.
-;; If not provided and STORAGE_TYPE is `minio`, will search for credentials in known
-;; environment variables (MINIO_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID), credentials files
-;; (~/.mc/config.json, ~/.aws/credentials), and EC2 instance metadata.
+;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ACCESS_KEY_ID =
 ;;
 ;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
@@ -1976,7 +1933,7 @@ LEVEL = Info
 ;; Url lookup for the minio bucket only available when STORAGE_TYPE is `minio`
 ;; Available values: auto, dns, path
 ;; If empty, it behaves the same as "auto" was set
-;MINIO_BUCKET_LOOKUP =
+;MINIO_BUCKET_LOOKUP = 
 ;;
 ;; Minio location to create bucket only available when STORAGE_TYPE is `minio`
 ;MINIO_LOCATION = us-east-1
@@ -2307,7 +2264,7 @@ LEVEL = Info
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Delete all old activities from database
+;; Delete all old actions from database
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cron.delete_old_actions]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2424,8 +2381,6 @@ LEVEL = Info
 ;SHOW_FOOTER_VERSION = true
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-;; Show the "powered by" text in the footer
-;SHOW_FOOTER_POWERED_BY = true
 ;; Generate sitemap. Defaults to `true`.
 ;ENABLE_SITEMAP = true
 ;; Enable/Disable RSS/Atom feed
@@ -2516,15 +2471,6 @@ LEVEL = Info
 ;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
 ;SKIP_TLS_VERIFY = false
 
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[F3]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Enable/Disable Friendly Forge Format (F3)
-;ENABLED = false
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[federation]
@@ -2616,8 +2562,6 @@ LEVEL = Info
 ;LIMIT_SIZE_SWIFT = -1
 ;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_VAGRANT = -1
-;; Enable RPM re-signing by default. (It will overwrite the old signature ,using v4 format, not compatible with CentOS 6 or older)
-;DEFAULT_RPM_SIGN_ENABLED  = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2665,10 +2609,6 @@ LEVEL = Info
 ;; override the minio base path if storage type is minio
 ;MINIO_BASE_PATH = lfs/
 
-;[lfs_client]
-;; When mirroring an upstream lfs endpoint, limit the number of pointers in each batch request to this number
-;BATCH_SIZE = 20
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; settings for packages, will override storage setting
@@ -2688,10 +2628,7 @@ LEVEL = Info
 ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ENDPOINT = localhost:9000
 ;;
-;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`.
-;; If not provided and STORAGE_TYPE is `minio`, will search for credentials in known
-;; environment variables (MINIO_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID), credentials files
-;; (~/.mc/config.json, ~/.aws/credentials), and EC2 instance metadata.
+;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
 ;MINIO_ACCESS_KEY_ID =
 ;;
 ;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
@@ -2703,7 +2640,7 @@ LEVEL = Info
 ;; Url lookup for the minio bucket only available when STORAGE_TYPE is `minio`
 ;; Available values: auto, dns, path
 ;; If empty, it behaves the same as "auto" was set
-;MINIO_BUCKET_LOOKUP =
+;MINIO_BUCKET_LOOKUP = 
 ;;
 ;; Minio location to create bucket only available when STORAGE_TYPE is `minio`
 ;MINIO_LOCATION = us-east-1
@@ -2727,15 +2664,7 @@ LEVEL = Info
 ;ENABLED = true
 ;; Default address to get action plugins, e.g. the default value means downloading from "https://code.forgejo.org/actions/checkout" for "uses: actions/checkout@v3"
 ;DEFAULT_ACTIONS_URL = https://code.forgejo.org
-;; Logs retention time in days. Old logs will be deleted after this period.
-;LOG_RETENTION_DAYS = 365
-;; Log compression type, `none` for no compression, `zstd` for zstd compression.
-;; Other compression types like `gzip` are NOT supported, since seekable stream is required for log view.
-;; It's always recommended to use compression when using local disk as log storage if CPU or memory is not a bottleneck.
-;; And for object storage services like S3, which is billed for requests, it would cause extra 2 times of get requests for each log view.
-;; But it will save storage space and network bandwidth, so it's still recommended to use compression.
-;LOG_COMPRESSION = zstd
-;; Default artifact retention time in days. Artifacts could have their own retention periods by setting the `retention-days` option in `actions/upload-artifact` step.
+;; Default artifact retention time in days, default is 90 days
 ;ARTIFACT_RETENTION_DAYS = 90
 ;; Timeout to stop the task which have running status, but haven't been updated for a long time
 ;ZOMBIE_TASK_TIMEOUT = 10m
@@ -2745,8 +2674,6 @@ LEVEL = Info
 ;ABANDONED_JOB_TIMEOUT = 24h
 ;; Strings committers can place inside a commit message or PR title to skip executing the corresponding actions workflow
 ;SKIP_WORKFLOW_STRINGS = [skip ci],[ci skip],[no ci],[skip actions],[actions skip]
-;; Limit on inputs for manual / workflow_dispatch triggers, default is 10
-;LIMIT_DISPATCH_INPUTS = 10
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

docker/rootless/usr/local/bin/docker-entrypoint.sh

@@ -13,10 +13,5 @@ fi
 if [ $# -gt 0 ]; then
     exec "$@"
 else
-    # TODO: remove on next major version release
-    # Honour legacy config file if existing
-    if [ -f ${GITEA_APP_INI_LEGACY} ]; then
-        GITEA_APP_INI=${GITEA_APP_INI_LEGACY}
-    fi
     exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web
 fi

docker/rootless/usr/local/bin/docker-setup.sh

@@ -11,18 +11,6 @@ mkdir -p ${GITEA_CUSTOM} && chmod 0700 ${GITEA_CUSTOM}
 mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
 if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi
 
-# TODO: remove on next major version release
-# Honour legacy config file if existing, but inform the user
-if [ -f ${GITEA_APP_INI_LEGACY} ] && [ ${GITEA_APP_INI} != ${GITEA_APP_INI_LEGACY} ]; then
-    GITEA_APP_INI_DEFAULT=/var/lib/gitea/custom/conf/app.ini
-    echo -e \
-      "\033[33mWARNING\033[0m: detected configuration file in deprecated default path ${GITEA_APP_INI_LEGACY}." \
-      "The new default is ${GITEA_APP_INI_DEFAULT}. To remove this warning, choose one of the options:\n" \
-      "* Move ${GITEA_APP_INI_LEGACY} to ${GITEA_APP_INI_DEFAULT} (or to \$GITEA_APP_INI if you want to override this variable)\n" \
-      "* Explicitly override GITEA_APP_INI=${GITEA_APP_INI_LEGACY} in the container environment"
-    GITEA_APP_INI=${GITEA_APP_INI_LEGACY}
-fi
-
 #Prepare config file
 if [ ! -f ${GITEA_APP_INI} ]; then
 

flake.lock

@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1720542800,
-        "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=",
+        "lastModified": 1715534503,
+        "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "feb2849fdeb70028c70d73b848214b00d324a497",
+        "rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
         "type": "github"
       },
       "original": {

flake.nix

@@ -30,8 +30,6 @@
 
             # backend
             go_1_22
-            gofumpt
-            sqlite
           ];
         };
       }

go.mod

@@ -1,81 +1,80 @@
 module code.gitea.io/gitea
 
-go 1.23.3
+go 1.22.7
 
 require (
-	code.forgejo.org/f3/gof3/v3 v3.7.0
-	code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251
-	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/go-chi/binding v1.0.0
-	code.forgejo.org/go-chi/cache v1.0.0
-	code.forgejo.org/go-chi/captcha v1.0.0
-	code.forgejo.org/go-chi/session v1.0.0
+	code.forgejo.org/forgejo/reply v1.0.1
 	code.gitea.io/actions-proto-go v0.4.0
 	code.gitea.io/gitea-vet v0.2.3
 	code.gitea.io/sdk/gitea v0.17.1
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
-	connectrpc.com/connect v1.17.0
+	connectrpc.com/connect v1.15.0
+	gitea.com/go-chi/binding v0.0.0-20240430071103-39a851e106ed
+	gitea.com/go-chi/cache v0.2.0
+	gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098
+	gitea.com/go-chi/session v0.0.0-20240316035857-16768d98ec96
 	gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/ProtonMail/go-crypto v1.0.0
-	github.com/PuerkitoBio/goquery v1.10.0
-	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
-	github.com/alecthomas/chroma/v2 v2.14.0
+	github.com/PuerkitoBio/goquery v1.8.1
+	github.com/alecthomas/chroma/v2 v2.13.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
-	github.com/blevesearch/bleve/v2 v2.4.3
-	github.com/buildkite/terminal-to-html/v3 v3.16.4
-	github.com/caddyserver/certmagic v0.21.4
+	github.com/blevesearch/bleve/v2 v2.3.10
+	github.com/buildkite/terminal-to-html/v3 v3.10.1
+	github.com/caddyserver/certmagic v0.20.0
 	github.com/chi-middleware/proxy v1.1.1
+	github.com/denisenkom/go-mssqldb v0.12.3
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
-	github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707
+	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5
 	github.com/dustin/go-humanize v1.0.1
-	github.com/editorconfig/editorconfig-core-go/v2 v2.6.2
+	github.com/editorconfig/editorconfig-core-go/v2 v2.6.1
 	github.com/emersion/go-imap v1.2.1
-	github.com/felixge/fgprof v0.9.5
-	github.com/fsnotify/fsnotify v1.8.0
+	github.com/emirpasic/gods v1.18.1
+	github.com/felixge/fgprof v0.9.4
+	github.com/fsnotify/fsnotify v1.7.0
 	github.com/gliderlabs/ssh v0.3.7
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
 	github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
-	github.com/go-chi/chi/v5 v5.1.0
+	github.com/go-chi/chi/v5 v5.0.11
 	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.9.1
+	github.com/go-enry/go-enry/v2 v2.8.7
 	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
+	github.com/go-git/go-billy/v5 v5.5.0
 	github.com/go-git/go-git/v5 v5.11.0
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/go-swagger/go-swagger v0.30.5
-	github.com/go-testfixtures/testfixtures/v3 v3.12.0
-	github.com/go-webauthn/webauthn v0.11.2
+	github.com/go-testfixtures/testfixtures/v3 v3.10.0
+	github.com/go-webauthn/webauthn v0.10.0
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
-	github.com/golang-jwt/jwt/v5 v5.2.1
-	github.com/google/go-github/v64 v64.0.0
-	github.com/google/pprof v0.0.0-20241017200806-017d972448fc
+	github.com/golang-jwt/jwt/v5 v5.2.0
+	github.com/google/go-github/v57 v57.0.0
+	github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
-	github.com/gorilla/sessions v1.4.0
-	github.com/h2non/gock v1.2.0
+	github.com/gorilla/sessions v1.2.2
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
-	github.com/huandu/xstrings v1.5.0
+	github.com/huandu/xstrings v1.4.0
 	github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056
-	github.com/jhillyerd/enmime/v2 v2.0.0
+	github.com/jhillyerd/enmime v1.1.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/klauspost/compress v1.17.11
-	github.com/klauspost/cpuid/v2 v2.2.8
+	github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
+	github.com/klauspost/compress v1.17.7
+	github.com/klauspost/cpuid/v2 v2.2.6
 	github.com/lib/pq v1.10.9
-	github.com/markbates/goth v1.80.0
+	github.com/markbates/goth v1.78.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.24
-	github.com/meilisearch/meilisearch-go v0.29.0
+	github.com/mattn/go-sqlite3 v1.14.22
+	github.com/meilisearch/meilisearch-go v0.26.1
 	github.com/mholt/archiver/v3 v3.5.1
-	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.78
+	github.com/microcosm-cc/bluemonday v1.0.26
+	github.com/minio/minio-go/v7 v7.0.69
 	github.com/msteinert/pam v1.2.0
 	github.com/nektos/act v0.2.52
 	github.com/niklasfasching/go-org v1.7.0
@@ -83,53 +82,57 @@ require (
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0
 	github.com/pquerna/otp v1.4.0
-	github.com/prometheus/client_golang v1.20.5
-	github.com/redis/go-redis/v9 v9.7.0
+	github.com/prometheus/client_golang v1.18.0
+	github.com/quasoft/websspi v1.1.2
+	github.com/redis/go-redis/v9 v9.4.0
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/santhosh-tekuri/jsonschema/v6 v6.0.1
-	github.com/sassoftware/go-rpmutils v0.4.0
+	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
+	github.com/sassoftware/go-rpmutils v0.2.1-0.20240124161140-277b154961dd
 	github.com/sergi/go-diff v1.3.1
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.8.4
 	github.com/syndtr/goleveldb v1.0.0
-	github.com/ulikunitz/xz v0.5.12
-	github.com/urfave/cli/v2 v2.27.5
-	github.com/valyala/fastjson v1.6.4
-	github.com/xanzy/go-gitlab v0.109.0
+	github.com/tstranex/u2f v1.0.0
+	github.com/ulikunitz/xz v0.5.11
+	github.com/urfave/cli/v2 v2.27.1
+	github.com/xanzy/go-gitlab v0.96.0
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.8
+	github.com/yuin/goldmark v1.6.0
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
-	go.uber.org/mock v0.4.0
-	golang.org/x/crypto v0.29.0
-	golang.org/x/image v0.21.0
-	golang.org/x/net v0.31.0
-	golang.org/x/oauth2 v0.23.0
-	golang.org/x/sys v0.27.0
-	golang.org/x/text v0.20.0
-	golang.org/x/tools v0.26.0
-	google.golang.org/grpc v1.68.0
-	google.golang.org/protobuf v1.35.1
+	github.com/yuin/goldmark-meta v1.1.0
+	golang.org/x/crypto v0.23.0
+	golang.org/x/image v0.18.0
+	golang.org/x/net v0.25.0
+	golang.org/x/oauth2 v0.16.0
+	golang.org/x/sys v0.20.0
+	golang.org/x/text v0.16.0
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
+	google.golang.org/grpc v1.60.1
+	google.golang.org/protobuf v1.33.0
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v3 v3.0.1
 	mvdan.cc/xurls/v2 v2.5.0
+	strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251
 	xorm.io/builder v0.3.13
-	xorm.io/xorm v1.3.9
+	xorm.io/xorm v1.3.7
 )
 
 require (
-	cloud.google.com/go/compute/metadata v0.5.0 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
-	github.com/ClickHouse/ch-go v0.61.5 // indirect
-	github.com/ClickHouse/clickhouse-go/v2 v2.26.0 // indirect
+	github.com/ClickHouse/ch-go v0.61.1 // indirect
+	github.com/ClickHouse/clickhouse-go/v2 v2.18.0 // indirect
 	github.com/DataDog/zstd v1.5.5 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/RoaringBitmap/roaring v1.9.3 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	github.com/RoaringBitmap/roaring v1.7.0 // indirect
 	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
@@ -137,13 +140,12 @@ require (
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.13.0 // indirect
-	github.com/blevesearch/bleve_index_api v1.1.12 // indirect
-	github.com/blevesearch/geo v0.1.20 // indirect
-	github.com/blevesearch/go-faiss v1.0.23 // indirect
+	github.com/blevesearch/bleve_index_api v1.1.5 // indirect
+	github.com/blevesearch/geo v0.1.19 // indirect
 	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
 	github.com/blevesearch/gtreap v0.1.1 // indirect
 	github.com/blevesearch/mmap-go v1.0.4 // indirect
-	github.com/blevesearch/scorch_segment_api/v2 v2.2.16 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.2.6 // indirect
 	github.com/blevesearch/segment v0.9.1 // indirect
 	github.com/blevesearch/snowballstem v0.9.0 // indirect
 	github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
@@ -152,33 +154,31 @@ require (
 	github.com/blevesearch/zapx/v12 v12.3.10 // indirect
 	github.com/blevesearch/zapx/v13 v13.3.10 // indirect
 	github.com/blevesearch/zapx/v14 v14.3.10 // indirect
-	github.com/blevesearch/zapx/v15 v15.3.16 // indirect
-	github.com/blevesearch/zapx/v16 v16.1.8 // indirect
+	github.com/blevesearch/zapx/v15 v15.3.13 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
-	github.com/caddyserver/zerossl v0.1.3 // indirect
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cloudflare/circl v1.3.8 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/couchbase/go-couchbase v0.1.1 // indirect
+	github.com/couchbase/gomemcached v0.3.0 // indirect
+	github.com/couchbase/goutils v0.1.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dlclark/regexp2 v1.11.0 // indirect
 	github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 // indirect
-	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.5.0 // indirect
 	github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
 	github.com/go-faster/city v1.0.1 // indirect
 	github.com/go-faster/errors v0.7.1 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/analysis v0.22.2 // indirect
 	github.com/go-openapi/errors v0.21.0 // indirect
 	github.com/go-openapi/inflect v0.19.0 // indirect
@@ -190,22 +190,22 @@ require (
 	github.com/go-openapi/strfmt v0.22.0 // indirect
 	github.com/go-openapi/swag v0.22.7 // indirect
 	github.com/go-openapi/validate v0.22.6 // indirect
-	github.com/go-webauthn/x v0.1.14 // indirect
-	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/go-webauthn/x v0.1.6 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
+	github.com/golang-sql/sqlexp v0.1.0 // indirect
 	github.com/golang/geo v0.0.0-20230421003525-6adc56603217 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/btree v1.1.2 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/go-tpm v0.9.1 // indirect
+	github.com/google/go-tpm v0.9.0 // indirect
+	github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/gorilla/handlers v1.5.2 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -217,15 +217,16 @@ require (
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/libdns/libdns v0.2.2 // indirect
+	github.com/libdns/libdns v0.2.1 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/markbates/going v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
-	github.com/mholt/acmez/v2 v2.0.3 // indirect
-	github.com/miekg/dns v1.1.62 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/mholt/acmez v1.2.0 // indirect
+	github.com/miekg/dns v1.1.58 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
@@ -233,7 +234,6 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mrjones/oauth v0.0.0-20190623134757-126b35219450 // indirect
 	github.com/mschoch/smat v0.2.0 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nwaples/rardecode v1.1.3 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
@@ -244,18 +244,18 @@ require (
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/rhysd/actionlint v1.6.27 // indirect
-	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.46.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/rhysd/actionlint v1.6.26 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
-	github.com/rs/xid v1.6.0 // indirect
+	github.com/rs/xid v1.5.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/shopspring/decimal v1.4.0 // indirect
+	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.2.1 // indirect
@@ -267,23 +267,28 @@ require (
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/toqueteos/webbrowser v1.2.0 // indirect
+	github.com/unknwon/com v1.0.1 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasthttp v1.51.0 // indirect
+	github.com/valyala/fastjson v1.6.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
-	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
-	github.com/zeebo/blake3 v0.2.4 // indirect
-	go.etcd.io/bbolt v1.3.9 // indirect
+	github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e // indirect
+	github.com/zeebo/blake3 v0.2.3 // indirect
+	go.etcd.io/bbolt v1.3.8 // indirect
 	go.mongodb.org/mongo-driver v1.13.1 // indirect
-	go.opentelemetry.io/otel v1.26.0 // indirect
-	go.opentelemetry.io/otel/trace v1.26.0 // indirect
+	go.opentelemetry.io/otel v1.22.0 // indirect
+	go.opentelemetry.io/otel/trace v1.22.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
-	golang.org/x/mod v0.21.0 // indirect
-	golang.org/x/sync v0.9.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
@@ -293,8 +298,14 @@ replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
 
 replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0
 
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.0
+replace github.com/nektos/act => gitea.com/gitea/act v0.259.1
+
+exclude github.com/gofrs/uuid v3.2.0+incompatible
+
+exclude github.com/gofrs/uuid v4.0.0+incompatible
+
+exclude github.com/goccy/go-json v0.4.11
+
+exclude github.com/satori/go.uuid v1.2.0
 
 replace github.com/mholt/archiver/v3 => code.forgejo.org/forgejo/archiver/v3 v3.5.1
-
-replace github.com/goccy/go-json => github.com/grafana/go-json v0.0.0-20241115232854-f14426c40ff2

models/actions/artifact.go

@@ -69,7 +69,7 @@ func CreateArtifact(ctx context.Context, t *ActionTask, artifactName, artifactPa
 			OwnerID:      t.OwnerID,
 			CommitSHA:    t.CommitSHA,
 			Status:       int64(ArtifactStatusUploadPending),
-			ExpiredUnix:  timeutil.TimeStamp(time.Now().Unix() + timeutil.Day*expiredDays),
+			ExpiredUnix:  timeutil.TimeStamp(time.Now().Unix() + 3600*24*expiredDays),
 		}
 		if _, err := db.GetEngine(ctx).Insert(artifact); err != nil {
 			return nil, err
@@ -78,13 +78,6 @@ func CreateArtifact(ctx context.Context, t *ActionTask, artifactName, artifactPa
 	} else if err != nil {
 		return nil, err
 	}
-
-	if _, err := db.GetEngine(ctx).ID(artifact.ID).Cols("expired_unix").Update(&ActionArtifact{
-		ExpiredUnix: timeutil.TimeStamp(time.Now().Unix() + timeutil.Day*expiredDays),
-	}); err != nil {
-		return nil, err
-	}
-
 	return artifact, nil
 }
 

models/actions/forgejo.go

@@ -4,7 +4,7 @@ package actions
 
 import (
 	"context"
-	"crypto/subtle"
+	"encoding/hex"
 	"fmt"
 
 	auth_model "code.gitea.io/gitea/models/auth"
@@ -14,7 +14,7 @@ import (
 	gouuid "github.com/google/uuid"
 )
 
-func RegisterRunner(ctx context.Context, ownerID, repoID int64, token string, labels *[]string, name, version string) (*ActionRunner, error) {
+func RegisterRunner(ctx context.Context, ownerID, repoID int64, token string, labels []string, name, version string) (*ActionRunner, error) {
 	uuid, err := gouuid.FromBytes([]byte(token[:16]))
 	if err != nil {
 		return nil, fmt.Errorf("gouuid.FromBytes %v", err)
@@ -26,28 +26,22 @@ func RegisterRunner(ctx context.Context, ownerID, repoID int64, token string, la
 	has, err := db.GetEngine(ctx).Where("uuid=?", uuidString).Get(&runner)
 	if err != nil {
 		return nil, fmt.Errorf("GetRunner %v", err)
-	}
-
-	var mustUpdateSecret bool
-	if has {
-		//
-		// The runner exists, check if the rest of the token has changed.
-		//
-		mustUpdateSecret = subtle.ConstantTimeCompare(
-			[]byte(runner.TokenHash),
-			[]byte(auth_model.HashToken(token, runner.TokenSalt)),
-		) != 1
-	} else {
+	} else if !has {
 		//
 		// The runner does not exist yet, create it
 		//
-		runner = ActionRunner{
-			UUID:        uuidString,
-			AgentLabels: []string{},
+		saltBytes, err := util.CryptoRandomBytes(16)
+		if err != nil {
+			return nil, fmt.Errorf("CryptoRandomBytes %v", err)
 		}
+		salt := hex.EncodeToString(saltBytes)
 
-		if err := runner.UpdateSecret(token); err != nil {
-			return &runner, fmt.Errorf("can't set new runner's secret: %w", err)
+		hash := auth_model.HashToken(token, salt)
+
+		runner = ActionRunner{
+			UUID:      uuidString,
+			TokenHash: hash,
+			TokenSalt: salt,
 		}
 
 		if err := CreateRunner(ctx, &runner); err != nil {
@@ -60,23 +54,13 @@ func RegisterRunner(ctx context.Context, ownerID, repoID int64, token string, la
 	//
 	name, _ = util.SplitStringAtByteN(name, 255)
 
-	cols := []string{"name", "owner_id", "repo_id", "version"}
 	runner.Name = name
 	runner.OwnerID = ownerID
 	runner.RepoID = repoID
 	runner.Version = version
-	if labels != nil {
-		runner.AgentLabels = *labels
-		cols = append(cols, "agent_labels")
-	}
-	if mustUpdateSecret {
-		if err := runner.UpdateSecret(token); err != nil {
-			return &runner, fmt.Errorf("can't change runner's secret: %w", err)
-		}
-		cols = append(cols, "token_hash", "token_salt")
-	}
+	runner.AgentLabels = labels
 
-	if err := UpdateRunner(ctx, &runner, cols...); err != nil {
+	if err := UpdateRunner(ctx, &runner, "name", "owner_id", "repo_id", "version", "agent_labels"); err != nil {
 		return &runner, fmt.Errorf("can't update the runner %+v %w", runner, err)
 	}
 

models/actions/forgejo_test.go

@@ -14,7 +14,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestActions_RegisterRunner_Token(t *testing.T) {
+func TestActions_RegisterRunner(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	ownerID := int64(0)
 	repoID := int64(0)
@@ -22,157 +22,9 @@ func TestActions_RegisterRunner_Token(t *testing.T) {
 	labels := []string{}
 	name := "runner"
 	version := "v1.2.3"
-	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, &labels, name, version)
+	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, labels, name, version)
 	require.NoError(t, err)
 	assert.EqualValues(t, name, runner.Name)
 
 	assert.EqualValues(t, 1, subtle.ConstantTimeCompare([]byte(runner.TokenHash), []byte(auth_model.HashToken(token, runner.TokenSalt))), "the token cannot be verified with the same method as routers/api/actions/runner/interceptor.go as of 8228751c55d6a4263f0fec2932ca16181c09c97d")
 }
-
-// TestActions_RegisterRunner_TokenUpdate tests that a token's secret is updated
-// when a runner already exists and RegisterRunner is called with a token
-// parameter whose first 16 bytes match that record but where the last 24 bytes
-// do not match.
-func TestActions_RegisterRunner_TokenUpdate(t *testing.T) {
-	const recordID = 12345678
-	oldToken := "7e577e577e577e57feedfacefeedfacefeedface"
-	newToken := "7e577e577e577e57deadbeefdeadbeefdeadbeef"
-	require.NoError(t, unittest.PrepareTestDatabase())
-	before := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
-	require.Equal(t,
-		before.TokenHash, auth_model.HashToken(oldToken, before.TokenSalt),
-		"the initial token should match the runner's secret",
-	)
-
-	RegisterRunner(db.DefaultContext, before.OwnerID, before.RepoID, newToken, nil, before.Name, before.Version)
-
-	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
-
-	assert.Equal(t, before.UUID, after.UUID)
-	assert.NotEqual(t,
-		after.TokenHash, auth_model.HashToken(oldToken, after.TokenSalt),
-		"the old token can still be verified",
-	)
-	assert.Equal(t,
-		after.TokenHash, auth_model.HashToken(newToken, after.TokenSalt),
-		"the new token cannot be verified",
-	)
-}
-
-func TestActions_RegisterRunner_CreateWithLabels(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-	ownerID := int64(0)
-	repoID := int64(0)
-	token := "0123456789012345678901234567890123456789"
-	name := "runner"
-	version := "v1.2.3"
-	labels := []string{"woop", "doop"}
-	labelsCopy := labels // labels may be affected by the tested function so we copy them
-
-	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, &labels, name, version)
-	require.NoError(t, err)
-
-	// Check that the returned record has been updated, except for the labels
-	assert.EqualValues(t, ownerID, runner.OwnerID)
-	assert.EqualValues(t, repoID, runner.RepoID)
-	assert.EqualValues(t, name, runner.Name)
-	assert.EqualValues(t, version, runner.Version)
-	assert.EqualValues(t, labelsCopy, runner.AgentLabels)
-
-	// Check that whatever is in the DB has been updated, except for the labels
-	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: runner.ID})
-	assert.EqualValues(t, ownerID, after.OwnerID)
-	assert.EqualValues(t, repoID, after.RepoID)
-	assert.EqualValues(t, name, after.Name)
-	assert.EqualValues(t, version, after.Version)
-	assert.EqualValues(t, labelsCopy, after.AgentLabels)
-}
-
-func TestActions_RegisterRunner_CreateWithoutLabels(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-	ownerID := int64(0)
-	repoID := int64(0)
-	token := "0123456789012345678901234567890123456789"
-	name := "runner"
-	version := "v1.2.3"
-
-	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, nil, name, version)
-	require.NoError(t, err)
-
-	// Check that the returned record has been updated, except for the labels
-	assert.EqualValues(t, ownerID, runner.OwnerID)
-	assert.EqualValues(t, repoID, runner.RepoID)
-	assert.EqualValues(t, name, runner.Name)
-	assert.EqualValues(t, version, runner.Version)
-	assert.EqualValues(t, []string{}, runner.AgentLabels)
-
-	// Check that whatever is in the DB has been updated, except for the labels
-	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: runner.ID})
-	assert.EqualValues(t, ownerID, after.OwnerID)
-	assert.EqualValues(t, repoID, after.RepoID)
-	assert.EqualValues(t, name, after.Name)
-	assert.EqualValues(t, version, after.Version)
-	assert.EqualValues(t, []string{}, after.AgentLabels)
-}
-
-func TestActions_RegisterRunner_UpdateWithLabels(t *testing.T) {
-	const recordID = 12345678
-	token := "7e577e577e577e57feedfacefeedfacefeedface"
-	require.NoError(t, unittest.PrepareTestDatabase())
-	unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
-
-	newOwnerID := int64(1)
-	newRepoID := int64(1)
-	newName := "rennur"
-	newVersion := "v4.5.6"
-	newLabels := []string{"warp", "darp"}
-	labelsCopy := newLabels // labels may be affected by the tested function so we copy them
-
-	runner, err := RegisterRunner(db.DefaultContext, newOwnerID, newRepoID, token, &newLabels, newName, newVersion)
-	require.NoError(t, err)
-
-	// Check that the returned record has been updated
-	assert.EqualValues(t, newOwnerID, runner.OwnerID)
-	assert.EqualValues(t, newRepoID, runner.RepoID)
-	assert.EqualValues(t, newName, runner.Name)
-	assert.EqualValues(t, newVersion, runner.Version)
-	assert.EqualValues(t, labelsCopy, runner.AgentLabels)
-
-	// Check that whatever is in the DB has been updated
-	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
-	assert.EqualValues(t, newOwnerID, after.OwnerID)
-	assert.EqualValues(t, newRepoID, after.RepoID)
-	assert.EqualValues(t, newName, after.Name)
-	assert.EqualValues(t, newVersion, after.Version)
-	assert.EqualValues(t, labelsCopy, after.AgentLabels)
-}
-
-func TestActions_RegisterRunner_UpdateWithoutLabels(t *testing.T) {
-	const recordID = 12345678
-	token := "7e577e577e577e57feedfacefeedfacefeedface"
-	require.NoError(t, unittest.PrepareTestDatabase())
-	before := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
-
-	newOwnerID := int64(1)
-	newRepoID := int64(1)
-	newName := "rennur"
-	newVersion := "v4.5.6"
-
-	runner, err := RegisterRunner(db.DefaultContext, newOwnerID, newRepoID, token, nil, newName, newVersion)
-	require.NoError(t, err)
-
-	// Check that the returned record has been updated, except for the labels
-	assert.EqualValues(t, newOwnerID, runner.OwnerID)
-	assert.EqualValues(t, newRepoID, runner.RepoID)
-	assert.EqualValues(t, newName, runner.Name)
-	assert.EqualValues(t, newVersion, runner.Version)
-	assert.EqualValues(t, before.AgentLabels, runner.AgentLabels)
-
-	// Check that whatever is in the DB has been updated, except for the labels
-	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
-	assert.EqualValues(t, newOwnerID, after.OwnerID)
-	assert.EqualValues(t, newRepoID, after.RepoID)
-	assert.EqualValues(t, newName, after.Name)
-	assert.EqualValues(t, newVersion, after.Version)
-	assert.EqualValues(t, before.AgentLabels, after.AgentLabels)
-}

models/actions/main_test.go

@@ -12,7 +12,6 @@ import (
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		FixtureFiles: []string{
-			"action_runner.yml",
 			"action_runner_token.yml",
 		},
 	})

models/actions/run.go

@@ -98,10 +98,13 @@ func (run *ActionRun) LoadAttributes(ctx context.Context) error {
 		return nil
 	}
 
-	if err := run.LoadRepo(ctx); err != nil {
-		return err
+	if run.Repo == nil {
+		repo, err := repo_model.GetRepositoryByID(ctx, run.RepoID)
+		if err != nil {
+			return err
+		}
+		run.Repo = repo
 	}
-
 	if err := run.Repo.LoadAttributes(ctx); err != nil {
 		return err
 	}
@@ -117,19 +120,6 @@ func (run *ActionRun) LoadAttributes(ctx context.Context) error {
 	return nil
 }
 
-func (run *ActionRun) LoadRepo(ctx context.Context) error {
-	if run == nil || run.Repo != nil {
-		return nil
-	}
-
-	repo, err := repo_model.GetRepositoryByID(ctx, run.RepoID)
-	if err != nil {
-		return err
-	}
-	run.Repo = repo
-	return nil
-}
-
 func (run *ActionRun) Duration() time.Duration {
 	return calculateDuration(run.Started, run.Stopped, run.Status) + run.PreviousDuration
 }
@@ -146,11 +136,7 @@ func (run *ActionRun) GetPushEventPayload() (*api.PushPayload, error) {
 }
 
 func (run *ActionRun) GetPullRequestEventPayload() (*api.PullRequestPayload, error) {
-	if run.Event == webhook_module.HookEventPullRequest ||
-		run.Event == webhook_module.HookEventPullRequestSync ||
-		run.Event == webhook_module.HookEventPullRequestAssign ||
-		run.Event == webhook_module.HookEventPullRequestMilestone ||
-		run.Event == webhook_module.HookEventPullRequestLabel {
+	if run.Event == webhook_module.HookEventPullRequest || run.Event == webhook_module.HookEventPullRequestSync {
 		var payload api.PullRequestPayload
 		if err := json.Unmarshal([]byte(run.EventPayload), &payload); err != nil {
 			return nil, err

models/actions/run_job_list.go

@@ -16,9 +16,14 @@ import (
 type ActionJobList []*ActionRunJob
 
 func (jobs ActionJobList) GetRunIDs() []int64 {
-	return container.FilterSlice(jobs, func(j *ActionRunJob) (int64, bool) {
-		return j.RunID, j.RunID != 0
-	})
+	ids := make(container.Set[int64], len(jobs))
+	for _, j := range jobs {
+		if j.RunID == 0 {
+			continue
+		}
+		ids.Add(j.RunID)
+	}
+	return ids.Values()
 }
 
 func (jobs ActionJobList) LoadRuns(ctx context.Context, withRepo bool) error {

models/actions/run_list.go

@@ -19,15 +19,19 @@ type RunList []*ActionRun
 
 // GetUserIDs returns a slice of user's id
 func (runs RunList) GetUserIDs() []int64 {
-	return container.FilterSlice(runs, func(run *ActionRun) (int64, bool) {
-		return run.TriggerUserID, true
-	})
+	ids := make(container.Set[int64], len(runs))
+	for _, run := range runs {
+		ids.Add(run.TriggerUserID)
+	}
+	return ids.Values()
 }
 
 func (runs RunList) GetRepoIDs() []int64 {
-	return container.FilterSlice(runs, func(run *ActionRun) (int64, bool) {
-		return run.RepoID, true
-	})
+	ids := make(container.Set[int64], len(runs))
+	for _, run := range runs {
+		ids.Add(run.RepoID)
+	}
+	return ids.Values()
 }
 
 func (runs RunList) LoadTriggerUser(ctx context.Context) error {

models/actions/runner.go

@@ -5,13 +5,10 @@ package actions
 
 import (
 	"context"
-	"encoding/binary"
-	"encoding/hex"
 	"fmt"
 	"strings"
 	"time"
 
-	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/shared/types"
@@ -26,25 +23,14 @@ import (
 )
 
 // ActionRunner represents runner machines
-//
-// It can be:
-//  1. global runner, OwnerID is 0 and RepoID is 0
-//  2. org/user level runner, OwnerID is org/user ID and RepoID is 0
-//  3. repo level runner, OwnerID is 0 and RepoID is repo ID
-//
-// Please note that it's not acceptable to have both OwnerID and RepoID to be non-zero,
-// or it will be complicated to find runners belonging to a specific owner.
-// For example, conditions like `OwnerID = 1` will also return runner {OwnerID: 1, RepoID: 1},
-// but it's a repo level runner, not an org/user level runner.
-// To avoid this, make it clear with {OwnerID: 0, RepoID: 1} for repo level runners.
 type ActionRunner struct {
 	ID          int64
 	UUID        string                 `xorm:"CHAR(36) UNIQUE"`
 	Name        string                 `xorm:"VARCHAR(255)"`
 	Version     string                 `xorm:"VARCHAR(64)"`
-	OwnerID     int64                  `xorm:"index"`
+	OwnerID     int64                  `xorm:"index"` // org level runner, 0 means system
 	Owner       *user_model.User       `xorm:"-"`
-	RepoID      int64                  `xorm:"index"`
+	RepoID      int64                  `xorm:"index"` // repo level runner, if OwnerID also is zero, then it's a global
 	Repo        *repo_model.Repository `xorm:"-"`
 	Description string                 `xorm:"TEXT"`
 	Base        int                    // 0 native 1 docker 2 virtual machine
@@ -164,22 +150,6 @@ func (r *ActionRunner) GenerateToken() (err error) {
 	return err
 }
 
-// UpdateSecret updates the hash based on the specified token. It does not
-// ensure that the runner's UUID matches the first 16 bytes of the token.
-func (r *ActionRunner) UpdateSecret(token string) error {
-	saltBytes, err := util.CryptoRandomBytes(16)
-	if err != nil {
-		return fmt.Errorf("CryptoRandomBytes %v", err)
-	}
-
-	salt := hex.EncodeToString(saltBytes)
-
-	r.Token = token
-	r.TokenSalt = salt
-	r.TokenHash = auth_model.HashToken(token, salt)
-	return nil
-}
-
 func init() {
 	db.RegisterModel(&ActionRunner{})
 }
@@ -187,7 +157,7 @@ func init() {
 type FindRunnerOptions struct {
 	db.ListOptions
 	RepoID        int64
-	OwnerID       int64 // it will be ignored if RepoID is set
+	OwnerID       int64
 	Sort          string
 	Filter        string
 	IsOnline      optional.Option[bool]
@@ -204,7 +174,8 @@ func (opts FindRunnerOptions) ToConds() builder.Cond {
 			c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
 		}
 		cond = cond.And(c)
-	} else if opts.OwnerID > 0 { // OwnerID is ignored if RepoID is set
+	}
+	if opts.OwnerID > 0 {
 		c := builder.NewCond().And(builder.Eq{"owner_id": opts.OwnerID})
 		if opts.WithAvailable {
 			c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
@@ -282,36 +253,16 @@ func UpdateRunner(ctx context.Context, r *ActionRunner, cols ...string) error {
 
 // DeleteRunner deletes a runner by given ID.
 func DeleteRunner(ctx context.Context, id int64) error {
-	runner, err := GetRunnerByID(ctx, id)
-	if err != nil {
+	if _, err := GetRunnerByID(ctx, id); err != nil {
 		return err
 	}
 
-	// Replace the UUID, which was either based on the secret's first 16 bytes or an UUIDv4,
-	// with a sequence of 8 0xff bytes followed by the little-endian version of the record's
-	// identifier. This will prevent the deleted record's identifier from colliding with any
-	// new record.
-	b := make([]byte, 8)
-	binary.LittleEndian.PutUint64(b, uint64(id))
-	runner.UUID = fmt.Sprintf("ffffffff-ffff-ffff-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x",
-		b[0], b[1], b[2], b[3], b[4], b[5], b[6], b[7])
-
-	err = UpdateRunner(ctx, runner, "UUID")
-	if err != nil {
-		return err
-	}
-
-	_, err = db.DeleteByID[ActionRunner](ctx, id)
+	_, err := db.DeleteByID[ActionRunner](ctx, id)
 	return err
 }
 
 // CreateRunner creates new runner.
 func CreateRunner(ctx context.Context, t *ActionRunner) error {
-	if t.OwnerID != 0 && t.RepoID != 0 {
-		// It's trying to create a runner that belongs to a repository, but OwnerID has been set accidentally.
-		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
-		t.OwnerID = 0
-	}
 	return db.Insert(ctx, t)
 }
 
@@ -319,7 +270,7 @@ func CountRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	// Only affect action runners were a owner ID is set, as actions runners
 	// could also be created on a repository.
 	return db.GetEngine(ctx).Table("action_runner").
-		Join("LEFT", "`user`", "`action_runner`.owner_id = `user`.id").
+		Join("LEFT", "user", "`action_runner`.owner_id = `user`.id").
 		Where("`action_runner`.owner_id != ?", 0).
 		And(builder.IsNull{"`user`.id"}).
 		Count(new(ActionRunner))
@@ -328,7 +279,7 @@ func CountRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 func FixRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	subQuery := builder.Select("`action_runner`.id").
 		From("`action_runner`").
-		Join("LEFT", "`user`", "`action_runner`.owner_id = `user`.id").
+		Join("LEFT", "user", "`action_runner`.owner_id = `user`.id").
 		Where(builder.Neq{"`action_runner`.owner_id": 0}).
 		And(builder.IsNull{"`user`.id"})
 	b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
@@ -338,25 +289,3 @@ func FixRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	}
 	return res.RowsAffected()
 }
-
-func CountRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
-	return db.GetEngine(ctx).Table("action_runner").
-		Join("LEFT", "`repository`", "`action_runner`.repo_id = `repository`.id").
-		Where("`action_runner`.repo_id != ?", 0).
-		And(builder.IsNull{"`repository`.id"}).
-		Count(new(ActionRunner))
-}
-
-func FixRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
-	subQuery := builder.Select("`action_runner`.id").
-		From("`action_runner`").
-		Join("LEFT", "`repository`", "`action_runner`.repo_id = `repository`.id").
-		Where(builder.Neq{"`action_runner`.repo_id": 0}).
-		And(builder.IsNull{"`repository`.id"})
-	b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
-	res, err := db.GetEngine(ctx).Exec(b)
-	if err != nil {
-		return 0, err
-	}
-	return res.RowsAffected()
-}