[skip ci] Updated translations via Crowdin

Refactor deletion (#28610 )
Introduce the new generic deletion methods - `func DeleteByID[T any](ctx context.Context, id int64) (int64, error)` - `func DeleteByIDs[T any](ctx context.Context, ids ...int64) error` - `func Delete[T any](ctx context.Context, opts FindOptions) (int64, error)` So, we no longer need any specific deletion method and can just use the generic ones instead. Replacement of #28450 Closes #28450 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-26 00:24:05 +00:00 · 2023-12-25 21:25:29 +01:00 · 2023-12-25 20:13:18 +08:00 · 2023-12-25 07:28:59 +00:00 · 2023-12-25 06:52:17 +00:00 · 2023-12-25 00:25:23 +00:00
1860 changed files with 24678 additions and 21252 deletions
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -13,46 +13,42 @@ groups:
  -
    name: BREAKING
    labels:
-      - kind/breaking
+      - pr/breaking
  -
    name: SECURITY
    labels:
-      - kind/security
+      - topic/security
  -
    name: FEATURES
    labels:
-      - kind/feature
+      - type/feature
  -
    name: API
    labels:
-      - kind/api
+      - modifies/api
  -
    name: ENHANCEMENTS
    labels:
-      - kind/enhancement
-      - kind/refactor
-      - kind/ui
+      - type/enhancement
+      - type/refactoring
+      - topic/ui
  -
    name: BUGFIXES
    labels:
-      - kind/bug
+      - type/bug
  -
    name: TESTING
    labels:
-      - kind/testing
-  -
-    name: TRANSLATION
-    labels:
-      - kind/translation
+      - type/testing
  -
    name: BUILD
    labels:
-      - kind/build
-      - kind/lint
+      - topic/build
+      - topic/code-linting
  -
    name: DOCS
    labels:
-      - kind/docs
+      - type/docs
  -
    name: MISC
    default: true
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,425 +0,0 @@
---
-kind: pipeline
-name: release-version
-
-platform:
-  os: linux
-  arch: amd64
-
-workspace:
-  base: /source
-  path: /
-
-trigger:
-  event:
-    - tag
-
-volumes:
-  - name: deps
-    temp: {}
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git fetch --tags --force
-
-  - name: deps-frontend
-    image: node:20
-    pull: always
-    commands:
-      - make deps-frontend
-
-  - name: deps-backend
-    image: gitea/test_env:linux-1.20-amd64
-    pull: always
-    commands:
-      - make deps-backend
-    volumes:
-      - name: deps
-        path: /go
-
-  - name: static
-    image: techknowlogick/xgo:go-1.21.x
-    pull: always
-    commands:
-      - curl -sL https://deb.nodesource.com/setup_20.x | bash - && apt-get -qqy install nodejs
-      - export PATH=$PATH:$GOPATH/bin
-      - make release
-    environment:
-      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
-      TAGS: bindata sqlite sqlite_unlock_notify
-      DEBIAN_FRONTEND: noninteractive
-    depends_on: [fetch-tags]
-    volumes:
-      - name: deps
-        path: /go
-
-  - name: gpg-sign
-    image: plugins/gpgsign:1
-    pull: always
-    settings:
-      detach_sign: true
-      excludes:
-        - "dist/release/*.sha256"
-      files:
-        - "dist/release/*"
-    environment:
-      GPGSIGN_KEY:
-        from_secret: gpgsign_key
-      GPGSIGN_PASSPHRASE:
-        from_secret: gpgsign_passphrase
-    depends_on: [static]
-
-  - name: release-tag
-    image: woodpeckerci/plugin-s3:latest
-    pull: always
-    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
-      source: "dist/release/*"
-      strip_prefix: dist/release/
-      target: "/gitea/${DRONE_TAG##v}"
-    environment:
-      AWS_ACCESS_KEY_ID:
-        from_secret: aws_access_key_id
-      AWS_SECRET_ACCESS_KEY:
-        from_secret: aws_secret_access_key
-    depends_on: [gpg-sign]
-
-  - name: github
-    image: plugins/github-release:latest
-    pull: always
-    settings:
-      files:
-        - "dist/release/*"
-      file_exists: overwrite
-    environment:
-      GITHUB_TOKEN:
-        from_secret: github_token
-    depends_on: [gpg-sign]
-
---
-kind: pipeline
-type: docker
-name: docker-linux-amd64-release-version
-
-platform:
-  os: linux
-  arch: amd64
-
-trigger:
-  ref:
-    include:
-      - "refs/tags/**"
-    exclude:
-      - "refs/tags/**-rc*"
-  paths:
-    exclude:
-      - "docs/**"
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git fetch --tags --force
-
-  - name: publish
-    image: plugins/docker:latest
-    pull: always
-    settings:
-      auto_tag: true
-      auto_tag_suffix: linux-amd64
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-          - pull_request
-
-  - name: publish-rootless
-    image: plugins/docker:latest
-    settings:
-      dockerfile: Dockerfile.rootless
-      auto_tag: true
-      auto_tag_suffix: linux-amd64-rootless
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-          - pull_request
---
-
-kind: pipeline
-type: docker
-name: docker-linux-amd64-release-candidate-version
-
-platform:
-  os: linux
-  arch: amd64
-
-trigger:
-  ref:
-    - "refs/tags/**-rc*"
-  paths:
-    exclude:
-      - "docs/**"
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git fetch --tags --force
-
-  - name: publish
-    image: plugins/docker:latest
-    pull: always
-    settings:
-      tags: ${DRONE_TAG##v}-linux-amd64
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-          - pull_request
-
-  - name: publish-rootless
-    image: plugins/docker:latest
-    settings:
-      dockerfile: Dockerfile.rootless
-      tags: ${DRONE_TAG##v}-linux-amd64-rootless
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-          - pull_request
-
---
-kind: pipeline
-type: docker
-name: docker-linux-arm64-release-version
-
-platform:
-  os: linux
-  arch: arm64
-
-trigger:
-  ref:
-    include:
-      - "refs/tags/**"
-    exclude:
-      - "refs/tags/**-rc*"
-  paths:
-    exclude:
-      - "docs/**"
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git fetch --tags --force
-
-  - name: publish
-    image: plugins/docker:latest
-    pull: always
-    settings:
-      auto_tag: true
-      auto_tag_suffix: linux-arm64
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-          - pull_request
-
-  - name: publish-rootless
-    image: plugins/docker:latest
-    settings:
-      dockerfile: Dockerfile.rootless
-      auto_tag: true
-      auto_tag_suffix: linux-arm64-rootless
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-          - pull_request
-
---
-kind: pipeline
-type: docker
-name: docker-linux-arm64-release-candidate-version
-
-platform:
-  os: linux
-  arch: arm64
-
-trigger:
-  ref:
-    - "refs/tags/**-rc*"
-  paths:
-    exclude:
-      - "docs/**"
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git fetch --tags --force
-
-  - name: publish
-    image: plugins/docker:latest
-    pull: always
-    settings:
-      tags: ${DRONE_TAG##v}-linux-arm64
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-          - pull_request
-
-  - name: publish-rootless
-    image: plugins/docker:latest
-    settings:
-      dockerfile: Dockerfile.rootless
-      tags: ${DRONE_TAG##v}-linux-arm64-rootless
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-          - pull_request
-
---
-kind: pipeline
-type: docker
-name: docker-manifest-version
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-  - name: manifest-rootless
-    image: plugins/manifest
-    pull: always
-    settings:
-      auto_tag: true
-      ignore_missing: true
-      spec: docker/manifest.rootless.tmpl
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-
-  - name: manifest
-    image: plugins/manifest
-    settings:
-      auto_tag: true
-      ignore_missing: true
-      spec: docker/manifest.tmpl
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-
-trigger:
-  ref:
-    - "refs/tags/**"
-  paths:
-    exclude:
-      - "docs/**"
-
-depends_on:
-  - docker-linux-amd64-release-version
-  - docker-linux-amd64-release-candidate-version
-  - docker-linux-arm64-release-version
-  - docker-linux-arm64-release-candidate-version
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@@ -10,15 +10,17 @@ parserOptions:

 plugins:
  - "@eslint-community/eslint-plugin-eslint-comments"
+  - "@stylistic/eslint-plugin-js"
  - eslint-plugin-array-func
-  - eslint-plugin-custom-elements
-  - eslint-plugin-import
+  - eslint-plugin-i
  - eslint-plugin-jquery
  - eslint-plugin-no-jquery
  - eslint-plugin-no-use-extend-native
  - eslint-plugin-regexp
  - eslint-plugin-sonarjs
  - eslint-plugin-unicorn
+  - eslint-plugin-vitest
+  - eslint-plugin-vitest-globals
  - eslint-plugin-wc

 env:
@@ -41,11 +43,64 @@ overrides:
      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
  - files: ["build/generate-images.js"]
    rules:
-      import/no-unresolved: [0]
-      import/no-extraneous-dependencies: [0]
+      i/no-unresolved: [0]
+      i/no-extraneous-dependencies: [0]
  - files: ["*.config.*"]
    rules:
-      import/no-unused-modules: [0]
+      i/no-unused-modules: [0]
+  - files: ["**/*.test.*", "web_src/js/test/setup.js"]
+    env:
+      vitest-globals/env: true
+    rules:
+      vitest/consistent-test-filename: [0]
+      vitest/consistent-test-it: [0]
+      vitest/expect-expect: [0]
+      vitest/max-expects: [0]
+      vitest/max-nested-describe: [0]
+      vitest/no-alias-methods: [0]
+      vitest/no-commented-out-tests: [0]
+      vitest/no-conditional-expect: [0]
+      vitest/no-conditional-in-test: [0]
+      vitest/no-conditional-tests: [0]
+      vitest/no-disabled-tests: [0]
+      vitest/no-done-callback: [0]
+      vitest/no-duplicate-hooks: [0]
+      vitest/no-focused-tests: [0]
+      vitest/no-hooks: [0]
+      vitest/no-identical-title: [2]
+      vitest/no-interpolation-in-snapshots: [0]
+      vitest/no-large-snapshots: [0]
+      vitest/no-mocks-import: [0]
+      vitest/no-restricted-matchers: [0]
+      vitest/no-restricted-vi-methods: [0]
+      vitest/no-standalone-expect: [0]
+      vitest/no-test-prefixes: [0]
+      vitest/no-test-return-statement: [0]
+      vitest/prefer-called-with: [0]
+      vitest/prefer-comparison-matcher: [0]
+      vitest/prefer-each: [0]
+      vitest/prefer-equality-matcher: [0]
+      vitest/prefer-expect-resolves: [0]
+      vitest/prefer-hooks-in-order: [0]
+      vitest/prefer-hooks-on-top: [2]
+      vitest/prefer-lowercase-title: [0]
+      vitest/prefer-mock-promise-shorthand: [0]
+      vitest/prefer-snapshot-hint: [0]
+      vitest/prefer-spy-on: [0]
+      vitest/prefer-strict-equal: [0]
+      vitest/prefer-to-be: [0]
+      vitest/prefer-to-be-falsy: [0]
+      vitest/prefer-to-be-object: [0]
+      vitest/prefer-to-be-truthy: [0]
+      vitest/prefer-to-contain: [0]
+      vitest/prefer-to-have-length: [0]
+      vitest/prefer-todo: [0]
+      vitest/require-hook: [0]
+      vitest/require-to-throw-message: [0]
+      vitest/require-top-level-describe: [0]
+      vitest/valid-describe-callback: [2]
+      vitest/valid-expect: [2]
+      vitest/valid-title: [2]
  - files: ["web_src/js/modules/fetch.js", "web_src/js/standalone/**/*"]
    rules:
      no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression]
@@ -60,11 +115,74 @@ rules:
  "@eslint-community/eslint-comments/no-unused-enable": [2]
  "@eslint-community/eslint-comments/no-use": [0]
  "@eslint-community/eslint-comments/require-description": [0]
+  "@stylistic/js/array-bracket-newline": [0]
+  "@stylistic/js/array-bracket-spacing": [2, never]
+  "@stylistic/js/array-element-newline": [0]
+  "@stylistic/js/arrow-parens": [2, always]
+  "@stylistic/js/arrow-spacing": [2, {before: true, after: true}]
+  "@stylistic/js/block-spacing": [0]
+  "@stylistic/js/brace-style": [2, 1tbs, {allowSingleLine: true}]
+  "@stylistic/js/comma-dangle": [2, only-multiline]
+  "@stylistic/js/comma-spacing": [2, {before: false, after: true}]
+  "@stylistic/js/comma-style": [2, last]
+  "@stylistic/js/computed-property-spacing": [2, never]
+  "@stylistic/js/dot-location": [2, property]
+  "@stylistic/js/eol-last": [2]
+  "@stylistic/js/function-call-spacing": [2, never]
+  "@stylistic/js/function-call-argument-newline": [0]
+  "@stylistic/js/function-paren-newline": [0]
+  "@stylistic/js/generator-star-spacing": [0]
+  "@stylistic/js/implicit-arrow-linebreak": [0]
+  "@stylistic/js/indent": [2, 2, {ignoreComments: true, SwitchCase: 1}]
+  "@stylistic/js/key-spacing": [2]
+  "@stylistic/js/keyword-spacing": [2]
+  "@stylistic/js/linebreak-style": [2, unix]
+  "@stylistic/js/lines-around-comment": [0]
+  "@stylistic/js/lines-between-class-members": [0]
+  "@stylistic/js/max-len": [0]
+  "@stylistic/js/max-statements-per-line": [0]
+  "@stylistic/js/multiline-ternary": [0]
+  "@stylistic/js/new-parens": [2]
+  "@stylistic/js/newline-per-chained-call": [0]
+  "@stylistic/js/no-confusing-arrow": [0]
+  "@stylistic/js/no-extra-parens": [0]
+  "@stylistic/js/no-extra-semi": [2]
+  "@stylistic/js/no-floating-decimal": [0]
+  "@stylistic/js/no-mixed-operators": [0]
+  "@stylistic/js/no-mixed-spaces-and-tabs": [2]
+  "@stylistic/js/no-multi-spaces": [2, {ignoreEOLComments: true, exceptions: {Property: true}}]
+  "@stylistic/js/no-multiple-empty-lines": [2, {max: 1, maxEOF: 0, maxBOF: 0}]
+  "@stylistic/js/no-tabs": [2]
+  "@stylistic/js/no-trailing-spaces": [2]
+  "@stylistic/js/no-whitespace-before-property": [2]
+  "@stylistic/js/nonblock-statement-body-position": [2]
+  "@stylistic/js/object-curly-newline": [0]
+  "@stylistic/js/object-curly-spacing": [2, never]
+  "@stylistic/js/object-property-newline": [0]
+  "@stylistic/js/one-var-declaration-per-line": [0]
+  "@stylistic/js/operator-linebreak": [2, after]
+  "@stylistic/js/padded-blocks": [2, never]
+  "@stylistic/js/padding-line-between-statements": [0]
+  "@stylistic/js/quote-props": [0]
+  "@stylistic/js/quotes": [2, single, {avoidEscape: true, allowTemplateLiterals: true}]
+  "@stylistic/js/rest-spread-spacing": [2, never]
+  "@stylistic/js/semi": [2, always, {omitLastInOneLineBlock: true}]
+  "@stylistic/js/semi-spacing": [2, {before: false, after: true}]
+  "@stylistic/js/semi-style": [2, last]
+  "@stylistic/js/space-before-blocks": [2, always]
+  "@stylistic/js/space-before-function-paren": [0]
+  "@stylistic/js/space-in-parens": [2, never]
+  "@stylistic/js/space-infix-ops": [2]
+  "@stylistic/js/space-unary-ops": [2]
+  "@stylistic/js/spaced-comment": [2, always]
+  "@stylistic/js/switch-colon-spacing": [2]
+  "@stylistic/js/template-curly-spacing": [2, never]
+  "@stylistic/js/template-tag-spacing": [2, never]
+  "@stylistic/js/wrap-iife": [2, inside]
+  "@stylistic/js/wrap-regex": [0]
+  "@stylistic/js/yield-star-spacing": [2, after]
  accessor-pairs: [2]
-  array-bracket-newline: [0]
-  array-bracket-spacing: [2, never]
  array-callback-return: [2, {checkForEach: true}]
-  array-element-newline: [0]
  array-func/avoid-reverse: [2]
  array-func/from-map: [2]
  array-func/no-unnecessary-this-arg: [2]
@@ -72,101 +190,73 @@ rules:
  array-func/prefer-flat-map: [0] # handled by unicorn/prefer-array-flat-map
  array-func/prefer-flat: [0] # handled by unicorn/prefer-array-flat
  arrow-body-style: [0]
-  arrow-parens: [2, always]
-  arrow-spacing: [2, {before: true, after: true}]
  block-scoped-var: [2]
-  brace-style: [2, 1tbs, {allowSingleLine: true}]
  camelcase: [0]
  capitalized-comments: [0]
  class-methods-use-this: [0]
-  comma-dangle: [2, only-multiline]
-  comma-spacing: [2, {before: false, after: true}]
-  comma-style: [2, last]
  complexity: [0]
-  computed-property-spacing: [2, never]
  consistent-return: [0]
  consistent-this: [0]
  constructor-super: [2]
  curly: [0]
-  custom-elements/expose-class-on-global: [0]
-  custom-elements/extends-correct-class: [2]
-  custom-elements/file-name-matches-element: [2]
-  custom-elements/no-constructor: [2]
-  custom-elements/no-customized-built-in-elements: [2]
-  custom-elements/no-dom-traversal-in-attributechangedcallback: [2]
-  custom-elements/no-dom-traversal-in-connectedcallback: [2]
-  custom-elements/no-exports-with-element: [2]
-  custom-elements/no-method-prefixed-with-on: [2]
-  custom-elements/no-unchecked-define: [0]
-  custom-elements/one-element-per-file: [0]
-  custom-elements/tag-name-matches-class: [2]
-  custom-elements/valid-tag-name: [2]
  default-case-last: [2]
  default-case: [0]
  default-param-last: [0]
-  dot-location: [2, property]
  dot-notation: [0]
-  eol-last: [2]
  eqeqeq: [2]
  for-direction: [2]
-  func-call-spacing: [2, never]
  func-name-matching: [2]
  func-names: [0]
  func-style: [0]
-  function-call-argument-newline: [0]
-  function-paren-newline: [0]
-  generator-star-spacing: [0]
  getter-return: [2]
  grouped-accessor-pairs: [2]
  guard-for-in: [0]
  id-blacklist: [0]
  id-length: [0]
  id-match: [0]
-  implicit-arrow-linebreak: [0]
-  import/consistent-type-specifier-style: [0]
-  import/default: [0]
-  import/dynamic-import-chunkname: [0]
-  import/export: [2]
-  import/exports-last: [0]
-  import/extensions: [2, always, {ignorePackages: true}]
-  import/first: [2]
-  import/group-exports: [0]
-  import/max-dependencies: [0]
-  import/named: [2]
-  import/namespace: [0]
-  import/newline-after-import: [0]
-  import/no-absolute-path: [0]
-  import/no-amd: [2]
-  import/no-anonymous-default-export: [0]
-  import/no-commonjs: [2]
-  import/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
-  import/no-default-export: [0]
-  import/no-deprecated: [0]
-  import/no-dynamic-require: [0]
-  import/no-empty-named-blocks: [2]
-  import/no-extraneous-dependencies: [2]
-  import/no-import-module-exports: [0]
-  import/no-internal-modules: [0]
-  import/no-mutable-exports: [0]
-  import/no-named-as-default-member: [0]
-  import/no-named-as-default: [2]
-  import/no-named-default: [0]
-  import/no-named-export: [0]
-  import/no-namespace: [0]
-  import/no-nodejs-modules: [0]
-  import/no-relative-packages: [0]
-  import/no-relative-parent-imports: [0]
-  import/no-restricted-paths: [0]
-  import/no-self-import: [2]
-  import/no-unassigned-import: [0]
-  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$", ^vitest/]}]
-  import/no-unused-modules: [2, {unusedExports: true}]
-  import/no-useless-path-segments: [2, {commonjs: true}]
-  import/no-webpack-loader-syntax: [2]
-  import/order: [0]
-  import/prefer-default-export: [0]
-  import/unambiguous: [0]
-  indent: [2, 2, {SwitchCase: 1}]
+  i/consistent-type-specifier-style: [0]
+  i/default: [0]
+  i/dynamic-import-chunkname: [0]
+  i/export: [2]
+  i/exports-last: [0]
+  i/extensions: [2, always, {ignorePackages: true}]
+  i/first: [2]
+  i/group-exports: [0]
+  i/max-dependencies: [0]
+  i/named: [2]
+  i/namespace: [0]
+  i/newline-after-import: [0]
+  i/no-absolute-path: [0]
+  i/no-amd: [2]
+  i/no-anonymous-default-export: [0]
+  i/no-commonjs: [2]
+  i/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
+  i/no-default-export: [0]
+  i/no-deprecated: [0]
+  i/no-dynamic-require: [0]
+  i/no-empty-named-blocks: [2]
+  i/no-extraneous-dependencies: [2]
+  i/no-import-module-exports: [0]
+  i/no-internal-modules: [0]
+  i/no-mutable-exports: [0]
+  i/no-named-as-default-member: [0]
+  i/no-named-as-default: [2]
+  i/no-named-default: [0]
+  i/no-named-export: [0]
+  i/no-namespace: [0]
+  i/no-nodejs-modules: [0]
+  i/no-relative-packages: [0]
+  i/no-relative-parent-imports: [0]
+  i/no-restricted-paths: [0]
+  i/no-self-import: [2]
+  i/no-unassigned-import: [0]
+  i/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$", ^vitest/]}]
+  i/no-unused-modules: [2, {unusedExports: true}]
+  i/no-useless-path-segments: [2, {commonjs: true}]
+  i/no-webpack-loader-syntax: [2]
+  i/order: [0]
+  i/prefer-default-export: [0]
+  i/unambiguous: [0]
  init-declarations: [0]
  jquery/no-ajax-events: [2]
  jquery/no-ajax: [0]
@@ -217,27 +307,17 @@ rules:
  jquery/no-val: [0]
  jquery/no-when: [2]
  jquery/no-wrap: [2]
-  key-spacing: [2]
-  keyword-spacing: [2]
  line-comment-position: [0]
-  linebreak-style: [2, unix]
-  lines-around-comment: [0]
-  lines-between-class-members: [0]
  logical-assignment-operators: [0]
  max-classes-per-file: [0]
  max-depth: [0]
-  max-len: [0]
  max-lines-per-function: [0]
  max-lines: [0]
  max-nested-callbacks: [0]
  max-params: [0]
-  max-statements-per-line: [0]
  max-statements: [0]
  multiline-comment-style: [2, separate-lines]
-  multiline-ternary: [0]
  new-cap: [0]
-  new-parens: [2]
-  newline-per-chained-call: [0]
  no-alert: [0]
  no-array-constructor: [2]
  no-async-promise-executor: [0]
@@ -249,7 +329,6 @@ rules:
  no-class-assign: [2]
  no-compare-neg-zero: [2]
  no-cond-assign: [2, except-parens]
-  no-confusing-arrow: [0]
  no-console: [1, {allow: [debug, info, warn, error]}]
  no-const-assign: [2]
  no-constant-binary-expression: [2]
@@ -279,10 +358,7 @@ rules:
  no-extra-bind: [2]
  no-extra-boolean-cast: [2]
  no-extra-label: [0]
-  no-extra-parens: [0]
-  no-extra-semi: [2]
  no-fallthrough: [2]
-  no-floating-decimal: [0]
  no-func-assign: [2]
  no-global-assign: [2]
  no-implicit-coercion: [2]
@@ -396,10 +472,7 @@ rules:
  no-loss-of-precision: [2]
  no-magic-numbers: [0]
  no-misleading-character-class: [2]
-  no-mixed-operators: [0]
-  no-mixed-spaces-and-tabs: [2]
  no-multi-assign: [0]
-  no-multi-spaces: [2, {ignoreEOLComments: true, exceptions: {Property: true}}]
  no-multi-str: [2]
  no-negated-condition: [0]
  no-nested-ternary: [0]
@@ -433,12 +506,10 @@ rules:
  no-shadow-restricted-names: [2]
  no-shadow: [0]
  no-sparse-arrays: [2]
-  no-tabs: [2]
  no-template-curly-in-string: [2]
  no-ternary: [0]
  no-this-before-super: [2]
  no-throw-literal: [2]
-  no-trailing-spaces: [2]
  no-undef-init: [2]
  no-undef: [2, {typeof: true}]
  no-undefined: [0]
@@ -468,32 +539,25 @@ rules:
  no-var: [2]
  no-void: [2]
  no-warning-comments: [0]
-  no-whitespace-before-property: [2]
  no-with: [0] # handled by no-restricted-syntax
-  nonblock-statement-body-position: [2]
-  object-curly-newline: [0]
-  object-curly-spacing: [2, never]
  object-shorthand: [2, always]
  one-var-declaration-per-line: [0]
  one-var: [0]
  operator-assignment: [2, always]
  operator-linebreak: [2, after]
-  padded-blocks: [2, never]
-  padding-line-between-statements: [0]
  prefer-arrow-callback: [2, {allowNamedFunctions: true, allowUnboundThis: true}]
  prefer-const: [2, {destructuring: all, ignoreReadBeforeAssign: true}]
  prefer-destructuring: [0]
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
-  prefer-object-has-own: [0]
+  prefer-object-has-own: [2]
  prefer-object-spread: [2]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
  prefer-rest-params: [2]
  prefer-spread: [2]
  prefer-template: [2]
-  quote-props: [0]
  quotes: [2, single, {avoidEscape: true, allowTemplateLiterals: true}]
  radix: [2, as-needed]
  regexp/confusing-quantifier: [2]
@@ -511,6 +575,7 @@ rules:
  regexp/no-empty-character-class: [0]
  regexp/no-empty-group: [2]
  regexp/no-empty-lookarounds-assertion: [2]
+  regexp/no-empty-string-literal: [2]
  regexp/no-escape-backspace: [2]
  regexp/no-extra-lookaround-assertions: [0]
  regexp/no-invalid-regexp: [2]
@@ -541,6 +606,8 @@ rules:
  regexp/no-useless-non-capturing-group: [2]
  regexp/no-useless-quantifier: [2]
  regexp/no-useless-range: [2]
+  regexp/no-useless-set-operand: [2]
+  regexp/no-useless-string-literal: [2]
  regexp/no-useless-two-nums-quantifier: [2]
  regexp/no-zero-quantifier: [2]
  regexp/optimal-lookaround-quantifier: [2]
@@ -560,10 +627,12 @@ rules:
  regexp/prefer-regexp-exec: [2]
  regexp/prefer-regexp-test: [2]
  regexp/prefer-result-array-groups: [0]
+  regexp/prefer-set-operation: [2]
  regexp/prefer-star-quantifier: [2]
  regexp/prefer-unicode-codepoint-escapes: [2]
  regexp/prefer-w: [0]
  regexp/require-unicode-regexp: [0]
+  regexp/simplify-set-operations: [2]
  regexp/sort-alternatives: [0]
  regexp/sort-character-class-elements: [0]
  regexp/sort-flags: [0]
@@ -574,10 +643,6 @@ rules:
  require-await: [0]
  require-unicode-regexp: [0]
  require-yield: [2]
-  rest-spread-spacing: [2, never]
-  semi-spacing: [2, {before: false, after: true}]
-  semi-style: [2, last]
-  semi: [2, always, {omitLastInOneLineBlock: true}]
  sonarjs/cognitive-complexity: [0]
  sonarjs/elseif-without-else: [0]
  sonarjs/max-switch-cases: [0]
@@ -613,16 +678,8 @@ rules:
  sort-imports: [0]
  sort-keys: [0]
  sort-vars: [0]
-  space-before-blocks: [2, always]
-  space-in-parens: [2, never]
-  space-infix-ops: [2]
-  space-unary-ops: [2]
-  spaced-comment: [2, always]
  strict: [0]
-  switch-colon-spacing: [2]
  symbol-description: [2]
-  template-curly-spacing: [2, never]
-  template-tag-spacing: [2, never]
  unicode-bom: [2, never]
  unicorn/better-regex: [0]
  unicorn/catch-error-name: [0]
@@ -740,15 +797,25 @@ rules:
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
  wc/attach-shadow-constructor: [2]
+  wc/define-tag-after-class-definition: [0]
+  wc/expose-class-on-global: [0]
+  wc/file-name-matches-element: [2]
+  wc/guard-define-call: [0]
  wc/guard-super-call: [2]
+  wc/max-elements-per-file: [0]
+  wc/no-child-traversal-in-attributechangedcallback: [2]
+  wc/no-child-traversal-in-connectedcallback: [2]
  wc/no-closed-shadow-root: [2]
  wc/no-constructor-attributes: [2]
  wc/no-constructor-params: [2]
-  wc/no-invalid-element-name: [0] # covered by custom-elements/valid-tag-name
+  wc/no-constructor: [2]
+  wc/no-customized-built-in-elements: [2]
+  wc/no-exports-with-element: [2]
+  wc/no-invalid-element-name: [2]
+  wc/no-invalid-extends: [2]
+  wc/no-method-prefixed-with-on: [2]
  wc/no-self-class: [2]
  wc/no-typos: [2]
  wc/require-listener-teardown: [2]
-  wrap-iife: [2, inside]
-  wrap-regex: [0]
-  yield-star-spacing: [2, after]
+  wc/tag-name-matches-class: [2]
  yoda: [2, never]
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -1,6 +1,6 @@
 name: Bug Report
 description: Found something you weren't expecting? Report it here!
-labels: ["kind/bug"]
+labels: ["type/bug"]
 body:
  - type: markdown
    attributes:
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -1,6 +1,6 @@
 name: Feature Request
 description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-labels: ["kind/proposal"]
+labels: ["type/proposal"]
 body:
  - type: markdown
    attributes:
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -1,6 +1,6 @@
 name: Web Interface Bug Report
 description: Something doesn't look quite as it should?  Report it here!
-labels: ["kind/bug", "kind/ui"]
+labels: ["type/bug", "topic/ui"]
 body:
  - type: markdown
    attributes:
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -2,3 +2,4 @@ self-hosted-runner:
  labels:
    - actuated-4cpu-8gb
    - actuated-4cpu-16gb
+    - nscloud
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -1,35 +1,36 @@
-kind/docs:
+modifies/docs:
  - "**/*.md"
  - "docs/**"

-kind/ui:
+modifies/frontend:
  - "web_src/**/*"
+
+modifies/templates:
  - all: ["templates/**", "!templates/swagger/v1_json.tmpl"]

-kind/api:
-  - "templates/swagger/v1_json.tmpl"
+modifies/api:
  - "routers/api/**"
+  - "templates/swagger/v1_json.tmpl"

-kind/build:
+modifies/cli:
+  - "cmd/**"
+
+modifies/translation:
+  - "options/locale/*.ini"
+
+modifies/migrations:
+  - "models/migrations/**/*"
+
+modifies/internal:
  - "Makefile"
  - "Dockerfile"
  - "Dockerfile.rootless"
  - "docker/**"
  - "webpack.config.js"
-
-theme/package-registry:
-  - "modules/packages/**"
-  - "services/packages/**"
-  - "routers/api/packages/**"
-  - "routers/web/shared/packages/**"
-
-kind/cli:
-  - "cmd/**"
-
-kind/lint:
  - ".eslintrc.yaml"
  - ".golangci.yml"
  - ".markdownlint.yaml"
  - ".spectral.yaml"
  - ".stylelintrc.yaml"
  - ".yamllint.yaml"
+  - ".github/**"
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -1,54 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 60
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 14
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - status/blocked
-  - kind/security
-  - lgtm/done
-  - reviewed/confirmed
-  - priority/critical
-  - kind/proposal
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Comment to post when marking as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had recent activity.
-  I am here to help clear issues left open even if solved or waiting for more insight.
-  This issue will be closed if no further activity occurs during the next 2 weeks.
-  If the issue is still valid just add a comment to keep it alive.
-  Thank you for your contributions.
-
-# Comment to post when closing a stale Issue or Pull Request.
-closeComment: >
-  This issue has been automatically closed because of inactivity.
-  You can re-open it if needed.
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 1
-
-# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
-pulls:
-  daysUntilStale: 60
-  daysUntilClose: 60
-  markComment: >
-    This pull request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you
-    for your contributions.
-  closeComment: >
-    This pull request has been automatically closed because of inactivity.
-    You can re-open it if needed.
--- a/.github/workflows/cron-licenses.yml
+++ b/.github/workflows/cron-licenses.yml
@@ -11,14 +11,14 @@ jobs:
    if: github.repository == 'go-gitea/gitea'
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - run: make generate-license generate-gitignore
        timeout-minutes: 40
      - name: push translations to repo
-        uses: appleboy/git-push-action@v0.0.2
+        uses: appleboy/git-push-action@v0.0.3
        with:
          author_email: "teabot@gitea.io"
          author_name: GiteaBot
--- a/.github/workflows/cron-lock.yml
+++ b/.github/workflows/cron-lock.yml
@@ -17,6 +17,6 @@ jobs:
    runs-on: ubuntu-latest
    if: github.repository == 'go-gitea/gitea'
    steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
        with:
          issue-inactive-days: 45
--- a/.github/workflows/cron-translations.yml
+++ b/.github/workflows/cron-translations.yml
@@ -22,7 +22,7 @@ jobs:
      - name: update locales
        run: ./build/update-locales.sh
      - name: push translations to repo
-        uses: appleboy/git-push-action@v0.0.2
+        uses: appleboy/git-push-action@v0.0.3
        with:
          author_email: "teabot@gitea.io"
          author_name: GiteaBot
--- a/.github/workflows/disk-clean.yml
+++ b/.github/workflows/disk-clean.yml
@@ -0,0 +1,25 @@
+name: disk-clean
+
+on:
+  workflow_call:
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          # this might remove tools that are actually needed,
+          # if set to "true" but frees about 6 GB
+          tool-cache: false
+
+          # all of these default to true, but feel free to set to
+          # "false" if necessary for your workflow
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: false
+          docker-images: false
+          swap-storage: true
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@@ -17,9 +17,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - run: make deps-backend deps-tools
      - run: make lint-backend
@@ -58,7 +58,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - run: make deps-frontend
@@ -70,9 +70,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - run: make deps-backend deps-tools
      - run: make lint-go-windows lint-go-vet
@@ -87,9 +87,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - run: make deps-backend deps-tools
      - run: make lint-go
@@ -102,9 +102,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - run: make deps-backend deps-tools
      - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
@@ -115,7 +115,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - run: make deps-frontend
@@ -130,9 +130,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      # no frontend build here as backend should be able to build
      # even without any frontend files
@@ -162,7 +162,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - run: make deps-frontend
@@ -175,5 +175,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          check-latest: true
      - run: make lint-actions
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    services:
      pgsql:
-        image: postgres:15
+        image: postgres:12
        env:
          POSTGRES_DB: test
          POSTGRES_PASSWORD: postgres
@@ -31,17 +31,17 @@ jobs:
      minio:
        # as github actions doesn't support "entrypoint", we need to use a non-official image
        # that has a custom entrypoint set to "minio server /data"
-        image: bitnami/minio:2021.3.17
+        image: bitnami/minio:2023.8.31
        env:
-          MINIO_ACCESS_KEY: 123456
-          MINIO_SECRET_KEY: 12345678
+          MINIO_ROOT_USER: 123456
+          MINIO_ROOT_PASSWORD: 12345678
        ports:
          - "9000:9000"
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 pgsql ldap minio" | sudo tee -a /etc/hosts'
@@ -64,9 +64,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - run: make deps-backend
      - run: make backend
@@ -85,13 +85,6 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
-          MYSQL_DATABASE: test
-        ports:
-          - "3306:3306"
      elasticsearch:
        image: elasticsearch:7.5.0
        env:
@@ -104,13 +97,6 @@ jobs:
          MEILI_ENV: development # disable auth
        ports:
          - "7700:7700"
-      smtpimap:
-        image: tabascoterrier/docker-imap-devel:latest
-        ports:
-          - "25:25"
-          - "143:143"
-          - "587:587"
-          - "993:993"
      redis:
        image: redis
        options: >- # wait until redis has started
@@ -129,9 +115,9 @@ jobs:
          - "9000:9000"
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch meilisearch smtpimap" | sudo tee -a /etc/hosts'
@@ -152,16 +138,16 @@ jobs:
          RACE_ENABLED: true
          GITHUB_READ_TOKEN: ${{ secrets.GITHUB_READ_TOKEN }}

-  test-mysql5:
+  test-mysql:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    services:
      mysql:
-        image: mysql:5.7
+        image: mysql:8.0
        env:
          MYSQL_ALLOW_EMPTY_PASSWORD: true
-          MYSQL_DATABASE: test
+          MYSQL_DATABASE: testgitea
        ports:
          - "3306:3306"
      elasticsearch:
@@ -179,9 +165,9 @@ jobs:
          - "993:993"
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch smtpimap" | sudo tee -a /etc/hosts'
@@ -197,43 +183,13 @@ jobs:
          USE_REPO_TEST_DIR: 1
          TEST_INDEXER_CODE_ES_URL: "http://elastic:changeme@elasticsearch:9200"

-  test-mysql8:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mysql8:
-        image: mysql:8
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
-          MYSQL_DATABASE: testgitea
-        ports:
-          - "3306:3306"
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql8" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - run: make test-mysql8-migration test-mysql8
-        timeout-minutes: 50
-        env:
-          TAGS: bindata
-          USE_REPO_TEST_DIR: 1
-
  test-mssql:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    services:
      mssql:
-        image: mcr.microsoft.com/mssql/server:latest
+        image: mcr.microsoft.com/mssql/server:2017-latest
        env:
          ACCEPT_EULA: Y
          MSSQL_PID: Standard
@@ -242,9 +198,9 @@ jobs:
          - "1433:1433"
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mssql" | sudo tee -a /etc/hosts'
--- a/.github/workflows/pull-docker-dryrun.yml
+++ b/.github/workflows/pull-docker-dryrun.yml
@@ -16,8 +16,8 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/build-push-action@v5
        with:
          push: false
          tags: gitea/gitea:linux-amd64
@@ -27,8 +27,8 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/build-push-action@v5
        with:
          push: false
          file: Dockerfile.rootless
--- a/.github/workflows/pull-e2e-tests.yml
+++ b/.github/workflows/pull-e2e-tests.yml
@@ -17,11 +17,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - run: make deps-frontend frontend deps-backend
--- a/.github/workflows/pull-labeler.yml
+++ b/.github/workflows/pull-labeler.yml
@@ -18,4 +18,3 @@ jobs:
      - uses: actions/labeler@v4
        with:
          dot: true
-          sync-labels: true
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -1,26 +1,28 @@
-name: release-nightly-assets
+name: release-nightly

 on:
  push:
-    branches: [ main, release/v* ]
+    branches: [main, release/v*]

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

 jobs:
+  disk-clean:
+    uses: ./.github/workflows/disk-clean.yml
  nightly-binary:
-    runs-on: actuated-4cpu-16gb
+    runs-on: nscloud
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - run: make deps-frontend deps-backend
@@ -30,7 +32,7 @@ jobs:
          TAGS: bindata sqlite sqlite_unlock_notify
      - name: import gpg key
        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
+        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
@@ -46,28 +48,28 @@ jobs:
          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
          echo "Cleaned name is ${REF_NAME}"
          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
+      - name: configure aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      - name: upload binaries to s3
-        uses: jakejarvis/s3-sync-action@master
-        env:
-          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_REGION: ${{ secrets.AWS_REGION }}
-          SOURCE_DIR: dist/release
-          DEST_DIR: gitea/${{ steps.clean_name.outputs.branch }}
+        run: |
+          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
  nightly-docker-rootful:
-    runs-on: actuated-4cpu-16gb
+    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
      - name: Get cleaned branch name
        id: clean_name
        run: |
@@ -79,32 +81,32 @@ jobs:
          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: fetch go modules
        run: make vendor
      - name: build rootful docker image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}
  nightly-docker-rootless:
-    runs-on: actuated-4cpu-16gb
+    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
        with:
-          go-version: "~1.21"
+          go-version-file: go.mod
          check-latest: true
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
      - name: Get cleaned branch name
        id: clean_name
        run: |
@@ -116,14 +118,14 @@ jobs:
          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: fetch go modules
        run: make vendor
      - name: build rootless docker image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@@ -0,0 +1,132 @@
+name: release-tag-rc
+
+on:
+  push:
+    tags:
+      - "v1*-rc*"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  binary:
+    runs-on: nscloud
+    steps:
+      - uses: actions/checkout@v4
+      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
+      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: make deps-frontend deps-backend
+      # xgo build
+      - run: make release
+        env:
+          TAGS: bindata sqlite sqlite_unlock_notify
+      - name: import gpg key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
+          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
+      - name: sign binaries
+        run: |
+          for f in dist/release/*; do
+            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
+          done
+      # clean branch name to get the folder name in S3
+      - name: Get cleaned branch name
+        id: clean_name
+        run: |
+          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//')
+          echo "Cleaned name is ${REF_NAME}"
+          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
+      - name: configure aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      - name: upload binaries to s3
+        run: |
+          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
+      - name: Install GH CLI
+        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
+        with:
+          gh-cli-version: 2.39.1
+      - name: create github release
+        run: |
+          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/*
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+  docker-rootful:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
+      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: gitea/gitea
+          flavor: |
+            latest=false
+          # 1.2.3-rc0
+          tags: |
+            type=semver,pattern={{version}}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: build rootful docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+  docker-rootless:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
+      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: gitea/gitea
+          # each tag below will have the suffix of -rootless
+          flavor: |
+            latest=false
+            suffix=-rootless
+          # 1.2.3-rc0
+          tags: |
+            type=semver,pattern={{version}}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: build rootless docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          file: Dockerfile.rootless
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@@ -0,0 +1,143 @@
+name: release-tag-version
+
+on:
+  push:
+    tags:
+      - "v1.*"
+      - "!v1*-rc*"
+      - "!v1*-dev"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  binary:
+    runs-on: nscloud
+    steps:
+      - uses: actions/checkout@v4
+      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
+      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          check-latest: true
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: make deps-frontend deps-backend
+      # xgo build
+      - run: make release
+        env:
+          TAGS: bindata sqlite sqlite_unlock_notify
+      - name: import gpg key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
+          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
+      - name: sign binaries
+        run: |
+          for f in dist/release/*; do
+            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
+          done
+      # clean branch name to get the folder name in S3
+      - name: Get cleaned branch name
+        id: clean_name
+        run: |
+          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//')
+          echo "Cleaned name is ${REF_NAME}"
+          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
+      - name: configure aws
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_REGION }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      - name: upload binaries to s3
+        run: |
+          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
+      - name: Install GH CLI
+        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
+        with:
+          gh-cli-version: 2.39.1
+      - name: create github release
+        run: |
+          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --notes-from-tag dist/release/*
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+  docker-rootful:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
+      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: gitea/gitea
+          # this will generate tags in the following format:
+          # latest
+          # 1
+          # 1.2
+          # 1.2.3
+          tags: |
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: build rootful docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+  docker-rootless:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
+      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: gitea/gitea
+          # each tag below will have the suffix of -rootless
+          flavor: |
+            suffix=-rootless,onlatest=true
+          # this will generate tags in the following format (with -rootless suffix added):
+          # latest
+          # 1
+          # 1.2
+          # 1.2.3
+          tags: |
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: build rootless docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          file: Dockerfile.rootless
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -29,7 +29,6 @@ linters:
  fast: false

 run:
-  go: "1.21"
  timeout: 10m
  skip-dirs:
    - node_modules
@@ -75,7 +74,6 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.21"
  depguard:
    rules:
      main:
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@@ -6,7 +6,6 @@ line-length: {code_blocks: false, tables: false, stern: true, line_length: -1}
 no-alt-text: false
 no-bare-urls: false
 no-blanks-blockquote: false
-no-duplicate-header: {allow_different_nesting: true}
 no-emphasis-as-header: false
 no-empty-links: false
 no-hard-tabs: {code_blocks: false}
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@@ -103,7 +103,7 @@ rules:
  property-no-vendor-prefix: null
  rule-empty-line-before: null
  rule-selector-property-disallowed-list: null
-  scale-unlimited/declaration-strict-value: [[color, background-color, border-color, font-weight], {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor|none)$/, ignoreFunctions: false, disableFix: true}]
+  scale-unlimited/declaration-strict-value: [[/color$/, font-weight], {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor|none)$/, ignoreFunctions: false, disableFix: true, expandShorthand: true}]
  selector-attribute-name-disallowed-list: null
  selector-attribute-operator-allowed-list: null
  selector-attribute-operator-disallowed-list: null
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@@ -24,8 +24,6 @@ rules:
  document-start:
    level: error
    present: false
-    ignore: |
-      /.drone.yml

  document-end:
    present: false
@@ -44,5 +42,3 @@ rules:
 ignore: |
  .venv
  node_modules
-  /models/fixtures
-  /models/migrations/fixtures
--- a/4
+++ b/4
@@ -42,13 +42,13 @@ GARGS = "--no-print-directory"

 # The GNU convention is to use the lowercased `prefix` variable/macro to
 # specify the installation directory. Humor them.
-GPREFIX = ""
+GPREFIX =
 .if defined(PREFIX) && ! defined(prefix)
    GPREFIX = 'prefix = "$(PREFIX)"'
 .endif

 .BEGIN: .SILENT
-	which $(GMAKE) || printf "Error: GNU Make is required!\n\n" 1>&2 && false
+	which $(GMAKE) || (printf "Error: GNU Make is required!\n\n" 1>&2 && false)

 .PHONY: FRC
 $(.TARGETS): FRC
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,481 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).

+## [1.21.0](https://github.com/go-gitea/gitea/releases/tag/v1.21.0) - 2023-11-14
+
+* BREAKING
+  * Restrict certificate type for builtin SSH server (#26789)
+  * Refactor to use urfave/cli/v2 (#25959)
+  * Move public asset files to the proper directory (#25907)
+  * Remove commit status running and warning to align GitHub (#25839) (partially reverted: Restore warning commit status (#27504) (#27529))
+  * Remove "CHARSET" config option for MySQL, always use "utf8mb4" (#25413)
+  * Set SSH_AUTHORIZED_KEYS_BACKUP to false (#25412)
+* FEATURES
+  * User details page (#26713)
+  * Chore(actions): support cron schedule task (#26655)
+  * Support rebuilding issue indexer manually (#26546)
+  * Allow to archive labels (#26478)
+  * Add disable workflow feature (#26413)
+  * Support `.git-blame-ignore-revs` file (#26395)
+  * Pre-register OAuth2 applications for git credential helpers (#26291)
+  * Add `Retry` button when creating a mirror-repo fails (#26228)
+  * Artifacts retention and auto clean up (#26131)
+  * Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974)
+  * Implement auto-cancellation of concurrent jobs if the event is push (#25716)
+  * Newly pushed branches hints on repository home page (#25715)
+  * Display branch commit status (#25608)
+  * Add direct serving of package content (#25543)
+  * Add commits dropdown in PR files view and allow commit by commit review (#25528)
+  * Allow package cleanup from admin page (#25307)
+  * Batch delete issue and improve tippy opts (#25253)
+  * Show branches and tags that contain a commit (#25180)
+  * Add actor and status dropdowns to run list (#25118)
+  * Allow Organisations to have a E-Mail (#25082)
+  * Add codeowners feature (#24910)
+  * Actions Artifacts support uploading multiple files and directories (#24874)
+  * Support configuration variables on Gitea Actions (#24724)
+  * Support downloading raw task logs (#24451)
+* API
+  * Unify two factor check (#27915) (#27929)
+  * Fix package webhook (#27839) (#27855)
+  * Fix/upload artifact error windows (#27802) (#27840)
+  * Fix bad method call when deleting user secrets via API (#27829) (#27831)
+  * Do not force creation of _cargo-index repo on publish (#27266) (#27765)
+  * Delete repos of org when purge delete user (#27273) (#27728)
+  * Fix org team endpoint (#27721) (#27727)
+  * Api: GetPullRequestCommits: return file list (#27483) (#27539)
+  * Don't let API add 2 exclusive labels from same scope (#27433) (#27460)
+  * Redefine the meaning of column is_active to make Actions Registration Token generation easier (#27143) (#27304)
+  * Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27251)
+  * Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27163)
+  * Allow empty Conan files (#27092)
+  * Fix token endpoints ignore specified account (#27080)
+  * Reduce usage of `db.DefaultContext` (#27073) (#27083) (#27089) (#27103) (#27262) (#27265) (#27347) (#26076)
+  * Make SSPI auth mockable (#27036)
+  * Extract auth middleware from service (#27028)
+  * Add `RemoteAddress` to mirrors (#26952)
+  * Feat(API): add routes and functions for managing user's secrets (#26909)
+  * Feat(API): add secret deletion functionality for repository (#26808)
+  * Feat(API): add route and implementation for creating/updating repository secret (#26766)
+  * Add Upload URL to release API (#26663)
+  * Feat(API): update and delete secret for managing organization secrets (#26660)
+  * Feat: implement organization secret creation API (#26566)
+  * Add API route to list org secrets (#26485)
+  * Set commit id when ref used explicitly (#26447)
+  * PATCH branch-protection updates check list even when checks are disabled (#26351)
+  * Add file status for API "Get a single commit from a repository" (#16205) (#25831)
+  * Add API for changing Avatars (#25369)
+* BUGFIXES
+  * Fix viewing wiki commit on empty repo (#28040) (#28044)
+  * Enable system users for comment.LoadPoster (#28014) (#28032)
+  * Fixed duplicate attachments on dump on windows (#28019) (#28031)
+  * Fix wrong xorm Delete usage(backport for 1.21) (#28002)
+  * Add word-break to repo description in home page (#27924) (#27957)
+  * Fix rendering assignee changed comments without assignee (#27927) (#27952)
+  * Add word break to release title (#27942) (#27947)
+  * Fix JS NPE when viewing specific range of PR commits (#27912) (#27923)
+  * Show correct commit sha when viewing single commit diff (#27916) (#27921)
+  * Fix 500 when deleting a dismissed review (#27903) (#27910)
+  * Fix DownloadFunc when migrating releases (#27887) (#27890)
+  * Fix http protocol auth (#27875) (#27876)
+  * Refactor postgres connection string building (#27723) (#27869)
+  * Close all hashed buffers (#27787) (#27790)
+  * Fix label render containing invalid HTML (#27752) (#27762)
+  * Fix duplicate project board when hitting `enter` key (#27746) (#27751)
+  * Fix `link-action` redirect network error (#27734) (#27749)
+  * Fix sticky diff header background (#27697) (#27712)
+  * Always delete existing scheduled action tasks (#27662) (#27688)
+  * Support allowed hosts for webhook to work with proxy (#27655) (#27675)
+  * Fix poster is not loaded in get default merge message (#27657) (#27666)
+  * Improve dropdown button alignment and fix hover bug (#27632) (#27637)
+  * Improve retrying index issues (#27554) (#27634)
+  * Fix 404 when deleting Docker package with an internal version (#27615) (#27630)
+  * Backport manually for a tmpl issue in v1.21 (#27612)
+  * Don't show Link to TOTP if not set up (#27585) (#27588)
+  * Fix data-race bug when accessing task.LastRun (#27584) (#27586)
+  * Fix attachment download bug (#27486) (#27571)
+  * Respect SSH.KeygenPath option when calculating ssh key fingerprints (#27536) (#27551)
+  * Improve dropdown's behavior when there is a search input in menu (#27526) (#27534)
+  * Fix panic in storageHandler (#27446) (#27479)
+  * When comparing with an non-exist repository, return 404 but 500 (#27437) (#27442)
+  * Fix pr template (#27436) (#27440)
+  * Fix git 2.11 error when checking IsEmpty (#27393) (#27397)
+  * Allow get release download files and lfs files with oauth2 token format (#26430) (#27379)
+  * Fix missing ctx for GetRepoLink in dashboard (#27372) (#27375)
+  * Absolute positioned checkboxes  overlay floated elements (#26870) (#27366)
+  * Introduce fixes and more rigorous tests for 'Show on a map' feature (#26803) (#27365)
+  * Fix repo count in org action settings (#27245) (#27353)
+  * Add logs for data broken of comment review (#27326) (#27345)
+  * Fix the approval count of PR when there is no protection branch rule (#27272) (#27343)
+  * Fix Bug in Issue Config when only contact links are set (#26521) (#27334)
+  * Improve issue history dialog and make poster can delete their own history (#27323) (#27327)
+  * Fix orphan check for deleted branch (#27310) (#27321)
+  * Fix protected branch icon location (#26576) (#27317)
+  * Fix yaml test (#27297) (#27303)
+  * Fix some animation bugs (#27287) (#27294)
+  * Fix incorrect change from #27231 (#27275) (#27282)
+  * Add missing public user visibility in user details page (#27246) (#27250)
+  * Fix EOL handling in web editor (#27141) (#27234)
+  * Fix issues on action runners page (#27226) (#27233)
+  * Quote table `release` in sql queries (#27205) (#27218)
+  * Fix release URL in webhooks (#27182) (#27185)
+  * Fix review request number and add more tests (#27104) (#27168)
+  * Fix the variable regexp pattern on web page (#27161) (#27164)
+  * Fix: treat tab "overview" as "repositories" in user profiles without readme (#27124)
+  * Fix NPE when editing OAuth2 applications (#27078)
+  * Fix the incorrect route path in the user edit page. (#27007)
+  * Fix the secret regexp pattern on web page (#26910)
+  * Allow users with write permissions for issues to add attachments with API (#26837)
+  * Make "link-action" backend code respond correct JSON content (#26680)
+  * Use line-height: normal by default (#26635)
+  * Fix NPM packages name validation (#26595)
+  * Rewrite the DiffFileTreeItem and fix misalignment (#26565)
+  * Return empty when searching issues with no repos (#26545)
+  * Explain SearchOptions and fix ToSearchOptions (#26542)
+  * Add missing triggers to update issue indexer (#26539)
+  * Handle base64 decoding correctly to avoid panic (#26483)
+  * Avoiding accessing undefined mentionValues (#26461)
+  * Fix incorrect redirection in new issue using references (#26440)
+  * Fix the bug when getting files changed for `pull_request_target` event (#26320)
+  * Remove IsWarning in  tmpl (#26120)
+  * Fix loading `LFS_JWT_SECRET` from wrong section (#26109)
+  * Fixing redirection issue for logged-in users (#26105)
+  * Improve "gitea doctor" sub-command and fix "help" commands (#26072)
+  * Fix the truncate and alignment problem for some admin tables (#26042)
+  * Update minimum password length requirements (#25946)
+  * Do not "guess" the file encoding/BOM when using API to upload files (#25828)
+  * Restructure issue list template, styles (#25750)
+  * Fix `ref` for workflows triggered by `pull_request_target` (#25743)
+  * Fix issues indexer document mapping (#25619)
+  * Use JSON response for "user/logout" (#25522)
+  * Fix migrate page layout on mobile (#25507)
+  * Link to existing PR when trying to open a new PR on the same branches (#25494)
+  * Do not publish docker release images on `-dev` tags (#25471)
+  * Support `pull_request_target` event (#25229)
+  * Modify the content format of the Feishu webhook (#25106)
+* ENHANCEMENTS
+  * Render email addresses as such if followed by punctuation (#27987) (#27992)
+  * Show error toast when file size exceeds the limits (#27985) (#27986)
+  * Fix citation error when the file size is larger than 1024 bytes (#27958) (#27965)
+  * Remove action runners on user deletion (#27902) (#27908)
+  * Remove set tabindex on view issue (#27892) (#27896)
+  * Reduce margin/padding on flex-list items and divider (#27872) (#27874)
+  * Change katex limits (#27823) (#27868)
+  * Clean up template locale usage (#27856) (#27857)
+  * Add dedicated class for empty placeholders (#27788) (#27792)
+  * Add gap between diff boxes (#27776) (#27781)
+  * Fix incorrect "tab" parameter for repo search sub-template (#27755) (#27764)
+  * Enable followCursor for language stats bar (#27713) (#27739)
+  * Improve diff tree spacing (#27714) (#27719)
+  * Feed UI Improvements (#27356) (#27717)
+  * Improve feed icons and feed merge text color (#27498) (#27716)
+  * [FIX] resolve confusing colors in languages stats by insert a gap (#27704) (#27715)
+  * Add doctor dbconsistency fix to delete repos with no owner (#27290) (#27693)
+  * Fix required checkboxes in issue forms (#27592) (#27692)
+  * Hide archived labels by default from the suggestions when assigning labels for an issue (#27451) (#27661)
+  * Cleanup repo details icons/labels (#27644) (#27654)
+  * Keep filter when showing unfiltered results on explore page (#27192) (#27589)
+  * Show manual cron run's last time (#27544) (#27577)
+  * Revert "Fix pr template (#27436)" (#27567)
+  * Increase queue length (#27555) (#27562)
+  * Avoid run change title process when the title is same (#27467) (#27558)
+  * Remove max-width and add hide text overflow (#27359) (#27550)
+  * Add hover background to wiki list page (#27507) (#27521)
+  * Fix mermaid flowchart margin issue (#27503) (#27516)
+  * Refactor system setting (#27000) (#27452)
+  * Fix  missing `ctx`  in new_form.tmpl  (#27434) (#27438)
+  * Add Index to `action.user_id` (#27403) (#27425)
+  * Don't use subselect in `DeleteIssuesByRepoID` (#27332) (#27408)
+  * Add support for HEAD ref in /src/branch and /src/commit routes (#27384) (#27407)
+  * Make Actions tasks/jobs timeouts configurable by the user (#27400) (#27402)
+  * Hide archived labels when filtering by labels on the issue list (#27115) (#27381)
+  * Highlight user details link (#26998) (#27376)
+  * Add protected branch name description (#27257) (#27351)
+  * Improve tree not found page (#26570) (#27346)
+  * Add Index to `comment.dependent_issue_id` (#27325) (#27340)
+  * Improve branch list UI (#27319) (#27324)
+  * Fix divider in subscription page (#27298) (#27301)
+  * Add missed return to actions view fetch (#27289) (#27293)
+  * Backport ctx locale refactoring manually (#27231) (#27259) (#27260)
+  * Disable `Test Delivery` and `Replay` webhook buttons when webhook is inactive (#27211) (#27253)
+  * Use mask-based fade-out effect for `.new-menu` (#27181) (#27243)
+  * Cleanup locale function usage (#27227) (#27240)
+  * Fix z-index on markdown completion (#27237) (#27239)
+  * Fix Fomantic UI dropdown icon bug when there is a search input in menu (#27225) (#27228)
+  * Allow copying issue comment link on archived repos and when not logged in (#27193) (#27210)
+  * Fix: text decorator on issue sidebar menu label (#27206) (#27209)
+  * Fix dropdown icon position (#27175) (#27177)
+  * Add index to `issue_user.issue_id` (#27154) (#27158)
+  * Increase auth provider icon size on login page (#27122)
+  * Remove a `gt-float-right` and some unnecessary helpers (#27110)
+  * Change green buttons to primary color (#27099)
+  * Use db.WithTx for AddTeamMember to avoid ctx abuse (#27095)
+  * Use `print` instead of `printf` (#27093)
+  * Remove the useless function `GetUserIssueStats` and move relevant tests to `indexer_test.go` (#27067)
+  * Search branches (#27055)
+  * Display all user types and org types on admin management UI (#27050)
+  * Ui correction in mobile view nav bar left aligned items. (#27046)
+  * Chroma color tweaks (#26978)
+  * Move some functions to service layer (#26969)
+  * Improve "language stats" UI (#26968)
+  * Replace `util.SliceXxx`  with `slices.Xxx` (#26958)
+  * Refactor dashboard/feed.tmpl (#26956)
+  * Move repository deletion to service layer (#26948)
+  * Fix the missing repo count (#26942)
+  * Improve hint when uploading a too large avatar (#26935)
+  * Extract common code to new template (#26933)
+  * Move createrepository from module to service layer (#26927)
+  * Move notification interface to services layer (#26915)
+  * Move feed notification service layer (#26908)
+  * Move ui notification to service layer (#26907)
+  * Move indexer notification to service layer (#26906)
+  * Move mail notification logic to service layer (#26905)
+  * Extract common code to new template (#26903)
+  * Show queue's active worker number (#26896)
+  * Fix media description render for orgmode (#26895)
+  * Remove CSS `has` selector and improve various styles (#26891)
+  * Relocate the `RSS user feed` button (#26882)
+  * Refactor "shortsha" (#26877)
+  * Refactor `og:description` to limit the max length (#26876)
+  * Move web/api context related testing function into a separate package (#26859)
+  * Redable error on S3 storage connection failure (#26856)
+  * Improve opengraph previews (#26851)
+  * Add more descriptive error on forgot password page (#26848)
+  * Show always repo count in header (#26842)
+  * Remove "TODO" tasks from CSS file (#26835)
+  * Render code blocks in repo description (#26830)
+  * Minor dashboard tweaks, fix flex-list margins (#26829)
+  * Remove polluted `.ui.right` (#26825)
+  * Display archived labels specially when listing labels (#26820)
+  * Remove polluted ".ui.left" style (#26809)
+  * Make it posible to customize nav text color via css var (#26807)
+  * Refactor lfs requests (#26783)
+  * Improve flex list item padding (#26779)
+  * Remove fomantic `text` module (#26777)
+  * Remove fomantic `item` module (#26775)
+  * Remove redundant nil check in `WalkGitLog` (#26773)
+  * Reduce some allocations in type conversion (#26772)
+  * Refactor some CSS styles and simplify code (#26771)
+  * Unify `border-radius` behavior (#26770)
+  * Improve modal dialog UI (#26764)
+  * Allow "latest" to be used in release vTag when downloading file (#26748)
+  * Adding hint `Archived` to archive label. (#26741)
+  * Move `modules/mirror` to `services` (#26737)
+  * Add "dir=auto" for input/textarea elements by default (#26735)
+  * Add auth-required to config.json for Cargo http registry (#26729)
+  * Simplify helper CSS classes and avoid abuse (#26728)
+  * Make web context initialize correctly for different cases (#26726)
+  * Focus editor on "Write" tab click (#26714)
+  * Remove incorrect CSS helper classes (#26712)
+  * Fix review bar misalignment (#26711)
+  * Add reverseproxy auth for API back with default disabled (#26703)
+  * Add default label in branch select list (#26697)
+  * Improve Image Diff UI (#26696)
+  * Fixed text overflow in dropdown menu (#26694)
+  * [Refactor] getIssueStatsChunk to move inner function into own one (#26671)
+  * Remove fomantic loader module (#26670)
+  * Add `member`, `collaborator`, `contributor`, and `first-time contributor` roles and tooltips (#26658)
+  * Improve some flex layouts (#26649)
+  * Improve the branch selector tab UI (#26631)
+  * Improve show role (#26621)
+  * Remove avatarHTML from template helpers (#26598)
+  * Allow text selection in actions step header (#26588)
+  * Improve translation of milestone filters (#26569)
+  * Add optimistic lock to ActionRun table (#26563)
+  * Update team invitation email link (#26550)
+  * Differentiate better between user settings and admin settings (#26538)
+  * Check disabled workflow when rerun jobs (#26535)
+  * Improve deadline icon location in milestone list page (#26532)
+  * Improve repo sub menu (#26531)
+  * Fix the display of org level badges (#26504)
+  * Rename `Sync2` -> `Sync` (#26479)
+  * Fix stderr usages (#26477)
+  * Remove fomantic transition module (#26469)
+  * Refactor tests (#26464)
+  * Refactor project templates (#26448)
+  * Fall back to esbuild for css minify (#26445)
+  * Always show usernames in reaction tooltips (#26444)
+  * Use correct pull request commit link instead of a generic commit link (#26434)
+  * Refactor "editorconfig" (#26391)
+  * Make `user-content-* ` consistent with github (#26388)
+  * Remove unnecessary template helper repoAvatar (#26387)
+  * Remove unnecessary template helper DisableGravatar (#26386)
+  * Use template context function for avatar rendering (#26385)
+  * Rename code_langauge.go to code_language.go (#26377)
+  * Use more `IssueList` instead of `[]*Issue` (#26369)
+  * Do not highlight `#number` in documents (#26365)
+  * Fix display problems of members and teams unit (#26363)
+  * Fix 404 error when remove self from an organization (#26362)
+  * Improve CLI and messages (#26341)
+  * Refactor backend SVG package and add tests (#26335)
+  * Add link to job details and tooltip to commit status in repo list in dashboard (#26326)
+  * Use yellow if an approved review is stale (#26312)
+  * Remove commit load branches and tags in wiki repo (#26304)
+  * Add highlight to selected repos in milestone dashboard (#26300)
+  * Delete `issue_service.CreateComment` (#26298)
+  * Do not show Profile README when repository is private (#26295)
+  * Tweak actions menu (#26278)
+  * Start using template context function (#26254)
+  * Use calendar icon for `Joined on...` in profiles (#26215)
+  * Add 'Show on a map' button to Location in profile, fix layout (#26214)
+  * Render plaintext task list items for markdown files (#26186)
+  * Add tooltip to describe LFS table column and color `delete LFS file` button red (#26181)
+  * Release attachments duplicated check (#26176)
+  * De-emphasize issue sidebar buttons (#26171)
+  * Fixing the align of commit stats in commit_page template. (#26161)
+  * Allow editing push mirrors after creation (#26151)
+  * Move web JSON functions to web context and simplify code (#26132)
+  * Refactor improve NoBetterThan (#26126)
+  * Improve clickable area in repo action view page (#26115)
+  * Add context parameter to some database functions (#26055)
+  * Docusaurus-ify (#26051)
+  * Improve text for empty issue/pr description (#26047)
+  * Categorize admin settings sidebar panel (#26030)
+  * Remove redundant "RouteMethods" method (#26024)
+  * Refactor and enhance issue indexer to support both searching, filtering and paging (#26012)
+  * Add a link to OpenID Issuer URL in WebFinger response (#26000)
+  * Fix UI for release tag page / wiki page / subscription page (#25948)
+  * Support copy protected branch from template repository (#25889)
+  * Improve display of Labels/Projects/Assignees sort options (#25886)
+  * Fix margin on the new/edit project page. (#25885)
+  * Show image size on view page (#25884)
+  * Remove ref name in PR commits page (#25876)
+  * Allow the use of alternative net.Listener implementations by downstreams (#25855)
+  * Refactor "Content" for file uploading (#25851)
+  * Add error info if no user can fork the repo (#25820)
+  * Show edit title button on commits tab of PR, too (#25791)
+  * Introduce `flex-list` & `flex-item` elements for Gitea UI (#25790)
+  * Don't stack PR tab menu on small screens (#25789)
+  * Repository Archived text title center align (#25767)
+  * Make route middleware/handler mockable (#25766)
+  * Move issue filters to shared template (#25729)
+  * Use frontend fetch for branch dropdown component (#25719)
+  * Add open/closed field support for issue index (#25708)
+  * Some less naked returns (#25682)
+  * Fix inconsistent user profile layout across tabs (#25625)
+  * Get latest commit statuses from database instead of git data on dashboard for repositories (#25605)
+  * Adding  branch-name copy  to clipboard branches screen. (#25596)
+  * Update emoji set to Unicode 15 (#25595)
+  * Move some files under repo/setting (#25585)
+  * Add custom ansi colors and CSS variables for them (#25546)
+  * Add log line anchor for action logs (#25532)
+  * Use flex instead of float for sort button and search input (#25519)
+  * Update octicons and use `octicon-file-directory-symlink` (#25453)
+  * Add toasts to UI (#25449)
+  * Fine tune project board label colors and modal content background (#25419)
+  * Import additional secrets via file uri (#25408)
+  * Switch to ansi_up for ansi rendering in actions (#25401)
+  * Store and use seconds for timeline time comments (#25392)
+  * Support displaying diff stats in PR tab bar (#25387)
+  * Use fetch form action for lock/unlock/pin/unpin on sidebar (#25380)
+  * Refactor: TotalTimes return seconds (#25370)
+  * Navbar styling rework (#25343)
+  * Introduce shared template for search inputs (#25338)
+  * Only show 'Manage Account Links' when necessary (#25311)
+  * Improve 'Privacy' section in profile settings (#25309)
+  * Substitute variables in path names of template repos too (#25294)
+  * Fix tags line no margin see #25255 (#25280)
+  * Use fetch to send requests to create issues/comments (#25258)
+  * Change form actions to fetch for submit review box (#25219)
+  * Improve AJAX link and modal confirm dialog (#25210)
+  * Reduce unnecessary DB queries for Actions tasks (#25199)
+  * Disable `Create column` button while the column name is empty (#25192)
+  * Refactor indexer (#25174)
+  * Adjust style for action run list (align icons, adjust padding) (#25170)
+  * Remove duplicated functions when deleting a branch (#25128)
+  * Make confusable character warning less jarring (#25069)
+  * Highlight viewed files differently in the PR filetree (#24956)
+  * Support changing labels of Actions runner without re-registration (#24806)
+  * Fix duplicate Reviewed-by trailers (#24796)
+  * Resolve issue with sort icons on admin/users and admin/runners (#24360)
+  * Split lfs size from repository size (#22900)
+  * Sync branches into databases (#22743)
+  * Disable run user change in installation page (#22499)
+  * Add merge files files to GetCommitFileStatus (#20515)
+  * Show OpenID Connect and OAuth on signup page (#20242)
+* SECURITY
+  * Dont leak private users via extensions (#28023) (#28029)
+  * Expanded minimum RSA Keylength to 3072 (#26604)
+* TESTING
+  * Add user secrets API integration tests (#27832) (#27852)
+  * Add tests for db indexer in indexer_test.go (#27087)
+  * Speed up TestEventSourceManagerRun (#26262)
+  * Add unit test for user renaming (#26261)
+  * Add some Wiki unit tests (#26260)
+  * Improve unit test for caching (#26185)
+  * Add unit test for `HashAvatar` (#25662)
+* TRANSLATION
+  * Backport translations to v1.21 (#27899)
+  * Fix issues in translation file (#27699) (#27737)
+  * Add locale for deleted head branch (#26296)
+  * Improve multiple strings in en-US locale (#26213)
+  * Fix broken translations for package documantion (#25742)
+  * Correct translation wrong format (#25643)
+* BUILD
+  * Dockerfile small refactor (#27757) (#27826)
+  * Fix build errors on BSD (in BSDMakefile) (#27594) (#27608)
+  * Fully replace drone with actions (#27556) (#27575)
+  * Enable markdownlint `no-duplicate-header` (#27500) (#27506)
+  * Enable production source maps for index.js, fix CSS sourcemaps (#27291) (#27295)
+  * Update snap package (#27021)
+  * Bump go to 1.21 (#26608)
+  * Bump xgo to go-1.21.x and node to 20 in release-version (#26589)
+  * Add template linting via djlint (#25212)
+* DOCS
+  * Change default size of issue/pr attachments and repo file (#27946) (#28017)
+  * Remove `known issue` section in Gitea Actions Doc (#27930) (#27938)
+  * Remove outdated paragraphs when comparing Gitea Actions to GitHub Actions (#27119)
+  * Update brew installation documentation since gitea moved to brew core package (#27070)
+  * Actions are no longer experimental, so enable them by default (#27054)
+  * Add a documentation note for Windows Service (#26938)
+  * Add sparse url in cargo package guide (#26937)
+  * Update nginx recommendations (#26924)
+  * Update backup instructions to align with archive structure (#26902)
+  * Expanding documentation in queue.go (#26889)
+  * Update info regarding internet connection for build (#26776)
+  * Docs: template variables (#26547)
+  * Update index doc (#26455)
+  * Update zh-cn documentation (#26406)
+  * Fix typos and grammer problems for actions documentation (#26328)
+  * Update documentation for 1.21 actions (#26317)
+  * Doc update swagger doc for POST /orgs/{org}/teams (#26155)
+  * Doc sync authentication.md to zh-cn (#26117)
+  * Doc guide the user to create the appropriate level runner (#26091)
+  * Make organization redirect warning more clear (#26077)
+  * Update blog links (#25843)
+  * Fix default value for LocalURL (#25426)
+  * Update `from-source.zh-cn.md` & `from-source.en-us.md` - Cross Compile Using Zig (#25194)
+* MISC
+  * Replace deprecated `elliptic.Marshal` (#26800)
+  * Add elapsed time on debug for slow git commands (#25642)
+
+## [1.20.5](https://github.com/go-gitea/gitea/releases/tag/v1.20.5) - 2023-10-03
+
+* ENHANCEMENTS
+  * Fix z-index on markdown completion (#27237) (#27242 & #27238)
+  * Use secure cookie for HTTPS sites (#26999) (#27013)
+* BUGFIXES
+  * Fix git 2.11 error when checking IsEmpty (#27393) (#27396)
+  * Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)
+  * Fix orphan check for deleted branch (#27310) (#27320)
+  * Quote table `release` in sql queries (#27205) (#27219)
+  * Fix release URL in webhooks (#27182) (#27184)
+  * Fix successful return value for `SyncAndGetUserSpecificDiff` (#27152) (#27156)
+  * fix pagination for followers and following (#27127) (#27138)
+  * Fix issue templates when blank isses are disabled (#27061) (#27082)
+  * Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017)
+  * Fix INI parsing for value with trailing slash (#26995) (#27001)
+  * Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27249)
+  * Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27167 & #27162)
+  * Fix bug of review request number (#27406) (#27104)
+* TESTING
+  * services/wiki: Close() after error handling (#27129) (#27137)
+* DOCS
+  * Improve actions docs related to `pull_request` event (#27126) (#27145)
+* MISC
+  * Add logs for data broken of comment review (#27326) (#27344)
+  * Load reviewer before sending notification (#27063) (#27064)
+
 ## [1.20.4](https://github.com/go-gitea/gitea/releases/tag/v1.20.4) - 2023-09-08

 * SECURITY
@@ -428,7 +903,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.com).
  * Add option to search for users is active join a team (#24093)
  * Add PDF rendering via PDFObject (#24086)
  * Refactor web route (#24080)
-  * Make more functions use ctx instead of db.DefaultContext (#24068)
  * Make HTML template functions support context (#24056)
  * Refactor rename user and rename organization (#24052)
  * Localize milestone related time strings (#24051)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -203,10 +203,20 @@ Some of the key points:

 In the PR title, describe the problem you are fixing, not how you are fixing it. \
 Use the first comment as a summary of your PR. \
-In the PR summary, you can describe exactly how you are fixing this problem. \
+In the PR summary, you can describe exactly how you are fixing this problem.
+
 Keep this summary up-to-date as the PR evolves. \
 If your PR changes the UI, you must add **after** screenshots in the PR summary. \
-If you are not implementing a new feature, you should also post **before** screenshots for comparison. \
+If you are not implementing a new feature, you should also post **before** screenshots for comparison.
+
+If you are implementing a new feature, your PR will only be merged if your screenshots are up to date.\
+Furthermore, feature PRs will only be merged if their summary contains a clear usage description (understandable for users) and testing description (understandable for reviewers).
+You should strive to combine both into a single description.
+
+Another requirement for merging PRs is that the PR is labeled correctly.\
+However, this is not your job as a contributor, but the job of the person merging your PR.\
+If you think that your PR was labeled incorrectly, or notice that it was merged without labels, please let us know.
+
 If your PR closes some issues, you must note that in a way that both GitHub and Gitea understand, i.e. by appending a paragraph like

 ```text
@@ -225,17 +235,20 @@ PRs without a milestone may not be merged.

 ### Labels

-Every PR should be labeled correctly with every label that applies. \
-This includes especially the distinction between `bug` (fixing existing functionality), `feature` (new functionality), `enhancement` (upgrades for existing functionality), and `refactoring` (improving the internal code structure without changing the output (much)). \
-Furthermore,
+Almost all labels used inside Gitea can be classified as one of the following:
+
+- `modifies/…`: Determines which parts of the codebase are affected. These labels will be set through the CI.
+- `topic/…`:  Determines the conceptual component of Gitea that is affected, i.e. issues, projects, or authentication. At best, PRs should only target one component but there might be overlap. Must be set manually.
+- `type/…`: Determines the type of an issue or PR (feature, refactoring, docs, bug, …). If GitHub supported scoped labels, these labels would be exclusive, so you should set **exactly** one, not more or less (every PR should fall into one of the provided categories, and only one).
+- `issue/…` / `pr/…`: Labels that are specific to issues or PRs respectively and that are only necessary in a given context, i.e. `issue/not-a-bug` or `pr/need-2-approvals`
+
+Every PR should be labeled correctly with every label that applies.
+
+There are also some labels that will be managed automatically.\
+In particular, these are

 - the amount of pending required approvals
- whether this PR is `blocked`, a `backport` or `breaking`
- if it targets the `ui` or `api`
- if it increases the application `speed`
- reduces `memory usage`
-
-are oftentimes notable labels.
+- has all `backport`s or needs a manual backport

 ### Breaking PRs

@@ -252,13 +265,16 @@ Changing the default value of a setting or replacing the setting with another on

 #### How to handle breaking PRs?

-If your PR has a breaking change, you must add a `BREAKING` section to your PR summary, e.g.
+If your PR has a breaking change, you must add two things to the summary of your PR:

-```
+1. A reasoning why this breaking change is necessary
+2. A `BREAKING` section explaining in simple terms (understandable for a typical user) how this PR affects users and how to mitigate these changes. This section can look for example like
+
+```md
 ## :warning: BREAKING :warning:
 ```

-To explain how this will affect users and how to mitigate these changes.
+Breaking PRs will not be merged as long as not both of these requirements are met.

 ### Maintaining open PRs

--- a/40
+++ b/40
@@ -1,5 +1,5 @@
-#Build stage
-FROM docker.io/library/golang:1.21-alpine3.18 AS build-env
+# Build stage
+FROM docker.io/library/golang:1.21-alpine3.19 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -9,21 +9,39 @@ ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

-#Build deps
-RUN apk --no-cache add build-base git nodejs npm
+# Build deps
+RUN apk --no-cache add \
+    build-base \
+    git \
+    nodejs \
+    npm \
+    && rm -rf /var/cache/apk/*

-#Setup repo
+# Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea

-#Checkout version if set
+# Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 && make clean-all build

 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM docker.io/library/alpine:3.18
+# Copy local files
+COPY docker/root /tmp/local
+
+# Set permissions
+RUN chmod 755 /tmp/local/usr/bin/entrypoint \
+              /tmp/local/usr/local/bin/gitea \
+              /tmp/local/etc/s6/gitea/* \
+              /tmp/local/etc/s6/openssh/* \
+              /tmp/local/etc/s6/.s6-svscan/* \
+              /go/src/code.gitea.io/gitea/gitea \
+              /go/src/code.gitea.io/gitea/environment-to-ini
+RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
+
+FROM docker.io/library/alpine:3.19
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
@@ -39,7 +57,8 @@ RUN apk --no-cache add \
    s6 \
    sqlite \
    su-exec \
-    gnupg
+    gnupg \
+    && rm -rf /var/cache/apk/*

 RUN addgroup \
    -S -g 1000 \
@@ -61,10 +80,7 @@ VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]

-COPY docker/root /
+COPY --from=build-env /tmp/local /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
-RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
-RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,5 +1,5 @@
-#Build stage
-FROM docker.io/library/golang:1.21-alpine3.18 AS build-env
+# Build stage
+FROM docker.io/library/golang:1.21-alpine3.19 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -10,20 +10,36 @@ ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

 #Build deps
-RUN apk --no-cache add build-base git nodejs npm
+RUN apk --no-cache add \
+    build-base \
+    git \
+    nodejs \
+    npm \
+    && rm -rf /var/cache/apk/*

-#Setup repo
+# Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea

-#Checkout version if set
+# Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 && make clean-all build

 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM docker.io/library/alpine:3.18
+# Copy local files
+COPY docker/rootless /tmp/local
+
+# Set permissions
+RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
+              /tmp/local/usr/local/bin/docker-setup.sh \
+              /tmp/local/usr/local/bin/gitea \
+              /go/src/code.gitea.io/gitea/gitea \
+              /go/src/code.gitea.io/gitea/environment-to-ini
+RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
+
+FROM docker.io/library/alpine:3.19
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 2222 3000
@@ -35,7 +51,8 @@ RUN apk --no-cache add \
    gettext \
    git \
    curl \
-    gnupg
+    gnupg \
+    && rm -rf /var/cache/apk/*

 RUN addgroup \
    -S -g 1000 \
@@ -51,21 +68,19 @@ RUN addgroup \
 RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea

-COPY docker/rootless /
+COPY --from=build-env /tmp/local /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
-RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh

-#git:git
+# git:git
 USER 1000:1000
 ENV GITEA_WORK_DIR /var/lib/gitea
 ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea

-#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+# TODO add to docs the ability to define the ini to load (useful to test and revert a config)
 ENV GITEA_APP_INI /etc/gitea/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
@@ -73,4 +88,3 @@ WORKDIR /var/lib/gitea

 ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD []
-
--- a/2
+++ b/2
@@ -57,3 +57,5 @@ Punit Inani <punitinani1@gmail.com> (@puni9869)
 CaiCandong  <1290147055@qq.com> (@caicandong)
 Rui Chen  <rui@chenrui.dev> (@chenrui333)
 Nanguan Lin <nanguanlin6@gmail.com> (@lng2020)
+kerwin612 <kerwin612@qq.com> (@kerwin612)
+Gary Wang <git@blumia.net> (@BLumia)
--- a/87
+++ b/87
@@ -28,7 +28,7 @@ XGO_VERSION := go-1.21.x
 AIR_PACKAGE ?= github.com/cosmtrek/air@v1.44.0
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.7.0
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.5.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.1
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.0
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5
@@ -49,10 +49,14 @@ ifeq ($(HAS_GO), yes)
 	CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS)
 endif

-ifeq ($(OS), Windows_NT)
-	GOFLAGS := -v -buildmode=exe
-	EXECUTABLE ?= gitea.exe
-else ifeq ($(OS), Windows)
+ifeq ($(GOOS),windows)
+	IS_WINDOWS := yes
+else ifeq ($(patsubst Windows%,Windows,$(OS)),Windows)
+	ifeq ($(GOOS),)
+		IS_WINDOWS := yes
+	endif
+endif
+ifeq ($(IS_WINDOWS),yes)
 	GOFLAGS := -v -buildmode=exe
 	EXECUTABLE ?= gitea.exe
 else
@@ -167,10 +171,6 @@ TEST_MYSQL_HOST ?= mysql:3306
 TEST_MYSQL_DBNAME ?= testgitea
 TEST_MYSQL_USERNAME ?= root
 TEST_MYSQL_PASSWORD ?=
-TEST_MYSQL8_HOST ?= mysql8:3306
-TEST_MYSQL8_DBNAME ?= testgitea
-TEST_MYSQL8_USERNAME ?= root
-TEST_MYSQL8_PASSWORD ?=
 TEST_PGSQL_HOST ?= pgsql:5432
 TEST_PGSQL_DBNAME ?= testgitea
 TEST_PGSQL_USERNAME ?= postgres
@@ -226,6 +226,7 @@ help:
 	@echo " - test-frontend                    test frontend files"
 	@echo " - test-backend                     test backend files"
 	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
+	@echo " - update                           update js and py dependencies"
 	@echo " - update-js                        update js dependencies"
 	@echo " - update-py                        update py dependencies"
 	@echo " - webpack                          build webpack files"
@@ -277,16 +278,15 @@ clean-all: clean

 .PHONY: clean
 clean:
-	$(GO) clean -i ./...
 	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) $(BINDATA_HASH) \
 		integrations*.test \
 		e2e*.test \
-		tests/integration/gitea-integration-pgsql/ tests/integration/gitea-integration-mysql/ tests/integration/gitea-integration-mysql8/ tests/integration/gitea-integration-sqlite/ \
-		tests/integration/gitea-integration-mssql/ tests/integration/indexers-mysql/ tests/integration/indexers-mysql8/ tests/integration/indexers-pgsql tests/integration/indexers-sqlite \
-		tests/integration/indexers-mssql tests/mysql.ini tests/mysql8.ini tests/pgsql.ini tests/mssql.ini man/ \
-		tests/e2e/gitea-e2e-pgsql/ tests/e2e/gitea-e2e-mysql/ tests/e2e/gitea-e2e-mysql8/ tests/e2e/gitea-e2e-sqlite/ \
-		tests/e2e/gitea-e2e-mssql/ tests/e2e/indexers-mysql/ tests/e2e/indexers-mysql8/ tests/e2e/indexers-pgsql/ tests/e2e/indexers-sqlite/ \
-		tests/e2e/indexers-mssql/ tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/
+		tests/integration/gitea-integration-* \
+		tests/integration/indexers-* \
+		tests/mysql.ini tests/pgsql.ini tests/mssql.ini man/ \
+		tests/e2e/gitea-e2e-*/ \
+		tests/e2e/indexers-*/ \
+		tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/

 .PHONY: fmt
 fmt:
@@ -550,27 +550,6 @@ test-mysql\#%: integrations.mysql.test generate-ini-mysql
 .PHONY: test-mysql-migration
 test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test

-generate-ini-mysql8:
-	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
-		-e 's|{{TEST_MYSQL8_DBNAME}}|${TEST_MYSQL8_DBNAME}|g' \
-		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
-		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
-		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
-		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
-			tests/mysql8.ini.tmpl > tests/mysql8.ini
-
-.PHONY: test-mysql8
-test-mysql8: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test
-
-.PHONY: test-mysql8\#%
-test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
-
-.PHONY: test-mysql8-migration
-test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test
-
 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
 		-e 's|{{TEST_PGSQL_DBNAME}}|${TEST_PGSQL_DBNAME}|g' \
@@ -643,14 +622,6 @@ test-e2e-mysql: playwright e2e.mysql.test generate-ini-mysql
 test-e2e-mysql\#%: playwright e2e.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test -test.run TestE2e/$*

-.PHONY: test-e2e-mysql8
-test-e2e-mysql8: playwright e2e.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test
-
-.PHONY: test-e2e-mysql8\#%
-test-e2e-mysql8\#%: playwright e2e.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test -test.run TestE2e/$*
-
 .PHONY: test-e2e-pgsql
 test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test
@@ -694,9 +665,6 @@ integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sq
 integrations.mysql.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test

-integrations.mysql8.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql8.test
-
 integrations.pgsql.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test

@@ -717,11 +685,6 @@ migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test

-.PHONY: migrations.mysql8.test
-migrations.mysql8.test: $(GO_SOURCES) generate-ini-mysql8
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql8.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test
-
 .PHONY: migrations.pgsql.test
 migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
@@ -743,13 +706,7 @@ migrations.individual.mysql.test: $(GO_SOURCES)
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done

-.PHONY: migrations.individual.mysql8.test
-migrations.individual.mysql8.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.mysql8.test\#%
+.PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*

@@ -787,9 +744,6 @@ migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
 e2e.mysql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test

-e2e.mysql8.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql8.test
-
 e2e.pgsql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test

@@ -921,9 +875,12 @@ node_modules: package-lock.json
 	@touch node_modules

 .venv: poetry.lock
-	poetry install
+	poetry install --no-root
 	@touch .venv

+.PHONY: update
+update: update-js update-py
+
 .PHONY: update-js
 update-js: node-check | node_modules
 	npx updates -u -f package.json
@@ -935,7 +892,7 @@ update-js: node-check | node_modules
 update-py: node-check | node_modules
 	npx updates -u -f pyproject.toml
 	rm -rf .venv poetry.lock
-	poetry install
+	poetry install --no-root
 	@touch .venv

 .PHONY: fomantic
--- a/README.md
+++ b/README.md
@@ -6,11 +6,11 @@
 <h1 align="center">Gitea - Git with a cup of tea</h1>

 <p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
+  <a href="https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml?query=branch%3Amain" title="Release Nightly">
+    <img src="https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml/badge.svg?branch=main">
  </a>
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
+    <img src="https://img.shields.io/discord/322538954119184384.svg?logo=discord&logoColor=white&label=Discord&color=5865F2">
  </a>
  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
@@ -62,11 +62,16 @@ painless way of setting up a self-hosted Git service.
 As Gitea is written in Go, it works across **all** the platforms and
 architectures that are supported by Go, including Linux, macOS, and
 Windows on x86, amd64, ARM and PowerPC architectures.
-You can try it out using [the online demo](https://try.gitea.io/).
 This project has been
 [forked](https://blog.gitea.com/welcome-to-gitea/) from
 [Gogs](https://gogs.io) since November of 2016, but a lot has changed.

+For online demonstrations, you can visit [try.gitea.io](https://try.gitea.io).
+
+For accessing free Gitea service (with a limited number of repositories), you can visit [gitea.com](https://gitea.com/user/login).
+
+To quickly deploy your own dedicated Gitea instance on Gitea Cloud, you can start a free trial at [cloud.gitea.com](https://cloud.gitea.com).
+
 ## Building

 From the root of the source tree, run:
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -6,8 +6,8 @@
 <h1 align="center">Gitea - Git with a cup of tea</h1>

 <p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
+  <a href="https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml?query=branch%3Amain" title="Release Nightly">
+    <img src="https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml/badge.svg?branch=main">
  </a>
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
@@ -58,7 +58,11 @@

 Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。

-如果您想试用一下，请访问 [在线Demo](https://try.gitea.io/)！
+如果你想试用在线演示，请访问 [try.gitea.io](https://try.gitea.io/)。
+
+如果你想使用免费的 Gitea 服务（有仓库数量限制），请访问 [gitea.com](https://gitea.com/user/login)。
+
+如果你想在 Gitea Cloud 上快速部署你自己独享的 Gitea 实例，请访问 [cloud.gitea.com](https://cloud.gitea.com) 开始免费试用。

 ## 提示

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -12,7 +12,7 @@ Please **DO NOT** file a public issue, instead send your report privately to `se

 ## Protecting Security Information

-Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
+Due to the sensitive nature of security information, you can use the below GPG public key to encrypt your mail body.

 The PGP key is valid until June 24, 2024.

--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/cmd/actions.go
+++ b/cmd/actions.go
@@ -15,9 +15,8 @@ import (
 var (
 	// CmdActions represents the available actions sub-commands.
 	CmdActions = &cli.Command{
-		Name:        "actions",
-		Usage:       "",
-		Description: "Commands for managing Gitea Actions",
+		Name:  "actions",
+		Usage: "Manage Gitea Actions",
 		Subcommands: []*cli.Command{
 			subcmdActionsGenRunnerToken,
 		},
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -6,26 +6,13 @@ package cmd

 import (
 	"context"
-	"errors"
 	"fmt"
-	"net/url"
-	"os"
-	"strings"
-	"text/tabwriter"

-	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
-	"code.gitea.io/gitea/modules/util"
-	auth_service "code.gitea.io/gitea/services/auth"
-	"code.gitea.io/gitea/services/auth/source/oauth2"
-	"code.gitea.io/gitea/services/auth/source/smtp"
-	repo_service "code.gitea.io/gitea/services/repository"

 	"github.com/urfave/cli/v2"
 )
@@ -34,7 +21,7 @@ var (
 	// CmdAdmin represents the available admin sub-command.
 	CmdAdmin = &cli.Command{
 		Name:  "admin",
-		Usage: "Command line interface to perform common administrative operations",
+		Usage: "Perform common administrative operations",
 		Subcommands: []*cli.Command{
 			subcmdUser,
 			subcmdRepoSyncReleases,
@@ -59,28 +46,16 @@ var (
 		},
 	}

-	microcmdRegenHooks = &cli.Command{
-		Name:   "hooks",
-		Usage:  "Regenerate git-hooks",
-		Action: runRegenerateHooks,
-	}
-
-	microcmdRegenKeys = &cli.Command{
-		Name:   "keys",
-		Usage:  "Regenerate authorized_keys file",
-		Action: runRegenerateKeys,
-	}
-
 	subcmdAuth = &cli.Command{
 		Name:  "auth",
 		Usage: "Modify external auth providers",
 		Subcommands: []*cli.Command{
 			microcmdAuthAddOauth,
 			microcmdAuthUpdateOauth,
-			cmdAuthAddLdapBindDn,
-			cmdAuthUpdateLdapBindDn,
-			cmdAuthAddLdapSimpleAuth,
-			cmdAuthUpdateLdapSimpleAuth,
+			microcmdAuthAddLdapBindDn,
+			microcmdAuthUpdateLdapBindDn,
+			microcmdAuthAddLdapSimpleAuth,
+			microcmdAuthUpdateLdapSimpleAuth,
 			microcmdAuthAddSMTP,
 			microcmdAuthUpdateSMTP,
 			microcmdAuthList,
@@ -88,170 +63,6 @@ var (
 		},
 	}

-	microcmdAuthList = &cli.Command{
-		Name:   "list",
-		Usage:  "List auth sources",
-		Action: runListAuth,
-		Flags: []cli.Flag{
-			&cli.IntFlag{
-				Name:  "min-width",
-				Usage: "Minimal cell width including any padding for the formatted table",
-				Value: 0,
-			},
-			&cli.IntFlag{
-				Name:  "tab-width",
-				Usage: "width of tab characters in formatted table (equivalent number of spaces)",
-				Value: 8,
-			},
-			&cli.IntFlag{
-				Name:  "padding",
-				Usage: "padding added to a cell before computing its width",
-				Value: 1,
-			},
-			&cli.StringFlag{
-				Name:  "pad-char",
-				Usage: `ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result)`,
-				Value: "\t",
-			},
-			&cli.BoolFlag{
-				Name:  "vertical-bars",
-				Usage: "Set to true to print vertical bars between columns",
-			},
-		},
-	}
-
-	idFlag = &cli.Int64Flag{
-		Name:  "id",
-		Usage: "ID of authentication source",
-	}
-
-	microcmdAuthDelete = &cli.Command{
-		Name:   "delete",
-		Usage:  "Delete specific auth source",
-		Flags:  []cli.Flag{idFlag},
-		Action: runDeleteAuth,
-	}
-
-	oauthCLIFlags = []cli.Flag{
-		&cli.StringFlag{
-			Name:  "name",
-			Value: "",
-			Usage: "Application Name",
-		},
-		&cli.StringFlag{
-			Name:  "provider",
-			Value: "",
-			Usage: "OAuth2 Provider",
-		},
-		&cli.StringFlag{
-			Name:  "key",
-			Value: "",
-			Usage: "Client ID (Key)",
-		},
-		&cli.StringFlag{
-			Name:  "secret",
-			Value: "",
-			Usage: "Client Secret",
-		},
-		&cli.StringFlag{
-			Name:  "auto-discover-url",
-			Value: "",
-			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",
-		},
-		&cli.StringFlag{
-			Name:  "use-custom-urls",
-			Value: "false",
-			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
-		},
-		&cli.StringFlag{
-			Name:  "custom-tenant-id",
-			Value: "",
-			Usage: "Use custom Tenant ID for OAuth endpoints",
-		},
-		&cli.StringFlag{
-			Name:  "custom-auth-url",
-			Value: "",
-			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",
-		},
-		&cli.StringFlag{
-			Name:  "custom-token-url",
-			Value: "",
-			Usage: "Use a custom Token URL (option for GitLab/GitHub)",
-		},
-		&cli.StringFlag{
-			Name:  "custom-profile-url",
-			Value: "",
-			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",
-		},
-		&cli.StringFlag{
-			Name:  "custom-email-url",
-			Value: "",
-			Usage: "Use a custom Email URL (option for GitHub)",
-		},
-		&cli.StringFlag{
-			Name:  "icon-url",
-			Value: "",
-			Usage: "Custom icon URL for OAuth2 login source",
-		},
-		&cli.BoolFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Set to true to skip local 2fa for users authenticated by this source",
-		},
-		&cli.StringSliceFlag{
-			Name:  "scopes",
-			Value: nil,
-			Usage: "Scopes to request when to authenticate against this OAuth2 source",
-		},
-		&cli.StringFlag{
-			Name:  "required-claim-name",
-			Value: "",
-			Usage: "Claim name that has to be set to allow users to login with this source",
-		},
-		&cli.StringFlag{
-			Name:  "required-claim-value",
-			Value: "",
-			Usage: "Claim value that has to be set to allow users to login with this source",
-		},
-		&cli.StringFlag{
-			Name:  "group-claim-name",
-			Value: "",
-			Usage: "Claim name providing group names for this source",
-		},
-		&cli.StringFlag{
-			Name:  "admin-group",
-			Value: "",
-			Usage: "Group Claim value for administrator users",
-		},
-		&cli.StringFlag{
-			Name:  "restricted-group",
-			Value: "",
-			Usage: "Group Claim value for restricted users",
-		},
-		&cli.StringFlag{
-			Name:  "group-team-map",
-			Value: "",
-			Usage: "JSON mapping between groups and org teams",
-		},
-		&cli.BoolFlag{
-			Name:  "group-team-map-removal",
-			Usage: "Activate automatic team membership removal depending on groups",
-		},
-	}
-
-	microcmdAuthUpdateOauth = &cli.Command{
-		Name:   "update-oauth",
-		Usage:  "Update existing Oauth authentication source",
-		Action: runUpdateOauth,
-		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
-	}
-
-	microcmdAuthAddOauth = &cli.Command{
-		Name:   "add-oauth",
-		Usage:  "Add new Oauth authentication source",
-		Action: runAddOauth,
-		Flags:  oauthCLIFlags,
-	}
-
 	subcmdSendMail = &cli.Command{
 		Name:   "sendmail",
 		Usage:  "Send a message to all users",
@@ -275,75 +86,9 @@ var (
 		},
 	}

-	smtpCLIFlags = []cli.Flag{
-		&cli.StringFlag{
-			Name:  "name",
-			Value: "",
-			Usage: "Application Name",
-		},
-		&cli.StringFlag{
-			Name:  "auth-type",
-			Value: "PLAIN",
-			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
-		},
-		&cli.StringFlag{
-			Name:  "host",
-			Value: "",
-			Usage: "SMTP Host",
-		},
-		&cli.IntFlag{
-			Name:  "port",
-			Usage: "SMTP Port",
-		},
-		&cli.BoolFlag{
-			Name:  "force-smtps",
-			Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",
-			Value: true,
-		},
-		&cli.BoolFlag{
-			Name:  "skip-verify",
-			Usage: "Skip TLS verify.",
-			Value: true,
-		},
-		&cli.StringFlag{
-			Name:  "helo-hostname",
-			Value: "",
-			Usage: "Hostname sent with HELO. Leave blank to send current hostname",
-		},
-		&cli.BoolFlag{
-			Name:  "disable-helo",
-			Usage: "Disable SMTP helo.",
-			Value: true,
-		},
-		&cli.StringFlag{
-			Name:  "allowed-domains",
-			Value: "",
-			Usage: "Leave empty to allow all domains. Separate multiple domains with a comma (',')",
-		},
-		&cli.BoolFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Skip 2FA to log on.",
-			Value: true,
-		},
-		&cli.BoolFlag{
-			Name:  "active",
-			Usage: "This Authentication Source is Activated.",
-			Value: true,
-		},
-	}
-
-	microcmdAuthAddSMTP = &cli.Command{
-		Name:   "add-smtp",
-		Usage:  "Add new SMTP authentication source",
-		Action: runAddSMTP,
-		Flags:  smtpCLIFlags,
-	}
-
-	microcmdAuthUpdateSMTP = &cli.Command{
-		Name:   "update-smtp",
-		Usage:  "Update existing SMTP authentication source",
-		Action: runUpdateSMTP,
-		Flags:  append(smtpCLIFlags[:1], append([]cli.Flag{idFlag}, smtpCLIFlags[1:]...)...),
+	idFlag = &cli.Int64Flag{
+		Name:  "id",
+		Usage: "ID of authentication source",
 	}
 )

@@ -389,7 +134,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 			}
 			log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)

-			if err = repo_module.SyncReleasesWithTags(repo, gitRepo); err != nil {
+			if err = repo_module.SyncReleasesWithTags(ctx, repo, gitRepo); err != nil {
 				log.Warn(" SyncReleasesWithTags: %v", err)
 				gitRepo.Close()
 				continue
@@ -420,351 +165,3 @@ func getReleaseCount(ctx context.Context, id int64) (int64, error) {
 		},
 	)
 }
-
-func runRegenerateHooks(_ *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
-}
-
-func runRegenerateKeys(_ *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-	return asymkey_model.RewriteAllPublicKeys()
-}
-
-func parseOAuth2Config(c *cli.Context) *oauth2.Source {
-	var customURLMapping *oauth2.CustomURLMapping
-	if c.IsSet("use-custom-urls") {
-		customURLMapping = &oauth2.CustomURLMapping{
-			TokenURL:   c.String("custom-token-url"),
-			AuthURL:    c.String("custom-auth-url"),
-			ProfileURL: c.String("custom-profile-url"),
-			EmailURL:   c.String("custom-email-url"),
-			Tenant:     c.String("custom-tenant-id"),
-		}
-	} else {
-		customURLMapping = nil
-	}
-	return &oauth2.Source{
-		Provider:                      c.String("provider"),
-		ClientID:                      c.String("key"),
-		ClientSecret:                  c.String("secret"),
-		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
-		CustomURLMapping:              customURLMapping,
-		IconURL:                       c.String("icon-url"),
-		SkipLocalTwoFA:                c.Bool("skip-local-2fa"),
-		Scopes:                        c.StringSlice("scopes"),
-		RequiredClaimName:             c.String("required-claim-name"),
-		RequiredClaimValue:            c.String("required-claim-value"),
-		GroupClaimName:                c.String("group-claim-name"),
-		AdminGroup:                    c.String("admin-group"),
-		RestrictedGroup:               c.String("restricted-group"),
-		GroupTeamMap:                  c.String("group-team-map"),
-		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
-	}
-}
-
-func runAddOauth(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	config := parseOAuth2Config(c)
-	if config.Provider == "openidConnect" {
-		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
-		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
-			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)
-		}
-	}
-
-	return auth_model.CreateSource(&auth_model.Source{
-		Type:     auth_model.OAuth2,
-		Name:     c.String("name"),
-		IsActive: true,
-		Cfg:      config,
-	})
-}
-
-func runUpdateOauth(c *cli.Context) error {
-	if !c.IsSet("id") {
-		return fmt.Errorf("--id flag is missing")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
-	if err != nil {
-		return err
-	}
-
-	oAuth2Config := source.Cfg.(*oauth2.Source)
-
-	if c.IsSet("name") {
-		source.Name = c.String("name")
-	}
-
-	if c.IsSet("provider") {
-		oAuth2Config.Provider = c.String("provider")
-	}
-
-	if c.IsSet("key") {
-		oAuth2Config.ClientID = c.String("key")
-	}
-
-	if c.IsSet("secret") {
-		oAuth2Config.ClientSecret = c.String("secret")
-	}
-
-	if c.IsSet("auto-discover-url") {
-		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
-	}
-
-	if c.IsSet("icon-url") {
-		oAuth2Config.IconURL = c.String("icon-url")
-	}
-
-	if c.IsSet("scopes") {
-		oAuth2Config.Scopes = c.StringSlice("scopes")
-	}
-
-	if c.IsSet("required-claim-name") {
-		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
-	}
-	if c.IsSet("required-claim-value") {
-		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
-	}
-
-	if c.IsSet("group-claim-name") {
-		oAuth2Config.GroupClaimName = c.String("group-claim-name")
-	}
-	if c.IsSet("admin-group") {
-		oAuth2Config.AdminGroup = c.String("admin-group")
-	}
-	if c.IsSet("restricted-group") {
-		oAuth2Config.RestrictedGroup = c.String("restricted-group")
-	}
-	if c.IsSet("group-team-map") {
-		oAuth2Config.GroupTeamMap = c.String("group-team-map")
-	}
-	if c.IsSet("group-team-map-removal") {
-		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
-	}
-
-	// update custom URL mapping
-	customURLMapping := &oauth2.CustomURLMapping{}
-
-	if oAuth2Config.CustomURLMapping != nil {
-		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
-		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
-		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
-		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
-		customURLMapping.Tenant = oAuth2Config.CustomURLMapping.Tenant
-	}
-	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
-		customURLMapping.TokenURL = c.String("custom-token-url")
-	}
-
-	if c.IsSet("use-custom-urls") && c.IsSet("custom-auth-url") {
-		customURLMapping.AuthURL = c.String("custom-auth-url")
-	}
-
-	if c.IsSet("use-custom-urls") && c.IsSet("custom-profile-url") {
-		customURLMapping.ProfileURL = c.String("custom-profile-url")
-	}
-
-	if c.IsSet("use-custom-urls") && c.IsSet("custom-email-url") {
-		customURLMapping.EmailURL = c.String("custom-email-url")
-	}
-
-	if c.IsSet("use-custom-urls") && c.IsSet("custom-tenant-id") {
-		customURLMapping.Tenant = c.String("custom-tenant-id")
-	}
-
-	oAuth2Config.CustomURLMapping = customURLMapping
-	source.Cfg = oAuth2Config
-
-	return auth_model.UpdateSource(source)
-}
-
-func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
-	if c.IsSet("auth-type") {
-		conf.Auth = c.String("auth-type")
-		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
-		if !util.SliceContainsString(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
-			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
-		}
-		conf.Auth = c.String("auth-type")
-	}
-	if c.IsSet("host") {
-		conf.Host = c.String("host")
-	}
-	if c.IsSet("port") {
-		conf.Port = c.Int("port")
-	}
-	if c.IsSet("allowed-domains") {
-		conf.AllowedDomains = c.String("allowed-domains")
-	}
-	if c.IsSet("force-smtps") {
-		conf.ForceSMTPS = c.Bool("force-smtps")
-	}
-	if c.IsSet("skip-verify") {
-		conf.SkipVerify = c.Bool("skip-verify")
-	}
-	if c.IsSet("helo-hostname") {
-		conf.HeloHostname = c.String("helo-hostname")
-	}
-	if c.IsSet("disable-helo") {
-		conf.DisableHelo = c.Bool("disable-helo")
-	}
-	if c.IsSet("skip-local-2fa") {
-		conf.SkipLocalTwoFA = c.Bool("skip-local-2fa")
-	}
-	return nil
-}
-
-func runAddSMTP(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	if !c.IsSet("name") || len(c.String("name")) == 0 {
-		return errors.New("name must be set")
-	}
-	if !c.IsSet("host") || len(c.String("host")) == 0 {
-		return errors.New("host must be set")
-	}
-	if !c.IsSet("port") {
-		return errors.New("port must be set")
-	}
-	active := true
-	if c.IsSet("active") {
-		active = c.Bool("active")
-	}
-
-	var smtpConfig smtp.Source
-	if err := parseSMTPConfig(c, &smtpConfig); err != nil {
-		return err
-	}
-
-	// If not set default to PLAIN
-	if len(smtpConfig.Auth) == 0 {
-		smtpConfig.Auth = "PLAIN"
-	}
-
-	return auth_model.CreateSource(&auth_model.Source{
-		Type:     auth_model.SMTP,
-		Name:     c.String("name"),
-		IsActive: active,
-		Cfg:      &smtpConfig,
-	})
-}
-
-func runUpdateSMTP(c *cli.Context) error {
-	if !c.IsSet("id") {
-		return fmt.Errorf("--id flag is missing")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
-	if err != nil {
-		return err
-	}
-
-	smtpConfig := source.Cfg.(*smtp.Source)
-
-	if err := parseSMTPConfig(c, smtpConfig); err != nil {
-		return err
-	}
-
-	if c.IsSet("name") {
-		source.Name = c.String("name")
-	}
-
-	if c.IsSet("active") {
-		source.IsActive = c.Bool("active")
-	}
-
-	source.Cfg = smtpConfig
-
-	return auth_model.UpdateSource(source)
-}
-
-func runListAuth(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	authSources, err := auth_model.Sources()
-	if err != nil {
-		return err
-	}
-
-	flags := tabwriter.AlignRight
-	if c.Bool("vertical-bars") {
-		flags |= tabwriter.Debug
-	}
-
-	padChar := byte('\t')
-	if len(c.String("pad-char")) > 0 {
-		padChar = c.String("pad-char")[0]
-	}
-
-	// loop through each source and print
-	w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)
-	fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")
-	for _, source := range authSources {
-		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, source.Type.String(), source.IsActive)
-	}
-	w.Flush()
-
-	return nil
-}
-
-func runDeleteAuth(c *cli.Context) error {
-	if !c.IsSet("id") {
-		return fmt.Errorf("--id flag is missing")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
-	if err != nil {
-		return err
-	}
-
-	return auth_service.DeleteSource(source)
-}
--- a/cmd/admin_auth.go
+++ b/cmd/admin_auth.go
@@ -0,0 +1,110 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"text/tabwriter"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
+	auth_service "code.gitea.io/gitea/services/auth"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	microcmdAuthDelete = &cli.Command{
+		Name:   "delete",
+		Usage:  "Delete specific auth source",
+		Flags:  []cli.Flag{idFlag},
+		Action: runDeleteAuth,
+	}
+	microcmdAuthList = &cli.Command{
+		Name:   "list",
+		Usage:  "List auth sources",
+		Action: runListAuth,
+		Flags: []cli.Flag{
+			&cli.IntFlag{
+				Name:  "min-width",
+				Usage: "Minimal cell width including any padding for the formatted table",
+				Value: 0,
+			},
+			&cli.IntFlag{
+				Name:  "tab-width",
+				Usage: "width of tab characters in formatted table (equivalent number of spaces)",
+				Value: 8,
+			},
+			&cli.IntFlag{
+				Name:  "padding",
+				Usage: "padding added to a cell before computing its width",
+				Value: 1,
+			},
+			&cli.StringFlag{
+				Name:  "pad-char",
+				Usage: `ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result)`,
+				Value: "\t",
+			},
+			&cli.BoolFlag{
+				Name:  "vertical-bars",
+				Usage: "Set to true to print vertical bars between columns",
+			},
+		},
+	}
+)
+
+func runListAuth(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	authSources, err := db.Find[auth_model.Source](ctx, auth_model.FindSourcesOptions{})
+	if err != nil {
+		return err
+	}
+
+	flags := tabwriter.AlignRight
+	if c.Bool("vertical-bars") {
+		flags |= tabwriter.Debug
+	}
+
+	padChar := byte('\t')
+	if len(c.String("pad-char")) > 0 {
+		padChar = c.String("pad-char")[0]
+	}
+
+	// loop through each source and print
+	w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)
+	fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")
+	for _, source := range authSources {
+		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, source.Type.String(), source.IsActive)
+	}
+	w.Flush()
+
+	return nil
+}
+
+func runDeleteAuth(c *cli.Context) error {
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	source, err := auth_model.GetSourceByID(ctx, c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	return auth_service.DeleteSource(ctx, source)
+}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -17,9 +17,9 @@ import (
 type (
 	authService struct {
 		initDB            func(ctx context.Context) error
-		createAuthSource  func(*auth.Source) error
-		updateAuthSource  func(*auth.Source) error
-		getAuthSourceByID func(id int64) (*auth.Source, error)
+		createAuthSource  func(context.Context, *auth.Source) error
+		updateAuthSource  func(context.Context, *auth.Source) error
+		getAuthSourceByID func(ctx context.Context, id int64) (*auth.Source, error)
 	}
 )

@@ -132,10 +132,10 @@ var (
 	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
 		&cli.StringFlag{
 			Name:  "user-dn",
-			Usage: "The user’s DN.",
+			Usage: "The user's DN.",
 		})

-	cmdAuthAddLdapBindDn = &cli.Command{
+	microcmdAuthAddLdapBindDn = &cli.Command{
 		Name:  "add-ldap",
 		Usage: "Add new LDAP (via Bind DN) authentication source",
 		Action: func(c *cli.Context) error {
@@ -144,7 +144,7 @@ var (
 		Flags: ldapBindDnCLIFlags,
 	}

-	cmdAuthUpdateLdapBindDn = &cli.Command{
+	microcmdAuthUpdateLdapBindDn = &cli.Command{
 		Name:  "update-ldap",
 		Usage: "Update existing LDAP (via Bind DN) authentication source",
 		Action: func(c *cli.Context) error {
@@ -153,7 +153,7 @@ var (
 		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
 	}

-	cmdAuthAddLdapSimpleAuth = &cli.Command{
+	microcmdAuthAddLdapSimpleAuth = &cli.Command{
 		Name:  "add-ldap-simple",
 		Usage: "Add new LDAP (simple auth) authentication source",
 		Action: func(c *cli.Context) error {
@@ -162,7 +162,7 @@ var (
 		Flags: ldapSimpleAuthCLIFlags,
 	}

-	cmdAuthUpdateLdapSimpleAuth = &cli.Command{
+	microcmdAuthUpdateLdapSimpleAuth = &cli.Command{
 		Name:  "update-ldap-simple",
 		Usage: "Update existing LDAP (simple auth) authentication source",
 		Action: func(c *cli.Context) error {
@@ -289,12 +289,12 @@ func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {

 // getAuthSource gets the login source by its id defined in the command line flags.
 // It returns an error if the id is not set, does not match any source or if the source is not of expected type.
-func (a *authService) getAuthSource(c *cli.Context, authType auth.Type) (*auth.Source, error) {
+func (a *authService) getAuthSource(ctx context.Context, c *cli.Context, authType auth.Type) (*auth.Source, error) {
 	if err := argsSet(c, "id"); err != nil {
 		return nil, err
 	}

-	authSource, err := a.getAuthSourceByID(c.Int64("id"))
+	authSource, err := a.getAuthSourceByID(ctx, c.Int64("id"))
 	if err != nil {
 		return nil, err
 	}
@@ -332,7 +332,7 @@ func (a *authService) addLdapBindDn(c *cli.Context) error {
 		return err
 	}

-	return a.createAuthSource(authSource)
+	return a.createAuthSource(ctx, authSource)
 }

 // updateLdapBindDn updates a new LDAP via Bind DN authentication source.
@@ -344,7 +344,7 @@ func (a *authService) updateLdapBindDn(c *cli.Context) error {
 		return err
 	}

-	authSource, err := a.getAuthSource(c, auth.LDAP)
+	authSource, err := a.getAuthSource(ctx, c, auth.LDAP)
 	if err != nil {
 		return err
 	}
@@ -354,7 +354,7 @@ func (a *authService) updateLdapBindDn(c *cli.Context) error {
 		return err
 	}

-	return a.updateAuthSource(authSource)
+	return a.updateAuthSource(ctx, authSource)
 }

 // addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
@@ -383,7 +383,7 @@ func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
 		return err
 	}

-	return a.createAuthSource(authSource)
+	return a.createAuthSource(ctx, authSource)
 }

 // updateLdapBindDn updates a new LDAP (simple auth) authentication source.
@@ -395,7 +395,7 @@ func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
 		return err
 	}

-	authSource, err := a.getAuthSource(c, auth.DLDAP)
+	authSource, err := a.getAuthSource(ctx, c, auth.DLDAP)
 	if err != nil {
 		return err
 	}
@@ -405,5 +405,5 @@ func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
 		return err
 	}

-	return a.updateAuthSource(authSource)
+	return a.updateAuthSource(ctx, authSource)
 }
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@@ -210,15 +210,15 @@ func TestAddLdapBindDn(t *testing.T) {
 			initDB: func(context.Context) error {
 				return nil
 			},
-			createAuthSource: func(authSource *auth.Source) error {
+			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
 				createdAuthSource = authSource
 				return nil
 			},
-			updateAuthSource: func(authSource *auth.Source) error {
+			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
 				assert.FailNow(t, "case %d: should not call updateAuthSource", n)
 				return nil
 			},
-			getAuthSourceByID: func(id int64) (*auth.Source, error) {
+			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
 				assert.FailNow(t, "case %d: should not call getAuthSourceByID", n)
 				return nil, nil
 			},
@@ -226,7 +226,7 @@ func TestAddLdapBindDn(t *testing.T) {

 		// Create a copy of command to test
 		app := cli.NewApp()
-		app.Flags = cmdAuthAddLdapBindDn.Flags
+		app.Flags = microcmdAuthAddLdapBindDn.Flags
 		app.Action = service.addLdapBindDn

 		// Run it
@@ -441,15 +441,15 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 			initDB: func(context.Context) error {
 				return nil
 			},
-			createAuthSource: func(authSource *auth.Source) error {
+			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
 				createdAuthSource = authSource
 				return nil
 			},
-			updateAuthSource: func(authSource *auth.Source) error {
+			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
 				assert.FailNow(t, "case %d: should not call updateAuthSource", n)
 				return nil
 			},
-			getAuthSourceByID: func(id int64) (*auth.Source, error) {
+			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
 				assert.FailNow(t, "case %d: should not call getAuthSourceByID", n)
 				return nil, nil
 			},
@@ -457,7 +457,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {

 		// Create a copy of command to test
 		app := cli.NewApp()
-		app.Flags = cmdAuthAddLdapSimpleAuth.Flags
+		app.Flags = microcmdAuthAddLdapSimpleAuth.Flags
 		app.Action = service.addLdapSimpleAuth

 		// Run it
@@ -896,15 +896,15 @@ func TestUpdateLdapBindDn(t *testing.T) {
 			initDB: func(context.Context) error {
 				return nil
 			},
-			createAuthSource: func(authSource *auth.Source) error {
+			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
 				assert.FailNow(t, "case %d: should not call createAuthSource", n)
 				return nil
 			},
-			updateAuthSource: func(authSource *auth.Source) error {
+			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
 				updatedAuthSource = authSource
 				return nil
 			},
-			getAuthSourceByID: func(id int64) (*auth.Source, error) {
+			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
 				if c.id != 0 {
 					assert.Equal(t, c.id, id, "case %d: wrong id", n)
 				}
@@ -920,7 +920,7 @@ func TestUpdateLdapBindDn(t *testing.T) {

 		// Create a copy of command to test
 		app := cli.NewApp()
-		app.Flags = cmdAuthUpdateLdapBindDn.Flags
+		app.Flags = microcmdAuthUpdateLdapBindDn.Flags
 		app.Action = service.updateLdapBindDn

 		// Run it
@@ -1286,15 +1286,15 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			initDB: func(context.Context) error {
 				return nil
 			},
-			createAuthSource: func(authSource *auth.Source) error {
+			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
 				assert.FailNow(t, "case %d: should not call createAuthSource", n)
 				return nil
 			},
-			updateAuthSource: func(authSource *auth.Source) error {
+			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
 				updatedAuthSource = authSource
 				return nil
 			},
-			getAuthSourceByID: func(id int64) (*auth.Source, error) {
+			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
 				if c.id != 0 {
 					assert.Equal(t, c.id, id, "case %d: wrong id", n)
 				}
@@ -1310,7 +1310,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {

 		// Create a copy of command to test
 		app := cli.NewApp()
-		app.Flags = cmdAuthUpdateLdapSimpleAuth.Flags
+		app.Flags = microcmdAuthUpdateLdapSimpleAuth.Flags
 		app.Action = service.updateLdapSimpleAuth

 		// Run it
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@@ -0,0 +1,298 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"fmt"
+	"net/url"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/services/auth/source/oauth2"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	oauthCLIFlags = []cli.Flag{
+		&cli.StringFlag{
+			Name:  "name",
+			Value: "",
+			Usage: "Application Name",
+		},
+		&cli.StringFlag{
+			Name:  "provider",
+			Value: "",
+			Usage: "OAuth2 Provider",
+		},
+		&cli.StringFlag{
+			Name:  "key",
+			Value: "",
+			Usage: "Client ID (Key)",
+		},
+		&cli.StringFlag{
+			Name:  "secret",
+			Value: "",
+			Usage: "Client Secret",
+		},
+		&cli.StringFlag{
+			Name:  "auto-discover-url",
+			Value: "",
+			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",
+		},
+		&cli.StringFlag{
+			Name:  "use-custom-urls",
+			Value: "false",
+			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
+		},
+		&cli.StringFlag{
+			Name:  "custom-tenant-id",
+			Value: "",
+			Usage: "Use custom Tenant ID for OAuth endpoints",
+		},
+		&cli.StringFlag{
+			Name:  "custom-auth-url",
+			Value: "",
+			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",
+		},
+		&cli.StringFlag{
+			Name:  "custom-token-url",
+			Value: "",
+			Usage: "Use a custom Token URL (option for GitLab/GitHub)",
+		},
+		&cli.StringFlag{
+			Name:  "custom-profile-url",
+			Value: "",
+			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",
+		},
+		&cli.StringFlag{
+			Name:  "custom-email-url",
+			Value: "",
+			Usage: "Use a custom Email URL (option for GitHub)",
+		},
+		&cli.StringFlag{
+			Name:  "icon-url",
+			Value: "",
+			Usage: "Custom icon URL for OAuth2 login source",
+		},
+		&cli.BoolFlag{
+			Name:  "skip-local-2fa",
+			Usage: "Set to true to skip local 2fa for users authenticated by this source",
+		},
+		&cli.StringSliceFlag{
+			Name:  "scopes",
+			Value: nil,
+			Usage: "Scopes to request when to authenticate against this OAuth2 source",
+		},
+		&cli.StringFlag{
+			Name:  "required-claim-name",
+			Value: "",
+			Usage: "Claim name that has to be set to allow users to login with this source",
+		},
+		&cli.StringFlag{
+			Name:  "required-claim-value",
+			Value: "",
+			Usage: "Claim value that has to be set to allow users to login with this source",
+		},
+		&cli.StringFlag{
+			Name:  "group-claim-name",
+			Value: "",
+			Usage: "Claim name providing group names for this source",
+		},
+		&cli.StringFlag{
+			Name:  "admin-group",
+			Value: "",
+			Usage: "Group Claim value for administrator users",
+		},
+		&cli.StringFlag{
+			Name:  "restricted-group",
+			Value: "",
+			Usage: "Group Claim value for restricted users",
+		},
+		&cli.StringFlag{
+			Name:  "group-team-map",
+			Value: "",
+			Usage: "JSON mapping between groups and org teams",
+		},
+		&cli.BoolFlag{
+			Name:  "group-team-map-removal",
+			Usage: "Activate automatic team membership removal depending on groups",
+		},
+	}
+
+	microcmdAuthAddOauth = &cli.Command{
+		Name:   "add-oauth",
+		Usage:  "Add new Oauth authentication source",
+		Action: runAddOauth,
+		Flags:  oauthCLIFlags,
+	}
+
+	microcmdAuthUpdateOauth = &cli.Command{
+		Name:   "update-oauth",
+		Usage:  "Update existing Oauth authentication source",
+		Action: runUpdateOauth,
+		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
+	}
+)
+
+func parseOAuth2Config(c *cli.Context) *oauth2.Source {
+	var customURLMapping *oauth2.CustomURLMapping
+	if c.IsSet("use-custom-urls") {
+		customURLMapping = &oauth2.CustomURLMapping{
+			TokenURL:   c.String("custom-token-url"),
+			AuthURL:    c.String("custom-auth-url"),
+			ProfileURL: c.String("custom-profile-url"),
+			EmailURL:   c.String("custom-email-url"),
+			Tenant:     c.String("custom-tenant-id"),
+		}
+	} else {
+		customURLMapping = nil
+	}
+	return &oauth2.Source{
+		Provider:                      c.String("provider"),
+		ClientID:                      c.String("key"),
+		ClientSecret:                  c.String("secret"),
+		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
+		CustomURLMapping:              customURLMapping,
+		IconURL:                       c.String("icon-url"),
+		SkipLocalTwoFA:                c.Bool("skip-local-2fa"),
+		Scopes:                        c.StringSlice("scopes"),
+		RequiredClaimName:             c.String("required-claim-name"),
+		RequiredClaimValue:            c.String("required-claim-value"),
+		GroupClaimName:                c.String("group-claim-name"),
+		AdminGroup:                    c.String("admin-group"),
+		RestrictedGroup:               c.String("restricted-group"),
+		GroupTeamMap:                  c.String("group-team-map"),
+		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
+	}
+}
+
+func runAddOauth(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	config := parseOAuth2Config(c)
+	if config.Provider == "openidConnect" {
+		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
+		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
+			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)
+		}
+	}
+
+	return auth_model.CreateSource(ctx, &auth_model.Source{
+		Type:     auth_model.OAuth2,
+		Name:     c.String("name"),
+		IsActive: true,
+		Cfg:      config,
+	})
+}
+
+func runUpdateOauth(c *cli.Context) error {
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	source, err := auth_model.GetSourceByID(ctx, c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	oAuth2Config := source.Cfg.(*oauth2.Source)
+
+	if c.IsSet("name") {
+		source.Name = c.String("name")
+	}
+
+	if c.IsSet("provider") {
+		oAuth2Config.Provider = c.String("provider")
+	}
+
+	if c.IsSet("key") {
+		oAuth2Config.ClientID = c.String("key")
+	}
+
+	if c.IsSet("secret") {
+		oAuth2Config.ClientSecret = c.String("secret")
+	}
+
+	if c.IsSet("auto-discover-url") {
+		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
+	}
+
+	if c.IsSet("icon-url") {
+		oAuth2Config.IconURL = c.String("icon-url")
+	}
+
+	if c.IsSet("scopes") {
+		oAuth2Config.Scopes = c.StringSlice("scopes")
+	}
+
+	if c.IsSet("required-claim-name") {
+		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
+	}
+	if c.IsSet("required-claim-value") {
+		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
+	}
+
+	if c.IsSet("group-claim-name") {
+		oAuth2Config.GroupClaimName = c.String("group-claim-name")
+	}
+	if c.IsSet("admin-group") {
+		oAuth2Config.AdminGroup = c.String("admin-group")
+	}
+	if c.IsSet("restricted-group") {
+		oAuth2Config.RestrictedGroup = c.String("restricted-group")
+	}
+	if c.IsSet("group-team-map") {
+		oAuth2Config.GroupTeamMap = c.String("group-team-map")
+	}
+	if c.IsSet("group-team-map-removal") {
+		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
+	}
+
+	// update custom URL mapping
+	customURLMapping := &oauth2.CustomURLMapping{}
+
+	if oAuth2Config.CustomURLMapping != nil {
+		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
+		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
+		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
+		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
+		customURLMapping.Tenant = oAuth2Config.CustomURLMapping.Tenant
+	}
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
+		customURLMapping.TokenURL = c.String("custom-token-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-auth-url") {
+		customURLMapping.AuthURL = c.String("custom-auth-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-profile-url") {
+		customURLMapping.ProfileURL = c.String("custom-profile-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-email-url") {
+		customURLMapping.EmailURL = c.String("custom-email-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-tenant-id") {
+		customURLMapping.Tenant = c.String("custom-tenant-id")
+	}
+
+	oAuth2Config.CustomURLMapping = customURLMapping
+	source.Cfg = oAuth2Config
+
+	return auth_model.UpdateSource(ctx, source)
+}
--- a/cmd/admin_auth_stmp.go
+++ b/cmd/admin_auth_stmp.go
@@ -0,0 +1,201 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/services/auth/source/smtp"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	smtpCLIFlags = []cli.Flag{
+		&cli.StringFlag{
+			Name:  "name",
+			Value: "",
+			Usage: "Application Name",
+		},
+		&cli.StringFlag{
+			Name:  "auth-type",
+			Value: "PLAIN",
+			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
+		},
+		&cli.StringFlag{
+			Name:  "host",
+			Value: "",
+			Usage: "SMTP Host",
+		},
+		&cli.IntFlag{
+			Name:  "port",
+			Usage: "SMTP Port",
+		},
+		&cli.BoolFlag{
+			Name:  "force-smtps",
+			Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",
+			Value: true,
+		},
+		&cli.BoolFlag{
+			Name:  "skip-verify",
+			Usage: "Skip TLS verify.",
+			Value: true,
+		},
+		&cli.StringFlag{
+			Name:  "helo-hostname",
+			Value: "",
+			Usage: "Hostname sent with HELO. Leave blank to send current hostname",
+		},
+		&cli.BoolFlag{
+			Name:  "disable-helo",
+			Usage: "Disable SMTP helo.",
+			Value: true,
+		},
+		&cli.StringFlag{
+			Name:  "allowed-domains",
+			Value: "",
+			Usage: "Leave empty to allow all domains. Separate multiple domains with a comma (',')",
+		},
+		&cli.BoolFlag{
+			Name:  "skip-local-2fa",
+			Usage: "Skip 2FA to log on.",
+			Value: true,
+		},
+		&cli.BoolFlag{
+			Name:  "active",
+			Usage: "This Authentication Source is Activated.",
+			Value: true,
+		},
+	}
+
+	microcmdAuthAddSMTP = &cli.Command{
+		Name:   "add-smtp",
+		Usage:  "Add new SMTP authentication source",
+		Action: runAddSMTP,
+		Flags:  smtpCLIFlags,
+	}
+
+	microcmdAuthUpdateSMTP = &cli.Command{
+		Name:   "update-smtp",
+		Usage:  "Update existing SMTP authentication source",
+		Action: runUpdateSMTP,
+		Flags:  append(smtpCLIFlags[:1], append([]cli.Flag{idFlag}, smtpCLIFlags[1:]...)...),
+	}
+)
+
+func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
+	if c.IsSet("auth-type") {
+		conf.Auth = c.String("auth-type")
+		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
+		if !util.SliceContainsString(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
+			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
+		}
+		conf.Auth = c.String("auth-type")
+	}
+	if c.IsSet("host") {
+		conf.Host = c.String("host")
+	}
+	if c.IsSet("port") {
+		conf.Port = c.Int("port")
+	}
+	if c.IsSet("allowed-domains") {
+		conf.AllowedDomains = c.String("allowed-domains")
+	}
+	if c.IsSet("force-smtps") {
+		conf.ForceSMTPS = c.Bool("force-smtps")
+	}
+	if c.IsSet("skip-verify") {
+		conf.SkipVerify = c.Bool("skip-verify")
+	}
+	if c.IsSet("helo-hostname") {
+		conf.HeloHostname = c.String("helo-hostname")
+	}
+	if c.IsSet("disable-helo") {
+		conf.DisableHelo = c.Bool("disable-helo")
+	}
+	if c.IsSet("skip-local-2fa") {
+		conf.SkipLocalTwoFA = c.Bool("skip-local-2fa")
+	}
+	return nil
+}
+
+func runAddSMTP(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	if !c.IsSet("name") || len(c.String("name")) == 0 {
+		return errors.New("name must be set")
+	}
+	if !c.IsSet("host") || len(c.String("host")) == 0 {
+		return errors.New("host must be set")
+	}
+	if !c.IsSet("port") {
+		return errors.New("port must be set")
+	}
+	active := true
+	if c.IsSet("active") {
+		active = c.Bool("active")
+	}
+
+	var smtpConfig smtp.Source
+	if err := parseSMTPConfig(c, &smtpConfig); err != nil {
+		return err
+	}
+
+	// If not set default to PLAIN
+	if len(smtpConfig.Auth) == 0 {
+		smtpConfig.Auth = "PLAIN"
+	}
+
+	return auth_model.CreateSource(ctx, &auth_model.Source{
+		Type:     auth_model.SMTP,
+		Name:     c.String("name"),
+		IsActive: active,
+		Cfg:      &smtpConfig,
+	})
+}
+
+func runUpdateSMTP(c *cli.Context) error {
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	source, err := auth_model.GetSourceByID(ctx, c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	smtpConfig := source.Cfg.(*smtp.Source)
+
+	if err := parseSMTPConfig(c, smtpConfig); err != nil {
+		return err
+	}
+
+	if c.IsSet("name") {
+		source.Name = c.String("name")
+	}
+
+	if c.IsSet("active") {
+		source.IsActive = c.Bool("active")
+	}
+
+	source.Cfg = smtpConfig
+
+	return auth_model.UpdateSource(ctx, source)
+}
--- a/cmd/admin_regenerate.go
+++ b/cmd/admin_regenerate.go
@@ -0,0 +1,46 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
+	"code.gitea.io/gitea/modules/graceful"
+	repo_service "code.gitea.io/gitea/services/repository"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	microcmdRegenHooks = &cli.Command{
+		Name:   "hooks",
+		Usage:  "Regenerate git-hooks",
+		Action: runRegenerateHooks,
+	}
+
+	microcmdRegenKeys = &cli.Command{
+		Name:   "keys",
+		Usage:  "Regenerate authorized_keys file",
+		Action: runRegenerateKeys,
+	}
+)
+
+func runRegenerateHooks(_ *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
+}
+
+func runRegenerateKeys(_ *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+	return asymkey_model.RewriteAllPublicKeys(ctx)
+}
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -14,6 +14,7 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
 	migrate_base "code.gitea.io/gitea/models/migrations/base"
+	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -22,6 +23,19 @@ import (
 	"xorm.io/xorm"
 )

+// CmdDoctor represents the available doctor sub-command.
+var CmdDoctor = &cli.Command{
+	Name:        "doctor",
+	Usage:       "Diagnose and optionally fix problems, convert or re-create database tables",
+	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
+
+	Subcommands: []*cli.Command{
+		cmdDoctorCheck,
+		cmdRecreateTable,
+		cmdDoctorConvert,
+	},
+}
+
 var cmdDoctorCheck = &cli.Command{
 	Name:        "check",
 	Usage:       "Diagnose and optionally fix problems",
@@ -60,19 +74,6 @@ var cmdDoctorCheck = &cli.Command{
 	},
 }

-// CmdDoctor represents the available doctor sub-command.
-var CmdDoctor = &cli.Command{
-	Name:        "doctor",
-	Usage:       "Diagnose and optionally fix problems",
-	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
-
-	Subcommands: []*cli.Command{
-		cmdDoctorCheck,
-		cmdRecreateTable,
-		cmdDoctorConvert,
-	},
-}
-
 var cmdRecreateTable = &cli.Command{
 	Name:      "recreate-table",
 	Usage:     "Recreate tables from XORM definitions and copy the data.",
@@ -177,6 +178,7 @@ func runDoctorCheck(ctx *cli.Context) error {
 	if ctx.IsSet("list") {
 		w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
 		_, _ = w.Write([]byte("Default\tName\tTitle\n"))
+		doctor.SortChecks(doctor.Checks)
 		for _, check := range doctor.Checks {
 			if check.IsDefault {
 				_, _ = w.Write([]byte{'*'})
@@ -192,26 +194,20 @@ func runDoctorCheck(ctx *cli.Context) error {

 	var checks []*doctor.Check
 	if ctx.Bool("all") {
-		checks = doctor.Checks
+		checks = make([]*doctor.Check, len(doctor.Checks))
+		copy(checks, doctor.Checks)
 	} else if ctx.IsSet("run") {
 		addDefault := ctx.Bool("default")
-		names := ctx.StringSlice("run")
-		for i, name := range names {
-			names[i] = strings.ToLower(strings.TrimSpace(name))
-		}
-
+		runNamesSet := container.SetOf(ctx.StringSlice("run")...)
 		for _, check := range doctor.Checks {
-			if addDefault && check.IsDefault {
+			if (addDefault && check.IsDefault) || runNamesSet.Contains(check.Name) {
 				checks = append(checks, check)
-				continue
-			}
-			for _, name := range names {
-				if name == check.Name {
-					checks = append(checks, check)
-					break
-				}
+				runNamesSet.Remove(check.Name)
 			}
 		}
+		if len(runNamesSet) > 0 {
+			return fmt.Errorf("unknown checks: %q", strings.Join(runNamesSet.Values(), ","))
+		}
 	} else {
 		for _, check := range doctor.Checks {
 			if check.IsDefault {
@@ -219,6 +215,5 @@ func runDoctorCheck(ctx *cli.Context) error {
 			}
 		}
 	}
-
 	return doctor.RunChecks(stdCtx, colorize, ctx.Bool("fix"), checks)
 }
--- a/cmd/doctor_test.go
+++ b/cmd/doctor_test.go
@@ -0,0 +1,33 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"testing"
+
+	"code.gitea.io/gitea/modules/doctor"
+	"code.gitea.io/gitea/modules/log"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/urfave/cli/v2"
+)
+
+func TestDoctorRun(t *testing.T) {
+	doctor.Register(&doctor.Check{
+		Title: "Test Check",
+		Name:  "test-check",
+		Run:   func(ctx context.Context, logger log.Logger, autofix bool) error { return nil },
+
+		SkipDatabaseInitialization: true,
+	})
+	app := cli.NewApp()
+	app.Commands = []*cli.Command{cmdDoctorCheck}
+	err := app.Run([]string{"./gitea", "check", "--run", "test-check"})
+	assert.NoError(t, err)
+	err = app.Run([]string{"./gitea", "check", "--run", "no-such"})
+	assert.ErrorContains(t, err, `unknown checks: "no-such"`)
+	err = app.Run([]string{"./gitea", "check", "--run", "test-check,no-such"})
+	assert.ErrorContains(t, err, `unknown checks: "no-such"`)
+}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -452,7 +452,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 		return err
 	}
 	for _, file := range files {
-		currentAbsPath := path.Join(absPath, file.Name())
+		currentAbsPath := filepath.Join(absPath, file.Name())
 		currentInsidePath := path.Join(insidePath, file.Name())
 		if file.IsDir() {
 			if !util.SliceContainsString(excludeAbsPath, currentAbsPath) {
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -18,7 +18,7 @@ var (
 	// CmdGenerate represents the available generate sub-command.
 	CmdGenerate = &cli.Command{
 		Name:  "generate",
-		Usage: "Command line interface for running generators",
+		Usage: "Generate Gitea's secrets/keys/tokens",
 		Subcommands: []*cli.Command{
 			subcmdSecret,
 		},
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -31,8 +31,8 @@ var (
 	// CmdHook represents the available hooks sub-command.
 	CmdHook = &cli.Command{
 		Name:        "hook",
-		Usage:       "Delegate commands to corresponding Git hooks",
-		Description: "This should only be called by Git",
+		Usage:       "(internal) Should only be called by Git",
+		Description: "Delegate commands to corresponding Git hooks",
 		Before:      PrepareConsoleLoggerLevel(log.FATAL),
 		Subcommands: []*cli.Command{
 			subcmdHookPreReceive,
@@ -376,7 +376,9 @@ Gitea or set your environment appropriately.`, "")
 		oldCommitIDs[count] = string(fields[0])
 		newCommitIDs[count] = string(fields[1])
 		refFullNames[count] = git.RefName(fields[2])
-		if refFullNames[count] == git.BranchPrefix+"master" && newCommitIDs[count] != git.EmptySHA && count == total {
+
+		commitID, _ := git.NewIDFromString(newCommitIDs[count])
+		if refFullNames[count] == git.BranchPrefix+"master" && !commitID.IsZero() && count == total {
 			masterPushed = true
 		}
 		count++
@@ -669,7 +671,8 @@ Gitea or set your environment appropriately.`, "")
 		if err != nil {
 			return err
 		}
-		if rs.OldOID != git.EmptySHA {
+		commitID, _ := git.NewIDFromString(rs.OldOID)
+		if !commitID.IsZero() {
 			err = writeDataPktLine(ctx, os.Stdout, []byte("option old-oid "+rs.OldOID))
 			if err != nil {
 				return err
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -16,10 +16,11 @@ import (

 // CmdKeys represents the available keys sub-command
 var CmdKeys = &cli.Command{
-	Name:   "keys",
-	Usage:  "This command queries the Gitea database to get the authorized command for a given ssh key fingerprint",
-	Before: PrepareConsoleLoggerLevel(log.FATAL),
-	Action: runKeys,
+	Name:        "keys",
+	Usage:       "(internal) Should only be called by SSH server",
+	Description: "Queries the Gitea database to get the authorized command for a given ssh key fingerprint",
+	Before:      PrepareConsoleLoggerLevel(log.FATAL),
+	Action:      runKeys,
 	Flags: []cli.Flag{
 		&cli.StringFlag{
 			Name:    "expected",
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -10,12 +10,12 @@ import (

 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"

 	"github.com/urfave/cli/v2"
 )

 // cmdHelp is our own help subcommand with more information
+// Keep in mind that the "./gitea help"(subcommand) is different from "./gitea --help"(flag), the flag doesn't parse the config or output "DEFAULT CONFIGURATION:" information
 func cmdHelp() *cli.Command {
 	c := &cli.Command{
 		Name:      "help",
@@ -47,16 +47,10 @@ DEFAULT CONFIGURATION:
 	return c
 }

-var helpFlag = cli.HelpFlag
-
-func init() {
-	// cli.HelpFlag = nil TODO: after https://github.com/urfave/cli/issues/1794 we can use this
-}
-
 func appGlobalFlags() []cli.Flag {
 	return []cli.Flag{
 		// make the builtin flags at the top
-		helpFlag,
+		cli.HelpFlag,

 		// shared configuration flags, they are for global and for each sub-command at the same time
 		// eg: such command is valid: "./gitea --config /tmp/app.ini web --config /tmp/app.ini", while it's discouraged indeed
@@ -121,20 +115,22 @@ func prepareWorkPathAndCustomConf(action cli.ActionFunc) func(ctx *cli.Context)
 func NewMainApp(version, versionExtra string) *cli.App {
 	app := cli.NewApp()
 	app.Name = "Gitea"
+	app.HelpName = "gitea"
 	app.Usage = "A painless self-hosted Git service"
-	app.Description = `By default, Gitea will start serving using the web-server with no argument, which can alternatively be run by running the subcommand "web".`
+	app.Description = `Gitea program contains "web" and other subcommands. If no subcommand is given, it starts the web server by default. Use "web" subcommand for more web server arguments, use other subcommands for other purposes.`
 	app.Version = version + versionExtra
 	app.EnableBashCompletion = true

 	// these sub-commands need to use config file
 	subCmdWithConfig := []*cli.Command{
+		cmdHelp(), // the "help" sub-command was used to show the more information for "work path" and "custom config"
 		CmdWeb,
 		CmdServ,
 		CmdHook,
+		CmdKeys,
 		CmdDump,
 		CmdAdmin,
 		CmdMigrate,
-		CmdKeys,
 		CmdDoctor,
 		CmdManager,
 		CmdEmbedded,
@@ -142,13 +138,8 @@ func NewMainApp(version, versionExtra string) *cli.App {
 		CmdDumpRepository,
 		CmdRestoreRepository,
 		CmdActions,
-		cmdHelp(), // the "help" sub-command was used to show the more information for "work path" and "custom config"
 	}

-	cmdConvert := util.ToPointer(*cmdDoctorConvert)
-	cmdConvert.Hidden = true // still support the legacy "./gitea doctor" by the hidden sub-command, remove it in next release
-	subCmdWithConfig = append(subCmdWithConfig, cmdConvert)
-
 	// these sub-commands do not need the config file, and they do not depend on any path or environment variable.
 	subCmdStandalone := []*cli.Command{
 		CmdCert,
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -20,9 +20,7 @@ import (
 )

 func TestMain(m *testing.M) {
-	unittest.MainTest(m, &unittest.TestOptions{
-		GiteaRootPath: "..",
-	})
+	unittest.MainTest(m)
 }

 func makePathOutput(workPath, customPath, customConf string) string {
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 	"testing"

+	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/packages"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@@ -30,7 +31,7 @@ func TestMigratePackages(t *testing.T) {
 	assert.NoError(t, err)
 	defer buf.Close()

-	v, f, err := packages_service.CreatePackageAndAddFile(&packages_service.PackageCreationInfo{
+	v, f, err := packages_service.CreatePackageAndAddFile(db.DefaultContext, &packages_service.PackageCreationInfo{
 		PackageInfo: packages_service.PackageInfo{
 			Owner:       creator,
 			PackageType: packages.TypeGeneric,
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -42,7 +42,7 @@ const (
 // CmdServ represents the available serv sub-command.
 var CmdServ = &cli.Command{
 	Name:        "serv",
-	Usage:       "This command should only be called by SSH shell",
+	Usage:       "(internal) Should only be called by SSH shell",
 	Description: "Serv provides access auth for repositories",
 	Before:      PrepareConsoleLoggerLevel(log.FATAL),
 	Action:      runServ,
--- a/contrib/backport/backport.go
+++ b/contrib/backport/backport.go
@@ -17,7 +17,7 @@ import (
 	"strings"
 	"syscall"

-	"github.com/google/go-github/v53/github"
+	"github.com/google/go-github/v57/github"
 	"github.com/urfave/cli/v2"
 	"gopkg.in/yaml.v3"
 )
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@@ -47,24 +47,28 @@ func main() {
 	on the configuration cheat sheet.`
 	app.Flags = []cli.Flag{
 		&cli.StringFlag{
-			Name:  "custom-path, C",
-			Value: setting.CustomPath,
-			Usage: "Custom path file path",
+			Name:    "custom-path",
+			Aliases: []string{"C"},
+			Value:   setting.CustomPath,
+			Usage:   "Custom path file path",
 		},
 		&cli.StringFlag{
-			Name:  "config, c",
-			Value: setting.CustomConf,
-			Usage: "Custom configuration file path",
+			Name:    "config",
+			Aliases: []string{"c"},
+			Value:   setting.CustomConf,
+			Usage:   "Custom configuration file path",
 		},
 		&cli.StringFlag{
-			Name:  "work-path, w",
-			Value: setting.AppWorkPath,
-			Usage: "Set the gitea working path",
+			Name:    "work-path",
+			Aliases: []string{"w"},
+			Value:   setting.AppWorkPath,
+			Usage:   "Set the gitea working path",
 		},
 		&cli.StringFlag{
-			Name:  "out, o",
-			Value: "",
-			Usage: "Destination file to write to",
+			Name:    "out",
+			Aliases: []string{"o"},
+			Value:   "",
+			Usage:   "Destination file to write to",
 		},
 	}
 	app.Action = runEnvironmentToIni
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -5,6 +5,7 @@
 package main

 import (
+	"context"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -18,7 +19,7 @@ import (

 var (
 	generators = []struct {
-		gen  func() (string, error)
+		gen  func(ctx context.Context) (string, error)
 		name string
 	}{
 		{
@@ -41,16 +42,17 @@ func main() {
 		fmt.Printf("PrepareTestDatabase: %+v\n", err)
 		os.Exit(1)
 	}
+	ctx := context.Background()
 	if len(os.Args) == 0 {
 		for _, r := range os.Args {
-			if err := generate(r); err != nil {
+			if err := generate(ctx, r); err != nil {
 				fmt.Printf("generate '%s': %+v\n", r, err)
 				os.Exit(1)
 			}
 		}
 	} else {
 		for _, g := range generators {
-			if err := generate(g.name); err != nil {
+			if err := generate(ctx, g.name); err != nil {
 				fmt.Printf("generate '%s': %+v\n", g.name, err)
 				os.Exit(1)
 			}
@@ -58,10 +60,10 @@ func main() {
 	}
 }

-func generate(name string) error {
+func generate(ctx context.Context, name string) error {
 	for _, g := range generators {
 		if g.name == name {
-			data, err := g.gen()
+			data, err := g.gen(ctx)
 			if err != nil {
 				return err
 			}
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -60,6 +60,7 @@ RUN_USER = ; git
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http'
+;; Note: Value must be lowercase.
 ;PROTOCOL = http
 ;;
 ;; Expect PROXY protocol headers on connections
@@ -233,7 +234,7 @@ RUN_USER = ; git
 ;MINIMUM_KEY_SIZE_CHECK = false
 ;;
 ;; Disable CDN even in "prod" mode
-;OFFLINE_MODE = false
+;OFFLINE_MODE = true
 ;;
 ;; TLS Settings: Either ACME or manual
 ;; (Other common TLS configuration are found before)
@@ -491,6 +492,11 @@ INTERNAL_TOKEN=
 ;; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations.
 ;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
 ;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
+;;
+;; Reject API tokens sent in URL query string (Accept Header-based API tokens only). This avoids security vulnerabilities
+;; stemming from cached/logged plain-text API tokens.
+;; In future releases, this will become the default behavior
+;DISABLE_QUERY_AUTH_TOKEN = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -548,7 +554,8 @@ ENABLE = true
 ;; Pre-register OAuth2 applications for some universally useful services
 ;; * https://github.com/hickford/git-credential-oauth
 ;; * https://github.com/git-ecosystem/git-credential-manager
-;DEFAULT_APPLICATIONS = git-credential-oauth, git-credential-manager
+;; * https://gitea.com/gitea/tea
+;DEFAULT_APPLICATIONS = git-credential-oauth, git-credential-manager, tea

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -950,7 +957,7 @@ LEVEL = Info
 ;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
 ;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
 ;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
-;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages
+;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages,repo.actions
 ;;
 ;; Comma separated list of default forked repo units.
 ;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
@@ -1014,8 +1021,8 @@ LEVEL = Info
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ;ALLOWED_TYPES =
 ;;
-;; Max size of each file in megabytes. Defaults to 3MB
-;FILE_MAX_SIZE = 3
+;; Max size of each file in megabytes. Defaults to 50MB
+;FILE_MAX_SIZE = 50
 ;;
 ;; Max number of files per upload. Defaults to 5
 ;MAX_FILES = 5
@@ -1151,15 +1158,9 @@ LEVEL = Info
 ;; enable cors headers (disabled by default)
 ;ENABLED = false
 ;;
-;; scheme of allowed requests
-;SCHEME = http
-;;
-;; list of requesting domains that are allowed
+;; list of requesting origins that are allowed, eg: "https://*.example.com"
 ;ALLOW_DOMAIN = *
 ;;
-;; allow subdomains of headers listed above to request
-;ALLOW_SUBDOMAIN = false
-;;
 ;; list of methods allowed to request
 ;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
 ;;
@@ -1205,20 +1206,26 @@ LEVEL = Info
 ;; Max size of files to be displayed (default is 8MiB)
 ;MAX_DISPLAY_FILE_SIZE = 8388608
 ;;
+;; Detect ambiguous unicode characters in file contents and show warnings on the UI
+;AMBIGUOUS_UNICODE_DETECTION = true
+;;
 ;; Whether the email of the user should be shown in the Explore Users page
 ;SHOW_USER_EMAIL = true
 ;;
 ;; Set the default theme for the Gitea install
-;DEFAULT_THEME = auto
+;DEFAULT_THEME = gitea-auto
 ;;
 ;; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
-;THEMES = auto,gitea,arc-green
+;THEMES = gitea-auto,gitea-light,gitea-dark
 ;;
 ;; All available reactions users can choose on issues/prs and comments.
 ;; Values can be emoji alias (:smile:) or a unicode emoji.
 ;; For custom reactions, add a tightly cropped square image to public/assets/img/emoji/reaction_name.png
 ;REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
 ;;
+;; Change the number of users that are displayed in reactions tooltip (triggered by mouse hover).
+;REACTION_MAX_USER_NUM = 10
+;;
 ;; Additional Emojis not defined in the utf8 standard
 ;; By default we support gitea (:gitea:), to add more copy them to public/assets/img/emoji/emoji_name.png and add it to this config.
 ;; Dont mistake it for Reactions.
@@ -1233,6 +1240,10 @@ LEVEL = Info
 ;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
 ;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
 ;ONLY_SHOW_RELEVANT_REPOS = false
+;;
+;; Change the sort type of the explore pages.
+;; Default is "recentupdate", but you also have "alphabetically", "reverselastlogin", "newest", "oldest".
+;EXPLORE_PAGING_DEFAULT_SORT = recentupdate

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1420,7 +1431,7 @@ LEVEL = Info
 ;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
 ;;
 ;; Default queue length before a channel queue will block
-;LENGTH = 100
+;LENGTH = 100000
 ;;
 ;; Batch size to send for batched queues
 ;BATCH_LENGTH = 20
@@ -1688,9 +1699,6 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; if the cache enabled
-;ENABLED = true
-;;
 ;; Either "memory", "redis", "memcache", or "twoqueue". default is "memory"
 ;ADAPTER = memory
 ;;
@@ -1715,8 +1723,6 @@ LEVEL = Info
 ;[cache.last_commit]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; if the cache enabled
-;ENABLED = true
 ;;
 ;; Time to keep items in cache if not used, default is 8760 hours.
 ;; Setting it to -1 disables caching
@@ -1812,8 +1818,8 @@ LEVEL = Info
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
-;; Max size of each file. Defaults to 4MB
-;MAX_SIZE = 4
+;; Max size of each file. Defaults to 2048MB
+;MAX_SIZE = 2048
 ;;
 ;; Max number of files per upload. Defaults to 5
 ;MAX_FILES = 5
@@ -2568,6 +2574,14 @@ LEVEL = Info
 ;DEFAULT_ACTIONS_URL = github
 ;; Default artifact retention time in days, default is 90 days
 ;ARTIFACT_RETENTION_DAYS = 90
+;; Timeout to stop the task which have running status, but haven't been updated for a long time
+;ZOMBIE_TASK_TIMEOUT = 10m
+;; Timeout to stop the tasks which have running status and continuous updates, but don't end for a long time
+;ENDLESS_TASK_TIMEOUT = 3h
+;; Timeout to cancel the jobs which have waiting status, but haven't been picked by a runner for a long time
+;ABANDONED_JOB_TIMEOUT = 24h
+;; Strings committers can place inside a commit message to skip executing the corresponding actions workflow
+;SKIP_WORKFLOW_STRINGS = [skip ci],[ci skip],[no ci],[skip actions],[actions skip]

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@@ -7,7 +7,7 @@ if [ ! -x /bin/sh ]; then
 fi

 if [ "${USER}" != "git" ]; then
-    # rename user
+    # Rename user
    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
 fi

@@ -19,13 +19,13 @@ if [ -z "${USER_UID}" ]; then
  USER_UID="`id -u ${USER}`"
 fi

-## Change GID for USER?
+# Change GID for USER?
 if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
    sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
 fi

-## Change UID for USER?
+# Change UID for USER?
 if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
 fi
--- a/docs/content/administration.fr-fr.md
+++ b/docs/content/administration.fr-fr.md
@@ -1,13 +0,0 @@
---
-date: "2017-08-23T09:00:00+02:00"
-title: "Avancé"
-slug: "administration"
-sidebar_position: 30
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "Avancé"
-    sidebar_position: 20
-    identifier: "administration"
---
--- a/docs/content/administration.zh-tw.md
+++ b/docs/content/administration.zh-tw.md
@@ -1,13 +0,0 @@
---
-date: "2016-12-01T16:00:00+02:00"
-title: "運維"
-slug: "administration"
-sidebar_position: 30
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "運維"
-    sidebar_position: 20
-    identifier: "administration"
---
--- a/docs/content/administration/_index.zh-tw.md
+++ b/docs/content/administration/_index.zh-tw.md
--- a/docs/content/administration/adding-legal-pages.en-us.md
+++ b/docs/content/administration/adding-legal-pages.en-us.md
@@ -19,10 +19,10 @@ Some jurisdictions (such as EU), requires certain legal pages (e.g. Privacy Poli

 ## Getting Pages

-Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/`. For example, to add Privacy Policy:
+Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/assets/`. For example, to add Privacy Policy:

 ```
-wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
+wget -O /path/to/custom/public/assets/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
 ```

 Now you need to edit the page to meet your requirements. In particular you must change the email addresses, web addresses and references to "Your Gitea Instance" to match your situation.
--- a/docs/content/administration/adding-legal-pages.zh-cn.md
+++ b/docs/content/administration/adding-legal-pages.zh-cn.md
@@ -19,10 +19,10 @@ menu:

 ## 获取页面

-Gitea 源代码附带了示例页面，位于 `contrib/legal` 目录中。将它们复制到 `custom/public/` 目录下。例如，如果要添加隐私政策：
+Gitea 源代码附带了示例页面，位于 `contrib/legal` 目录中。将它们复制到 `custom/public/assets/` 目录下。例如，如果要添加隐私政策：

 ```
-wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
+wget -O /path/to/custom/public/assets/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
 ```

 现在，你需要编辑该页面以满足你的需求。特别是，你必须更改电子邮件地址、网址以及与 "Your Gitea Instance" 相关的引用，以匹配你的情况。
--- a/docs/content/administration/backup-and-restore.zh-tw.md
+++ b/docs/content/administration/backup-and-restore.zh-tw.md
@@ -1,68 +0,0 @@
---
-date: "2017-01-01T16:00:00+02:00"
-title: "用法: 備份與還原"
-slug: "backup-and-restore"
-sidebar_position: 11
-toc: false
-draft: false
-aliases:
-  - /zh-tw/backup-and-restore
-menu:
-  sidebar:
-    parent: "administration"
-    name: "備份與還原"
-    sidebar_position: 11
-    identifier: "backup-and-restore"
---
-
-# 備份與還原
-
-Gitea 目前支援 `dump` 指令，用來將資料備份成 zip 檔案，後續會提供還原指令，讓你可以輕易的將備份資料及還原到另外一台機器。
-
-## 備份指令 (`dump`)
-
-首先，切換到執行 Gitea 的使用者: `su git` (請修改成您指定的使用者)，並在安裝目錄內執行 `./gitea dump` 指令，你可以看到 console 畫面如下:
-
-```
-2016/12/27 22:32:09 Creating tmp work dir: /tmp/gitea-dump-417443001
-2016/12/27 22:32:09 Dumping local repositories.../home/git/gitea-repositories
-2016/12/27 22:32:22 Dumping database...
-2016/12/27 22:32:22 Packing dump files...
-2016/12/27 22:32:34 Removing tmp work dir: /tmp/gitea-dump-417443001
-2016/12/27 22:32:34 Finish dumping in file gitea-dump-1482906742.zip
-```
-
-備份出來的 `gitea-dump-1482906742.zip` 檔案，檔案內會包含底下內容:
-
-* `custom/conf/app.ini` - 伺服器設定檔。
-* `gitea-db.sql` - SQL 備份檔案。
-* `gitea-repo.zip` - 此 zip 檔案為全部的 repo 目錄。
-   請參考 Config -> repository -> `ROOT` 所設定的路徑。
-* `log/` - 全部 logs 檔案，如果你要 migrate 到其他伺服器，此目錄不用保留。
-
-你可以透過設定 `--tempdir` 指令參數來指定備份檔案目錄，或者是設定 `TMPDIR` 環境變數來達到此功能。
-
-## 還原指令 (`restore`)
-
-持續更新中: 此文件尚未完成.
-
-例:
-
-```sh
-unzip gitea-dump-1610949662.zip
-cd gitea-dump-1610949662
-mv data/conf/app.ini /etc/gitea/conf/app.ini
-mv data/* /var/lib/gitea/data/
-mv log/* /var/lib/gitea/log/
-mv repos/* /var/lib/gitea/repositories/
-chown -R gitea:gitea /etc/gitea/conf/app.ini /var/lib/gitea
-
-# mysql
-mysql --default-character-set=utf8mb4 -u$USER -p$PASS $DATABASE <gitea-db.sql
-# sqlite3
-sqlite3 $DATABASE_PATH <gitea-db.sql
-# postgres
-psql -U $USER -d $DATABASE < gitea-db.sql
-
-service gitea restart
-```
--- a/docs/content/administration/cmd-embedded.en-us.md
+++ b/docs/content/administration/cmd-embedded.en-us.md
@@ -50,7 +50,7 @@ a special meaning for your command shell.

 If no pattern is provided, all files are listed.

-### Example
+### Example: Listing all embedded files

 Listing all embedded files with `openid` in their path:

@@ -101,7 +101,7 @@ When Gitea is upgraded to a new version (by replacing the executable), many of t
 embedded files will suffer changes. Gitea will honor and use any files found
 in the `custom` directory, even if they are old and incompatible.

-### Example
+### Example: Extracting mail templates

 Extracting mail templates to a temporary directory:

--- a/docs/content/administration/cmd-embedded.zh-cn.md
+++ b/docs/content/administration/cmd-embedded.zh-cn.md
@@ -43,7 +43,7 @@ gitea embedded list [--include-vendored] [patterns...]

 如果未提供模式，则列出所有文件。

-### 示例
+### 示例：列出所有嵌入文件

 列出所有路径中包含 `openid` 的嵌入文件：

@@ -83,7 +83,7 @@ gitea [--config {file}] embedded extract [--destination {dir}|--custom] [--overw

 请确保**只提取需要自定义的文件**。位于 `custom` 目录中的文件不会受到 Gitea 的升级过程的影响。当 Gitea 升级到新版本（通过替换可执行文件）时，许多嵌入文件将发生变化。Gitea 将尊重并使用在 `custom` 目录中找到的任何文件，即使这些文件是旧的和不兼容的。

-### 示例
+### 示例：提取邮件模板

 将邮件模板提取到临时目录：

--- a/docs/content/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/administration/config-cheat-sheet.en-us.md
@@ -102,7 +102,7 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
 - `ENABLE_PUSH_CREATE_USER`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for a user.
 - `ENABLE_PUSH_CREATE_ORG`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for an org.
 - `DISABLED_REPO_UNITS`: **_empty_**: Comma separated list of globally disabled repo units. Allowed values: \[repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions\]
- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages**: Comma separated list of default new repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
+- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages,repo.actions**: Comma separated list of default new repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
 - `DEFAULT_FORK_REPO_UNITS`: **repo.code,repo.pulls**: Comma separated list of default forked repo units. The set of allowed values and rules is the same as `DEFAULT_REPO_UNITS`.
 - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
 - `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
@@ -146,7 +146,7 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
 - `ENABLED`: **true**: Whether repository file uploads are enabled
 - `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (content gets deleted on Gitea restart)
 - `ALLOWED_TYPES`: **_empty_**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
- `FILE_MAX_SIZE`: **3**: Max size of each file in megabytes.
+- `FILE_MAX_SIZE`: **50**: Max size of each file in megabytes.
 - `MAX_FILES`: **5**: Max number of files per upload

 ### Repository - Release (`repository.release`)
@@ -196,9 +196,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 ## CORS (`cors`)

 - `ENABLED`: **false**: enable cors headers (disabled by default)
- `SCHEME`: **http**: scheme of allowed requests
- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed
- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request
+- `ALLOW_DOMAIN`: **\***: list of requesting origins that are allowed, eg: "https://*.example.com"
 - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
 - `MAX_AGE`: **10m**: max time to cache response
 - `ALLOW_CREDENTIALS`: **false**: allow request with credentials
@@ -215,21 +213,24 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SITEMAP_PAGING_NUM`: **20**: Number of items that are displayed in a single subsitemap.
 - `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
 - `CODE_COMMENT_LINES`: **4**: Number of line of codes shown for a code comment.
- `DEFAULT_THEME`: **auto**: \[auto, gitea, arc-green\]: Set the default theme for the Gitea install.
+- `DEFAULT_THEME`: **gitea-auto**: \[gitea-auto, gitea-light, gitea-dark\]: Set the default theme for the Gitea installation.
 - `SHOW_USER_EMAIL`: **true**: Whether the email of the user should be shown in the Explore Users page.
- `THEMES`:  **auto,gitea,arc-green**: All available themes. Allow users select personalized themes.
+- `THEMES`:  **gitea-auto,gitea-light,gitea-dark**: All available themes. Allow users select personalized themes.
  regardless of the value of `DEFAULT_THEME`.
 - `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB)
+- `AMBIGUOUS_UNICODE_DETECTION`: **true**: Detect ambiguous unicode characters in file contents and show warnings on the UI
 - `REACTIONS`: All available reactions users can choose on issues/prs and comments
    Values can be emoji alias (:smile:) or a unicode emoji.
    For custom reactions, add a tightly cropped square image to public/assets/img/emoji/reaction_name.png
+- `REACTION_MAX_USER_NUM`: **10**: Change the number of users that are displayed in reactions tooltip (triggered by mouse hover).
 - `CUSTOM_EMOJIS`: **gitea, codeberg, gitlab, git, github, gogs**: Additional Emojis not defined in the utf8 standard.
    By default, we support Gitea (:gitea:), to add more copy them to public/assets/img/emoji/emoji_name.png and
    add it to this config.
 - `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
 - `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page.
- `ONLY_SHOW_RELEVANT_REPOS`: **false** Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
+- `ONLY_SHOW_RELEVANT_REPOS`: **false**: Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
    A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
+- `EXPLORE_PAGING_DEFAULT_SORT`: **recentupdate**: Change the sort type of the explore pages. Valid values are "recentupdate", "alphabetically", "reverselastlogin", "newest" and "oldest"

 ### UI - Admin (`ui.admin`)

@@ -281,6 +282,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a

 - `APP_DATA_PATH`: **_`AppWorkPath`_/data**: This is the default root path for storing data.
 - `PROTOCOL`: **http**: \[http, https, fcgi, http+unix, fcgi+unix\]
+  - Note: Value must be lowercase.
 - `USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol headers on connections
 - `PROXY_PROTOCOL_TLS_BRIDGING`: **false**: When protocol is https, expect PROXY protocol headers after TLS negotiation.
 - `PROXY_PROTOCOL_HEADER_TIMEOUT`: **5s**: Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
@@ -340,7 +342,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
+- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **`{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}`**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
 - `SSH_SERVER_CIPHERS`: **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_KEY_EXCHANGES`: **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
@@ -353,7 +355,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to SSH connections.
 - `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type.

- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
+- `OFFLINE_MODE`: **true**: Disables use of CDN for static files and Gravatar for profile pictures.
 - `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
 - `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
 - `STATIC_ROOT_PATH`: **_`StaticRootPath`_**: Upper level of template and static files path.
@@ -423,7 +425,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 ## Database (`database`)

 - `DB_TYPE`: **mysql**: The database type in use \[mysql, postgres, mssql, sqlite3\].
- `HOST`: **127.0.0.1:3306**: Database host address and port or absolute path for unix socket \[mysql, postgres\] (ex: /var/run/mysqld/mysqld.sock).
+- `HOST`: **127.0.0.1:3306**: Database host address and port or absolute path for unix socket \[mysql, postgres[^1]\] (ex: /var/run/mysqld/mysqld.sock).
 - `NAME`: **gitea**: Database name.
 - `USER`: **root**: Database username.
 - `PASSWD`: **_empty_**: Database user password. Use \`your password\` or """your password""" for quoting if you use special characters in the password.
@@ -454,6 +456,8 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
 - `AUTO_MIGRATION` **true**: Whether execute database models migrations automatically.

+[^1]: It may be necessary to specify a hostport even when listening on a unix socket, as the port is part of the socket name. see [#24552](https://github.com/go-gitea/gitea/issues/24552#issuecomment-1681649367) for additional details.
+
 Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their
 relation to port exhaustion.

@@ -483,7 +487,7 @@ Configuration at `[queue]` will set defaults for queues with overrides for indiv

 - `TYPE`: **level**: General queue type, currently support: `level` (uses a LevelDB internally), `channel`, `redis`, `dummy`. Invalid types are treated as `level`.
 - `DATADIR`: **queues/common**: Base DataDir for storing level queues. `DATADIR` for individual queues can be set in `queue.name` sections. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
- `LENGTH`: **100**: Maximal queue size before channel queues block
+- `LENGTH`: **100000**: Maximal queue size before channel queues block
 - `BATCH_LENGTH`: **20**: Batch data before passing to the handler
 - `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the redis queue type. For `redis-cluster` use `redis+cluster://127.0.0.1:6379/0`. Options can be set using query params. Similarly, LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR`
 - `QUEUE_NAME`: **_queue**: The suffix for default redis and disk queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overridden in the specific `queue.name` section.
@@ -517,7 +521,6 @@ And the following unique queues:
 - `SECRET_KEY`: **\<random at every install\>**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
 - `SECRET_KEY_URI`: **_empty_**: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key`). It shouldn't be lost like SECRET_KEY.
 - `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days.
- `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username.
 - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication
   information.
 - `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy
@@ -568,6 +571,7 @@ And the following unique queues:
  - off - do not check password complexity
 - `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
 - `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
+- `DISABLE_QUERY_AUTH_TOKEN`: **false**: Reject API tokens sent in URL query string (Accept Header-based API tokens only). This setting will default to `true` in Gitea 1.23 and be deprecated in Gitea 1.24.

 ## Camo (`camo`)

@@ -617,7 +621,7 @@ And the following unique queues:
 - `REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page or to use API.
 - `ENABLE_NOTIFY_MAIL`: **false**: Enable this to send e-mail to watchers of a repository when
   something happens, like creating issues. Requires `Mailer` to be enabled.
- `ENABLE_BASIC_AUTHENTICATION`: **true**: Disable this to disallow authenticaton using HTTP
+- `ENABLE_BASIC_AUTHENTICATION`: **true**: Disable this to disallow authentication using HTTP
   BASIC and the user's password. Please note if you disable this you will not be able to access the
   tokens API endpoints using a password. Further, this only disables BASIC authentication using the
   password - not tokens or OAuth Basic.
@@ -757,7 +761,6 @@ and

 ## Cache (`cache`)

- `ENABLED`: **true**: Enable the cache.
 - `ADAPTER`: **memory**: Cache engine adapter, either `memory`, `redis`, `redis-cluster`, `twoqueue` or `memcache`. (`twoqueue` represents a size limited LRU cache.)
 - `INTERVAL`: **60**: Garbage Collection interval (sec), for memory and twoqueue cache only.
 - `HOST`: **_empty_**: Connection string for `redis`, `redis-cluster` and `memcache`. For `twoqueue` sets configuration for the queue.
@@ -769,7 +772,6 @@ and

 ## Cache - LastCommitCache settings (`cache.last_commit`)

- `ENABLED`: **true**: Enable the cache.
 - `ITEM_TTL`: **8760h**: Time to keep items in cache if not used, Setting it to -1 disables caching.
 - `COMMITS_COUNT`: **1000**: Only enable the cache when repository's commits count great than.

@@ -819,7 +821,7 @@ Default templates for project boards:

 - `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
 - `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
- `MAX_SIZE`: **4**: Maximum size (MB).
+- `MAX_SIZE`: **2048**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
 - `SERVE_DIRECT`: **false**: Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
@@ -1107,7 +1109,7 @@ This section only does "set" config, a removed config key from this section won'
 - `JWT_SECRET_URI`: **_empty_**: Instead of defining JWT_SECRET in the configuration, this configuration option can be used to give Gitea a path to a file that contains the secret (example value: `file:/etc/gitea/oauth2_jwt_secret`)
 - `JWT_SIGNING_PRIVATE_KEY_FILE`: **jwt/private.pem**: Private key file path used to sign OAuth2 tokens. The path is relative to `APP_DATA_PATH`. This setting is only needed if `JWT_SIGNING_ALGORITHM` is set to `RS256`, `RS384`, `RS512`, `ES256`, `ES384` or `ES512`. The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
 - `MAX_TOKEN_LENGTH`: **32767**: Maximum length of token/cookie to accept from OAuth2 provider
- `DEFAULT_APPLICATIONS`: **git-credential-oauth, git-credential-manager**: Pre-register OAuth applications for some services on startup. See the [OAuth2 documentation](/development/oauth2-provider.md) for the list of available options.
+- `DEFAULT_APPLICATIONS`: **git-credential-oauth, git-credential-manager, tea**: Pre-register OAuth applications for some services on startup. See the [OAuth2 documentation](/development/oauth2-provider.md) for the list of available options.

 ## i18n (`i18n`)

@@ -1277,7 +1279,7 @@ Default storage configuration for attachments, lfs, avatars, repo-avatars, repo-
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
 - `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`

-The recommanded storage configuration for minio like below:
+The recommended storage configuration for minio like below:

 ```ini
 [storage]
@@ -1389,19 +1391,23 @@ PROXY_HOSTS = *.github.com
 - `STORAGE_TYPE`: **local**: Storage type for actions logs, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
 - `MINIO_BASE_PATH`: **actions_log/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
 - `ARTIFACT_RETENTION_DAYS`: **90**: Number of days to keep artifacts. Set to 0 to disable artifact retention. Default is 90 days if not set.
+- `ZOMBIE_TASK_TIMEOUT`: **10m**: Timeout to stop the task which have running status, but haven't been updated for a long time
+- `ENDLESS_TASK_TIMEOUT`: **3h**: Timeout to stop the tasks which have running status and continuous updates, but don't end for a long time
+- `ABANDONED_JOB_TIMEOUT`: **24h**: Timeout to cancel the jobs which have waiting status, but haven't been picked by a runner for a long time
+- `SKIP_WORKFLOW_STRINGS`: **[skip ci],[ci skip],[no ci],[skip actions],[actions skip]**: Strings committers can place inside a commit message to skip executing the corresponding actions workflow

 `DEFAULT_ACTIONS_URL` indicates where the Gitea Actions runners should find the actions with relative path.
-For example, `uses: actions/checkout@v3` means `https://github.com/actions/checkout@v3` since the value of `DEFAULT_ACTIONS_URL` is `github`.
-And it can be changed to `self` to make it `root_url_of_your_gitea/actions/checkout@v3`.
+For example, `uses: actions/checkout@v4` means `https://github.com/actions/checkout@v4` since the value of `DEFAULT_ACTIONS_URL` is `github`.
+And it can be changed to `self` to make it `root_url_of_your_gitea/actions/checkout@v4`.

 Please note that using `self` is not recommended for most cases, as it could make names globally ambiguous.
 Additionally, it requires you to mirror all the actions you need to your Gitea instance, which may not be worth it.
 Therefore, please use `self` only if you understand what you are doing.

-In earlier versions (<= 1.19), `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`.
+In earlier versions (`<= 1.19`), `DEFAULT_ACTIONS_URL` could be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`.
 However, later updates removed those options, and now the only options are `github` and `self`, with the default value being `github`.
 However, if you want to use actions from other git server, you can use a complete URL in `uses` field, it's supported by Gitea (but not GitHub).
-Like `uses: https://gitea.com/actions/checkout@v3` or `uses: http://your-git-server/actions/checkout@v3`.
+Like `uses: https://gitea.com/actions/checkout@v4` or `uses: http://your-git-server/actions/checkout@v4`.

 ## Other (`other`)

--- a/docs/content/administration/config-cheat-sheet.zh-cn.md
+++ b/docs/content/administration/config-cheat-sheet.zh-cn.md
@@ -102,7 +102,7 @@ menu:
 - `ENABLE_PUSH_CREATE_USER`:  **false**: 允许用户将本地存储库推送到Gitea，并为用户自动创建它们。
 - `ENABLE_PUSH_CREATE_ORG`:  **false**:  允许用户将本地存储库推送到Gitea，并为组织自动创建它们。
 - `DISABLED_REPO_UNITS`: **_empty_**: 逗号分隔的全局禁用的仓库单元列表。允许的值是：: \[repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions\]
- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages**: 逗号分隔的默认新仓库单元列表。允许的值是：: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions\]. 注意：目前无法停用代码和发布。如果您指定了默认的仓库单元，您仍应将它们列出以保持未来的兼容性。外部wiki和问题跟踪器不能默认启用，因为它需要额外的设置。禁用的仓库单元将不会添加到新的仓库中，无论它是否在默认列表中。
+- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages,repo.actions**: 逗号分隔的默认新仓库单元列表。允许的值是：: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions\]. 注意：目前无法停用代码和发布。如果您指定了默认的仓库单元，您仍应将它们列出以保持未来的兼容性。外部wiki和问题跟踪器不能默认启用，因为它需要额外的设置。禁用的仓库单元将不会添加到新的仓库中，无论它是否在默认列表中。
 - `DEFAULT_FORK_REPO_UNITS`: **repo.code,repo.pulls**: 逗号分隔的默认分叉仓库单元列表。允许的值和规则与`DEFAULT_REPO_UNITS`相同。
 - `PREFIX_ARCHIVE_FILES`: **true**: 通过将存档文件放置在以仓库命名的目录中来添加前缀。
 - `DISABLE_MIGRATIONS`: **false**: 禁用迁移功能。
@@ -145,7 +145,7 @@ menu:
 - `ENABLED`: **true**: 是否启用仓库文件上传。
 - `TEMP_PATH`: **data/tmp/uploads**: 文件上传的临时保存路径(在Gitea重启的时候该目录会被清空)。
 - `ALLOWED_TYPES`: **_empty_**: 以逗号分割的列表，代表支持上传的文件类型。(`.zip`), mime类型 (`text/plain`) or 通配符类型 (`image/*`, `audio/*`, `video/*`). 为空或者 `*/*`代表允许所有类型文件。
- `FILE_MAX_SIZE`: **3**: 每个文件的最大大小(MB)。
+- `FILE_MAX_SIZE`: **50**: 每个文件的最大大小(MB)。
 - `MAX_FILES`: **5**: 每次上传的最大文件数。

 ### 仓库 - 版本发布 (`repository.release`)
@@ -195,9 +195,7 @@ menu:
 ## 跨域 (`cors`)

 - `ENABLED`: **false**: 启用 CORS 头部（默认禁用）
- `SCHEME`: **http**: 允许请求的协议
 - `ALLOW_DOMAIN`: **\***: 允许请求的域名列表
- `ALLOW_SUBDOMAIN`: **false**: 允许上述列出的头部的子域名发出请求。
 - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: 允许发起的请求方式列表
 - `MAX_AGE`: **10m**: 缓存响应的最大时间
 - `ALLOW_CREDENTIALS`: **false**: 允许带有凭据的请求
@@ -214,9 +212,9 @@ menu:
 - `SITEMAP_PAGING_NUM`: **20**: 在单个子SiteMap中显示的项数。
 - `GRAPH_MAX_COMMIT_NUM`: **100**: 提交图中显示的最大commit数量。
 - `CODE_COMMENT_LINES`: **4**: 在代码评论中能够显示的最大代码行数。
- `DEFAULT_THEME`: **auto**: \[auto, gitea, arc-green\]: 在Gitea安装时候设置的默认主题。
+- `DEFAULT_THEME`: **gitea-auto**: \[gitea-auto, gitea-light, gitea-dark\]: 在Gitea安装时候设置的默认主题。
 - `SHOW_USER_EMAIL`: **true**: 用户的电子邮件是否应该显示在`Explore Users`页面中。
- `THEMES`:  **auto,gitea,arc-green**: 所有可用的主题。允许用户选择个性化的主题，
+- `THEMES`:  **gitea-auto,gitea-light,gitea-dark**: 所有可用的主题。允许用户选择个性化的主题，
  而不受DEFAULT_THEME 值的影响。
 - `MAX_DISPLAY_FILE_SIZE`: **8388608**: 能够显示文件的最大大小（默认为8MiB）。
 - `REACTIONS`: 用户可以在问题（Issue）、Pull Request（PR）以及评论中选择的所有可选的反应。
@@ -335,7 +333,7 @@ menu:
 - `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** 或 **username, email**：\[off, username, email, anything\]：指定允许用户用作 principal 的值。当设置为 `anything` 时，对 principal 字符串不执行任何检查。当设置为 `off` 时，不允许设置授权的 principal。
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**：当 Gitea 不使用内置 SSH 服务器且 `SSH_AUTHORIZED_PRINCIPALS_ALLOW` 不为 `off` 时，默认情况下 Gitea 会创建一个 authorized_principals 文件。
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**：在重写所有密钥时启用 SSH 授权 principal 备份，默认值为 true（如果 `SSH_AUTHORIZED_PRINCIPALS_ALLOW` 不为 `off`）。
- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**：设置用于传递授权密钥的命令模板。可能的密钥是：AppPath、AppWorkPath、CustomConf、CustomPath、Key，其中 Key 是 `models/asymkey.PublicKey`，其他是 shellquoted 字符串。
+- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **`{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}`**：设置用于传递授权密钥的命令模板。可能的密钥是：AppPath、AppWorkPath、CustomConf、CustomPath、Key，其中 Key 是 `models/asymkey.PublicKey`，其他是 shellquoted 字符串。
 - `SSH_SERVER_CIPHERS`: **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com**：对于内置的 SSH 服务器，选择支持的 SSH 连接的加密方法，对于系统 SSH，此设置无效。
 - `SSH_SERVER_KEY_EXCHANGES`: **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1**：对于内置 SSH 服务器，选择支持的 SSH 连接的密钥交换算法，对于系统 SSH，此设置无效。
 - `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1**：对于内置 SSH 服务器，选择支持的 SSH 连接的 MAC 算法，对于系统 SSH，此设置无效。
@@ -346,7 +344,7 @@ menu:
 - `SSH_PER_WRITE_TIMEOUT`: **30s**：对 SSH 连接的任何写入设置超时。（将其设置为 -1 可以禁用所有超时。）
 - `SSH_PER_WRITE_PER_KB_TIMEOUT`: **10s**：对写入 SSH 连接的每 KB 设置超时。
 - `MINIMUM_KEY_SIZE_CHECK`: **true**：指示是否检查最小密钥大小与相应类型。
- `OFFLINE_MODE`: **false**：禁用 CDN 用于静态文件和 Gravatar 用于个人资料图片。
+- `OFFLINE_MODE`: **true**：禁用 CDN 用于静态文件和 Gravatar 用于个人资料图片。
 - `CERT_FILE`: **https/cert.pem**：用于 HTTPS 的证书文件路径。在链接时，服务器证书必须首先出现，然后是中间 CA 证书（如果有）。如果 `ENABLE_ACME=true`，则此设置会被忽略。路径相对于 `CUSTOM_PATH`。
 - `KEY_FILE`: **https/key.pem**：用于 HTTPS 的密钥文件路径。如果 `ENABLE_ACME=true`，则此设置会被忽略。路径相对于 `CUSTOM_PATH`。
 - `STATIC_ROOT_PATH`: **_`StaticRootPath`_**：模板和静态文件路径的上一级。
@@ -472,7 +470,7 @@ menu:

 - `TYPE`：**level**：通用队列类型，当前支持：`level`（在内部使用 LevelDB）、`channel`、`redis`、`dummy`。无效的类型将视为 `level`。
 - `DATADIR`：**queues/common**：用于存储 level 队列的基本 DataDir。单独的队列的 `DATADIR` 可以在 `queue.name` 部分进行设置。相对路径将根据 `%(APP_DATA_PATH)s` 变为绝对路径。
- `LENGTH`：**100**：通道队列阻塞之前的最大队列大小
+- `LENGTH`：**100000**：通道队列阻塞之前的最大队列大小
 - `BATCH_LENGTH`：**20**：在传递给处理程序之前批处理数据
 - `CONN_STR`：**redis://127.0.0.1:6379/0**：redis 队列类型的连接字符串。对于 `redis-cluster`，使用 `redis+cluster://127.0.0.1:6379/0`。可以使用查询参数来设置选项。类似地，LevelDB 选项也可以使用：**leveldb://relative/path?option=value** 或 **leveldb:///absolute/path?option=value** 进行设置，并将覆盖 `DATADIR`。
 - `QUEUE_NAME`：**_queue**：默认的 redis 和磁盘队列名称的后缀。单独的队列将默认为 **`name`**`QUEUE_NAME`，但可以在特定的 `queue.name` 部分中进行覆盖。
@@ -506,7 +504,6 @@ Gitea 创建以下非唯一队列：
 - `SECRET_KEY`: **\<每次安装时随机生成\>**：全局服务器安全密钥。这个密钥非常重要，如果丢失将无法解密加密的数据（例如 2FA）。
 - `SECRET_KEY_URI`: **_empty_**：与定义 `SECRET_KEY` 不同，此选项可用于使用存储在文件中的密钥（示例值：`file:/etc/gitea/secret_key`）。它不应该像 `SECRET_KEY` 一样容易丢失。
 - `LOGIN_REMEMBER_DAYS`: **7**：Cookie 保存时间，单位为天。
- `COOKIE_USERNAME`: **gitea\_awesome**：保存用户名的 Cookie 名称。
 - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**：保存自动登录信息的 Cookie 名称。
 - `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**：反向代理认证的 HTTP 头部名称，用于提供用户信息。
 - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**：反向代理认证的 HTTP 头部名称，用于提供邮箱信息。
@@ -722,7 +719,6 @@ Gitea 创建以下非唯一队列：

 ## 缓存 (`cache`)

- `ENABLED`: **true**: 是否启用缓存。
 - `ADAPTER`: **memory**: 缓存引擎，可以为 `memory`, `redis`, `redis-cluster`, `twoqueue` 和 `memcache`. (`twoqueue` 代表缓冲区固定的LRU缓存)
 - `INTERVAL`: **60**: 垃圾回收间隔(秒)，只对`memory`和`towqueue`有效。
 - `HOST`: **_empty_**: 缓存配置。`redis`, `redis-cluster`，`memcache`配置连接字符串;`twoqueue` 设置队列参数
@@ -734,7 +730,6 @@ Gitea 创建以下非唯一队列：

 ### 缓存 - 最后提交缓存设置 (`cache.last_commit`)

- `ENABLED`: **true**：是否启用缓存。
 - `ITEM_TTL`: **8760h**：如果未使用，保持缓存中的项目的时间，将其设置为 -1 会禁用缓存。
 - `COMMITS_COUNT`: **1000**：仅在存储库的提交计数大于时启用缓存。

@@ -784,7 +779,7 @@ Gitea 创建以下非唯一队列：

 - `ENABLED`: **true**: 是否允许用户上传附件。
 - `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: 允许的文件扩展名（`.zip`）、mime 类型（`text/plain`）或通配符类型（`image/*`、`audio/*`、`video/*`）的逗号分隔列表。空值或 `*/*` 允许所有类型。
- `MAX_SIZE`: **4**: 附件的最大限制（MB）。
+- `MAX_SIZE`: **2048**: 附件的最大限制（MB）。
 - `MAX_FILES`: **5**: 一次最多上传的附件数量。
 - `STORAGE_TYPE`: **local**: 附件的存储类型，`local` 表示本地磁盘，`minio` 表示兼容 S3 的对象存储服务，如果未设置将使用默认值 `local` 或其他在 `[storage.xxx]` 中定义的名称。
 - `SERVE_DIRECT`: **false**: 允许存储驱动器重定向到经过身份验证的 URL 以直接提供文件。目前，只支持 Minio/S3 通过签名 URL 提供支持，local 不会执行任何操作。
@@ -1040,10 +1035,11 @@ Gitea 创建以下非唯一队列：

 ## API (`api`)

- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 (`/api/swagger`, `/api/v1/swagger`, …)。
- `MAX_RESPONSE_ITEMS`: **50**: 单个页面的最大 Feed.
- `ENABLE_OPENID_SIGNIN`: **false**: 允许使用OpenID登录，当设置为`true`时可以通过 `/user/login` 页面进行OpenID登录。
- `DISABLE_REGISTRATION`: **false**: 关闭用户注册。
+- `ENABLE_SWAGGER`: **true**: 启用API文档接口 (`/api/swagger`, `/api/v1/swagger`, …). True or false。
+- `MAX_RESPONSE_ITEMS`: **50**: API分页的最大单页项目数。
+- `DEFAULT_PAGING_NUM`: **30**: API分页的默认分页数。
+- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Git trees API的默认单页项目数。
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760** (10MiB): blobs API的默认最大文件大小。

 ## OAuth2 (`oauth2`)

@@ -1056,7 +1052,7 @@ Gitea 创建以下非唯一队列：
 - `JWT_SECRET_URI`：**_empty_**：可以使用此配置选项，而不是在配置中定义`JWT_SECRET`，以向Gitea提供包含密钥的文件的路径（示例值：`file:/etc/gitea/oauth2_jwt_secret`）。
 - `JWT_SIGNING_PRIVATE_KEY_FILE`：**jwt/private.pem**：用于签署OAuth2令牌的私钥文件路径。路径相对于`APP_DATA_PATH`。仅当`JWT_SIGNING_ALGORITHM`设置为`RS256`，`RS384`，`RS512`，`ES256`，`ES384`或`ES512`时才需要此设置。文件必须包含PKCS8格式的RSA或ECDSA私钥。如果不存在密钥，则将为您创建一个4096位密钥。
 - `MAX_TOKEN_LENGTH`：**32767**：从OAuth2提供者接受的令牌/cookie的最大长度。
- `DEFAULT_APPLICATIONS`：**git-credential-oauth，git-credential-manager**：在启动时预注册用于某些服务的OAuth应用程序。有关可用选项列表，请参阅[OAuth2文档](/development/oauth2-provider.md)。
+- `DEFAULT_APPLICATIONS`：**git-credential-oauth，git-credential-manager, tea**：在启动时预注册用于某些服务的OAuth应用程序。有关可用选项列表，请参阅[OAuth2文档](/development/oauth2-provider.md)。

 ## i18n (`i18n`)

@@ -1337,17 +1333,17 @@ PROXY_HOSTS = *.github.com
 - `MINIO_BASE_PATH`: **actions_log/**：Minio存储桶上的基本路径，仅在`STORAGE_TYPE`为`minio`时可用。

 `DEFAULT_ACTIONS_URL` 指示 Gitea 操作运行程序应该在哪里找到带有相对路径的操作。
-例如，`uses: actions/checkout@v3` 表示 `https://github.com/actions/checkout@v3`，因为 `DEFAULT_ACTIONS_URL` 的值为 `github`。
-它可以更改为 `self`，以使其成为 `root_url_of_your_gitea/actions/checkout@v3`。
+例如，`uses: actions/checkout@v4` 表示 `https://github.com/actions/checkout@v4`，因为 `DEFAULT_ACTIONS_URL` 的值为 `github`。
+它可以更改为 `self`，以使其成为 `root_url_of_your_gitea/actions/checkout@v4`。

 请注意，对于大多数情况，不建议使用 `self`，因为它可能使名称在全局范围内产生歧义。
 此外，它要求您将所有所需的操作镜像到您的 Gitea 实例，这可能不值得。
 因此，请仅在您了解自己在做什么的情况下使用 `self`。

-在早期版本（<= 1.19）中，`DEFAULT_ACTIONS_URL` 可以设置为任何自定义 URL，例如 `https://gitea.com` 或 `http://your-git-server,https://gitea.com`，默认值为 `https://gitea.com`。
+在早期版本（`<= 1.19`）中，`DEFAULT_ACTIONS_URL` 可以设置为任何自定义 URL，例如 `https://gitea.com` 或 `http://your-git-server,https://gitea.com`，默认值为 `https://gitea.com`。
 然而，后来的更新删除了这些选项，现在唯一的选项是 `github` 和 `self`，默认值为 `github`。
 但是，如果您想要使用其他 Git 服务器中的操作，您可以在 `uses` 字段中使用完整的 URL，Gitea 支持此功能（GitHub 不支持）。
-例如 `uses: https://gitea.com/actions/checkout@v3` 或 `uses: http://your-git-server/actions/checkout@v3`。
+例如 `uses: https://gitea.com/actions/checkout@v4` 或 `uses: http://your-git-server/actions/checkout@v4`。

 ## 其他 (`other`)

--- a/docs/content/administration/customizing-gitea.en-us.md
+++ b/docs/content/administration/customizing-gitea.en-us.md
@@ -370,7 +370,8 @@ A full list of supported emoji's is at [emoji list](https://gitea.com/gitea/gite

 ## Customizing the look of Gitea

-The default built-in themes are `gitea` (light), `arc-green` (dark), and `auto` (chooses light or dark depending on operating system settings).
+The built-in themes are `gitea-light`, `gitea-dark`, and `gitea-auto` (which automatically adapts to OS settings).
+
 The default theme can be changed via `DEFAULT_THEME` in the [ui](administration/config-cheat-sheet.md#ui-ui) section of `app.ini`.

 Gitea also has support for user themes, which means every user can select which theme should be used.
@@ -384,7 +385,7 @@ To make a custom theme available to all users:

 Community themes are listed in [gitea/awesome-gitea#themes](https://gitea.com/gitea/awesome-gitea#themes).

-The `arc-green` theme source can be found [here](https://github.com/go-gitea/gitea/blob/main/web_src/css/themes/theme-arc-green.css).
+The default theme sources can be found [here](https://github.com/go-gitea/gitea/blob/main/web_src/css/themes).

 If your custom theme is considered a dark theme, set the global css variable `--is-dark-theme` to `true`.
 This allows Gitea to adjust the Monaco code editor's theme accordingly.
--- a/docs/content/administration/customizing-gitea.zh-cn.md
+++ b/docs/content/administration/customizing-gitea.zh-cn.md
@@ -42,11 +42,11 @@ Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板

 将自定义的公共文件（比如页面和图片）作为 webroot 放在 `custom/public/` 中来让 Gitea 提供这些自定义内容（符号链接将被追踪）。

-举例说明：`image.png` 存放在 `custom/public/`中，那么它可以通过链接 http://gitea.domain.tld/assets/image.png 访问。
+举例说明：`image.png` 存放在 `custom/public/assets/`中，那么它可以通过链接 http://gitea.domain.tld/assets/image.png 访问。

 ## 修改默认头像

-替换以下目录中的 png 图片： `custom/public/img/avatar\_default.png`
+替换以下目录中的 png 图片： `custom/public/assets/img/avatar\_default.png`

 ## 自定义 Gitea 页面

@@ -86,5 +86,6 @@ Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板

 ## 更改 Gitea 外观

-Gitea 目前由两种内置主题，分别为默认 `gitea` 主题和深色主题 `arc-green`，您可以通过修改
-`app.ini` [ui](administration/config-cheat-sheet.md#ui-ui) 部分的 `DEFAULT_THEME` 的值来变更至一个可用的 Gitea 外观。
+内置主题是“gitea-light”、“gitea-dark”和“gitea-auto”（自动适应操作系统设置）。
+
+默认主题可以通过 `app.ini` 的 [ui](administration/config-cheat-sheet.md#ui-ui) 部分中的 `DEFAULT_THEME` 进行更改。
--- a/docs/content/administration/email-setup.en-us.md
+++ b/docs/content/administration/email-setup.en-us.md
@@ -61,7 +61,7 @@ Please note: authentication is only supported when the SMTP server communication

 - STARTTLS (also known as Opportunistic TLS) via port 587. Initial connection is done over cleartext, but then be upgraded over TLS if the server supports it.
 - SMTPS connection (SMTP over TLS) via the default port 465. Connection to the server use TLS from the beginning.
- Forced SMTPS connection with `IS_TLS_ENABLED=true`. (These are both known as Implicit TLS.)
+- Forced SMTPS connection with `PROTOCOL=smtps`. (These are both known as Implicit TLS.)
 This is due to protections imposed by the Go internal libraries against STRIPTLS attacks.

 Note that Implicit TLS is recommended by [RFC8314](https://tools.ietf.org/html/rfc8314#section-3) since 2018.
--- a/docs/content/administration/email-setup.zh-cn.md
+++ b/docs/content/administration/email-setup.zh-cn.md
@@ -55,13 +55,13 @@ PASSWD         = `password`

 要发送测试邮件以验证设置，请转到 Gitea > 站点管理 > 配置 > SMTP 邮件配置。

-有关所有选项的完整列表，请查看[配置速查表](doc/administration/config-cheat-sheet.zh-cn.md)。
+有关所有选项的完整列表，请查看[配置速查表](administration/config-cheat-sheet.md)。

 请注意：只有在使用 TLS 或 `HOST=localhost` 加密 SMTP 服务器通信时才支持身份验证。TLS 加密可以通过以下方式进行：

 - 通过端口 587 的 STARTTLS（也称为 Opportunistic TLS）。初始连接是明文的，但如果服务器支持，则可以升级为 TLS。
 - 通过默认端口 465 的 SMTPS 连接。连接到服务器从一开始就使用 TLS。
- 使用 `IS_TLS_ENABLED=true` 进行强制的 SMTPS 连接。（这两种方式都被称为 Implicit TLS）
+- 使用 `PROTOCOL=smtps` 进行强制的 SMTPS 连接。（这两种方式都被称为 Implicit TLS）
 这是由于 Go 内部库对 STRIPTLS 攻击的保护机制。

 请注意，自2018年起，[RFC8314](https://tools.ietf.org/html/rfc8314#section-3) 推荐使用 Implicit TLS。
--- a/docs/content/administration/external-renderers.zh-cn.md
+++ b/docs/content/administration/external-renderers.zh-cn.md
@@ -194,7 +194,7 @@ ALLOW_DATA_URI_IMAGES = true
 }
 ```

-将您的样式表添加到自定义目录中，例如 `custom/public/css/my-style-XXXXX.css`，并使用自定义的头文件 `custom/templates/custom/header.tmpl` 进行导入：
+将您的样式表添加到自定义目录中，例如 `custom/public/assets/css/my-style-XXXXX.css`，并使用自定义的头文件 `custom/templates/custom/header.tmpl` 进行导入：

 ```html
 <link rel="stylesheet" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
--- a/docs/content/administration/https-support.zh-cn.md
+++ b/docs/content/administration/https-support.zh-cn.md
@@ -33,7 +33,7 @@ CERT_FILE = cert.pem
 KEY_FILE  = key.pem
 ```

-请注意，如果您的证书由第三方证书颁发机构签名（即不是自签名的），则 cert.pem 应包含证书链。服务器证书必须是 cert.pem 中的第一个条目，后跟中介（如果有）。不必包含根证书，因为连接客户端必须已经拥有根证书才能建立信任关系。要了解有关配置值的更多信息，请查看 [配置备忘单](../config-cheat-sheet#server-server)。
+请注意，如果您的证书由第三方证书颁发机构签名（即不是自签名的），则 cert.pem 应包含证书链。服务器证书必须是 cert.pem 中的第一个条目，后跟中介（如果有）。不必包含根证书，因为连接客户端必须已经拥有根证书才能建立信任关系。要了解有关配置值的更多信息，请查看 [配置备忘单](administration/config-cheat-sheet#server-server)。

 对于“CERT_FILE”或“KEY_FILE”字段，当文件路径是相对路径时，文件路径相对于“GITEA_CUSTOM”环境变量。它也可以是绝对路径。

--- a/docs/content/administration/reverse-proxies.en-us.md
+++ b/docs/content/administration/reverse-proxies.en-us.md
@@ -381,3 +381,9 @@ If you really need to do so, to make Gitea works with sub-path (eg: `http://exam
 1. Set `[server] ROOT_URL = http://example.com/gitea/` in your `app.ini` file.
 2. Make the reverse-proxy pass `http://example.com/gitea/foo` to `http://gitea-server:3000/foo`.
 3. Make sure the reverse-proxy not decode the URI, the request `http://example.com/gitea/a%2Fb` should be passed as `http://gitea-server:3000/a%2Fb`.
+
+## Docker / Container Registry
+
+The container registry uses a fixed sub-path `/v2` which can't be changed.
+Even if you deploy Gitea with a different sub-path, `/v2` will be used by the `docker` client.
+Therefore you may need to add an additional route to your reverse proxy configuration.
--- a/docs/content/administration/search-engines-indexation.en-us.md
+++ b/docs/content/administration/search-engines-indexation.en-us.md
@@ -23,7 +23,7 @@ If you don't want your repository to be visible for search engines read further.
 ## Block search engines indexation using robots.txt

 To make Gitea serve a custom `robots.txt` (default: empty 404) for top level installations,
-create a file called `robots.txt` in the [`custom` folder or `CustomPath`](administration/customizing-gitea.md)
+create a file with path `public/robots.txt` in the [`custom` folder or `CustomPath`](administration/customizing-gitea.md)

 Examples on how to configure the `robots.txt` can be found at [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt).

--- a/docs/content/administration/search-engines-indexation.zh-cn.md
+++ b/docs/content/administration/search-engines-indexation.zh-cn.md
@@ -22,7 +22,7 @@ menu:

 ## 使用 robots.txt 阻止搜索引擎索引

-为了使 Gitea 为顶级安装提供自定义的`robots.txt`（默认为空的 404），请在[`custom`文件夹或`CustomPath`]（administration/customizing-gitea.md）中创建一个名为 `robots.txt` 的文件。
+为了使 Gitea 为顶级安装提供自定义的`robots.txt`（默认为空的 404），请在 [`custom`文件夹或`CustomPath`]（administration/customizing-gitea.md）中创建一个名为 `public/robots.txt` 的文件。

 有关如何配置 `robots.txt` 的示例，请参考 [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt)。

--- a/docs/content/contributing.fr-fr.md
+++ b/docs/content/contributing.fr-fr.md
@@ -1,13 +0,0 @@
---
-date: "2021-01-22T00:00:00+02:00"
-title: "Übersetzung"
-slug: "contributing"
-sidebar_position: 35
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "Übersetzung"
-    sidebar_position: 50
-    identifier: "contributing"
---
--- a/docs/content/contributing.zh-tw.md
+++ b/docs/content/contributing.zh-tw.md
@@ -1,13 +0,0 @@
---
-date: "2021-01-22T00:00:00+02:00"
-title: "貢獻"
-slug: "contributing"
-sidebar_position: 35
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "貢獻"
-    sidebar_position: 50
-    identifier: "contributing"
---
--- a/docs/content/contributing/_index.de-de.md
+++ b/docs/content/contributing/_index.de-de.md
--- a/docs/content/contributing/_index.zh-tw.md
+++ b/docs/content/contributing/_index.zh-tw.md
--- a/docs/content/contributing/localization.zh-tw.md
+++ b/docs/content/contributing/localization.zh-tw.md
@@ -1,34 +0,0 @@
---
-date: "2016-12-01T16:00:00+02:00"
-title: "在地化"
-slug: "localization"
-sidebar_position: 70
-toc: false
-draft: false
-aliases:
-  - /zh-tw/localization
-menu:
-  sidebar:
-    parent: "contributing"
-    name: "在地化"
-    sidebar_position: 70
-    identifier: "localization"
---
-
-# 在地化
-
-我們在 [Crowdin 專案](https://crowdin.com/project/gitea)上進行在地化工作。
-
-**英語系**的翻譯，可在修改[英文語言檔](https://github.com/go-gitea/gitea/blob/main/options/locale/locale_en-US.ini)後提出合併請求。
-
-**非英語系**的翻譯，請前往上述的 Crowdin 專案。
-
-## 已支援的語言
-
-上述 Crowdin 專案中列出的語言在翻譯超過 25% 後將被支援。
-
-翻譯被認可後將在下次 Crowdin 同步後進入到主儲存庫，通常是在任何合併請求被合併之後。
-
-這表示更改的翻譯要到下次 Gitea 發佈後才會出現。
-
-如果您使用的是最新建置，它將會在同步完成、您更新後出現。
--- a/docs/content/development.zh-tw.md
+++ b/docs/content/development.zh-tw.md
@@ -1,13 +0,0 @@
---
-date: "2016-12-01T16:00:00+02:00"
-title: "開發"
-slug: "development"
-sidebar_position: 40
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "開發"
-    sidebar_position: 40
-    identifier: "development"
---
--- a/docs/content/development/_index.zh-tw.md
+++ b/docs/content/development/_index.zh-tw.md
--- a/docs/content/development/api-usage.en-us.md
+++ b/docs/content/development/api-usage.en-us.md
@@ -19,10 +19,7 @@ menu:

 ## Enabling/configuring API access

-By default, `ENABLE_SWAGGER` is true, and
-`MAX_RESPONSE_ITEMS` is set to 50. See [Config Cheat
-Sheet](administration/config-cheat-sheet.md) for more
-information.
+By default, `ENABLE_SWAGGER` is true, and `MAX_RESPONSE_ITEMS` is set to 50. See [Config Cheat Sheet](administration/config-cheat-sheet.md) for more information.

 ## Authentication

--- a/docs/content/development/api-usage.zh-cn.md
+++ b/docs/content/development/api-usage.zh-cn.md
@@ -19,8 +19,7 @@ menu:

 ## 开启/配置 API 访问

-通常情况下， `ENABLE_SWAGGER` 默认开启并且参数 `MAX_RESPONSE_ITEMS` 默认为 50。您可以从 [Config Cheat
-Sheet](administration/config-cheat-sheet.md) 中获取更多配置相关信息。
+通常情况下， `ENABLE_SWAGGER` 默认开启并且参数 `MAX_RESPONSE_ITEMS` 默认为 50。您可以从 [Config Cheat Sheet](administration/config-cheat-sheet.md) 中获取更多配置相关信息。

 ## 通过 API 认证

--- a/docs/content/development/integrations.zh-tw.md
+++ b/docs/content/development/integrations.zh-tw.md
@@ -1,24 +0,0 @@
---
-date: "2019-04-15T17:29:00+08:00"
-title: "整合"
-slug: "integrations"
-sidebar_position: 65
-toc: false
-draft: false
-aliases:
-  - /zh-tw/integrations
-menu:
-  sidebar:
-    parent: "development"
-    name: "整合"
-    sidebar_position: 65
-    identifier: "integrations"
---
-
-# 整合
-
-Gitea 有著很棒的第三方整合社群， 以及其它有著一流支援的專案。
-
-我們持續的整理一份清單以追蹤他們！請到 [awesome-gitea](https://gitea.com/gitea/awesome-gitea) 查看。
-
-如果您正在找尋有關 [CI/CD](https://gitea.com/gitea/awesome-gitea#user-content-devops)、[SDK](https://gitea.com/gitea/awesome-gitea#user-content-sdk) 或是其它佈景主題，您可以在存儲庫 [awesome-gitea](https://gitea.com/gitea/awesome-gitea) 找到他們。
--- a/docs/content/development/migrations.zh-tw.md
+++ b/docs/content/development/migrations.zh-tw.md
@@ -1,41 +0,0 @@
---
-date: "2019-04-15T17:29:00+08:00"
-title: "遷移介面"
-slug: "migrations-interfaces"
-sidebar_position: 55
-toc: false
-draft: false
-aliases:
-  - /zh-tw/migrations-interfaces
-menu:
-  sidebar:
-    parent: "development"
-    name: "遷移介面"
-    sidebar_position: 55
-    identifier: "migrations-interfaces"
---
-
-# 遷移功能
-
-完整的遷移從 Gitea 1.9.0 開始提供。它定義了兩個介面用來從其它 Git 託管平臺遷移儲存庫資料到 Gitea，未來或許會提供遷移到其它 git 託管平臺。
-目前已實作了從 Github, Gitlab 和其它 Gitea 遷移資料。
-
-Gitea 定義了一些基本物件於套件 [modules/migration](https://github.com/go-gitea/gitea/tree/master/modules/migration)。
-分別是 `Repository`, `Milestone`, `Release`, `ReleaseAsset`, `Label`, `Issue`, `Comment`, `PullRequest`, `Reaction`, `Review`, `ReviewComment`。
-
-## Downloader 介面
-
-從新的 Git 託管平臺遷移，有兩個新的步驟。
-
- 您必須實作一個 `Downloader`，它用來取得儲存庫資訊。
- 您必須實作一個 `DownloaderFactory`，它用來偵測 URL 是否符合並建立上述的 `Downloader`。
-  - 您需要在 `init()` 透過 `RegisterDownloaderFactory` 來註冊 `DownloaderFactory`。
-
-您可以在 [downloader.go](https://github.com/go-gitea/gitea/blob/main/modules/migration/downloader.go) 中找到這些介面。
-
-## Uploader 介面
-
-目前只有 `GiteaLocalUploader` 被實作出來，所以我們只能通過 `Uploader` 儲存已下載的資料到本地的 Gitea 實例。
-目前尚未支援其它 Uploader。
-
-您可以在 [uploader.go](https://github.com/go-gitea/gitea/blob/main/modules/migration/uploader.go) 中找到這些介面。
--- a/docs/content/development/oauth2-provider.en-us.md
+++ b/docs/content/development/oauth2-provider.en-us.md
@@ -86,6 +86,7 @@ Gitea creates OAuth applications for the following services by default on startu
 |-----------|-----------|---------|
 |[git-credential-oauth](https://github.com/hickford/git-credential-oauth)|Git credential helper|`a4792ccc-144e-407e-86c9-5e7d8d9c3269`|
 |[Git Credential Manager](https://github.com/git-ecosystem/git-credential-manager)|Git credential helper|`e90ee53c-94e2-48ac-9358-a874fb9e0662`|
+|[tea](https://gitea.com/gitea/tea)|tea|`d57cb8c4-630c-4168-8324-ec79935e18d4`|

 To prevent unexpected behavior, they are being displayed as locked in the UI and their creation can instead be controlled by the `DEFAULT_APPLICATIONS` parameter in `app.ini`.

--- a/docs/content/development/oauth2-provider.zh-tw.md
+++ b/docs/content/development/oauth2-provider.zh-tw.md
@@ -1,96 +0,0 @@
---
-date: "2019-04-19:44:00+01:00"
-title: "OAuth2 提供者"
-slug: "oauth2-provider"
-sidebar_position: 41
-toc: false
-draft: false
-aliases:
-  - /zh-tw/oauth2-provider
-menu:
-  sidebar:
-    parent: "development"
-    name: "OAuth2 提供者"
-    sidebar_position: 41
-    identifier: "oauth2-provider"
---
-
-# OAuth2 提供者
-
-**目錄**
-
-Gitea 支援作為 OAuth2 提供者，能讓第三方程式能在使用者同意下存取 Gitea 的資源。此功能自 1.8.0 版開始提供。
-
-## Endpoint
-
-| Endpoint               | URL                         |
-| ---------------------- | --------------------------- |
-| Authorization Endpoint | `/login/oauth/authorize`    |
-| Access Token Endpoint  | `/login/oauth/access_token` |
-
-## 支援的 OAuth2 Grant
-
-目前 Gitea 只支援 [**Authorization Code Grant**](https://tools.ietf.org/html/rfc6749#section-1.3.1) 標準並額外支援下列擴充標準：
-
- [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636)
- [OpenID Connect (OIDC)](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
-
-若想要讓第三方程式使用 Authorization Code Grant，需先在「設定」(`/user/settings/applications`)中註冊一個新的應用程式。
-
-## Scope
-
-目前 Gitea 尚未支援 scope （參見 [#4300](https://github.com/go-gitea/gitea/issues/4300)），所有的第三方程式都可獲得該使用者及他所屬的組織中所有資源的存取權。
-
-## 範例
-
-**備註：** 此範例未使用 PKCE。
-
-1. 重新導向使用者到 authorization endpoint 以獲得他同意授權存取資源：
-    <!-- 1. Redirect to user to the authorization endpoint in order to get their consent for accessing the resources: -->
-
-   ```curl
-   https://[YOUR-GITEA-URL]/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI& response_type=code&state=STATE
-   ```
-
-   在設定中註冊應用程式以獲得 `CLIENT_ID`。`STATE` 是一個隨機的字串，它將在使用者授權後發送回您的應用程式。`state` 參數是選用的，但應該要用它來防止 CSRF 攻擊。
-
-   ![Authorization Page](/authorize.png)
-
-   使用者將會被詢問是否授權給您的應用程式。如果它們同意了，使用者將被重新導向到 `REDIRECT_URL`，例如：
-
-   ```curl
-   https://[REDIRECT_URI]?code=RETURNED_CODE&state=STATE
-   ```
-
-1. 使用重新導向提供的 `code`，您可以要求一個新的應用程式和 Refresh Token。Access Token Endpoint 接受 POST 請求使用 `application/json` 或 `application/x-www-form-urlencoded` 類型的請求內容，例如：
-
-   ```curl
-   POST https://[YOUR-GITEA-URL]/login/oauth/access_token
-   ```
-
-   ```json
-   {
-     "client_id": "YOUR_CLIENT_ID",
-     "client_secret": "YOUR_CLIENT_SECRET",
-     "code": "RETURNED_CODE",
-     "grant_type": "authorization_code",
-     "redirect_uri": "REDIRECT_URI"
-   }
-   ```
-
-   回應：
-
-   ```json
-   {
-     "access_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjowLCJleHAiOjE1NTUxNzk5MTIsImlhdCI6MTU1NTE3NjMxMn0.0-iFsAwBtxuckA0sNZ6QpBQmywVPz129u75vOM7wPJecw5wqGyBkmstfJHAjEOqrAf_V5Z-1QYeCh_Cz4RiKug",
-     "token_type": "bearer",
-     "expires_in": 3600,
-     "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjoxLCJjbnQiOjEsImV4cCI6MTU1NzgwNDMxMiwiaWF0IjoxNTU1MTc2MzEyfQ.S_HZQBy4q9r5SEzNGNIoFClT43HPNDbUdHH-GYNYYdkRfft6XptJBkUQscZsGxOW975Yk6RbgtGvq1nkEcklOw"
-   }
-   ```
-
-   `CLIENT_SECRET` 是產生給此應用程式的唯一密鑰。請記住該密鑰只會在您於 Gitea 建立/註冊應用程式時出現一次。若您遺失密鑰，您必須在該應用程式的設定中重新產生密鑰。
-
-   `access_token` 請求中的 `REDIRECT_URI` 必須符合 `authorize` 請求中的 `REDIRECT_URI`。
-
-1. 發送 [API requests](development/api-usage.md#oauth2-provider) 時使用 `access_token` 以存取使用者的資源。
--- a/docs/content/help.fr-fr.md
+++ b/docs/content/help.fr-fr.md
@@ -1,13 +0,0 @@
---
-date: "2017-01-20T15:00:00+08:00"
-title: "Aide"
-slug: "help"
-sidebar_position: 5
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "Aide"
-    sidebar_position: 100
-    identifier: "help"
---
--- a/docs/content/help.zh-tw.md
+++ b/docs/content/help.zh-tw.md
@@ -1,13 +0,0 @@
---
-date: "2017-01-20T15:00:00+08:00"
-title: "幫助"
-slug: "help"
-sidebar_position: 5
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "幫助"
-    sidebar_position: 100
-    identifier: "help"
---
--- a/docs/content/help/_index.zh-tw.md
+++ b/docs/content/help/_index.zh-tw.md
--- a/docs/content/help/faq.en-us.md
+++ b/docs/content/help/faq.en-us.md
@@ -39,7 +39,6 @@ If a bug fix is targeted on 1.20.1 but 1.20.1 is not released yet, you can get t

 To migrate from Gogs to Gitea:

- [Gogs version 0.9.146 or less](installation/upgrade-from-gogs.md)
 - [Gogs version 0.11.46.0418](https://github.com/go-gitea/gitea/issues/4286)

 To migrate from GitHub to Gitea, you can use Gitea's built-in migration form.
@@ -138,9 +137,9 @@ All Gitea instances have the built-in API and there is no way to disable it comp
 You can, however, disable showing its documentation by setting `ENABLE_SWAGGER` to `false` in the `api` section of your `app.ini`.
 For more information, refer to Gitea's [API docs](development/api-usage.md).

-You can see the latest API (for example) on <https://try.gitea.io/api/swagger>.
+You can see the latest API (for example) on https://try.gitea.io/api/swagger

-You can also see an example of the `swagger.json` file at <https://try.gitea.io/swagger.v1.json>.
+You can also see an example of the `swagger.json` file at https://try.gitea.io/swagger.v1.json

 ## Adjusting your server for public/private use

@@ -181,7 +180,7 @@ Use [Fail2Ban](administration/fail2ban-setup.md) to monitor and stop automated l

 ## How to add/use custom themes

-Gitea supports three official themes right now, `gitea` (light), `arc-green` (dark), and `auto` (automatically switches between the previous two depending on operating system settings).
+Gitea supports three official themes right now, `gitea-light`, `gitea-dark`, and `gitea-auto` (automatically switches between the previous two depending on operating system settings).
 To add your own theme, currently the only way is to provide a complete theme (not just color overrides)

 As an example, let's say our theme is `arc-blue` (this is a real theme, and can be found [in this issue](https://github.com/go-gitea/gitea/issues/6011))
@@ -363,7 +362,7 @@ If you are receiving errors on upgrade of Gitea using MySQL that read:

 > `ORM engine initialization failed: migrate: do migrate: Error: 1118: Row size too large...`

-Please run `gitea convert` or run `ALTER TABLE table_name ROW_FORMAT=dynamic;` for each table in the database.
+Please run `gitea doctor convert` or run `ALTER TABLE table_name ROW_FORMAT=dynamic;` for each table in the database.

 The underlying problem is that the space allocated for indices by the default row format
 is too small. Gitea requires that the `ROWFORMAT` for its tables is `DYNAMIC`.
@@ -386,7 +385,7 @@ Unfortunately MySQL's `utf8` charset does not completely allow all possible UTF-
 They created a new charset and collation called `utf8mb4` that allows for emoji to be stored but tables which use
 the `utf8` charset, and connections which use the `utf8` charset will not use this.

-Please run `gitea convert`, or run `ALTER DATABASE database_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;`
+Please run `gitea doctor convert`, or run `ALTER DATABASE database_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;`
 for the database_name and run `ALTER TABLE table_name CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;`
 for each table in the database.

--- a/docs/content/help/faq.zh-cn.md
+++ b/docs/content/help/faq.zh-cn.md
@@ -41,7 +41,6 @@ menu:

 要从Gogs迁移到Gitea：

- [Gogs版本0.9.146或更低](installation/upgrade-from-gogs.md)
 - [Gogs版本0.11.46.0418](https://github.com/go-gitea/gitea/issues/4286)

 要从GitHub迁移到Gitea，您可以使用Gitea内置的迁移表单。
@@ -142,9 +141,9 @@ Gitea不提供内置的Pages服务器。您需要一个专用的域名来提供
 但是，您可以在app.ini的api部分将ENABLE_SWAGGER设置为false，以禁用其文档显示。
 有关更多信息，请参阅Gitea的[API文档](development/api-usage.md)。

-您可以在上查看最新的API（例如）<https://try.gitea.io/api/swagger>。
+您可以在上查看最新的API（例如）https://try.gitea.io/api/swagger

-您还可以在上查看`swagger.json`文件的示例 <https://try.gitea.io/swagger.v1.json>。
+您还可以在上查看`swagger.json`文件的示例 https://try.gitea.io/swagger.v1.json

 ## 调整服务器用于公共/私有使用

@@ -185,12 +184,12 @@ Gitea不提供内置的Pages服务器。您需要一个专用的域名来提供

 ## 如何添加/使用自定义主题

-Gitea 目前支持三个官方主题，分别是 `gitea`（亮色）、`arc-green`（暗色）和 `auto`（根据操作系统设置自动切换前两个主题）。
+Gitea 目前支持三个官方主题，分别是 `gitea-light`、`gitea-dark` 和 `gitea-auto`（根据操作系统设置自动切换前两个主题）。
 要添加自己的主题，目前唯一的方法是提供一个完整的主题（不仅仅是颜色覆盖）。

 假设我们的主题是 `arc-blue`（这是一个真实的主题，可以在[此问题](https://github.com/go-gitea/gitea/issues/6011)中找到）

-将`.css`文件命名为`theme-arc-blue.css`并将其添加到`custom/public/css`文件夹中
+将`.css`文件命名为`theme-arc-blue.css`并将其添加到`custom/public/assets/css`文件夹中

 通过将`arc-blue`添加到`app.ini`中的`THEMES`列表中，允许用户使用该主题

@@ -367,7 +366,7 @@ Gitea 提供了一个子命令`gitea migrate`来初始化数据库，然后您

 > `ORM engine initialization failed: migrate: do migrate: Error: 1118: Row size too large...`

-请运行`gitea convert`或对数据库中的每个表运行`ALTER TABLE table_name ROW_FORMAT=dynamic;`。
+请运行 `gitea doctor convert` 或对数据库中的每个表运行 `ALTER TABLE table_name ROW_FORMAT=dynamic;`。

 潜在问题是默认行格式分配给每个表的索引空间
 太小。Gitea 要求其表的`ROWFORMAT`为`DYNAMIC`。
@@ -390,9 +389,8 @@ SET GLOBAL innodb_large_prefix=1;
 他们创建了一个名为 `utf8mb4`的字符集和校对规则，允许存储 Emoji，但使用
 utf8 字符集的表和连接将不会使用它。

-请运行 `gitea convert` 或对数据库运行`ALTER DATABASE database_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;`
-并对每个表运行
-`ALTER TABLE table_name CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;`。
+请运行 `gitea doctor convert` 或对数据库运行 `ALTER DATABASE database_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;`
+并对每个表运行 `ALTER TABLE table_name CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;`。

 您还需要将`app.ini`文件中的数据库字符集设置为`CHARSET=utf8mb4`。

--- a/docs/content/help/support.zh-tw.md
+++ b/docs/content/help/support.zh-tw.md
@@ -1,35 +0,0 @@
---
-date: "2018-05-21T15:00:00+00:00"
-title: "取得協助"
-slug: "support"
-sidebar_position: 20
-toc: false
-draft: false
-aliases:
-  - /zh-tw/seek-help
-menu:
-  sidebar:
-    parent: "help"
-    name: "取得協助"
-    sidebar_position: 20
-    identifier: "support"
---
-
-# 取得協助
-
- [Discord 聊天室](https://discord.gg/Gitea)
- [Discourse 討論區](https://discourse.gitea.io/)
-
-**備註：** 尋求支援時，若能先備妥下列資訊將可讓提供協助的人能快速地分析您的問題：
-
-1. 您的 `app.ini` (必要時清除掉任何機密資訊)
-2. `gitea.log` (以及任何有關的日誌檔案)
-    - 例：如果錯誤和資料庫相關，提供 `xorm.log` 可能會有幫助
-3. 您看到的任何錯誤訊息
-4. 儘可能地在 [try.gitea.io](https://try.gitea.io) 觸發您的問題並記下步驟，以便其他人能重現那個問題。
-    - 這將讓我們更有機會快速地找出問題的根源並解決它。
-5. 堆棧跟踪，[請參考英文文檔](https://docs.gitea.com/help/support)
-
-## 錯誤回報
-
-如果您發現錯誤，請到 [GitHub 的 Issue](https://github.com/go-gitea/gitea/issues) 回報。
--- a/docs/content/index.de-de.md
+++ b/docs/content/index.de-de.md
@@ -1,36 +0,0 @@
---
-date: "2023-01-07T22:03:00+01:00"
-title: "Dokumentation"
-slug: /
-sidebar_position: 10
-toc: false
-draft: false
---
-
-# Was ist Gitea?
-
-Gitea ist ein einfacher, selbst gehosteter Git-Service. Änlich wie GitHub, Bitbucket oder GitLab.
-
-Gitea ist ein [Gogs](http://gogs.io)-Fork.
-
-## Ziele
-
-* Einfach zu installieren
-* Plattformübergreifend
-* Leichtgewichtig
-* Quelloffen
-
-## System Voraussetzungen
-
-* Ein Raspberry Pi 3 ist leistungsstark genug, um Gitea für kleine Belastungen laufen zu lassen.
-* 2 CPU Kerne und 1GB RAM sind für kleine Teams/Projekte ausreichend.
-* Gitea sollte unter einem seperaten nicht-root Account auf UNIX-Systemen ausgeführt werden.
-  * Achtung: Gitea verwaltet die `~/.ssh/authorized_keys` Datei. Gitea unter einem normalen Benutzer auszuführen könnte dazu führen, dass dieser sich nicht mehr anmelden kann.
-* [Git](https://git-scm.com/) Version 2.0 oder aktueller wird benötigt.
-  * Wenn Git >= 2.1.2 und [Git LFS](https://git-lfs.github.com/) vorhanden ist, dann wird Git LFS Support automatisch für Gitea aktiviert.
-  * Wenn Git >= 2.18, dann wird das Rendern von Commit-Graphen automatisch aktiviert.
-
-## Browser Unterstützung
-
-* Die neuesten zwei Versionen von Chrome, Firefox, Safari und Edge
-* Firefox ESR
--- a/docs/content/index.fr-fr.md
+++ b/docs/content/index.fr-fr.md
@@ -1,273 +0,0 @@
---
-date: "2017-08-23T09:00:00+02:00"
-title: "Documentation"
-slug: /
-sidebar_position: 10
-toc: false
-draft: false
---
-
-# A propos de Gitea
-
-Gitea est un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab. Le développement initial provient sur [Gogs] (http://gogs.io), mais nous l'avons forké puis renommé Gitea. Si vous souhaitez en savoir plus sur les raisons pour lesquelles nous avons fait cela, lisez [cette publication] (https://blog.gitea.com/welcome-to-gitea/) sur le blog.
-
-## Objectif
-
-Le but de ce projet est de fournir de la manière la plus simple, la plus rapide et sans complication un service Git auto-hébergé. Grâce à Go, cela peut se faire via un binaire indépendant fonctionnant sur toutes les plateformes que Go prend en charge, y compris Linux, macOS et Windows, même sur des architectures comme ARM ou PowerPC.
-
-## Fonctionalités
-
- Tableau de bord de l'utilisateur
-  - Choix du contexte (organisation ou utilisateur actuel)
-  - Chronologie de l'activité
-    - Révisions (_Commits_)
-    - Tickets
-    - Demande d'ajout (_Pull request_)
-    - Création de dépôts
-  - Liste des dépôts
-  - Liste de vos organisations
-  - Liste des dépôts miroires
- Tableau de bord des tickets
-  - Choix du contexte (organisation ou utilisateur actuel)
-  - Filtres
-    - Ouvert
-    - Fermé
-    - Vos dépôts
-    - Tickets assignés
-    - Vos tickets
-    - Dépôts
-  - Options de tri
-    - Plus vieux
-    - Dernière mise à jour
-    - Nombre de commentaires
- Tableau de bord des demandes d'ajout
-  - Identique au tableau de bord des tickets
- Types de dépôt
-  - Miroire
-  - Normal
-  - Migré
- Notifications (courriel et web)
-  - Lu
-  - Non lu
-  - Épinglé
- Page d'exploration
-  - Utilisateurs
-  - Dépôts
-  - Organisations
-  - Moteur de recherche
- Interface personnalisables
- Fichiers publiques remplaçables (logo, css, etc)
- Protection CSRF et XSS
- Support d'HTTPS
- Configuration des types et de la taille maximale des fichiers téléversés
- Journalisation (_Log_)
- Configuration
-  - Base de données
-    - MySQL
-    - PostgreSQL
-    - SQLite3
-    - MSSQL
-    - [TiDB](https://github.com/pingcap/tidb) (MySQL protocol)
-  - Fichier de configuration
-    - Voir [ici](https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini)
-  - Panel d'administration
-    - Statistiques
-    - Actions
-      - Suppression des comptes inactifs
-      - Suppression des dépôts archivés
-      - Suppression des dépôts pour lesquels il manque leurs fichiers
-      - Exécution du _garbage collector_ sur les dépôts
-      - Ré-écriture des clefs SSH
-      - Resynchronisation des hooks
-      - Recreation des dépôts manquants
-    - Status du server
-      - Temps de disponibilité
-      - Mémoire
-      - Nombre de goroutines
-      - et bien plus...
-    - Gestion des utilisateurs
-      - Recherche
-      - Tri
-      - Dernière connexion
-      - Méthode d'authentification
-      - Nombre maximum de dépôts
-      - Désactivation du compte
-      - Permissions d'administration
-      - Permission pour crééer des hooks
-      - Permission pour crééer des organisations
-      - Permission pour importer des dépôts
-    - Gestion des organisations
-      - Membres
-      - Équipes
-      - Avatar
-      - Hooks
-    - Gestion des depôts
-      - Voir toutes les informations pour un dépôt donné et gérer tous les dépôts
-    - Méthodes d'authentification
-      - OAuth
-      - PAM
-      - LDAP
-      - SMTP
-    - Visualisation de la configuration
-      - Tout ce que contient le fichier de configuration
-    - Alertes du système
-      - Quand quelque chose d'inattendu survient
-    - Surveillance
-      - Processus courrants
-      - Tâches CRON
-        - Mise à jour des dépôts miroires
-        - Vérification de l'état des dépôts
-        - Vérification des statistiques des dépôts
-        - Nettoyage des anciennes archives
-  - Variables d'environement
-  - Options de ligne de commande
- Internationalisation ([21 langues](https://github.com/go-gitea/gitea/tree/master/options/locale))
- Courriel
-  - Notifications
-  - Confirmation d'inscription
-  - Ré-initialisation du mot de passe
- Support de _reverse proxy_
-  - _subpaths_ inclus
- Utilisateurs
-  - Profil
-    - Nom
-    - Prénom
-    - Courriel
-    - Site internet
-    - Date de création
-    - Abonnés et abonnements
-    - Organisations
-    - Dépôts
-    - Activité
-    - Dépôts suivis
-  - Paramètres
-    - Identiques au profil avec en plus les éléments ci-dessous
-    - Rendre l'adresse de courriel privée
-    - Avatar
-      - Gravatar
-      - Libravatar
-      - Personnalisé
-    - Mot de passe
-    - Courriels multiples
-    - Clefs SSH
-    - Applications connectées
-    - Authentification à double facteurs
-    - Identités OAuth2 attachées
-    - Suppression du compte
- Dépôts
-  - Clone à partir de SSH / HTTP / HTTPS
-  - Git LFS
-  - Suivre, Voter, Fork
-  - Voir les personnes qui suivent, les votes et les forks
-  - Code
-    - Navigation entre les branches
-    - Création ou téléversement de fichier depuis le navigateur
-    - URLs pour clôner le dépôt
-    - Téléchargement
-      - ZIP
-      - TAR.GZ
-    - Édition en ligne
-      - Éditeur Markdown
-      - Éditeur de texte
-        - Coloration syntaxique
-      - Visualisation des Diffs
-      - Visualisation
-      - Possibilité de choisir où sauvegarder la révision
-    - Historiques des fichiers
-    - Suppression de fichiers
-    - Voir le fichier brut
-  - Tickets
-    - Modèle de ticket
-    - Jalons
-    - Étiquettes
-    - Affecter des tickets
-    - Filtres
-      - Ouvert
-      - Ferme
-      - Personne assignée
-      - Créer par vous
-      - Qui vous mentionne
-    - Tri
-      - Plus vieux
-      - Dernière mise à jour
-      - Nombre de commentaires
-    - Moteur de recherche
-    - Commentaires
-    - Joindre des fichiers
-  - Demande d’ajout (_Pull request_)
-    - Les mêmes fonctionnalités que pour les tickets
-  - Révisions (_Commits_)
-    - Representation graphique des révisions
-    - Révisions par branches
-    - Moteur de recherche
-    - Voir les différences
-    - Voir les numéro de révision SHA
-    - Voir l'auteur
-    - Naviguer dans les fichiers d'une révision donnée
-  - Publication
-    - Pièces jointes
-    - Titre
-    - Contenu
-    - Suppression
-    - Définir comme une pré-publication
-    - Choix de la branche
-  - Wiki
-    - Import
-    - Éditeur Markdown
-  - Paramètres
-    - Options
-      - Nom
-      - Description
-      - Privé / Publique
-      - Site internet
-      - Wiki
-        - Activé / Désactivé
-        - Interne / externe
-      - Tickets
-        - Activé / Désactivé
-        - Interne / externe
-        - URL personnalisable pour une meilleur intégration avec un gestionnaire de tickets externe
-      - Activer / désactiver les demandes d'ajout (_Pull request_)
-      - Transfert du dépôt
-      - Suppression du wiki
-      - Suppression du dépôt
-    - Collaboration
-      - Lecture / Écriture / Administration
-    - Branches
-      - Branche par défaut
-      - Protection
-    - Webhooks
-    - Git hooks
-    - Clefs de déploiement
-
-## Configuration requise
-
- Un simple Raspberry Pi est assez puissant pour les fonctionnalités de base.
- Un processeur double coeurs et 1Gb de RAM est une bonne base pour une utilisation en équipe.
- Gitea est censé être exécuté avec un compte utilisateur dédié et non root, aucun autre mode de fonctionnement n'est pris en charge. (**NOTE**: Dans le cas où vous l'exécutez avec votre propre compte d'utilisateur et que le serveur SSH intégré est désactivé, Gitea modifie le fichier `~ /.ssh /authorized_keys` afin que vous ne soyez **plus capable** de vous connecter interactivement).
-
-## Navigateurs supportés
-
- Chrome, Firefox, Safari, Edge
-
-## Composants
-
- Framework web : [Chi](http://github.com/go-chi/chi)
- ORM: [XORM](https://xorm.io)
- Interface graphique :
-  - [jQuery](https://jquery.com)
-  - [Fomantic UI](https://fomantic-ui.com)
-  - [Vue3](https://vuejs.org)
-  - [CodeMirror](https://codemirror.net)
-  - [EasyMDE](https://github.com/Ionaru/easy-markdown-editor)
-  - [Monaco Editor](https://microsoft.github.io/monaco-editor)
-  - ... (package.json)
- Connecteurs de base de données :
-  - [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql)
-  - [github.com/lib/pq](https://github.com/lib/pq)
-  - [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3)
-  - [github.com/denisenkom/go-mssqldb](https://github.com/denisenkom/go-mssqldb)
-
-## Logiciels et services
-
- [Drone](https://github.com/drone/drone) (Intégration continue)
--- a/docs/content/index.zh-tw.md
+++ b/docs/content/index.zh-tw.md
@@ -1,79 +0,0 @@
---
-date: "2016-11-08T16:00:00+02:00"
-title: "文件"
-slug: /
-sidebar_position: 10
-toc: false
-draft: false
---
-
-# 關於 Gitea
-
-Gitea 是一個可自行託管的 Git 服務。你可以拿 GitHub、Bitbucket 或 Gitlab 來比較看看。
-Gitea 是從 [Gogs](http://gogs.io) Fork 出來的，請閱讀部落格文章 [Gitea 公告](https://blog.gitea.com/welcome-to-gitea/)以了解我們 Fork 的理由。
-
-## 目標
-
-本專案的首要目標是建立一個容易安裝，執行快速，安装和使用體驗良好的自建 Git 服務。我們採用 GO 為後端語言，Go 可以產生各平台使用的執行檔。它支援 Linux、macOS 和 Windows 外，處理器架構包含 amd64、i386、ARM 和 PowerPC 等。
-
-## 功能
-
- 代碼託管：Gitea 支援建立和管理存儲庫、瀏覽提交歷史和程式碼檔案、審查和合併程式碼提交、管理協作者、處理分支等。它還支援許多常見的 Git 功能，如標籤、Cherry-pick、鉤子、集成協作工具等。
-
- 輕量級和快速：Gitea 的設計目標之一就是輕量級和快速響應。與某些大型代碼託管平台不同，它保持了精簡，在速度方面表現出色，適用於資源有限的伺服器環境。由於其輕量級設計，Gitea 的資源消耗相對較低，在資源受限的環境中表現出色。
-
- 易於部署和維護：它可以輕鬆地部署在各種伺服器上，無需複雜的配置或依賴。這使得個人開發者或小團隊可以方便地設置和管理自己的 Git 服務。
-
- 安全性：Gitea 強調安全性，提供用戶權限管理、訪問控制列表等功能，確保程式碼和數據的安全性。
-
- 代碼審查：代碼審查同時支援拉取請求工作流和 AGit 工作流。審查者可以在線瀏覽程式碼並提供審查意見或反饋。提交者可以接收審查意見並在線回覆或修改程式碼。代碼審查可以幫助個人和組織提升程式碼質量。
-
- CI/CD：Gitea Actions 支援 CI/CD 功能，與 GitHub Actions 相容。用戶可以使用熟悉的 YAML 格式編寫工作流程，並重複使用各種現有的 Actions 插件。Actions 插件支援從任何 Git 網站下載。
-
- 專案管理：Gitea 通過看板和工單來追蹤一個專案的需求、功能和錯誤。工單支援分支、標籤、里程碑、指派、時間追蹤、到期日期、依賴關係等功能。
-
- 制品庫：Gitea 支援超過 20 種不同類型的公有或私有軟體包管理，包括：Cargo、Chef、Composer、Conan、Conda、Container、Helm、Maven、npm、NuGet、Pub、PyPI、RubyGems、Vagrant 等。
-
- 開源社區支援：Gitea 是一個基於 MIT 許可證的開源專案，擁有活躍的開源社區，能夠持續進行開發和改進，同時也積極接受社區貢獻，保持了平台的更新和創新。
-
- 多語言支援：Gitea 提供多種語言界面，適應全球範圍內的用戶，促進了國際化和本地化。
-
-更多功能特性：詳見：https://docs.gitea.com/installation/comparison#general-features
-
-## 系統需求
-
- Raspberry Pi 3 的效能足夠讓 Gitea 承擔小型工作負載。
- 雙核心 CPU 和 1GB 記憶體通常足以應付小型團隊/專案。
- 在類 UNIX 系統上， 應該以專用的非 root 系統帳號來執行 Gitea。
-  - 備註：Gitea 管理著 `~/.ssh/authorized_keys` 檔案。以一般身份使用者執行 Gitea 可能會破壞該使用者的登入能力。
-
- [Git](https://git-scm.com/) 的最低需求為 2.0 或更新版本。
-  - 當 git 版本 >= 2.1.2 時，可啟用 Git [large file storage](https://git-lfs.github.com/)。
-  - 當 git 版本 >= 2.18 時，將自動啟用 Git 提交線圖渲染。
-
-## 瀏覽器支援
-
- 最近 2 個版本的 Chrome, Firefox, Safari, Edge
- Firefox ESR
-
-## 元件
-
- Web 框架： [Chi](http://github.com/go-chi/chi)
- ORM： [XORM](https://xorm.io)
- UI 元件：
-  - [jQuery](https://jquery.com)
-  - [Fomantic UI](https://fomantic-ui.com)
-  - [Vue3](https://vuejs.org)
-  - [CodeMirror](https://codemirror.net)
-  - [EasyMDE](https://github.com/Ionaru/easy-markdown-editor)
-  - [Monaco Editor](https://microsoft.github.io/monaco-editor)
-  - ... (package.json)
- 資料庫驅動程式：
-  - [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql)
-  - [github.com/lib/pq](https://github.com/lib/pq)
-  - [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3)
-  - [github.com/denisenkom/go-mssqldb](https://github.com/denisenkom/go-mssqldb)
-
-## 集成支持
-
-請訪問 [Awesome Gitea](https://gitea.com/gitea/awesome-gitea/) 獲得更多的第三方集成支持
--- a/Show More
+++ b/Show More