[I18N] Move source locales to other folder

(cherry picked from commit d38ad85a05) (cherry picked from commit b94f9b8c1b) (cherry picked from commit c1e96a11e9) (cherry picked from commit 88ffa46b20)
[I18N] Makefile + gitignore
2024-01-04 · 2023-03-12 21:26:07 +01:00 · 2023-03-12 21:26:07 +01:00 · 2023-03-12 21:26:07 +01:00 · 2023-03-12 21:26:07 +01:00 · 2023-03-12 20:26:53 +01:00
357 changed files with 6467 additions and 2913 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1016,7 +1016,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: true
@ -1028,13 +1028,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
@ -1046,6 +1050,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1080,7 +1088,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      tags: ${DRONE_TAG##v}-linux-amd64
@ -1091,13 +1099,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      tags: ${DRONE_TAG##v}-linux-amd64-rootless
@ -1108,6 +1120,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1142,7 +1158,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: false
@ -1154,13 +1170,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
@ -1172,6 +1192,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1205,7 +1229,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: false
@ -1217,13 +1241,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
@ -1235,6 +1263,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1243,7 +1275,7 @@ steps:
 ---
 kind: pipeline
 type: docker
-name: docker-linux-arm64-dry-run
+name: docker-linux-amd64-dry-run

 platform:
  os: linux
@ -1261,7 +1293,7 @@ trigger:

 steps:
  - name: dryrun
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      dry_run: true
@ -1272,6 +1304,7 @@ steps:
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        - pull_request
@ -1308,7 +1341,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: true
@ -1320,13 +1353,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
@ -1338,6 +1375,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1372,7 +1413,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      tags: ${DRONE_TAG##v}-linux-arm64
@ -1383,13 +1424,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      tags: ${DRONE_TAG##v}-linux-arm64-rootless
@ -1400,6 +1445,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1434,7 +1483,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: false
@ -1446,13 +1495,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
@ -1464,6 +1517,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@ -1497,7 +1554,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    pull: always
    settings:
      auto_tag: false
@ -1509,13 +1566,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
@ -1527,6 +1588,10 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
--- a/.gitea/ISSUE_TEMPLATE/bug-report.md
+++ b/.gitea/ISSUE_TEMPLATE/bug-report.md
@ -0,0 +1,53 @@
+---
+name: "Bug Report"
+about: "Found something you weren't expecting? Report it here!"
+title: "[BUG] "
+---
+<!--
+NOTE: If your issue is a security concern, please email security@forgejo.org (GPG: A4676E79) instead of opening a public issue.
+
+1. Please speak English, as this is the language all maintainers can
+   speak and write.
+
+2. Please ask questions or troubleshoot configuration/deploy problems
+   in our Matrix space (https://matrix.to/#/#forgejo:matrix.org).
+
+3. Please make sure you are using the latest release of Forgejo and
+   take a moment to check that your issue hasn't been reported before.
+
+4. Please give all relevant information below for bug reports, because
+   incomplete details will be handled as an invalid report.
+
+5. If you are using a proxy or a CDN (e.g. CloudFlare) in front of
+   Forgejo, please disable the proxy/CDN fully and connect to Forgejo
+   directly to confirm the issue still persists without those services.
+-->
+
+- Forgejo version (or commit ref):
+- Git version:
+- Operating system:
+- Database (use `[x]`):
+  - [ ] PostgreSQL
+  - [ ] MySQL
+  - [ ] MSSQL
+  - [ ] SQLite
+- How are you running Forgejo?
+<!--
+Please include information on whether you built Forgejo yourself, used one of our downloads, or are using some other package.
+Please also tell us how you are running Forgejo, e.g. if it is being run from docker, a command-line, systemd etc.
+If you are using a package or systemd tell us what distribution you are using.
+-->
+
+## Description
+<!-- Please describe the issue you are having as clearly and succinctly as possible. -->
+
+## Logs
+<!--
+It is really important to provide pertinent logs. We need DEBUG level logs.
+Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
+In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of `app.ini`.
+Please copy and paste your logs here, with any sensitive information (e.g. API keys) removed/hidden.
+-->
+
+## Screenshots
+<!-- If this issue involves the Web Interface, please provide one or more screenshots -->
--- a/.gitea/ISSUE_TEMPLATE/feature-request.md
+++ b/.gitea/ISSUE_TEMPLATE/feature-request.md
@ -0,0 +1,24 @@
+---
+name: "Feature Request"
+about: "Got an idea for a feature that Forgejo doesn't have yet? Submit it here!"
+title: "[FEAT] "
+---
+<!--
+1. Please speak English, as this is the language all maintainers can
+   speak and write.
+
+2. Please ask questions or troubleshoot configuration/deploy problems
+   in our Matrix space (https://matrix.to/#/#forgejo:matrix.org).
+
+3. Please make sure you are using the latest release of Forgejo and
+   take a moment to check that your feature hasn't already been suggested.
+-->
+
+## Needs and benefits
+<!-- Please describe the needs this feature intends to address and the benefits it brings. -->
+
+## Feature Description
+<!-- Please describe the feature you would like to see added as clearly and succinctly as possible. -->
+
+## Screenshots
+<!-- If you can, provide screenshots of an implementation on another site, e.g. GitHub. -->
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@ -1,42 +0,0 @@
-<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
-
-<!--
-    1. Please speak English, this is the language all maintainers can speak and write.
-    2. Please ask questions or configuration/deploy problems on our Discord
-       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-    3. Please take a moment to check that your issue doesn't already exist.
-    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-    5. Please give all relevant information below for bug reports, because
-       incomplete details will be handled as an invalid report.
-->
-
- Gitea version (or commit ref):
- Git version:
- Operating system:
-  <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package -->
-  <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. --->
-  <!-- If you are using a package or systemd tell us what distribution you are using -->
- Database (use `[x]`):
-  - [ ] PostgreSQL
-  - [ ] MySQL
-  - [ ] MSSQL
-  - [ ] SQLite
- Can you reproduce the bug at https://try.gitea.io:
-  - [ ] Yes (provide example URL)
-  - [ ] No
- Log gist:
-<!-- It really is important to provide pertinent logs -->
-<!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems -->
-<!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->
-
-## Description
-<!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please
-     disable the proxy/CDN fully and connect to gitea directly to confirm
-     the issue still persists without those services. -->
-
-...
-
-
-## Screenshots
-
-<!-- **If this issue involves the Web Interface, please include a screenshot** -->
--- a/.gitea/pull_request_template.md
+++ b/.gitea/pull_request_template.md
@ -0,0 +1,4 @@
+<!--
+Before submitting a PR, please read the contributing guidelines:
+https://codeberg.org/forgejo/forgejo/src/branch/main/CONTRIBUTING.md
+-->
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,2 +0,0 @@
-open_collective: gitea
-custom: https://www.bountysource.com/teams/gitea
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@ -1,94 +0,0 @@
-name: Bug Report
-description: Found something you weren't expecting? Report it here!
-labels: kind/bug
-body:
- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Make sure you are using the latest release and
-         take a moment to check that your issue hasn't been reported before.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
-         Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-         In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) of your instance
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: markdown
-  attributes:
-    value: |
-      It's really important to provide pertinent logs
-      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: input
-  id: logs
-  attributes:
-    label: Log Gist
-    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If this issue involves the Web Interface, please provide one or more screenshots
- type: input
-  id: git-ver
-  attributes:
-    label: Git Version
-    description: The version of git running on the server
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to run Gitea
- type: textarea
-  id: run-info
-  attributes:
-    label: How are you running Gitea?
-    description: |
-      Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
-      Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
-      If you are using a package or systemd tell us what distribution you are using
-  validations:
-    required: true
- type: dropdown
-  id: database
-  attributes:
-    label: Database
-    description: What database system are you running?
-    options:
-    - PostgreSQL
-    - MySQL
-    - MSSQL
-    - SQLite
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,17 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Security Concern
-    url: https://tinyurl.com/security-gitea
-    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
-  - name: Discord Server
-    url: https://discord.gg/Gitea
-    about: Please ask questions and discuss configuration or deployment problems here.
-  - name: Discourse Forum
-    url: https://discourse.gitea.io
-    about: Questions and configuration or deployment problems can also be discussed on our forum.    
-  - name: Frequently Asked Questions
-    url: https://docs.gitea.io/en-us/faq
-    about: Please check if your question isn't mentioned here.
-  - name: Crowdin Translations
-    url: https://crowdin.com/project/gitea
-    about: Translations are managed here.
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@ -1,24 +0,0 @@
-name: Feature Request
-description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-labels: ["kind/feature", "kind/proposal"]
-body:
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your feature hasn't already been suggested.
- type: textarea
-  id: description
-  attributes:
-    label: Feature Description
-    placeholder: |
-      I think it would be great if Gitea had...
-  validations:
-    required: true
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If you can, provide screenshots of an implementation on another site e.g. GitHub
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@ -1,66 +0,0 @@
-name: Web Interface Bug Report
-description: Something doesn't look quite as it should?  Report it here!
-labels: ["kind/bug", "kind/ui"]
-body:
- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your issue doesn't already exist.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
-         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-         DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: Please provide at least 1 screenshot showing the issue.
-  validations:
-    required: true
- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) your instance is running
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to access Gitea
- type: input
-  id: browser-ver
-  attributes:
-    label: Browser Version
-    description: The browser and version that you are using to access Gitea
-  validations:
-    required: true
--- a/.github/lock.yml
+++ b/.github/lock.yml
@ -1,23 +0,0 @@
-# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
-
-# Number of days of inactivity before a closed issue or pull request is locked
-daysUntilLock: 60
-
-# Skip issues and pull requests created before a given timestamp. Timestamp must
-# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
-skipCreatedBefore: false
-
-# Issues and pull requests with these labels will be ignored.
-exemptLabels: []
-
-# Label to add before locking, such as `outdated`. `false` is disabled
-lockLabel: false
-
-# Comment to post before locking.
-lockComment: >
-  This thread has been automatically locked since there has not been
-  any recent activity after it was closed. Please open a new issue for
-  related bugs and link to relevant comments in this thread.
-
-# Assign `resolved` as the reason for locking. Set to `false` to disable
-setLockReason: true
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -1,9 +0,0 @@
-<!-- start tips --> 
-Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for backports.
-2. Make sure you have read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md .
-3. Describe what your pull request does and which issue you're targeting (if any).
-4. It is recommended to enable "Allow edits by maintainers", so maintainers can help more easily.
-5. Your input here will be included in the commit message when this PR has been merged. If you don't want some content to be included, please separate them with a line like `---`.
-6. Delete all these tips before posting.
-<!-- end tips -->
--- a/.github/stale.yml
+++ b/.github/stale.yml
@ -1,54 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 60
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 14
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - status/blocked 
-  - kind/security 
-  - lgtm/done
-  - reviewed/confirmed
-  - priority/critical
-  - kind/proposal
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Comment to post when marking as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had recent activity. 
-  I am here to help clear issues left open even if solved or waiting for more insight.
-  This issue will be closed if no further activity occurs during the next 2 weeks.
-  If the issue is still valid just add a comment to keep it alive.
-  Thank you for your contributions.
-
-# Comment to post when closing a stale Issue or Pull Request.
-closeComment: >
-  This issue has been automatically closed because of inactivity.
-  You can re-open it if needed.
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 1
-
-# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
-pulls:
-  daysUntilStale: 60
-  daysUntilClose: 60
-  markComment: >
-    This pull request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you
-    for your contributions.
-  closeComment: >
-    This pull request has been automatically closed because of inactivity.
-    You can re-open it if needed.
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,6 @@
+# Emacs
+*~
+
 # Compiled Object files, Static and Dynamic libs (Shared Objects)
 *.o
 *.a
@ -112,3 +115,6 @@ prime/

 # Manpage
 /man
+
+# Generated merged Forgejo+Gitea language files
+/options/locale/locale_*
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@ -1,12 +1,18 @@
 plugins:
  - stylelint-declaration-strict-value

+ignoreFiles:
+  - "**/*.go"
+
 overrides:
  - files: ["**/*.less"]
    customSyntax: postcss-less
  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console/*"]
    rules:
      scale-unlimited/declaration-strict-value: null
+  - files: ["**/chroma/*", "**/codemirror/*"]
+    rules:
+      block-no-empty: null

 rules:
  alpha-value-notation: null
--- a/.woodpecker/compliance.yml
+++ b/.woodpecker/compliance.yml
@ -0,0 +1,75 @@
+platform: linux/amd64
+
+when:
+  event: [ push, pull_request, manual ]
+  branch:
+    exclude: [ soft-fork/*/*, soft-fork/*/*/* ]
+
+variables:
+ - &golang_image 'golang:1.20'
+ - &test_image 'codeberg.org/forgejo/test_env:main'
+ - &goproxy_override ''
+ - &goproxy_setup |-
+      if [ -n "$${GOPROXY_OVERRIDE:-}" ]; then
+        export GOPROXY="$${GOPROXY_OVERRIDE}";
+        echo "Using goproxy from goproxy_override \"$${GOPROXY}\"";
+      elif [ -n "$${GOPROXY_DEFAULT:-}" ]; then
+        export GOPROXY="$${GOPROXY_DEFAULT}";
+        echo "Using goproxy from goproxy_default (secret) not displaying";
+      else
+        export GOPROXY="https://proxy.golang.org,direct";
+        echo "No goproxy overrides or defaults given, using \"$${GOPROXY}\"";
+      fi
+
+workspace:
+  base: /go
+  path: src/codeberg/gitea
+
+pipeline:
+  deps-backend:
+    image: *golang_image
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make deps-backend
+
+  security-check:
+    image: *golang_image
+    group: checks
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make security-check
+
+  lint-backend:
+    image: *test_image
+    pull: true
+    group: checks
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+      TAGS: 'bindata sqlite sqlite_unlock_notify'
+      GOSUMDB: 'sum.golang.org'
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make lint-backend
+
+  checks-backend:
+    image: *test_image
+    group: checks
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make --always-make checks-backend
--- a/.woodpecker/testing-amd64.yml
+++ b/.woodpecker/testing-amd64.yml
@ -0,0 +1,141 @@
+platform: linux/amd64
+
+when:
+  event: [ push, pull_request, manual ]
+  branch:
+    exclude: [ soft-fork/*/*, soft-fork/*/*/* ]
+
+depends_on:
+- compliance
+
+variables:
+ - &golang_image 'golang:1.20'
+ - &test_image 'codeberg.org/forgejo/test_env:main'
+ - &mysql_image 'mysql:8'
+ - &pgsql_image 'postgres:10'
+ - &goproxy_override ''
+ - &goproxy_setup |-
+      if [ -n "$${GOPROXY_OVERRIDE:-}" ]; then
+        export GOPROXY="$${GOPROXY_OVERRIDE}";
+        echo "Using goproxy from goproxy_override \"$${GOPROXY}\"";
+      elif [ -n "$${GOPROXY_DEFAULT:-}" ]; then
+        export GOPROXY="$${GOPROXY_DEFAULT}";
+        echo "Using goproxy from goproxy_default (secret) not displaying";
+      else
+        export GOPROXY="https://proxy.golang.org,direct";
+        echo "No goproxy overrides or defaults given, using \"$${GOPROXY}\"";
+      fi
+
+services:
+  mysql8:
+    image: *mysql_image
+    pull: true
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: yes
+      MYSQL_DATABASE: testgitea
+
+  pgsql:
+    image: *pgsql_image
+    pull: true
+    environment:
+      POSTGRES_DB: test
+      POSTGRES_PASSWORD: postgres
+
+workspace:
+  base: /go
+  path: src/codeberg/gitea
+
+pipeline:
+  git-safe:
+    image: *golang_image
+    pull: true
+    commands:
+    - git config --add safe.directory '*'
+
+  deps-backend:
+    image: *golang_image
+    pull: true
+    environment:
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - make deps-backend
+
+  tag-pre-condition:
+    image: *golang_image
+    pull: true
+    commands:
+    - git update-ref refs/heads/tag_test ${CI_COMMIT_SHA}
+
+  prepare-test-env:
+    image: *test_image
+    pull: true
+    commands:
+    - ./build/test-env-prepare.sh
+
+  build:
+    image: *test_image
+    environment:
+      GOSUMDB: sum.golang.org
+      TAGS: bindata sqlite sqlite_unlock_notify
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+    commands:
+    - *goproxy_setup
+    - su gitea -c './build/test-env-check.sh'
+    - su gitea -c 'make backend'
+
+  unit-test:
+    image: *test_image
+    environment:
+      TAGS: 'bindata sqlite sqlite_unlock_notify'
+      RACE_ENABLED: 'true'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+    - github_read_token
+    - goproxy_default
+    commands:
+    - *goproxy_setup
+    - su gitea -c 'make unit-test-coverage test-check'
+
+  test-mysql8:
+    group: integration
+    image: *test_image
+    commands:
+      - *goproxy_setup
+      - su gitea -c 'timeout -s ABRT 50m make test-mysql8-migration test-mysql8'
+    environment:
+      TAGS: 'bindata'
+      RACE_ENABLED: 'true'
+      USE_REPO_TEST_DIR: '1'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+
+  test-pgsql:
+    group: integration
+    image: *test_image
+    commands:
+      - *goproxy_setup
+      - su gitea -c 'timeout -s ABRT 50m make test-pgsql-migration test-pgsql'
+    environment:
+      TAGS: 'bindata'
+      RACE_ENABLED: 'true'
+      USE_REPO_TEST_DIR: '1'
+      GOPROXY_OVERRIDE: *goproxy_override
+    secrets:
+      - goproxy_default
+
+  test-sqlite:
+    group: integration
+    image: *test_image
+    environment:
+    - USE_REPO_TEST_DIR=1
+    - GOPROXY=off
+    - TAGS=bindata gogit sqlite sqlite_unlock_notify
+    - TEST_TAGS=bindata gogit sqlite sqlite_unlock_notify
+    commands:
+    - su gitea -c 'timeout -s ABRT 120m make test-sqlite-migration test-sqlite'
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,443 +1,23 @@
-# Contribution Guidelines
+# Forgejo Contributor Guide

-## Table of Contents
+The Forgejo project is run by a community of people who are expected to follow this guide when cooperating on a simple bug fix as well as when changing the governance. For more information about the project, take a look at [the documentation explaining what Forgejo provides](README.md).

- [Contribution Guidelines](#contribution-guidelines)
-  - [Table of Contents](#table-of-contents)
-  - [Introduction](#introduction)
-  - [Bug reports](#bug-reports)
-  - [Discuss your design](#discuss-your-design)
-  - [Testing redux](#testing-redux)
-  - [Vendoring](#vendoring)
-  - [Translation](#translation)
-  - [Building Gitea](#building-gitea)
-  - [Code review](#code-review)
-  - [Styleguide](#styleguide)
-  - [Design guideline](#design-guideline)
-  - [API v1](#api-v1)
-  - [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco)
-  - [Release Cycle](#release-cycle)
-  - [Maintainers](#maintainers)
-  - [Owners](#owners)
-  - [Versions](#versions)
-  - [Releasing Gitea](#releasing-gitea)
-  - [Copyright](#copyright)
+Sensitive security-related issues should be reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).

-## Introduction
+## For everyone involved

-This document explains how to contribute changes to the Gitea project.
-It assumes you have followed the
-[installation instructions](https://docs.gitea.io/en-us/).
-Sensitive security-related issues should be reported to
-[security@gitea.io](mailto:security@gitea.io).
+- [Code of Conduct](CONTRIBUTING/COC.md)
+- [Bugs, features, security and others discussions](CONTRIBUTING/DISCUSSIONS.md)
+- [Governance](CONTRIBUTING/GOVERNANCE.md)
+- [Sustainability and funding](https://codeberg.org/forgejo/sustainability/src/branch/master/README.md)

-For configuring IDE or code editor to develop Gitea see [IDE and code editor configuration](contrib/ide/)
+## For contributors

-## Bug reports
+- [Developer Certificate of Origin (DCO)](CONTRIBUTING/DCO.md)
+- [Development workflow](CONTRIBUTING/WORKFLOW.md)

-Please search the issues on the issue tracker with a variety of keywords
-to ensure your bug is not already reported.
+## For maintainers

-If unique, [open an issue](https://github.com/go-gitea/gitea/issues/new)
-and answer the questions so we can understand and reproduce the
-problematic behavior.
+- [Release management](CONTRIBUTING/RELEASE.md)
+- [Secrets](CONTRIBUTING/SECRETS.md)

-To show us that the issue you are having is in Gitea itself, please
-write clear, concise instructions so we can reproduce the behavior—
-even if it seems obvious. The more detailed and specific you are,
-the faster we can fix the issue. Check out [How to Report Bugs
-Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).
-
-Please be kind, remember that Gitea comes at no cost to you, and you're
-getting free help.
-
-## Discuss your design
-
-The project welcomes submissions. If you want to change or add something,
-please let everyone know what you're working on—[file an issue](https://github.com/go-gitea/gitea/issues/new)!
-Significant changes must go through the change proposal process
-before they can be accepted. To create a proposal, file an issue with
-your proposed changes documented, and make sure to note in the title
-of the issue that it is a proposal.
-
-This process gives everyone a chance to validate the design, helps
-prevent duplication of effort, and ensures that the idea fits inside
-the goals for the project and tools. It also checks that the design is
-sound before code is written; the code review tool is not the place for
-high-level discussions.
-
-## Testing redux
-
-Before submitting a pull request, run all the tests for the whole tree
-to make sure your changes don't cause regression elsewhere.
-
-Here's how to run the test suite:
-
- code lint
-
-|                       |                                                                   |
-| :-------------------- | :---------------------------------------------------------------- |
-|``make lint``          | lint everything (not suggest if you only change one type code)    |
-|``make lint-frontend`` | lint frontend files  |
-|``make lint-backend``  | lint backend files   |
-
- run test code (Suggest run in Linux)
-
-|                                        |                                                  |
-| :------------------------------------- | :----------------------------------------------- |
-|``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](tests/integration) test for SQLite |
-|[More details about integration tests](tests/integration/README.md)  |
-|``make test-e2e-sqlite[\#TestSpecificFileName]``|  run [end-to-end](tests/e2e) test for SQLite |
-|[More details about e2e tests](tests/e2e/README.md)  |
-
-## Vendoring
-
-We manage dependencies via [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance), more details: [go mod](https://go.dev/ref/mod).
-
-Pull requests should only include `go.mod`, `go.sum` updates if they are part of
-the same change, be it a bugfix or a feature addition.
-
-The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
-and must be verified by the reviewers and/or merger to always reference
-an existing upstream commit.
-
-You can find more information on how to get started with it on the [Modules Wiki](https://github.com/golang/go/wiki/Modules).
-
-## Translation
-
-We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
-The only translation that is maintained in this Git repository is
-[`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
-and is synced regularly to Crowdin. Once a translation has reached
-A SATISFACTORY PERCENTAGE it will be synced back into this repo and
-included in the next released version.
-
-## Building Gitea
-
-See the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/).
-
-## Code review
-
-Changes to Gitea must be reviewed before they are accepted—no matter who
-makes the change, even if they are an owner or a maintainer. We use GitHub's
-pull request workflow to do that. And, we also use [LGTM](http://lgtm.co)
-to ensure every PR is reviewed by at least 2 maintainers.
-
-Please try to make your pull request easy to review for us. And, please read
-the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob/261cb0fd089b64002c91e8eddceebf032462ccd6/contributors/guide/pull-requests.md#best-practices-for-faster-reviews)* guide;
-it has lots of useful tips for any project you may want to contribute.
-Some of the key points:
-
- Make small pull requests. The smaller, the faster to review and the
-  more likely it will be merged soon.
- Don't make changes unrelated to your PR. Maybe there are typos on
-  some comments, maybe refactoring would be welcome on a function... but
-  if that is not related to your PR, please make *another* PR for that.
- Split big pull requests into multiple small ones. An incremental change
-  will be faster to review than a huge PR.
- Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
-
-If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
-
-```
-## :warning: BREAKING :warning:
-```
-
-To explain how this could affect users and how to mitigate these changes.
-
-Once code review starts on your PR, do not rebase nor squash your branch as it makes it
-difficult to review the new changes. Only if there is a need, sync your branch by merging
-the base branch into yours. Don't worry about merge commits messing up your tree as
-the final merge process squashes all commits into one, with the visible commit message (first
-line) being the PR title + PR index and description being the PR's first comment.
-
-Once your PR gets the `lgtm/done` label, don't worry about keeping it up-to-date or breaking
-builds (unless there's a merge conflict or a request is made by a maintainer to make
-modifications). It is the maintainer team's responsibility from this point to get it merged.
-
-## Styleguide
-
-For imports you should use the following format (*without* the comments)
-
-```go
-import (
-  // stdlib
-  "fmt"
-  "math"
-
-  // local packages
-  "code.gitea.io/gitea/models"
-  "code.gitea.io/sdk/gitea"
-
-  // external packages
-  "github.com/foo/bar"
-  "gopkg.io/baz.v1"
-)
-```
-
-## Design guideline
-
-To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
-
- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
- **models/fixtures:** Sample model data used in integration tests.
- **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
- **modules:** Different modules to handle specific functionality in Gitea. Shall only depend on other modules but not other packages (models, services).
- **public:** Frontend files (javascript, images, css, etc.)
- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers.
- **services:** Support functions for common routing operations. Uses models and modules to handle the request.
- **templates:** Golang templates for generating the html output.
- **tests/e2e:** End to end tests
- **tests/integration:** Integration tests
- **tests/gitea-repositories-meta:** Sample repos used in integration tests. Adding a new repo requires editing `models/fixtures/repositories.yml` and `models/fixtures/repo_unit.yml` to match.
- **tests/gitea-lfs-meta:** Sample LFS objects used in integration tests. Adding a new object requires editing `models/fixtures/lfs_meta_object.yml` to match.
- **vendor:** External code that Gitea depends on.
-
-## Documentation
-
-If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated.
-
-## API v1
-
-The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
-
-Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.
-
-If Gitea provides functionality that GitHub does not, a new endpoint can be created.
-
-If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.
-
-Updating an existing API should not remove existing fields unless there is a really good reason to do so.
-
-The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
-
-All expected results (errors, success, fail messages) should be documented
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)).
-
-All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
-and referenced in
-[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).
-
-They can then be used like the following:
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
-
-All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
-and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))
-
-They can be used like the following:
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
-
-In general, HTTP methods are chosen as follows:
-
- **GET** endpoints return requested object and status **OK (200)**
- **DELETE** endpoints return status **No Content (204)**
- **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
- **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
- **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
-
-An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
-
-### Endpoints returning lists should
-
- support pagination (`page` & `limit` options in query)
- set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
-
-## Backports and Frontports
-
-Occasionally backports of PRs are required.
-
-The backported PR title should be:
-
-```
-Title of backported PR (#ORIGINAL_PR_NUMBER)
-```
-
-The first two lines of the summary of the backporting PR should be:
-
-```
-Backport #ORIGINAL_PR_NUMBER
-
-```
-
-with the rest of the summary matching the original PR. Similarly for frontports
-
---
-
-A command to help create backports can be found in `contrib/backport` and can be installed (from inside the gitea repo root directory) using:
-
-```bash
-go install contrib/backport/backport.go
-```
-
-## Developer Certificate of Origin (DCO)
-
-We consider the act of contributing to the code by submitting a Pull
-Request as the "Sign off" or agreement to the certifications and terms
-of the [DCO](DCO) and [MIT license](LICENSE). No further action is required.
-Additionally you could add a line at the end of your commit message.
-
-```
-Signed-off-by: Joe Smith <joe.smith@email.com>
-```
-
-If you set your `user.name` and `user.email` Git configs, you can add the
-line to the end of your commit automatically with `git commit -s`.
-
-We assume in good faith that the information you provide is legally binding.
-
-## Release Cycle
-
-We adopted a release schedule to streamline the process of working
-on, finishing, and issuing releases. The overall goal is to make a
-minor release every three or four months, which breaks down into two or three months of
-general development followed by one month of testing and polishing
-known as the release freeze. All the feature pull requests should be
-merged before feature freeze. And, during the frozen period, a corresponding
-release branch is open for fixes backported from main branch. Release candidates
-are made during this period for user testing to
-obtain a final version that is maintained in this branch.
-
-Major release cycles are seasonal. They always begin on the 25th and end on
-the 24th (i.e., the 25th of December to March 24th).
-
-During a development cycle, we may also publish any necessary minor releases
-for the previous version. For example, if the latest, published release is
-v1.2, then minor changes for the previous release—e.g., v1.1.0 -> v1.1.1—are
-still possible.
-
-The previous release gets fixes for:
-
- Security issues
- Critical bugs
- Regressions
- Build issues
- Necessary enhancements (including necessary UI/UX fixes)
-
-The backported fixes should avoid breaking downgrade between minor releases as much as possible.
-
-## Maintainers
-
-To make sure every PR is checked, we have [team
-maintainers](MAINTAINERS). Every PR **MUST** be reviewed by at least
-two maintainers (or owners) before it can get merged. A maintainer
-should be a contributor of Gitea (or Gogs) and contributed at least
-4 accepted PRs. A contributor should apply as a maintainer in the
-[Discord](https://discord.gg/NsatcWJ) #develop channel. The owners
-or the team maintainers may invite the contributor. A maintainer
-should spend some time on code reviews. If a maintainer has no
-time to do that, they should apply to leave the maintainers team
-and we will give them the honor of being a member of the [advisors
-team](https://github.com/orgs/go-gitea/teams/advisors). Of course, if
-an advisor has time to code review, we will gladly welcome them back
-to the maintainers team. If a maintainer is inactive for more than 3
-months and forgets to leave the maintainers team, the owners may move
-him or her from the maintainers team to the advisors team.
-For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide GPG signed commits.
-https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
-https://help.github.com/articles/signing-commits-with-gpg/
-
-## Owners
-
-Since Gitea is a pure community organization without any company support,
-to keep the development healthy we will elect three owners every year. All
-contributors may vote to elect up to three candidates, one of which will
-be the main owner, and the other two the assistant owners. When the new
-owners have been elected, the old owners will give up ownership to the
-newly elected owners. If an owner is unable to do so, the other owners
-will assist in ceding ownership to the newly elected owners.
-For security reasons, Owners or any account with write access (like a bot)
-must use 2FA.
-https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
-
-After the election, the new owners should proactively agree
-with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the
-[Discord](https://discord.gg/NsatcWJ) #general channel. Below are the
-words to speak:
-
-```
-I'm honored to having been elected an owner of Gitea, I agree with
-[CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea
-and lead the development of Gitea.
-```
-
-To honor the past owners, here's the history of the owners and the time
-they served:
-
- 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
-
- 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-
- 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-
- 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
-
- 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
-
- 2016-11-04 ~ 2017-12-31
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
-
-## Versions
-
-Gitea has the `main` branch as a tip branch and has version branches
-such as `release/v0.9`. `release/v0.9` is a release branch and we will
-tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
-pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
-after bringing the bug fix also to the main branch.
-
-Since the `main` branch is a tip version, if you wish to use Gitea
-in production, please download the latest release tag version. All the
-branches will be protected via GitHub, all the PRs to every branch must
-be reviewed by two maintainers and must pass the automatic tests.
-
-## Releasing Gitea
-
- Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
- If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
-  - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
-  - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
- If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
- Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
- And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
- If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
- Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
- Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
-  - bump the version of https://dl.gitea.io/gitea/version.json
-  - merge the blog post PR
-  - announce the release in discord `#announcements`
-
-## Copyright
-
-Code that you contribute should use the standard copyright header:
-
-```
-// Copyright <year> The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-```
-
-Files in the repository contain copyright from the year they are added
-to the year they are last changed. If the copyright author is changed,
-just paste the header below the old one.
--- a/CONTRIBUTING/COC.md
+++ b/CONTRIBUTING/COC.md
@ -0,0 +1,30 @@
+# Code of Conduct, Well Being and Moderation teams
+
+Forgejo strives to be an inclusive project where everyone can participate in a safe environment. The **Well Being** team is doing its best to defuse tensions before they escalate and is available to answer all requests sent its way. When diplomacy fails, the **Moderation** team will be forced to act to put a stop to actions that are contrary to the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
+
+## Well Being and Moderation teams
+
+Temporary Well Being and Moderation teams [were appointed 10 November 2022](https://codeberg.org/forgejo/meta/issues/13).
+
+The moderation team will rely on this [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
+
+### Well Being
+
+Their goal is to defuse tensions.
+
+It has no power whatsover. The members are approved by the organization and trusted to:
+
+- Read all communications to detect tensions between people before they escalate.
+- Do their best to defuse tensions.
+
+* https://codeberg.org/Gusted
+
+### Moderation
+
+Their goal is to enforce the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct) when diplomacy fails.
+
+It has the power to exclude people from a space.
+
+Their decisions must be logical, fact based and transparent to the Forgejo community who trust them with this responsibility.
+
+* https://codeberg.org/circlebuilder
--- a/CONTRIBUTING/DCO.md
+++ b/CONTRIBUTING/DCO.md
@ -0,0 +1,29 @@
+# Developer Certificate of Origin (DCO)
+
+Contributions to Forgejo, in all the repositories in the [Forgejo organization](https://codeberg.org/forgejo) are accepted provided the author agrees to the following Developer Certificate of Origin (DCO).
+
+```
+By making a contribution to Forgejo, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the Free Software license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate Free Software
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same Free Software license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the Free Software license(s) involved.
+```
--- a/CONTRIBUTING/DISCUSSIONS.md
+++ b/CONTRIBUTING/DISCUSSIONS.md
@ -0,0 +1,18 @@
+# Bugs, features and discussions
+
+The [Forgejo issue tracker](https://codeberg.org/forgejo/forgejo/issues) is where **bugs** should be reported and **features** requested.
+
+Dedicated repositories in the [Forgejo organization](https://codeberg.org/forgejo) cover areas such as:
+- the [website](https://codeberg.org/forgejo/website)
+- the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct)
+- the [sustainability and funding](https://codeberg.org/forgejo/sustainability).
+
+Other discussions regarding all **non technical aspects** of Forgejo, such as the governance, happen in the [meta issue tracker](https://codeberg.org/forgejo/meta/issues) and in the [matrix chatroom](https://matrix.to/#/#forgejo-chat:matrix.org).
+
+# Security
+
+The [security team](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md#security) takes care of security vulnerabilities. It handles sensitive security-related issues reported to [security@forgejo.org](mailto:security@forgejo.org) using [encryption](https://keyoxide.org/security@forgejo.org).
+
+The security team also keeps the content of the [security.txt](https://codeberg.org/forgejo/website/src/branch/main/public/.well-known/security.txt) file up to date.
+
+The private GPG key for `security@forgejo.org` is shared among all members of the security team and not stored online.
--- a/CONTRIBUTING/GOVERNANCE.md
+++ b/CONTRIBUTING/GOVERNANCE.md
@ -0,0 +1,19 @@
+# Governance
+
+## Codeberg e.V. custodian of the domains
+
+The Forgejo [domains](https://codeberg.org/forgejo/meta/issues/41) are owned by the democratic non-profit dedicated to Free Software [Codeberg e.V.](https://codeberg.org/Codeberg/org/src/branch/main/en/bylaws.md). Forgejo is therefore ultimately under the control of Codeberg e.V. and its governance. However, although Codeberg e.V. is committed to use and host Forgejo, it is expected that Forgejo defines its own governance, in a way that is compatible with the Codeberg e.V. governance.
+
+## Forgejo Governance
+
+See our [decision-making system](https://codeberg.org/forgejo/meta/src/branch/readme/DECISION-MAKING.md) (contains team agreements and guidelines).
+
+Forgejo was bootstraped in November 2022 and is in the process of [defining its governance](https://codeberg.org/forgejo/meta/issues/19). The [first meeting happened November 24th](https://codeberg.org/forgejo/meta/issues/19#issuecomment-694460) and everyone is welcome to participate.
+
+## Interim Forgejo Governance
+
+While the governance is being defined, there was a need to establish an interim Forgejo governance for safeguarding credentials, enforcing the Code of Conduct and ensuring security vulnerabilities are handled responsibly for the Forgejo releases.
+
+All people with a role in the interim Forgejo governance pledge to resign as soon as the Forgejo governance is in place.
+
+The people and teams that are part of the interim governance are [listed publicly](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md).
--- a/CONTRIBUTING/RELEASE.md
+++ b/CONTRIBUTING/RELEASE.md
@ -0,0 +1,154 @@
+# Release management
+
+## Release numbering
+
+The Forgejo release numbers are composed of the Gitea release number followed by a dash and a serial number. For instance:
+
+* Gitea **v1.18.0** will be Forgejo **v1.18.0-0**, **v1.18.0-1**, etc
+
+The Gitea release candidates are suffixed with **-rcN** which is handled as a special case for packaging: although **X.Y.Z** is lexicographically lower than **X.Y.Z-rc1** is is considered greater. The Forgejo serial number must therefore be inserted before the **-rcN** suffix to preserve the expected version ordering.
+
+* Gitea **v1.18.0-rc0** will be Forgejo **v1.18.0-0-rc0**, **v1.18.0-1-rc0**
+* Gitea **v1.18.0-rc1** will be Forgejo **v1.18.0-2-rc1**, **v1.18.0-3-rc1**, **v1.18.0-4-rc1**
+* Gitea **v1.18.0** will be Forgejo **v1.18.0-5**, **v1.18.0-6**, **v1.18.0-7**
+* etc.
+
+Because Forgejo is a soft fork of Gitea, it must retain the same release numbering scheme to be compatible with libraries and tools that depend on it. For instance, the tea CLI or the Gitea SDK will behave differently depending on the server version they connect to. If Forgejo had a different numbering scheme, it would no longer be compatible with the Gitea ecosystem.
+
+From a [Semantic Versioning](https://semver.org/) standpoint, all Forgejo releases are [pre-releases](https://semver.org/#spec-item-9) because they are suffixed with a dash. They are syntactically correct but do not comply with the Semantic Versioning recommendations. Gitea is not compliant either and as long as Forgejo is a soft fork, it inherits this problem.
+
+## Release process
+
+When publishing the vX.Y.Z-N release, the following steps must be followed:
+
+### Create a milestone and a check list
+
+* Create a `Forgejo vX.X.Z-N` milestone set to the date of the release
+* Create an issue named `[RELEASE] Forgejo vX.Y.Z-N` with a description that includes a list of what needs to be done for the release with links to follow the progress
+* Set the milestone of this issue to `Forgejo vX.X.Z-N`
+* Close the milestone when the release is complete
+
+### Cherry pick the latest commits from Gitea
+
+The vX.Y/forgejo branch is populated as part of the [rebase on top of Gitea](WORKFLOW.md). The release happens in between rebase and it is worth checking if the matching Gitea branch, release/vX.Y contains commits that should be included in the release.
+
+* `cherry-pick -x` the commits
+* push the vX.Y/forgejo branch including the commits
+* verify that the tests pass
+
+### Release Notes
+
+* Add an entry in RELEASE-NOTES.md
+* Copy/paste the matching entry from CHANGELOG.md
+* Update the PR references prefixing them with https://github.com/go-gitea/gitea/pull/
+
+### Testing
+
+When Forgejo is released, artefacts (packages, binaries, etc.) are first published by the CI/CD pipelines in the https://codeberg.org/forgejo-experimental organization, to be downloaded and verified to work.
+
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo-integration/forgejo
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo-integration (if it fails for whatever reason, the tag and the release can be removed manually)
+  * Binaries are built and uploaded to https://codeberg.org/forgejo/forgejo-integration/releases
+  * Container images are built and uploaded to https://codeberg.org/forgejo-integration/-/packages/container/forgejo/versions
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo-experimental/forgejo
+* Push the vX.Y/forgejo branch to https://codeberg.org/forgejo/experimental
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo/experimental
+  * Binaries are downloaded from https://codeberg.org/forgejo-integration, signed and copied to https://codeberg.org/forgejo-experimental
+  * Container images are copied from https://codeberg.org/forgejo-integration to https://codeberg.org/forgejo-experimental
+* Fetch the Forgejo release as part of the [forgejo-ci](https://codeberg.org/Codeberg-Infrastructure/scripted-configuration/src/branch/main/hosts/forgejo-ci) test suite. Push the change to a branch of a repository enabled in https://ci.dachary.org/ ([read more...](https://codeberg.org/forgejo/forgejo/issues/208)). It will deploy the release and run high level integration tests.
+* Reach out to packagers and users to manually verify the release works as expected
+
+### Publication
+
+* Push the vX.Y.Z-N tag to https://codeberg.org/forgejo/release
+  * Binaries are downloaded from https://codeberg.org/forgejo-integration, signed and copied to https://codeberg.org/forgejo
+  * Container images are copied from https://codeberg.org/forgejo-integration to https://codeberg.org/forgejo
+
+### Website update
+
+* Restart the last CI build at https://codeberg.org/forgejo/website/src/branch/main/
+* Verify https://forgejo.org/download/ points to the expected release
+* Update the [documentation link to the latest version](https://codeberg.org/forgejo/website/src/commit/e63c6f8ab64876b10b86de1d18162b6ccb87bd99/.woodpecker.yml#L35)
+* Manually try the instructions to work
+
+### DNS update
+
+* Update the `release.forgejo.org` TXT record that starts with `forgejo_versions=` to be `forgejo_versions=vX.Y.Z-N`
+
+### Standard toot
+
+The following toot can be re-used to announce a minor release at `https://floss.social/@forgejo`. For more significant releases it is best to consider a dedicated and non-standard toot.
+
+```
+#Forgejo vX.Y.Z-N was just released! This is a minor patch. Check out the release notes and download it at https://forgejo.org/releases/. If you experience any issues with this release, please report to https://codeberg.org/forgejo/forgejo/issues.
+```
+
+## Release signing keys management
+
+A GPG master key with no expiration date is created and shared with members of the Owners team via encrypted email. A subkey with a one year expiration date is created and stored in the secrets repository, to be used by the CI pipeline. The public master key is stored in the secrets repository and published where relevant.
+
+### Master key creation
+
+* gpg --expert --full-generate-key
+* key type: ECC and ECC option with Curve 25519 as curve
+* no expiration
+* id: Forgejo Releases <contact@forgejo.org>
+* gpg --export-secret-keys --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 and send via encrypted email to Owners
+* gpg --export --armor EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 > release-team-gpg.pub
+* commit to the secret repository
+
+### Subkey creation and renewal
+
+* gpg --expert --edit-key EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
+* addkey
+* key type: ECC (signature only)
+* key validity: one year
+* create [an issue](https://codeberg.org/forgejo/forgejo/issues) to schedule the renewal
+
+#### 2023
+
+* gpg --export --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg.pub
+* gpg --export-secret-keys --armor F7CBF02094E7665E17ED6C44E381BF3E50D53707 > 2023-release-team-gpg
+* commit to the secrets repository
+* renewal issue https://codeberg.org/forgejo/forgejo/issues/58
+
+### CI configuration
+
+In the Woodpecker CI configuration the following secrets must be set:
+
+* `releaseteamgpg` is the secret GPG key used to sign the releases
+* `releaseteamuser` is the user name to authenticate with the Forgejo API and publish the releases
+* `releaseteamtoken` is the token to authenticate `releaseteamuser` with the Forgejo API and publish the releases
+* `domain` is `codeberg.org`
+
+## Users, organizations and repositories
+
+### Shared user: release-team
+
+The [release-team](https://codeberg.org/release-team) user publishes and signs all releases. The associated email is mailto:release@forgejo.org.
+
+The public GPG key used to sign the releases is [EB114F5E6C0DC2BCDD183550A4B61A2DC5923710](https://codeberg.org/release-team.gpg) `Forgejo Releases <release@forgejo.org>`
+
+### Shared user: forgejo-ci
+
+The [forgejo-ci](https://codeberg.org/forgejo-ci) user is dedicated to https://forgejo-ci.codeberg.org/ and provides it with OAuth2 credentials it uses to run.
+
+### Shared user: forgejo-experimental-ci
+
+The [forgejo-experimental-ci](https://codeberg.org/forgejo-experimental-ci) user is dedicated to provide the application tokens used by Woodpecker CI repositories to build releases and publish them to https://codeberg.org/forgejo-experimental. It does not (and must not) have permission to publish releases at https://codeberg.org/forgejo.
+
+### Integration and experimental organization
+
+The https://codeberg.org/forgejo-integration organization is dedicated to integration testing. Its purpose is to ensure all artefacts can effectively be published and retrieved by the CI/CD pipelines. 
+
+The https://codeberg.org/forgejo-experimental organization is dedicated to publishing experimental Forgejo releases. They are copied from the https://codeberg.org/forgejo-integration organization.
+
+The `forgejo-experimental-ci` user as well as all Forgejo contributors working on the CI/CD pipeline should be owners of both organizations.
+
+The https://codeberg.org/forgejo-integration/forgejo repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/forgejo-experimental-ci user. It runs the pipelines found in `releases/woodpecker-build/*.yml` which builds and publishes an unsigned release in https://codeberg.org/forgejo-integration.
+
+### Experimental and release repositories
+
+The https://codeberg.org/forgejo/experimental private repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/forgejo-experimental-ci user. It runs the pipelines found in `releases/woodpecker-publish/*.yml` which signs and copies a release from https://codeberg.org/forgejo-integration into https://codeberg.org/forgejo-experimental.
+
+The https://codeberg.org/forgejo/release private repository is coupled with a Woodpecker CI repository configured with the credentials provided by the https://codeberg.org/release-team user. It runs the pipelines found in `releases/woodpecker-publish/*.yml` which signs and copies a release from https://codeberg.org/forgejo-integration into https://codeberg.org/forgejo.
--- a/CONTRIBUTING/SECRETS.md
+++ b/CONTRIBUTING/SECRETS.md
@ -0,0 +1,56 @@
+# Secrets
+
+All Forgejo credentials are shared among the [secret keepers](https://codeberg.org/forgejo/meta/src/branch/readme/TEAMS.md#secrets-keeper) teams in a private repository with encrypted content.
+
+## Get started
+
+1. Make sure you have a GPG Key, or [create one](https://github.com/NicoHood/gpgit#12-key-generation)
+2. Send someone else your public key and ask this person to add yourself as a recipient
+```
+# Commands for the other person
+$ gpg --import public_key.asc
+# The following command will open a prompt, with the available public keys. 
+# Choose the one you just added and all secrets will be re-encrypted with this new key.
+$ gopass recipients add
+```
+3. [Install gopass](https://www.gopass.pw/#install)
+> :warning: When installing on Ubuntu or Debian you can either download the deb package, install manually or build from source or use our APT repository ([github comment](https://github.com/gopasspw/gopass/issues/1849#issuecomment-802789285) with more information).
+4. Clone this repo using `gopass` (the name and email are for `git config`)
+```
+$ gopass clone git@codeberg.org:forgejo/gopass.git
+```
+5. Check the consistency of the gopass storage
+```
+$ gopass fsck
+```
+
+## Get a secret
+
+Show the whole secret file:
+```
+$ gopass show ovh.com/manager
+```
+
+Copy the password in the clipboard:
+```
+$ gopass show -c ovh.com/manager
+```
+
+Copy the `user` part of the secret in the clipboard:
+```
+$ gopass show -c ovh.com/manager user
+```
+
+## Insert or edit a secret
+```
+$ gopass edit ovh.com/manager
+```
+In the editor, insert the password on the first line.
+You may then add lines with a `key: value` syntax (`user: username` for instance).
+
+## Debugging and manual git operations
+
+The following command will show the location and status of the git repo (all git commands are available).
+```
+$ gopass git status
+```
--- a/CONTRIBUTING/WORKFLOW.md
+++ b/CONTRIBUTING/WORKFLOW.md
@ -0,0 +1,124 @@
+# Development workflow
+
+Forgejo is a soft fork, i.e. a set of commits applied to the Gitea development branch and the stable branches. On a regular basis those commits are rebased and modified if necessary to keep working. All Forgejo commits are merged into a branch from which binary releases and packages are created and distributed. The development workflow is a set of conventions Forgejo developers are expected to follow to work together.
+
+Discussions on how the workflow should evolve happen [in the isssue tracker](https://codeberg.org/forgejo/forgejo/issues?type=all&state=open&labels=&milestone=0&assignee=0&q=%5BWORKFLOW%5D).
+
+## Naming conventions
+
+### Development
+
+* Gitea: main
+* Forgejo: forgejo
+* Feature branches: forgejo-feature-name
+
+### Stable
+
+* Gitea: release/vX.Y
+* Forgejo: vX.Y/forgejo
+* Feature branches: vX.Y/forgejo-feature-name
+
+### Soft fork history
+
+Before rebasing on top of Gitea, all branches are copied to `soft-fork/YYYY-MM-DD/<branch>` for safekeeping. Older `soft-fork/*/<branch>` branches are converted into references under the same name. Similar to how pull requests store their head, they do not clutter the list of branches but can be retrieved if needed with `git fetch +refs/soft-fork/*:refs/soft-fork/*`. Tooling to automate this archival process [is available](https://codeberg.org/forgejo-contrib/soft-fork-tools/src/branch/master/README.md#archive-branches).
+
+### Tags
+
+Because the branches are rebased on top of Gitea, only the latest tag will be found in a given branch. For instance `v1.18.0-1` won't be found in the `v1.18/forgejo` branch after it is rebased.
+
+## Rebasing
+
+### *Feature branch*
+
+The *Gitea* branches are mirrored with the Gitea development and stable branches.
+
+On a regular basis, each *Feature branch* is rebased against the base *Gitea* branch.
+
+### forgejo branch
+
+The latest *Gitea* branch resets the *forgejo* branch and all *Feature branches* are merged into it.
+
+If tests pass after pushing *forgejo* to the https://codeberg.org/forgejo-integration/forgejo repository, it can be pushed to the https://codeberg.org/forgejo/forgejo repository.
+
+If tests do not pass, an issue is filed to the *Feature branch* that fails the test. Once the issue is resolved, another round of rebasing starts.
+
+### Cherry picking and rebasing
+
+Because Forgejo is a soft fork of Gitea, the commits in feature branches need to be cherry-picked on top of their base branch. They cannot be rebased using `git rebase`, because their base branch has been rebased.
+
+Here is how the commits in the `forgejo-f3` branch can be cherry-picked on top of the latest `forgejo-development` branch:
+
+```
+$ git fetch --all
+$ git remote get-url forgejo
+git@codeberg.org:forgejo/forgejo.git
+$ git checkout -b forgejo/forgejo-f3
+$ git reset --hard forgejo/forgejo-development
+$ git cherry-pick $(git rev-list --reverse forgejo/soft-fork/2022-12-10/forgejo-development..forgejo/soft-fork/2022-12-10/forgejo-f3)
+$ git push --force forgejo-f3 forgejo/forgejo-f3
+```
+
+## Feature branches
+
+All *Feature branches* are based on the {vX.Y/,}forgejo-development branch which provides development tools and documentation.
+
+The `forgejo-development` branch is based on the {vX.Y/,}forgejo-ci branch which provides the Woodpecker CI configuration.
+
+The purpose of each *Feature branch* is documented below:
+
+### General purpose
+
+* [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci) based on [main](https://codeberg.org/forgejo/forgejo/src/branch/main)
+  Woodpecker CI configuration, including the release process.
+  * Backports: [v1.18/forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci)
+
+* [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development) based on [forgejo-ci](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-ci)
+  Forgejo development tools and documentation.
+  * Backports: [v1.18/forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-development)
+
+### Dependency
+
+* [forgejo-dependency](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-dependency) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Each commit is prefixed with the name of dependency in uppercase, for instance **[GOTH]** or **[GITEA]**. They are standalone and implement either a bug fix or a feature that is in the process of being contributed to the dependency. It is better to contribute directly to the dependency instead of adding a commit to this branch but it is sometimes not possible, for instance when someone does not have a GitHub account. The author of the commit is responsible for rebasing and resolve conflicts. The ultimate goal of this branch is to be empty and it is expected that a continuous effort is made to reduce its content so that the technical debt it represents does not burden Forgejo long term.
+  * Backports: [v1.18/forgejo-dependency](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-dependency)
+
+### [Privacy](https://codeberg.org/forgejo/forgejo/issues?labels=83271)
+
+* [forgejo-privacy](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-privacy) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Customize Forgejo to have more privacy.
+  * Backports: [v1.18/forgejo-privacy](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-privacy)
+
+### Branding
+* [forgejo-branding](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-branding) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Replacing upstream branding with Forgejo branding
+
+### [Internationalization](https://codeberg.org/forgejo/forgejo/issues?labels=82637)
+* [forgejo-i18n](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-i18n) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Internationalization support for Forgejo with a workflow based on Weblate.
+
+### [Accessibility](https://codeberg.org/forgejo/forgejo/issues?labels=81214)
+* Backports only: [v1.18/forgejo-a11y](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-a11y) based on [v1.18/forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-development)
+  Backport future upstream a11y improvements to the current release of Forgejo
+
+### [Federation](https://codeberg.org/forgejo/forgejo/issues?labels=79349)
+
+* [forgejo-federation](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-federation) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  Federation support for Forgejo
+
+* [forgejo-f3](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-f3) based on [forgejo-development](https://codeberg.org/forgejo/forgejo/src/branch/forgejo-development)
+  [F3](https://lab.forgefriends.org/friendlyforgeformat/gof3) support for Forgejo
+
+## Pull requests and feature branches
+
+Most people who are used to contributing will be familiar with the workflow of sending a pull request against the default branch. When that happens the reviewer should change the base branch to the appropriate *Feature branch* instead. If the pull request does not fit in any *Feature branch*, the reviewer needs to make decision to either:
+
+* Decline the pull request because it is best contributed to Gitea
+* Create a new *Feature branch*
+
+Returning contributors can figure out which *Feature branch* to base their pull request on using the list of *Feature branches*.
+
+## Granularity
+
+*Feature branches* can contain a number of commits grouped together, for instance for branding the documentation, the landing page and the footer. It makes it convenient for people working on that topic to get the big picture without browsing multiple branches. Creating a new *Feature branch* for each individual commit, while possible, is likely to be difficult to work with.
+
+Observing the granularity of the existing *Feature branches* is the best way to figure out what works and what does not. It requires adjustments from time to time depending on the number of contributors and the complexity of the Forgejo codebase that sits on top of Gitea.
--- a/2
+++ b/2
@ -24,7 +24,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 RUN go build contrib/environment-to-ini/environment-to-ini.go

 FROM alpine:3.17
-LABEL maintainer="maintainers@gitea.io"
+LABEL maintainer="contact@forgejo.org"

 EXPOSE 22 3000

--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -24,7 +24,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 RUN go build contrib/environment-to-ini/environment-to-ini.go

 FROM alpine:3.17
-LABEL maintainer="maintainers@gitea.io"
+LABEL maintainer="contact@forgejo.org"

 EXPOSE 2222 3000

--- a/1
+++ b/1
@ -1,3 +1,4 @@
+Copyright (c) 2022 The Forgejo Authors
 Copyright (c) 2016 The Gitea Authors
 Copyright (c) 2015 The Gogs Authors

--- a/61
+++ b/61
@ -83,7 +83,7 @@ ifneq ($(DRONE_TAG),)
 	GITEA_VERSION ?= $(VERSION)
 else
 	ifneq ($(DRONE_BRANCH),)
-		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
+		VERSION ?= $(shell echo $(DRONE_BRANCH) | sed -e 's|v\([0-9.][0-9.]*\)/.*|\1|')
 	else
 		VERSION ?= main
 	endif
@ -96,7 +96,10 @@ else
 	endif
 endif

-LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
+# SemVer
+FORGEJO_VERSION := 3.0.0+0-gitea-1.19.0
+
+LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)" -X "code.gitea.io/gitea/routers/api/forgejo/v1.ForgejoVersion=$(FORGEJO_VERSION)"

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

@ -148,6 +151,8 @@ ifdef DEPS_PLAYWRIGHT
 	PLAYWRIGHT_FLAGS += --with-deps
 endif

+FORGEJO_API_SPEC := public/forgejo/api.v1.yml
+
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
 SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
 SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
@ -208,6 +213,8 @@ help:
 	@echo " - generate-license                 update license files"
 	@echo " - generate-gitignore               update gitignore files"
 	@echo " - generate-manpage                 generate manpage"
+	@echo " - generate-forgejo-api             generate the forgejo API from spec"
+	@echo " - forgejo-api-validate             check if the forgejo API matches the specs"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
@ -286,8 +293,7 @@ misspell-check:
 .PHONY: vet
 vet:
 	@echo "Running go vet..."
-	@GOOS= GOARCH= $(GO) build code.gitea.io/gitea-vet
-	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
+	@$(GO) vet $(GO_PACKAGES)

 .PHONY: $(TAGS_EVIDENCE)
 $(TAGS_EVIDENCE):
@ -298,6 +304,27 @@ ifneq "$(TAGS)" "$(shell cat $(TAGS_EVIDENCE) 2>/dev/null)"
 TAGS_PREREQ := $(TAGS_EVIDENCE)
 endif

+OAPI_CODEGEN_PACKAGE ?= github.com/deepmap/oapi-codegen/cmd/oapi-codegen@v1.12.4
+KIN_OPENAPI_CODEGEN_PACKAGE ?= github.com/getkin/kin-openapi/cmd/validate@v0.114.0
+FORGEJO_API_SERVER = routers/api/forgejo/v1/generated.go
+
+.PHONY: generate-forgejo-api
+generate-forgejo-api: $(FORGEJO_API_SPEC)
+	$(GO) run $(OAPI_CODEGEN_PACKAGE) -package v1 -generate chi-server,types $< > $(FORGEJO_API_SERVER)
+
+.PHONY: forgejo-api-check
+forgejo-api-check: generate-forgejo-api
+	@diff=$$(git diff $(FORGEJO_API_SERVER) ; \
+	if [ -n "$$diff" ]; then \
+		echo "Please run 'make generate-forgejo-api' and commit the result:"; \
+		echo "$${diff}"; \
+		exit 1; \
+	fi
+
+.PHONY: forgejo-api-validate
+forgejo-api-validate:
+	$(GO) run $(KIN_OPENAPI_CODEGEN_PACKAGE) $(FORGEJO_API_SPEC)
+
 .PHONY: generate-swagger
 generate-swagger: $(SWAGGER_SPEC)

@ -333,7 +360,7 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check

 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
+checks-backend: tidy-check swagger-check fmt-check misspell-check forgejo-api-validate swagger-validate security-check

 .PHONY: lint
 lint: lint-frontend lint-backend
@ -739,10 +766,14 @@ generate: generate-backend
 generate-backend: $(TAGS_PREREQ) generate-go

 .PHONY: generate-go
-generate-go: $(TAGS_PREREQ)
+generate-go: $(TAGS_PREREQ) merge-locales
 	@echo "Running go generate..."
 	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)

+.PHONY: merge-locales
+merge-locales:
+	$(GO) run build/merge-forgejo-locales.go
+
 .PHONY: security-check
 security-check:
 	go run $(GOVULNCHECK_PACKAGE) -v ./...
@ -751,7 +782,7 @@ $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-linux release-copy release-compress vendor release-sources release-check

 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)
@ -768,7 +799,7 @@ endif

 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out forgejo-$(VERSION) .
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
@ -805,8 +836,8 @@ release-sources: | $(DIST_DIRS)
 # bsdtar needs a ^ to prevent matching subdirectories
 	$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
 # use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s
-	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./gitea-src-$(VERSION)/'" || echo "--transform 's|^./|gitea-src-$(VERSION)/|'"))
-	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
+	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./forgejo-src-$(VERSION)/'" || echo "--transform 's|^./|forgejo-src-$(VERSION)/|'"))
+	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/forgejo-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)

 .PHONY: release-docs
@ -859,6 +890,8 @@ fomantic:
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
+	# fomantic uses "touchstart" as click event for some browsers, it's not ideal, so we force fomantic to always use "click" as click event
+	$(SED_INPLACE) -e 's/clickEvent[ \t]*=/clickEvent = "click", unstableClickEvent =/g' $(FOMANTIC_WORK_DIR)/build/semantic.js
 	$(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js
 	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*

@ -899,13 +932,7 @@ lockfile-check:

 .PHONY: update-translations
 update-translations:
-	mkdir -p ./translations
-	cd ./translations && curl -L https://crowdin.com/download/project/gitea.zip > gitea.zip && unzip gitea.zip
-	rm ./translations/gitea.zip
-	$(SED_INPLACE) -e 's/="/=/g' -e 's/"$$//g' ./translations/*.ini
-	$(SED_INPLACE) -e 's/\\"/"/g' ./translations/*.ini
-	mv ./translations/*.ini ./options/locale/
-	rmdir ./translations
+	# noop to detect merge conflicts (potentially needs updating the scripts) and avoid breaking with Gitea

 .PHONY: generate-license
 generate-license:
--- a/README.md
+++ b/README.md
@ -1,180 +1,47 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
+<div align="center">
+    <img src="https://codeberg.org/forgejo/meta/raw/branch/readme/logo/forgejo.svg" alt="" width="192" align="center" />
+    <h1 align="center">Welcome to Forgejo</h1>
+</div>

-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
+Hi there! Tired of big platforms playing monopoly?
+Providing Git hosting for your project, friends, company or community?
+**Forgejo** (/for'd&#865;ʒe.jo/ inspired by forĝejo – the Esperanto word for *forge*) has you covered with its intuitive interface,
+light and easy hosting and a lot of builtin functionality.

-<p align="center">
-  <a href="README_ZH.md">View this document in Chinese</a>
-</p>
+Forgejo was [created in 2022](https://forgejo.org/2022-12-15-hello-forgejo/)
+because we think that the project should be owned by an independent community.
+If you second that, then Forgejo is for you!
+Our promise: **Independent Free/Libre Software forever!**

-## Purpose
+## What does Forgejo offer?

-The goal of this project is to make the easiest, fastest, and most
-painless way of setting up a self-hosted Git service.
+<!-- If you want to know what Forgejo is like,
+you can check out public instances,
+e.g. [Codeberg.org](https://codeberg.org).
+-->

-As Gitea is written in Go, it works across **all** the platforms and
-architectures that are supported by Go, including Linux, macOS, and
-Windows on x86, amd64, ARM and PowerPC architectures.
-You can try it out using [the online demo](https://try.gitea.io/).
-This project has been
-[forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
-[Gogs](https://gogs.io) since November of 2016, but a lot has changed.
+If you like any of the following, Forgejo is literally meant for you:

-## Building
+- Lightweight: Forgejo can easily be hosted on nearly **every machine**.
+  Running on a Raspberry? Small cloud instance? No problem!
+- Project management: Besides Git hosting, Forgejo offers issues,
+  pull requests, wikis, kanban boards and much more to **coordinate with your team**.
+- Publishing: Have something to share? Use **releases** to host your software for download,
+  or use the **package registry** to publish it for docker, npm and many other package managers.
+- Customizable: Want to change your look? Change some settings?
+  There are many **config switches** to make Forgejo work exactly like you want.
+- Powerful: Organizations & team permissions, CI integration, Code Search, LDAP, OAuth and much more.
+  If you have **advanced needs**, Forgejo has you covered.
+- Privacy: From update checker to default settings: Forgejo is built to be **privacy first** for you and your crew.
+- Federation: (WIP) We are actively working to connect software forges with each other through **ActivityPub**,
+  and create a collaborative network of personal instances.
+  Interested? [Read more](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING/WORKFLOW.md#federation-https-codeberg-org-forgejo-forgejo-issues-labels-79349)

-From the root of the source tree, run:
+## Learn more

-    TAGS="bindata" make build
+Subscribe to releases and blog post on [our website](https://forgejo.org), <a href="https://floss.social/@forgejo" rel="me">find us on the Fediverse</a> or hop into [our Matrix room](https://matrix.to/#/#forgejo-chat:matrix.org) if you have any questions or want to get involved.

-or if SQLite support is required:

-    TAGS="bindata sqlite sqlite_unlock_notify" make build
+## Get involved

-The `build` target is split into two sub-targets:
-
- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
-
-When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.
-
-Parallelism (`make -j <num>`) is not supported.
-
-More info: https://docs.gitea.io/en-us/install-from-source/
-
-## Using
-
-    ./gitea web
-
-NOTE: If you're interested in using our APIs, we have experimental
-support with [documentation](https://try.gitea.io/api/swagger).
-
-## Contributing
-
-Expected workflow is: Fork -> Patch -> Push -> Pull Request
-
-NOTES:
-
-1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
-2. If you have found a vulnerability in the project, please write privately to **security@gitea.io**. Thanks!
-
-## Translating
-
-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.
-
-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
-
-https://docs.gitea.io/en-us/translation-guidelines/
-
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
-## Further information
-
-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
-If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
-
-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
-
-The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
-
-The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
-
-## Authors
-
- [Maintainers](https://github.com/orgs/go-gitea/people)
- [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
- [Translators](options/locale/TRANSLATORS)
-
-## Backers
-
-Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/gitea#backer)]
-
-<a href="https://opencollective.com/gitea#backers" target="_blank"><img src="https://opencollective.com/gitea/backers.svg?width=890"></a>
-
-## Sponsors
-
-Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/gitea#sponsor)]
-
-<a href="https://opencollective.com/gitea/sponsor/0/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/0/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/1/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/1/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/2/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/2/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/3/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/3/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/4/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/4/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/5/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/5/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/6/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/6/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
-<a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
-<a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>
-
-## FAQ
-
-**How do you pronounce Gitea?**
-
-Gitea is pronounced [/ɡɪ’ti:/](https://youtu.be/EM71-2uDAoY) as in "gi-tea" with a hard g.
-
-**Why is this not hosted on a Gitea instance?**
-
-We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
-
-## License
-
-This project is licensed under the MIT License.
-See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
-for the full license text.
-
-## Screenshots
-
-Looking for an overview of the interface? Check it out!
-
-|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
-|:---:|:---:|:---:|
-|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
+If you are interested in making Forgejo better, either by reporting a bug or by changing the governance, please [take a look at the contribution guide](CONTRIBUTING.md).
--- a/README_ZH.md
+++ b/README_ZH.md
@ -1,98 +0,0 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
-
-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
-
-<p align="center">
-  <a href="README.md">View this document in English</a>
-</p>
-
-## 目标
-
-Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。
-
-如果您想试用一下，请访问 [在线Demo](https://try.gitea.io/)！
-
-## 提示
-
-1. **开始贡献代码之前请确保你已经看过了 [贡献者向导（英文）](CONTRIBUTING.md)**.
-2. 所有的安全问题，请私下发送邮件给 **security@gitea.io**。谢谢！
-3. 如果你要使用API，请参见 [API 文档](https://godoc.org/code.gitea.io/sdk/gitea).
-
-## 文档
-
-关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。
-
-## 贡献流程
-
-Fork -> Patch -> Push -> Pull Request
-
-## 翻译
-
-多语言翻译是基于Crowdin进行的.
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
-## 作者
-
-* [Maintainers](https://github.com/orgs/go-gitea/people)
-* [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
-* [Translators](options/locale/TRANSLATORS)
-
-## 授权许可
-
-本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) 文件中。
-
-## 截图
-
-|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
-|:---:|:---:|:---:|
-|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@ -0,0 +1,643 @@
+# Release Notes
+
+A Forgejo release is published shortly after a Gitea release is published and they have [matching release numbers](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING/RELEASE.md#release-numbering). Additional Forgejo releases may be published to address urgent security issues or bug fixes. Forgejo release notes include all Gitea release notes.
+
+The Forgejo admin should carefully read the required manual actions before upgrading. A point release (e.g. v1.19.1 or v1.19.2) does not require manual actions but others might (e.g. v1.18.0, v1.19.0).
+
+## 1.19.0-2
+
+The [complete list of commits](https://codeberg.org/forgejo/forgejo/commits/branch/v1.19/forgejo) included in the `Forgejo v1.19.0-2` release can be reviewed from the command line with:
+
+```shell
+$ git clone https://codeberg.org/forgejo/forgejo/
+$ git -C forgejo log --oneline --no-merges origin/v1.18/forgejo..origin/v1.19/forgejo
+```
+
+* Breaking changes
+  * [Scoped access tokens](https://codeberg.org/forgejo/forgejo/commit/de484e86bc)
+
+    Forgejo access token, used with the [API](https://forgejo.org/docs/v1.19/admin/api-usage/) can now have a "scope" that limits what it can access. Existing tokens stored in the database and created before Forgejo v1.19 had unlimited access.  For backward compatibility, their access will remain the same and they will continue to work as before. However, **newly created token that do not specify a scope will now only have read-only access to public user profile and public repositories**.
+
+    For instance, the `/users/{username}/tokens` API endpoint will require the `scopes: ['all', 'sudo']` parameter and the `forgejo admin user generate-access-token` will require the `--scopes all,sudo` argument obtain tokens with ulimited access as before for admin users.
+
+    [Read more about the scoped tokens](https://forgejo.org/docs/v1.19/user/oauth2-provider/#scoped-tokens).
+
+  * [Disable all units except code and pulls on forks](https://codeberg.org/forgejo/forgejo/commit/2741546be) 
+
+    When forking a repository, the fork will now have issues, projects, releases, packages and wiki disabled. These can be enabled in the repository settings afterwards. To change back to the previous default behavior, configure `DEFAULT_FORK_REPO_UNITS` to be the same value as `DEFAULT_REPO_UNITS`.
+
+  * [Filter repositories by default on the explore page](https://codeberg.org/forgejo/forgejo/commit/4d20a4a1b)
+
+    The explore page now always filters out repositories that are considered not relevant because they are either forks or have no topic and not description and no icon. A link is shown to display all repositories, unfiltered.
+
+    <img src="./releases/images/forgejo-v1.19-relevant.png" alt="Explore repositories" width="600" />
+
+  * [Remove deprecated DSA host key from Docker Container](https://codeberg.org/forgejo/forgejo/commit/f17edfaf5a31ea3f4e9152424b75c2c4986acbe3)
+    Since OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm, and recommend against its use. http://www.openssh.com/legacy.html
+
+  * Additional restrictions on valid user names
+
+    The algorithm for validating user names was modified and some users may have invalid names. The command `forgejo doctor --run check-user-names` will list all of them so they can be renamed.
+
+    If a Forgejo instance has users or organizations named `forgejo-actions` and `gitea-actions`, they will also need to be renamed before the upgrade. They are now reserved names for the experimental internal CI/CD named `Actions`.
+* Features
+
+   * [Documentation](https://forgejo.org/docs/latest/)
+     The first version of the [Forgejo documentation](https://forgejo.org/docs/latest/) is available and covers the administration of Forgejo, from installation to troubleshooting.
+
+   * [Webhook authorization header](https://codeberg.org/forgejo/forgejo/commit/b6e81357bd6fb80f8ba94c513f89a210beb05313)
+     Forgejo webhooks can be configured to send an [authorization header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) to the target.
+
+     [Read more about the webhook authorization header](https://forgejo.codeberg.page/docs/v1.19/user/webhooks/#authorization-header)
+
+   * [Incoming emails](https://codeberg.org/forgejo/forgejo/commit/fc037b4b825f0501a1489e10d7c822435d825cb7)
+     You can now set up Forgejo to receive incoming email. When enabled, it is now possible to reply to an email notification from Forgejo and:
+     * Add a comment to an issue or a pull request
+     * Unsubscribe to the notifications
+
+     [Read more about incoming emails](https://forgejo.org/docs/v1.19/admin/incoming-email/)
+
+   * Packages registries
+     * Support for [Cargo](https://forgejo.org/docs/v1.19/admin/packages/cargo/), [Conda](https://forgejo.org/docs/v1.19/admin/packages/conda/) and [Chef](https://forgejo.org/docs/v1.19/admin/packages/chef/)
+     * [Cleanup rules](https://codeberg.org/forgejo/forgejo/commit/32db62515)
+     * [Quota limits](https://codeberg.org/forgejo/forgejo/commit/20674dd05)
+
+   * [Option to prohibit fork if user reached maximum limit of repositories](https://codeberg.org/forgejo/forgejo/commit/7cc7db73b)
+     It is possible for a user to create as many fork as they want, even when a quota on the number of repositories is imposed. The new `ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT` setting can now be set to `false` so forks are prohibited if that means exceeding the quota.
+
+     [Read more about repository configurations](https://forgejo.org/docs/v1.19/admin/config-cheat-sheet/#repository-repository)
+
+   * [Scoped labels](https://codeberg.org/forgejo/forgejo/commit/6221a6fd5)
+     Labels that contain a forward slash (**/**) separator are displayed with a slightly different color before and after the separator, as a visual aid. The first part of the label defines its "scope".
+
+     [Read more about scoped labels](https://forgejo.org/docs/v1.19/user/labels/).
+
+   * [Support org/user level projects](https://codeberg.org/forgejo/forgejo/commit/6fe3c8b39)
+     It is now possible to create projects (kanban boards) for an organization or a user, in the same way it was possible for an individual repository.
+
+   * [Map OIDC groups to Orgs/Teams](https://codeberg.org/forgejo/forgejo/commit/e8186f1c0)
+     When a user logs in Forgejo using an provider such as [Keycloak](https://www.keycloak.org/), they can now automatically be part of a Forgejo team, depending on the OIDC group they belong to. For instance:
+
+     ```json
+     {"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}}
+     ```
+
+     Means that the user who is in the OIDC group `Developer` will automatically be a member of the `MyForgejoTeam1` and `MyForgejoTeam2` teams in the `MyForgejoOrganization` organization.
+     This mapping is set when adding a new `Authentication Source` in the `Site Administration` panel.
+
+     <img src="./releases/images/forgejo-v1.19-oidc-part1.png" alt="OIDC Group mapping part1" width="500" />
+
+     ...
+
+     <img src="./releases/images/forgejo-v1.19-oidc-part2.png" alt="OIDC Group mapping part2" width="500" />
+
+     [Read more about OIDC groups mapping](https://forgejo.org/docs/v1.19/admin/oauth2-provider/#endpoints)
+
+   * [RSS feed for releases and tags](https://codeberg.org/forgejo/forgejo/commit/48d71b7d6)
+
+     A RSS feed is now available for releases at `/{owner}/{repo}/releases.rss` and tags at `/{owner}/{repo}/tags.rss`.
+
+   * [Supports wildcard protected branch](https://codeberg.org/forgejo/forgejo/commit/2782c1439)
+
+     Instead of selecting a branch to be protected, the name of the branch must be specified and can be a pattern such as `precious*`.
+
+     [Read more about branch protection](https://forgejo.org/docs/v1.19/user/protection/#protected-branches).
+
+   * [Garbage collect LFS](https://codeberg.org/forgejo/forgejo/commit/651fe4bb7)
+     Add a doctor command for full garbage collection of LFS: `forgejo doctor --run gc-lfs`.
+
+   * Additions to the API
+
+     * [Management for issue/pull and comment attachments](https://codeberg.org/forgejo/forgejo/commit/3c59d31bc)
+     * [Get latest release](https://codeberg.org/forgejo/forgejo/commit/4d072a4c4)
+     * [System hook](https://codeberg.org/forgejo/forgejo/commit/c0015979a)
+
+   * [Option to disable releases on a repository](https://codeberg.org/forgejo/forgejo/commit/faa96553d)
+
+     It is now possible to disable releases on a repository, in the same way it is possible to disable issues or packages.
+
+   * [Actions](https://codeberg.org/forgejo/forgejo/commit/4011821c946e8db032be86266dd9364ccb204118): an experimental CI/CD
+
+     It appears for the first time in this Forgejo release but is not yet fit for production. It is not fully implemented and may be insecure. However, as long as it is not enabled, it presents no risk to existing Forgejo instances.
+
+     If a repository has a file such as `.forgejo/workflows/test.yml`, it will be interpreted, for instance to run tests and verify the code in the repository works as expected (Continuous Integration). It can also be used to create HTML pages for a website and publish them (Continous Deployment). The syntax is similar to GitHub Actions and the jobs can be controled from the Forgejo web interface.
+
+     [Read more about Forgejo Actions](https://forgejo.codeberg.page/2023-02-27-forgejo-actions/)
+
+     <img src="./releases/images/forgejo-v1.19.0-0-rc0.png" alt="Actions" width="600" />
+
+* User Interface improvements
+
+   * [Review box on small screens](https://codeberg.org/forgejo/forgejo/commit/1fcf96ad0)
+     The rendering of the review box is improved on small screens.
+
+   * [Video element enabled in markdown](https://codeberg.org/forgejo/forgejo/commit/f8a40dafb)
+     The `<video>` HTML tag can now be used in MarkDown, with the `src`, `autoplay`, and `controls` attributes.
+
+   * [Copy citation file content in APA and BibTex format](https://codeberg.org/forgejo/forgejo/commit/9f8e77891)
+     If a [BibTeX](https://fr.wikipedia.org/wiki/BibTeX) file named `CITATION.bib` is at the root of the repository, it can be conveniently copied and converted in APA by following the `Cite this repository` link.
+
+     <img src="./releases/images/forgejo-v1.19-citation-link.png" alt="Citation link" width="500" />
+
+     It will open a dialog box with the available formats and a preview of the content.
+
+     <img src="./releases/images/forgejo-v1.19-citation-dialog.png" alt="Citation dialog" width="500" />
+
+     The CFF format is also supported when a `CITATION.cff` file used instead.
+
+   * [Display asciicast](https://codeberg.org/forgejo/forgejo/commit/d9f748a70)
+
+     Files with the `.cast` extension are displayed in the Forgejo web interface as [asciicast v2](https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md) using [asciinema-player](https://github.com/asciinema/asciinema-player).
+
+   * [Attention blocks Note and Warning](https://codeberg.org/forgejo/forgejo/commit/cb8328853)
+
+     For each quote block, the first `**Note**` or `**Warning**` gets an icon prepended to it and its text is colored accordingly.
+
+     <img src="./releases/images/forgejo-v1.19-note-warning.png" alt="Attention block" width="400" />
+
+   * [Support for commit cross references](https://codeberg.org/forgejo/forgejo/commit/d0d257b24)
+
+     A commit hash can now be prefixed by the repository to be referenced from a comment in another repository: `owner/repo@commit`.
+
+   * [Preview images for Issue cards in Project Board view](https://codeberg.org/forgejo/forgejo/commit/fb1a2a13f)
+
+     If the card preview in the project is set to **Images and Text**, it displays images found in the corresponding issue. The most recent is displayed first, up to five images.
+
+     [Read more about card preview images](https://forgejo.org/docs/v1.19/user/project/#card-previews-images).
+
+   * [Add "Copy" button to file view of raw text](https://codeberg.org/forgejo/forgejo/commit/e3a7f1579)
+
+     If a raw text file is displayed, a copy button of the text is enabled.
+
+     **Before**
+
+     <img src="./releases/images/forgejo-v1.19-raw-copy-before.png" alt="Raw copy before" width="500" />
+
+     **After**
+
+     <img src="./releases/images/forgejo-v1.19-raw-copy-after.png" alt="Raw copy after" width="500" />
+
+   * [Setting to allow edits on PRs by maintainers](https://codeberg.org/forgejo/forgejo/commit/49919c636)
+
+     Add setting to allow edits by maintainers by default, to avoid having to often ask contributors to enable this.
+
+* Container images upgraded to Alpine 3.17
+
+  The Forgejo container images are now based on [Alpine 3.17](https://alpinelinux.org/posts/Alpine-3.17.0-released.html) instead of Alpine 3.16. It includes an upgrade from git 2.36.5 to git 2.38.4 and from openssh 9.0p1 to openssh 9.1p1.
+
+## 1.18.5-0
+
+This stable release contains an **important security fix** for Forgejo to raise the protection against brute force attack on hashed passwords stored in the database to match industry standards, [as described in detail in a companion blog post](https://forgejo.org/2023-02-23-release-v1/).
+
+### Recommended Action
+
+We **strongly recommend** that all Forgejo installations are upgraded to the latest version as soon as possible.
+
+If `PASSWORD_HASH_ALGO` is explicitly set in `app.ini`, comment it out so that the stronger algorithm is used instead.
+
+All password hashes stored with another algorithm will be updated to the new algorithm on the next usage of this password (e.g. a user provides the password to the Forgejo server when they login). It does not require manual intervention.
+
+### Forgejo
+
+* SECURITY
+  * Upgrade the default password hash algorithm to pbkdf2 with 320,000 iterations (https://codeberg.org/forgejo/forgejo/pulls/407)
+* BUGFIXES
+  * Return the Forgejo semantic version instead of "development" (https://codeberg.org/forgejo/forgejo/pulls/381)
+
+### Gitea
+
+* SECURITY
+  * Provide the ability to set password hash algorithm parameters (https://github.com/go-gitea/gitea/pull/22942) (https://github.com/go-gitea/gitea/pull/22943)
+* BUGFIXES
+  * Use `--message=%s` for git commit message (https://github.com/go-gitea/gitea/pull/23028) (https://github.com/go-gitea/gitea/pull/23029)
+  * Render access log template as text instead of HTML (https://github.com/go-gitea/gitea/pull/23013) (https://github.com/go-gitea/gitea/pull/23025)
+  * Fix the Manually Merged form (https://github.com/go-gitea/gitea/pull/23015) (https://github.com/go-gitea/gitea/pull/23017)
+  * Use beforeCommit instead of baseCommit (https://github.com/go-gitea/gitea/pull/22949) (https://github.com/go-gitea/gitea/pull/22996)
+  * Display attachments of review comment when comment content is blank (https://github.com/go-gitea/gitea/pull/23035) (https://github.com/go-gitea/gitea/pull/23046)
+  * Return empty url for submodule tree entries (https://github.com/go-gitea/gitea/pull/23043) (https://github.com/go-gitea/gitea/pull/23048)
+  * Notify on container image create (https://github.com/go-gitea/gitea/pull/22806) (https://github.com/go-gitea/gitea/pull/22965)
+  * Some refactor about code comments(https://github.com/go-gitea/gitea/pull/20821) (https://github.com/go-gitea/gitea/pull/22707)
+
+Note that there is no Forgejo v1.18.4-N because Gitea v1.18.4 was replaced by Gitea v1.18.5 a few days after its release because of a regression. Forgejo was not affected.
+
+## 1.18.3-2
+
+This stable release includes a security fix for `git` and bug fixes.
+
+### Git
+
+Git [recently announced](https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/) new versions to address two CVEs ([CVE-2023-22490](https://cve.circl.lu/cve/CVE-2023-22490), [CVE-2023-23946](https://cve.circl.lu/cve/CVE-2023-23946)). On 14 Februrary 2023, Git published the maintenance release v2.39.2, together with releases for older maintenance tracks v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. All major GNU/Linux distributions also provide updated packages via their security update channels.
+
+We recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
+
+* When using a Forgejo binary: upgrade the `git` package to a version greater or equal to v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7 or v2.30.8
+* When using a Forgejo container image: `docker pull codeberg.org/forgejo/forgejo:1.18.3-2`
+
+### Forgejo
+
+* BUGFIXES
+  * Use proxy for pull mirror (https://github.com/go-gitea/gitea/pull/22771) (https://github.com/go-gitea/gitea/pull/22772)
+  * Revert "Fixes accessibility of empty repository commit status" (https://github.com/go-gitea/gitea/pull/22632)
+    * A regression introduced in 1.18.3-1 prevented the CI status from displaying for commits with more than one pipeline
+* FORGEJO RELEASE PROCESS BUGFIXES
+  * The tag SHA in the uploaded repository must match (https://codeberg.org/forgejo/forgejo/pulls/345) [Read more about the consequences of this on the Forgejo blog](https://forgejo.org/2023-02-12-tags/)
+
+### Gitea
+
+* BUGFIXES
+  * Load issue before accessing index in merge message (https://github.com/go-gitea/gitea/pull/22822) (https://github.com/go-gitea/gitea/pull/22830)
+  * Fix isAllowed of escapeStreamer (https://github.com/go-gitea/gitea/pull/22814) (https://github.com/go-gitea/gitea/pull/22837)
+  * Escape filename when assemble URL (https://github.com/go-gitea/gitea/pull/22850) (https://github.com/go-gitea/gitea/pull/22871)
+  * Fix PR file tree folders no longer collapsing (https://github.com/go-gitea/gitea/pull/22864) (https://github.com/go-gitea/gitea/pull/22872)
+  * Fix incorrect role labels for migrated issues and comments (https://github.com/go-gitea/gitea/pull/22914) (https://github.com/go-gitea/gitea/pull/22923)
+  * Fix blame view missing lines (https://github.com/go-gitea/gitea/pull/22826) (https://github.com/go-gitea/gitea/pull/22929)
+  * Fix 404 error viewing the LFS file (https://github.com/go-gitea/gitea/pull/22945) (https://github.com/go-gitea/gitea/pull/22948)
+* FEATURES
+  * Add command to bulk set must-change-password (https://github.com/go-gitea/gitea/pull/22823) (https://github.com/go-gitea/gitea/pull/22928)
+
+## 1.18.3-1
+
+This stable release includes bug fixes.
+
+### Forgejo
+
+* ACCESSIBILITY
+  * Add ARIA support for Fomantic UI checkboxes (https://github.com/go-gitea/gitea/pull/22599)
+  * Fixes accessibility behavior of Watching, Staring and Fork buttons (https://github.com/go-gitea/gitea/pull/22634)
+  * Add main landmark to templates and adjust titles (https://github.com/go-gitea/gitea/pull/22670)
+  * Improve checkbox accessibility a bit by adding the title attribute (https://github.com/go-gitea/gitea/pull/22593)
+  * Improve accessibility of navigation bar and footer (https://github.com/go-gitea/gitea/pull/22635)
+* PRIVACY
+  * Use DNS queries to figure out the latest Forgejo version (https://codeberg.org/forgejo/forgejo/pulls/278)
+* BRANDING
+  * Change the values for the nodeinfo API to correctly identify the software as Forgejo (https://codeberg.org/forgejo/forgejo/pulls/313)
+* CI
+  * Use tagged test environment for stable branches (https://codeberg.org/forgejo/forgejo/pulls/318)
+
+### Gitea
+
+* BUGFIXES
+  * Fix missing message in git hook when pull requests disabled on fork (https://github.com/go-gitea/gitea/pull/22625) (https://github.com/go-gitea/gitea/pull/22658)
+  * add default user visibility to cli command "admin user create" (https://github.com/go-gitea/gitea/pull/22750) (https://github.com/go-gitea/gitea/pull/22760)
+  * Fix color of tertiary button on dark theme (https://github.com/go-gitea/gitea/pull/22739) (https://github.com/go-gitea/gitea/pull/22744)
+  * Fix restore repo bug, clarify the problem of ForeignIndex (https://github.com/go-gitea/gitea/pull/22776) (https://github.com/go-gitea/gitea/pull/22794)
+  * Escape path for the file list (https://github.com/go-gitea/gitea/pull/22741) (https://github.com/go-gitea/gitea/pull/22757)
+  * Fix bugs with WebAuthn preventing sign in and registration. (https://github.com/go-gitea/gitea/pull/22651) (https://github.com/go-gitea/gitea/pull/22721)
+* PERFORMANCES
+  * Improve checkIfPRContentChanged (https://github.com/go-gitea/gitea/pull/22611) (https://github.com/go-gitea/gitea/pull/22644)
+
+## 1.18.3-0
+
+This stable release includes bug fixes.
+
+### Forgejo
+
+* BUGFIXES
+  * Fix line spacing for plaintext previews (https://github.com/go-gitea/gitea/pull/22699) (https://github.com/go-gitea/gitea/pull/22701)
+  * Fix README TOC links (https://github.com/go-gitea/gitea/pull/22577) (https://github.com/go-gitea/gitea/pull/22677)
+  * Don't return duplicated users who can create org repo (https://github.com/go-gitea/gitea/pull/22560) (https://github.com/go-gitea/gitea/pull/22562)
+  * Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (https://github.com/go-gitea/gitea/pull/22627) (https://github.com/go-gitea/gitea/pull/22642)
+
+### Gitea
+
+* BUGFIXES
+  * Add missing close bracket in imagediff (https://github.com/go-gitea/gitea/pull/22710) (https://github.com/go-gitea/gitea/pull/22712)
+  * Fix wrong hint when deleting a branch successfully from pull request UI (https://github.com/go-gitea/gitea/pull/22673) (https://github.com/go-gitea/gitea/pull/22698)
+  * Fix missing message in git hook when pull requests disabled on fork (https://github.com/go-gitea/gitea/pull/22625) (https://github.com/go-gitea/gitea/pull/22658)
+
+## 1.18.2-1
+
+This stable release includes a security fix. It was possible to reveal a user's email address, which is problematic because users can choose to hide their email address from everyone. This was possible because the notification email for a repository transfer request to an organization included every user's email address in the owner team. This has been fixed by sending individual emails instead and the code was refactored to prevent it from happening again.
+
+We **strongly recommend** that all installations are upgraded to the latest version as soon as possible.
+
+### Gitea
+
+* BUGFIXES
+  * When updating by rebase we need to set the environment for head repo (https://github.com/go-gitea/gitea/pull/22535) (https://github.com/go-gitea/gitea/pull/22536)
+  * Mute all links in issue timeline (https://github.com/go-gitea/gitea/pull/22534)
+  * Truncate commit summary on repo files table. (https://github.com/go-gitea/gitea/pull/22551) (https://github.com/go-gitea/gitea/pull/22552)
+  * Prevent multiple `To` recipients (https://github.com/go-gitea/gitea/pull/22566) (https://github.com/go-gitea/gitea/pull/22569)
+
+## 1.18.2-0
+
+This stable release includes bug fixes.
+
+### Gitea
+
+* BUGFIXES
+  * Fix issue not auto-closing when it includes a reference to a branch (https://github.com/go-gitea/gitea/pull/22514) (https://github.com/go-gitea/gitea/pull/22521)
+  * Fix invalid issue branch reference if not specified in template (https://github.com/go-gitea/gitea/pull/22513) (https://github.com/go-gitea/gitea/pull/22520)
+  * Fix 500 error viewing pull request when fork has pull requests disabled (https://github.com/go-gitea/gitea/pull/22512) (https://github.com/go-gitea/gitea/pull/22515)
+  * Reliable selection of admin user (https://github.com/go-gitea/gitea/pull/22509) (https://github.com/go-gitea/gitea/pull/22511)
+
+## 1.18.1-0
+
+This is the first Forgejo stable point release.
+
+### Forgejo
+
+### Critical security update for Git
+
+Git [recently announced](https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/) new versions to address two CVEs ([CVE-2022-23521](https://cve.circl.lu/cve/CVE-2022-23521), [CVE-2022-41903](https://cve.circl.lu/cve/CVE-2022-41903)). On 17 January 2023, Git published the maintenance release v2.39.1, together with releases for older maintenance tracks v2.38.3, v2.37.5, v2.36.4, v2.35.6, v2.34.6, v2.33.6, v2.32.5, v2.31.6, and v2.30.7. All major GNU/Linux distributions also provide updated packages via their security update channels.
+
+We **strongly recommend** that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.
+
+* When using a Forgejo binary: upgrade the `git` package to a version greater or equal to v2.39.1, v2.38.3, v2.37.5, v2.36.4, v2.35.6, v2.34.6, v2.33.6, v2.32.5, v2.31.6, or v2.30.7
+* When using a Forgejo container image: `docker pull codeberg.org/forgejo/forgejo:1.18.1-0`
+
+Read more in the [Forgejo blog](https://forgejo.org/2023-01-18-release-v1-18-1-0/).
+
+#### Release process stability
+
+The [release process](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci) based on [Woodpecker CI](https://woodpecker-ci.org/) was entirely reworked to be more resilient to transient errors. A new release is first uploaded into the new [Forgejo experimental](https://codeberg.org/forgejo-experimental/) organization for testing purposes.
+
+Automated end to end testing of releases was implemented with a full development cycle including the creation of a new repository and a run of CI. It relieves the user and developer from the burden of tedious manual testing.
+
+#### Container environment variables
+
+When running a container, all environment variables starting with `FORGEJO__` can be used instead of `GITEA__`. For backward compatibility with existing scripts, it is still possible to use `GITEA__` instead of `FORGEJO__`. For instance:
+
+```
+docker run --name forgejo -e FORGEJO__security__INSTALL_LOCK=true codeberg.org/forgejo/forgejo:1.18.1-0
+```
+
+#### Forgejo hook types
+
+A new `forgejo` hook type is available and behaves exactly the same as the existing `gitea` hook type. It will be used to implement additional features specific to Forgejo in a way that will be backward compatible with Gitea.
+
+#### X-Forgejo headers
+
+Wherever a `X-Gitea` header is received or sent, an identical `X-Forgejo` is added. For instance when a notification mail is sent, the `X-Forgejo-Reason` header is set to explain why. Or when a webhook is sent, the `X-Forgejo-Event` header is set with `push`, `tag`, etc. for Woodpecker CI to decide on an action.
+
+#### Look and feel fixes
+
+The Forgejo theme was [modified](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-branding) to take into account user feedback.
+
+### Gitea
+
+* API
+  * Add `sync_on_commit` option for push mirrors api (https://github.com/go-gitea/gitea/pull/22271) (https://github.com/go-gitea/gitea/pull/22292)
+* BUGFIXES
+  * Update `github.com/zeripath/zapx/v15` (https://github.com/go-gitea/gitea/pull/22485)
+  * Fix pull request API field `closed_at` always being `null` (https://github.com/go-gitea/gitea/pull/22482) (https://github.com/go-gitea/gitea/pull/22483)
+  * Fix container blob mount (https://github.com/go-gitea/gitea/pull/22226) (https://github.com/go-gitea/gitea/pull/22476)
+  * Fix error when calculating repository size (https://github.com/go-gitea/gitea/pull/22392) (https://github.com/go-gitea/gitea/pull/22474)
+  * Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (https://github.com/go-gitea/gitea/pull/22454) (https://github.com/go-gitea/gitea/pull/22472)
+  * Fix environments for KaTeX and error reporting (https://github.com/go-gitea/gitea/pull/22453) (https://github.com/go-gitea/gitea/pull/22473)
+  * Remove the netgo tag for Windows build (https://github.com/go-gitea/gitea/pull/22467) (https://github.com/go-gitea/gitea/pull/22468)
+  * Fix migration from GitBucket (https://github.com/go-gitea/gitea/pull/22477) (https://github.com/go-gitea/gitea/pull/22465)
+  * Prevent panic on looking at api "git" endpoints for empty repos (https://github.com/go-gitea/gitea/pull/22457) (https://github.com/go-gitea/gitea/pull/22458)
+  * Fix PR status layout on mobile (https://github.com/go-gitea/gitea/pull/21547) (https://github.com/go-gitea/gitea/pull/22441)
+  * Fix wechatwork webhook sends empty content in PR review (https://github.com/go-gitea/gitea/pull/21762) (https://github.com/go-gitea/gitea/pull/22440)
+  * Remove duplicate "Actions" label in mobile view (https://github.com/go-gitea/gitea/pull/21974) (https://github.com/go-gitea/gitea/pull/22439)
+  * Fix leaving organization bug on user settings -> orgs (https://github.com/go-gitea/gitea/pull/21983) (https://github.com/go-gitea/gitea/pull/22438)
+  * Fixed colour transparency regex matching in project board sorting (https://github.com/go-gitea/gitea/pull/22092) (https://github.com/go-gitea/gitea/pull/22437)
+  * Correctly handle select on multiple channels in Queues (https://github.com/go-gitea/gitea/pull/22146) (https://github.com/go-gitea/gitea/pull/22428)
+  * Prepend refs/heads/ to issue template refs (https://github.com/go-gitea/gitea/pull/20461) (https://github.com/go-gitea/gitea/pull/22427)
+  * Restore function to "Show more" buttons (https://github.com/go-gitea/gitea/pull/22399) (https://github.com/go-gitea/gitea/pull/22426)
+  * Continue GCing other repos on error in one repo (https://github.com/go-gitea/gitea/pull/22422) (https://github.com/go-gitea/gitea/pull/22425)
+  * Allow HOST has no port (https://github.com/go-gitea/gitea/pull/22280) (https://github.com/go-gitea/gitea/pull/22409)
+  * Fix omit avatar_url in discord payload when empty (https://github.com/go-gitea/gitea/pull/22393) (https://github.com/go-gitea/gitea/pull/22394)
+  * Don't display stop watch top bar icon when disabled and hidden when click other place (https://github.com/go-gitea/gitea/pull/22374) (https://github.com/go-gitea/gitea/pull/22387)
+  * Don't lookup mail server when using sendmail (https://github.com/go-gitea/gitea/pull/22300) (https://github.com/go-gitea/gitea/pull/22383)
+  * Fix gravatar disable bug (https://github.com/go-gitea/gitea/pull/22337)
+  * Fix update settings table on install (https://github.com/go-gitea/gitea/pull/22326) (https://github.com/go-gitea/gitea/pull/22327)
+  * Fix sitemap (https://github.com/go-gitea/gitea/pull/22272) (https://github.com/go-gitea/gitea/pull/22320)
+  * Fix code search title translation (https://github.com/go-gitea/gitea/pull/22285) (https://github.com/go-gitea/gitea/pull/22316)
+  * Fix due date rendering the wrong date in issue (https://github.com/go-gitea/gitea/pull/22302) (https://github.com/go-gitea/gitea/pull/22306)
+  * Fix get system setting bug when enabled redis cache (https://github.com/go-gitea/gitea/pull/22298)
+  * Fix bug of DisableGravatar default value (https://github.com/go-gitea/gitea/pull/22297)
+  * Fix key signature error page (https://github.com/go-gitea/gitea/pull/22229) (https://github.com/go-gitea/gitea/pull/22230)
+* TESTING
+  * Remove test session cache to reduce possible concurrent problem (https://github.com/go-gitea/gitea/pull/22199) (https://github.com/go-gitea/gitea/pull/22429)
+* MISC
+  * Restore previous official review when an official review is deleted (https://github.com/go-gitea/gitea/pull/22449) (https://github.com/go-gitea/gitea/pull/22460)
+  * Log STDERR of external renderer when it fails (https://github.com/go-gitea/gitea/pull/22442) (https://github.com/go-gitea/gitea/pull/22444)
+
+## 1.18.0-1
+
+This is the first Forgejo release.
+
+### Forgejo improvements
+
+#### Woodpecker CI
+
+A new [CI configuration](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-ci) based on [Woodpecker CI](https://woodpecker-ci.org/) was created. It is used to:
+
+* run tests on every Forgejo pull request ([compliance](https://codeberg.org/forgejo/forgejo/src/tag/v1.18.0-1/.woodpecker/compliance.yml), [unit tests and integration tests](https://codeberg.org/forgejo/forgejo/src/tag/v1.18.0-1/.woodpecker/testing-amd64.yml))
+* publish the Forgejo v1.18.0-1 release, [as binary packages](https://codeberg.org/forgejo/forgejo/releases/tag/v1.18.0-1) for amd64, arm64 and armv6 and [container images](https://codeberg.org/forgejo/-/packages/container/forgejo/1.18.0-1) for amd64 and arm64, root and rootless
+
+#### Look and feel
+
+The default themes were replaced by Forgejo themes and the landing page was [modified](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-branding) to display the Forgejo logo and names but the look and feel remains otherwise identical to Gitea.
+
+<img src="./releases/images/forgejo-v1.18.0-rc1-2-landing.jpg" alt="Landing page" width="600" />
+
+#### Privacy
+
+Gitea instances fetch https://dl.gitea.io/gitea/version.json weekly by default, which raises privacy concerns. In Forgejo [this feature needs to be explicitly activated](https://codeberg.org/forgejo/forgejo/src/branch/v1.18/forgejo-privacy) at installation time or by modifying the configuration file. Forgejo also provides an alternative [RSS feed](https://forgejo.org/releases/) to be informed when a new release is published.
+
+### Gitea
+
+* SECURITY
+  * Remove ReverseProxy authentication from the API (https://github.com/go-gitea/gitea/pull/22219) (https://github.com/go-gitea/gitea/pull/22251)
+  * Support Go Vulnerability Management (https://github.com/go-gitea/gitea/pull/21139)
+  * Forbid HTML string tooltips (https://github.com/go-gitea/gitea/pull/20935)
+* BREAKING
+  * Rework mailer settings (https://github.com/go-gitea/gitea/pull/18982)
+  * Remove U2F support (https://github.com/go-gitea/gitea/pull/20141)
+  * Refactor `i18n` to `locale` (https://github.com/go-gitea/gitea/pull/20153)
+  * Enable contenthash in filename for dynamic assets (https://github.com/go-gitea/gitea/pull/20813)
+* FEATURES
+  * Add color previews in markdown (https://github.com/go-gitea/gitea/pull/21474)
+  * Allow package version sorting (https://github.com/go-gitea/gitea/pull/21453)
+  * Add support for Chocolatey/NuGet v2 API (https://github.com/go-gitea/gitea/pull/21393)
+  * Add API endpoint to get changed files of a PR (https://github.com/go-gitea/gitea/pull/21177)
+  * Add filetree on left of diff view (https://github.com/go-gitea/gitea/pull/21012)
+  * Support Issue forms and PR forms (https://github.com/go-gitea/gitea/pull/20987)
+  * Add support for Vagrant packages (https://github.com/go-gitea/gitea/pull/20930)
+  * Add support for `npm unpublish` (https://github.com/go-gitea/gitea/pull/20688)
+  * Add badge capabilities to users (https://github.com/go-gitea/gitea/pull/20607)
+  * Add issue filter for Author (https://github.com/go-gitea/gitea/pull/20578)
+  * Add KaTeX rendering to Markdown. (https://github.com/go-gitea/gitea/pull/20571)
+  * Add support for Pub packages (https://github.com/go-gitea/gitea/pull/20560)
+  * Support localized README (https://github.com/go-gitea/gitea/pull/20508)
+  * Add support mCaptcha as captcha provider (https://github.com/go-gitea/gitea/pull/20458)
+  * Add team member invite by email (https://github.com/go-gitea/gitea/pull/20307)
+  * Added email notification option to receive all own messages (https://github.com/go-gitea/gitea/pull/20179)
+  * Switch Unicode Escaping to a VSCode-like system (https://github.com/go-gitea/gitea/pull/19990)
+  * Add user/organization code search (https://github.com/go-gitea/gitea/pull/19977)
+  * Only show relevant repositories on explore page (https://github.com/go-gitea/gitea/pull/19361)
+  * User keypairs and HTTP signatures for ActivityPub federation using go-ap (https://github.com/go-gitea/gitea/pull/19133)
+  * Add sitemap support (https://github.com/go-gitea/gitea/pull/18407)
+  * Allow creation of OAuth2 applications for orgs (https://github.com/go-gitea/gitea/pull/18084)
+  * Add system setting table with cache and also add cache supports for user setting (https://github.com/go-gitea/gitea/pull/18058)
+  * Add pages to view watched repos and subscribed issues/PRs (https://github.com/go-gitea/gitea/pull/17156)
+  * Support Proxy protocol (https://github.com/go-gitea/gitea/pull/12527)
+  * Implement sync push mirror on commit (https://github.com/go-gitea/gitea/pull/19411)
+* API
+  * Allow empty assignees on pull request edit (https://github.com/go-gitea/gitea/pull/22150) (https://github.com/go-gitea/gitea/pull/22214)
+  * Make external issue tracker regexp configurable via API (https://github.com/go-gitea/gitea/pull/21338)
+  * Add name field for org api (https://github.com/go-gitea/gitea/pull/21270)
+  * Show teams with no members if user is admin (https://github.com/go-gitea/gitea/pull/21204)
+  * Add latest commit's SHA to content response (https://github.com/go-gitea/gitea/pull/20398)
+  * Add allow_rebase_update, default_delete_branch_after_merge to repository api response (https://github.com/go-gitea/gitea/pull/20079)
+  * Add new endpoints for push mirrors management (https://github.com/go-gitea/gitea/pull/19841)
+* ENHANCEMENTS
+  * Add setting to disable the git apply step in test patch (https://github.com/go-gitea/gitea/pull/22130) (https://github.com/go-gitea/gitea/pull/22170)
+  * Multiple improvements for comment edit diff (https://github.com/go-gitea/gitea/pull/21990) (https://github.com/go-gitea/gitea/pull/22007)
+  * Fix button in branch list, avoid unexpected page jump before restore branch actually done (https://github.com/go-gitea/gitea/pull/21562) (https://github.com/go-gitea/gitea/pull/21928)
+  * Fix flex layout for repo list icons (https://github.com/go-gitea/gitea/pull/21896) (https://github.com/go-gitea/gitea/pull/21920)
+  * Fix vertical align of committer avatar rendered by email address (https://github.com/go-gitea/gitea/pull/21884) (https://github.com/go-gitea/gitea/pull/21918)
+  * Fix setting HTTP headers after write (https://github.com/go-gitea/gitea/pull/21833) (https://github.com/go-gitea/gitea/pull/21877)
+  * Color and Style enhancements (https://github.com/go-gitea/gitea/pull/21784, #21799) (https://github.com/go-gitea/gitea/pull/21868)
+  * Ignore line anchor links with leading zeroes (https://github.com/go-gitea/gitea/pull/21728) (https://github.com/go-gitea/gitea/pull/21776)
+  * Quick fixes monaco-editor error: "vs.editor.nullLanguage" (https://github.com/go-gitea/gitea/pull/21734) (https://github.com/go-gitea/gitea/pull/21738)
+  * Use CSS color-scheme instead of invert (https://github.com/go-gitea/gitea/pull/21616) (https://github.com/go-gitea/gitea/pull/21623)
+  * Respect user's locale when rendering the date range in the repo activity page (https://github.com/go-gitea/gitea/pull/21410)
+  * Change `commits-table` column width (https://github.com/go-gitea/gitea/pull/21564)
+  * Refactor git command arguments and make all arguments to be safe to be used (https://github.com/go-gitea/gitea/pull/21535)
+  * CSS color enhancements (https://github.com/go-gitea/gitea/pull/21534)
+  * Add link to user profile in markdown mention only if user exists (https://github.com/go-gitea/gitea/pull/21533, #21554)
+  * Add option to skip index dirs (https://github.com/go-gitea/gitea/pull/21501)
+  * Diff file tree tweaks (https://github.com/go-gitea/gitea/pull/21446)
+  * Localize all timestamps (https://github.com/go-gitea/gitea/pull/21440)
+  * Add `code` highlighting in issue titles (https://github.com/go-gitea/gitea/pull/21432)
+  * Use Name instead of DisplayName in LFS Lock (https://github.com/go-gitea/gitea/pull/21415)
+  * Consolidate more CSS colors into variables (https://github.com/go-gitea/gitea/pull/21402)
+  * Redirect to new repository owner (https://github.com/go-gitea/gitea/pull/21398)
+  * Use ISO date format instead of hard-coded English date format for date range in repo activity page (https://github.com/go-gitea/gitea/pull/21396)
+  * Use weighted algorithm for string matching when finding files in repo (https://github.com/go-gitea/gitea/pull/21370)
+  * Show private data in feeds (https://github.com/go-gitea/gitea/pull/21369)
+  * Refactor parseTreeEntries, speed up tree list (https://github.com/go-gitea/gitea/pull/21368)
+  * Add GET and DELETE endpoints for Docker blob uploads (https://github.com/go-gitea/gitea/pull/21367)
+  * Add nicer error handling on template compile errors (https://github.com/go-gitea/gitea/pull/21350)
+  * Add `stat` to `ToCommit` function for speed (https://github.com/go-gitea/gitea/pull/21337)
+  * Support instance-wide OAuth2 applications (https://github.com/go-gitea/gitea/pull/21335)
+  * Record OAuth client type at registration (https://github.com/go-gitea/gitea/pull/21316)
+  * Add new CSS variables --color-accent and --color-small-accent (https://github.com/go-gitea/gitea/pull/21305)
+  * Improve error descriptions for unauthorized_client (https://github.com/go-gitea/gitea/pull/21292)
+  * Case-insensitive "find files in repo" (https://github.com/go-gitea/gitea/pull/21269)
+  * Consolidate more CSS rules, fix inline code on arc-green (https://github.com/go-gitea/gitea/pull/21260)
+  * Log real ip of requests from ssh (https://github.com/go-gitea/gitea/pull/21216)
+  * Save files in local storage as group readable (https://github.com/go-gitea/gitea/pull/21198)
+  * Enable fluid page layout on medium size viewports (https://github.com/go-gitea/gitea/pull/21178)
+  * File header tweaks (https://github.com/go-gitea/gitea/pull/21175)
+  * Added missing headers on user packages page (https://github.com/go-gitea/gitea/pull/21172)
+  * Display image digest for container packages (https://github.com/go-gitea/gitea/pull/21170)
+  * Skip dirty check for team forms (https://github.com/go-gitea/gitea/pull/21154)
+  * Keep path when creating a new branch (https://github.com/go-gitea/gitea/pull/21153)
+  * Remove fomantic image module (https://github.com/go-gitea/gitea/pull/21145)
+  * Make labels clickable in the comments section. (https://github.com/go-gitea/gitea/pull/21137)
+  * Sort branches and tags by date descending (https://github.com/go-gitea/gitea/pull/21136)
+  * Better repo API unit checks (https://github.com/go-gitea/gitea/pull/21130)
+  * Improve commit status icons (https://github.com/go-gitea/gitea/pull/21124)
+  * Limit length of repo description and repo url input fields (https://github.com/go-gitea/gitea/pull/21119)
+  * Show .editorconfig errors in frontend (https://github.com/go-gitea/gitea/pull/21088)
+  * Allow poster to choose reviewers (https://github.com/go-gitea/gitea/pull/21084)
+  * Remove black labels and CSS cleanup (https://github.com/go-gitea/gitea/pull/21003)
+  * Make e-mail sanity check more precise (https://github.com/go-gitea/gitea/pull/20991)
+  * Use native inputs in whitespace dropdown (https://github.com/go-gitea/gitea/pull/20980)
+  * Enhance package date display (https://github.com/go-gitea/gitea/pull/20928)
+  * Display total blob size of a package version (https://github.com/go-gitea/gitea/pull/20927)
+  * Show language name on hover (https://github.com/go-gitea/gitea/pull/20923)
+  * Show instructions for all generic package files (https://github.com/go-gitea/gitea/pull/20917)
+  * Refactor AssertExistsAndLoadBean to use generics (https://github.com/go-gitea/gitea/pull/20797)
+  * Move the official website link at the footer of gitea (https://github.com/go-gitea/gitea/pull/20777)
+  * Add support for full name in reverse proxy auth (https://github.com/go-gitea/gitea/pull/20776)
+  * Remove useless JS operation for relative time tooltips (https://github.com/go-gitea/gitea/pull/20756)
+  * Replace some icons with SVG (https://github.com/go-gitea/gitea/pull/20741)
+  * Change commit status icons to SVG (https://github.com/go-gitea/gitea/pull/20736)
+  * Improve single repo action for issue and pull requests (https://github.com/go-gitea/gitea/pull/20730)
+  * Allow multiple files in generic packages (https://github.com/go-gitea/gitea/pull/20661)
+  * Add option to create new issue from /issues page (https://github.com/go-gitea/gitea/pull/20650)
+  * Background color of private list-items updated (https://github.com/go-gitea/gitea/pull/20630)
+  * Added search input field to issue filter (https://github.com/go-gitea/gitea/pull/20623)
+  * Increase default item listing size `ISSUE_PAGING_NUM` to 20 (https://github.com/go-gitea/gitea/pull/20547)
+  * Modify milestone search keywords to be case insensitive again (https://github.com/go-gitea/gitea/pull/20513)
+  * Show hint to link package to repo when viewing empty repo package list (https://github.com/go-gitea/gitea/pull/20504)
+  * Add Tar ZSTD support (https://github.com/go-gitea/gitea/pull/20493)
+  * Make code review checkboxes clickable (https://github.com/go-gitea/gitea/pull/20481)
+  * Add "X-Gitea-Object-Type" header for GET `/raw/` & `/media/` API (https://github.com/go-gitea/gitea/pull/20438)
+  * Display project in issue list (https://github.com/go-gitea/gitea/pull/20434)
+  * Prepend commit message to template content when opening a new PR (https://github.com/go-gitea/gitea/pull/20429)
+  * Replace fomantic popup module with tippy.js (https://github.com/go-gitea/gitea/pull/20428)
+  * Allow to specify colors for text in markup (https://github.com/go-gitea/gitea/pull/20363)
+  * Allow access to the Public Organization Member lists with minimal permissions (https://github.com/go-gitea/gitea/pull/20330)
+  * Use default values when provided values are empty (https://github.com/go-gitea/gitea/pull/20318)
+  * Vertical align navbar avatar at middle (https://github.com/go-gitea/gitea/pull/20302)
+  * Delete cancel button in repo creation page (https://github.com/go-gitea/gitea/pull/21381)
+  * Include login_name in adminCreateUser response (https://github.com/go-gitea/gitea/pull/20283)
+  * fix: icon margin in user/settings/repos (https://github.com/go-gitea/gitea/pull/20281)
+  * Remove blue text on migrate page (https://github.com/go-gitea/gitea/pull/20273)
+  * Modify milestone search keywords to be case insensitive (https://github.com/go-gitea/gitea/pull/20266)
+  * Move some files into models' sub packages (https://github.com/go-gitea/gitea/pull/20262)
+  * Add tooltip to repo icons in explore page (https://github.com/go-gitea/gitea/pull/20241)
+  * Remove deprecated licenses (https://github.com/go-gitea/gitea/pull/20222)
+  * Webhook for Wiki changes (https://github.com/go-gitea/gitea/pull/20219)
+  * Share HTML template renderers and create a watcher framework (https://github.com/go-gitea/gitea/pull/20218)
+  * Allow enable LDAP source and disable user sync via CLI (https://github.com/go-gitea/gitea/pull/20206)
+  * Adds a checkbox to select all issues/PRs (https://github.com/go-gitea/gitea/pull/20177)
+  * Refactor `i18n` to `locale` (https://github.com/go-gitea/gitea/pull/20153)
+  * Disable status checks in template if none found (https://github.com/go-gitea/gitea/pull/20088)
+  * Allow manager logging to set SQL (https://github.com/go-gitea/gitea/pull/20064)
+  * Add order by for assignee no sort issue (https://github.com/go-gitea/gitea/pull/20053)
+  * Take a stab at porting existing components to Vue3 (https://github.com/go-gitea/gitea/pull/20044)
+  * Add doctor command to write commit-graphs (https://github.com/go-gitea/gitea/pull/20007)
+  * Add support for authentication based on reverse proxy email (https://github.com/go-gitea/gitea/pull/19949)
+  * Enable spellcheck for EasyMDE, use contenteditable mode (https://github.com/go-gitea/gitea/pull/19776)
+  * Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (https://github.com/go-gitea/gitea/pull/19663)
+  * Rework mailer settings (https://github.com/go-gitea/gitea/pull/18982)
+  * Add option to purge users (https://github.com/go-gitea/gitea/pull/18064)
+  * Add author search input (https://github.com/go-gitea/gitea/pull/21246)
+  * Make rss/atom identifier globally unique (https://github.com/go-gitea/gitea/pull/21550)
+* BUGFIXES
+  * Auth interface return error when verify failure (https://github.com/go-gitea/gitea/pull/22119) (https://github.com/go-gitea/gitea/pull/22259)
+  * Use complete SHA to create and query commit status (https://github.com/go-gitea/gitea/pull/22244) (https://github.com/go-gitea/gitea/pull/22257)
+  * Update bleve and zapx to fix unaligned atomic (https://github.com/go-gitea/gitea/pull/22031) (https://github.com/go-gitea/gitea/pull/22218)
+  * Prevent panic in doctor command when running default checks (https://github.com/go-gitea/gitea/pull/21791) (https://github.com/go-gitea/gitea/pull/21807)
+  * Load GitRepo in API before deleting issue (https://github.com/go-gitea/gitea/pull/21720) (https://github.com/go-gitea/gitea/pull/21796)
+  * Ignore line anchor links with leading zeroes (https://github.com/go-gitea/gitea/pull/21728) (https://github.com/go-gitea/gitea/pull/21776)
+  * Set last login when activating account (https://github.com/go-gitea/gitea/pull/21731) (https://github.com/go-gitea/gitea/pull/21755)
+  * Fix UI language switching bug (https://github.com/go-gitea/gitea/pull/21597) (https://github.com/go-gitea/gitea/pull/21749)
+  * Quick fixes monaco-editor error: "vs.editor.nullLanguage" (https://github.com/go-gitea/gitea/pull/21734) (https://github.com/go-gitea/gitea/pull/21738)
+  * Allow local package identifiers for PyPI packages (https://github.com/go-gitea/gitea/pull/21690) (https://github.com/go-gitea/gitea/pull/21727)
+  * Deal with markdown template without metadata (https://github.com/go-gitea/gitea/pull/21639) (https://github.com/go-gitea/gitea/pull/21654)
+  * Fix opaque background on mermaid diagrams (https://github.com/go-gitea/gitea/pull/21642) (https://github.com/go-gitea/gitea/pull/21652)
+  * Fix repository adoption on Windows (https://github.com/go-gitea/gitea/pull/21646) (https://github.com/go-gitea/gitea/pull/21650)
+  * Sync git hooks when config file path changed (https://github.com/go-gitea/gitea/pull/21619) (https://github.com/go-gitea/gitea/pull/21626)
+  * Fix 500 on PR files API (https://github.com/go-gitea/gitea/pull/21602) (https://github.com/go-gitea/gitea/pull/21607)
+  * Fix `Timestamp.IsZero` (https://github.com/go-gitea/gitea/pull/21593) (https://github.com/go-gitea/gitea/pull/21603)
+  * Fix viewing user subscriptions (https://github.com/go-gitea/gitea/pull/21482)
+  * Fix mermaid-related bugs (https://github.com/go-gitea/gitea/pull/21431)
+  * Fix branch dropdown shifting on page load (https://github.com/go-gitea/gitea/pull/21428)
+  * Fix default theme-auto selector when nologin (https://github.com/go-gitea/gitea/pull/21346)
+  * Fix and improve incorrect error messages (https://github.com/go-gitea/gitea/pull/21342)
+  * Fix formatted link for PR review notifications to matrix (https://github.com/go-gitea/gitea/pull/21319)
+  * Center-aligning content of WebAuthN page (https://github.com/go-gitea/gitea/pull/21127)
+  * Remove follow from commits by file (https://github.com/go-gitea/gitea/pull/20765)
+  * Fix commit status popup (https://github.com/go-gitea/gitea/pull/20737)
+  * Fix init mail render logic (https://github.com/go-gitea/gitea/pull/20704)
+  * Use correct page size for link header pagination (https://github.com/go-gitea/gitea/pull/20546)
+  * Preserve unix socket file (https://github.com/go-gitea/gitea/pull/20499)
+  * Use tippy.js for context popup (https://github.com/go-gitea/gitea/pull/20393)
+  * Add missing parameter for error in log message (https://github.com/go-gitea/gitea/pull/20144)
+  * Do not allow organisation owners add themselves as collaborator (https://github.com/go-gitea/gitea/pull/20043)
+  * Rework file highlight rendering and fix yaml copy-paste (https://github.com/go-gitea/gitea/pull/19967)
+  * Improve code diff highlight, fix incorrect rendered diff result (https://github.com/go-gitea/gitea/pull/19958)
+* TESTING
+  * Improve OAuth integration tests (https://github.com/go-gitea/gitea/pull/21390)
+  * Add playwright tests (https://github.com/go-gitea/gitea/pull/20123)
+* BUILD
+  * Switch to building with go1.19 (https://github.com/go-gitea/gitea/pull/20695)
+  * Update JS dependencies, adjust eslint (https://github.com/go-gitea/gitea/pull/20659)
+  * Add more linters to improve code readability (https://github.com/go-gitea/gitea/pull/19989)
+
+## 1.18.0-0
+
+This release was replaced by 1.18.0-1 a few hours after being published because the release process [was interrupted](https://codeberg.org/forgejo/forgejo/issues/180).
+
+## 1.18.0-rc1-2
+
+This is the first Forgejo release candidate.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,83 +0,0 @@
-# Reporting security issues
-
-The Gitea maintainers take security seriously.
-
-If you discover a security issue, please bring it to their attention right away!
-
-## Reporting a Vulnerability
-
-Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
-
-## Protecting Security Information
-
-Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
-
-The PGP key is valid until June 24, 2024.
-
-```
-Key ID: 6FCD2D5B
-Key Type: RSA
-Expires: 6/24/2024
-Key Size: 4096/4096
-Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B
-```
-
-UserID: Gitea Security <security@gitea.io>
-
-```
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8
-4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r
-OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w
-k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7
-kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV
-rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR
-3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z
-q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X
-CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F
-lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e
-AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB
-tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE
-PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
-CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94
-njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI
-4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A
-bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa
-ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE
-i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb
-Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo
-srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb
-a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR
-JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5
-kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX
-AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen
-T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN
-GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46
-XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E
-ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX
-03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP
-RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw
-qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T
-s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/
-axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt
-D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x
-Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC
-YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA
-Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN
-D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B
-O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva
-6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U
-GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+
-7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg
-q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik
-ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP
-GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/
-i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G
-zgS/ZdziCvdAutqnGA==
-=gZWO
-----END PGP PUBLIC KEY BLOCK-----
-
-```
-
-Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/build/merge-forgejo-locales.go
+++ b/build/merge-forgejo-locales.go
@ -0,0 +1,97 @@
+// Copyright 2022 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import (
+	"bufio"
+	"os"
+	"regexp"
+	"strings"
+
+	"gopkg.in/ini.v1"
+)
+
+const (
+	trimPrefix   = "gitea_"
+	sourceFolder = "options/locales/"
+)
+
+// returns list of locales, still containing the file extension!
+func generate_locale_list() []string {
+	localeFiles, _ := os.ReadDir(sourceFolder)
+	locales := []string{}
+	for _, localeFile := range localeFiles {
+		if !localeFile.IsDir() && strings.HasPrefix(localeFile.Name(), trimPrefix) {
+			locales = append(locales, strings.TrimPrefix(localeFile.Name(), trimPrefix))
+		}
+	}
+	return locales
+}
+
+// replace all occurrences of Gitea with Forgejo
+func renameGiteaForgejo(filename string) []byte {
+	file, err := os.Open(filename)
+	if err != nil {
+		panic(err)
+	}
+
+	replacer := strings.NewReplacer(
+		"Gitea", "Forgejo",
+		"https://docs.gitea.io/en-us/install-from-binary/", "https://forgejo.org/download/#installation-from-binary",
+		"https://github.com/go-gitea/gitea/tree/master/docker", "https://forgejo.org/download/#container-image",
+		"https://docs.gitea.io/en-us/install-from-package/", "https://forgejo.org/download",
+		"https://code.gitea.io/gitea", "https://forgejo.org/download",
+		"code.gitea.io/gitea", "Forgejo",
+		`<a href="https://github.com/go-gitea/gitea/issues" target="_blank">GitHub</a>`, `<a href="https://codeberg.org/forgejo/forgejo/issues" target="_blank">Codeberg</a>`,
+		"https://github.com/go-gitea/gitea", "https://codeberg.org/forgejo/forgejo",
+		"https://blog.gitea.io", "https://forgejo.org/news",
+	)
+
+	out := make([]byte, 0, 1024)
+	scanner := bufio.NewScanner(file)
+	scanner.Split(bufio.ScanLines)
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		if strings.HasPrefix(line, "license_desc=") {
+			line = strings.Replace(line, "GitHub", "Forgejo", 1)
+		}
+
+		if strings.HasPrefix(line, "[") && strings.HasSuffix(line, "]") {
+			out = append(out, []byte("\n"+line+"\n")...)
+		} else if strings.HasPrefix(line, "settings.web_hook_name_gitea") {
+			out = append(out, []byte("\n"+line+"\n")...)
+			out = append(out, []byte("settings.web_hook_name_forgejo = Forgejo\n")...)
+		} else if strings.HasPrefix(line, "migrate.gitea.description") {
+			re := regexp.MustCompile(`(.*Gitea)`)
+			out = append(out, []byte(re.ReplaceAllString(line, "${1}/Forgejo")+"\n")...)
+		} else {
+			out = append(out, []byte(replacer.Replace(line)+"\n")...)
+		}
+	}
+	file.Close()
+	return out
+}
+
+func main() {
+	locales := generate_locale_list()
+	var err error
+	var localeFile *ini.File
+	for _, locale := range locales {
+		giteaLocale := sourceFolder + "gitea_" + locale
+		localeFile, err = ini.LoadSources(ini.LoadOptions{
+			IgnoreInlineComment: true,
+		}, giteaLocale, renameGiteaForgejo(giteaLocale))
+		if err != nil {
+			panic(err)
+		}
+		err = localeFile.SaveTo("options/locale/locale_" + locale)
+		if err != nil {
+			panic(err)
+		}
+	}
+}
--- a/cmd/actions.go
+++ b/cmd/actions.go
@ -0,0 +1,68 @@
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
+
+	"github.com/urfave/cli"
+)
+
+// CmdActions represents the available actions sub-command.
+var CmdActions = cli.Command{
+	Name:        "actions",
+	Usage:       "Actions",
+	Description: "Actions",
+	Action:      runActions,
+	Flags: []cli.Flag{
+		cli.BoolFlag{
+			Name:  "registration-token-admin",
+			Usage: "Show the runner registration admin token",
+		},
+	},
+}
+
+func maybeInitDB(stdCtx context.Context) error {
+	if setting.Database.Type == "" {
+		if err := initDB(stdCtx); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func runActions(ctx *cli.Context) error {
+	stdCtx := context.Background()
+
+	if err := maybeInitDB(stdCtx); err != nil {
+		log.Fatalf("maybeInitDB %v", err)
+	}
+
+	if ctx.Bool("registration-token-admin") {
+		// ownid=0,repo_id=0,means this token is used for global
+		return runActionsRegistrationToken(stdCtx, 0, 0)
+	}
+	return nil
+}
+
+func runActionsRegistrationToken(stdCtx context.Context, ownerID, repoID int64) error {
+	var token *actions_model.ActionRunnerToken
+	token, err := actions_model.GetUnactivatedRunnerToken(stdCtx, ownerID, repoID)
+	if errors.Is(err, util.ErrNotExist) {
+		token, err = actions_model.NewRunnerToken(stdCtx, ownerID, repoID)
+		if err != nil {
+			log.Fatalf("CreateRunnerToken %v", err)
+		}
+	} else if err != nil {
+		log.Fatalf("GetUnactivatedRunnerToken %v", err)
+	}
+	fmt.Print(token.Token)
+	return nil
+}
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -7,6 +7,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"net/url"
 	"os"
 	"strings"
 	"text/tabwriter"
@ -469,11 +470,19 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}

+	config := parseOAuth2Config(c)
+	if config.Provider == "openidConnect" {
+		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
+		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
+			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)
+		}
+	}
+
 	return auth_model.CreateSource(&auth_model.Source{
 		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
-		Cfg:      parseOAuth2Config(c),
+		Cfg:      config,
 	})
 }

--- a/cmd/convert.go
+++ b/cmd/convert.go
@ -35,7 +35,7 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("Log path: %s", setting.Log.RootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

-	if !setting.Database.UseMySQL {
+	if !setting.Database.Type.IsMySQL() {
 		fmt.Println("This command can only be used with a MySQL database")
 		return nil
 	}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -272,13 +272,14 @@ func runDump(ctx *cli.Context) error {
 		fatal("Failed to create tmp file: %v", err)
 	}
 	defer func() {
+		_ = dbDump.Close()
 		if err := util.Remove(dbDump.Name()); err != nil {
 			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
 		}
 	}()

 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
+	if len(targetDBType) > 0 && targetDBType != setting.Database.Type.String() {
 		log.Info("Dumping database %s => %s...", setting.Database.Type, targetDBType)
 	} else {
 		log.Info("Dumping database...")
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -11,6 +11,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
@ -290,17 +291,21 @@ func runServ(c *cli.Context) error {
 		return nil
 	}

-	// Special handle for Windows.
-	if setting.IsWindows {
-		verb = strings.Replace(verb, "-", " ", 1)
-	}
-
 	var gitcmd *exec.Cmd
-	verbs := strings.Split(verb, " ")
-	if len(verbs) == 2 {
-		gitcmd = exec.CommandContext(ctx, verbs[0], verbs[1], repoPath)
-	} else {
-		gitcmd = exec.CommandContext(ctx, verb, repoPath)
+	gitBinPath := filepath.Dir(git.GitExecutable) // e.g. /usr/bin
+	gitBinVerb := filepath.Join(gitBinPath, verb) // e.g. /usr/bin/git-upload-pack
+	if _, err := os.Stat(gitBinVerb); err != nil {
+		// if the command "git-upload-pack" doesn't exist, try to split "git-upload-pack" to use the sub-command with git
+		// ps: Windows only has "git.exe" in the bin path, so Windows always uses this way
+		verbFields := strings.SplitN(verb, "-", 2)
+		if len(verbFields) == 2 {
+			// use git binary with the sub-command part: "C:\...\bin\git.exe", "upload-pack", ...
+			gitcmd = exec.CommandContext(ctx, git.GitExecutable, verbFields[1], repoPath)
+		}
+	}
+	if gitcmd == nil {
+		// by default, use the verb (it has been checked above by allowedCommands)
+		gitcmd = exec.CommandContext(ctx, gitBinVerb, repoPath)
 	}

 	process.SetSysProcAttribute(gitcmd)
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -476,8 +476,8 @@ INTERNAL_TOKEN=
 ;;Classes include "lower,upper,digit,spec"
 ;PASSWORD_COMPLEXITY = off
 ;;
-;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
-;PASSWORD_HASH_ALGO = pbkdf2
+;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
+;PASSWORD_HASH_ALGO = pbkdf2_hi
 ;;
 ;; Set false to allow JavaScript to read CSRF cookie
 ;CSRF_COOKIE_HTTP_ONLY = true
@ -1871,6 +1871,9 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
+;;
+;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+;MINIO_INSECURE_SKIP_VERIFY = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2552,6 +2555,9 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
+;;
+;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+;MINIO_INSECURE_SKIP_VERIFY = false

 ;[proxy]
 ;; Enable the proxy, all requests to external via HTTP will be affected
--- a/docker/manifest.rootless.tmpl
+++ b/docker/manifest.rootless.tmpl
@ -1,6 +1,6 @@
 image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-rootless
 {{#if build.tags}}
-{{#unless contains "-rc" build.tag}}
+{{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}-rootless
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@ -1,6 +1,6 @@
 image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}
 {{#if build.tags}}
-{{#unless contains "-rc" build.tag }}
+{{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@ -854,6 +854,7 @@ Default templates for project boards:
 - `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when STORAGE_TYPE is `minio`
 - `MINIO_BASE_PATH`: **attachments/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when STORAGE_TYPE is `minio`
+- `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`

 ## Log (`log`)

@ -1268,6 +1269,7 @@ is `data/lfs` and the default of `MINIO_BASE_PATH` is `lfs/`.
 - `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_BASE_PATH`: **lfs/**: Minio base path on the bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
+- `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`

 ## Storage (`storage`)

@ -1280,6 +1282,7 @@ Default storage configuration for attachments, lfs, avatars and etc.
 - `MINIO_BUCKET`: **gitea**: Minio bucket to store the data only available when `STORAGE_TYPE` is `minio`
 - `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
+- `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`

 And you can also define a customize storage like below:

@ -1298,6 +1301,8 @@ MINIO_BUCKET = gitea
 MINIO_LOCATION = us-east-1
 ; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 MINIO_USE_SSL = false
+; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+MINIO_INSECURE_SKIP_VERIFY = false
 ```

 And used by `[attachment]`, `[lfs]` and etc. as `STORAGE_TYPE`.
@ -1318,6 +1323,7 @@ is `data/repo-archive` and the default of `MINIO_BASE_PATH` is `repo-archive/`.
 - `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_BASE_PATH`: **repo-archive/**: Minio base path on the bucket only available when `STORAGE_TYPE` is `minio`
 - `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
+- `MINIO_INSECURE_SKIP_VERIFY`: **false**: Minio skip SSL verification available when STORAGE_TYPE is `minio`

 ## Proxy (`proxy`)

--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@ -431,6 +431,8 @@ MINIO_BUCKET = gitea
 MINIO_LOCATION = us-east-1
 ; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 MINIO_USE_SSL = false
+; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+MINIO_INSECURE_SKIP_VERIFY = false
 ```

 然后你在 `[attachment]`, `[lfs]` 等中可以把这个名字用作 `STORAGE_TYPE` 的值。
--- a/docs/content/doc/advanced/customizing-gitea.en-us.md
+++ b/docs/content/doc/advanced/customizing-gitea.en-us.md
@ -282,9 +282,22 @@ To add custom .gitignore, add a file with existing [.gitignore rules](https://gi

 ### Labels

-To add a custom label set, add a file that follows the [label format](https://github.com/go-gitea/gitea/blob/main/options/label/Default) to `$GITEA_CUSTOM/options/label`
+Starting with Gitea 1.19, you can add a file that follows the [YAML label format](https://github.com/go-gitea/gitea/blob/main/options/label/Advanced.yaml) to `$GITEA_CUSTOM/options/label`:
+
+```yaml
+labels:
+  - name: "foo/bar"  # name of the label that will appear in the dropdown
+    exclusive: true # whether to use the exclusive namespace for scoped labels. scoped delimiter is /
+    color: aabbcc # hex colour coding
+    description: Some label # long description of label intent
+ ```
+
+The [legacy file format](https://github.com/go-gitea/gitea/blob/main/options/label/Default) can still be used following the format below, however we strongly recommend using the newer YAML format instead.
+
 `#hex-color label name ; label description`

+For more information, see the [labels documentation]({{< relref "doc/usage/labels.en-us.md" >}}).
+
 ### Licenses

 To add a custom license, add a file with the license text to `$GITEA_CUSTOM/options/license`
--- a/docs/content/doc/developers/guidelines-refactoring.en-us.md
+++ b/docs/content/doc/developers/guidelines-refactoring.en-us.md
@ -6,11 +6,11 @@ weight: 20
 toc: false
 draft: false
 menu:
-sidebar:
-parent: "developers"
-name: "Guidelines for Refactoring"
-weight: 20
-identifier: "guidelines-refactoring"
+  sidebar:
+    parent: "developers"
+    name: "Guidelines for Refactoring"
+    weight: 20
+    identifier: "guidelines-refactoring"
 ---

 # Guidelines for Refactoring
--- a/docs/content/doc/developers/hacking-on-gitea.zh-cn.md
+++ b/docs/content/doc/developers/hacking-on-gitea.zh-cn.md
@ -0,0 +1,349 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "玩转 Gitea"
+slug: "hacking-on-gitea"
+weight: 10
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "developers"
+    name: "玩转 Gitea"
+    weight: 10
+    identifier: "hacking-on-gitea"
+---
+
+# Hacking on Gitea
+
+**目录**
+
+{{< toc >}}
+
+## 快速入门
+
+要获得快速工作的开发环境，您可以使用 Gitpod。
+
+[![在 Gitpod 中打开](/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/go-gitea/gitea)
+
+## 安装 Golang
+
+您需要 [安装 go]( https://golang.org/doc/install ) 并设置您的 go 环境。
+
+接下来，[使用 npm 安装 Node.js](https://nodejs.org/en/download/) ，这是构建
+JavaScript 和 CSS 文件的必要工具。最低支持的 Node.js 版本是 {{< min-node-version >}}
+并且推荐使用最新的 LTS 版本。
+
+**注意** ：当执行需要外部工具的 make 任务时，比如
+`make watch-backend`，Gitea 会自动下载并构建这些必要的组件。为了能够使用这些，你必须
+将 `"$GOPATH"/bin` 目录加入到可执行路径上。如果你不把go bin目录添加到可执行路径你必须手动
+指定可执行程序路径。
+
+**注意2** ：Go版本 {{< min-go-version >}} 或更高版本是必须的。Gitea 使用 `gofmt` 来
+格式化源代码。然而，`gofmt` 的结果可能因 `go` 的版本而有差异。因此推荐安装我们持续集成使用
+的 Go版本。截至上次更新，Go 版本应该是 {{< go-version >}}。
+
+## 安装 Make
+
+Gitea 大量使用 `Make` 来自动化任务和改进开发。本指南涵盖了如何安装 Make。
+
+### 在 Linux 上
+
+使用包管理器安装。
+
+在 Ubuntu/Debian 上：
+
+```bash
+sudo apt-get install make
+```
+
+在 Fedora/RHEL/CentOS 上：
+
+```bash
+sudo yum install make
+```
+
+### 在 Windows 上
+
+Make 的这三个发行版都可以在 Windows 上运行：
+
+- [单个二进制构建]( http://www.equation.com/servlet/equation.cmd?fa=make )。复制到某处并添加到 `PATH`。
+  - [32 位版本](http://www.equation.com/ftpdir/make/32/make.exe)
+  - [64 位版本](http://www.equation.com/ftpdir/make/64/make.exe)
+- [MinGW-w64](https://www.mingw-w64.org) / [MSYS2](https://www.msys2.org/)。
+  - MSYS2 是一个工具和库的集合，为您提供一个易于使用的环境来构建、安装和运行本机 Windows 软件，它包括 MinGW-w64。
+  - 在 MingGW-w64 中，二进制文件称为 `mingw32-make.exe` 而不是 `make.exe`。将 `bin` 文件夹添加到 `PATH`。
+  - 在 MSYS2 中，您可以直接使用 `make`。请参阅 [MSYS2 移植](https://www.msys2.org/wiki/Porting/)。
+  - 要使用 CGO_ENABLED（例如：SQLite3）编译 Gitea，您可能需要使用 [tdm-gcc](https://jmeubank.github.io/tdm-gcc/) 而不是 MSYS2 gcc，因为 MSYS2 gcc 标头缺少一些 Windows -只有 CRT 函数像 _beginthread 一样。
+- [Chocolatey包管理器]( https://chocolatey.org/packages/make )。运行`choco install make`
+
+**注意** ：如果您尝试在 Windows 命令提示符下使用 make 进行构建，您可能会遇到问题。建议使用上述提示（Git bash 或 MinGW），但是如果您只有命令提示符（或可能是 PowerShell），则可以使用 [set](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/set_1) 命令，例如 `set TAGS=bindata`。
+
+## 下载并克隆 Gitea 源代码
+
+获取源代码的推荐方法是使用 `git clone`。
+
+```bash
+git clone https://github.com/go-gitea/gitea
+```
+
+（自从go modules出现后，不再需要构建 go 项目从 `$GOPATH` 中获取，因此不再推荐使用 `go get` 方法。）
+
+## 派生 Gitea
+
+如上所述下载主要的 Gitea 源代码。然后，派生 [Gitea 仓库](https://github.com/go-gitea/gitea)，
+并为您的本地仓库切换 git 远程源，或添加另一个远程源：
+
+```bash
+# 将原来的 Gitea origin 重命名为 upstream
+git remote rename origin upstream
+git remote add origin "git@github.com:$GITHUB_USERNAME/gitea.git"
+git fetch --all --prune
+```
+
+或者：
+
+```bash
+# 为我们的 fork 添加新的远程
+git remote add "$FORK_NAME" "git@github.com:$GITHUB_USERNAME/gitea.git"
+git fetch --all --prune
+```
+
+为了能够创建合并请求，应将分叉存储库添加为 Gitea 本地仓库的远程，否则无法推送更改。
+
+## 构建 Gitea（基本）
+
+看看我们的
+<a href='{{ < relref "doc/installation/from-source.en-us.md" > }}'>说明</a>
+关于如何 <a href='{{ < relref "doc/installation/from-source.en-us.md" > }}'>从源代码构建</a> 。
+
+从源代码构建的最简单推荐方法是：
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make build
+```
+
+`build` 目标将同时执行 `frontend` 和 `backend` 子目标。如果存在 `bindata` 标签，资源文件将被编译成二进制文件。建议在进行前端开发时省略 `bindata` 标签，以便实时反映更改。
+
+有关所有可用的 `make` 目标，请参阅 `make help`。另请参阅 [`.drone.yml`](https://github.com/go-gitea/gitea/blob/main/.drone.yml) 以了解我们的持续集成是如何工作的。
+
+## 持续构建
+
+要在源文件更改时运行并持续构建：
+
+```bash
+# 对于前端和后端
+make watch
+
+# 或者：只看前端文件（html/js/css）
+make watch-frontend
+
+# 或者：只看后端文件 (go)
+make watch-backend
+```
+
+在 macOS 上，监视所有后端源文件可能会达到默认的打开文件限制，这可以通过当前 shell 的 `ulimit -n 12288` 或所有未来 shell 的 shell 启动文件来增加。
+
+### 格式化、代码分析和拼写检查
+
+我们的持续集成将拒绝未通过代码检查（包括格式检查、代码分析和拼写检查）的 PR。
+
+你应该格式化你的代码：
+
+```bash
+make fmt
+```
+
+并检查源代码：
+
+```bash
+# lint 前端和后端代码
+make lint
+# 仅 lint 后端代码
+make lint-backend
+```
+
+**注意** ：`gofmt` 的结果取决于 `go` 的版本。您应该运行与持续集成相同的 go 版本。
+
+### 处理 JS 和 CSS
+
+前端开发应遵循 [Guidelines for Frontend Development]({{ < 相关参考 "doc/developers/guidelines-frontend.en-us.md" > }})
+
+要使用前端资源构建，请使用上面提到的“watch-frontend”目标或只构建一次：
+
+```bash
+make build && ./gitea
+```
+
+在提交之前，确保 linters 通过：
+
+```bash
+make lint-frontend
+```
+
+### 配置本地 ElasticSearch 实例
+
+使用 docker 启动本地 ElasticSearch 实例：
+
+```sh
+mkdir -p $(pwd) /data/elasticsearch
+sudo chown -R 1000:1000 $(pwd) /data/elasticsearch
+docker run --rm --memory= "4g" -p 127.0.0.1:9200:9200 -p 127.0.0.1:9300:9300 -e "discovery.type=single-node" -v "$(pwd)/data /elasticsearch:/usr/share/elasticsearch/data" docker.elastic.co/elasticsearch/elasticsearch:7.16.3
+```
+
+配置`app.ini`：
+
+```ini
+[indexer]
+ISSUE_INDEXER_TYPE = elasticsearch
+ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
+REPO_INDEXER_ENABLED = true
+REPO_INDEXER_TYPE = elasticsearch
+REPO_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
+```
+
+### 构建和添加 SVGs
+
+SVG 图标是使用 `make svg` 目标构建的，该目标将 `build/generate-svg.js` 中定义的图标源编译到输出目录 `public/img/svg` 中。可以在 `web_src/svg` 目录中添加自定义图标。
+
+### 构建 Logo
+
+Gitea Logo的 PNG 和 SVG 版本是使用 `TAGS="gitea" make generate-images` 目标从单个 SVG 源文件 assets/logo.svg 构建的。要运行它，Node.js 和 npm 必须可用。
+
+通过更新 `assets/logo.svg` 并运行 `make generate-images`，同样的过程也可用于从 SVG 源文件生成自定义 Logo PNG。忽略 gitea 编译选项将仅更新用户指定的 LOGO 文件。
+
+### 更新 API
+
+创建新的 API 路由或修改现有的 API 路由时，您**必须**
+更新和/或创建 [Swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/)
+这些使用 [go-swagger](https://goswagger.io/) 评论的文档。
+[规范]( https://goswagger.io/use/spec.html#annotation-syntax )中描述了这些注释的结构。
+如果您想了解更多有关 Swagger 结构的信息，可以查看
+[Swagger 2.0 文档](https://swagger.io/docs/specification/2-0/basic-structure/)
+或与添加新 API 端点的先前 PR 进行比较，例如 [PR #5483](https://github.com/go-gitea/gitea/pull/5843/files#diff-2e0a7b644cf31e1c8ef7d76b444fe3aaR20)
+
+您应该注意不要破坏下游用户依赖的 API。在稳定的 API 上，一般来说添加是可以接受的，但删除
+或对 API 进行根本性更改将会被拒绝。
+
+创建或更改 API 端点后，请用以下命令重新生成 Swagger 文档：
+
+```bash
+make generate-swagger
+```
+
+您应该验证生成的 Swagger 文件并使用以下命令对其进行拼写检查：
+
+```bash
+make swagger-validate misspell-check
+```
+
+您应该提交更改后的 swagger JSON 文件。持续集成服务器将使用以下方法检查是否已完成：
+
+```bash
+make swagger-check
+```
+
+**注意** ：请注意，您应该使用 Swagger 2.0 文档，而不是 OpenAPI 3 文档。
+
+### 创建新的配置选项
+
+创建新的配置选项时，将它们添加到 `modules/setting` 的对应文件。您应该将信息添加到 `custom/conf/app.ini`
+并到 <a href = '{{ < relref "doc/advanced/config-cheat-sheet.en-us.md" > }}'>配置备忘单</a>
+在 `docs/content/doc/advanced/config-cheat-sheet.en-us.md` 中找到
+
+### 更改Logo
+
+更改 Gitea Logo SVG 时，您将需要运行并提交结果的：
+
+```bash
+make generate-images
+```
+
+这将创建必要的 Gitea 图标和其他图标。
+
+### 数据库迁移
+
+如果您对数据库中的任何数据库持久结构进行重大更改
+`models/` 目录，您将需要进行新的迁移。可以找到这些
+在 `models/migrations/` 中。您可以确保您的迁移适用于主要
+数据库类型使用：
+
+```bash
+make test-sqlite-migration # 将 SQLite 切换为适当的数据库
+```
+
+## 测试
+
+Gitea 运行两种类型的测试：单元测试和集成测试。
+
+### 单元测试
+
+`go test` 系统中的`*_test.go` 涵盖了单元测试。
+您可以设置环境变量 `GITEA_UNIT_TESTS_LOG_SQL=1` 以在详细模式下运行测试时显示所有 SQL 语句（即设置`GOTESTFLAGS=-v` 时）。
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make test # Runs the unit tests
+```
+
+### 集成测试
+
+单元测试不会也不能完全单独测试 Gitea。因此，我们编写了集成测试；但是，这些依赖于数据库。
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make build test-sqlite
+```
+
+将在 SQLite 环境中运行集成测试。集成测试需要安装 `git lfs`。其他数据库测试可用，但
+可能需要适应当地环境。
+
+看看 [`tests/integration/README.md`](https://github.com/go-gitea/gitea/blob/main/tests/integration/README.md) 有关更多信息以及如何运行单个测试。
+
+### 测试 PR
+
+我们的持续集成将测试代码是否通过了单元测试，并且所有支持的数据库都将在 Docker 环境中通过集成测试。
+还将测试从几个最新版本的 Gitea 迁移。
+
+请在PR中附带提交适当的单元测试和集成测试。
+
+## 网站文档
+
+该网站的文档位于 `docs/` 中。如果你改变了文档内容，你可以使用以下测试方法进行持续集成：
+
+```bash
+# 来自 Gitea 中的 docs 目录
+make trans-copy clean build
+```
+
+运行此任务依赖于 [Hugo](https://gohugo.io/)。请注意：这可能会生成一些未跟踪的 Git 对象，
+需要被清理干净。
+
+## Visual Studio Code
+
+`contrib/ide/vscode` 中为 Visual Studio Code 提供了 `launch.json` 和 `tasks.json`。查看
+[`contrib/ide/README.md`](https://github.com/go-gitea/gitea/blob/main/contrib/ide/README.md) 了解更多信息。
+
+## Goland
+
+单击 `/main.go` 中函数 `func main()` 上的 `Run Application` 箭头
+可以快速启动一个可调试的 Gitea 实例。
+
+`Run/Debug Configuration` 中的 `Output Directory` 必须设置为
+gitea 项目目录（包含 `main.go` 和 `go.mod`），
+否则，启动实例的工作目录是 GoLand 的临时目录
+并防止 Gitea 在开发环境中加载动态资源（例如：模板）。
+
+要在 GoLand 中使用 SQLite 运行单元测试，请设置 `-tags sqlite,sqlite_unlock_notify`
+在 `运行/调试配置` 的 `Go 工具参数` 中。
+
+## 提交 PR
+
+对更改感到满意后，将它们推送并打开拉取请求。它建议您允许 Gitea Managers 和 Owners 修改您的 PR
+分支，因为我们需要在合并之前将其更新为 main 和/或可能是能够直接帮助解决问题。
+
+任何 PR 都需要 Gitea 维护者的两次批准，并且需要通过持续集成。看看我们的
+[CONTRIBUTING.md](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md)
+文档。
+
+如果您需要更多帮助，请访问 [Discord](https://discord.gg/gitea) #Develop 频道
+并在那里聊天。
+
+现在，您已准备好 Hacking Gitea。
--- a/docs/content/doc/packages/overview.en-us.md
+++ b/docs/content/doc/packages/overview.en-us.md
@ -9,7 +9,7 @@ menu:
    parent: "packages"
    name: "Overview"
    weight: 1
-    identifier: "overview"
+    identifier: "packages-overview"
 ---

 # Package Registry
--- a/docs/content/doc/secrets/overview.en-us.md
+++ b/docs/content/doc/secrets/overview.en-us.md
@ -9,7 +9,7 @@ menu:
    parent: "secrets"
    name: "Overview"
    weight: 1
-    identifier: "overview"
+    identifier: "secrets-overview"
 ---

 # Secrets
--- a/docs/content/doc/usage/labels.en-us.md
+++ b/docs/content/doc/usage/labels.en-us.md
@ -0,0 +1,42 @@
+---
+date: "2023-03-04T19:00:00+00:00"
+title: "Usage: Labels"
+slug: "labels"
+weight: 13
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Labels"
+    weight: 13
+    identifier: "labels"
+---
+
+# Labels
+
+You can use labels to classify issues and pull requests and to improve your overview over them.
+
+## Creating Labels
+
+For repositories, labels can be created by going to `Issues` and clicking on `Labels`.
+
+For organizations, you can define organization-wide labels that are shared with all organization repositories, including both already-existing repositories as well as newly created ones. Organization-wide labels can be created in the organization `Settings`.
+
+Labels have a mandatory name, a mandatory color, an optional description, and must either be exclusive or not (see `Scoped labels` below).
+
+When you create a repository, you can ensure certain labels exist by using the `Issue Labels` option. This option lists a number of available label sets that are [configured globally on your instance](../customizing-gitea/#labels). Its contained labels will all be created as well while creating the repository.
+
+## Scoped Labels
+
+A scoped label is a label that contains `/` in its name (not at either end of the name). For example labels `kind/bug` and `kind/enhancement` both have scope `kind`. Such labels will display the scope with slightly darker color.
+
+The scope of a label is determined based on the **last** `/`, so for example the scope of label `scope/subscope/item` is `scope/subscope`.
+
+Scoped labels can be marked as exclusive. This ensures at most a single label with the same scope is assigned to an issue or pull request. For example, if `kind/bug` and `kind/enhancement` are marked exclusive, an issue can only be classified as a bug or an enhancement.
+
+## Filtering by Label
+
+Issue and pull request lists can be filtered by label. Selecting multiple labels shows issues and pull requests that have all selected labels assigned.
+
+By holding alt to click the label, issues and pull requests with the chosen label are excluded from the list.
--- a/main.go
+++ b/main.go
@ -58,6 +58,7 @@ func main() {
 arguments - which can alternatively be run by running the subcommand web.`
 	app.Version = Version + formatBuiltWith()
 	app.Commands = []cli.Command{
+		cmd.CmdActions,
 		cmd.CmdWeb,
 		cmd.CmdServ,
 		cmd.CmdHook,
--- a/models/actions/run.go
+++ b/models/actions/run.go
@ -194,6 +194,7 @@ func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWork
 		if len(needs) > 0 {
 			status = StatusBlocked
 		}
+		job.Name, _ = util.SplitStringAtByteN(job.Name, 255)
 		runJobs = append(runJobs, &ActionRunJob{
 			RunID:             run.ID,
 			RepoID:            run.RepoID,
--- a/models/actions/task.go
+++ b/models/actions/task.go
@ -298,8 +298,9 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 	if len(workflowJob.Steps) > 0 {
 		steps := make([]*ActionTaskStep, len(workflowJob.Steps))
 		for i, v := range workflowJob.Steps {
+			name, _ := util.SplitStringAtByteN(v.String(), 255)
 			steps[i] = &ActionTaskStep{
-				Name:   v.String(),
+				Name:   name,
 				TaskID: task.ID,
 				Index:  int64(i),
 				RepoID: task.RepoID,
--- a/models/activities/action.go
+++ b/models/activities/action.go
@ -99,7 +99,7 @@ func (a *Action) TableIndices() []*schemas.Index {
 	actUserIndex.AddColumn("act_user_id", "repo_id", "created_unix", "user_id", "is_deleted")

 	indices := []*schemas.Index{actUserIndex, repoIndex}
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		cudIndex := schemas.NewIndex("c_u_d", schemas.IndexType)
 		cudIndex.AddColumn("created_unix", "user_id", "is_deleted")
 		indices = append(indices, cudIndex)
@ -640,7 +640,7 @@ func DeleteIssueActions(ctx context.Context, repoID, issueID int64) error {

 // CountActionCreatedUnixString count actions where created_unix is an empty string
 func CountActionCreatedUnixString(ctx context.Context) (int64, error) {
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		return db.GetEngine(ctx).Where(`created_unix = ""`).Count(new(Action))
 	}
 	return 0, nil
@ -648,7 +648,7 @@ func CountActionCreatedUnixString(ctx context.Context) (int64, error) {

 // FixActionCreatedUnixString set created_unix to zero if it is an empty string
 func FixActionCreatedUnixString(ctx context.Context) (int64, error) {
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		res, err := db.GetEngine(ctx).Exec(`UPDATE action SET created_unix = 0 WHERE created_unix = ""`)
 		if err != nil {
 			return 0, err
--- a/models/activities/action_test.go
+++ b/models/activities/action_test.go
@ -234,7 +234,7 @@ func TestGetFeedsCorrupted(t *testing.T) {
 }

 func TestConsistencyUpdateAction(t *testing.T) {
-	if !setting.Database.UseSQLite3 {
+	if !setting.Database.Type.IsSQLite3() {
 		t.Skip("Test is only for SQLite database.")
 	}
 	assert.NoError(t, unittest.PrepareTestDatabase())
--- a/models/activities/user_heatmap.go
+++ b/models/activities/user_heatmap.go
@ -39,9 +39,9 @@ func getUserHeatmapData(user *user_model.User, team *organization.Team, doer *us
 	groupBy := "created_unix / 900 * 900"
 	groupByName := "timestamp" // We need this extra case because mssql doesn't allow grouping by alias
 	switch {
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		groupBy = "created_unix DIV 900 * 900"
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		groupByName = groupBy
 	}

--- a/models/avatars/avatar.go
+++ b/models/avatars/avatar.go
@ -153,7 +153,7 @@ func generateEmailAvatarLink(ctx context.Context, email string, size int, final
 		return DefaultAvatarLink()
 	}

-	enableFederatedAvatar := system_model.GetSettingBool(ctx, system_model.KeyPictureEnableFederatedAvatar)
+	enableFederatedAvatar := system_model.GetSettingWithCacheBool(ctx, system_model.KeyPictureEnableFederatedAvatar)

 	var err error
 	if enableFederatedAvatar && system_model.LibravatarService != nil {
@ -174,7 +174,7 @@ func generateEmailAvatarLink(ctx context.Context, email string, size int, final
 		return urlStr
 	}

-	disableGravatar := system_model.GetSettingBool(ctx, system_model.KeyPictureDisableGravatar)
+	disableGravatar := system_model.GetSettingWithCacheBool(ctx, system_model.KeyPictureDisableGravatar)
 	if !disableGravatar {
 		// copy GravatarSourceURL, because we will modify its Path.
 		avatarURLCopy := *system_model.GravatarSourceURL
--- a/models/avatars/avatar_test.go
+++ b/models/avatars/avatar_test.go
@ -28,7 +28,7 @@ func enableGravatar(t *testing.T) {
 	err := system_model.SetSettingNoVersion(db.DefaultContext, system_model.KeyPictureDisableGravatar, "false")
 	assert.NoError(t, err)
 	setting.GravatarSource = gravatarSource
-	err = system_model.Init()
+	err = system_model.Init(db.DefaultContext)
 	assert.NoError(t, err)
 }

--- a/models/db/common.go
+++ b/models/db/common.go
@ -15,7 +15,7 @@ import (
 // BuildCaseInsensitiveLike returns a condition to check if the given value is like the given key case-insensitively.
 // Handles especially SQLite correctly as UPPER there only transforms ASCII letters.
 func BuildCaseInsensitiveLike(key, value string) builder.Cond {
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		return builder.Like{"UPPER(" + key + ")", util.ToUpperASCII(value)}
 	}
 	return builder.Like{"UPPER(" + key + ")", strings.ToUpper(value)}
--- a/models/db/engine.go
+++ b/models/db/engine.go
@ -100,12 +100,12 @@ func newXORMEngine() (*xorm.Engine, error) {

 	var engine *xorm.Engine

-	if setting.Database.UsePostgreSQL && len(setting.Database.Schema) > 0 {
+	if setting.Database.Type.IsPostgreSQL() && len(setting.Database.Schema) > 0 {
 		// OK whilst we sort out our schema issues - create a schema aware postgres
 		registerPostgresSchemaDriver()
 		engine, err = xorm.NewEngine("postgresschema", connStr)
 	} else {
-		engine, err = xorm.NewEngine(setting.Database.Type, connStr)
+		engine, err = xorm.NewEngine(setting.Database.Type.String(), connStr)
 	}

 	if err != nil {
--- a/models/db/index.go
+++ b/models/db/index.go
@ -73,7 +73,7 @@ func postgresGetNextResourceIndex(ctx context.Context, tableName string, groupID

 // GetNextResourceIndex generates a resource index, it must run in the same transaction where the resource is created
 func GetNextResourceIndex(ctx context.Context, tableName string, groupID int64) (int64, error) {
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		return postgresGetNextResourceIndex(ctx, tableName, groupID)
 	}

--- a/models/db/list_options.go
+++ b/models/db/list_options.go
@ -134,7 +134,7 @@ func Find[T any](ctx context.Context, opts FindOptions, objects *[]T) error {
 	if !opts.IsListAll() {
 		sess.Limit(opts.GetSkipTake())
 	}
-	return sess.Find(&objects)
+	return sess.Find(objects)
 }

 // Count represents a common count function which accept an options interface
@ -148,5 +148,5 @@ func FindAndCount[T any](ctx context.Context, opts FindOptions, objects *[]T) (i
 	if !opts.IsListAll() {
 		sess.Limit(opts.GetSkipTake())
 	}
-	return sess.FindAndCount(&objects)
+	return sess.FindAndCount(objects)
 }
--- a/models/db/list_test.go
+++ b/models/db/list_test.go
@ -0,0 +1,48 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package db_test
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"xorm.io/builder"
+)
+
+type mockListOptions struct {
+	db.ListOptions
+}
+
+func (opts *mockListOptions) IsListAll() bool {
+	return true
+}
+
+func (opts *mockListOptions) ToConds() builder.Cond {
+	return builder.NewCond()
+}
+
+func TestFind(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	xe := unittest.GetXORMEngine()
+	assert.NoError(t, xe.Sync(&repo_model.RepoUnit{}))
+
+	opts := mockListOptions{}
+	var repoUnits []repo_model.RepoUnit
+	err := db.Find(db.DefaultContext, &opts, &repoUnits)
+	assert.NoError(t, err)
+	assert.EqualValues(t, 83, len(repoUnits))
+
+	cnt, err := db.Count(db.DefaultContext, &opts, new(repo_model.RepoUnit))
+	assert.NoError(t, err)
+	assert.EqualValues(t, 83, cnt)
+
+	repoUnits = make([]repo_model.RepoUnit, 0, 10)
+	newCnt, err := db.FindAndCount(db.DefaultContext, &opts, &repoUnits)
+	assert.NoError(t, err)
+	assert.EqualValues(t, cnt, newCnt)
+}
--- a/models/db/sequence.go
+++ b/models/db/sequence.go
@ -13,7 +13,7 @@ import (

 // CountBadSequences looks for broken sequences from recreate-table mistakes
 func CountBadSequences(_ context.Context) (int64, error) {
-	if !setting.Database.UsePostgreSQL {
+	if !setting.Database.Type.IsPostgreSQL() {
 		return 0, nil
 	}

@ -34,7 +34,7 @@ func CountBadSequences(_ context.Context) (int64, error) {

 // FixBadSequences fixes for broken sequences from recreate-table mistakes
 func FixBadSequences(_ context.Context) error {
-	if !setting.Database.UsePostgreSQL {
+	if !setting.Database.Type.IsPostgreSQL() {
 		return nil
 	}

--- a/models/fixtures/repository.yml
+++ b/models/fixtures/repository.yml
@ -25,7 +25,7 @@
  fork_id: 0
  is_template: false
  template_id: 0
-  size: 6708
+  size: 7028
  is_fsck_enabled: true
  close_issues_via_commit_in_any_branch: false

--- a/models/git/commit_status.go
+++ b/models/git/commit_status.go
@ -65,7 +65,7 @@ func postgresGetCommitStatusIndex(ctx context.Context, repoID int64, sha string)

 // GetNextCommitStatusIndex retried 3 times to generate a resource index
 func GetNextCommitStatusIndex(ctx context.Context, repoID int64, sha string) (int64, error) {
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		return postgresGetCommitStatusIndex(ctx, repoID, sha)
 	}

--- a/models/issues/label.go
+++ b/models/issues/label.go
@ -7,12 +7,12 @@ package issues
 import (
 	"context"
 	"fmt"
-	"regexp"
 	"strconv"
 	"strings"

 	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/label"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"

@ -78,9 +78,6 @@ func (err ErrLabelNotExist) Unwrap() error {
 	return util.ErrNotExist
 }

-// LabelColorPattern is a regexp witch can validate LabelColor
-var LabelColorPattern = regexp.MustCompile("^#?(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})$")
-
 // Label represents a label of repository for issues.
 type Label struct {
 	ID              int64 `xorm:"pk autoincr"`
@ -109,12 +106,12 @@ func init() {
 }

 // CalOpenIssues sets the number of open issues of a label based on the already stored number of closed issues.
-func (label *Label) CalOpenIssues() {
-	label.NumOpenIssues = label.NumIssues - label.NumClosedIssues
+func (l *Label) CalOpenIssues() {
+	l.NumOpenIssues = l.NumIssues - l.NumClosedIssues
 }

 // CalOpenOrgIssues calculates the open issues of a label for a specific repo
-func (label *Label) CalOpenOrgIssues(ctx context.Context, repoID, labelID int64) {
+func (l *Label) CalOpenOrgIssues(ctx context.Context, repoID, labelID int64) {
 	counts, _ := CountIssuesByRepo(ctx, &IssuesOptions{
 		RepoID:   repoID,
 		LabelIDs: []int64{labelID},
@ -122,22 +119,22 @@ func (label *Label) CalOpenOrgIssues(ctx context.Context, repoID, labelID int64)
 	})

 	for _, count := range counts {
-		label.NumOpenRepoIssues += count
+		l.NumOpenRepoIssues += count
 	}
 }

 // LoadSelectedLabelsAfterClick calculates the set of selected labels when a label is clicked
-func (label *Label) LoadSelectedLabelsAfterClick(currentSelectedLabels []int64, currentSelectedExclusiveScopes []string) {
+func (l *Label) LoadSelectedLabelsAfterClick(currentSelectedLabels []int64, currentSelectedExclusiveScopes []string) {
 	var labelQuerySlice []string
 	labelSelected := false
-	labelID := strconv.FormatInt(label.ID, 10)
-	labelScope := label.ExclusiveScope()
+	labelID := strconv.FormatInt(l.ID, 10)
+	labelScope := l.ExclusiveScope()
 	for i, s := range currentSelectedLabels {
-		if s == label.ID {
+		if s == l.ID {
 			labelSelected = true
-		} else if -s == label.ID {
+		} else if -s == l.ID {
 			labelSelected = true
-			label.IsExcluded = true
+			l.IsExcluded = true
 		} else if s != 0 {
 			// Exclude other labels in the same scope from selection
 			if s < 0 || labelScope == "" || labelScope != currentSelectedExclusiveScopes[i] {
@ -148,23 +145,23 @@ func (label *Label) LoadSelectedLabelsAfterClick(currentSelectedLabels []int64,
 	if !labelSelected {
 		labelQuerySlice = append(labelQuerySlice, labelID)
 	}
-	label.IsSelected = labelSelected
-	label.QueryString = strings.Join(labelQuerySlice, ",")
+	l.IsSelected = labelSelected
+	l.QueryString = strings.Join(labelQuerySlice, ",")
 }

 // BelongsToOrg returns true if label is an organization label
-func (label *Label) BelongsToOrg() bool {
-	return label.OrgID > 0
+func (l *Label) BelongsToOrg() bool {
+	return l.OrgID > 0
 }

 // BelongsToRepo returns true if label is a repository label
-func (label *Label) BelongsToRepo() bool {
-	return label.RepoID > 0
+func (l *Label) BelongsToRepo() bool {
+	return l.RepoID > 0
 }

 // Get color as RGB values in 0..255 range
-func (label *Label) ColorRGB() (float64, float64, float64, error) {
-	color, err := strconv.ParseUint(label.Color[1:], 16, 64)
+func (l *Label) ColorRGB() (float64, float64, float64, error) {
+	color, err := strconv.ParseUint(l.Color[1:], 16, 64)
 	if err != nil {
 		return 0, 0, 0, err
 	}
@ -176,9 +173,9 @@ func (label *Label) ColorRGB() (float64, float64, float64, error) {
 }

 // Determine if label text should be light or dark to be readable on background color
-func (label *Label) UseLightTextColor() bool {
-	if strings.HasPrefix(label.Color, "#") {
-		if r, g, b, err := label.ColorRGB(); err == nil {
+func (l *Label) UseLightTextColor() bool {
+	if strings.HasPrefix(l.Color, "#") {
+		if r, g, b, err := l.ColorRGB(); err == nil {
 			// Perceived brightness from: https://www.w3.org/TR/AERT/#color-contrast
 			// In the future WCAG 3 APCA may be a better solution
 			brightness := (0.299*r + 0.587*g + 0.114*b) / 255
@ -190,40 +187,26 @@ func (label *Label) UseLightTextColor() bool {
 }

 // Return scope substring of label name, or empty string if none exists
-func (label *Label) ExclusiveScope() string {
-	if !label.Exclusive {
+func (l *Label) ExclusiveScope() string {
+	if !l.Exclusive {
 		return ""
 	}
-	lastIndex := strings.LastIndex(label.Name, "/")
-	if lastIndex == -1 || lastIndex == 0 || lastIndex == len(label.Name)-1 {
+	lastIndex := strings.LastIndex(l.Name, "/")
+	if lastIndex == -1 || lastIndex == 0 || lastIndex == len(l.Name)-1 {
 		return ""
 	}
-	return label.Name[:lastIndex]
+	return l.Name[:lastIndex]
 }

 // NewLabel creates a new label
-func NewLabel(ctx context.Context, label *Label) error {
-	if !LabelColorPattern.MatchString(label.Color) {
-		return fmt.Errorf("bad color code: %s", label.Color)
+func NewLabel(ctx context.Context, l *Label) error {
+	color, err := label.NormalizeColor(l.Color)
+	if err != nil {
+		return err
 	}
+	l.Color = color

-	// normalize case
-	label.Color = strings.ToLower(label.Color)
-
-	// add leading hash
-	if label.Color[0] != '#' {
-		label.Color = "#" + label.Color
-	}
-
-	// convert 3-character shorthand into 6-character version
-	if len(label.Color) == 4 {
-		r := label.Color[1]
-		g := label.Color[2]
-		b := label.Color[3]
-		label.Color = fmt.Sprintf("#%c%c%c%c%c%c", r, r, g, g, b, b)
-	}
-
-	return db.Insert(ctx, label)
+	return db.Insert(ctx, l)
 }

 // NewLabels creates new labels
@ -234,11 +217,14 @@ func NewLabels(labels ...*Label) error {
 	}
 	defer committer.Close()

-	for _, label := range labels {
-		if !LabelColorPattern.MatchString(label.Color) {
-			return fmt.Errorf("bad color code: %s", label.Color)
+	for _, l := range labels {
+		color, err := label.NormalizeColor(l.Color)
+		if err != nil {
+			return err
 		}
-		if err := db.Insert(ctx, label); err != nil {
+		l.Color = color
+
+		if err := db.Insert(ctx, l); err != nil {
 			return err
 		}
 	}
@ -247,15 +233,18 @@ func NewLabels(labels ...*Label) error {

 // UpdateLabel updates label information.
 func UpdateLabel(l *Label) error {
-	if !LabelColorPattern.MatchString(l.Color) {
-		return fmt.Errorf("bad color code: %s", l.Color)
+	color, err := label.NormalizeColor(l.Color)
+	if err != nil {
+		return err
 	}
+	l.Color = color
+
 	return updateLabelCols(db.DefaultContext, l, "name", "description", "color", "exclusive")
 }

 // DeleteLabel delete a label
 func DeleteLabel(id, labelID int64) error {
-	label, err := GetLabelByID(db.DefaultContext, labelID)
+	l, err := GetLabelByID(db.DefaultContext, labelID)
 	if err != nil {
 		if IsErrLabelNotExist(err) {
 			return nil
@ -271,10 +260,10 @@ func DeleteLabel(id, labelID int64) error {

 	sess := db.GetEngine(ctx)

-	if label.BelongsToOrg() && label.OrgID != id {
+	if l.BelongsToOrg() && l.OrgID != id {
 		return nil
 	}
-	if label.BelongsToRepo() && label.RepoID != id {
+	if l.BelongsToRepo() && l.RepoID != id {
 		return nil
 	}

@ -682,14 +671,14 @@ func newIssueLabels(ctx context.Context, issue *Issue, labels []*Label, doer *us
 	if err = issue.LoadRepo(ctx); err != nil {
 		return err
 	}
-	for _, label := range labels {
+	for _, l := range labels {
 		// Don't add already present labels and invalid labels
-		if HasIssueLabel(ctx, issue.ID, label.ID) ||
-			(label.RepoID != issue.RepoID && label.OrgID != issue.Repo.OwnerID) {
+		if HasIssueLabel(ctx, issue.ID, l.ID) ||
+			(l.RepoID != issue.RepoID && l.OrgID != issue.Repo.OwnerID) {
 			continue
 		}

-		if err = newIssueLabel(ctx, issue, label, doer); err != nil {
+		if err = newIssueLabel(ctx, issue, l, doer); err != nil {
 			return fmt.Errorf("newIssueLabel: %w", err)
 		}
 	}
@ -778,7 +767,7 @@ func CountOrphanedLabels(ctx context.Context) (int64, error) {
 	norepo, err := db.GetEngine(ctx).Table("label").
 		Where(builder.And(
 			builder.Gt{"repo_id": 0},
-			builder.NotIn("repo_id", builder.Select("id").From("repository")),
+			builder.NotIn("repo_id", builder.Select("id").From("`repository`")),
 		)).
 		Count()
 	if err != nil {
@ -788,7 +777,7 @@ func CountOrphanedLabels(ctx context.Context) (int64, error) {
 	noorg, err := db.GetEngine(ctx).Table("label").
 		Where(builder.And(
 			builder.Gt{"org_id": 0},
-			builder.NotIn("org_id", builder.Select("id").From("user")),
+			builder.NotIn("org_id", builder.Select("id").From("`user`")),
 		)).
 		Count()
 	if err != nil {
@ -809,7 +798,7 @@ func DeleteOrphanedLabels(ctx context.Context) error {
 	if _, err := db.GetEngine(ctx).
 		Where(builder.And(
 			builder.Gt{"repo_id": 0},
-			builder.NotIn("repo_id", builder.Select("id").From("repository")),
+			builder.NotIn("repo_id", builder.Select("id").From("`repository`")),
 		)).
 		Delete(Label{}); err != nil {
 		return err
@ -819,7 +808,7 @@ func DeleteOrphanedLabels(ctx context.Context) error {
 	if _, err := db.GetEngine(ctx).
 		Where(builder.And(
 			builder.Gt{"org_id": 0},
-			builder.NotIn("org_id", builder.Select("id").From("user")),
+			builder.NotIn("org_id", builder.Select("id").From("`user`")),
 		)).
 		Delete(Label{}); err != nil {
 		return err
--- a/models/issues/label_test.go
+++ b/models/issues/label_test.go
@ -15,8 +15,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-// TODO TestGetLabelTemplateFile
-
 func TestLabel_CalOpenIssues(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	label := unittest.AssertExistsAndLoadBean(t, &issues_model.Label{ID: 1})
--- a/models/issues/pull_list.go
+++ b/models/issues/pull_list.go
@ -52,13 +52,16 @@ func listPullRequestStatement(baseRepoID int64, opts *PullRequestsOptions) (*xor

 // GetUnmergedPullRequestsByHeadInfo returns all pull requests that are open and has not been merged
 // by given head information (repo and branch).
-func GetUnmergedPullRequestsByHeadInfo(repoID int64, branch string) ([]*PullRequest, error) {
+// arg `includeClosed` controls whether the SQL returns closed PRs
+func GetUnmergedPullRequestsByHeadInfo(repoID int64, branch string, includeClosed bool) ([]*PullRequest, error) {
 	prs := make([]*PullRequest, 0, 2)
-	return prs, db.GetEngine(db.DefaultContext).
-		Where("head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?",
-			repoID, branch, false, false, PullRequestFlowGithub).
+	sess := db.GetEngine(db.DefaultContext).
 		Join("INNER", "issue", "issue.id = pull_request.issue_id").
-		Find(&prs)
+		Where("head_repo_id = ? AND head_branch = ? AND has_merged = ? AND flow = ?", repoID, branch, false, PullRequestFlowGithub)
+	if !includeClosed {
+		sess.Where("issue.is_closed = ?", false)
+	}
+	return prs, sess.Find(&prs)
 }

 // CanMaintainerWriteToBranch check whether user is a maintainer and could write to the branch
@ -71,7 +74,7 @@ func CanMaintainerWriteToBranch(p access_model.Permission, branch string, user *
 		return false
 	}

-	prs, err := GetUnmergedPullRequestsByHeadInfo(p.Units[0].RepoID, branch)
+	prs, err := GetUnmergedPullRequestsByHeadInfo(p.Units[0].RepoID, branch, false)
 	if err != nil {
 		return false
 	}
@ -111,6 +114,7 @@ func GetUnmergedPullRequestsByBaseInfo(repoID int64, branch string) ([]*PullRequ
 	return prs, db.GetEngine(db.DefaultContext).
 		Where("base_repo_id=? AND base_branch=? AND has_merged=? AND issue.is_closed=?",
 			repoID, branch, false, false).
+		OrderBy("issue.updated_unix DESC").
 		Join("INNER", "issue", "issue.id=pull_request.issue_id").
 		Find(&prs)
 }
--- a/models/issues/pull_test.go
+++ b/models/issues/pull_test.go
@ -118,7 +118,7 @@ func TestHasUnmergedPullRequestsByHeadInfo(t *testing.T) {

 func TestGetUnmergedPullRequestsByHeadInfo(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	prs, err := issues_model.GetUnmergedPullRequestsByHeadInfo(1, "branch2")
+	prs, err := issues_model.GetUnmergedPullRequestsByHeadInfo(1, "branch2", false)
 	assert.NoError(t, err)
 	assert.Len(t, prs, 1)
 	for _, pr := range prs {
--- a/models/migrations/base/db.go
+++ b/models/migrations/base/db.go
@ -89,7 +89,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 		hasID = hasID || (column.IsPrimaryKey && column.IsAutoIncrement)
 	}

-	if hasID && setting.Database.UseMSSQL {
+	if hasID && setting.Database.Type.IsMSSQL() {
 		if _, err := sess.Exec(fmt.Sprintf("SET IDENTITY_INSERT `%s` ON", tempTableName)); err != nil {
 			log.Error("Unable to set identity insert for table %s. Error: %v", tempTableName, err)
 			return err
@ -143,7 +143,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 		return err
 	}

-	if hasID && setting.Database.UseMSSQL {
+	if hasID && setting.Database.Type.IsMSSQL() {
 		if _, err := sess.Exec(fmt.Sprintf("SET IDENTITY_INSERT `%s` OFF", tempTableName)); err != nil {
 			log.Error("Unable to switch off identity insert for table %s. Error: %v", tempTableName, err)
 			return err
@ -151,7 +151,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 	}

 	switch {
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		// SQLite will drop all the constraints on the old table
 		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
 			log.Error("Unable to drop old table %s. Error: %v", tableName, err)
@ -178,7 +178,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 			return err
 		}

-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		// MySQL will drop all the constraints on the old table
 		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
 			log.Error("Unable to drop old table %s. Error: %v", tableName, err)
@ -205,7 +205,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 			log.Error("Unable to recreate uniques on table %s. Error: %v", tableName, err)
 			return err
 		}
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		var originalSequences []string
 		type sequenceData struct {
 			LastValue int  `xorm:"'last_value'"`
@ -296,7 +296,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {

 		}

-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		// MSSQL will drop all the constraints on the old table
 		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
 			log.Error("Unable to drop old table %s. Error: %v", tableName, err)
@ -323,7 +323,7 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 	// TODO: This will not work if there are foreign keys

 	switch {
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		// First drop the indexes on the columns
 		res, errIndex := sess.Query(fmt.Sprintf("PRAGMA index_list(`%s`)", tableName))
 		if errIndex != nil {
@ -405,7 +405,7 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 			return err
 		}

-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		cols := ""
 		for _, col := range columnNames {
 			if cols != "" {
@ -416,7 +416,7 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` %s", tableName, cols)); err != nil {
 			return fmt.Errorf("Drop table `%s` columns %v: %v", tableName, columnNames, err)
 		}
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		// Drop indexes on columns first
 		sql := fmt.Sprintf("SHOW INDEX FROM %s WHERE column_name IN ('%s')", tableName, strings.Join(columnNames, "','"))
 		res, err := sess.Query(sql)
@ -444,7 +444,7 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` %s", tableName, cols)); err != nil {
 			return fmt.Errorf("Drop table `%s` columns %v: %v", tableName, columnNames, err)
 		}
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		cols := ""
 		for _, col := range columnNames {
 			if cols != "" {
@ -543,13 +543,13 @@ func newXORMEngine() (*xorm.Engine, error) {

 func deleteDB() error {
 	switch {
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		if err := util.Remove(setting.Database.Path); err != nil {
 			return err
 		}
 		return os.MkdirAll(path.Dir(setting.Database.Path), os.ModePerm)

-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(%s)/",
 			setting.Database.User, setting.Database.Passwd, setting.Database.Host))
 		if err != nil {
@ -565,7 +565,7 @@ func deleteDB() error {
 			return err
 		}
 		return nil
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		db, err := sql.Open("postgres", fmt.Sprintf("postgres://%s:%s@%s/?sslmode=%s",
 			setting.Database.User, setting.Database.Passwd, setting.Database.Host, setting.Database.SSLMode))
 		if err != nil {
@ -612,7 +612,7 @@ func deleteDB() error {
 			}
 			return nil
 		}
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		host, port := setting.ParseMSSQLHostPort(setting.Database.Host)
 		db, err := sql.Open("mssql", fmt.Sprintf("server=%s; port=%s; database=%s; user id=%s; password=%s;",
 			host, port, "master", setting.Database.User, setting.Database.Passwd))
--- a/models/migrations/v1_12/v139.go
+++ b/models/migrations/v1_12/v139.go
@ -13,9 +13,9 @@ func PrependRefsHeadsToIssueRefs(x *xorm.Engine) error {
 	var query string

 	switch {
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		query = "UPDATE `issue` SET `ref` = 'refs/heads/' + `ref` WHERE `ref` IS NOT NULL AND `ref` <> '' AND `ref` NOT LIKE 'refs/%'"
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		query = "UPDATE `issue` SET `ref` = CONCAT('refs/heads/', `ref`) WHERE `ref` IS NOT NULL AND `ref` <> '' AND `ref` NOT LIKE 'refs/%';"
 	default:
 		query = "UPDATE `issue` SET `ref` = 'refs/heads/' || `ref` WHERE `ref` IS NOT NULL AND `ref` <> '' AND `ref` NOT LIKE 'refs/%'"
--- a/models/migrations/v1_13/v140.go
+++ b/models/migrations/v1_13/v140.go
@ -41,7 +41,7 @@ func FixLanguageStatsToSaveSize(x *xorm.Engine) error {

 	// Delete language stat statuses
 	truncExpr := "TRUNCATE TABLE"
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		truncExpr = "DELETE FROM"
 	}

--- a/models/migrations/v1_13/v145.go
+++ b/models/migrations/v1_13/v145.go
@ -21,7 +21,7 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 		return err
 	}

-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		// SQLite maps VARCHAR to TEXT without size so we're done
 		return nil
 	}
@ -41,11 +41,11 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 	}

 	switch {
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE language_stat MODIFY COLUMN language %s", sqlType)); err != nil {
 			return err
 		}
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		// Yet again MSSQL just has to be awkward.
 		// Here we have to drop the constraints first and then rebuild them
 		constraints := make([]string, 0)
@ -71,7 +71,7 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 		if err := sess.CreateUniques(new(LanguageStat)); err != nil {
 			return err
 		}
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE language_stat ALTER COLUMN language TYPE %s", sqlType)); err != nil {
 			return err
 		}
--- a/models/migrations/v1_13/v151.go
+++ b/models/migrations/v1_13/v151.go
@ -17,13 +17,13 @@ import (

 func SetDefaultPasswordToArgon2(x *xorm.Engine) error {
 	switch {
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		_, err := x.Exec("ALTER TABLE `user` ALTER passwd_hash_algo SET DEFAULT 'argon2';")
 		return err
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		_, err := x.Exec("ALTER TABLE `user` ALTER COLUMN passwd_hash_algo SET DEFAULT 'argon2';")
 		return err
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		// need to find the constraint and drop it, then recreate it.
 		sess := x.NewSession()
 		defer sess.Close()
@ -53,7 +53,7 @@ func SetDefaultPasswordToArgon2(x *xorm.Engine) error {
 		}
 		return sess.Commit()

-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		// drop through
 	default:
 		log.Fatal("Unrecognized DB")
--- a/models/migrations/v1_14/v158.go
+++ b/models/migrations/v1_14/v158.go
@ -62,7 +62,7 @@ func UpdateCodeCommentReplies(x *xorm.Engine) error {
 			return err
 		}

-		if setting.Database.UseMSSQL {
+		if setting.Database.Type.IsMSSQL() {
 			if _, err := sess.Exec(sqlSelect + " INTO #temp_comments" + sqlTail); err != nil {
 				log.Error("unable to create temporary table")
 				return err
@ -72,13 +72,13 @@ func UpdateCodeCommentReplies(x *xorm.Engine) error {
 		comments := make([]*Comment, 0, batchSize)

 		switch {
-		case setting.Database.UseMySQL:
+		case setting.Database.Type.IsMySQL():
 			sqlCmd = sqlSelect + sqlTail + " LIMIT " + strconv.Itoa(batchSize) + ", " + strconv.Itoa(start)
-		case setting.Database.UsePostgreSQL:
+		case setting.Database.Type.IsPostgreSQL():
 			fallthrough
-		case setting.Database.UseSQLite3:
+		case setting.Database.Type.IsSQLite3():
 			sqlCmd = sqlSelect + sqlTail + " LIMIT " + strconv.Itoa(batchSize) + " OFFSET " + strconv.Itoa(start)
-		case setting.Database.UseMSSQL:
+		case setting.Database.Type.IsMSSQL():
 			sqlCmd = "SELECT TOP " + strconv.Itoa(batchSize) + " * FROM #temp_comments WHERE " +
 				"(id NOT IN ( SELECT TOP " + strconv.Itoa(start) + " id FROM #temp_comments ORDER BY id )) ORDER BY id"
 		default:
--- a/models/migrations/v1_14/v175.go
+++ b/models/migrations/v1_14/v175.go
@ -14,7 +14,7 @@ import (
 )

 func FixPostgresIDSequences(x *xorm.Engine) error {
-	if !setting.Database.UsePostgreSQL {
+	if !setting.Database.Type.IsPostgreSQL() {
 		return nil
 	}

--- a/models/migrations/v1_15/v184.go
+++ b/models/migrations/v1_15/v184.go
@ -54,11 +54,11 @@ func RenameTaskErrorsToMessage(x *xorm.Engine) error {
 	}

 	switch {
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		if _, err := sess.Exec("ALTER TABLE `task` CHANGE errors message text"); err != nil {
 			return err
 		}
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		if _, err := sess.Exec("sp_rename 'task.errors', 'message', 'COLUMN'"); err != nil {
 			return err
 		}
--- a/models/migrations/v1_16/v191.go
+++ b/models/migrations/v1_16/v191.go
@ -16,7 +16,7 @@ func AlterIssueAndCommentTextFieldsToLongText(x *xorm.Engine) error {
 		return err
 	}

-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `issue` CHANGE `content` `content` LONGTEXT"); err != nil {
 			return err
 		}
--- a/models/migrations/v1_17/v217.go
+++ b/models/migrations/v1_17/v217.go
@ -16,7 +16,7 @@ func AlterHookTaskTextFieldsToLongText(x *xorm.Engine) error {
 		return err
 	}

-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `hook_task` CHANGE `payload_content` `payload_content` LONGTEXT, CHANGE `request_content` `request_content` LONGTEXT, change `response_content` `response_content` LONGTEXT"); err != nil {
 			return err
 		}
--- a/models/migrations/v1_17/v218.go
+++ b/models/migrations/v1_17/v218.go
@ -38,7 +38,7 @@ func (*improveActionTableIndicesAction) TableIndices() []*schemas.Index {
 	actUserIndex := schemas.NewIndex("au_r_c_u_d", schemas.IndexType)
 	actUserIndex.AddColumn("act_user_id", "repo_id", "created_unix", "user_id", "is_deleted")
 	indices := []*schemas.Index{actUserIndex, repoIndex}
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		cudIndex := schemas.NewIndex("c_u_d", schemas.IndexType)
 		cudIndex.AddColumn("created_unix", "user_id", "is_deleted")
 		indices = append(indices, cudIndex)
--- a/models/migrations/v1_17/v223.go
+++ b/models/migrations/v1_17/v223.go
@ -65,11 +65,11 @@ func RenameCredentialIDBytes(x *xorm.Engine) error {
 		}

 		switch {
-		case setting.Database.UseMySQL:
+		case setting.Database.Type.IsMySQL():
 			if _, err := sess.Exec("ALTER TABLE `webauthn_credential` CHANGE credential_id_bytes credential_id VARBINARY(1024)"); err != nil {
 				return err
 			}
-		case setting.Database.UseMSSQL:
+		case setting.Database.Type.IsMSSQL():
 			if _, err := sess.Exec("sp_rename 'webauthn_credential.credential_id_bytes', 'credential_id', 'COLUMN'"); err != nil {
 				return err
 			}
--- a/models/migrations/v1_18/v225.go
+++ b/models/migrations/v1_18/v225.go
@ -16,7 +16,7 @@ func AlterPublicGPGKeyContentFieldsToMediumText(x *xorm.Engine) error {
 		return err
 	}

-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `gpg_key` CHANGE `content` `content` MEDIUMTEXT"); err != nil {
 			return err
 		}
--- a/models/migrations/v1_19/v232.go
+++ b/models/migrations/v1_19/v232.go
@ -16,7 +16,7 @@ func AlterPackageVersionMetadataToLongText(x *xorm.Engine) error {
 		return err
 	}

-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `package_version` MODIFY COLUMN `metadata_json` LONGTEXT"); err != nil {
 			return err
 		}
--- a/models/migrations/v1_19/v242.go
+++ b/models/migrations/v1_19/v242.go
@ -17,7 +17,7 @@ func AlterPublicGPGKeyImportContentFieldToMediumText(x *xorm.Engine) error {
 		return err
 	}

-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `gpg_key_import` CHANGE `content` `content` MEDIUMTEXT"); err != nil {
 			return err
 		}
--- a/models/organization/org.go
+++ b/models/organization/org.go
@ -239,6 +239,32 @@ func (org *Organization) CustomAvatarRelativePath() string {
 	return org.Avatar
 }

+// UnitPermission returns unit permission
+func (org *Organization) UnitPermission(ctx context.Context, doer *user_model.User, unitType unit.Type) perm.AccessMode {
+	if doer != nil {
+		teams, err := GetUserOrgTeams(ctx, org.ID, doer.ID)
+		if err != nil {
+			log.Error("GetUserOrgTeams: %v", err)
+			return perm.AccessModeNone
+		}
+
+		if err := teams.LoadUnits(ctx); err != nil {
+			log.Error("LoadUnits: %v", err)
+			return perm.AccessModeNone
+		}
+
+		if len(teams) > 0 {
+			return teams.UnitMaxAccess(unitType)
+		}
+	}
+
+	if org.Visibility.IsPublic() {
+		return perm.AccessModeRead
+	}
+
+	return perm.AccessModeNone
+}
+
 // CreateOrganization creates record of a new organization.
 func CreateOrganization(org *Organization, owner *user_model.User) (err error) {
 	if !owner.CanCreateOrganization() {
--- a/models/project/project.go
+++ b/models/project/project.go
@ -416,7 +416,7 @@ func DeleteProjectByID(ctx context.Context, id int64) error {

 func DeleteProjectByRepoID(ctx context.Context, repoID int64) error {
 	switch {
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_issue WHERE project_issue.id IN (SELECT project_issue.id FROM project_issue INNER JOIN project WHERE project.id = project_issue.project_id AND project.repo_id = ?)", repoID); err != nil {
 			return err
 		}
@ -426,7 +426,7 @@ func DeleteProjectByRepoID(ctx context.Context, repoID int64) error {
 		if _, err := db.GetEngine(ctx).Table("project").Where("repo_id = ? ", repoID).Delete(&Project{}); err != nil {
 			return err
 		}
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_issue USING project WHERE project.id = project_issue.project_id AND project.repo_id = ? ", repoID); err != nil {
 			return err
 		}
--- a/models/repo.go
+++ b/models/repo.go
@ -39,9 +39,9 @@ import (
 var ItemsPerPage = 40

 // Init initialize model
-func Init() error {
+func Init(ctx context.Context) error {
 	unit.LoadUnitConfig()
-	return system_model.Init()
+	return system_model.Init(ctx)
 }

 // DeleteRepository deletes a repository for a user or organization.
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@ -498,7 +498,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		subQueryCond := builder.NewCond()

 		// Topic checking. Topics are present.
-		if setting.Database.UsePostgreSQL { // postgres stores the topics as json and not as text
+		if setting.Database.Type.IsPostgreSQL() { // postgres stores the topics as json and not as text
 			subQueryCond = subQueryCond.Or(builder.And(builder.NotNull{"topics"}, builder.Neq{"(topics)::text": "[]"}))
 		} else {
 			subQueryCond = subQueryCond.Or(builder.And(builder.Neq{"topics": "null"}, builder.Neq{"topics": "[]"}))
--- a/models/system/setting.go
+++ b/models/system/setting.go
@ -79,8 +79,8 @@ func IsErrDataExpired(err error) bool {
 	return ok
 }

-// GetSettingNoCache returns specific setting without using the cache
-func GetSettingNoCache(ctx context.Context, key string) (*Setting, error) {
+// GetSetting returns specific setting without using the cache
+func GetSetting(ctx context.Context, key string) (*Setting, error) {
 	v, err := GetSettings(ctx, []string{key})
 	if err != nil {
 		return nil, err
@ -93,11 +93,11 @@ func GetSettingNoCache(ctx context.Context, key string) (*Setting, error) {

 const contextCacheKey = "system_setting"

-// GetSetting returns the setting value via the key
-func GetSetting(ctx context.Context, key string) (string, error) {
+// GetSettingWithCache returns the setting value via the key
+func GetSettingWithCache(ctx context.Context, key string) (string, error) {
 	return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) {
 		return cache.GetString(genSettingCacheKey(key), func() (string, error) {
-			res, err := GetSettingNoCache(ctx, key)
+			res, err := GetSetting(ctx, key)
 			if err != nil {
 				return "", err
 			}
@ -110,6 +110,15 @@ func GetSetting(ctx context.Context, key string) (string, error) {
 // none existing keys and errors are ignored and result in false
 func GetSettingBool(ctx context.Context, key string) bool {
 	s, _ := GetSetting(ctx, key)
+	if s == nil {
+		return false
+	}
+	v, _ := strconv.ParseBool(s.SettingValue)
+	return v
+}
+
+func GetSettingWithCacheBool(ctx context.Context, key string) bool {
+	s, _ := GetSettingWithCache(ctx, key)
 	v, _ := strconv.ParseBool(s)
 	return v
 }
@ -120,7 +129,7 @@ func GetSettings(ctx context.Context, keys []string) (map[string]*Setting, error
 		keys[i] = strings.ToLower(keys[i])
 	}
 	settings := make([]*Setting, 0, len(keys))
-	if err := db.GetEngine(db.DefaultContext).
+	if err := db.GetEngine(ctx).
 		Where(builder.In("setting_key", keys)).
 		Find(&settings); err != nil {
 		return nil, err
@ -151,9 +160,9 @@ func (settings AllSettings) GetVersion(key string) int {
 }

 // GetAllSettings returns all settings from user
-func GetAllSettings() (AllSettings, error) {
+func GetAllSettings(ctx context.Context) (AllSettings, error) {
 	settings := make([]*Setting, 0, 5)
-	if err := db.GetEngine(db.DefaultContext).
+	if err := db.GetEngine(ctx).
 		Find(&settings); err != nil {
 		return nil, err
 	}
@ -168,12 +177,12 @@ func GetAllSettings() (AllSettings, error) {
 func DeleteSetting(ctx context.Context, setting *Setting) error {
 	cache.RemoveContextData(ctx, contextCacheKey, setting.SettingKey)
 	cache.Remove(genSettingCacheKey(setting.SettingKey))
-	_, err := db.GetEngine(db.DefaultContext).Delete(setting)
+	_, err := db.GetEngine(ctx).Delete(setting)
 	return err
 }

 func SetSettingNoVersion(ctx context.Context, key, value string) error {
-	s, err := GetSettingNoCache(ctx, key)
+	s, err := GetSetting(ctx, key)
 	if IsErrSettingIsNotExist(err) {
 		return SetSetting(ctx, &Setting{
 			SettingKey:   key,
@ -189,7 +198,7 @@ func SetSettingNoVersion(ctx context.Context, key, value string) error {

 // SetSetting updates a users' setting for a specific key
 func SetSetting(ctx context.Context, setting *Setting) error {
-	if err := upsertSettingValue(strings.ToLower(setting.SettingKey), setting.SettingValue, setting.Version); err != nil {
+	if err := upsertSettingValue(ctx, strings.ToLower(setting.SettingKey), setting.SettingValue, setting.Version); err != nil {
 		return err
 	}

@ -205,8 +214,8 @@ func SetSetting(ctx context.Context, setting *Setting) error {
 	return nil
 }

-func upsertSettingValue(key, value string, version int) error {
-	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
+func upsertSettingValue(parentCtx context.Context, key, value string, version int) error {
+	return db.WithTx(parentCtx, func(ctx context.Context) error {
 		e := db.GetEngine(ctx)

 		// here we use a general method to do a safe upsert for different databases (and most transaction levels)
@ -249,9 +258,9 @@ var (
 	LibravatarService *libravatar.Libravatar
 )

-func Init() error {
+func Init(ctx context.Context) error {
 	var disableGravatar bool
-	disableGravatarSetting, err := GetSettingNoCache(db.DefaultContext, KeyPictureDisableGravatar)
+	disableGravatarSetting, err := GetSetting(ctx, KeyPictureDisableGravatar)
 	if IsErrSettingIsNotExist(err) {
 		disableGravatar = setting_module.GetDefaultDisableGravatar()
 		disableGravatarSetting = &Setting{SettingValue: strconv.FormatBool(disableGravatar)}
@ -262,7 +271,7 @@ func Init() error {
 	}

 	var enableFederatedAvatar bool
-	enableFederatedAvatarSetting, err := GetSettingNoCache(db.DefaultContext, KeyPictureEnableFederatedAvatar)
+	enableFederatedAvatarSetting, err := GetSetting(ctx, KeyPictureEnableFederatedAvatar)
 	if IsErrSettingIsNotExist(err) {
 		enableFederatedAvatar = setting_module.GetDefaultEnableFederatedAvatar(disableGravatar)
 		enableFederatedAvatarSetting = &Setting{SettingValue: strconv.FormatBool(enableFederatedAvatar)}
@ -275,13 +284,13 @@ func Init() error {
 	if setting_module.OfflineMode {
 		disableGravatar = true
 		enableFederatedAvatar = false
-		if !GetSettingBool(db.DefaultContext, KeyPictureDisableGravatar) {
-			if err := SetSettingNoVersion(db.DefaultContext, KeyPictureDisableGravatar, "true"); err != nil {
+		if !GetSettingBool(ctx, KeyPictureDisableGravatar) {
+			if err := SetSettingNoVersion(ctx, KeyPictureDisableGravatar, "true"); err != nil {
 				return fmt.Errorf("Failed to set setting %q: %w", KeyPictureDisableGravatar, err)
 			}
 		}
-		if GetSettingBool(db.DefaultContext, KeyPictureEnableFederatedAvatar) {
-			if err := SetSettingNoVersion(db.DefaultContext, KeyPictureEnableFederatedAvatar, "false"); err != nil {
+		if GetSettingBool(ctx, KeyPictureEnableFederatedAvatar) {
+			if err := SetSettingNoVersion(ctx, KeyPictureEnableFederatedAvatar, "false"); err != nil {
 				return fmt.Errorf("Failed to set setting %q: %w", KeyPictureEnableFederatedAvatar, err)
 			}
 		}
--- a/models/system/setting_test.go
+++ b/models/system/setting_test.go
@ -40,10 +40,10 @@ func TestSettings(t *testing.T) {

 	value, err := system.GetSetting(db.DefaultContext, keyName)
 	assert.NoError(t, err)
-	assert.EqualValues(t, updatedSetting.SettingValue, value)
+	assert.EqualValues(t, updatedSetting.SettingValue, value.SettingValue)

 	// get all settings
-	settings, err = system.GetAllSettings()
+	settings, err = system.GetAllSettings(db.DefaultContext)
 	assert.NoError(t, err)
 	assert.Len(t, settings, 3)
 	assert.EqualValues(t, updatedSetting.SettingValue, settings[strings.ToLower(updatedSetting.SettingKey)].SettingValue)
@ -51,7 +51,7 @@ func TestSettings(t *testing.T) {
 	// delete setting
 	err = system.DeleteSetting(db.DefaultContext, &system.Setting{SettingKey: strings.ToLower(keyName)})
 	assert.NoError(t, err)
-	settings, err = system.GetAllSettings()
+	settings, err = system.GetAllSettings(db.DefaultContext)
 	assert.NoError(t, err)
 	assert.Len(t, settings, 2)
 }
--- a/models/unittest/testdb.go
+++ b/models/unittest/testdb.go
@ -76,7 +76,7 @@ func MainTest(m *testing.M, testOpts *TestOptions) {
 	setting.SSH.BuiltinServerUser = "builtinuser"
 	setting.SSH.Port = 3000
 	setting.SSH.Domain = "try.gitea.io"
-	setting.Database.UseSQLite3 = true
+	setting.Database.Type = "sqlite3"
 	setting.Repository.DefaultBranch = "master" // many test code still assume that default branch is called "master"
 	repoRootPath, err := os.MkdirTemp(os.TempDir(), "repos")
 	if err != nil {
@ -113,7 +113,7 @@ func MainTest(m *testing.M, testOpts *TestOptions) {
 	if err = storage.Init(); err != nil {
 		fatalTestError("storage.Init: %v\n", err)
 	}
-	if err = system_model.Init(); err != nil {
+	if err = system_model.Init(db.DefaultContext); err != nil {
 		fatalTestError("models.Init: %v\n", err)
 	}

--- a/models/user/avatar.go
+++ b/models/user/avatar.go
@ -67,7 +67,7 @@ func (u *User) AvatarLinkWithSize(ctx context.Context, size int) string {
 	useLocalAvatar := false
 	autoGenerateAvatar := false

-	disableGravatar := system_model.GetSettingBool(ctx, system_model.KeyPictureDisableGravatar)
+	disableGravatar := system_model.GetSettingWithCacheBool(ctx, system_model.KeyPictureDisableGravatar)

 	switch {
 	case u.UseCustomAvatar:
--- a/models/user/user.go
+++ b/models/user/user.go
@ -393,6 +393,11 @@ func (u *User) IsOrganization() bool {
 	return u.Type == UserTypeOrganization
 }

+// IsIndividual returns true if user is actually a individual user.
+func (u *User) IsIndividual() bool {
+	return u.Type == UserTypeIndividual
+}
+
 // DisplayName returns full name if it's not empty,
 // returns username otherwise.
 func (u *User) DisplayName() string {
--- a/modules/auth/password/hash/setting.go
+++ b/modules/auth/password/hash/setting.go
@ -10,7 +10,7 @@ package hash
 //
 // It will be dealiased as per aliasAlgorithmNames whereas
 // defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
-const DefaultHashAlgorithmName = "pbkdf2"
+const DefaultHashAlgorithmName = "pbkdf2_hi"

 var DefaultHashAlgorithm *PasswordHashAlgorithm

@ -41,9 +41,8 @@ var RecommendedHashAlgorithms = []string{
 	"pbkdf2_hi",
 }

-// SetDefaultPasswordHashAlgorithm will take a provided algorithmName and dealias it to
-// a complete algorithm specification.
-func SetDefaultPasswordHashAlgorithm(algorithmName string) (string, *PasswordHashAlgorithm) {
+// hashAlgorithmToSpec converts an algorithm name or a specification to a full algorithm specification
+func hashAlgorithmToSpec(algorithmName string) string {
 	if algorithmName == "" {
 		algorithmName = DefaultHashAlgorithmName
 	}
@ -52,10 +51,26 @@ func SetDefaultPasswordHashAlgorithm(algorithmName string) (string, *PasswordHas
 		algorithmName = alias
 		alias, has = aliasAlgorithmNames[algorithmName]
 	}
-
-	// algorithmName should now be a full algorithm specification
-	// e.g. pbkdf2$50000$50 rather than pbdkf2
-	DefaultHashAlgorithm = Parse(algorithmName)
-
-	return algorithmName, DefaultHashAlgorithm
+	return algorithmName
+}
+
+// SetDefaultPasswordHashAlgorithm will take a provided algorithmName and de-alias it to
+// a complete algorithm specification.
+func SetDefaultPasswordHashAlgorithm(algorithmName string) (string, *PasswordHashAlgorithm) {
+	algoSpec := hashAlgorithmToSpec(algorithmName)
+	// now we get a full specification, e.g. pbkdf2$50000$50 rather than pbdkf2
+	DefaultHashAlgorithm = Parse(algoSpec)
+	return algoSpec, DefaultHashAlgorithm
+}
+
+// ConfigHashAlgorithm will try to find a "recommended algorithm name" defined by RecommendedHashAlgorithms for config
+// This function is not fast and is only used for the installation page
+func ConfigHashAlgorithm(algorithm string) string {
+	algorithm = hashAlgorithmToSpec(algorithm)
+	for _, recommAlgo := range RecommendedHashAlgorithms {
+		if algorithm == hashAlgorithmToSpec(recommAlgo) {
+			return recommAlgo
+		}
+	}
+	return algorithm
 }
--- a/modules/auth/password/hash/setting_test.go
+++ b/modules/auth/password/hash/setting_test.go
@ -28,11 +28,11 @@ func TestCheckSettingPasswordHashAlgorithm(t *testing.T) {
 		})
 	}

-	t.Run("pbkdf2_v2 is the default when default password hash algorithm is empty", func(t *testing.T) {
+	t.Run("pbkdf2_hi is the default when default password hash algorithm is empty", func(t *testing.T) {
 		emptyConfig, emptyAlgo := SetDefaultPasswordHashAlgorithm("")
-		pbkdf2v2Config, pbkdf2v2Algo := SetDefaultPasswordHashAlgorithm("pbkdf2_v2")
+		pbkdf2hiConfig, pbkdf2hiAlgo := SetDefaultPasswordHashAlgorithm("pbkdf2_hi")

-		assert.Equal(t, pbkdf2v2Config, emptyConfig)
-		assert.Equal(t, pbkdf2v2Algo.Specification, emptyAlgo.Specification)
+		assert.Equal(t, pbkdf2hiConfig, emptyConfig)
+		assert.Equal(t, pbkdf2hiAlgo.Specification, emptyAlgo.Specification)
 	})
 }
--- a/modules/context/api.go
+++ b/modules/context/api.go
@ -244,7 +244,7 @@ func APIContexter() func(http.Handler) http.Handler {
 				}
 			}

-			httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
+			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

 			ctx.Data["Context"] = &ctx
--- a/modules/context/context.go
+++ b/modules/context/context.go
@ -388,7 +388,7 @@ func (ctx *Context) SetServeHeaders(opts *ServeHeaderOptions) {
 	if duration == 0 {
 		duration = 5 * time.Minute
 	}
-	httpcache.AddCacheControlToHeader(header, duration)
+	httpcache.SetCacheControlInHeader(header, duration)

 	if !opts.LastModified.IsZero() {
 		header.Set("Last-Modified", opts.LastModified.UTC().Format(http.TimeFormat))
@ -753,7 +753,7 @@ func Contexter(ctx context.Context) func(next http.Handler) http.Handler {
 				}
 			}

-			httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
+			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)

 			ctx.Data["CsrfToken"] = ctx.csrf.GetToken()
--- a/modules/context/org.go
+++ b/modules/context/org.go
@ -11,7 +11,6 @@ import (
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 )
@ -31,29 +30,34 @@ type Organization struct {
 }

 func (org *Organization) CanWriteUnit(ctx *Context, unitType unit.Type) bool {
-	if ctx.Doer == nil {
-		return false
-	}
-	return org.UnitPermission(ctx, ctx.Doer.ID, unitType) >= perm.AccessModeWrite
+	return org.Organization.UnitPermission(ctx, ctx.Doer, unitType) >= perm.AccessModeWrite
 }

-func (org *Organization) UnitPermission(ctx *Context, doerID int64, unitType unit.Type) perm.AccessMode {
-	if doerID > 0 {
-		teams, err := organization.GetUserOrgTeams(ctx, org.Organization.ID, doerID)
-		if err != nil {
-			log.Error("GetUserOrgTeams: %v", err)
-			return perm.AccessModeNone
-		}
-		if len(teams) > 0 {
-			return teams.UnitMaxAccess(unitType)
-		}
-	}
+func (org *Organization) CanReadUnit(ctx *Context, unitType unit.Type) bool {
+	return org.Organization.UnitPermission(ctx, ctx.Doer, unitType) >= perm.AccessModeRead
+}

-	if org.Organization.Visibility == structs.VisibleTypePublic {
-		return perm.AccessModeRead
-	}
+func GetOrganizationByParams(ctx *Context) {
+	orgName := ctx.Params(":org")

-	return perm.AccessModeNone
+	var err error
+
+	ctx.Org.Organization, err = organization.GetOrgByName(ctx, orgName)
+	if err != nil {
+		if organization.IsErrOrgNotExist(err) {
+			redirectUserID, err := user_model.LookupUserRedirect(orgName)
+			if err == nil {
+				RedirectToUser(ctx, orgName, redirectUserID)
+			} else if user_model.IsErrUserRedirectNotExist(err) {
+				ctx.NotFound("GetUserByName", err)
+			} else {
+				ctx.ServerError("LookupUserRedirect", err)
+			}
+		} else {
+			ctx.ServerError("GetUserByName", err)
+		}
+		return
+	}
 }

 // HandleOrgAssignment handles organization assignment
@ -77,25 +81,26 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 		requireTeamAdmin = args[3]
 	}

-	orgName := ctx.Params(":org")
-
 	var err error
-	ctx.Org.Organization, err = organization.GetOrgByName(ctx, orgName)
-	if err != nil {
-		if organization.IsErrOrgNotExist(err) {
-			redirectUserID, err := user_model.LookupUserRedirect(orgName)
-			if err == nil {
-				RedirectToUser(ctx, orgName, redirectUserID)
-			} else if user_model.IsErrUserRedirectNotExist(err) {
-				ctx.NotFound("GetUserByName", err)
-			} else {
-				ctx.ServerError("LookupUserRedirect", err)
+
+	if ctx.ContextUser == nil {
+		// if Organization is not defined, get it from params
+		if ctx.Org.Organization == nil {
+			GetOrganizationByParams(ctx)
+			if ctx.Written() {
+				return
 			}
-		} else {
-			ctx.ServerError("GetUserByName", err)
 		}
+	} else if ctx.ContextUser.IsOrganization() {
+		if ctx.Org == nil {
+			ctx.Org = &Organization{}
+		}
+		ctx.Org.Organization = (*organization.Organization)(ctx.ContextUser)
+	} else {
+		// ContextUser is an individual User
 		return
 	}
+
 	org := ctx.Org.Organization

 	// Handle Visibility
@ -156,6 +161,7 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 	}
 	ctx.Data["IsOrganizationOwner"] = ctx.Org.IsOwner
 	ctx.Data["IsOrganizationMember"] = ctx.Org.IsMember
+	ctx.Data["IsProjectEnabled"] = true
 	ctx.Data["IsPackageEnabled"] = setting.Packages.Enabled
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
 	ctx.Data["IsPublicMember"] = func(uid int64) bool {
@ -231,6 +237,10 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 			return
 		}
 	}
+
+	ctx.Data["CanReadProjects"] = ctx.Org.CanReadUnit(ctx, unit.TypeProjects)
+	ctx.Data["CanReadPackages"] = ctx.Org.CanReadUnit(ctx, unit.TypePackages)
+	ctx.Data["CanReadCode"] = ctx.Org.CanReadUnit(ctx, unit.TypeCode)
 }

 // OrgAssignment returns a middleware to handle organization assignment
--- a/modules/csv/csv_test.go
+++ b/modules/csv/csv_test.go
@ -11,6 +11,7 @@ import (
 	"strings"
 	"testing"

+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/markup"

 	"github.com/stretchr/testify/assert"
@ -229,7 +230,10 @@ John Doe	john@doe.com	This,note,had,a,lot,of,commas,to,test,delimiters`,
 	}

 	for n, c := range cases {
-		delimiter := determineDelimiter(&markup.RenderContext{RelativePath: c.filename}, []byte(decodeSlashes(t, c.csv)))
+		delimiter := determineDelimiter(&markup.RenderContext{
+			Ctx:          git.DefaultContext,
+			RelativePath: c.filename,
+		}, []byte(decodeSlashes(t, c.csv)))
 		assert.EqualValues(t, c.expectedDelimiter, delimiter, "case %d: delimiter should be equal, expected '%c' got '%c'", n, c.expectedDelimiter, delimiter)
 	}
 }
--- a/Show More
+++ b/Show More