ci: fix up docker workflow issue

Suppress golangci-lint errors
Fix CI setup and errors
2026-02-28 01:00:57 +01:00 · 2026-01-23 12:35:06 -05:00 · 2026-01-23 12:28:00 -05:00 · 2026-01-23 12:18:28 -05:00 · 2026-01-23 10:21:06 -05:00 · 2026-01-23 09:40:55 -05:00
859 changed files with 187423 additions and 114091 deletions
--- a/.deepsource.toml
+++ b/.deepsource.toml
@@ -0,0 +1,26 @@
+version = 1
+
+exclude_patterns = ["**/mocks_test.go"]
+
+[[analyzers]]
+name = "docker"
+enabled = true
+
+[[analyzers]]
+name = "shell"
+enabled = true
+
+[[analyzers]]
+name = "go"
+enabled = true
+
+  [analyzers.meta]
+  import_root = "github.com/gogs/gogs"
+
+[[transformers]]
+name = "gofumpt"
+enabled = true
+
+[[transformers]]
+name = "gofmt"
+enabled = true
--- a/.dockerignore
+++ b/.dockerignore
@@ -4,7 +4,6 @@ scripts
 scripts/**
 .github/
 .github/**
-config.codekit
 .dockerignore
 *.yml
 *.md
@@ -12,3 +11,5 @@ config.codekit
 .gitignore
 Dockerfile*
 gogs
+
+!Taskfile.yml
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,9 +1,8 @@
-conf/gitignore/* linguist-vendored
-conf/license/* linguist-vendored
-public/assets/* linguist-vendored
-public/plugins/* linguist-vendored
-public/css/themes/* linguist-vendored
-public/css/semantic-2.4.2.min.css linguist-vendored
-public/js/libs/* linguist-vendored
-public/js/jquery-3.4.1.min.js linguist-vendored
-public/js/semantic-2.4.2.min.js linguist-vendored
+conf/gitignore/** linguist-vendored
+conf/license/** linguist-vendored
+public/assets/** linguist-vendored
+public/plugins/** linguist-vendored
+public/css/themes/** linguist-vendored
+public/css/semantic-* linguist-vendored
+public/js/libs/** linguist-vendored
+public/js/semantic-* linguist-vendored
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -1,44 +1,78 @@
-# Contributing to Gogs
+# Welcome to Gogs contributing guide

-> This guidelines sheet is forked from [CONTRIBUTING.md](https://github.com/drone/drone/blob/8d9c7cee56d6c2eac81dc156ce27be6716d97e68/CONTRIBUTING.md).
+Thank you for investing your time in contributing to our projects!

-Gogs is not perfect, and it has bugs or incomplete features in rare cases. You're welcome to tell us, or to contribute some code. This document describes details about how can you contribute to Gogs project.
+Read our [Code of Conduct](https://go.dev/conduct) to keep our community approachable and respectable.

-## Contribution guidelines
+In this guide you will get an overview of the contribution workflow from opening an issue, creating a PR, reviewing, and merging the PR.

-Depends on the situation, you will:
+Use the table of contents icon <img src="https://github.com/github/docs/raw/50561895328b8f369694973252127b7d93899d83/assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of this document to get to a specific section of this guide quickly.

- Find a bug and create an issue
- Need more functionality and make a feature request
- Want to contribute code and open a pull request
- Run into issue and need help
+## New contributor guide

-### Bug Report
+To get an overview of the project, read the [README](/README.md). Here are some resources to help you get started with open source contributions:

-If you find something you consider a bug, please create an issue on [GitHub](https://github.com/gogits/gogs/issues). To avoid wasting time and reduce back-and-forth communication with team members, please be respect to [Issue Template](ISSUE_TEMPLATE.md).
+- [Finding ways to contribute to open source on GitHub](https://docs.github.com/en/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github)
+- [Set up Git](https://docs.github.com/en/get-started/quickstart/set-up-git)
+- [GitHub flow](https://docs.github.com/en/get-started/quickstart/github-flow)
+- [Collaborating with pull requests](https://docs.github.com/en/github/collaborating-with-pull-requests)
+- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
+- [Talk, then code](https://www.craft.do/s/kyHVs6OoE4Dj5V)

-### Feature Request
+In addition to the general guides with open source contributions, you would also need to:

-There is no standard form of making a feature request. Just try to describe the feature as clearly as possible, because team members may not have experience with the functionality you're talking about.
+- Have basic knowledge about web applications development, database management systems and programming in [Go](https://go.dev/).
+- Have a working local development setup with a reasonable good IDE or editor like [Visual Studio Code](https://code.visualstudio.com/docs/languages/go), [GoLand](https://www.jetbrains.com/go/) or [Vim](https://github.com/fatih/vim-go).
+- [Set up your development environment](/docs/dev/local_development.md).

-### Pull Request
+## Issues

-Please read detailed information on [Wiki](https://github.com/gogits/gogs/wiki/Contributing-Code).
+### Ask for help

-### Ask For Help
+Before opening an issue, please make sure the problem you're encountering isn't already addressed on the [Troubleshooting](https://gogs.io/docs/intro/troubleshooting.html) and [FAQs](https://gogs.io/docs/intro/faqs.html) pages.

-Before opening an issue, please make sure your problem isn't already addressed on the [Troubleshooting](https://gogs.io/docs/intro/troubleshooting.html) and [FAQs](https://gogs.io/docs/intro/faqs.html) pages.
+### Create a new issue

-## Code of conduct
+- For questions, ask in [Discussions](https://github.com/gogs/gogs/discussions).
+- [Check to make sure](https://docs.github.com/en/github/searching-for-information-on-github/searching-on-github/searching-issues-and-pull-requests#search-by-the-title-body-or-comments) someone hasn't already opened a similar [issue](https://github.com/gogs/gogs/issues).
+- If a similar issue doesn't exist, open a new issue using a relevant [issue form](https://github.com/gogs/gogs/issues/new/choose).
+- Blank issues that are not coming from maintainers will be closed without a response.

-As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+### Pick up an issue to solve

-We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
+- Scan through our [existing issues](https://github.com/gogs/gogs/issues) to find one that interests you.
+- The [👋 good first issue](https://github.com/gogs/gogs/issues?q=is%3Aissue+is%3Aopen+label%3A%22%F0%9F%91%8B+good+first+issue%22) is a good place to start exploring issues that are well-groomed for newcomers.
+- Do not hesitate to ask for more details or clarifying questions on the issue!
+- Communicate on the issue you are intended to pick up _before_ starting working on it.
+- Every issue that gets picked up will have an expected timeline for the implementation, the issue may be reassigned after the expected timeline. Please be responsible and proactive on the communication 🙇‍♂️

-Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+## Add new features or make big changes

-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+New features or big changes require proposals before we may be able to accept any contribution. Proposals should be posted to the [Discussions - Proposal](https://github.com/gogs/gogs/discussions/categories/proposal) category for review and discussions. GitHub Discussions provides sub-threading which is much more suitable than GitHub Issues for discussions to happen. Please read [Write a proposal for open source contributions](https://unknwon.io/posts/220210-write-a-proposal-for-open-source-contributions/) to begin with.

-Instances of abusive, harassing, or otherwise unacceptable behavior can be reported by emailing u@gogs.io
+## Pull requests

-This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
+When you're finished with the changes, create a pull request, or a series of pull requests if necessary.
+
+Contributing to another codebase is not as simple as code changes, it is also about contributing influence to the design. Therefore, we kindly ask you that:
+
+- Please acknowledge that no pull request is guaranteed to be merged.
+- Please always do a self-review before requesting reviews from others.
+- Please expect code review to be strict and may have multiple rounds.
+- Please make self-contained incremental changes, pull requests with huge diff may be rejected for review.
+- Please use English in code comments and docstring.
+- Please do not force push unless absolutely necessary. Force pushes make review much harder in multiple rounds, and we use [Squash and merge](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges#squash-and-merge-your-pull-request-commits) so you don't need to worry about messy commits and just focus on the changes.
+
+### Things we do not accept
+
+1. Updates to locale files (`conf/locale_xx-XX.ini`) other than the `conf/locale_en-US.ini`. Please read the [guide for localizing Gogs](https://gogs.io/docs/features/i18n).
+1. Docker compose files.
+
+### Coding guidelines
+
+1. Please read the Sourcegraph's [Go style guide](https://docs.sourcegraph.com/dev/background-information/languages/go).
+1. **NO** direct modifications to `.css` files, `.css` files are all generated by `.less` files. You can regenerate `.css` files by executing `task less`.
+
+## Your PR is merged!
+
+Congratulations 🎉🎉 Thanks again for taking the effort to have this journey with us 🌟
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,65 +0,0 @@
---
-name: Bug report
-about: Report problems and unexpected behavior
-
---
-
-<!--
-
-First of all, please read https://www.chiark.greenend.org.uk/~sgtatham/bugs.html.
-
-If you don't want to read, it's up to you. But don't waste your time continue reporting.
-
-The issue will be closed without any explanation if it does not satisfy any of following requirements:
-
-1. Please speak English, we have forum in 中文: https://discuss.gogs.io/c/getting-help/getting-help-chinese.
-2. Please post any questions, configuration or deploy problems on our forum: https://discuss.gogs.io.
-3. Please do not end your title with a question mark or period.
-4. Please take a moment to search and make sure the issue doesn't already exist.
-5. Please give all relevant information below for bug reports; incomplete details are considered invalid report.
-
-->
-
-**Describe the bug**
-<!-- A clear and concise description of what the bug is -->
-
-**Gogs version and commit**
-<!-- 
-  The version number or the commit SHA of the Gogs instance you use.
-  You can find these information in the admin dashboard ("/admin").
-->
-
-**Git version**
-
-```
-$ git version
-
-```
-
-**Operating system**
-<!-- The name and version of your operating system -->
-
-**Database**
-<!-- The database and version you use -->
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Can you reproduce the bug at https://try.gogs.io?**
-<!-- If yes, please provide the example URL; if no, please explain why -->
-
-**Expected behavior**
-<!-- A clear and concise description of what you expected to happen -->
-
-**Actual behavior**
-<!-- A clear and concise description of what you see instead -->
-
-**Screenshots**
-<!-- If applicable, add screenshots to help explain your problem -->
-
-**Additional context**
-<!-- Please include any error logs found in `log/gogs.log` -->
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,82 @@
+name: Bug report
+description: File a bug report to help us improve
+labels: ["\U0001F48A bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+        
+        - Please use English :)
+        - For questions, ask in [Discussions](https://github.com/gogs/gogs/discussions).
+        - Before you file an issue read the [Contributing guide](https://github.com/gogs/gogs/blob/main/.github/CONTRIBUTING.md).
+        - Check to make sure someone hasn't already opened a similar [issue](https://github.com/gogs/gogs/issues).
+  - type: input
+    attributes:
+      label: Gogs version
+      description: |
+        Please specify the exact Gogs version you're reporting for, e.g. "0.12.3". You can find the version information in the admin dashboard (`/admin`).
+        
+        _Note that "gogs/gogs:latest" is not a Gogs version, it does not mean anything._
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Git version
+      description: |
+        Please specify the exact Git version you're using of both server and client. You can find the version information by running `git version`.
+      value: |
+        - Server: 
+        - Client: 
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Operating system
+      description: |
+        Please specify the exact operating system name and version you're reporting for, e.g. "Windows 10", "CentOS 7", "Ubuntu 20.04".
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Database
+      description: |
+        Please specify the exact database and version you're reporting for, e.g. "PostgreSQL 9.6", "MySQL 5.7", "SQLite 3".
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: To reproduce
+      description: The steps to reproduce the problem described above.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: |
+        Links? References? Suggestions? Anything that will give us more context about the issue you are encountering!
+        
+        Please include any error logs found in the `log/gogs.log` file. Otherwise, we probably won't be able to help you much.
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://go.dev/conduct)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,8 @@
-blank_issues_enabled: false
+blank_issues_enabled: true
 contact_links:
-  - name: Gogs Community Forum
-    url: https://discuss.gogs.io/
-    about: Please ask and answer questions here.
+  - name: Ask questions
+    url: https://github.com/gogs/gogs/discussions
+    about: Please ask questions in Discussions.
+  - name: Make a proposal
+    url: https://github.com/gogs/gogs/discussions/categories/proposal
+    about: Please make proposals in Discussions.
--- a/.github/ISSUE_TEMPLATE/dev_release_minor_version.md
+++ b/.github/ISSUE_TEMPLATE/dev_release_minor_version.md
@@ -0,0 +1,53 @@
+---
+name: "Dev: Release a minor version"
+about: ONLY USED BY MAINTAINERS.
+title: "Release [VERSION]"
+labels: 📸 release
+---
+
+_This is generated from the [minor release template](https://github.com/gogs/gogs/blob/main/.github/ISSUE_TEMPLATE/dev_release_minor_version.md)._
+
+## Before release
+
+On the `main` branch:
+
+- [ ] Close stale issues with the label [status: needs feedback](https://github.com/gogs/gogs/issues?q=is%3Aissue+is%3Aopen+label%3A%22status%3A+needs+feedback%22).
+- [ ] [Sync locales from Crowdin](https://github.com/gogs/gogs/blob/main/docs/dev/import_locale.md).
+- [ ] [Update CHANGELOG](https://github.com/gogs/gogs/commit/720cb5fcb169b9e026b5b47f57d50888b35fdb4b) to include entries for the current minor release.
+- [ ] Cut a new release branch `release/<MAJOR>.<MINOR>`, e.g. `release/0.12`.
+
+## During release
+
+On the release branch:
+
+- [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f17e7d5a2c36c52a1121d2315f3d75dcd8053b89) to the current release, e.g. `0.12.0+dev` -> `0.12.0`.
+- [ ] Wait for GitHub Actions to complete and no failed jobs.
+- [ ] Publish new RC releases (e.g. `v0.12.0-rc.1`, `v0.12.0-rc.2`) to ensure Docker workflow succeeds. **Make sure the tag is created on the release branch**.
+	- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
+- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current minor release. **Make sure the tag is created on the release branch**.
+- [ ] [Wait for a new image tag for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
+- [ ] [Push a new Docker image tag](https://github.com/gogs/gogs/blob/main/docs/dev/release/release_new_version.md#update-docker-image-tag) as `<MAJOR>.<MINOR>` to both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs), e.g.:
+- [ ] [Compile and pack binaries](https://github.com/gogs/gogs/blob/main/docs/dev/release/release_new_version.md#compile-and-pack-binaries) (all prefixed with `gogs_<MAJOR>.<MINOR>.<PATCH>_`, e.g. `gogs_0.12.0_`):
+	- [ ] macOS: `darwin_amd64.zip`, `darwin_arm64.zip`
+	- [ ] Linux: `linux_386.tar.gz`, `linux_386.zip`, `linux_amd64.tar.gz`, `linux_amd64.zip`
+	- [ ] ARM: `linux_armv7.tar.gz`, `linux_armv7.zip`, `linux_armv8.tar.gz`, `linux_armv8.zip`
+	- [ ] Windows: `windows_amd64.zip`, `windows_amd64_mws.zip`
+- [ ] [Generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
+- [ ] Upload all binaries and `checksum_sha256.txt` to:
+	- [ ] GitHub release
+	- [ ] https://dl.gogs.io
+- [ ] Update content of [Install from binary](https://gogs.io/docs/installation/install_from_binary).
+
+## After release
+
+On the `main` branch:
+
+- [ ] Publish [GitHub security advisories](https://github.com/gogs/gogs/security) for security patches included in the release.
+- [ ] Update the repository mirror on [Gitee](https://gitee.com/unknwon/gogs).
+- [ ] Create a new release announcement in [Discussions](https://github.com/gogs/gogs/discussions/categories/announcements).
+- [ ] Send a tweet on the [official Twitter account](https://twitter.com/GogsHQ) for the minor release.
+- [ ] Send out release announcement emails via [Mailchimp](https://mailchimp.com/).
+- [ ] Publish a new release article on [OSChina](http://my.oschina.net/Obahua/admin/releases).
+- [ ] Close the minor milestone.
+- [ ] [Bump the hard-coded version](https://github.com/gogs/gogs/commit/05477f1d294dc43f36c4a3b3b9575a96aea66a67) to the new develop version, e.g. `0.12.0+dev` -> `0.13.0+dev`.
+- [ ] Run `task legacy` to identify deprecated code that is aimed to be removed in current develop version.
--- a/.github/ISSUE_TEMPLATE/dev_release_patch_version.md
+++ b/.github/ISSUE_TEMPLATE/dev_release_patch_version.md
@@ -0,0 +1,55 @@
+---
+name: "Dev: Release a patch version"
+about: ONLY USED BY MAINTAINERS.
+title: "Release [VERSION]"
+labels: 📸 release
+---
+
+_This is generated from the [patch release template](https://github.com/gogs/gogs/blob/main/.github/ISSUE_TEMPLATE/dev_release_patch_version.md)._
+
+## Before release
+
+On the release branch:
+
+- [ ] Make sure all commits are cherry-picked from the `main` branch by checking the patch milestone.
+- [ ] [Update CHANGELOG on the `main` branch](https://github.com/gogs/gogs/commit/e6c5633f580399c8f4dfc07166a63a01c6c70346) to include entries for the current patch release.
+
+## During release
+
+On the release branch:
+
+- [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f0e3cd90f8d7695960eeef2e4e54b2e717302f6c) to the current release, e.g. `0.12.0` -> `0.12.1`.
+- [ ] Wait for GitHub Actions to complete and no failed jobs.
+- [ ] Publish new RC releases (e.g. `v0.12.0-rc.1`, `v0.12.0-rc.2`) to ensure Docker workflow succeeds. **Make sure the tag is created on the release branch**.
+	- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
+- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current patch release and all previous releases with same minor version. **Make sure the tag is created on the release branch**.
+- [ ] Update all previous GitHub releases with same minor version with the warning:
+	```
+	**ℹ️ Heads up! There is a new patch release [0.12.1](https://github.com/gogs/gogs/releases/tag/v0.12.1) available, we recommend directly installing or upgrading to that version.**
+	```
+- [ ] [Wait for a new image tag for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
+- [ ] [Update Docker image tag](https://github.com/gogs/gogs/blob/main/docs/dev/release/release_new_version.md#update-docker-image-tag) for the minor release `<MAJOR>.<MINOR>` on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
+- [ ] [Compile and pack binaries](https://github.com/gogs/gogs/blob/main/docs/dev/release/release_new_version.md#compile-and-pack-binaries) (all prefixed with `gogs_<MAJOR>.<MINOR>.<PATCH>_`, e.g. `gogs_0.12.0_`):
+	- [ ] macOS: `darwin_amd64.zip`, `darwin_arm64.zip`
+	- [ ] Linux: `linux_386.tar.gz`, `linux_386.zip`, `linux_amd64.tar.gz`, `linux_amd64.zip`
+	- [ ] ARM: `linux_armv7.tar.gz`, `linux_armv7.zip`, `linux_armv8.tar.gz`, `linux_armv8.zip`
+	- [ ] Windows: `windows_amd64.zip`, `windows_amd64_mws.zip`
+- [ ] [Generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
+- [ ] Upload all binaries and `checksum_sha256.txt` to:
+	- [ ] GitHub release
+	- [ ] https://dl.gogs.io
+- [ ] Update content of [Install from binary](https://gogs.io/docs/installation/install_from_binary).
+
+## After release
+
+On the `main` branch:
+
+- [ ] Publish [GitHub security advisories](https://github.com/gogs/gogs/security) for security patches included in the release.
+- [ ] Post the following message on issues that are included in the patch milestone:
+    ```
+    The <MAJOR>.<MINOR>.<PATCH> has been released that includes the patch of the reported issue.
+    ```
+- [ ] Update the repository mirror on [Gitee](https://gitee.com/unknwon/gogs).
+- [ ] Create a new release announcement in [Discussions](https://github.com/gogs/gogs/discussions/categories/announcements).
+- [ ] Send a tweet on the [official Twitter account](https://twitter.com/GogsHQ) for the patch release.
+- [ ] Close the patch milestone.
--- a/.github/ISSUE_TEMPLATE/documentation.yml
+++ b/.github/ISSUE_TEMPLATE/documentation.yml
@@ -0,0 +1,32 @@
+name: Improve documentation
+description: Suggest an idea or a patch for documentation
+labels: ["📖 documentation"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this form!
+        
+        - Please use English :)
+        - For questions, ask in [Discussions](https://github.com/gogs/gogs/discussions).
+        - Before you file an issue read the [Contributing guide](https://github.com/gogs/gogs/blob/main/.github/CONTRIBUTING.md).
+        - Check to make sure someone hasn't already opened a similar [issue](https://github.com/gogs/gogs/issues).
+  - type: textarea
+    attributes:
+      label: What needs to be improved? Please describe
+      description: A clear and concise description of what is wrong or missing.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Why do you think it is important?
+      description: A clear and concise explanation of the rationale.
+    validations:
+      required: true
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://go.dev/conduct)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,32 +0,0 @@
---
-name: Feature request
-about: Suggest an idea for this project
-
---
-
-<!--
-
-First of all, please read https://www.chiark.greenend.org.uk/~sgtatham/bugs.html.
-
-If you don't want to read, it's up to you. But don't waste your time continue reporting.
-
-The issue will be closed without any explanation if it does not satisfy any of following requirements:
-
-1. Please speak English, we have forum in 中文: https://discuss.gogs.io/c/getting-help/getting-help-chinese.
-2. Please post any questions, configuration or deploy problems on our forum: https://discuss.gogs.io.
-3. Please do not end your title with a question mark or period.
-4. Please take a moment to search and make sure the issue doesn't already exist.
-
-->
-
-**Describe the feature**
-<!-- A description of what feature you would like -->
-
-**Describe the solution you'd like**
-<!-- A clear and concise description of what you want to happen -->
-
-**Describe alternatives you've considered**
-<!-- A clear and concise description of any alternative solutions or features you've considered -->
-
-**Additional context**
-<!-- Add any other context or screenshots about the feature request here -->
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,47 @@
+name: Feature request
+description: Suggest an idea for this project
+labels: ["\U0001F3AF feature"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this form!
+        
+        - Please use English :)
+        - For questions, ask in [Discussions](https://github.com/gogs/gogs/discussions).
+        - Before you file an issue read the [Contributing guide](https://github.com/gogs/gogs/blob/main/.github/CONTRIBUTING.md).
+        - Check to make sure someone hasn't already opened a similar [issue](https://github.com/gogs/gogs/issues).
+  - type: textarea
+    attributes:
+      label: Describe the feature
+      description: A clear and concise description of what the feature is, e.g. I think it is reasonable to have [...]
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: |
+        Links? References? Suggestions? Anything that will give us more context about the feature you are requesting!
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://go.dev/conduct)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
--- a/.github/ISSUE_TEMPLATE/security.md
+++ b/.github/ISSUE_TEMPLATE/security.md
@@ -1,12 +0,0 @@
---
-name: Security vulnerability
-about: Report security vulnerability for this project
-
---
-
-<!--
-
-Please create a dummy issue with high-level description of the security vulnerability,
-then report details to u@gogs.io privately, thank you!
-
-->
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,8 +0,0 @@
-The pull request will be closed without any reasons if it does not satisfy any of following requirements:
-
-1. Please read contributing guidelines:
-https://github.com/gogits/gogs/wiki/Contributing-Code
-2. Please describe what your pull request does and which issue you're targeting
-3. ... if it is not related to any particular issues, explain why we should not reject your pull request.
-
-**You MUST delete above content including this line before posting; too lazy to take this action considered invalid pull request.**
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# Docs: https://git.io/JCUAY
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    reviewers:
+      - "gogs/core"
+    commit-message:
+      prefix: "mod:"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -0,0 +1,15 @@
+## Describe the pull request
+
+A clear and concise description of what the pull request is about, i.e. what problem should be fixed? 
+
+Link to the issue: <!-- paste the issue link here, or put "n/a" if not applicable -->
+
+## Checklist
+
+- [ ] I agree to follow the [Code of Conduct](https://go.dev/conduct) by submitting this pull request.
+- [ ] I have read and acknowledge the [Contributing guide](https://github.com/gogs/gogs/blob/main/.github/CONTRIBUTING.md).
+- [ ] I have added test cases to cover the new code or have provided the test plan.
+
+## Test plan
+
+<!-- Please provide concrete but concise steps to proof things are working as stated, see an example in https://github.com/gogs/gogs/pull/7345 -->
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,52 +1,75 @@
-name: "Code scanning - action"
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"

 on:
  push:
-    branches: [master]
+    branches: [ main ]
+  pull_request:
+    paths:
+      - '.github/workflows/codeql.yml'
  schedule:
    - cron: '0 19 * * 0'

-jobs:
-  CodeQL-Build:
+permissions:
+  contents: read
+  security-events: write

-    # CodeQL runs on ubuntu-latest and windows-latest
+jobs:
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest

+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          # We must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head.
+          fetch-depth: 2

-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-      
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      # Override language selection by uncommenting this and choosing your languages
-      # with:
-      #   languages: go, javascript, csharp, python, cpp, java
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3.28.3
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main

-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3.28.3

-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl

-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language

-    #- run: |
-    #   make bootstrap
-    #   make release
+      #- run: |
+      #   make bootstrap
+      #   make release

-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3.28.3
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -5,37 +5,36 @@ on:
      - main
  pull_request:
    paths:
+      - '.trivy.yaml'
      - 'Dockerfile'
+      - 'Dockerfile.next'
      - 'docker/**'
+      - 'docker-next/**'
      - '.github/workflows/docker.yml'
  release:
    types: [ published ]

 jobs:
  buildx:
-    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
    runs-on: ubuntu-latest
    permissions:
      actions: write
      contents: read
      packages: write
    steps:
-      - name: Canel previous runs
-        uses: styfle/cancel-workflow-action@0.9.1
-        with:
-          all_but_latest: true
-          access_token: ${{ secrets.GITHUB_TOKEN }}
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
-        with:
-          config-inline: |
-            [worker.oci]
-              max-parallelism = 2
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Inspect builder
        run: |
          echo "Name:      ${{ steps.buildx.outputs.name }}"
@@ -44,18 +43,18 @@ jobs:
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
      - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push images
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/arm/v7
@@ -63,8 +62,126 @@ jobs:
          tags: |
            gogs/gogs:latest
            ghcr.io/gogs/gogs:latest
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        with:
+          image-ref: gogs/gogs:latest
+          exit-code: '1'
      - name: Send email on failure
-        uses: dawidd6/action-send-mail@v3
+        uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
+        if: ${{ failure() }}
+        with:
+          server_address: smtp.mailgun.org
+          server_port: 465
+          username: ${{ secrets.SMTP_USERNAME }}
+          password: ${{ secrets.SMTP_PASSWORD }}
+          subject: GitHub Actions (${{ github.repository }}) job result
+          to: github-actions-8ce6454@unknwon.io
+          from: GitHub Actions (${{ github.repository }})
+          reply_to: noreply@unknwon.io
+          body: |
+            The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
+
+            View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+  buildx-next:
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
+    concurrency:
+      group: ${{ github.workflow }}-next-${{ github.ref }}
+      cancel-in-progress: true
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Inspect builder
+        run: |
+          echo "Name:      ${{ steps.buildx.outputs.name }}"
+          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+          echo "Status:    ${{ steps.buildx.outputs.status }}"
+          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+      - name: Login to Docker Hub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to DigitalOcean Container registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: registry.digitalocean.com
+          username: ${{ secrets.DIGITALOCEAN_USERNAME }}
+          password: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+      - name: Build and push next-gen images
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: Dockerfile.next
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          tags: |
+            gogs/gogs:next-latest
+            ghcr.io/gogs/gogs:next-latest
+            registry.digitalocean.com/gogs/gogs:next-latest
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        with:
+          image-ref: gogs/gogs:next-latest
+          exit-code: '1'
+      - name: Send email on failure
+        uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
+        if: ${{ failure() }}
+        with:
+          server_address: smtp.mailgun.org
+          server_port: 465
+          username: ${{ secrets.SMTP_USERNAME }}
+          password: ${{ secrets.SMTP_PASSWORD }}
+          subject: GitHub Actions (${{ github.repository }}) job result
+          to: github-actions-8ce6454@unknwon.io
+          from: GitHub Actions (${{ github.repository }})
+          reply_to: noreply@unknwon.io
+          body: |
+            The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
+
+            View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+  deploy-demo:
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
+    needs: buildx-next
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Configure kubectl
+        run: |
+          mkdir -p ~/.kube
+          echo "${KUBECONFIG}" | base64 -d > ~/.kube/config
+        env:
+          KUBECONFIG: ${{ secrets.DIGITALOCEAN_K8S_CLUSTER_KUBECONFIG }}
+      - name: Restart gogs-demo deployment
+        timeout-minutes: 5
+        run: |
+          set -ex
+          kubectl rollout restart deployment gogs-demo -n gogs
+          kubectl rollout status deployment gogs-demo -n gogs
+      - name: Send email on failure
+        uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
        if: ${{ failure() }}
        with:
          server_address: smtp.mailgun.org
@@ -81,16 +198,16 @@ jobs:
            View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

  buildx-pull-request:
-    if: ${{ github.event_name == 'pull_request' && github.repository == 'gogs/gogs' }}
+    if: ${{ github.event_name == 'pull_request'}}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
        with:
          config-inline: |
            [worker.oci]
@@ -102,33 +219,34 @@ jobs:
          echo "Status:    ${{ steps.buildx.outputs.status }}"
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Compute short commit SHA
-        uses: benjlevesque/short-sha@v1.2
+        id: short-sha
+        uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0
      - name: Build and push images
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: .
          platforms: linux/amd64
          push: true
          tags: |
-            gogs/gogs:commit-${{ env.SHA }}
+            ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:7d
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        with:
+          image-ref: ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:7d
+          exit-code: '1'

-  buildx-pull-request-fork:
-    if: ${{ github.event_name == 'pull_request' && github.repository != 'gogs/gogs' }}
+  buildx-next-pull-request:
+    if: ${{ github.event_name == 'pull_request'}}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
        with:
          config-inline: |
            [worker.oci]
@@ -140,12 +258,25 @@ jobs:
          echo "Status:    ${{ steps.buildx.outputs.status }}"
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
-      - name: Build images
-        uses: docker/build-push-action@v2
+      - name: Compute short commit SHA
+        id: short-sha
+        uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0
+      - name: Build and push next-gen images
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: .
+          file: Dockerfile.next
          platforms: linux/amd64
+          push: true
+          tags: |
+            ttl.sh/gogs/gogs-next-${{ steps.short-sha.outputs.sha }}:7d
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        with:
+          image-ref: ttl.sh/gogs/gogs-next-${{ steps.short-sha.outputs.sha }}:7d
+          exit-code: '1'

+  # Updates to the following section needs to be synced to all release branches within their lifecycles.
  buildx-release:
    if: ${{ github.event_name == 'release' }}
    runs-on: ubuntu-latest
@@ -157,16 +288,14 @@ jobs:
      - name: Compute image tag name
        run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
-        with:
-          config-inline: |
-            [worker.oci]
-              max-parallelism = 2
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Inspect builder
        run: |
          echo "Name:      ${{ steps.buildx.outputs.name }}"
@@ -175,18 +304,18 @@ jobs:
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
      - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push images
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/arm/v7
@@ -195,7 +324,72 @@ jobs:
            gogs/gogs:${{ env.IMAGE_TAG }}
            ghcr.io/gogs/gogs:${{ env.IMAGE_TAG }}
      - name: Send email on failure
-        uses: dawidd6/action-send-mail@v3
+        uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
+        if: ${{ failure() }}
+        with:
+          server_address: smtp.mailgun.org
+          server_port: 465
+          username: ${{ secrets.SMTP_USERNAME }}
+          password: ${{ secrets.SMTP_PASSWORD }}
+          subject: GitHub Actions (${{ github.repository }}) job result
+          to: github-actions-8ce6454@unknwon.io
+          from: GitHub Actions (${{ github.repository }})
+          reply_to: noreply@unknwon.io
+          body: |
+            The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
+
+            View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+  # Updates to the following section needs to be synced to all release branches within their lifecycles.
+  buildx-next-release:
+    if: ${{ github.event_name == 'release' }}
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: read
+      packages: write
+    steps:
+      - name: Compute image tag name
+        run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Inspect builder
+        run: |
+          echo "Name:      ${{ steps.buildx.outputs.name }}"
+          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+          echo "Status:    ${{ steps.buildx.outputs.status }}"
+          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+      - name: Login to Docker Hub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push next-gen images
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: Dockerfile.next
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          tags: |
+            gogs/gogs:next-${{ env.IMAGE_TAG }}
+            ghcr.io/gogs/gogs:next-${{ env.IMAGE_TAG }}
+      - name: Send email on failure
+        uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
        if: ${{ failure() }}
        with:
          server_address: smtp.mailgun.org
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -18,60 +18,68 @@ on:
 env:
  GOPROXY: "https://proxy.golang.org"

+permissions:
+  contents: read
+
 jobs:
  lint:
+    permissions:
+      contents: read       # for actions/checkout to fetch code
+      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
-      - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
-          version: latest
-          args: --timeout=30m
+          go-version: 1.25.x
      - name: Install Task
-        uses: arduino/setup-task@v1
-      - name: Install go-bindata
-        shell: bash
-        run: |
-          curl --silent --location --output /usr/local/bin/go-bindata https://github.com/kevinburke/go-bindata/releases/download/v3.23.0/go-bindata-linux-amd64
-          chmod +x /usr/local/bin/go-bindata
-      - name: Check Go module tidiness
+        uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Check Go module tidiness and generated files
        shell: bash
        run: |
          go mod tidy
+          task generate
          STATUS=$(git status --porcelain)
          if [ ! -z "$STATUS" ]; then
            echo "Unstaged files:"
            echo $STATUS
-            echo "Run 'go mod tidy' and commit them"
+            echo "Run 'go mod tidy' or 'task generate' commit them"
            exit 1
          fi
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@9fae48acfc02a90574d7c304a1758ef9895495fa # v7.0.1
+        with:
+          version: latest
+          args: --timeout=30m

  test:
    name: Test
    strategy:
      matrix:
-        go-version: [ 1.14.x, 1.15.x, 1.16.x, 1.17.x, 1.18.x ]
-        platform: [ ubuntu-latest, macos-latest, windows-latest ]
+        go-version: [ 1.25.x ]
+        platform: [ ubuntu-latest, macos-latest ]
    runs-on: ${{ matrix.platform }}
    steps:
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      - name: Install Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
          go-version: ${{ matrix.go-version }}
-      - name: Checkout code
-        uses: actions/checkout@v2
      - name: Run tests with coverage
-        run: go test -v -race -coverprofile=coverage -covermode=atomic ./...
+        run: go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic ./...
      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v1.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        with:
          file: ./coverage
          flags: unittests
      - name: Send email on failure
-        uses: dawidd6/action-send-mail@v3
+        uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
        if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
        with:
          server_address: smtp.mailgun.org
@@ -86,3 +94,123 @@ jobs:
            The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".

            View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+  # Running tests with race detection consumes too much memory on Windows,
+  # see https://github.com/golang/go/issues/46099 for details.
+  test-windows:
+    name: Test Windows
+    strategy:
+      matrix:
+        go-version: [ 1.25.x ]
+        platform: [ windows-latest ]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests with coverage
+        run: go test -shuffle=on -v -coverprofile=coverage -covermode=atomic ./...
+      - name: Upload coverage report to Codecov
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        with:
+          file: ./coverage
+          flags: unittests
+      - name: Send email on failure
+        uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
+        if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+        with:
+          server_address: smtp.mailgun.org
+          server_port: 465
+          username: ${{ secrets.SMTP_USERNAME }}
+          password: ${{ secrets.SMTP_PASSWORD }}
+          subject: GitHub Actions (${{ github.repository }}) job result
+          to: github-actions-8ce6454@unknwon.io
+          from: GitHub Actions (${{ github.repository }})
+          reply_to: noreply@unknwon.io
+          body: |
+            The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
+
+            View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+  postgres:
+    name: Postgres
+    strategy:
+      matrix:
+        go-version: [ 1.25.x ]
+        platform: [ ubuntu-latest ]
+    runs-on: ${{ matrix.platform }}
+    services:
+      postgres:
+        image: postgres:9.6
+        env:
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests with coverage
+        run: go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic ./internal/db/...
+        env:
+          GOGS_DATABASE_TYPE: postgres
+          PGPORT: 5432
+          PGHOST: localhost
+          PGUSER: postgres
+          PGPASSWORD: postgres
+          PGSSLMODE: disable
+
+  mysql:
+    name: MySQL
+    strategy:
+      matrix:
+        go-version: [ 1.25.x ]
+        platform: [ ubuntu-22.04 ] # Use the lowest version possible for backwards compatibility
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Start MySQL server
+        run: sudo systemctl start mysql
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests with coverage
+        run: go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic ./internal/db/...
+        env:
+          GOGS_DATABASE_TYPE: mysql
+          MYSQL_USER: root
+          MYSQL_PASSWORD: root
+          MYSQL_HOST: localhost
+          MYSQL_PORT: 3306
+
+  sqlite-go:
+    name: SQLite - Go
+    strategy:
+      matrix:
+        go-version: [ 1.25.x ]
+        platform: [ ubuntu-latest ]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests with coverage
+        run: go test -shuffle=on -v -race -parallel=1 -coverprofile=coverage -covermode=atomic ./internal/db/...
+        env:
+          GOGS_DATABASE_TYPE: sqlite
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -0,0 +1,25 @@
+name: 'Lock Threads'
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+concurrency:
+  group: lock
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
+        with:
+          github-token: ${{ github.token }}
+          issue-inactive-days: '90'
+          issue-lock-reason: 'resolved'
+          pr-inactive-days: '365'
+          pr-lock-reason: 'resolved'
--- a/.github/workflows/lsif.yml
+++ b/.github/workflows/lsif.yml
@@ -1,28 +0,0 @@
-name: LSIF
-on:
-  push:
-    paths:
-      - '**.go'
-      - 'go.mod'
-      - '.github/workflows/lsif.yml'
-env:
-  GOPROXY: "https://proxy.golang.org"
-
-jobs:
-  lsif-go:
-    if: github.repository == 'gogs/gogs'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Generate LSIF data
-        uses: sourcegraph/lsif-go-action@master
-      - name: Upload LSIF data to sourcegraph.com
-        continue-on-error: true
-        uses: docker://sourcegraph/src-cli:latest
-        with:
-          args: lsif upload -github-token=${{ secrets.GITHUB_TOKEN }}
-      - name: Upload LSIF data to sourcegraph.unknwon.cn
-        continue-on-error: true
-        uses: docker://sourcegraph/src-cli:latest
-        with:
-          args: -endpoint=https://sourcegraph.unknwon.cn lsif upload -github-token=${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/shell.yml
+++ b/.github/workflows/shell.yml
@@ -4,11 +4,14 @@ on:
    branches: [ main ]
  pull_request:

+permissions:
+  contents: read
+
 jobs:
  shellcheck:
    name: Shellcheck
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
      - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@master
+        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
--- a/.gitignore
+++ b/.gitignore
@@ -13,7 +13,6 @@ public/img/avatar/
 profile/
 *.pem
 output*
-*.sublime-project
-*.sublime-workspace
 /release
 .task
+.envrc
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,26 +1,153 @@
-linters-settings:
-  staticcheck:
-    checks: [
-      "all",
-      "-SA1019" # There are valid use cases of strings.Title
-    ]
-  nakedret:
-    max-func-lines: 0 # Disallow any unnamed return statement
-
+version: "2"
 linters:
  enable:
-    - deadcode
-    - errcheck
-    - gosimple
-    - govet
-    - ineffassign
-    - staticcheck
-    - structcheck
-    - typecheck
-    - unused
-    - varcheck
    - nakedret
-    - gofmt
    - rowserrcheck
    - unconvert
+    - unparam
+  settings:
+    govet:
+      disable:
+        # printf: non-constant format string in call to fmt.Errorf (govet)
+        # showing up since golangci-lint version 1.60.1
+        - printf
+    staticcheck:
+      checks:
+        - all
+        - "-SA1019" # This project is under active refactoring and not all code is up to date.
+        - "-QF1001" # I'm a math noob
+        - "-ST1016" # Some legit code uses this pattern
+    nakedret:
+      max-func-lines: 0 # Disallow any unnamed return statement
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+    rules:
+      - path: internal/auth/ldap/config.go
+        linters: [staticcheck]
+      - path: internal/cmd/import.go
+        linters: [staticcheck]
+      - path: internal/context/context.go
+        linters: [staticcheck]
+      - path: internal/db/attachment.go
+        linters: [staticcheck]
+      - path: internal/db/errors/errors.go
+        linters: [staticcheck]
+      - path: internal/db/issue.go
+        linters: [staticcheck]
+      - path: internal/db/issue_mail.go
+        linters: [staticcheck]
+      - path: internal/db/org.go
+        linters: [staticcheck]
+      - path: internal/db/repo.go
+        linters: [staticcheck]
+      - path: internal/db/schemadoc/main.go
+        linters: [staticcheck]
+      - path: internal/db/users.go
+        linters: [staticcheck]
+      - path: internal/db/webhook.go
+        linters: [staticcheck]
+      - path: internal/db/webhook_dingtalk.go
+        linters: [staticcheck]
+      - path: internal/email/email.go
+        linters: [staticcheck]
+      - path: internal/email/message.go
+        linters: [staticcheck]
+      - path: internal/form/repo.go
+        linters: [staticcheck]
+      - path: internal/form/user.go
+        linters: [staticcheck]
+      - path: internal/httplib/httplib.go
+        linters: [staticcheck]
+      - path: internal/markup/markdown.go
+        linters: [staticcheck]
+      - path: internal/route/api/v1/repo/commits.go
+        linters: [staticcheck]
+      - path: internal/route/api/v1/user/follower.go
+        linters: [staticcheck]
+      - path: internal/route/repo/branch.go
+        linters: [staticcheck]
+      - path: internal/route/repo/commit.go
+        linters: [staticcheck]
+      - path: internal/route/repo/issue.go
+        linters: [staticcheck]
+      - path: internal/route/user/profile.go
+        linters: [staticcheck]
+      - path: internal/template/template.go
+        linters: [staticcheck]
+      - path: internal/tool/tool.go
+        linters: [staticcheck]
+      - path: internal/cmd/serv.go
+        linters: [staticcheck]
+      - path: internal/db/actions_test.go
+        linters: [staticcheck]
+      - path: internal/db/milestone.go
+        linters: [staticcheck]
+      - path: internal/db/pull.go
+        linters: [staticcheck]
+      - path: internal/route/home.go
+        linters: [staticcheck]
+      - path: internal/db/release.go
+        linters: [staticcheck]
+      - path: internal/route/org/members.go
+        linters: [staticcheck]
+      - path: internal/route/org/setting.go
+        linters: [staticcheck]
+      - path: internal/db/repo_branch.go
+        linters: [staticcheck]
+      - path: internal/db/user_mail.go
+        linters: [staticcheck]
+      - path: internal/route/user/auth.go
+        linters: [staticcheck]
+      - path: internal/db/webhook_slack.go
+        linters: [staticcheck]
+      - path: internal/form/form.go
+        linters: [staticcheck]
+      - path: internal/route/org/teams.go
+        linters: [staticcheck]
+      - path: internal/route/admin/auths.go
+        linters: [staticcheck]
+      - path: internal/route/admin/users.go
+        linters: [staticcheck]
+      - path: internal/db/admin.go
+        linters: [staticcheck]
+      - path: internal/db/comment.go
+        linters: [staticcheck]
+      - path: internal/route/user/home.go
+        linters: [staticcheck]
+      - path: internal/route/user/setting.go
+        linters: [staticcheck]
+      - path: internal/db/org_team.go
+        linters: [staticcheck]
+      - path: internal/db/repo_editor.go
+        linters: [staticcheck]
+      - path: internal/process/manager.go
+        linters: [staticcheck]
+      - path: internal/db/ssh_key.go
+        linters: [staticcheck]
+      - path: internal/route/repo/pull.go
+        linters: [staticcheck]
+      - path: internal/route/repo/release.go
+        linters: [staticcheck]
+      - path: internal/route/repo/setting.go
+        linters: [staticcheck]
+      - path: internal/route/repo/wiki.go
+        linters: [staticcheck]
+formatters:
+  enable:
+    - gofmt
    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
--- a/.mailmap
+++ b/.mailmap
@@ -1,2 +1,4 @@
-Unknwon <u@gogs.io> <joe2010xtmf@163.com>
-Unknwon <u@gogs.io> 无闻 <u@gogs.io>
+Joe Chen <jc@unknwon.io> Unknwon <u@gogs.io>
+Joe Chen <jc@unknwon.io> 无闻 <u@gogs.io>
+Joe Chen <jc@unknwon.io> ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
+Joe Chen <jc@unknwon.io> ᴜɴᴋɴᴡᴏɴ <jc@unknwon.io>
--- a/.pkgr.yml
+++ b/.pkgr.yml
@@ -1,26 +1,21 @@
 targets:
-  debian-8: &debian
+  debian-9: &debian
    build_dependencies:
      - libpam0g-dev
    dependencies:
      - libpam0g
      - git
-  debian-9:
-    <<: *debian
  debian-10:
    <<: *debian
  debian-11:
    <<: *debian
-  ubuntu-14.04:
-    <<: *debian
-  ubuntu-16.04:
-    <<: *debian
-    build_dependencies:
-      - bzr
-      - mercurial
  ubuntu-18.04:
    <<: *debian
-  centos-7:
+  ubuntu-20.04:
+    <<: *debian
+  ubuntu-22.04:
+    <<: *debian
+  centos-8:
    build_dependencies:
      - pam-devel
      # required for Go buildpack
@@ -33,4 +28,4 @@ before:
 after:
  - mv bin/gogs gogs
 after_install: ./.packager/hooks/postinst
-buildpack: https://github.com/heroku/heroku-buildpack-go.git
+buildpack: https://github.com/heroku/heroku-buildpack-go.git#main
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,30 +2,38 @@

 All notable changes to Gogs are documented in this file.

-## 0.13.0+dev (`main`)
+## 0.14.0+dev (`main`)
+
+## 0.13.0

 ### Added

+- Support using personal access token in the password field. [#3866](https://github.com/gogs/gogs/issues/3866)
 - An unlisted option is added when create or migrate a repository. Unlisted repositories are public but not being listed for users without direct access in the UI. [#5733](https://github.com/gogs/gogs/issues/5733)
+- New API endpoint `PUT /repos/:owner/:repo/contents/:path` for creating and update repository contents. [#5967](https://github.com/gogs/gogs/issues/5967)
 - New configuration option `[git.timeout] DIFF` for customizing operation timeout of `git diff`. [#6315](https://github.com/gogs/gogs/issues/6315)
 - New configuration option `[server] SSH_SERVER_MACS` for setting list of accepted MACs for connections to builtin SSH server. [#6434](https://github.com/gogs/gogs/issues/6434)
+- New configuration option `[repository] DEFAULT_BRANCH` for setting default branch name for new repositories. [#7291](https://github.com/gogs/gogs/issues/7291)
+- New configuration option `[server] SSH_SERVER_ALGORITHMS` for specifying the list of accepted key exchange algorithms for connections to builtin SSH server. [#7345](https://github.com/gogs/gogs/pull/7345)
 - Support specifying custom schema for PostgreSQL. [#6695](https://github.com/gogs/gogs/pull/6695)
 - Support rendering Mermaid diagrams in Markdown. [#6776](https://github.com/gogs/gogs/pull/6776)
- New languages support: Mongolian. [#6510](https://github.com/gogs/gogs/pull/6510)
+- Docker: Allow passing extra arguments to the `backup` command. [#7060](https://github.com/gogs/gogs/pull/7060)
+- New languages support: Mongolian, Romanian. [#6510](https://github.com/gogs/gogs/pull/6510) [#7082](https://github.com/gogs/gogs/pull/7082)

 ### Changed

 - The default branch has been changed to `main`. [#6285](https://github.com/gogs/gogs/pull/6285)
 - MSSQL as database backend is deprecated, installation page no longer shows it as an option. Existing installations and manually craft configuration file continue to work. [#6295](https://github.com/gogs/gogs/pull/6295)
 - Use [Task](https://github.com/go-task/task) as the build tool. [#6297](https://github.com/gogs/gogs/pull/6297)
- The required Go version to compile source code changed to 1.16.
+- The required Go version to compile source code changed to 1.18.
+- Access tokens are now stored using their SHA256 hashes instead of raw values. [#7008](https://github.com/gogs/gogs/pull/7008)

 ### Fixed

- _Security:_ XSS in cookies. [#6953](https://github.com/gogs/gogs/issues/6953)
- _Security:_ OS Command Injection in file uploading. [#6968](https://github.com/gogs/gogs/issues/6968)
- _Security:_ Remote Command Execution in file editing. [#6555](https://github.com/gogs/gogs/issues/6555)
 - Unable to use LDAP authentication on ARM machines. [#6761](https://github.com/gogs/gogs/issues/6761)
+- Unable to choose "Lookup Avatar by mail" in user settings without deleting custom avatar. [#7267](https://github.com/gogs/gogs/pull/7267)
+- Mistakenly include the "data" directory under the custom directory in the Docker setup. [#7343](https://github.com/gogs/gogs/pull/7343)
+- Unable to start after data recovery with an outdated migration version. [#7125](https://github.com/gogs/gogs/issues/7125)

 ### Removed

@@ -47,6 +55,48 @@ All notable changes to Gogs are documented in this file.
 - Configuration option `[database] PASSWD` is no longer used, please use `[database] PASSWORD`.
 - Remove option to use Makefile as the build tool. [#6980](https://github.com/gogs/gogs/pull/6980)

+## 0.12.11
+
+### Fixed
+
+- _Security:_ Stored XSS for issue assignees. [#7145](https://github.com/gogs/gogs/issues/7145)
+- _Security:_ OS Command Injection in repo editor on case-insensitive file systems. [#7030](https://github.com/gogs/gogs/issues/7030)
+- Unable to render repository pages with implicit submodules (e.g. `get submodule "REDACTED": revision does not exist`). [#6436](https://github.com/gogs/gogs/issues/6436)
+
+## 0.12.10
+
+### Changed
+
+- Support using `[security] LOCAL_NETWORK_ALLOWLIST = *` to allow all hostnames. [#7111](https://github.com/gogs/gogs/pull/7111)
+
+### Fixed
+
+- Unable to send webhooks to local network addresses after configured `[security] LOCAL_NETWORK_ALLOWLIST`. [#7074](https://github.com/gogs/gogs/issues/7074)
+
+## 0.12.9
+
+### Fixed
+
+- _Security:_ OS Command Injection in file editor. [#7000](https://github.com/gogs/gogs/issues/7000)
+- _Security:_ Sanitize `DisplayName` in repository issue list. [#7009](https://github.com/gogs/gogs/pull/7009)
+- _Security:_ Path Traversal in file editor on Windows. [#7001](https://github.com/gogs/gogs/issues/7001)
+- _Security:_ Path Traversal in Git HTTP endpoints. [#7002](https://github.com/gogs/gogs/issues/7002)
+- Unable to init repository during creation on Windows. [#6967](https://github.com/gogs/gogs/issues/6967)
+- Mysterious panic on `Value not found for type *repo.HTTPContext`. [#6963](https://github.com/gogs/gogs/issues/6963)
+
+## 0.12.8
+
+### Changed
+
+- All users (including admins) need to use the configuration option `[security] LOCAL_NETWORK_ALLOWLIST` to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. [#6988](https://github.com/gogs/gogs/pull/6988)
+
+### Fixed
+
+- _Security:_ SSRF in webhook. [#6901](https://github.com/gogs/gogs/issues/6901)
+- _Security:_ XSS in cookies. [#6953](https://github.com/gogs/gogs/issues/6953)
+- _Security:_ OS Command Injection in file uploading. [#6968](https://github.com/gogs/gogs/issues/6968)
+- _Security:_ Remote Command Execution in file editing. [#6555](https://github.com/gogs/gogs/issues/6555)
+
 ## 0.12.7

 ### Fixed
--- a/2
+++ b/2
@@ -0,0 +1,2 @@
+# Default
+* @gogs/core
--- a/25
+++ b/25
@@ -1,4 +1,4 @@
-FROM golang:alpine3.14 AS binarybuilder
+FROM golang:alpine3.21 AS binarybuilder
 RUN apk --no-cache --no-progress add --virtual \
  build-deps \
  build-base \
@@ -7,20 +7,12 @@ RUN apk --no-cache --no-progress add --virtual \

 WORKDIR /gogs.io/gogs
 COPY . .
-RUN make build TAGS="cert pam"

-FROM alpine:3.14
-RUN if [ `uname -m` == "aarch64" ] ; then \
-      export arch="arm64" ; \
-  elif [ `uname -m` == "armv7l" ] ; then \
-      export arch="armhf"; \
-  else \
-      export arch="amd64" ; \
-  fi \
-  && wget https://github.com/tianon/gosu/releases/download/1.11/gosu-$arch -O /usr/sbin/gosu \
-  && chmod +x /usr/sbin/gosu \
-  && echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
-  && apk --no-cache --no-progress add \
+RUN ./docker/build/install-task.sh
+RUN TAGS="cert pam" task build
+
+FROM alpine:3.21
+RUN apk --no-cache --no-progress add \
  bash \
  ca-certificates \
  curl \
@@ -42,10 +34,11 @@ WORKDIR /app/gogs
 COPY docker ./docker
 COPY --from=binarybuilder /gogs.io/gogs/gogs .

-RUN ./docker/finalize.sh
+RUN ./docker/build/finalize.sh

 # Configure Docker Container
 VOLUME ["/data", "/backup"]
 EXPOSE 22 3000
+HEALTHCHECK CMD (curl -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
 ENTRYPOINT ["/app/gogs/docker/start.sh"]
-CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"]
+CMD ["/usr/bin/s6-svscan", "/app/gogs/docker/s6/"]
--- a/64
+++ b/64
@@ -1,64 +0,0 @@
-LDFLAGS += -X "gogs.io/gogs/internal/conf.BuildTime=$(shell date -u '+%Y-%m-%d %I:%M:%S %Z')"
-LDFLAGS += -X "gogs.io/gogs/internal/conf.BuildCommit=$(shell git rev-parse HEAD)"
-
-CONF_FILES := $(shell find conf | sed 's/ /\\ /g')
-TEMPLATES_FILES := $(shell find templates | sed 's/ /\\ /g')
-PUBLIC_FILES := $(shell find public | sed 's/ /\\ /g')
-LESS_FILES := $(wildcard public/less/*.less)
-
-TAGS = ""
-BUILD_FLAGS = "-v"
-
-RELEASE_ROOT = "release"
-RELEASE_GOGS = "release/gogs"
-NOW = $(shell date -u '+%Y%m%d%I%M%S')
-
-.PHONY: check dist build build-no-gen pack release generate less clean test fixme todo legacy
-
-.IGNORE: public/css/gogs.css
-
-all: build
-
-check: test
-
-dist: release
-
-web: build
-	./gogs web
-
-build:
-	go build $(BUILD_FLAGS) -ldflags '$(LDFLAGS)' -tags '$(TAGS)' -trimpath -o gogs
-
-pack:
-	rm -rf $(RELEASE_GOGS)
-	mkdir -p $(RELEASE_GOGS)
-	cp -r gogs LICENSE README.md README_ZH.md scripts $(RELEASE_GOGS)
-	cd $(RELEASE_ROOT) && zip -r gogs.$(NOW).zip "gogs"
-
-release: build pack
-
-generate: clean
-	go generate internal/assets/conf/conf.go
-	go generate internal/assets/templates/templates.go
-	go generate internal/assets/public/public.go
-
-less: clean public/css/gogs.min.css
-
-public/css/gogs.min.css: $(LESS_FILES)
-	@type lessc >/dev/null 2>&1 && lessc --clean-css --source-map "public/less/gogs.less" $@ || echo "lessc command not found or failed"
-
-clean:
-	find . -name "*.DS_Store" -type f -delete
-
-test:
-	go test -cover -race ./...
-
-fixme:
-	grep -rnw "FIXME" internal
-
-todo:
-	grep -rnw "TODO" internal
-
-# Legacy code should be removed by the time of release
-legacy:
-	grep -rnw "\(LEGACY\|Deprecated\)" internal
--- a/README.md
+++ b/README.md
@@ -1,23 +1,21 @@
-# <img src="https://github.com/gogs/gogs/raw/master/public/img/favicon.png" width="45" align="left">Gogs - A painless self-hosted Git service
+![gogs-brand](https://user-images.githubusercontent.com/2946214/146899259-6a8b58ad-8d6e-40d2-ab02-79dc6aadabbf.png)

-[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/gogs/gogs/Go?logo=github&style=for-the-badge)](https://github.com/gogs/gogs/actions?query=workflow%3AGo) [![Discord](https://img.shields.io/discord/382595433060499458.svg?style=for-the-badge&logo=discord)](https://discord.gg/9aqdHU7) [![Sourcegraph](https://img.shields.io/badge/view%20on-Sourcegraph-brightgreen.svg?style=for-the-badge&logo=sourcegraph)](https://sourcegraph.com/github.com/gogs/gogs)
-
-![Repository](https://gogs.io/img/screenshots/2.png)
+[![GitHub Workflow Status](https://img.shields.io/github/checks-status/gogs/gogs/main?logo=github&style=for-the-badge)](https://github.com/gogs/gogs/actions?query=branch%3Amain) [![Discord](https://img.shields.io/discord/382595433060499458.svg?style=for-the-badge&logo=discord)](https://discord.gg/9aqdHU7) [![Sourcegraph](https://img.shields.io/badge/view%20on-Sourcegraph-brightgreen.svg?style=for-the-badge&logo=sourcegraph)](https://sourcegraph.com/github.com/gogs/gogs)

 [简体中文](README_ZH.md)

 ## 🔮 Vision

-The Gogs (`/gɑgz/`) project aims to build a simple, stable and extensible self-hosted Git service that can be setup in the most painless way. With Go, this can be done with an independent binary distribution across **ALL platforms** that Go supports, including Linux, macOS, Windows and ARM.
+The Gogs (`/gɑgz/`) project aims to build a simple, stable and extensible self-hosted Git service that can be set up in the most painless way. With Go, this can be done with an independent binary distribution across all platforms that Go supports, including Linux, macOS, Windows and ARM-based systems.

 ## 📡 Overview

 - Please visit [our home page](https://gogs.io) for user documentation.
 - Please refer to [CHANGELOG.md](CHANGELOG.md) for list of changes in each releases.
 - Want to try it before doing anything else? Do it [online](https://try.gogs.io/gogs/gogs)!
- Having trouble? Help yourself with [troubleshooting](https://gogs.io/docs/intro/troubleshooting.html) or ask questions on [user forum](https://discuss.gogs.io/).
+- Having trouble? Help yourself with [troubleshooting](https://gogs.io/docs/intro/troubleshooting.html) or ask questions in [Discussions](https://github.com/gogs/gogs/discussions).
 - Want to help with localization? Check out the [localization documentation](https://gogs.io/docs/features/i18n.html).
- Ready to get hands dirty? Read our guide to [set up your development environment](docs/dev/local_development.md).
+- Ready to get hands dirty? Read our [contributing guide](.github/CONTRIBUTING.md).
 - Hmm... What about APIs? We have experimental support with [documentation](https://github.com/gogs/docs-api).

 ## 💌 Features
@@ -34,11 +32,11 @@ The Gogs (`/gɑgz/`) project aims to build a simple, stable and extensible self-
 - Authentication via SMTP, LDAP, reverse proxy, GitHub.com and GitHub Enterprise with 2FA.
 - Customize HTML templates, static files and many others.
 - Rich database backend, including PostgreSQL, MySQL, SQLite3 and [TiDB](https://github.com/pingcap/tidb).
- Have localization over [30 languages](https://crowdin.com/project/gogs).
+- Have localization over [31 languages](https://crowdin.com/project/gogs).

 ## 💾 Hardware requirements

- A Raspberry Pi or $5 Digital Ocean Droplet is more than enough to get you started. Some even use 64MB RAM Docker [CaaS](https://blog.docker.com/2016/02/containers-as-a-service-caas/).
+- A Raspberry Pi or $5 Digital Ocean Droplet is more than enough to get you started. Some even use 64MB RAM Docker [CaaS](https://www.docker.com/blog/containers-as-a-service-caas/).
 - 2 CPU cores and 512MB RAM would be the baseline for teamwork.
 - Increase CPU cores when your team size gets significantly larger, memory footprint remains low.

@@ -56,41 +54,36 @@ There are 6 ways to install Gogs:
 - [Install from binary](https://gogs.io/docs/installation/install_from_binary.html)
 - [Install from source](https://gogs.io/docs/installation/install_from_source.html)
 - [Install from packages](https://gogs.io/docs/installation/install_from_packages.html)
- [Ship with Docker](https://github.com/gogs/gogs/tree/master/docker)
- [Install with Vagrant](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)
- [Install with Kubernetes Using Helm Charts](https://github.com/helm/charts/tree/master/incubator/gogs)
+- [Ship with Docker](https://github.com/gogs/gogs/tree/main/docker)
+- [Try with Vagrant](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)

 ### Deploy to cloud

- [Cloudron](https://cloudron.io/appstore.html#io.gogs.cloudronapp)
- [Scaleway](https://www.scaleway.com/imagehub/gogs/)
+- [Cloudron](https://www.cloudron.io/store/io.gogs.cloudronapp.html)
 - [Sandstorm](https://github.com/cem/gogs-sandstorm)
 - [sloppy.io](https://github.com/sloppyio/quickstarters/tree/master/gogs)
 - [YunoHost](https://github.com/YunoHost-Apps/gogs_ynh)
- [DPlatform](https://github.com/j8r/DPlatform)
+- [DPlatform](https://github.com/DFabric/DPlatform-Shell)
 - [LunaNode](https://github.com/LunaNode/launchgogs)
+- [alwaysdata](https://www.alwaysdata.com/en/marketplace/gogs/)

 ### Tutorials

+- [Private Git Web Portal in Raspberry PI With Gogs](https://peppe8o.com/private-git-web-portal-in-raspberry-pi-with-gogs/)
 - [How To Set Up Gogs on Ubuntu 14.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-gogs-on-ubuntu-14-04)
- [Run your own GitHub-like service with the help of Docker](http://blog.hypriot.com/post/run-your-own-github-like-service-with-docker/)
- [Dockerized Gogs git server and alpine postgres in 20 minutes or less](http://garthwaite.org/docker-gogs.html)
+- [Run your own GitHub-like service with the help of Docker](https://blog.hypriot.com/post/run-your-own-github-like-service-with-docker/)
+- [Dockerized Gogs git server and alpine postgres in 20 minutes or less](https://garthwaite.org/docker-gogs.html)
 - [Host Your Own Private GitHub with Gogs](https://eladnava.com/host-your-own-private-github-with-gogs-io/)
 - [使用 Gogs 搭建自己的 Git 服务器](https://blog.mynook.info/post/host-your-own-git-server-using-gogs/) (Chinese)
- [阿里云上 Ubuntu 14.04 64 位安装 Gogs](http://my.oschina.net/luyao/blog/375654) (Chinese)
+- [阿里云上 Ubuntu 14.04 64 位安装 Gogs](https://my.oschina.net/luyao/blog/375654) (Chinese)
 - [Installing Gogs on FreeBSD](https://www.codejam.info/2015/03/installing-gogs-on-freebsd.html)
- [Cloudflare Full SSL with Gogs using NGINX](http://www.listekconsulting.com/articles/cloudflare-full-ssl-with-gogs-go-git-service-using-nginx/)
 - [How to install Gogs on a Linux Server (DigitalOcean)](https://www.youtube.com/watch?v=deSfX0gqefE)

 ## 📦 Software, service and product support

 - [Fabric8](http://fabric8.io/) (DevOps)
 - [Jenkins](https://plugins.jenkins.io/gogs-webhook/) (CI)
- [Taiga](https://taiga.io/) (Project Management)
- [Puppet](https://forge.puppet.com/Siteminds/gogs) (IT)
- [Kanboard](https://github.com/kanboard/plugin-gogs-webhook) (Project Management)
- [BearyChat](https://bearychat.com/) (Team Communication)
- [GitPitch](https://gitpitch.com/) (Markdown Presentations)
+- [Puppet](https://forge.puppet.com/modules/Siteminds/gogs) (IT)
 - [Synology](https://www.synology.com) (Docker)
 - [Syncloud](https://syncloud.org/) (App Store)

@@ -98,7 +91,7 @@ There are 6 ways to install Gogs:

 - Thanks [Egon Elbre](https://twitter.com/egonelbre) for designing the original version of the logo.
 - Thanks [Crowdin](https://crowdin.com/project/gogs) for sponsoring open source translation plan.
- Thanks [DigitalOcean](https://www.digitalocean.com), [VPSServer](https://www.vpsserver.com/), [Hosted.nl](https://www.hosted.nl/) and [BitLaunch](https://bitlaunch.io) for sponsoring VPS services.
+- Thanks [DigitalOcean](https://www.digitalocean.com), [VPSServer](https://www.vpsserver.com/), [Hosted.nl](https://www.hosted.nl/), [BitLaunch](https://bitlaunch.io), and [MonoVM](https://monovm.com/linux-vps/) for sponsoring VPS services.
 - Thanks [KeyCDN](https://www.keycdn.com/) for sponsoring CDN service.
 - Thanks [Buildkite](https://buildkite.com) for sponsoring open source CI/CD plan.

@@ -107,6 +100,6 @@ There are 6 ways to install Gogs:
 - See [contributors page](https://github.com/gogs/gogs/graphs/contributors) for top 100 contributors.
 - See [TRANSLATORS](conf/locale/TRANSLATORS) for public list of translators.

-## License
+## ⚖️ License

-This project is under the MIT License. See the [LICENSE](https://github.com/gogs/gogs/blob/master/LICENSE) file for the full license text.
+This project is under the MIT License. See the [LICENSE](https://github.com/gogs/gogs/blob/main/LICENSE) file for the full license text.
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -4,7 +4,7 @@ Gogs 是一款极易搭建的自助 Git 服务。

 ## 项目愿景

-Gogs（`/gɑgz/`）项目旨在打造一个以最简便的方式搭建简单、稳定和可扩展的自助 Git 服务。使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发，并且支持 Go 语言支持的 **所有平台**，包括 Linux、macOS、Windows 以及 ARM 平台。
+Gogs（`/gɑgz/`）项目旨在打造一个以最简便的方式搭建简单、稳定和可扩展的自助 Git 服务。使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发，并且支持 Go 语言支持的 **所有平台**，包括 Linux、macOS、Windows 和基于 ARM 的操作系统。

 ## 概览

@@ -13,7 +13,7 @@ Gogs（`/gɑgz/`）项目旨在打造一个以最简便的方式搭建简单、
 - 想要先睹为快？直接去[在线体验](https://try.gogs.io/gogs/gogs)吧！
 - 使用过程中遇到问题？尝试[故障排查](https://gogs.io/docs/intro/troubleshooting.html)或者前往[用户论坛](https://discuss.gogs.io/)获取帮助
 - 希望帮助多国语言的翻译吗？请查看[本地化文档](https://gogs.io/docs/features/i18n.html)
- 准备搞点事情？请阅读[开发指南](docs/local_development.md)配置开发环境
+- 准备搞点事情？请阅读[开发指南](docs/dev/local_development.md)配置开发环境
 - 想调用 API 吗？请查看[文档](https://github.com/gogs/docs-api)吧

 ## 主要特性
@@ -31,7 +31,7 @@ Gogs（`/gɑgz/`）项目旨在打造一个以最简便的方式搭建简单、
 - 开启两步验证（2FA）登录
 - 自定义 HTML 模板、静态文件和许多其它组件
 - 多样的数据库后端，包括 PostgreSQL、MySQL、SQLite3 和 [TiDB](https://github.com/pingcap/tidb)
- 超过[30 种语言](https://crowdin.com/project/gogs)的本地化
+- 超过 [31 种语言](https://crowdin.com/project/gogs)的本地化

 ## 硬件要求

@@ -53,7 +53,7 @@ Gogs（`/gɑgz/`）项目旨在打造一个以最简便的方式搭建简单、
 - [二进制安装](https://gogs.io/docs/installation/install_from_binary.html)
 - [源码安装](https://gogs.io/docs/installation/install_from_source.html)
 - [包管理安装](https://gogs.io/docs/installation/install_from_packages.html)
- [采用 Docker 部署](https://github.com/gogs/gogs/tree/master/docker)
+- [采用 Docker 部署](https://github.com/gogs/gogs/tree/main/docker)
 - [通过 Vagrant 安装](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)
 - [通过基于 Kubernetes 的 Helm Charts](https://github.com/helm/charts/tree/master/incubator/gogs)

@@ -100,4 +100,4 @@ Gogs（`/gɑgz/`）项目旨在打造一个以最简便的方式搭建简单、

 ## 授权许可

-本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/gogs/gogs/blob/master/LICENSE) 文件中。
+本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/gogs/gogs/blob/main/LICENSE) 文件中。
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,10 +2,22 @@

 ## Supported versions

-Only lastest two minor version releases are supported for patching security fixes.
+Only lastest two minor version releases are supported (>= 0.12) for accepting vulnerability reports and patching fixes.

-## Reporting a vulnerability
+Existing vulnerability reports are being tracked in [Gogs Vulnerability Reports](https://jcunknwon.notion.site/Gogs-Vulnerability-Reports-81d7df52e45c4f159274e46ba48ed1b9).

-Please send report privately to [security@gogs.io](mailto:security@gogs.io), and include how would you like to be credited.
+## Vulnerability lifecycle
+
+1. Report a vulnerability:
+    - We strongly enourage to use https://huntr.dev/ for submitting and managing status of vulnerability reports.
+    - Alternatively, you may send vulnerability reports through emails to [security@gogs.io](mailto:security@gogs.io).
+1. Create a [dummy issue](https://github.com/gogs/gogs/issues/6901) with high-level description of the security vulnerability for credibility and tracking purposes.
+1. Project maintainers review the report and either:
+    - Ask clarifying questions
+    - Confirm or deny the vulnerability
+1. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
+    - The latter is usually significantly slower.
+1. Patch releases will be made for the supported versions.
+1. Publish the original vulnerability report and a new [GitHub security advisory](https://github.com/gogs/gogs/security/advisories).

 Thank you!
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -5,19 +5,21 @@ vars:
    sh: echo '{{if eq OS "windows"}}.exe{{end}}'

 tasks:
+  default:
+    deps: [build]
  web:
-    desc: Build the binary and start the web server.
+    desc: Build the binary and start the web server
    deps: [build]
    cmds:
      - ./gogs web

  build:
-    desc: Build the binary.
+    desc: Build the binary
    cmds:
      - go build -v
        -ldflags '
-        -X "{{.PKG_PATH}}.BuildTime={{.BUILD_TIME}}"
-        -X "{{.PKG_PATH}}.BuildCommit={{.BUILD_COMMIT}}"
+          -X "{{.PKG_PATH}}.BuildTime={{.BUILD_TIME}}"
+          -X "{{.PKG_PATH}}.BuildCommit={{.BUILD_COMMIT}}"
        '
        -tags '{{.TAGS}}'
        -trimpath -o gogs{{.BINARY_EXT}}
@@ -28,25 +30,24 @@ tasks:
      BUILD_COMMIT:
        sh: git rev-parse HEAD
    sources:
+      - go.mod
      - gogs.go
      - internal/**/*.go
-
-  generate-bindata:
-    desc: Generate bindata for all assets.
-    deps: [clean]
-    cmds:
-      - go generate internal/assets/conf/conf.go
-      - go generate internal/assets/templates/templates.go
-      - go generate internal/assets/public/public.go
+      - conf/**/*
+      - public/**/*
+      - templates/**/*
+      - custom/**/*
+    method: timestamp

  generate-schemadoc:
-    desc: Generate database schema documentation.
+    desc: Generate database schema documentation
    cmds:
      - go generate ./internal/db/schemadoc

  generate:
-    desc: Run all go:generate commands.
-    deps: [generate-bindata, generate-schemadoc]
+    desc: Run all go:generate commands
+    cmds:
+      - go generate ./...

  test:
    desc: Run all tests.
@@ -54,38 +55,38 @@ tasks:
      - go test -cover -race ./...

  clean:
-    desc: Cleans up system meta files for code generation.
+    desc: Cleans up system meta files
    cmds:
      - find . -name "*.DS_Store" -type f -delete

  release:
-    desc: Build the binary and pack resources to a ZIP file.
+    desc: Build the binary and pack resources to a ZIP file
    deps: [build]
    cmds:
      - rm -rf {{.RELEASE_GOGS}}
      - mkdir -p {{.RELEASE_GOGS}}
      - cp -r gogs{{.BINARY_EXT}} LICENSE README.md README_ZH.md scripts {{.RELEASE_GOGS}}
-      - cd {{.RELEASE_ROOT}} && zip -r gogs.$(NOW).zip "gogs"
+      - cd {{.RELEASE_ROOT}} && zip -r gogs.zip "gogs"
    vars:
      RELEASE_ROOT: release
      RELEASE_GOGS: release/gogs

  less:
-    desc: Generate CSS from LESS files.
+    desc: Generate CSS from LESS files
    cmds:
      - lessc --clean-css --source-map "public/less/gogs.less" public/css/gogs.min.css

  fixme:
-    desc: Show all occurrences of "FIXME".
+    desc: Show all occurrences of "FIXME"
    cmds:
      - grep -rnw "FIXME" internal

  todo:
-    desc: Show all occurrences of "TODO".
+    desc: Show all occurrences of "TODO"
    cmds:
      - grep -rnw "TODO" internal

  legacy:
-    desc: Identify legacy and deprecated lines.
+    desc: Identify legacy and deprecated lines
    cmds:
      - grep -rnw "\(LEGACY\|Deprecated\)" internal
--- a/codecov.yml
+++ b/codecov.yml
@@ -4,6 +4,13 @@ coverage:
    project:
      default:
        threshold: 1%
+        informational: true
+    patch:
+      default:
+        only_pulls: true
+        informational: true

 comment:
  layout: 'diff'
+
+github_checks: false
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -81,6 +81,10 @@ SSH_LISTEN_HOST = 0.0.0.0
 SSH_LISTEN_PORT = %(SSH_PORT)s
 ; The list of accepted ciphers for connections to builtin SSH server.
 SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
+; The list of accepted MACs for connections to builtin SSH server.
+SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1
+; The list of accepted key exchange algorithms for connections to builtin SSH server.
+SSH_SERVER_ALGORITHMS = rsa, ecdsa, ed25519

 ; Define allowed algorithms and their minimum key length (use -1 to disable a type).
 [ssh.minimum_key_sizes]
@@ -113,6 +117,8 @@ ENABLE_RAW_FILE_RENDER_MODE = false
 ; fetch request. Usually, the value depend of how many CPU (cores) you have. If
 ; the value is non-positive, it matches the number of CPUs available to the application.
 COMMITS_FETCH_CONCURRENCY = 0
+; Default branch name when creating new repositories.
+DEFAULT_BRANCH = master

 [repository.editor]
 ; List of file extensions that should have line wraps in the CodeMirror editor.
@@ -142,6 +148,8 @@ HOST = 127.0.0.1:5432
 NAME = gogs
 USER = gogs
 PASSWORD =
+; For "postgres" only
+SCHEMA = public
 ; For "postgres" only, either "disable", "require" or "verify-full".
 SSL_MODE = disable
 ; For "sqlite3" only, make sure to use absolute path.
@@ -170,6 +178,7 @@ ENABLE_LOGIN_STATUS_COOKIE = false
 ; The cookie name to store user login status.
 LOGIN_STATUS_COOKIE_NAME = login_status
 ; A comma separated list of hostnames that are explicitly allowed to be accessed within the local network.
+; Use "*" to allow all hostnames.
 LOCAL_NETWORK_ALLOWLIST =

 [email]
@@ -462,6 +471,7 @@ MIGRATE = 600
 MIRROR = 300
 CLONE = 300
 PULL = 300
+DIFF = 60
 GC = 60

 [mirror]
@@ -520,10 +530,11 @@ BASIC_AUTH_PASSWORD =
 [highlight.mapping]

 [i18n]
-LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,gl-ES,uk-UA,en-GB,hu-HU,sk-SK,id-ID,fa-IR,vi-VN,pt-PT
-NAMES = English,简体中文,繁體中文（香港）,繁體中文（臺灣）,Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,galego,українська,English (United Kingdom),Magyar,Slovenčina,Indonesian,Persian,Vietnamese,Português
+LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,gl-ES,uk-UA,en-GB,hu-HU,sk-SK,id-ID,fa-IR,vi-VN,pt-PT,mn-MN,ro-RO
+NAMES = English,简体中文,繁體中文（香港）,繁體中文（臺灣）,Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,galego,українська,English (United Kingdom),Magyar,Slovenčina,Indonesian,Persian,Vietnamese,Português,Монгол,Română

-; Used for datetimepicker
+; Used for jQuery DateTimePicker,
+; list of supported languages in https://xdsoft.net/jqplugins/datetimepicker/#lang
 [i18n.datelang]
 en-US = en
 zh-CN = zh
@@ -555,6 +566,8 @@ id-ID = id
 fa-IR = fa
 vi-VN = vi
 pt-PT = pt
+mn-MN = mn
+ro-RO = ro

 [other]
 SHOW_FOOTER_BRANDING = false
--- a/conf/embed.go
+++ b/conf/embed.go
@@ -0,0 +1,27 @@
+// Copyright 2022 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package conf
+
+import (
+	"embed"
+)
+
+//go:embed app.ini **/*
+var Files embed.FS
+
+// FileNames returns a list of filenames exists in the given direction within
+// Files. The list includes names of subdirectories.
+func FileNames(dir string) ([]string, error) {
+	entries, err := Files.ReadDir(dir)
+	if err != nil {
+		return nil, err
+	}
+
+	fileNames := make([]string, 0, len(entries))
+	for _, entry := range entries {
+		fileNames = append(fileNames, entry.Name())
+	}
+	return fileNames, nil
+}
--- a/conf/embed_test.go
+++ b/conf/embed_test.go
@@ -0,0 +1,20 @@
+// Copyright 2022 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package conf
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFileNames(t *testing.T) {
+	names, err := FileNames(".")
+	require.NoError(t, err)
+
+	want := []string{"app.ini", "auth.d", "gitignore", "label", "license", "locale", "readme"}
+	assert.Equal(t, want, names)
+}
--- a/conf/locale/TRANSLATORS
+++ b/conf/locale/TRANSLATORS
@@ -76,9 +76,11 @@ Robin Hübner <profan AT prfn DOT se>
 Rste Risafov <risafov AT lazy DOT com>
 SeongJae Park <sj38 DOT park AT gmail DOT com>
 Sergey Stepanov <sergystepanov AT gmail DOT com>
+Simona Iacob <s AT zp1 DOT net>
 Thomas Fanninger <gogs DOT thomas AT fanninger DOT at>
 Tilmann Bach <tilmann AT outlook DOT com>
 Toni Villena Jiménez <tonivj5 AT gmail DOT com>
+Vincent AMSTOUTZ <vincent DOT amstoutz AT outlook DOT fr>
 Vladimir Jigulin mogaika AT yandex DOT ru
 Vladimir Vissoultchev <wqweto AT gmail DOT com>
 Vongola <me AT vongola DOT tw>
--- a/conf/locale/locale_de-DE.ini
+++ b/conf/locale/locale_de-DE.ini
@@ -51,7 +51,7 @@ internal_server_error=Interner Serverfehler
 install=Installation
 title=Installationsschritte für den ersten Start
 docker_helper=Wenn Gogs innerhalb von Docker läuft, lesen Sie sich bitte den <a target="_blank" href="%s">Leitfaden</a> genau durch, bevor Sie irgendwas auf dieser Seite ändern!
-requite_db_desc=Gogs requires MySQL, PostgreSQL, SQLite3 or TiDB (via MySQL protocol).
+requite_db_desc=Gogs benötigt MySQL, PostgreSQL, SQLite3 oder TiDB (per MySQL-Protokoll)
 db_title=Datenbankeinstellungen
 db_type=Datenbanktyp
 host=Host
@@ -400,9 +400,9 @@ owner=Besitzer
 repo_name=Repository-Name
 repo_name_helper=Ein guter Repository-Name besteht gewöhnlich aus kurzen, leicht zu merkenden und eindeutigen Schlüsselworten.
 visibility=Sichtbarkeit
-unlisted=Unlisted
+unlisted=Ungelistet
 visiblity_helper=Dieses Repository ist <span class="ui red text">privat</span>
-unlisted_helper=This repository is <span class="ui red text">Unlisted</span>
+unlisted_helper=Dieses Repository ist <span class="ui red text">nicht gelistet</span>
 visiblity_helper_forced=Der Administrator hat festgelegt, dass alle neuen Repositories <span class="ui red text">privat</span> sein müssen
 visiblity_fork_helper=(Eine Änderung dieses Wertes wirkt sich auf alle Forks aus)
 clone_helper=Brauchen Sie Hilfe beim Klonen? Hier gibt es <a target="_blank" href="%s">Hilfe</a>!
@@ -443,7 +443,7 @@ migrate.clone_address_desc=Dies kann eine HTTP/HTTPS/GIT-URL sein.
 migrate.clone_address_desc_import_local=Sie dürfen auch ein Repository vom lokalen Serverpfad migrieren.
 migrate.permission_denied=Ihnen fehlen die Rechte zum Importieren lokaler Repositories.
 migrate.invalid_local_path=Der lokale Pfad ist ungültig, existiert nicht oder ist kein Ordner.
-migrate.clone_address_resolved_to_blocked_local_address=Clone address resolved to a local network address that is implicitly blocked.
+migrate.clone_address_resolved_to_blocked_local_address=Klonadresse in eine lokale Netzwerkadresse aufgelöst, die implizit blockiert ist.
 migrate.failed=Fehler bei Migration: %v

 mirror_from=Mirror von
@@ -810,7 +810,7 @@ settings.webhook.headers=Kopfzeilen
 settings.webhook.payload=Nutzdaten
 settings.webhook.body=Inhalt
 settings.webhook.err_cannot_parse_payload_url=Payload URL kann nicht analysiert werden: %v
-settings.webhook.url_resolved_to_blocked_local_address=Payload URL resolved to a local network address that is implicitly blocked.
+settings.webhook.url_resolved_to_blocked_local_address=Die Payload-URL wurde in eine lokale Netzwerkadresse aufgelöst, die implizit blockiert ist.
 settings.githooks_desc=Git-Hooks werden von Git selbst bereitgestellt. Sie können die Dateien der unterstützten Hooks in der Liste unten bearbeiten, um eigene Operationen einzubinden.
 settings.githook_edit_desc=Wenn ein Hook inaktiv ist, wird der Standardinhalt benutzt. Lassen Sie den Inhalt leer, um den Hook zu deaktivieren.
 settings.githook_name=Hook-Name
@@ -937,7 +937,7 @@ team_name_helper=Unter diesem Namen können Sie in Diskussionen auf das Team ver
 team_desc_helper=Worum geht es bei diesem Team?
 team_permission_desc=Welche Berechtigungsstufe soll das Team haben?

-form.name_not_allowed=Organization name or pattern %q is not allowed.
+form.name_not_allowed=Organisationsname oder Muster %q ist nicht zulässig.
 form.team_name_not_allowed=Benutzername oder Muster %q ist nicht erlaubt.

 settings=Einstellungen
@@ -1022,7 +1022,7 @@ dashboard.system_status=Systemmonitor-Status
 dashboard.statistic_info=Gogs Datenbank hat <b>%d</b> Benutzer, <b>%d</b> Organisationen, <b>%d</b> öffentliche Schlüssel, <b>%d</b> Repositories, <b>%d</b> Beobachtet, <b>%d</b> Favoriten, <b>%d</b> Aktionen, <b>%d</b> Zugriffe, <b>%d</b> Issues, <b>%d</b> Kommentare, <b>%d</b> Konten sozialer Medien, <b>%d</b> Folgende, <b>%d</b> Mirror, <b>%d</b> Releases, <b>%d</b> Login-Quellen, <b>%d</b> Webhooks, <b>%d</b> Meilensteine, <b>%d</b> Label, <b>%d</b> Hook-Tasks, <b>%d</b> Teams, <b>%d</b> Aktualisierungs-Tasks, <b>%d</b> Anhänge.
 dashboard.operation_name=Name der Operation
 dashboard.operation_switch=Wechseln
-dashboard.select_operation_to_run=Please select operation to run
+dashboard.select_operation_to_run=Bitte wählen Sie den auszuführenden Vorgang aus
 dashboard.operation_run=Ausführen
 dashboard.clean_unbind_oauth=Nicht verbundene OAuths bereinigen
 dashboard.clean_unbind_oauth_success=Alle nicht verbundenen OAuth-Tokens wurden gelöscht.
@@ -1232,14 +1232,14 @@ config.db.type=Typ
 config.db.host=Host
 config.db.name=Name
 config.db.schema=Schema
-config.db.schema_helper=(for "postgres" only)
+config.db.schema_helper=(nur für "postgres")
 config.db.user=Benutzer
 config.db.ssl_mode=SSL-Modus
 config.db.ssl_mode_helper=(nur für "postgres")
 config.db.path=Pfad
 config.db.path_helper=(nur für "sqlite3")
-config.db.max_open_conns=Maximum open connections
-config.db.max_idle_conns=Maximum idle connections
+config.db.max_open_conns=Maximale Anzahl offener Verbindungen
+config.db.max_idle_conns=Maximale Leerlaufverbindungen

 config.security_config=Sicherheitskonfiguration
 config.security.login_remember_days=Anzahl Tage zum Speichern des Logins
@@ -1249,7 +1249,7 @@ config.security.cookie_secure=Sicheres Cookie aktivieren
 config.security.reverse_proxy_auth_user=Reverse-Proxy-Authentifizierungs-Header
 config.security.enable_login_status_cookie=Login-Status-Cookie aktivieren
 config.security.login_status_cookie_name=Login-Status-Cookie
-config.security.local_network_allowlist=Local network allowlist
+config.security.local_network_allowlist=Zulassungsliste für lokale Netzwerke

 config.email_config=E-Mail-Konfiguration
 config.email.enabled=Aktiviert
--- a/conf/locale/locale_en-US.ini
+++ b/conf/locale/locale_en-US.ini
@@ -51,13 +51,14 @@ internal_server_error = Internal Server Error
 install = Installation
 title = Install Steps For First-time Run
 docker_helper = If you're running Gogs inside Docker, please read <a target="_blank" href="%s">Guidelines</a> carefully before you change anything in this page!
-requite_db_desc = Gogs requires MySQL, PostgreSQL, SQLite3, MSSQL or TiDB.
+requite_db_desc = Gogs requires MySQL, PostgreSQL, SQLite3 or TiDB (via MySQL protocol).
 db_title = Database Settings
 db_type = Database Type
 host = Host
 user = User
 password = Password
 db_name = Database Name
+db_schema = Schema
 db_helper = Please use INNODB engine with utf8_general_ci charset for MySQL.
 ssl_mode = SSL Mode
 path = Path
@@ -87,6 +88,7 @@ log_root_path = Log Path
 log_root_path_helper = Directory to write log files to.
 enable_console_mode = Enable Console Mode
 enable_console_mode_popup = In addition to file mode, also print logs to console.
+default_branch = Default Branch

 optional_title = Optional Settings
 email_title = Email Service Settings
@@ -369,6 +371,7 @@ two_factor_disable_success = Two-factor authentication has disabled successfully
 manage_access_token = Manage Personal Access Tokens
 generate_new_token = Generate New Token
 tokens_desc = Tokens you have generated that can be used to access the Gogs APIs.
+access_token_tips=The personal access token may be used as either username or password. It is recommended to use the "x-access-token" as the username and the personal access token as the password for Git applications.
 new_token_desc = Each token will have full access to your account.
 token_name = Token Name
 generate_token = Generate Token
@@ -399,7 +402,9 @@ owner = Owner
 repo_name = Repository Name
 repo_name_helper = A good repository name is usually composed of short, memorable and unique keywords.
 visibility = Visibility
+unlisted = Unlisted
 visiblity_helper = This repository is <span class="ui red text">Private</span>
+unlisted_helper = This repository is <span class="ui red text">Unlisted</span>
 visiblity_helper_forced = Site admin has forced all new repositories to be <span class="ui red text">Private</span>
 visiblity_fork_helper = (Change of this value will affect all forks)
 clone_helper = Need help cloning? Visit <a target="_blank" href="%s">Help</a>!
@@ -1203,6 +1208,8 @@ config.ssh.start_builtin_server = Start builtin server
 config.ssh.listen_host = Listen host
 config.ssh.listen_port = Listen port
 config.ssh.server_ciphers = Server ciphers
+config.ssh.server_macs = Server MACs
+config.ssh.server_algorithms = Server algorithms

 config.repo_config = Repository configuration
 config.repo.root_path = Root path
@@ -1227,6 +1234,8 @@ config.db_config = Database configuration
 config.db.type = Type
 config.db.host = Host
 config.db.name = Name
+config.db.schema = Schema
+config.db.schema_helper = (for "postgres" only)
 config.db.user = User
 config.db.ssl_mode = SSL mode
 config.db.ssl_mode_helper = (for "postgres" only)
--- a/conf/locale/locale_es-ES.ini
+++ b/conf/locale/locale_es-ES.ini
@@ -44,8 +44,8 @@ issues=Incidencias
 cancel=Cancelar

 [status]
-page_not_found=Page Not Found
-internal_server_error=Internal Server Error
+page_not_found=Página no encontrada
+internal_server_error=Error Interno del Servidor

 [install]
 install=Instalación
@@ -1012,9 +1012,9 @@ total=Total: %d

 dashboard.build_info=Build Information
 dashboard.app_ver=Application version
-dashboard.git_version=Git version
-dashboard.go_version=Go version
-dashboard.build_time=Build time
+dashboard.git_version=Versión de Git
+dashboard.go_version=Versión de Go
+dashboard.build_time=Tiempo de compilación
 dashboard.build_commit=Build commit
 dashboard.statistic=Estadísticas
 dashboard.operations=Operaciones
@@ -1178,8 +1178,8 @@ config.run_mode=Modo de ejecución
 config.server.external_url=External URL
 config.server.domain=Domain
 config.server.protocol=Protocol
-config.server.http_addr=HTTP address
-config.server.http_port=HTTP port
+config.server.http_addr=Dirección HTTP
+config.server.http_port=Puerto HTTP
 config.server.cert_file=Certificate file
 config.server.key_file=Key file
 config.server.tls_min_version=Minimum TLS version
@@ -1202,7 +1202,7 @@ config.ssh.key_test_path=Key test path
 config.ssh.minimum_key_size_check=Minimum key size check
 config.ssh.minimum_key_sizes=Minimum key sizes
 config.ssh.rewrite_authorized_keys_at_start=Rewrite "authorized_keys" at start
-config.ssh.start_builtin_server=Start builtin server
+config.ssh.start_builtin_server=Iniciar servidor integrado
 config.ssh.listen_host=Listen host
 config.ssh.listen_port=Listen port
 config.ssh.server_ciphers=Server ciphers
--- a/conf/locale/locale_fa-IR.ini
+++ b/conf/locale/locale_fa-IR.ini
@@ -44,14 +44,14 @@ issues=مسائل
 cancel=لغو

 [status]
-page_not_found=Page Not Found
-internal_server_error=Internal Server Error
+page_not_found=صفحه مورد نظر یافت نشد.
+internal_server_error=خطای داخلی سرور

 [install]
 install=نصب
 title=مراحل نصب برای اولین اجرا
 docker_helper=اگر شما Gogs را با استفاده از Docker اجرا می‌کنید، لطفا قبل از انجام هرگونه تغییر این <a target="_blank" href="%s"> راهنما</a> را به دقت مطالعه فرمایید!
-requite_db_desc=Gogs requires MySQL, PostgreSQL, SQLite3 or TiDB (via MySQL protocol).
+requite_db_desc=Gogs جهت راه‌اندازی نیازمند یکی از پایگاه داده‌های MySQL، PostgreSql، SQLite3 و TIDB می‌باشد.
 db_title=تنظیمات پایگاه داده
 db_type=نوع پایگاه داده
 host=میزبان
@@ -126,7 +126,7 @@ run_user_not_match=کاربری را اجرا کنید که کاربر فعلی
 smtp_host_missing_port=شماره پورت در آدرس میزبان SMTP وارد نشده است.
 invalid_smtp_from=مقدار وارد شده در فرم SMTP معتبر نیست: %v
 save_config_failed=تنظیمات ذخیره نشد: %v
-init_failed=Failed to initialize application: %v
+init_failed=بارگزاری برنامه به مشکل برخورد: %v
 invalid_admin_setting=تنظیمات حساب مدیر نامعتبر است: %v
 install_success=خوش آمدی! ما خوشحالیم که شما Gogs را انتخاب کردید. لذت ببرید و مراقب خودتون باشید.
 invalid_log_root_path=آدرس روت فایل لاگ صحیح نیست: %v
@@ -264,7 +264,7 @@ following=دنبال می کند
 follow=دنبال کردن
 unfollow=لغو دنبال کردن

-form.name_not_allowed=User name or pattern %q is not allowed.
+form.name_not_allowed=الگوی نام کاربری '%s' مجاز نیست.

 [settings]
 profile=پروفایل
@@ -380,7 +380,7 @@ delete_token=حذف
 access_token_deletion=حذف توکن دسترسی شخصی
 access_token_deletion_desc=حذف این توکن دسترسی شخصی ، تمام دسترسی های مرتبط به برنامه را حذف خواهد کرد. آیا ادامه می دهید؟
 delete_token_success=رمز دسترسی شخصی با موفقیت حذف شد! به روز رسانی نرم افزار خود را نیز فراموش نکنید.
-token_name_exists=Token with same name already exists.
+token_name_exists=نشان امنیتی با این نام از قبل وجود دارد

 orgs.none=شما عضو هیچ سازمانی نیستید.
 orgs.leave_title=ترک یک سازمان
@@ -434,7 +434,7 @@ repo_description_helper=توضیحات مخرن. حداکثر طول ۵۱۲ کا
 repo_description_length=کاراکترهای موجود

 form.reach_limit_of_creation=مخزن های دارنده حساب به حداکثر تعداد مجاز %d رسیده است.
-form.name_not_allowed=Repository name or pattern %q is not allowed.
+form.name_not_allowed=الگو یا نام مخزن %s مجاز نیست.

 need_auth=نیاز به مجوز
 migrate_type=نوع انتقال
@@ -755,7 +755,7 @@ settings.tracker_issue_style=سبک نامگذاری Issue Tracker خارجی:
 settings.tracker_issue_style.numeric=عددی
 settings.tracker_issue_style.alphanumeric=عددی و الفبایی
 settings.tracker_url_format_desc=شما میتوانید از <code>{user} {repo} {index}</code> برای نام کاربری ، نام مخزن و صفحه ی اول بخش مسائل استفاده کنید.
-settings.pulls_desc=Enable pull requests to accept contributions between repositories and branches
+settings.pulls_desc=پول ریکویست ها را فعال کنید تا برای مخازن و شاخه ها مشارکت را قبول کنید
 settings.pulls.ignore_whitespace=نادیده گرفتن تغییرات در فضاهای خالی
 settings.pulls.allow_rebase_merge=مجاز کردن rebase برای ادغام کردن کامیت ها
 settings.danger_zone=منطقه خطر
@@ -778,7 +778,7 @@ settings.wiki_deletion_success=اطلاعات عمومی درباره مخزن
 settings.delete=حذف این مخزن
 settings.delete_desc=هنگامی که یک مخزن حذف میشود ، راه برگشتی وجود ندارد. لطفا مطمئن باشید.
 settings.delete_notices_1=این عملیات <strong>غیرقابل</strong> برگشت است.
-settings.delete_notices_2=- This operation will permanently delete everything in this repository, including Git data, issues, comments and collaborator access.
+settings.delete_notices_2=- این عملیات تمامی اطلاعات این مخزن شامل اطلاعات گیت ، مسائل ، نظرات و دسترسی همکاران را برای همیشه پاک خواهد کرد.
 settings.delete_notices_fork_1=پس از حذف ارتباط همه ی نسخه های برگرفته شده قطع خواهد شد.
 settings.deletion_success=مخزن با موفقیت حذف شد!
 settings.update_settings_success=تنظیمات مخزن با موفقیت به روز شد.
@@ -795,8 +795,8 @@ settings.remove_collaborator_success=همكار حذف شد.
 settings.search_user_placeholder=جستجوی کاربر...
 settings.org_not_allowed_to_be_collaborator=سازمان ها را نمیتوان به عنوان همکار افزود.
 settings.hooks_desc=Webhook ها مانند یک درخواست POST در HTTP اند. هرگاه رخدادی در gogs رخ می دهد، ما نوتیفیکیشنی برای هاستی که شما تعریف کرده اید ارسال می کنیم. برای اطلاعات بیشتر <a target="_blank" href="%s"> راهنمای webhook</a> را مطالعه کنید.
-settings.webhooks.add_new=Add a new webhook:
-settings.webhooks.choose_a_type=Choose a type...
+settings.webhooks.add_new=یک webhook جدید اضافه کن:
+settings.webhooks.choose_a_type=نوع را انتخاب کن...
 settings.add_webhook=اضافه‌کردن Webhook
 settings.webhook_deletion=حذف Webhook
 settings.webhook_deletion_desc=حذف این webhook باعث می شود که تمامی اطلاعات آن و تاریخچه ی تمام دلیوری های آن حذف شود. آیا ادامه میدهید؟
@@ -873,8 +873,8 @@ settings.add_key_success=کلیدDeploy جدید %s با موفقیت افزود
 settings.deploy_key_deletion=حذف کلید Deploy
 settings.deploy_key_deletion_desc=با حذف کلید Deploy، تمام دسترسی ها به این مخزن از طریق این کلید از بین میرود. آیا ادامه می دهید؟
 settings.deploy_key_deletion_success=کلید Deploy با موفقیت حذف شد!
-settings.description_desc=Description of repository. Maximum 512 characters length.
-settings.description_length=Available characters
+settings.description_desc=توضیحات مخرن. حداکثر طول ۵۱۲ کاراکتر.
+settings.description_length=کاراکترهای موجود

 diff.browse_source=فهرست منبع
 diff.parent=والد
@@ -939,8 +939,8 @@ team_name_helper=ما از این نام برای اشاره به این تیم
 team_desc_helper=این تیم درکل در مورد چیست؟
 team_permission_desc=این تیم چه سطح دسترسی میتواند داشته باشد؟

-form.name_not_allowed=Organization name or pattern %q is not allowed.
-form.team_name_not_allowed=Team name or pattern %q is not allowed.
+form.name_not_allowed=نام سازمان یا الگوی q% مجاز نیست.
+form.team_name_not_allowed=نام تیم یا الگوی %q مجاز نیست.

 settings=تنظيمات
 settings.options=گزینه‌‌‌‌‌‌ها
@@ -1012,12 +1012,12 @@ first_page=اولین
 last_page=آخرين
 total=مجموع: %d

-dashboard.build_info=Build Information
-dashboard.app_ver=Application version
-dashboard.git_version=Git version
-dashboard.go_version=Go version
-dashboard.build_time=Build time
-dashboard.build_commit=Build commit
+dashboard.build_info=اطلاعات ساخت
+dashboard.app_ver=نسخه برنامه
+dashboard.git_version=نسخه‌ی Git
+dashboard.go_version=نسخه‌ی Go
+dashboard.build_time=زمان ساخت
+dashboard.build_commit=کامیت ساخت
 dashboard.statistic=آمار
 dashboard.operations=عملیات
 dashboard.system_status=سیستم مانیتور وضعیت
@@ -1170,32 +1170,32 @@ auths.delete_auth_desc=این سیستم احراز هویت حذف خواهد
 auths.still_in_used=این متد اعتبار احرازهویت هنوز توسط برخی از کاربران در حال استفاده است، لطفا ابتدا این کاربران را حذف کنید یا متد احرازهویت آنان را تغییر دهید.
 auths.deletion_success=متد احرازهویت با موفقیت حذف شد!
 auths.login_source_exist=مدخل لاگین %s قبلا موجود بوده است.
-auths.github_api_endpoint=API Endpoint
+auths.github_api_endpoint=نشانه پایانی API

 config.not_set=(تنظیم نشده)
 config.server_config=پیکربندی سرور
-config.brand_name=Brand name
+config.brand_name=نام برند
 config.run_user=کاربر در حال اجرا
 config.run_mode=حالت اجرا
-config.server.external_url=External URL
-config.server.domain=Domain
-config.server.protocol=Protocol
-config.server.http_addr=HTTP address
-config.server.http_port=HTTP port
-config.server.cert_file=Certificate file
-config.server.key_file=Key file
-config.server.tls_min_version=Minimum TLS version
-config.server.unix_socket_permission=Unix socket permission
+config.server.external_url=آدرس خارجی
+config.server.domain=دامنه
+config.server.protocol=پروتکل
+config.server.http_addr=آدرس HTTP
+config.server.http_port=پورت HTTP
+config.server.cert_file=فایل گواهی
+config.server.key_file=فایل کلید
+config.server.tls_min_version=کمترین نسخه TLS
+config.server.unix_socket_permission=مجوز سوکت یونیکس
 config.server.local_root_url=Local root URL
-config.server.offline_mode=Offline mode
-config.server.disable_router_log=Disable router log
-config.server.enable_gzip=Enable Gzip
+config.server.offline_mode=حالت آفلاین
+config.server.disable_router_log=غیرفعال کردن لاگ مسیریاب
+config.server.enable_gzip=فعال کردن Gzip
 config.server.app_data_path=Application data path
 config.server.load_assets_from_disk=Load assets from disk
 config.server.landing_url=Landing URL

 config.ssh_config=پیکربندی SSH
-config.ssh.enabled=Enabled
+config.ssh.enabled=فعال شده
 config.ssh.domain=Exposed domain
 config.ssh.port=Exposed port
 config.ssh.root_path=Root path
@@ -1419,7 +1419,7 @@ months=%d ماه %s
 years=%d سال %s
 raw_seconds=ثانیه
 raw_minutes=دقیقه ها
-raw_hours=hours
+raw_hours=ساعت

 [dropzone]
 default_message=فایل را در این محل رها کنید یا دکمه ی آپلود یا بارگزاری را فشار دهید.
--- a/conf/locale/locale_fr-FR.ini
+++ b/conf/locale/locale_fr-FR.ini
@@ -58,7 +58,7 @@ host=Hôte
 user=Utilisateur
 password=Mot de passe
 db_name=Nom de base de données
-db_schema=Schema
+db_schema=Schéma
 db_helper=Veuillez utiliser le moteur INNODB avec le jeu de caractères utf8_general_ci pour MySQL.
 ssl_mode=Mode SSL
 path=Emplacement
@@ -400,9 +400,9 @@ owner=Propriétaire
 repo_name=Nom du dépôt
 repo_name_helper=Idéalement, le nom d'un dépot devrait être court, mémorable et <strong>unique</strong>.
 visibility=Visibilité
-unlisted=Unlisted
+unlisted=Non répertorié
 visiblity_helper=Ce dépôt est <span class="ui red text"> privé</span>
-unlisted_helper=This repository is <span class="ui red text">Unlisted</span>
+unlisted_helper=Ce dépôt <span class="ui red text">n'est pas répertorié</span>
 visiblity_helper_forced=L'administrateur du site a forcé tous les nouveaux dépôts à être <span class="ui red text">privés</span>
 visiblity_fork_helper=(Les changements de cette valeur affecteront tous les forks)
 clone_helper=Besoin d'aide pour dupliquer ? Visitez <a target="_blank" href="%s">l'aide</a> !
@@ -1206,7 +1206,7 @@ config.ssh.start_builtin_server=Démarrer le serveur intégré
 config.ssh.listen_host=Hôte en écoute
 config.ssh.listen_port=Port d'écoute
 config.ssh.server_ciphers=Suites de chiffrement
-config.ssh.server_macs=Server MACs
+config.ssh.server_macs=Adresses MAC du serveur

 config.repo_config=Configuration du dépôt
 config.repo.root_path=Emplacement racine
@@ -1231,8 +1231,8 @@ config.db_config=Configuration de la Base de Données
 config.db.type=Type
 config.db.host=Serveur hôte
 config.db.name=Nom
-config.db.schema=Schema
-config.db.schema_helper=(for "postgres" only)
+config.db.schema=Schéma
+config.db.schema_helper=(pour "postgres" uniquement)
 config.db.user=Utilisateur
 config.db.ssl_mode=Mode SSL
 config.db.ssl_mode_helper=("postgres" uniquement)
@@ -1249,7 +1249,7 @@ config.security.cookie_secure=Activer les cookies sécurisés
 config.security.reverse_proxy_auth_user=Inverser l'en-tête d'authentification du proxy
 config.security.enable_login_status_cookie=Activer le cookie d'état de connexion
 config.security.login_status_cookie_name=Cookie de statut de connexion
-config.security.local_network_allowlist=Local network allowlist
+config.security.local_network_allowlist=liste des autorisations de réseau local

 config.email_config=Configuration de l’e-mail
 config.email.enabled=Activé
--- a/conf/locale/locale_ja-JP.ini
+++ b/conf/locale/locale_ja-JP.ini
@@ -1175,7 +1175,7 @@ config.server_config=サーバーの構成
 config.brand_name=ブランド名
 config.run_user=実行ユーザー
 config.run_mode=実行モード
-config.server.external_url=外部 URL 
+config.server.external_url=外部 URL
 config.server.domain=ドメイン
 config.server.protocol=プロトコル
 config.server.http_addr=HTTPアドレス
--- a/conf/locale/locale_ko-KR.ini
+++ b/conf/locale/locale_ko-KR.ini
@@ -44,8 +44,8 @@ issues=이슈
 cancel=취소

 [status]
-page_not_found=Page Not Found
-internal_server_error=Internal Server Error
+page_not_found=페이지를 찾을 수 없음
+internal_server_error=내부 서버 오류

 [install]
 install=설치
@@ -264,7 +264,7 @@ following=팔로우 중
 follow=추적하기
 unfollow=추적해제

-form.name_not_allowed=User name or pattern %q is not allowed.
+form.name_not_allowed=사용자 이름 또는 패턴 %q 은(는) 허용되지 않습니다.

 [settings]
 profile=프로필
@@ -432,7 +432,7 @@ repo_description_helper=저장소 설명.최대 512길이의 문자열이 가능
 repo_description_length=가능한 문자열입니다.

 form.reach_limit_of_creation=소유자가 저장소 만들기 최대 제한에 (%d개) 도달했습니다.
-form.name_not_allowed=Repository name or pattern %q is not allowed.
+form.name_not_allowed=저장소명 또는 패턴 %q 은(는) 허용되지 않습니다.

 need_auth=인증 필요
 migrate_type=마이그레이션 유형
--- a/conf/locale/locale_mn-MN.ini
+++ b/conf/locale/locale_mn-MN.ini
--- a/conf/locale/locale_nl-NL.ini
+++ b/conf/locale/locale_nl-NL.ini
@@ -44,7 +44,7 @@ issues=Issues
 cancel=Annuleren

 [status]
-page_not_found=Page Not Found
+page_not_found=Pagina niet gevonden
 internal_server_error=Internal Server Error

 [install]
--- a/conf/locale/locale_pt-PT.ini
+++ b/conf/locale/locale_pt-PT.ini
@@ -44,8 +44,8 @@ issues=Questões
 cancel=Cancelar

 [status]
-page_not_found=Page Not Found
-internal_server_error=Internal Server Error
+page_not_found=Página Não Encontrada
+internal_server_error=Erro do servidor interno

 [install]
 install=Instalação
--- a/conf/locale/locale_ro-RO.ini
+++ b/conf/locale/locale_ro-RO.ini
--- a/conf/locale/locale_ru-RU.ini
+++ b/conf/locale/locale_ru-RU.ini
@@ -51,14 +51,14 @@ internal_server_error=Внутренняя ошибка сервера
 install=Установка
 title=Установочные шаги для первого запуска
 docker_helper=Если вы запускаете Gogs внутри Docker, пожалуйста прочтите <a target="_blank" href="%s">эти советы</a> внимательно перед тем как что-либо изменить на этой странице!
-requite_db_desc=Gogs requires MySQL, PostgreSQL, SQLite3 or TiDB (via MySQL protocol).
+requite_db_desc=Для работы Gogs требуется MySQL, PostgreSQL, SQLite3 или TiDB (по протоколу MySQL).
 db_title=Настройки базы данных
 db_type=Тип базы данных
 host=Хост
 user=Пользователь
 password=Пароль
 db_name=Имя базы данных
-db_schema=Schema
+db_schema=Схема
 db_helper=Для MySQL используйте тип таблиц InnoDB с кодировкой utf8_general_ci.
 ssl_mode=Режим SSL
 path=Путь
@@ -70,15 +70,15 @@ err_empty_admin_password=Пароль администратора не може
 general_title=Общие параметры Gogs
 app_name=Имя приложения
 app_name_helper=Укажите здесь название вашей потрясающей организации!
-repo_path=Путь корня репозитория
+repo_path=Основной путь репозитория
 repo_path_helper=Все сетевые репозитории Git будут сохранены в этой директории.
 run_user=Пользователь
 run_user_helper=У пользователя должен быть доступ к пути к корню репозитория и к запуску Gogs.
 domain=Домен
 domain_helper=Влияет на URL-адреса для клонирования по SSH.
 ssh_port=SSH порт
-ssh_port_helper=Номер порта, который использует SSH сервер. Оставьте пустым, чтобы отключить SSH.
-use_builtin_ssh_server=Использовать встроенный SSH сервер
+ssh_port_helper=Номер порта, который использует сервер SSH. Оставьте пустым, чтобы отключить SSH.
+use_builtin_ssh_server=Использовать встроенный сервер SSH
 use_builtin_ssh_server_popup=Запустить встроенный SSH сервер для различения операций Git и системного демона SSH.
 http_port=Порт HTTP
 http_port_helper=Номер порта, который приложение будет слушать.
@@ -188,7 +188,7 @@ login_two_factor_invalid_recovery_code=Код восстановления бы
 activate_account=Пожалуйста активируйте свой аккаунт
 activate_email=Подтвердите адрес своей электронной почты
 reset_password=Восстановите ваш пароль
-register_success=Регистрация окончена. Добро пожаловать!
+register_success=Регистрация завершена. Добро пожаловать
 register_notify=Добро пожаловать на борт

 [modal]
@@ -249,9 +249,9 @@ auth_failed=Ошибка аутентификации: %v

 still_own_repo=На вашем аккаунте все еще остается как минимум один репозиторий, сначала вам нужно удалить или передать его.
 still_has_org=Вы находитесь в организации, сперва Вам необходимо покинуть ее или удалить.
-org_still_own_repo=Данная организация все еще является владельцем репозиториев, необходимо удалить или переместить их в начале.
+org_still_own_repo=Данная организация все еще является владельцем репозиториев, сначала нужно удалить или переместить их.

-target_branch_not_exist=Целевая ветка не существует
+target_branch_not_exist=Целевая ветка не существует.

 [user]
 change_avatar=Изменить аватар
@@ -303,7 +303,7 @@ change_password=Сменить пароль
 old_password=Текущий пароль
 new_password=Новый пароль
 retype_new_password=Подтверждение нового пароля
-password_incorrect=Текущий пароль не правильный.
+password_incorrect=Текущий пароль неправильный.
 change_password_success=Пароль сменен успешно. Теперь вы можете войти с новым паролем.
 password_change_disabled=Нелокальные пользователи не могут изменить свой пароль.

@@ -311,7 +311,7 @@ emails=Адреса электронной почты
 manage_emails=Управление адресами электронной почты
 email_desc=Ваш основной адрес электронной почты будет использован для уведомлений и других операций.
 primary=Основной
-primary_email=Установить как основной
+primary_email=Сделать основным
 delete_email=Удалить
 email_deletion=Удаление адреса электронной почты
 email_deletion_desc=Удаление этого адреса электронной почты, приведет к удалению связанной с вашим аккаунтом, информации. Вы точно хотите продолжить?
@@ -321,7 +321,7 @@ add_email=Добавить электронную почту
 add_email_confirmation_sent=Новое подтверждение по электронной почте было отправлено '%s', пожалуйста, проверьте свой почтовый ящик в течение следующих %d часов, чтобы завершить процесс подтверждения.
 add_email_success=Новый адрес электронной почты успешно добавлен.

-manage_ssh_keys=Управление SSH ключами
+manage_ssh_keys=Управление ключами SSH
 add_key=Добавить ключ
 ssh_desc=Это список ключей SSH связанных с вашей учетной записью. Удаляйте любые неизвестные вам ключи.
 ssh_helper=<strong>Нужна помощь?</strong> Ознакомьтесь с нашим путеводителем по <a href="%s">созданию SSH-ключей</a> или посмотрите решения <a href="%s">частых проблем, связанных с SSH</a>.
@@ -400,9 +400,9 @@ owner=Владелец
 repo_name=Имя репозитория
 repo_name_helper=Лучшие названия репозиториев коротки, запоминаемы и <strong>уникальны</strong>.
 visibility=Видимость
-unlisted=Unlisted
+unlisted=Вне списка
 visiblity_helper=<span class="ui red text">Приватный</span> репозиторий
-unlisted_helper=This repository is <span class="ui red text">Unlisted</span>
+unlisted_helper=Этот репозиторий <span class="ui red text">Вне списка</span>
 visiblity_helper_forced=Администрация сайта сделала все новые репозитории <span class="ui red text">Приватными</span>
 visiblity_fork_helper=(Изменение этого значения затронет все ответвления)
 clone_helper=Нужна помощь в клонировании? Посетите страницу <a target="_blank" href="%s">помощи</a>!
@@ -1206,7 +1206,7 @@ config.ssh.start_builtin_server=Запустить встроенный серв
 config.ssh.listen_host=Прослушиваемый хост
 config.ssh.listen_port=Прослушиваемый порт
 config.ssh.server_ciphers=Серверные шифры
-config.ssh.server_macs=Server MACs
+config.ssh.server_macs=MAC-серверы

 config.repo_config=Настройка репозитория
 config.repo.root_path=Корневой путь
@@ -1216,12 +1216,12 @@ config.repo.force_private=Сделать приватным(и) принудит
 config.repo.max_creation_limit=Максимальный лимит созданий
 config.repo.preferred_licenses=Предпочтительные лицензии
 config.repo.disable_http_git=Выключить HTTP Git
-config.repo.enable_local_path_migration=Enable local path migration
-config.repo.enable_raw_file_render_mode=Enable raw file render mode
+config.repo.enable_local_path_migration=Включить миграцию с локального пути
+config.repo.enable_raw_file_render_mode=Включить режим рендеринга необработанных файлов
 config.repo.commits_fetch_concurrency=Commits fetch concurrency
-config.repo.editor.line_wrap_extensions=Editor line wrap extensions
+config.repo.editor.line_wrap_extensions=Расширения переноса строки редактора
 config.repo.editor.previewable_file_modes=Editor previewable file modes
-config.repo.upload.enabled=Upload enabled
+config.repo.upload.enabled=Загрузка включена
 config.repo.upload.temp_path=Upload temporary path
 config.repo.upload.allowed_types=Upload allowed types
 config.repo.upload.file_max_size=Ограничение размера файлов для загрузки
@@ -1231,8 +1231,8 @@ config.db_config=Конфигурация базы данных
 config.db.type=Тип
 config.db.host=Сервер
 config.db.name=Имя
-config.db.schema=Schema
-config.db.schema_helper=(for "postgres" only)
+config.db.schema=Схема
+config.db.schema_helper=(только для "postgres")
 config.db.user=Пользователь
 config.db.ssl_mode=Режим SSL
 config.db.ssl_mode_helper=(только для "postgres")
@@ -1249,7 +1249,7 @@ config.security.cookie_secure=Включить безопасные cookie
 config.security.reverse_proxy_auth_user=Reverse proxy authentication header
 config.security.enable_login_status_cookie=Включить файл cookie состояния входа
 config.security.login_status_cookie_name=Файл cookie состояния входа
-config.security.local_network_allowlist=Local network allowlist
+config.security.local_network_allowlist=Список разрешенных локальных сетей

 config.email_config=E-mail настройки
 config.email.enabled=Включено
@@ -1293,7 +1293,7 @@ config.session.max_life_time=Максимальный срок действия
 config.session.csrf_cookie_name=CSRF cookie

 config.cache_config=Настройки кеша
-config.cache.adapter=Adapter
+config.cache.adapter=Адаптер
 config.cache.interval=GC interval
 config.cache.host=Хост

@@ -1325,7 +1325,7 @@ config.mirror.default_interval=Интервал по умолчанию

 config.webhook_config=Конфигурация Webhook
 config.webhook.types=Типы
-config.webhook.deliver_timeout=Deliver timeout
+config.webhook.deliver_timeout=Таймаут доставки
 config.webhook.skip_tls_verify=Пропустить проверку TLS

 config.git_config=Конфигурация GIT
@@ -1334,9 +1334,9 @@ config.git.max_diff_lines=Diff lines limit (for a single file)
 config.git.max_diff_line_characters=Diff characters limit (for a single line)
 config.git.max_diff_files=Diff files limit (for a single diff)
 config.git.gc_args=Аргументы GC
-config.git.migrate_timeout=Migration timeout
+config.git.migrate_timeout=Таймаут миграции
 config.git.mirror_timeout=Mirror fetch timeout
-config.git.clone_timeout=Clone timeout
+config.git.clone_timeout=Таймаут клонирования
 config.git.pull_timeout=Pull timeout
 config.git.gc_timeout=GC timeout

--- a/conf/locale/locale_sk-SK.ini
+++ b/conf/locale/locale_sk-SK.ini
@@ -126,7 +126,7 @@ run_user_not_match=Používateľ pre spustenie sa nezhoduje s aktuálnym použí
 smtp_host_missing_port=V adrese SMTP servera chýba číslo portu.
 invalid_smtp_from=Hodnota položky SMTP Od: je nesprávne zadaná: %v
 save_config_failed=Chyba pri uložení konfigurácie: %v
-init_failed=Failed to initialize application: %v
+init_failed=Nepodarilo sa inicializovať aplikáciu: %v
 invalid_admin_setting=Nastavenie administrátorského účtu je neplatné: %v
 install_success=Vitajte! Sme radi, že ste si vybrali Gogs, bavte sa a dávajte si pozor.
 invalid_log_root_path=Koreňový adresár pre log súbory je neplatný: %v
@@ -1010,12 +1010,12 @@ first_page=Prvý
 last_page=Posledný
 total=Celkom: %d

-dashboard.build_info=Build Information
-dashboard.app_ver=Application version
-dashboard.git_version=Git version
-dashboard.go_version=Go version
-dashboard.build_time=Build time
-dashboard.build_commit=Build commit
+dashboard.build_info=Informácie o zostavení
+dashboard.app_ver=Verzia aplikácie
+dashboard.git_version=Git verzia
+dashboard.go_version=Go verzia
+dashboard.build_time=Čas zostavenia
+dashboard.build_commit=Commit zostavenia
 dashboard.statistic=Štatistika
 dashboard.operations=Operácie
 dashboard.system_status=Monitor stavu systému
@@ -1158,7 +1158,7 @@ auths.pam_service_name=Názov služby PAM
 auths.enable_auto_register=Povoliť auto registráciu
 auths.edit=Upraviť nastavenie overovania
 auths.activated=Tento spôsob overovania je aktívny
-auths.default_auth=This authentication is default login source
+auths.default_auth=Toto overenie je východzí zdroj prihlásenia
 auths.new_success=Nový spôsob overovania '%s' bol pridaný.
 auths.update_success=Nastavenie overovania bolo zmenené.
 auths.update=Zmeniť nastavenie overovania
@@ -1168,32 +1168,32 @@ auths.delete_auth_desc=Tento spôsob overovania bude odstránený, chcete pokra
 auths.still_in_used=Tento spôsob overovania je stále používaný niektorými užívateľmi. Prosím, najskôr zmeňte u týchto užívateľov typ overenia na iný.
 auths.deletion_success=Spôsob overovania bol odstránený!
 auths.login_source_exist=Zdroj prihlásenia '%s' už existuje.
-auths.github_api_endpoint=API Endpoint
+auths.github_api_endpoint=Koncový bod API

 config.not_set=(nezadané)
 config.server_config=Konfigurácia servera
-config.brand_name=Brand name
+config.brand_name=Názov značky
 config.run_user=Používateľ pre spustenie aplikácie
 config.run_mode=Režim spúšťania
-config.server.external_url=External URL
-config.server.domain=Domain
-config.server.protocol=Protocol
-config.server.http_addr=HTTP address
+config.server.external_url=Externé URL
+config.server.domain=Doména
+config.server.protocol=Protokol
+config.server.http_addr=HTTP adresa
 config.server.http_port=HTTP port
-config.server.cert_file=Certificate file
-config.server.key_file=Key file
-config.server.tls_min_version=Minimum TLS version
-config.server.unix_socket_permission=Unix socket permission
+config.server.cert_file=Súbor certifikátu
+config.server.key_file=Súbor kľúča
+config.server.tls_min_version=Minimálna verzia TLS
+config.server.unix_socket_permission=Oprávnenie Unix socketu
 config.server.local_root_url=Local root URL
 config.server.offline_mode=Offline mode
 config.server.disable_router_log=Disable router log
-config.server.enable_gzip=Enable Gzip
+config.server.enable_gzip=Povoliť Gzip
 config.server.app_data_path=Application data path
 config.server.load_assets_from_disk=Load assets from disk
 config.server.landing_url=Landing URL

 config.ssh_config=Nastavenie SSH
-config.ssh.enabled=Enabled
+config.ssh.enabled=Povolené
 config.ssh.domain=Exposed domain
 config.ssh.port=Exposed port
 config.ssh.root_path=Root path
@@ -1216,7 +1216,7 @@ config.repo.force_private=Force private
 config.repo.max_creation_limit=Max creation limit
 config.repo.preferred_licenses=Preferred licenses
 config.repo.disable_http_git=Disable HTTP Git
-config.repo.enable_local_path_migration=Enable local path migration
+config.repo.enable_local_path_migration=Povoliť migráciu z miestnej cesty
 config.repo.enable_raw_file_render_mode=Enable raw file render mode
 config.repo.commits_fetch_concurrency=Commits fetch concurrency
 config.repo.editor.line_wrap_extensions=Editor line wrap extensions
@@ -1252,7 +1252,7 @@ config.security.login_status_cookie_name=Login status cookie
 config.security.local_network_allowlist=Local network allowlist

 config.email_config=Email configuration
-config.email.enabled=Enabled
+config.email.enabled=Povolené
 config.email.subject_prefix=Subject prefix
 config.email.host=Host
 config.email.from=From
@@ -1281,7 +1281,7 @@ config.auth.enable_reverse_proxy_auto_registration=Enable reverse proxy auto reg
 config.auth.reverse_proxy_authentication_header=Reverse proxy authentication header

 config.user_config=User configuration
-config.user.enable_email_notify=Enable email notification
+config.user.enable_email_notify=Povoliť e-mailové notifikácie

 config.session_config=Nastavenie session
 config.session.provider=Provider
@@ -1301,7 +1301,7 @@ config.http_config=HTTP konfigurácia
 config.http.access_control_allow_origin=Access control allow origin

 config.attachment_config=Attachment configuration
-config.attachment.enabled=Enabled
+config.attachment.enabled=Povolené
 config.attachment.path=Path
 config.attachment.allowed_types=Allowed types
 config.attachment.max_size=Size limit
--- a/conf/locale/locale_sv-SE.ini
+++ b/conf/locale/locale_sv-SE.ini
@@ -44,8 +44,8 @@ issues=Problem
 cancel=Avbryt

 [status]
-page_not_found=Page Not Found
-internal_server_error=Internal Server Error
+page_not_found=Sidan hittades inte
+internal_server_error=Internt serverfel

 [install]
 install=Installation
@@ -79,7 +79,7 @@ domain_helper=Detta påverkar SSH klonings webbadresser.
 ssh_port=SSH-port
 ssh_port_helper=Portnumret som din SSH-server brukar, lämna tomt för att inaktivera SSH-funktionaliteten.
 use_builtin_ssh_server=Använd inbyggd SSH Server
-use_builtin_ssh_server_popup=Start builtin SSH server for Git operations to distinguish from system SSH daemon.
+use_builtin_ssh_server_popup=Starta inbyggd SSH-server för Git-operationer för att skilja från system-SSH-servern.
 http_port=HTTP Port
 http_port_helper=Portnumret vilket applikationen kommer lyssnar på.
 app_url=Applikationsadressen
@@ -126,7 +126,7 @@ run_user_not_match=Köranvändaren är inte aktuell användare: %s -> %s
 smtp_host_missing_port=SMTP-värden saknar port i adressen.
 invalid_smtp_from=SMTP från fält är inte giltigt: %v
 save_config_failed=Konfigurationssparningen misslyckades: %v
-init_failed=Failed to initialize application: %v
+init_failed=Det gick inte att initiera appen: %v
 invalid_admin_setting=Inställningarna för administratörskontot är felaktiga: %v
 install_success=Välkommen! Vi är glada att du väljer Gogs, ha kul och ta hand om dig.
 invalid_log_root_path=Ogiltig rotsökväg för loggfiler: %v
@@ -156,7 +156,7 @@ register_hepler_msg=Har du redan ett konto? Logga in nu!
 social_register_hepler_msg=Har du redan ett konto? Anslut det nu!
 disable_register_prompt=Tyvärr är användarregistreringen inaktiverad. Vänligen kontakta din administratör.
 disable_register_mail=Tyvärr så är registreringsbekräftelemailutskick inaktiverat.
-auth_source=Authentication Source
+auth_source=Autentiseringskälla
 local=Lokal
 remember_me=Kom ihåg mig
 forgot_password=Glömt lösenord
@@ -236,7 +236,7 @@ org_name_been_taken=Organisationsnamnet har redan används.
 team_name_been_taken=Team namn är redan använt.
 email_been_used=E-postadressen har redan använts.
 username_password_incorrect=Användarnamnet eller lösenordet är inte korrekt.
-auth_source_mismatch=The authentication source selected is not associated with the user.
+auth_source_mismatch=Den autentiseringskälla som valts är inte associerad med användaren.
 enterred_invalid_repo_name=Se till att utvecklingskatalogen som du angav är rätt.
 enterred_invalid_owner_name=Kontrollera att ägarnamnet som du angav är rätt.
 enterred_invalid_password=Se till att den som lösenord du angett är rätt.
@@ -264,7 +264,7 @@ following=Följer
 follow=Följ
 unfollow=Sluta följa

-form.name_not_allowed=User name or pattern %q is not allowed.
+form.name_not_allowed=Användarnamn eller mönster %q är inte tillåtet.

 [settings]
 profile=Profil
@@ -348,10 +348,10 @@ two_factor_off=Av
 two_factor_enable=Aktivera
 two_factor_disable=Inaktivera
 two_factor_view_recovery_codes=Visa och spara <a href="%s%s">dina återställningskoder</a> på ett säkert ställe. Du kan använda dem som kod om du förlorar åtkomsten till din autentisering applikation.
-two_factor_http=For HTTP/HTTPS operations, you are no longer able to use plain username and password. Please create and use <a href="%[1]s%[2]s">Personal Access Token</a> as your credential, e.g. <code>%[3]s</code>.
+two_factor_http=För HTTP/HTTPS-operationer kan du inte längre använda vanliga användarnamn och lösenord. Vänligen skapa och använda <a href="%[1]s%[2]s">Personlig åtkomsttoken</a> som ditt användarnamn, t.ex. <code>%[3]s</code>.
 two_factor_enable_title=Avaktivera Tvåfaktorsautentisering
-two_factor_scan_qr=Please use your authentication application to scan the image:
-two_factor_or_enter_secret=Or enter the secret:
+two_factor_scan_qr=Vänligen använd din autentiseringsapp för att skanna bilden:
+two_factor_or_enter_secret=Eller ange hemligheten:
 two_factor_then_enter_passcode=Ange sedan lösenordet:
 two_factor_verify=Verifiera
 two_factor_invalid_passcode=The passcode you entered is not valid, please try again!
--- a/conf/locale/locale_uk-UA.ini
+++ b/conf/locale/locale_uk-UA.ini
@@ -58,7 +58,7 @@ host=Хост
 user=Користувач
 password=Пароль
 db_name=Ім'я бази даних
-db_schema=Schema
+db_schema=Схема
 db_helper=Будь ласка, використовуйте MySQL як INNODB з таблицею символів utf8_general_ci.
 ssl_mode=Режим SSL
 path=Шлях
@@ -400,9 +400,9 @@ owner=Власник
 repo_name=Назва репозиторію
 repo_name_helper=Гарна назва репозиторія зазвичай складається з коротких та унікальних ключових слів, які легко запам'ятати.
 visibility=Видимість
-unlisted=Unlisted
+unlisted=Поза списком
 visiblity_helper=Цей репозиторій є <span class="ui red text">Приватним</span>
-unlisted_helper=This repository is <span class="ui red text">Unlisted</span>
+unlisted_helper=Цей репозиторій є <span class="ui red text">поза списком</span>
 visiblity_helper_forced=Усі нові репозиторії є <span class="ui red text">Приватними</span> згідно налаштувань адміністратора сайту
 visiblity_fork_helper=(Зміна даного значення вплине на всі відгалуження)
 clone_helper=Потрібна допомога у клонуванні? Відвідайте <a target="_blank" href="%s"> допомогу</a>!
@@ -1205,8 +1205,8 @@ config.ssh.rewrite_authorized_keys_at_start=Переписати "authorized_key
 config.ssh.start_builtin_server=Запустити вбудований сервер
 config.ssh.listen_host=Слухати хост
 config.ssh.listen_port=Слухати порт
-config.ssh.server_ciphers=Server ciphers
-config.ssh.server_macs=Server MACs
+config.ssh.server_ciphers=Серверні шифри
+config.ssh.server_macs=MAC-адреси сервера

 config.repo_config=Налаштування репозиторія
 config.repo.root_path=Кореневий шлях
@@ -1231,7 +1231,7 @@ config.db_config=Налаштування бази даних
 config.db.type=Тип
 config.db.host=Хост
 config.db.name=Ім'я
-config.db.schema=Schema
+config.db.schema=Схема
 config.db.schema_helper=(for "postgres" only)
 config.db.user=Користувач
 config.db.ssl_mode=Режим SSL
@@ -1280,7 +1280,7 @@ config.auth.enable_reverse_proxy_authentication=Enable reverse proxy authenticat
 config.auth.enable_reverse_proxy_auto_registration=Enable reverse proxy auto registration
 config.auth.reverse_proxy_authentication_header=Reverse proxy authentication header

-config.user_config=User configuration
+config.user_config=Налаштування користувача
 config.user.enable_email_notify=Enable email notification

 config.session_config=Налаштування сесії
--- a/conf/locale/locale_vi-VN.ini
+++ b/conf/locale/locale_vi-VN.ini
@@ -51,14 +51,14 @@ internal_server_error=Lỗi nội bộ máy chủ.
 install=Cài đặt
 title=Cài đặt cho lần chạy đầu tiên
 docker_helper=Nếu bạn đang chạy Gogs bên trong Docker, xin vui lòng đọc <a target="_blank" href="%s">hướng dẫn</a> một cách cẩn thận, trước khi bạn thay đổi bất cứ điều gì trong trang này!
-requite_db_desc=Gogs requires MySQL, PostgreSQL, SQLite3 or TiDB (via MySQL protocol).
+requite_db_desc=Gogs yêu cầu MySQL, PostgreSQL, SQLite3 hoặc TiDB (thông qua giao thức MySQL).
 db_title=Cài đặt database
 db_type=Loại database
 host=Host
 user=User
 password=Mật khẩu
 db_name=Tên database
-db_schema=Schema
+db_schema=Lược đồ
 db_helper=Xin vui lòng sử dụng engine INNODB với utf8_general_ci charset cho MySQL.
 ssl_mode=Chế độ SSL
 path=Đường dẫn
@@ -400,9 +400,9 @@ owner=Chủ sở hữu
 repo_name=Tên kho
 repo_name_helper=Một tên kho tốt thường bao gồm các từ khoá ngắn, đáng nhớ và độc đáo.
 visibility=Hiển thị
-unlisted=Unlisted
+unlisted=Riêng tư
 visiblity_helper=Kho lưu trữ này là <span class="ui red text">riêng tư</span>
-unlisted_helper=This repository is <span class="ui red text">Unlisted</span>
+unlisted_helper=Kho lưu trữ này là<span class="ui red text">riêng tư</span>
 visiblity_helper_forced=Trang web quản trị đã buộc tất cả các kho phần mềm mới được <span class="ui red text">riêng tư</span>
 visiblity_fork_helper=(Thay đổi giá trị này sẽ ảnh hưởng đến tất cả forks)
 clone_helper=Cần giúp đỡ clone? Ghé thăm <a target="_blank" href="%s">trợ giúp</a>!
@@ -443,7 +443,7 @@ migrate.clone_address_desc=This can be a HTTP/HTTPS/GIT URL.
 migrate.clone_address_desc_import_local=You're also allowed to migrate a repository by local server path.
 migrate.permission_denied=You are not allowed to import local repositories.
 migrate.invalid_local_path=Invalid local path, it does not exist or not a directory.
-migrate.clone_address_resolved_to_blocked_local_address=Clone address resolved to a local network address that is implicitly blocked.
+migrate.clone_address_resolved_to_blocked_local_address=Địa chỉ sao chép được giải quyết thành một địa chỉ mạng cục bộ bị chặn hoàn toàn.
 migrate.failed=Migration failed: %v

 mirror_from=mirror of
@@ -472,7 +472,7 @@ filter_branch_and_tag=Filter branch or tag
 branches=Branches
 tags=Tags
 issues=Các vấn đề
-pulls=Yêu cầu khéo về
+pulls=Yêu cầu kéo về
 labels=Nhãn
 milestones=Milestones
 commits=Commits
@@ -753,7 +753,7 @@ settings.tracker_issue_style=Kiểu Url theo dõi các vấn đề bên ngoài:
 settings.tracker_issue_style.numeric=Kiểu số
 settings.tracker_issue_style.alphanumeric=Chữ số
 settings.tracker_url_format_desc=You can use placeholder <code>{user} {repo} {index}</code> for user name, repository name and issue index.
-settings.pulls_desc=Enable pull requests to accept contributions between repositories and branches
+settings.pulls_desc=Bật yêu cầu kéo để chấp nhận đóng góp giữa các kho lưu trữ và các nhánh
 settings.pulls.ignore_whitespace=Bỏ qua sự thay đổi của khoảng trắng
 settings.pulls.allow_rebase_merge=Cho phép sử dụng rebase để merge các commit
 settings.danger_zone=Vùng nguy hiểm
@@ -809,8 +809,8 @@ settings.webhook.response=Phản hồi
 settings.webhook.headers=Tiêu đề
 settings.webhook.payload=Trả phí
 settings.webhook.body=Nội dung
-settings.webhook.err_cannot_parse_payload_url=Cannot parse payload URL: %v
-settings.webhook.url_resolved_to_blocked_local_address=Payload URL resolved to a local network address that is implicitly blocked.
+settings.webhook.err_cannot_parse_payload_url=Không thể phân tích URL: %v
+settings.webhook.url_resolved_to_blocked_local_address=URL khối được giải quyết thành một địa chỉ mạng cục bộ bị chặn hoàn toàn.
 settings.githooks_desc=Git Hooks are powered by Git itself, you can edit files of supported hooks in the list below to perform custom operations.
 settings.githook_edit_desc=If the hook is inactive, sample content will be presented. Leaving content to an empty value will disable this hook.
 settings.githook_name=Tên Hook
@@ -1022,7 +1022,7 @@ dashboard.system_status=Tình trạng quản lý hệ thống
 dashboard.statistic_info=Gogs database có <b>%d</b> users, <b>%d</b> organizations, <b>%d</b> public keys, <b>%d</b> repositories, <b>%d</b> watches, <b>%d</b> stars, <b>%d</b> actions, <b>%d</b> accesses, <b>%d</b> issues, <b>%d</b> comments, <b>%d</b> social accounts, <b>%d</b> follows, <b>%d</b> mirrors, <b>%d</b> releases, <b>%d</b> login sources, <b>%d</b> webhooks, <b>%d</b> milestones, <b>%d</b> labels, <b>%d</b> hook tasks, <b>%d</b> teams, <b>%d</b> update tasks, <b>%d</b> attachments.
 dashboard.operation_name=Tên hành động
 dashboard.operation_switch=Chuyển đổi
-dashboard.select_operation_to_run=Please select operation to run
+dashboard.select_operation_to_run=Vui lòng chọn thao tác để chạy
 dashboard.operation_run=Chạy
 dashboard.clean_unbind_oauth=Clean unbound OAuthes
 dashboard.clean_unbind_oauth_success=Tất cả các unbind OAuthes đã được xóa thành công.
@@ -1158,7 +1158,7 @@ auths.pam_service_name=Tên dịch vụ PAM
 auths.enable_auto_register=Cho phép tự động đăng ký
 auths.edit=Chỉnh sửa cài đặt xác thực
 auths.activated=Xác thực này đã được kích hoạt
-auths.default_auth=This authentication is default login source
+auths.default_auth=Xác thực này là nguồn đăng nhập mặc định
 auths.new_success=Xác thực mới '%s' đã được thêm vào thành công.
 auths.update_success=Cài đặt xác thực đã được cập nhật thành công.
 auths.update=Cập Nhật cài đặt xác thực
@@ -1186,63 +1186,63 @@ config.server.tls_min_version=Minimum TLS version
 config.server.unix_socket_permission=Unix socket permission
 config.server.local_root_url=URL gốc nội bộ
 config.server.offline_mode=Chế độ ngoại tuyến
-config.server.disable_router_log=Disable router log
+config.server.disable_router_log=Vô hiệu hóa log định tuyến
 config.server.enable_gzip=Enable Gzip
-config.server.app_data_path=Application data path
+config.server.app_data_path=Đường dẫn dữ liệu ứng dụng
 config.server.load_assets_from_disk=Load assets from disk
-config.server.landing_url=Landing URL
+config.server.landing_url=URL đích

 config.ssh_config=Cấu hình SSH
 config.ssh.enabled=Đã bật
-config.ssh.domain=Exposed domain
-config.ssh.port=Exposed port
-config.ssh.root_path=Root path
-config.ssh.keygen_path=Keygen path
-config.ssh.key_test_path=Key test path
-config.ssh.minimum_key_size_check=Minimum key size check
-config.ssh.minimum_key_sizes=Minimum key sizes
-config.ssh.rewrite_authorized_keys_at_start=Rewrite "authorized_keys" at start
-config.ssh.start_builtin_server=Start builtin server
-config.ssh.listen_host=Listen host
-config.ssh.listen_port=Listen port
-config.ssh.server_ciphers=Server ciphers
-config.ssh.server_macs=Server MACs
+config.ssh.domain=Tên miền tiếp xúc
+config.ssh.port=Cổng công khai
+config.ssh.root_path=Đường dẫn root
+config.ssh.keygen_path=Đường dẫn keygen
+config.ssh.key_test_path=Đường dẫn kiểm tra chính
+config.ssh.minimum_key_size_check=Kiểm tra kích thước khóa tối thiểu
+config.ssh.minimum_key_sizes=Kích thước khóa tối thiểu
+config.ssh.rewrite_authorized_keys_at_start=Viết lại "authorized_keys" khi bắt đầu
+config.ssh.start_builtin_server=Bắt đầu máy chủ dựng sẵn
+config.ssh.listen_host=Máy chủ lắng nghe
+config.ssh.listen_port=Cổng lắng nghe
+config.ssh.server_ciphers=Mật mã máy chủ
+config.ssh.server_macs=Địa chỉ MACs máy chủ

 config.repo_config=Cấu hình kho
-config.repo.root_path=Root path
-config.repo.script_type=Script type
-config.repo.ansi_chatset=ANSI charset
-config.repo.force_private=Force private
-config.repo.max_creation_limit=Max creation limit
-config.repo.preferred_licenses=Preferred licenses
+config.repo.root_path=Đường dẫn Root
+config.repo.script_type=Kiểu script
+config.repo.ansi_chatset=Bộ ký tự ANSI
+config.repo.force_private=Bắc buộc riêng tư
+config.repo.max_creation_limit=Giới hạn số lượng tạo
+config.repo.preferred_licenses=Giấy phép ưu tiên
 config.repo.disable_http_git=Vô hiệu hóa HTTP Git
-config.repo.enable_local_path_migration=Enable local path migration
-config.repo.enable_raw_file_render_mode=Enable raw file render mode
-config.repo.commits_fetch_concurrency=Commits fetch concurrency
-config.repo.editor.line_wrap_extensions=Editor line wrap extensions
-config.repo.editor.previewable_file_modes=Editor previewable file modes
-config.repo.upload.enabled=Upload enabled
-config.repo.upload.temp_path=Upload temporary path
-config.repo.upload.allowed_types=Upload allowed types
-config.repo.upload.file_max_size=Upload file size limit
-config.repo.upload.max_files=Upload files limit
+config.repo.enable_local_path_migration=Kích hoạt di cư đường dẫn địa phương
+config.repo.enable_raw_file_render_mode=Bật chế độ hiển thị tệp thô
+config.repo.commits_fetch_concurrency=Cam kết tìm nạp đồng thời
+config.repo.editor.line_wrap_extensions=Tiện ích mở rộng dòng trình chỉnh sửa
+config.repo.editor.previewable_file_modes=Chế độ tệp có thể xem trước của trình chỉnh sửa
+config.repo.upload.enabled=Tải lên đã được bật
+config.repo.upload.temp_path=Đường dẫn tải lên tạm thời
+config.repo.upload.allowed_types=Các kiểu được phép tải lên
+config.repo.upload.file_max_size=Giới hạn dung lượng tập tin tải lên
+config.repo.upload.max_files=Giới hạn số lượng tập tin tải lên

 config.db_config=Cấu hình Cơ sỡ dữ liệu
-config.db.type=Type
+config.db.type=Loại
 config.db.host=Host
-config.db.name=Name
-config.db.schema=Schema
-config.db.schema_helper=(for "postgres" only)
-config.db.user=User
-config.db.ssl_mode=SSL mode
-config.db.ssl_mode_helper=(for "postgres" only)
+config.db.name=Tên
+config.db.schema=Lược đồ
+config.db.schema_helper=(chỉ cho "postgres")
+config.db.user=Người dùng
+config.db.ssl_mode=Chế độ SSL
+config.db.ssl_mode_helper=(chỉ cho "postgres")
 config.db.path=Đường dẫn
 config.db.path_helper=(chỉ cho phép "sqlite3")
-config.db.max_open_conns=Maximum open connections
-config.db.max_idle_conns=Maximum idle connections
+config.db.max_open_conns=Kết nối mở tối đa
+config.db.max_idle_conns=Kết nối không hoạt động tối đa

-config.security_config=Security configuration
-config.security.login_remember_days=Login remember days
+config.security_config=Cấu hình bảo mật
+config.security.login_remember_days=Số ngày lưu trữ đăng nhập
 config.security.cookie_remember_name=Remember cookie
 config.security.cookie_username=Username cookie
 config.security.cookie_secure=Enable secure cookie
@@ -1280,11 +1280,11 @@ config.auth.enable_reverse_proxy_authentication=Enable reverse proxy authenticat
 config.auth.enable_reverse_proxy_auto_registration=Enable reverse proxy auto registration
 config.auth.reverse_proxy_authentication_header=Reverse proxy authentication header

-config.user_config=User configuration
-config.user.enable_email_notify=Enable email notification
+config.user_config=Cấu hình người dùng
+config.user.enable_email_notify=Bật thông báo qua Email

 config.session_config=Cấu hình session
-config.session.provider=Provider
+config.session.provider=Nhà cung cấp
 config.session.provider_config=Provider config
 config.session.cookie_name=Cookie
 config.session.https_only=Chỉ HTTPS
--- a/conf/locale/locale_zh-CN.ini
+++ b/conf/locale/locale_zh-CN.ini
@@ -634,7 +634,7 @@ pulls.nothing_merge_base=由于两个分支各自拥有完全不同的提交历
 pulls.has_pull_request=`已经存在目标分支的合并请求：<a href="%[1]s/pulls/%[3]d">%[2]s#%[3]d</a>`
 pulls.create=创建合并请求
 pulls.title_desc=请求将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code>%[3]s</code>
-pulls.merged_title_desc=于 %[4]s 将 %[1]d 次代码提交从 <code>%[2]s</code>合并至 <code>%[3]s</code> 
+pulls.merged_title_desc=于 %[4]s 将 %[1]d 次代码提交从 <code>%[2]s</code>合并至 <code>%[3]s</code>
 pulls.tab_conversation=对话内容
 pulls.tab_commits=代码提交
 pulls.tab_files=文件变动
@@ -816,7 +816,7 @@ settings.githook_edit_desc=如果钩子未启动，则会显示样例文件中
 settings.githook_name=钩子名称
 settings.githook_content=钩子文本
 settings.update_githook=更新钩子设置
-settings.add_webhook_desc=我们会通过 <code>POST</code> 请求将订阅事件信息发送至向指定 URL 地址。您可以设置不同的数据接收方式（JSON 或 <code>x-www-form-urlencoded</code>）。 请查阅 <a target="_blank" href="%s">Webhooks 文档</a> 获取更多信息。 
+settings.add_webhook_desc=我们会通过 <code>POST</code> 请求将订阅事件信息发送至向指定 URL 地址。您可以设置不同的数据接收方式（JSON 或 <code>x-www-form-urlencoded</code>）。 请查阅 <a target="_blank" href="%s">Webhooks 文档</a> 获取更多信息。
 settings.payload_url=推送地址
 settings.content_type=数据格式
 settings.secret=密钥文本
--- a/docker/Dockerfile.rpi
+++ b/docker/Dockerfile.rpi
@@ -1,45 +0,0 @@
-FROM arm32v7/golang:1.14-alpine3.14 AS binarybuilder
-RUN apk --no-cache --no-progress add --virtual \
-  build-deps \
-  build-base \
-  git \
-  linux-pam-dev
-
-WORKDIR /gogs.io/gogs
-COPY . .
-RUN make build TAGS="cert pam"
-
-FROM arm32v7/alpine:3.14
-RUN wget https://github.com/tianon/gosu/releases/download/1.12/gosu-armhf -O /usr/sbin/gosu \
-  && chmod +x /usr/sbin/gosu \
-  && echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
-  && apk --no-cache --no-progress add \
-  bash \
-  ca-certificates \
-  curl \
-  git \
-  linux-pam \
-  openssh \
-  s6 \
-  shadow \
-  socat \
-  tzdata \
-  rsync
-
-ENV GOGS_CUSTOM /data/gogs
-
-# Configure LibC Name Service
-COPY docker/nsswitch.conf /etc/nsswitch.conf
-
-WORKDIR /app/gogs
-COPY docker ./docker
-COPY --from=binarybuilder /gogs.io/gogs/gogs .
-
-RUN ./docker/finalize.sh
-
-# Configure Docker Container
-VOLUME ["/data", "/backup"]
-EXPOSE 22 3000
-HEALTHCHECK CMD (nc -z -w 3 localhost 22 && curl -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
-ENTRYPOINT ["/app/gogs/docker/start.sh"]
-CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"]
--- a/docker/README.md
+++ b/docker/README.md
@@ -6,8 +6,6 @@ Visit [Docker Hub](https://hub.docker.com/u/gogs) or [GitHub Container registry]

 ## Usage

-ℹ️ Please use `gogs/gogs-rpi` if you're using Raspberry Pis!
-
 To keep your data out of Docker container, we do a volume (`/var/gogs` -> `/data`) here, and you can change it based on your situation.

 ```sh
@@ -61,7 +59,7 @@ $ docker run --name=gogs -p 10022:22 -p 10880:3000 -v gogs-data:/data gogs/gogs
 Most of the settings are obvious and easy to understand, but there are some settings can be confusing by running Gogs inside Docker:

 - **Repository Root Path**: keep it as default value `/home/git/gogs-repositories` because `start.sh` already made a symbolic link for you.
- **Run User**: keep it as default value `git` because `finalize.sh` already setup a user with name `git`.
+- **Run User**: keep it as default value `git` because `build/finalize.sh` already setup a user with name `git`.
 - **Domain**: fill in with Docker container IP (e.g. `192.168.99.100`). But if you want to access your Gogs instance from a different physical machine, please fill in with the hostname or IP address of the Docker host machine.
 - **SSH Port**: Use the exposed port from Docker container. For example, your SSH server listens on `22` inside Docker, **but** you expose it by `10022:22`, then use `10022` for this value. **Builtin SSH server is not recommended inside Docker Container**
 - **HTTP Port**: Use port you want Gogs to listen on inside Docker container. For example, your Gogs listens on `3000` inside Docker, **and** you expose it by `10880:3000`, but you still use `3000` for this value.
@@ -122,6 +120,14 @@ This container has some options available via environment variables, these optio
  - <u>Action:</u>
      Used by backup system. If defined, supplies `--exclude-repos` argument to `gogs backup`.\
      See: [Backup System](#backup-system)
+- **BACKUP_EXTRA_ARGS**:
+  - <u>Possible value:</u>
+      `--verbose --exclude-mirror-repos`
+  - <u>Default:</u>
+      `null`
+  - <u>Action:</u>
+      Used by backup system. If defined, append content to arguments to `gogs backup`.\
+      See: [Backup System](#backup-system)

 ## Backup system

--- a/docker/build/finalize.sh
+++ b/docker/build/finalize.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -xe
+
+# Install gosu
+if [ "$(uname -m)" = "aarch64" ]; then
+  export arch='arm64'
+  export checksum='c3805a85d17f4454c23d7059bcb97e1ec1af272b90126e79ed002342de08389b'
+elif [ "$(uname -m)" = "armv7l" ]; then
+  export arch='armhf'
+  export checksum='e5866286277ff2a2159fb9196fea13e0a59d3f1091ea46ddb985160b94b6841b'
+else
+  export arch='amd64'
+  export checksum='bbc4136d03ab138b1ad66fa4fc051bafc6cc7ffae632b069a53657279a450de3'
+fi
+
+wget --quiet https://github.com/tianon/gosu/releases/download/1.17/gosu-${arch} -O /usr/sbin/gosu
+echo "${checksum}  /usr/sbin/gosu" | sha256sum -cs
+chmod +x /usr/sbin/gosu
+
+# Create git user for Gogs
+addgroup -S git
+adduser -G git -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && usermod -p '*' git && passwd -u git
+echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" >> /etc/profile
+
+# Final cleaning
+rm -rf /app/gogs/build
+rm -rf /app/gogs/docker/build
+rm /app/gogs/docker/nsswitch.conf
+rm /app/gogs/docker/README.md
--- a/docker/build/install-task.sh
+++ b/docker/build/install-task.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -xe
+
+if [ "$(uname -m)" = "aarch64" ]; then
+  export arch='arm64'
+  export checksum='17f325293d08f6f964e0530842e9ef1410dd5f83ee6475b493087391032b0cfd'
+elif [ "$(uname -m)" = "armv7l" ]; then
+  export arch='arm'
+  export checksum='e5b0261e9f6563ce3ace9e038520eb59d2c77c8d85f2b47ab41e1fe7cf321528'
+else
+  export arch='amd64'
+  export checksum='a35462ec71410cccfc428072de830e4478bc57a919d0131ef7897759270dff8f'
+fi
+
+wget --quiet https://github.com/go-task/task/releases/download/v3.40.1/task_linux_${arch}.tar.gz -O task_linux_${arch}.tar.gz
+echo "${checksum}  task_linux_${arch}.tar.gz" | sha256sum -cs
+
+tar -xzf task_linux_${arch}.tar.gz
+mv task /usr/local/bin/task
--- a/docker/finalize.sh
+++ b/docker/finalize.sh
@@ -1,16 +0,0 @@
-#!/bin/sh
-# Finalize the build
-
-set -x
-set -e
-
-# Create git user for Gogs
-addgroup -S git
-adduser -G git -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && usermod -p '*' git && passwd -u git
-echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" >> /etc/profile
-
-# Final cleaning
-rm -rf /app/gogs/build
-rm /app/gogs/docker/finalize.sh
-rm /app/gogs/docker/nsswitch.conf
-rm /app/gogs/docker/README.md
--- a/docker/runtime/backup-job.sh
+++ b/docker/runtime/backup-job.sh
@@ -4,6 +4,7 @@ execute_backup_job() {
 	BACKUP_ARG_PATH="${1:-}"
 	BACKUP_ARG_CONFIG="${BACKUP_ARG_CONFIG:-}"
 	BACKUP_ARG_EXCLUDE_REPOS="${BACKUP_ARG_EXCLUDE_REPOS:-}"
+	BACKUP_EXTRA_ARGS="${BACKUP_EXTRA_ARGS:-}"
 	cd "/app/gogs" || exit 1

 	BACKUP_ARGS="--target=${BACKUP_ARG_PATH}"
@@ -16,7 +17,13 @@ execute_backup_job() {
 		BACKUP_ARGS="${BACKUP_ARGS} --exclude-repos=${BACKUP_ARG_EXCLUDE_REPOS}"
 	fi

-	./gogs backup "${BACKUP_ARGS}" || echo "Error: Backup job returned non-successful code." && exit 1
+	if [ -n "${BACKUP_EXTRA_ARGS}" ]; then
+		BACKUP_ARGS="${BACKUP_ARGS} ${BACKUP_EXTRA_ARGS}"
+	fi
+
+	# NOTE: We actually need word splitting to be able to pass multiple arguments.
+	# shellcheck disable=SC2086
+	./gogs backup ${BACKUP_ARGS} || echo "Error: Backup job returned non-successful code." && exit 1
 }

 main() {
--- a/docker/s6/.s6-svscan/finish
+++ b/docker/s6/.s6-svscan/finish
@@ -1,5 +1,5 @@
 #!/bin/sh

-# Cleanup SOCAT services and s6 event folder
+# Cleanup SOCAT services and s6 event folder
 rm -rf "$(find /app/gogs/docker/s6/ -name 'event')"
 rm -rf /app/gogs/docker/s6/SOCAT_*
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -6,7 +6,7 @@ create_socat_links() {
    while read -r NAME ADDR PORT; do
        if test -z "$NAME$ADDR$PORT"; then
            continue
-        elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then
+        elif echo "$USED_PORT" | grep -E "(^|:)$PORT($|:)" > /dev/null; then
            echo "init:socat  | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2
        else
            SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT}
@@ -79,5 +79,5 @@ fi
 if [ $# -gt 0 ];then
    exec "$@"
 else
-    exec /bin/s6-svscan /app/gogs/docker/s6/
+    exec /usr/bin/s6-svscan /app/gogs/docker/s6/
 fi
--- a/docs/admin/release_strategy.md
+++ b/docs/admin/release_strategy.md
@@ -0,0 +1,33 @@
+# Release strategy
+
+## Semantic versioning
+
+Starting 0.12.0, Gogs uses [semantic versioning](https://semver.org/) for publishing releases. For example:
+
+- `0.12.0` is a minor version release.
+- `0.12.1` is the first patch release of `0.12`.
+- `0.12` indicates a series of releases for a minor version and its patch releases.
+
+Each minor release has its own release branch with prefix `release/`, e.g. `release/0.12` is the release branch for minor version 0.12.0 and all its patch releases (`0.12.1`, `0.12.2`, etc.).
+
+## Backwards compatibility
+
+### Before 0.12
+
+If you're running Gogs with any version below 0.12, please upgrade to 0.12 to run necessary migrations.
+
+### Since 0.12
+
+We maintain one minor version backwards compatibility, patch releases are disregarded.
+
+For example, you should:
+
+- Upgrade from `0.12.0` to `0.13.0`.
+- Upgrade from `0.12.1` to `0.13.4`.
+- NOT upgrade from `0.12.4` to `0.14.0`.
+
+Therefore, we recommend upgrade one minor version at a time.
+
+### Running source builds
+
+If you're running Gogs with building from source code, we recommend you update at least weekly to be not fall behind and potentially miss migrations.
--- a/docs/dev/database_schema.md
+++ b/docs/dev/database_schema.md
@@ -0,0 +1,102 @@
+# Table "access"
+
+```
+  FIELD  | COLUMN  |   POSTGRESQL    |         MYSQL         |     SQLITE3       
+---------+---------+-----------------+-----------------------+-------------------
+  ID     | id      | BIGSERIAL       | BIGINT AUTO_INCREMENT | INTEGER           
+  UserID | user_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL  
+  RepoID | repo_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL  
+  Mode   | mode    | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL  
+
+Primary keys: id
+Indexes: 
+	"access_user_repo_unique" UNIQUE (user_id, repo_id)
+```
+
+# Table "access_token"
+
+```
+     FIELD    |    COLUMN    |         POSTGRESQL          |            MYSQL            |           SQLITE3            
+--------------+--------------+-----------------------------+-----------------------------+------------------------------
+  ID          | id           | BIGSERIAL                   | BIGINT AUTO_INCREMENT       | INTEGER                      
+  UserID      | uid          | BIGINT                      | BIGINT                      | INTEGER                      
+  Name        | name         | TEXT                        | LONGTEXT                    | TEXT                         
+  Sha1        | sha1         | VARCHAR(40) UNIQUE          | VARCHAR(40) UNIQUE          | VARCHAR(40) UNIQUE           
+  SHA256      | sha256       | VARCHAR(64) NOT NULL UNIQUE | VARCHAR(64) NOT NULL UNIQUE | VARCHAR(64) NOT NULL UNIQUE  
+  CreatedUnix | created_unix | BIGINT                      | BIGINT                      | INTEGER                      
+  UpdatedUnix | updated_unix | BIGINT                      | BIGINT                      | INTEGER                      
+
+Primary keys: id
+Indexes: 
+	"idx_access_token_user_id" (uid)
+```
+
+# Table "action"
+
+```
+     FIELD     |     COLUMN     |           POSTGRESQL           |             MYSQL              |            SQLITE3              
+---------------+----------------+--------------------------------+--------------------------------+---------------------------------
+  ID           | id             | BIGSERIAL                      | BIGINT AUTO_INCREMENT          | INTEGER                         
+  UserID       | user_id        | BIGINT                         | BIGINT                         | INTEGER                         
+  OpType       | op_type        | BIGINT                         | BIGINT                         | INTEGER                         
+  ActUserID    | act_user_id    | BIGINT                         | BIGINT                         | INTEGER                         
+  ActUserName  | act_user_name  | TEXT                           | LONGTEXT                       | TEXT                            
+  RepoID       | repo_id        | BIGINT                         | BIGINT                         | INTEGER                         
+  RepoUserName | repo_user_name | TEXT                           | LONGTEXT                       | TEXT                            
+  RepoName     | repo_name      | TEXT                           | LONGTEXT                       | TEXT                            
+  RefName      | ref_name       | TEXT                           | LONGTEXT                       | TEXT                            
+  IsPrivate    | is_private     | BOOLEAN NOT NULL DEFAULT FALSE | BOOLEAN NOT NULL DEFAULT FALSE | NUMERIC NOT NULL DEFAULT FALSE  
+  Content      | content        | TEXT                           | LONGTEXT                       | TEXT                            
+  CreatedUnix  | created_unix   | BIGINT                         | BIGINT                         | INTEGER                         
+
+Primary keys: id
+Indexes: 
+	"idx_action_repo_id" (repo_id)
+	"idx_action_user_id" (user_id)
+```
+
+# Table "follow"
+
+```
+   FIELD   |  COLUMN   |   POSTGRESQL    |         MYSQL         |     SQLITE3       
+-----------+-----------+-----------------+-----------------------+-------------------
+  ID       | id        | BIGSERIAL       | BIGINT AUTO_INCREMENT | INTEGER           
+  UserID   | user_id   | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL  
+  FollowID | follow_id | BIGINT NOT NULL | BIGINT NOT NULL       | INTEGER NOT NULL  
+
+Primary keys: id
+Indexes: 
+	"follow_user_follow_unique" UNIQUE (user_id, follow_id)
+```
+
+# Table "lfs_object"
+
+```
+    FIELD   |   COLUMN   |      POSTGRESQL      |        MYSQL         |      SQLITE3       
+------------+------------+----------------------+----------------------+--------------------
+  RepoID    | repo_id    | BIGINT               | BIGINT               | INTEGER            
+  OID       | oid        | TEXT                 | VARCHAR(191)         | TEXT               
+  Size      | size       | BIGINT NOT NULL      | BIGINT NOT NULL      | INTEGER NOT NULL   
+  Storage   | storage    | TEXT NOT NULL        | LONGTEXT NOT NULL    | TEXT NOT NULL      
+  CreatedAt | created_at | TIMESTAMPTZ NOT NULL | DATETIME(3) NOT NULL | DATETIME NOT NULL  
+
+Primary keys: repo_id, oid
+```
+
+# Table "login_source"
+
+```
+     FIELD    |    COLUMN    |    POSTGRESQL    |         MYSQL         |     SQLITE3       
+--------------+--------------+------------------+-----------------------+-------------------
+  ID          | id           | BIGSERIAL        | BIGINT AUTO_INCREMENT | INTEGER           
+  Type        | type         | BIGINT           | BIGINT                | INTEGER           
+  Name        | name         | TEXT UNIQUE      | VARCHAR(191) UNIQUE   | TEXT UNIQUE       
+  IsActived   | is_actived   | BOOLEAN NOT NULL | BOOLEAN NOT NULL      | NUMERIC NOT NULL  
+  IsDefault   | is_default   | BOOLEAN          | BOOLEAN               | NUMERIC           
+  Config      | cfg          | TEXT             | TEXT                  | TEXT              
+  CreatedUnix | created_unix | BIGINT           | BIGINT                | INTEGER           
+  UpdatedUnix | updated_unix | BIGINT           | BIGINT                | INTEGER           
+
+Primary keys: id
+```
+
--- a/docs/dev/import_locale.md
+++ b/docs/dev/import_locale.md
@@ -0,0 +1,16 @@
+# Import locales from Crowdin
+
+1. Download the ZIP archive from [Crowdin](https://crowdin.gogs.io/) and unzip it.
+1. Go to root directory of the repository.
+1. Run the `import` subcommand:
+
+    ```
+    $ ./gogs import locale --source <path to the unzipped directory> --target ./conf/locale
+    Locale files has been successfully imported!
+    ```
+
+1. Run `task web` to start the web server, then visit the site in the browser to make sure nothing blows up.
+1. Check out a new branch using `git checkout -b update-locales`.
+1. Stage changes
+1. Run `git commit -m "locale: sync from Crowdin"`.
+1. Push the commit then open up a pull request on GitHub.
--- a/docs/dev/local_development.md
+++ b/docs/dev/local_development.md
@@ -1,6 +1,4 @@
-# Getting started with developing Gogs
-
-> This document is driven from https://docs.sourcegraph.com/dev/local_development.
+# Set up your development environment

 Gogs is written in [Go](https://golang.org/), please take [A Tour of Go](https://tour.golang.org/) if you haven't done so!

@@ -23,9 +21,11 @@ Gogs is built and runs as a single binary and meant to be cross platform. Theref
 Gogs has the following dependencies:

 - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) (v1.8.3 or higher)
- [Go](https://golang.org/doc/install) (v1.14 or higher)
+- [Go](https://golang.org/doc/install) (v1.18 or higher)
 - [Less.js](http://lesscss.org/usage/#command-line-usage-installing)
- [GNU Make](https://www.gnu.org/software/make/)
+- [Task](https://github.com/go-task/task) (v3)
+- [goimports](https://pkg.go.dev/golang.org/x/tools/cmd/goimports)
+- [go-mockgen](https://github.com/derision-test/go-mockgen)
 - Database upon your choice (pick one, we choose PostgreSQL in this document):
    - [PostgreSQL](https://wiki.postgresql.org/wiki/Detailed_installation_guides) (v9.6 or higher)
    - [MySQL](https://dev.mysql.com/downloads/mysql/) with `ENGINE=InnoDB` (v5.7 or higher)
@@ -38,9 +38,11 @@ Gogs has the following dependencies:
 1. Install dependencies:

    ```bash
-    brew install go postgresql git go-bindata npm
+    brew install go postgresql git npm go-task/tap/go-task
    npm install -g less
    npm install -g less-plugin-clean-css
+    go install github.com/derision-test/go-mockgen/cmd/go-mockgen@v1.3.3
+    go install golang.org/x/tools/cmd/goimports@latest
    ```

 1. Configure PostgreSQL to start automatically:
@@ -76,8 +78,9 @@ Gogs has the following dependencies:
    ```bash
    sudo apt install -y make git-all postgresql postgresql-contrib golang-go nodejs
    npm install -g less
-    # Watch out, it is not github.com/go-bindata/go-bindata!
-    go get -u github.com/kevinburke/go-bindata/...
+    go install github.com/go-task/task/v3/cmd/task@latest
+    go install github.com/derision-test/go-mockgen/cmd/go-mockgen@v1.3.3
+    go install golang.org/x/tools/cmd/goimports@latest
    ```

 1. Configure startup services:
@@ -122,7 +125,7 @@ Generally, you don't need a full clone, so set `--depth` to `10`:
 git clone --depth 10 https://github.com/gogs/gogs.git
 ```

-**NOTE** The repository has Go Modules enabled, please clone to somewhere outside of your `$GOPATH`.
+**NOTE** The repository has Go modules enabled, please clone to somewhere outside of your `$GOPATH`.

 ## Step 4: Configure database settings

@@ -130,21 +133,23 @@ Create a `custom/conf/app.ini` file inside the repository and put the following

 ```ini
 [database]
-DB_TYPE = postgres
+TYPE = postgres
 HOST = 127.0.0.1:5432
 NAME = gogs
 USER = gogs
-PASSWD = <YOUR PASSWORD HERE>
+PASSWORD = <YOUR PASSWORD HERE>
 SSL_MODE = disable
 ```

 ## Step 5: Start the server

+The following command will start the web server and automatically recompile and restart the server if any Go files changed:
+
 ```bash
-make web
+task web --watch
 ```

-You would have to re-run this command after changing Go files, or any file under `conf/`, `template/` and `public/` directories.
+**NOTE** If you changed any file under `conf/`, `template/` or `public/` directory, be sure to run `task generate` afterwards!

 ## Other nice things

@@ -161,7 +166,7 @@ LOAD_ASSETS_FROM_DISK = true

 ### Offline development

-Sometimes you will want to develop Gogs but it just so happens you will be on a plane or a train or perhaps a beach, and you will have no WiFi. And you may raise your fist toward heaven and say something like, "Why, we can put a man on the moon, so why can't we develop high-quality Git hosting without an Internet connection?" But lower your hand back to your keyboard and fret no further, for the year is 2020, and you *can* develop Gogs with no connectivity by setting the following configuration in your `custom/conf/app.ini`:
+Sometimes you will want to develop Gogs but it just so happens you will be on a plane or a train or perhaps a beach, and you will have no WiFi. And you may raise your fist toward heaven and say something like, "Why, we can put a man on the moon, so why can't we develop high-quality Git hosting without an Internet connection?" But lower your hand back to your keyboard and fret no further, you *can* develop Gogs with no connectivity by setting the following configuration in your `custom/conf/app.ini`:

 ```ini
 [server]
--- a/docs/dev/release/release_new_version.md
+++ b/docs/dev/release/release_new_version.md
@@ -0,0 +1,80 @@
+# Release a new version
+
+- To release a new minor version, use the GitHub issue template [Dev: Release a minor version](https://github.com/gogs/gogs/issues/new?title=Release+<MAJOR>.<MINOR>.0&labels=%F0%9F%93%B8%20release&template=dev_release_minor_version.md).
+- To release a new patch version, use the GitHub issue template [Dev: Release a patch version](https://github.com/gogs/gogs/issues/new?title=Release+<MAJOR>.<MINOR>.<PATCH>&labels=%F0%9F%93%B8%20release&template=dev_release_patch_version.md).
+
+## Playbooks
+
+### Update Docker image tag
+
+1. Pull down images and create a manifest:
+	```sh
+	$ export VERSION=0.12.4
+	$ export MINOR_RELEASE=0.12
+
+	$ docker pull --platform linux/amd64 gogs/gogs:${VERSION}
+	$ docker tag gogs/gogs:${VERSION} gogs/gogs:${MINOR_RELEASE}-amd64
+	$ docker push gogs/gogs:${MINOR_RELEASE}-amd64
+	$ docker pull --platform linux/arm64 gogs/gogs:${VERSION}
+	$ docker tag gogs/gogs:${VERSION} gogs/gogs:${MINOR_RELEASE}-arm64
+	$ docker push gogs/gogs:${MINOR_RELEASE}-arm64
+	$ docker pull --platform linux/arm/v7 gogs/gogs:${VERSION}
+	$ docker tag gogs/gogs:${VERSION} gogs/gogs:${MINOR_RELEASE}-armv7
+	$ docker push gogs/gogs:${MINOR_RELEASE}-armv7
+
+	$ docker manifest rm gogs/gogs:${MINOR_RELEASE}
+	$ docker manifest create \
+		gogs/gogs:${MINOR_RELEASE} \
+		gogs/gogs:${MINOR_RELEASE}-amd64 \
+		gogs/gogs:${MINOR_RELEASE}-arm64 \
+		gogs/gogs:${MINOR_RELEASE}-armv7
+	$ docker manifest push gogs/gogs:${MINOR_RELEASE}
+
+	# Only push "linux/amd64" for now
+	$ echo ${GITHUB_CR_PAT} | docker login ghcr.io -u <USERNAME> --password-stdin
+	$ docker tag gogs/gogs:${MINOR_RELEASE}-amd64 ghcr.io/gogs/gogs:${MINOR_RELEASE}
+	$ docker push ghcr.io/gogs/gogs:${MINOR_RELEASE}
+	```
+2. Delete ephemeral tags from the [Docker Hub](https://hub.docker.com/repository/docker/gogs/gogs/tags).
+
+### Compile and pack binaries
+
+All commands are starting at the repository root.
+
+- macOS:
+	```sh
+	# Produce the ZIP archive
+	$ TAGS=cert task release
+	```
+- Linux:
+	```sh
+	# Produce the ZIP archive
+	$ TAGS="cert pam" task release
+
+	# Produce the Tarball
+	$ export VERSION=0.12.4
+	$ cd release && tar czf gogs_${VERSION}_linux_$(go env GOARCH).tar.gz gogs
+	```
+- ARMv7:
+	```sh
+	# Produce the ZIP archive
+	$ TAGS="cert pam" task release
+
+	# Produce the Tarball
+	$ export VERSION=0.12.4
+	$ cd release && tar czf gogs_${VERSION}_linux_armv7.tar.gz gogs
+	```
+- ARMv8:
+	```sh
+	# Produce the ZIP archive
+	$ TAGS="cert pam" task release
+
+	# Produce the Tarball
+	$ export VERSION=0.12.4
+	$ cd release && tar czf gogs_${VERSION}_linux_armv8.tar.gz gogs
+	```
+- Windows:
+	```sh
+	$ TAGS=cert task release
+	$ TAGS="cert minwinsvc" task release --force
+	```
--- a/docs/dev/release/sha256.sh
+++ b/docs/dev/release/sha256.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+cd gogs || exit # "gogs" is the directory that stores all release archives
+for file in *
+do
+    if [ -f "$file" ]; then
+        shasum -a 256 "$file" >> checksum_sha256.txt
+    fi
+done
--- a/gen.go
+++ b/gen.go
@@ -0,0 +1,8 @@
+// Copyright 2022 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package main
+
+//go:generate go install golang.org/x/tools/cmd/goimports@v0.33.0
+//go:generate go run github.com/unknwon/go-mockgen/cmd/go-mockgen@v0.0.0-20251002032800-a9a94b119e3b
--- a/go.mod
+++ b/go.mod
@@ -1,76 +1,147 @@
 module gogs.io/gogs

-go 1.14
+go 1.18

 require (
-	github.com/Masterminds/semver/v3 v3.1.0
-	github.com/bgentry/speakeasy v0.1.0 // indirect
-	github.com/denisenkom/go-mssqldb v0.0.0-20200206145737-bbfc9a55622e // indirect
-	github.com/editorconfig/editorconfig-core-go/v2 v2.3.2
-	github.com/fatih/color v1.9.0 // indirect
-	github.com/go-macaron/binding v1.1.0
+	github.com/Masterminds/semver/v3 v3.2.0
+	github.com/derision-test/go-mockgen v1.3.7
+	github.com/editorconfig/editorconfig-core-go/v2 v2.5.1
+	github.com/go-ldap/ldap/v3 v3.4.4
+	github.com/go-macaron/binding v1.2.0
 	github.com/go-macaron/cache v0.0.0-20190810181446-10f7c57e2196
 	github.com/go-macaron/captcha v0.2.0
 	github.com/go-macaron/csrf v0.0.0-20190812063352-946f6d303a4c
 	github.com/go-macaron/gzip v0.0.0-20160222043647-cad1c6580a07
-	github.com/go-macaron/i18n v0.5.0
+	github.com/go-macaron/i18n v0.6.0
 	github.com/go-macaron/session v0.0.0-20190805070824-1a3cdc6f5659
 	github.com/go-macaron/toolbox v0.0.0-20190813233741-94defb8383c6
-	github.com/go-sql-driver/mysql v1.5.0 // indirect
 	github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561
 	github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14
-	github.com/gogs/git-module v1.1.2
+	github.com/gogs/git-module v1.8.4
 	github.com/gogs/go-gogs-client v0.0.0-20200128182646-c69cb7680fd4
 	github.com/gogs/go-libravatar v0.0.0-20191106065024-33a75213d0a0
 	github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a
 	github.com/google/go-github v17.0.0+incompatible
-	github.com/google/go-querystring v1.0.0 // indirect
-	github.com/issue9/identicon v1.0.1
+	github.com/issue9/identicon v1.2.1
 	github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43
-	github.com/jinzhu/gorm v1.9.12
 	github.com/json-iterator/go v1.1.12
-	github.com/klauspost/compress v1.8.6 // indirect
-	github.com/klauspost/cpuid v1.2.1 // indirect
-	github.com/lib/pq v1.3.0 // indirect
-	github.com/mattn/go-isatty v0.0.12 // indirect
-	github.com/mattn/go-runewidth v0.0.4 // indirect
-	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
-	github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2 // indirect
-	github.com/microcosm-cc/bluemonday v1.0.4
+	github.com/microcosm-cc/bluemonday v1.0.22
 	github.com/msteinert/pam v0.0.0-20190215180659-f29b9f28d6f9
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
-	github.com/niklasfasching/go-org v0.1.9
-	github.com/olekukonko/tablewriter v0.0.1 // indirect
+	github.com/niklasfasching/go-org v1.6.5
+	github.com/olekukonko/tablewriter v0.0.5
 	github.com/pkg/errors v0.9.1
-	github.com/pquerna/otp v1.2.0
-	github.com/prometheus/client_golang v1.6.0
-	github.com/russross/blackfriday v1.5.2
-	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
+	github.com/pquerna/otp v1.3.0
+	github.com/prometheus/client_golang v1.14.0
+	github.com/russross/blackfriday v1.6.0
 	github.com/satori/go.uuid v1.2.0
-	github.com/sergi/go-diff v1.1.0
-	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
-	github.com/stretchr/testify v1.6.1
-	github.com/t-tiger/gorm-bulk-insert v1.3.0
+	github.com/sergi/go-diff v1.3.1
+	github.com/sourcegraph/run v0.12.0
+	github.com/stretchr/testify v1.10.0
 	github.com/unknwon/cae v1.0.2
 	github.com/unknwon/com v1.0.1
 	github.com/unknwon/i18n v0.0.0-20190805065654-5c6446a380b6
 	github.com/unknwon/paginater v0.0.0-20170405233947-45e5d631308e
-	github.com/urfave/cli v1.22.4
-	golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29
-	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2
-	golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
-	golang.org/x/text v0.3.6
-	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
+	github.com/urfave/cli v1.22.16
+	golang.org/x/crypto v0.31.0
+	golang.org/x/net v0.33.0
+	golang.org/x/text v0.21.0
+	gopkg.in/DATA-DOG/go-sqlmock.v2 v2.0.0-20180914054222-c19298f520d0
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
-	gopkg.in/ini.v1 v1.56.0
-	gopkg.in/ldap.v2 v2.5.1
-	gopkg.in/macaron.v1 v1.3.9
-	unknwon.dev/clog/v2 v2.1.2
+	gopkg.in/ini.v1 v1.67.0
+	gopkg.in/macaron.v1 v1.4.0
+	gorm.io/driver/mysql v1.4.7
+	gorm.io/driver/postgres v1.4.8
+	gorm.io/driver/sqlite v1.4.2
+	gorm.io/driver/sqlserver v1.4.1
+	gorm.io/gorm v1.24.5
+	modernc.org/sqlite v1.20.4
+	unknwon.dev/clog/v2 v2.2.0
 	xorm.io/builder v0.3.6
 	xorm.io/core v0.7.2
 	xorm.io/xorm v0.8.0
 )

-// +heroku goVersion go1.14
+require (
+	bitbucket.org/creachadair/shell v0.0.7 // indirect
+	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect
+	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bgentry/speakeasy v0.1.0 // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/denisenkom/go-mssqldb v0.12.0 // indirect
+	github.com/djherbis/buffer v1.2.0 // indirect
+	github.com/djherbis/nio/v3 v3.0.1 // indirect
+	github.com/dustin/go-humanize v1.0.0 // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 // indirect
+	github.com/go-sql-driver/mysql v1.7.0 // indirect
+	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
+	github.com/golang-sql/sqlexp v0.1.0 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-querystring v1.0.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/gorilla/css v1.0.0 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/itchyny/gojq v0.12.11 // indirect
+	github.com/itchyny/timefmt-go v0.1.5 // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
+	github.com/jackc/pgx/v5 v5.3.0 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/klauspost/compress v1.8.6 // indirect
+	github.com/klauspost/cpuid v1.2.1 // indirect
+	github.com/lib/pq v1.10.2 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mattn/go-sqlite3 v1.14.24 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2 // indirect
+	github.com/microsoft/go-mssqldb v0.17.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
+	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
+	go.bobheadxi.dev/streamline v1.2.1 // indirect
+	go.opentelemetry.io/otel v1.11.0 // indirect
+	go.opentelemetry.io/otel/trace v1.11.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
+	gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e // indirect
+	gopkg.in/redis.v2 v2.3.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	lukechampine.com/uint128 v1.2.0 // indirect
+	modernc.org/cc/v3 v3.40.0 // indirect
+	modernc.org/ccgo/v3 v3.16.13 // indirect
+	modernc.org/libc v1.22.2 // indirect
+	modernc.org/mathutil v1.5.0 // indirect
+	modernc.org/memory v1.4.0 // indirect
+	modernc.org/opt v0.1.3 // indirect
+	modernc.org/strutil v1.1.3 // indirect
+	modernc.org/token v1.0.1 // indirect
+)
+
+// +heroku goVersion go1.18
 // +heroku install ./
--- a/go.sum
+++ b/go.sum
--- a/gogs.go
+++ b/gogs.go
@@ -1,5 +1,4 @@
-//go:build go1.14
-// +build go1.14
+//go:build go1.18

 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
@@ -19,7 +18,7 @@ import (
 )

 func init() {
-	conf.App.Version = "0.12.8"
+	conf.App.Version = "0.13.4"
 }

 func main() {
--- a/internal/assets/assets.go
+++ b/internal/assets/assets.go
@@ -1,13 +0,0 @@
-package assets
-
-import (
-	"strings"
-)
-
-// IsErrNotFound returns true if the error is asset not found.
-func IsErrNotFound(err error) bool {
-	if err == nil {
-		return false
-	}
-	return strings.Contains(err.Error(), "not found")
-}
--- a/internal/assets/conf/conf.go
+++ b/internal/assets/conf/conf.go
@@ -1,7 +0,0 @@
-// Copyright 2020 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package conf
-
-//go:generate go-bindata -nomemcopy -pkg=conf -ignore="\\.DS_Store|README.md|TRANSLATORS|auth.d" -prefix=../../../ -debug=false -o=conf_gen.go ../../../conf/...
--- a/internal/assets/conf/conf_gen.go
+++ b/internal/assets/conf/conf_gen.go
--- a/internal/assets/public/public.go
+++ b/internal/assets/public/public.go
@@ -1,143 +0,0 @@
-// Copyright 2020 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package public
-
-import (
-	"bytes"
-	"net/http"
-	"os"
-	"path/filepath"
-	"time"
-
-	"gogs.io/gogs/internal/assets"
-)
-
-//go:generate go-bindata -nomemcopy -pkg=public -ignore="\\.DS_Store|less" -prefix=../../../public -debug=false -o=public_gen.go ../../../public/...
-
-/*
-	This file is a modified version of https://github.com/go-bindata/go-bindata/pull/18.
-*/
-
-type fileInfo struct {
-	name string
-	size int64
-}
-
-func (d fileInfo) Name() string {
-	return d.name
-}
-
-func (d fileInfo) Size() int64 {
-	return d.size
-}
-
-func (d fileInfo) Mode() os.FileMode {
-	return os.FileMode(0644) | os.ModeDir
-}
-
-func (d fileInfo) ModTime() time.Time {
-	return time.Time{}
-}
-
-// IsDir return file whether a directory
-func (d *fileInfo) IsDir() bool {
-	return true
-}
-
-func (d fileInfo) Sys() interface{} {
-	return nil
-}
-
-// file implements the http.File interface.
-type file struct {
-	name string
-	*bytes.Reader
-
-	children       []os.FileInfo
-	childrenOffset int
-}
-
-func (f *file) Close() error {
-	return nil
-}
-
-// ⚠️ WARNING: This method is not concurrent-safe.
-func (f *file) Readdir(count int) ([]os.FileInfo, error) {
-	if len(f.children) == 0 {
-		return nil, os.ErrNotExist
-	}
-
-	if count <= 0 {
-		return f.children, nil
-	}
-
-	if f.childrenOffset+count > len(f.children) {
-		count = len(f.children) - f.childrenOffset
-	}
-	offset := f.childrenOffset
-	f.childrenOffset += count
-	return f.children[offset : offset+count], nil
-}
-
-func (f *file) Stat() (os.FileInfo, error) {
-	childCount := len(f.children)
-	if childCount != 0 {
-		return &fileInfo{
-			name: f.name,
-			size: int64(childCount),
-		}, nil
-	}
-	return AssetInfo(f.name)
-}
-
-// fileSystem implements the http.FileSystem interface.
-type fileSystem struct{}
-
-func (f *fileSystem) Open(name string) (http.File, error) {
-	if len(name) > 0 && name[0] == '/' {
-		name = name[1:]
-	}
-
-	// Attempt to get it as a file
-	p, err := Asset(name)
-	if err != nil && !assets.IsErrNotFound(err) {
-		return nil, err
-	} else if err == nil {
-		return &file{
-			name:   name,
-			Reader: bytes.NewReader(p),
-		}, nil
-	}
-
-	// Attempt to get it as a directory
-	paths, err := AssetDir(name)
-	if err != nil && !assets.IsErrNotFound(err) {
-		return nil, err
-	}
-
-	infos := make([]os.FileInfo, len(paths))
-	for i, path := range paths {
-		path = filepath.Join(name, path)
-		info, err := AssetInfo(path)
-		if err != nil {
-			if !assets.IsErrNotFound(err) {
-				return nil, err
-			}
-			// Not found as a file, assume it's a directory.
-			infos[i] = &fileInfo{name: path}
-		} else {
-			infos[i] = info
-		}
-	}
-	return &file{
-		name:     name,
-		children: infos,
-	}, nil
-}
-
-// NewFileSystem returns an http.FileSystem instance backed by embedded assets.
-func NewFileSystem() http.FileSystem {
-	return &fileSystem{}
-}
--- a/internal/assets/public/public_gen.go
+++ b/internal/assets/public/public_gen.go
--- a/internal/assets/templates/templates_gen.go
+++ b/internal/assets/templates/templates_gen.go
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -5,144 +5,90 @@
 package auth

 import (
-	"strings"
+	"fmt"

-	"github.com/go-macaron/session"
-	gouuid "github.com/satori/go.uuid"
-	"gopkg.in/macaron.v1"
-	log "unknwon.dev/clog/v2"
+	"github.com/pkg/errors"

-	"gogs.io/gogs/internal/conf"
-	"gogs.io/gogs/internal/db"
-	"gogs.io/gogs/internal/tool"
+	"gogs.io/gogs/internal/errutil"
 )

-func IsAPIPath(url string) bool {
-	return strings.HasPrefix(url, "/api/")
+type Type int
+
+// Note: New type must append to the end of list to maintain backward compatibility.
+const (
+	None   Type = iota
+	Plain       // 1
+	LDAP        // 2
+	SMTP        // 3
+	PAM         // 4
+	DLDAP       // 5
+	GitHub      // 6
+)
+
+// Name returns the human-readable name for given authentication type.
+func Name(typ Type) string {
+	return map[Type]string{
+		LDAP:   "LDAP (via BindDN)",
+		DLDAP:  "LDAP (simple auth)", // Via direct bind
+		SMTP:   "SMTP",
+		PAM:    "PAM",
+		GitHub: "GitHub",
+	}[typ]
 }

-// SignedInID returns the id of signed in user, along with one bool value which indicates whether user uses token
-// authentication.
-func SignedInID(c *macaron.Context, sess session.Store) (_ int64, isTokenAuth bool) {
-	if !db.HasEngine {
-		return 0, false
-	}
+var _ errutil.NotFound = (*ErrBadCredentials)(nil)

-	// Check access token.
-	if IsAPIPath(c.Req.URL.Path) {
-		tokenSHA := c.Query("token")
-		if len(tokenSHA) <= 0 {
-			tokenSHA = c.Query("access_token")
-		}
-		if len(tokenSHA) == 0 {
-			// Well, check with header again.
-			auHead := c.Req.Header.Get("Authorization")
-			if len(auHead) > 0 {
-				auths := strings.Fields(auHead)
-				if len(auths) == 2 && auths[0] == "token" {
-					tokenSHA = auths[1]
-				}
-			}
-		}
-
-		// Let's see if token is valid.
-		if len(tokenSHA) > 0 {
-			t, err := db.AccessTokens.GetBySHA(tokenSHA)
-			if err != nil {
-				if !db.IsErrAccessTokenNotExist(err) {
-					log.Error("GetAccessTokenBySHA: %v", err)
-				}
-				return 0, false
-			}
-			if err = db.AccessTokens.Save(t); err != nil {
-				log.Error("UpdateAccessToken: %v", err)
-			}
-			return t.UserID, true
-		}
-	}
-
-	uid := sess.Get("uid")
-	if uid == nil {
-		return 0, false
-	}
-	if id, ok := uid.(int64); ok {
-		if _, err := db.GetUserByID(id); err != nil {
-			if !db.IsErrUserNotExist(err) {
-				log.Error("Failed to get user by ID: %v", err)
-			}
-			return 0, false
-		}
-		return id, false
-	}
-	return 0, false
+type ErrBadCredentials struct {
+	Args errutil.Args
 }

-// SignedInUser returns the user object of signed in user, along with two bool values,
-// which indicate whether user uses HTTP Basic Authentication or token authentication respectively.
-func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *db.User, isBasicAuth bool, isTokenAuth bool) {
-	if !db.HasEngine {
-		return nil, false, false
-	}
-
-	uid, isTokenAuth := SignedInID(ctx, sess)
-
-	if uid <= 0 {
-		if conf.Auth.EnableReverseProxyAuthentication {
-			webAuthUser := ctx.Req.Header.Get(conf.Auth.ReverseProxyAuthenticationHeader)
-			if len(webAuthUser) > 0 {
-				u, err := db.GetUserByName(webAuthUser)
-				if err != nil {
-					if !db.IsErrUserNotExist(err) {
-						log.Error("Failed to get user by name: %v", err)
-						return nil, false, false
-					}
-
-					// Check if enabled auto-registration.
-					if conf.Auth.EnableReverseProxyAutoRegistration {
-						u := &db.User{
-							Name:     webAuthUser,
-							Email:    gouuid.NewV4().String() + "@localhost",
-							Passwd:   webAuthUser,
-							IsActive: true,
-						}
-						if err = db.CreateUser(u); err != nil {
-							// FIXME: should I create a system notice?
-							log.Error("Failed to create user: %v", err)
-							return nil, false, false
-						} else {
-							return u, false, false
-						}
-					}
-				}
-				return u, false, false
-			}
-		}
-
-		// Check with basic auth.
-		baHead := ctx.Req.Header.Get("Authorization")
-		if len(baHead) > 0 {
-			auths := strings.Fields(baHead)
-			if len(auths) == 2 && auths[0] == "Basic" {
-				uname, passwd, _ := tool.BasicAuthDecode(auths[1])
-
-				u, err := db.Users.Authenticate(uname, passwd, -1)
-				if err != nil {
-					if !db.IsErrUserNotExist(err) {
-						log.Error("Failed to authenticate user: %v", err)
-					}
-					return nil, false, false
-				}
-
-				return u, true, false
-			}
-		}
-		return nil, false, false
-	}
-
-	u, err := db.GetUserByID(uid)
-	if err != nil {
-		log.Error("GetUserByID: %v", err)
-		return nil, false, false
-	}
-	return u, false, isTokenAuth
+// IsErrBadCredentials returns true if the underlying error has the type
+// ErrBadCredentials.
+func IsErrBadCredentials(err error) bool {
+	_, ok := errors.Cause(err).(ErrBadCredentials)
+	return ok
+}
+
+func (err ErrBadCredentials) Error() string {
+	return fmt.Sprintf("bad credentials: %v", err.Args)
+}
+
+func (ErrBadCredentials) NotFound() bool {
+	return true
+}
+
+// ExternalAccount contains queried information returned by an authenticate provider
+// for an external account.
+type ExternalAccount struct {
+	// REQUIRED: The login to be used for authenticating against the provider.
+	Login string
+	// REQUIRED: The username of the account.
+	Name string
+	// The full name of the account.
+	FullName string
+	// The email address of the account.
+	Email string
+	// The location of the account.
+	Location string
+	// The website of the account.
+	Website string
+	// Whether the user should be prompted as a site admin.
+	Admin bool
+}
+
+// Provider defines an authenticate provider which provides ability to authentication against
+// an external identity provider and query external account information.
+type Provider interface {
+	// Authenticate performs authentication against an external identity provider
+	// using given credentials and returns queried information of the external account.
+	Authenticate(login, password string) (*ExternalAccount, error)
+
+	// Config returns the underlying configuration of the authenticate provider.
+	Config() any
+	// HasTLS returns true if the authenticate provider supports TLS.
+	HasTLS() bool
+	// UseTLS returns true if the authenticate provider is configured to use TLS.
+	UseTLS() bool
+	// SkipTLSVerify returns true if the authenticate provider is configured to skip TLS verify.
+	SkipTLSVerify() bool
 }
--- a/internal/auth/github/config.go
+++ b/internal/auth/github/config.go
@@ -0,0 +1,58 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"crypto/tls"
+	"net/http"
+	"strings"
+
+	"github.com/google/go-github/github"
+	"github.com/pkg/errors"
+)
+
+// Config contains configuration for GitHub authentication.
+//
+// ⚠️ WARNING: Change to the field name must preserve the INI key name for backward compatibility.
+type Config struct {
+	// the GitHub service endpoint, e.g. https://api.github.com/.
+	APIEndpoint string
+	SkipVerify  bool
+}
+
+func (c *Config) doAuth(login, password string) (fullname, email, location, website string, err error) {
+	tp := github.BasicAuthTransport{
+		Username: strings.TrimSpace(login),
+		Password: strings.TrimSpace(password),
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipVerify},
+		},
+	}
+	client, err := github.NewEnterpriseClient(c.APIEndpoint, c.APIEndpoint, tp.Client())
+	if err != nil {
+		return "", "", "", "", errors.Wrap(err, "create new client")
+	}
+	user, _, err := client.Users.Get(context.Background(), "")
+	if err != nil {
+		return "", "", "", "", errors.Wrap(err, "get user info")
+	}
+
+	if user.Name != nil {
+		fullname = *user.Name
+	}
+	if user.Email != nil {
+		email = *user.Email
+	} else {
+		email = login + "+github@local"
+	}
+	if user.Location != nil {
+		location = strings.ToUpper(*user.Location)
+	}
+	if user.HTMLURL != nil {
+		website = strings.ToLower(*user.HTMLURL)
+	}
+	return fullname, email, location, website, nil
+}
--- a/internal/auth/github/github.go
+++ b/internal/auth/github/github.go
@@ -1,50 +0,0 @@
-// Copyright 2018 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package github
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"net/http"
-	"strings"
-
-	"github.com/google/go-github/github"
-)
-
-func Authenticate(apiEndpoint, login, passwd string) (name string, email string, website string, location string, _ error) {
-	tp := github.BasicAuthTransport{
-		Username: strings.TrimSpace(login),
-		Password: strings.TrimSpace(passwd),
-		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-		},
-	}
-	client, err := github.NewEnterpriseClient(apiEndpoint, apiEndpoint, tp.Client())
-	if err != nil {
-		return "", "", "", "", fmt.Errorf("create new client: %v", err)
-	}
-	user, _, err := client.Users.Get(context.Background(), "")
-	if err != nil {
-		return "", "", "", "", fmt.Errorf("get user info: %v", err)
-	}
-
-	if user.Name != nil {
-		name = *user.Name
-	}
-	if user.Email != nil {
-		email = *user.Email
-	} else {
-		email = login + "+github@local"
-	}
-	if user.HTMLURL != nil {
-		website = strings.ToLower(*user.HTMLURL)
-	}
-	if user.Location != nil {
-		location = strings.ToUpper(*user.Location)
-	}
-
-	return name, email, website, location, nil
-}
--- a/internal/auth/github/provider.go
+++ b/internal/auth/github/provider.go
@@ -0,0 +1,57 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"strings"
+
+	"gogs.io/gogs/internal/auth"
+)
+
+// Provider contains configuration of a PAM authentication provider.
+type Provider struct {
+	config *Config
+}
+
+// NewProvider creates a new PAM authentication provider.
+func NewProvider(cfg *Config) auth.Provider {
+	return &Provider{
+		config: cfg,
+	}
+}
+
+func (p *Provider) Authenticate(login, password string) (*auth.ExternalAccount, error) {
+	fullname, email, website, location, err := p.config.doAuth(login, password)
+	if err != nil {
+		if strings.Contains(err.Error(), "401") {
+			return nil, auth.ErrBadCredentials{Args: map[string]any{"login": login}}
+		}
+		return nil, err
+	}
+	return &auth.ExternalAccount{
+		Login:    login,
+		Name:     login,
+		FullName: fullname,
+		Email:    email,
+		Location: location,
+		Website:  website,
+	}, nil
+}
+
+func (p *Provider) Config() any {
+	return p.config
+}
+
+func (*Provider) HasTLS() bool {
+	return true
+}
+
+func (*Provider) UseTLS() bool {
+	return true
+}
+
+func (p *Provider) SkipTLSVerify() bool {
+	return p.config.SkipVerify
+}
--- a/internal/auth/ldap/config.go
+++ b/internal/auth/ldap/config.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-// Package ldap provide functions & structure to query a LDAP ldap directory
-// For now, it's mainly tested again an MS Active Directory service, see README.md for more information
+// Package ldap provide functions & structure to query a LDAP ldap directory.
+// For now, it's mainly tested again an MS Active Directory service, see README.md for more information.
 package ldap

 import (
@@ -11,23 +11,35 @@ import (
 	"fmt"
 	"strings"

-	"gopkg.in/ldap.v2"
+	ldap "github.com/go-ldap/ldap/v3"
 	log "unknwon.dev/clog/v2"
 )

+// SecurityProtocol is the security protocol when the authenticate provider talks to LDAP directory.
 type SecurityProtocol int

-// Note: new type must be added at the end of list to maintain compatibility.
+// ⚠️ WARNING: new type must be added at the end of list to maintain compatibility.
 const (
 	SecurityProtocolUnencrypted SecurityProtocol = iota
 	SecurityProtocolLDAPS
 	SecurityProtocolStartTLS
 )

-// Basic LDAP authentication service
-type Source struct {
+// SecurityProtocolName returns the human-readable name for given security protocol.
+func SecurityProtocolName(protocol SecurityProtocol) string {
+	return map[SecurityProtocol]string{
+		SecurityProtocolUnencrypted: "Unencrypted",
+		SecurityProtocolLDAPS:       "LDAPS",
+		SecurityProtocolStartTLS:    "StartTLS",
+	}[protocol]
+}
+
+// Config contains configuration for LDAP authentication.
+//
+// ⚠️ WARNING: Change to the field name must preserve the INI key name for backward compatibility.
+type Config struct {
 	Host              string // LDAP host
-	Port              int    // port number
+	Port              int    // Port number
 	SecurityProtocol  SecurityProtocol
 	SkipVerify        bool
 	BindDN            string `ini:"bind_dn,omitempty"` // DN to bind with
@@ -37,18 +49,22 @@ type Source struct {
 	AttributeUsername string // Username attribute
 	AttributeName     string // First name attribute
 	AttributeSurname  string // Surname attribute
-	AttributeMail     string // E-mail attribute
-	AttributesInBind  bool   // fetch attributes in bind context (not user)
+	AttributeMail     string // Email attribute
+	AttributesInBind  bool   // Fetch attributes in bind context (not user)
 	Filter            string // Query filter to validate entry
 	AdminFilter       string // Query filter to check if user is admin
-	GroupEnabled      bool   // if the group checking is enabled
-	GroupDN           string `ini:"group_dn"` // Group Search Base
-	GroupFilter       string // Group Name Filter
+	GroupEnabled      bool   // Whether the group checking is enabled
+	GroupDN           string `ini:"group_dn"` // Group search base
+	GroupFilter       string // Group name filter
 	GroupMemberUID    string `ini:"group_member_uid"` // Group Attribute containing array of UserUID
-	UserUID           string `ini:"user_uid"`         // User Attribute listed in Group
+	UserUID           string `ini:"user_uid"`         // User Attribute listed in group
 }

-func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
+func (c *Config) SecurityProtocolName() string {
+	return SecurityProtocolName(c.SecurityProtocol)
+}
+
+func (c *Config) sanitizedUserQuery(username string) (string, bool) {
 	// See http://tools.ietf.org/search/rfc4515
 	badCharacters := "\x00()*\\"
 	if strings.ContainsAny(username, badCharacters) {
@@ -56,10 +72,10 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
 		return "", false
 	}

-	return strings.Replace(ls.Filter, "%s", username, -1), true
+	return strings.ReplaceAll(c.Filter, "%s", username), true
 }

-func (ls *Source) sanitizedUserDN(username string) (string, bool) {
+func (c *Config) sanitizedUserDN(username string) (string, bool) {
 	// See http://tools.ietf.org/search/rfc4514: "special characters"
 	badCharacters := "\x00()*\\,='\"#+;<>"
 	if strings.ContainsAny(username, badCharacters) || strings.HasPrefix(username, " ") || strings.HasSuffix(username, " ") {
@@ -67,10 +83,10 @@ func (ls *Source) sanitizedUserDN(username string) (string, bool) {
 		return "", false
 	}

-	return strings.Replace(ls.UserDN, "%s", username, -1), true
+	return strings.ReplaceAll(c.UserDN, "%s", username), true
 }

-func (ls *Source) sanitizedGroupFilter(group string) (string, bool) {
+func (*Config) sanitizedGroupFilter(group string) (string, bool) {
 	// See http://tools.ietf.org/search/rfc4515
 	badCharacters := "\x00*\\"
 	if strings.ContainsAny(group, badCharacters) {
@@ -81,7 +97,7 @@ func (ls *Source) sanitizedGroupFilter(group string) (string, bool) {
 	return group, true
 }

-func (ls *Source) sanitizedGroupDN(groupDn string) (string, bool) {
+func (*Config) sanitizedGroupDN(groupDn string) (string, bool) {
 	// See http://tools.ietf.org/search/rfc4514: "special characters"
 	badCharacters := "\x00()*\\'\"#+;<>"
 	if strings.ContainsAny(groupDn, badCharacters) || strings.HasPrefix(groupDn, " ") || strings.HasSuffix(groupDn, " ") {
@@ -92,12 +108,12 @@ func (ls *Source) sanitizedGroupDN(groupDn string) (string, bool) {
 	return groupDn, true
 }

-func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) {
+func (c *Config) findUserDN(l *ldap.Conn, name string) (string, bool) {
 	log.Trace("Search for LDAP user: %s", name)
-	if len(ls.BindDN) > 0 && len(ls.BindPassword) > 0 {
+	if len(c.BindDN) > 0 && len(c.BindPassword) > 0 {
 		// Replace placeholders with username
-		bindDN := strings.Replace(ls.BindDN, "%s", name, -1)
-		err := l.Bind(bindDN, ls.BindPassword)
+		bindDN := strings.ReplaceAll(c.BindDN, "%s", name)
+		err := l.Bind(bindDN, c.BindPassword)
 		if err != nil {
 			log.Trace("LDAP: Failed to bind as BindDN '%s': %v", bindDN, err)
 			return "", false
@@ -108,23 +124,23 @@ func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) {
 	}

 	// A search for the user.
-	userFilter, ok := ls.sanitizedUserQuery(name)
+	userFilter, ok := c.sanitizedUserQuery(name)
 	if !ok {
 		return "", false
 	}

-	log.Trace("LDAP: Searching for DN using filter '%s' and base '%s'", userFilter, ls.UserBase)
+	log.Trace("LDAP: Searching for DN using filter %q and base %q", userFilter, c.UserBase)
 	search := ldap.NewSearchRequest(
-		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0,
+		c.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0,
 		false, userFilter, []string{}, nil)

 	// Ensure we found a user
 	sr, err := l.Search(search)
 	if err != nil || len(sr.Entries) < 1 {
-		log.Trace("LDAP: Failed search using filter '%s': %v", userFilter, err)
+		log.Trace("LDAP: Failed to search using filter %q: %v", userFilter, err)
 		return "", false
 	} else if len(sr.Entries) > 1 {
-		log.Trace("LDAP: Filter '%s' returned more than one user", userFilter)
+		log.Trace("LDAP: Filter %q returned more than one user", userFilter)
 		return "", false
 	}

@@ -137,7 +153,7 @@ func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) {
 	return userDN, true
 }

-func dial(ls *Source) (*ldap.Conn, error) {
+func dial(ls *Config) (*ldap.Conn, error) {
 	log.Trace("LDAP: Dialing with security protocol '%v' without verifying: %v", ls.SecurityProtocol, ls.SkipVerify)

 	tlsCfg := &tls.Config{
@@ -174,26 +190,26 @@ func bindUser(l *ldap.Conn, userDN, passwd string) error {
 	return err
 }

-// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
-func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
+// searchEntry searches an LDAP source if an entry (name, passwd) is valid and in the specific filter.
+func (c *Config) searchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
 	// See https://tools.ietf.org/search/rfc4513#section-5.1.2
-	if len(passwd) == 0 {
+	if passwd == "" {
 		log.Trace("authentication failed for '%s' with empty password", name)
 		return "", "", "", "", false, false
 	}
-	l, err := dial(ls)
+	l, err := dial(c)
 	if err != nil {
-		log.Error("LDAP connect failed for '%s': %v", ls.Host, err)
+		log.Error("LDAP connect failed for '%s': %v", c.Host, err)
 		return "", "", "", "", false, false
 	}
 	defer l.Close()

 	var userDN string
 	if directBind {
-		log.Trace("LDAP will bind directly via UserDN template: %s", ls.UserDN)
+		log.Trace("LDAP will bind directly via UserDN template: %s", c.UserDN)

 		var ok bool
-		userDN, ok = ls.sanitizedUserDN(name)
+		userDN, ok = c.sanitizedUserDN(name)
 		if !ok {
 			return "", "", "", "", false, false
 		}
@@ -201,13 +217,13 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		log.Trace("LDAP will use BindDN")

 		var found bool
-		userDN, found = ls.findUserDN(l, name)
+		userDN, found = c.findUserDN(l, name)
 		if !found {
 			return "", "", "", "", false, false
 		}
 	}

-	if directBind || !ls.AttributesInBind {
+	if directBind || !c.AttributesInBind {
 		// binds user (checking password) before looking-up attributes in user context
 		err = bindUser(l, userDN, passwd)
 		if err != nil {
@@ -215,18 +231,18 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		}
 	}

-	userFilter, ok := ls.sanitizedUserQuery(name)
+	userFilter, ok := c.sanitizedUserQuery(name)
 	if !ok {
 		return "", "", "", "", false, false
 	}

-	log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter '%s' and base '%s'",
-		ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.UserUID, userFilter, userDN)
+	log.Trace("Fetching attributes %q, %q, %q, %q, %q with user filter %q and user DN %q",
+		c.AttributeUsername, c.AttributeName, c.AttributeSurname, c.AttributeMail, c.UserUID, userFilter, userDN)
+
 	search := ldap.NewSearchRequest(
 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
-		[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.UserUID},
+		[]string{c.AttributeUsername, c.AttributeName, c.AttributeSurname, c.AttributeMail, c.UserUID},
 		nil)
-
 	sr, err := l.Search(search)
 	if err != nil {
 		log.Error("LDAP: User search failed: %v", err)
@@ -241,27 +257,27 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		return "", "", "", "", false, false
 	}

-	username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
-	firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)
-	surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
-	mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
-	uid := sr.Entries[0].GetAttributeValue(ls.UserUID)
+	username := sr.Entries[0].GetAttributeValue(c.AttributeUsername)
+	firstname := sr.Entries[0].GetAttributeValue(c.AttributeName)
+	surname := sr.Entries[0].GetAttributeValue(c.AttributeSurname)
+	mail := sr.Entries[0].GetAttributeValue(c.AttributeMail)
+	uid := sr.Entries[0].GetAttributeValue(c.UserUID)

 	// Check group membership
-	if ls.GroupEnabled {
-		groupFilter, ok := ls.sanitizedGroupFilter(ls.GroupFilter)
+	if c.GroupEnabled {
+		groupFilter, ok := c.sanitizedGroupFilter(c.GroupFilter)
 		if !ok {
 			return "", "", "", "", false, false
 		}
-		groupDN, ok := ls.sanitizedGroupDN(ls.GroupDN)
+		groupDN, ok := c.sanitizedGroupDN(c.GroupDN)
 		if !ok {
 			return "", "", "", "", false, false
 		}

-		log.Trace("LDAP: Fetching groups '%v' with filter '%s' and base '%s'", ls.GroupMemberUID, groupFilter, groupDN)
+		log.Trace("LDAP: Fetching groups '%v' with filter '%s' and base '%s'", c.GroupMemberUID, groupFilter, groupDN)
 		groupSearch := ldap.NewSearchRequest(
 			groupDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, groupFilter,
-			[]string{ls.GroupMemberUID},
+			[]string{c.GroupMemberUID},
 			nil)

 		srg, err := l.Search(groupSearch)
@@ -274,9 +290,9 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		}

 		isMember := false
-		if ls.UserUID == "dn" {
+		if c.UserUID == "dn" {
 			for _, group := range srg.Entries {
-				for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
+				for _, member := range group.GetAttributeValues(c.GroupMemberUID) {
 					if member == sr.Entries[0].DN {
 						isMember = true
 					}
@@ -284,7 +300,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 			}
 		} else {
 			for _, group := range srg.Entries {
-				for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
+				for _, member := range group.GetAttributeValues(c.GroupMemberUID) {
 					if member == uid {
 						isMember = true
 					}
@@ -293,17 +309,17 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		}

 		if !isMember {
-			log.Trace("LDAP: Group membership test failed [username: %s, group_member_uid: %s, user_uid: %s", username, ls.GroupMemberUID, uid)
+			log.Trace("LDAP: Group membership test failed [username: %s, group_member_uid: %s, user_uid: %s", username, c.GroupMemberUID, uid)
 			return "", "", "", "", false, false
 		}
 	}

 	isAdmin := false
-	if len(ls.AdminFilter) > 0 {
-		log.Trace("Checking admin with filter '%s' and base '%s'", ls.AdminFilter, userDN)
+	if len(c.AdminFilter) > 0 {
+		log.Trace("Checking admin with filter '%s' and base '%s'", c.AdminFilter, userDN)
 		search = ldap.NewSearchRequest(
-			userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
-			[]string{ls.AttributeName},
+			userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, c.AdminFilter,
+			[]string{c.AttributeName},
 			nil)

 		sr, err = l.Search(search)
@@ -316,7 +332,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		}
 	}

-	if !directBind && ls.AttributesInBind {
+	if !directBind && c.AttributesInBind {
 		// binds user (checking password) after looking-up attributes in BindDN context
 		err = bindUser(l, userDN, passwd)
 		if err != nil {
--- a/internal/auth/ldap/provider.go
+++ b/internal/auth/ldap/provider.go
@@ -0,0 +1,78 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package ldap
+
+import (
+	"fmt"
+
+	"gogs.io/gogs/internal/auth"
+)
+
+// Provider contains configuration of an LDAP authentication provider.
+type Provider struct {
+	directBind bool
+	config     *Config
+}
+
+// NewProvider creates a new LDAP authentication provider.
+func NewProvider(directBind bool, cfg *Config) auth.Provider {
+	return &Provider{
+		directBind: directBind,
+		config:     cfg,
+	}
+}
+
+// Authenticate queries if login/password is valid against the LDAP directory pool,
+// and returns queried information when succeeded.
+func (p *Provider) Authenticate(login, password string) (*auth.ExternalAccount, error) {
+	username, fn, sn, email, isAdmin, succeed := p.config.searchEntry(login, password, p.directBind)
+	if !succeed {
+		return nil, auth.ErrBadCredentials{Args: map[string]any{"login": login}}
+	}
+
+	if username == "" {
+		username = login
+	}
+	if email == "" {
+		email = fmt.Sprintf("%s@localhost", username)
+	}
+
+	composeFullName := func(firstname, surname, username string) string {
+		switch {
+		case firstname == "" && surname == "":
+			return username
+		case firstname == "":
+			return surname
+		case surname == "":
+			return firstname
+		default:
+			return firstname + " " + surname
+		}
+	}
+
+	return &auth.ExternalAccount{
+		Login:    login,
+		Name:     username,
+		FullName: composeFullName(fn, sn, username),
+		Email:    email,
+		Admin:    isAdmin,
+	}, nil
+}
+
+func (p *Provider) Config() any {
+	return p.config
+}
+
+func (p *Provider) HasTLS() bool {
+	return p.config.SecurityProtocol > SecurityProtocolUnencrypted
+}
+
+func (p *Provider) UseTLS() bool {
+	return p.config.SecurityProtocol > SecurityProtocolUnencrypted
+}
+
+func (p *Provider) SkipTLSVerify() bool {
+	return p.config.SkipVerify
+}
--- a/internal/auth/pam/config.go
+++ b/internal/auth/pam/config.go
@@ -0,0 +1,13 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package pam
+
+// Config contains configuration for PAM authentication.
+//
+// ⚠️ WARNING: Change to the field name must preserve the INI key name for backward compatibility.
+type Config struct {
+	// The name of the PAM service, e.g. system-auth.
+	ServiceName string
+}
--- a/internal/auth/pam/pam.go
+++ b/internal/auth/pam/pam.go
@@ -1,4 +1,4 @@
-// +build pam
+//go:build pam

 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
@@ -7,22 +7,20 @@
 package pam

 import (
-	"errors"
-
 	"github.com/msteinert/pam"
+	"github.com/pkg/errors"
 )

-func PAMAuth(serviceName, userName, passwd string) error {
-	t, err := pam.StartFunc(serviceName, userName, func(s pam.Style, msg string) (string, error) {
+func (c *Config) doAuth(login, password string) error {
+	t, err := pam.StartFunc(c.ServiceName, login, func(s pam.Style, msg string) (string, error) {
 		switch s {
 		case pam.PromptEchoOff:
-			return passwd, nil
+			return password, nil
 		case pam.PromptEchoOn, pam.ErrorMsg, pam.TextInfo:
 			return "", nil
 		}
-		return "", errors.New("Unrecognized PAM message style")
+		return "", errors.Errorf("unrecognized PAM message style: %v - %s", s, msg)
 	})
-
 	if err != nil {
 		return err
 	}
--- a/internal/auth/pam/pam_stub.go
+++ b/internal/auth/pam/pam_stub.go
@@ -1,5 +1,4 @@
 //go:build !pam
-// +build !pam

 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
@@ -8,9 +7,9 @@
 package pam

 import (
-	"errors"
+	"github.com/pkg/errors"
 )

-func PAMAuth(serviceName, userName, passwd string) error {
+func (*Config) doAuth(_, _ string) error {
 	return errors.New("PAM not supported")
 }
--- a/internal/auth/pam/provider.go
+++ b/internal/auth/pam/provider.go
@@ -0,0 +1,54 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package pam
+
+import (
+	"strings"
+
+	"gogs.io/gogs/internal/auth"
+)
+
+// Provider contains configuration of a PAM authentication provider.
+type Provider struct {
+	config *Config
+}
+
+// NewProvider creates a new PAM authentication provider.
+func NewProvider(cfg *Config) auth.Provider {
+	return &Provider{
+		config: cfg,
+	}
+}
+
+func (p *Provider) Authenticate(login, password string) (*auth.ExternalAccount, error) {
+	err := p.config.doAuth(login, password)
+	if err != nil {
+		if strings.Contains(err.Error(), "Authentication failure") {
+			return nil, auth.ErrBadCredentials{Args: map[string]any{"login": login}}
+		}
+		return nil, err
+	}
+
+	return &auth.ExternalAccount{
+		Login: login,
+		Name:  login,
+	}, nil
+}
+
+func (p *Provider) Config() any {
+	return p.config
+}
+
+func (*Provider) HasTLS() bool {
+	return false
+}
+
+func (*Provider) UseTLS() bool {
+	return false
+}
+
+func (*Provider) SkipTLSVerify() bool {
+	return false
+}
--- a/internal/auth/smtp/config.go
+++ b/internal/auth/smtp/config.go
@@ -0,0 +1,58 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package smtp
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net/smtp"
+
+	"github.com/pkg/errors"
+)
+
+// Config contains configuration for SMTP authentication.
+//
+// ⚠️ WARNING: Change to the field name must preserve the INI key name for backward compatibility.
+type Config struct {
+	Auth           string
+	Host           string
+	Port           int
+	AllowedDomains string
+	TLS            bool `ini:"tls"`
+	SkipVerify     bool
+}
+
+func (c *Config) doAuth(auth smtp.Auth) error {
+	client, err := smtp.Dial(fmt.Sprintf("%s:%d", c.Host, c.Port))
+	if err != nil {
+		return err
+	}
+	defer client.Close()
+
+	if err = client.Hello("gogs"); err != nil {
+		return err
+	}
+
+	if c.TLS {
+		if ok, _ := client.Extension("STARTTLS"); ok {
+			if err = client.StartTLS(&tls.Config{
+				InsecureSkipVerify: c.SkipVerify,
+				ServerName:         c.Host,
+			}); err != nil {
+				return err
+			}
+		} else {
+			return errors.New("SMTP server does not support TLS")
+		}
+	}
+
+	if ok, _ := client.Extension("AUTH"); ok {
+		if err = client.Auth(auth); err != nil {
+			return err
+		}
+		return nil
+	}
+	return errors.New("unsupported SMTP authentication method")
+}
--- a/internal/auth/smtp/provider.go
+++ b/internal/auth/smtp/provider.go
@@ -0,0 +1,132 @@
+// Copyright 2020 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package smtp
+
+import (
+	"net/smtp"
+	"net/textproto"
+	"strings"
+
+	"github.com/pkg/errors"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/auth"
+)
+
+// Provider contains configuration of an SMTP authentication provider.
+type Provider struct {
+	config *Config
+}
+
+// NewProvider creates a new SMTP authentication provider.
+func NewProvider(cfg *Config) auth.Provider {
+	return &Provider{
+		config: cfg,
+	}
+}
+
+// Authenticate queries if login/password is valid against the SMTP server,
+// and returns queried information when succeeded.
+func (p *Provider) Authenticate(login, password string) (*auth.ExternalAccount, error) {
+	// Verify allowed domains
+	if p.config.AllowedDomains != "" {
+		fields := strings.SplitN(login, "@", 3)
+		if len(fields) != 2 {
+			return nil, auth.ErrBadCredentials{Args: map[string]any{"login": login}}
+		}
+		domain := fields[1]
+
+		isAllowed := false
+		for _, allowed := range strings.Split(p.config.AllowedDomains, ",") {
+			if domain == allowed {
+				isAllowed = true
+				break
+			}
+		}
+
+		if !isAllowed {
+			return nil, auth.ErrBadCredentials{Args: map[string]any{"login": login}}
+		}
+	}
+
+	var smtpAuth smtp.Auth
+	switch p.config.Auth {
+	case Plain:
+		smtpAuth = smtp.PlainAuth("", login, password, p.config.Host)
+	case Login:
+		smtpAuth = &smtpLoginAuth{login, password}
+	default:
+		return nil, errors.Errorf("unsupported SMTP authentication type %q", p.config.Auth)
+	}
+
+	if err := p.config.doAuth(smtpAuth); err != nil {
+		log.Trace("SMTP: Authentication failed: %v", err)
+
+		// Check standard error format first, then fallback to the worse case.
+		tperr, ok := err.(*textproto.Error)
+		if (ok && tperr.Code == 535) ||
+			strings.Contains(err.Error(), "Username and Password not accepted") {
+			return nil, auth.ErrBadCredentials{Args: map[string]any{"login": login}}
+		}
+		return nil, err
+	}
+
+	username := login
+
+	// NOTE: It is not required to have "@" in `login` for a successful SMTP authentication.
+	idx := strings.Index(login, "@")
+	if idx > -1 {
+		username = login[:idx]
+	}
+
+	return &auth.ExternalAccount{
+		Login: login,
+		Name:  username,
+		Email: login,
+	}, nil
+}
+
+func (p *Provider) Config() any {
+	return p.config
+}
+
+func (*Provider) HasTLS() bool {
+	return true
+}
+
+func (p *Provider) UseTLS() bool {
+	return p.config.TLS
+}
+
+func (p *Provider) SkipTLSVerify() bool {
+	return p.config.SkipVerify
+}
+
+const (
+	Plain = "PLAIN"
+	Login = "LOGIN"
+)
+
+var AuthTypes = []string{Plain, Login}
+
+type smtpLoginAuth struct {
+	username, password string
+}
+
+func (auth *smtpLoginAuth) Start(_ *smtp.ServerInfo) (string, []byte, error) {
+	return "LOGIN", []byte(auth.username), nil
+}
+
+func (auth *smtpLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
+	if more {
+		switch string(fromServer) {
+		case "Username:":
+			return []byte(auth.username), nil
+		case "Password:":
+			return []byte(auth.password), nil
+		}
+	}
+	return nil, nil
+}
--- a/internal/avatar/avatar.go
+++ b/internal/avatar/avatar.go
@@ -14,11 +14,11 @@ import (
 	"github.com/issue9/identicon"
 )

-const AVATAR_SIZE = 290
+const DefaultSize = 290

-// RandomImage generates and returns a random avatar image unique to input data
-// in custom size (height and width).
-func RandomImageSize(size int, data []byte) (image.Image, error) {
+// RandomImageWithSize generates and returns a random avatar image unique to
+// input data in custom size (height and width).
+func RandomImageWithSize(size int, data []byte) (image.Image, error) {
 	randExtent := len(palette.WebSafe) - 32
 	rand.Seed(time.Now().UnixNano())
 	colorIndex := rand.Intn(randExtent)
@@ -37,7 +37,7 @@ func RandomImageSize(size int, data []byte) (image.Image, error) {
 }

 // RandomImage generates and returns a random avatar image unique to input data
-// in default size (height and width).
+// in DefaultSize (height and width).
 func RandomImage(data []byte) (image.Image, error) {
-	return RandomImageSize(AVATAR_SIZE, data)
+	return RandomImageWithSize(DefaultSize, data)
 }
--- a/internal/avatar/avatar_test.go
+++ b/internal/avatar/avatar_test.go
@@ -12,10 +12,7 @@ import (

 func Test_RandomImage(t *testing.T) {
 	_, err := RandomImage([]byte("gogs@local"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = RandomImageSize(0, []byte("gogs@local"))
+	assert.NoError(t, err)
+	_, err = RandomImageWithSize(0, []byte("gogs@local"))
 	assert.Error(t, err)
 }
--- a/internal/cmd/admin.go
+++ b/internal/cmd/admin.go
@@ -5,6 +5,7 @@
 package cmd

 import (
+	"context"
 	"fmt"
 	"reflect"
 	"runtime"
@@ -51,8 +52,8 @@ to make automatic initialization process more smoothly`,
 		Name:  "delete-inactive-users",
 		Usage: "Delete all inactive accounts",
 		Action: adminDashboardOperation(
-			db.DeleteInactivateUsers,
-			"All inactivate accounts have been deleted successfully",
+			func() error { return db.Users.DeleteInactivated() },
+			"All inactivated accounts have been deleted successfully",
 		),
 		Flags: []cli.Flag{
 			stringFlag("config, c", "", "Custom configuration file path"),
@@ -151,17 +152,21 @@ func runCreateUser(c *cli.Context) error {
 		return errors.Wrap(err, "set engine")
 	}

-	if err := db.CreateUser(&db.User{
-		Name:     c.String("name"),
-		Email:    c.String("email"),
-		Passwd:   c.String("password"),
-		IsActive: true,
-		IsAdmin:  c.Bool("admin"),
-	}); err != nil {
-		return fmt.Errorf("CreateUser: %v", err)
+	user, err := db.Users.Create(
+		context.Background(),
+		c.String("name"),
+		c.String("email"),
+		db.CreateUserOptions{
+			Password:  c.String("password"),
+			Activated: true,
+			Admin:     c.Bool("admin"),
+		},
+	)
+	if err != nil {
+		return errors.Wrap(err, "create user")
 	}

-	fmt.Printf("New user '%s' has been successfully created!\n", c.String("name"))
+	fmt.Printf("New user %q has been successfully created!\n", user.Name)
 	return nil
 }

--- a/internal/cmd/backup.go
+++ b/internal/cmd/backup.go
@@ -5,22 +5,23 @@
 package cmd

 import (
+	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
+	"strconv"
 	"time"

 	"github.com/pkg/errors"
 	"github.com/unknwon/cae/zip"
-	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 	"gopkg.in/ini.v1"
 	log "unknwon.dev/clog/v2"

 	"gogs.io/gogs/internal/conf"
 	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/osutil"
 )

 var Backup = cli.Command{
@@ -42,8 +43,10 @@ portable among all supported database engines.`,
 	},
 }

-const currentBackupFormatVersion = 1
-const archiveRootDir = "gogs-backup"
+const (
+	currentBackupFormatVersion = 1
+	archiveRootDir             = "gogs-backup"
+)

 func runBackup(c *cli.Context) error {
 	zip.Verbose = c.Bool("verbose")
@@ -60,10 +63,10 @@ func runBackup(c *cli.Context) error {
 	}

 	tmpDir := c.String("tempdir")
-	if !com.IsExist(tmpDir) {
+	if !osutil.IsExist(tmpDir) {
 		log.Fatal("'--tempdir' does not exist: %s", tmpDir)
 	}
-	rootDir, err := ioutil.TempDir(tmpDir, "gogs-backup-")
+	rootDir, err := os.MkdirTemp(tmpDir, "gogs-backup-")
 	if err != nil {
 		log.Fatal("Failed to create backup root directory '%s': %v", rootDir, err)
 	}
@@ -72,7 +75,7 @@ func runBackup(c *cli.Context) error {
 	// Metadata
 	metaFile := path.Join(rootDir, "metadata.ini")
 	metadata := ini.Empty()
-	metadata.Section("").Key("VERSION").SetValue(com.ToStr(currentBackupFormatVersion))
+	metadata.Section("").Key("VERSION").SetValue(strconv.Itoa(currentBackupFormatVersion))
 	metadata.Section("").Key("DATE_TIME").SetValue(time.Now().String())
 	metadata.Section("").Key("GOGS_VERSION").SetValue(conf.App.Version)
 	if err = metadata.SaveTo(metaFile); err != nil {
@@ -92,25 +95,24 @@ func runBackup(c *cli.Context) error {

 	// Database
 	dbDir := filepath.Join(rootDir, "db")
-	if err = db.DumpDatabase(conn, dbDir, c.Bool("verbose")); err != nil {
+	if err = db.DumpDatabase(context.Background(), conn, dbDir, c.Bool("verbose")); err != nil {
 		log.Fatal("Failed to dump database: %v", err)
 	}
 	if err = z.AddDir(archiveRootDir+"/db", dbDir); err != nil {
 		log.Fatal("Failed to include 'db': %v", err)
 	}

-	// Custom files
 	if !c.Bool("database-only") {
-		if err = z.AddDir(archiveRootDir+"/custom", conf.CustomDir()); err != nil {
-			log.Fatal("Failed to include 'custom': %v", err)
+		// Custom files
+		err = addCustomDirToBackup(z)
+		if err != nil {
+			log.Fatal("Failed to add custom directory to backup: %v", err)
 		}
-	}

-	// Data files
-	if !c.Bool("database-only") {
-		for _, dir := range []string{"attachments", "avatars", "repo-avatars"} {
+		// Data files
+		for _, dir := range []string{"ssh", "attachments", "avatars", "repo-avatars"} {
 			dirPath := filepath.Join(conf.Server.AppDataPath, dir)
-			if !com.IsDir(dirPath) {
+			if !osutil.IsDir(dirPath) {
 				continue
 			}

@@ -164,3 +166,33 @@ func runBackup(c *cli.Context) error {
 	log.Stop()
 	return nil
 }
+
+func addCustomDirToBackup(z *zip.ZipArchive) error {
+	customDir := conf.CustomDir()
+	entries, err := os.ReadDir(customDir)
+	if err != nil {
+		return errors.Wrap(err, "list custom directory entries")
+	}
+
+	for _, e := range entries {
+		if e.Name() == "data" {
+			// Skip the "data" directory because it lives under the "custom" directory in
+			// the Docker setup and will be backed up separately.
+			log.Trace(`Skipping "data" directory in custom directory`)
+			continue
+		}
+
+		add := z.AddFile
+		if e.IsDir() {
+			add = z.AddDir
+		}
+		err = add(
+			fmt.Sprintf("%s/custom/%s", archiveRootDir, e.Name()),
+			filepath.Join(customDir, e.Name()),
+		)
+		if err != nil {
+			return errors.Wrapf(err, "add %q", e.Name())
+		}
+	}
+	return nil
+}
--- a/internal/cmd/cert.go
+++ b/internal/cmd/cert.go
@@ -1,4 +1,4 @@
-// +build cert
+//go:build cert

 // Copyright 2009 The Go Authors. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
@@ -41,7 +41,7 @@ Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
 	},
 }

-func publicKey(priv interface{}) interface{} {
+func publicKey(priv any) any {
 	switch k := priv.(type) {
 	case *rsa.PrivateKey:
 		return &k.PublicKey
@@ -52,7 +52,7 @@ func publicKey(priv interface{}) interface{} {
 	}
 }

-func pemBlockForKey(priv interface{}) *pem.Block {
+func pemBlockForKey(priv any) *pem.Block {
 	switch k := priv.(type) {
 	case *rsa.PrivateKey:
 		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
@@ -72,7 +72,7 @@ func runCert(ctx *cli.Context) error {
 		log.Fatal("Missing required --host parameter")
 	}

-	var priv interface{}
+	var priv any
 	var err error
 	switch ctx.String("ecdsa-curve") {
 	case "":
--- a/internal/cmd/cert_stub.go
+++ b/internal/cmd/cert_stub.go
@@ -1,10 +1,10 @@
 //go:build !cert
-// +build !cert

 // Copyright 2009 The Go Authors. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
+
 package cmd

 import (
@@ -21,7 +21,7 @@ var Cert = cli.Command{
 	Action:      runCert,
 }

-func runCert(ctx *cli.Context) error {
+func runCert(_ *cli.Context) error {
 	fmt.Println("Command cert not available, please use build tags 'cert' to rebuild.")
 	os.Exit(1)

--- a/internal/cmd/hook.go
+++ b/internal/cmd/hook.go
@@ -63,7 +63,7 @@ var (
 )

 func runHookPreReceive(c *cli.Context) error {
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+	if os.Getenv("SSH_ORIGINAL_COMMAND") == "" {
 		return nil
 	}
 	setup(c, "pre-receive.log", true)
@@ -156,7 +156,7 @@ func runHookPreReceive(c *cli.Context) error {
 }

 func runHookUpdate(c *cli.Context) error {
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+	if os.Getenv("SSH_ORIGINAL_COMMAND") == "" {
 		return nil
 	}
 	setup(c, "update.log", false)
@@ -164,7 +164,7 @@ func runHookUpdate(c *cli.Context) error {
 	args := c.Args()
 	if len(args) != 3 {
 		fail("Arguments received are not equal to three", "Arguments received are not equal to three")
-	} else if len(args[0]) == 0 {
+	} else if args[0] == "" {
 		fail("First argument 'refName' is empty", "First argument 'refName' is empty")
 	}

@@ -190,7 +190,7 @@ func runHookUpdate(c *cli.Context) error {
 }

 func runHookPostReceive(c *cli.Context) error {
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+	if os.Getenv("SSH_ORIGINAL_COMMAND") == "" {
 		return nil
 	}
 	setup(c, "post-receive.log", true)
--- a/internal/cmd/import.go
+++ b/internal/cmd/import.go
@@ -95,7 +95,7 @@ func runImportLocale(c *cli.Context) error {
 			if idx > -1 && line[len(line)-1] == '"' {
 				// We still want the "=" sign
 				line = append(line[:idx+1], line[idx+2:len(line)-1]...)
-				line = bytes.Replace(line, escapedQuotes, regularQuotes, -1)
+				line = bytes.ReplaceAll(line, escapedQuotes, regularQuotes)
 			}
 			_, _ = tw.Write(line)
 			_, _ = tw.WriteString("\n")
--- a/Show More
+++ b/Show More