Add CHANGELOG for 1.19.0 (#23583) (#23586)

Backport #23583 by @delvh

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

.drone.yml

@@ -43,7 +43,7 @@ steps:
     depends_on: [deps-frontend]
 
   - name: lint-backend
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     pull: always
     commands:
       - make lint-backend
@@ -57,7 +57,7 @@ steps:
         path: /go
 
   - name: lint-backend-windows
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     commands:
       - make golangci-lint-windows vet
     environment:
@@ -72,7 +72,7 @@ steps:
         path: /go
 
   - name: lint-backend-gogit
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     commands:
       - make lint-backend
     environment:
@@ -264,13 +264,13 @@ steps:
       - git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}
 
   - name: prepare-test-env
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     pull: always
     commands:
       - ./build/test-env-prepare.sh
 
   - name: build
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - ./build/test-env-check.sh
@@ -285,7 +285,7 @@ steps:
         path: /go
 
   - name: unit-test
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - make unit-test-coverage test-check
@@ -301,7 +301,7 @@ steps:
         path: /go
 
   - name: unit-test-gogit
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - make unit-test-coverage test-check
@@ -317,7 +317,7 @@ steps:
         path: /go
 
   - name: test-mysql
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - make test-mysql-migration integration-test-coverage
@@ -334,7 +334,7 @@ steps:
         path: /go
 
   - name: test-mysql8
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - timeout -s ABRT 50m make test-mysql8-migration test-mysql8
@@ -350,7 +350,7 @@ steps:
         path: /go
 
   - name: test-mssql
-    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - make test-mssql-migration test-mssql
@@ -454,13 +454,13 @@ steps:
         path: /go
 
   - name: prepare-test-env
-    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
     pull: always
     commands:
       - ./build/test-env-prepare.sh
 
   - name: build
-    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - ./build/test-env-check.sh
@@ -475,7 +475,7 @@ steps:
         path: /go
 
   - name: test-sqlite
-    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - timeout -s ABRT 50m make test-sqlite-migration test-sqlite
@@ -491,7 +491,7 @@ steps:
         path: /go
 
   - name: test-pgsql
-    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
     user: gitea
     commands:
       - timeout -s ABRT 50m make test-pgsql-migration test-pgsql
@@ -1016,7 +1016,7 @@ steps:
       - git fetch --tags --force
 
   - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       auto_tag: true
@@ -1028,13 +1028,17 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
         - pull_request
 
   - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     settings:
       dockerfile: Dockerfile.rootless
       auto_tag: true
@@ -1046,6 +1050,10 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
@@ -1080,7 +1088,7 @@ steps:
       - git fetch --tags --force
 
   - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       tags: ${DRONE_TAG##v}-linux-amd64
@@ -1091,13 +1099,17 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
         - pull_request
 
   - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     settings:
       dockerfile: Dockerfile.rootless
       tags: ${DRONE_TAG##v}-linux-amd64-rootless
@@ -1108,6 +1120,10 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
@@ -1142,7 +1158,7 @@ steps:
       - git fetch --tags --force
 
   - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       auto_tag: false
@@ -1154,13 +1170,17 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
         - pull_request
 
   - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     settings:
       dockerfile: Dockerfile.rootless
       auto_tag: false
@@ -1172,6 +1192,10 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
@@ -1205,7 +1229,7 @@ steps:
       - git fetch --tags --force
 
   - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       auto_tag: false
@@ -1217,13 +1241,17 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
         - pull_request
 
   - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     settings:
       dockerfile: Dockerfile.rootless
       auto_tag: false
@@ -1235,6 +1263,10 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
@@ -1243,7 +1275,7 @@ steps:
 ---
 kind: pipeline
 type: docker
-name: docker-linux-arm64-dry-run
+name: docker-linux-amd64-dry-run
 
 platform:
   os: linux
@@ -1261,7 +1293,7 @@ trigger:
 
 steps:
   - name: dryrun
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       dry_run: true
@@ -1272,6 +1304,7 @@ steps:
     environment:
       PLUGIN_MIRROR:
         from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         - pull_request
@@ -1308,7 +1341,7 @@ steps:
       - git fetch --tags --force
 
   - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       auto_tag: true
@@ -1320,13 +1353,17 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
         - pull_request
 
   - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     settings:
       dockerfile: Dockerfile.rootless
       auto_tag: true
@@ -1338,6 +1375,10 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
@@ -1372,7 +1413,7 @@ steps:
       - git fetch --tags --force
 
   - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       tags: ${DRONE_TAG##v}-linux-arm64
@@ -1383,13 +1424,17 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
         - pull_request
 
   - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     settings:
       dockerfile: Dockerfile.rootless
       tags: ${DRONE_TAG##v}-linux-arm64-rootless
@@ -1400,6 +1445,10 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
@@ -1434,7 +1483,7 @@ steps:
       - git fetch --tags --force
 
   - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       auto_tag: false
@@ -1446,13 +1495,17 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
         - pull_request
 
   - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     settings:
       dockerfile: Dockerfile.rootless
       auto_tag: false
@@ -1464,6 +1517,10 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
@@ -1497,7 +1554,7 @@ steps:
       - git fetch --tags --force
 
   - name: publish
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     pull: always
     settings:
       auto_tag: false
@@ -1509,13 +1566,17 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:
         - pull_request
 
   - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
+    image: plugins/docker:latest
     settings:
       dockerfile: Dockerfile.rootless
       auto_tag: false
@@ -1527,6 +1588,10 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
     when:
       event:
         exclude:

.stylelintrc.yaml

@@ -1,12 +1,16 @@
 plugins:
   - stylelint-declaration-strict-value
 
+ignoreFiles:
+  - "**/*.go"
+
 overrides:
-  - files: ["**/*.less"]
-    customSyntax: postcss-less
   - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console/*"]
     rules:
       scale-unlimited/declaration-strict-value: null
+  - files: ["**/chroma/*", "**/codemirror/*"]
+    rules:
+      block-no-empty: null
 
 rules:
   alpha-value-notation: null

CHANGELOG.md

@@ -4,6 +4,356 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.19.0](https://github.com/go-gitea/gitea/releases/tag/1.19.0) - 2023-03-19
+
+* BREAKING
+  * Add loading yaml label template files (#22976) (#23232)
+  * Make issue and code search support camel case for Bleve (#22829)
+  * Repositories: by default disable all units except code and pulls on forks (#22541)
+  * Support template for merge message description (#22248)
+  * Remove ONLY_SHOW_RELEVANT_REPOS setting (#21962)
+  * Implement actions (#21937)
+  * Remove deprecated DSA host key from Docker Container (#21522)
+  * Improve valid user name check (#20136)
+* SECURITY
+  * Return 404 instead of 403 if user can not access the repo (#23155) (#23158)
+  * Support scoped access tokens (#20908)
+* FEATURES
+  * Add support for commit cross references (#22645)
+  * Scoped labels (#22585)
+  * Add Chef package registry (#22554)
+  * Support asciicast files as new markup (#22448)
+  * cgo cross-compile for freebsd (#22397)
+  * Add cron method to gc LFS MetaObjects (#22385)
+  * Add new captcha: cloudflare turnstile (#22369)
+  * Enable `@<user>`- completion popup on the release description textarea (#22359)
+  * make /{username}.png redirect to user/org avatar (#22356)
+  * Add Conda package registry (#22262)
+  * Support org/user level projects (#22235)
+  * Add Mermaid copy button (#22225)
+  * Add user secrets (#22191)
+  * Secrets storage with SecretKey encrypted (#22142)
+  * Preview images for Issue cards in Project Board view (#22112)
+  * Add support for incoming emails (#22056)
+  * Add Cargo package registry (#21888)
+  * Add option to prohibit fork if user reached maximum limit of repositories (#21848)
+  * Add attention blocks within quote blocks for `Note` and `Warning` (#21711)
+  * Add Feed for Releases and Tags (#21696)
+  * Add package registry cleanup rules (#21658)
+  * Add "Copy" button to file view of raw text (#21629)
+  * Allow disable sitemap (#21617)
+  * Add package registry quota limits (#21584)
+  * Map OIDC groups to Orgs/Teams (#21441)
+  * Keep languages defined in .gitattributes (#21403)
+  * Add Webhook authorization header (#20926)
+  * Supports wildcard protected branch (#20825)
+  * Copy citation file content, in APA and BibTex format, on repo home page (#19999)
+* API
+  * Match api migration behavior to web behavior (#23552) (#23573)
+  * Purge API comment (#23451) (#23452)
+  * User creation API: allow custom "created" timestamps (#22549)
+  * Add `updated_at` field to PullReview API object (#21812)
+  * Add API management for issue/pull and comment attachments (#21783)
+  * Add API endpoint to get latest release (#21267)
+  * Support system hook API (#14537)
+* ENHANCEMENTS
+  * Add `.patch` to `attachment.ALLOWED_TYPES` (#23580) (#23582)
+  * Fix sticky header in diff view (#23554) (#23568)
+  * Refactor merge/update git command calls (#23366) (#23544)
+  * Fix review comment context menu clipped bug (#23523) (#23543)
+  * Imrove scroll behavior to hash issuecomment(scroll position, auto expand if file is folded, and on refreshing) (#23513) (#23540)
+  * Increase horizontal page padding (#23507) (#23537)
+  * Use octicon-verified for gpg signatures (#23529) (#23536)
+  * Make time tooltips interactive (#23526) (#23527)
+  * Replace Less with CSS (#23508)
+  * Fix 'View File' button in code search (#23478) (#23483)
+  * Convert GitHub event on actions and fix some pull_request events. (#23037) (#23471)
+  * Support reflogs (#22451) (#23438)
+  * Fix actions frontend bugs (pagination, long name alignment) and small simplify (#23370) (#23436)
+  * Scoped label display and documentation tweaks (#23430) (#23433)
+  * Add missing tabs to org projects page (#22705) (#23412)
+  * Fix and move "Use this template" button (#23398) (#23408)
+  * Handle OpenID discovery URL errors a little nicer when creating/editing sources (#23397) (#23403)
+  * Rename `canWriteUnit` to `canWriteProjects` (#23386) (#23399)
+  * Refactor and tidy-up the merge/update branch code (#22568) (#23365)
+  * Refactor `setting.Database.UseXXX` to methods (#23354) (#23356)
+  * Fix incorrect project links and use symlink icon for org-wide projects (#23325) (#23336)
+  * Fix PR view misalignment caused by long name file (#23321) (#23335)
+  * Scoped labels: don't require holding alt key to remove (#23303) (#23331)
+  * Add context when rendering labels or emojis (#23281) (#23319)
+  * Change interactiveBorder to fix popup preview  (#23169) (#23314)
+  * Scoped labels: set aria-disabled on muted Exclusive option for a11y (#23306) (#23311)
+  * update to mermaid v10 (#23178) (#23299)
+  * Fix code wrap for unbroken lines (#23268) (#23293)
+  * Use async await to fix empty quote reply at first time (#23168) (#23256)
+  * Fix switched citation format (#23250) (#23253)
+  * Allow `<video>` in MarkDown (#22892) (#23236)
+  * Order pull request conflict checking by recently updated, for each push (#23220) (#23225)
+  * Fix Fomantic UI's `touchstart` fastclick, always use `click` for click events (#23065) (#23195)
+  * Add word-break to sidebar-item-link (#23146) (#23180)
+  * Add InsecureSkipVerify to Minio Client for Storage (#23166) (#23177)
+  * Fix height for sticky head on large screen on PR page (#23111) (#23123)
+  * Change style to improve whitespaces trimming inside inline markdown code (#23093) (#23120)
+  * Avoid warning for system setting when start up (#23054) (#23116)
+  * Add accessibility to the menu on the navbar (#23059) (#23095)
+  * Improve accessibility for issue comments (#22612) (#23083)
+  * Remove delete button for review comment (#23036)
+  * Remove dashes between organization member avatars on hover (#23034)
+  * Use `gt-relative` class instead of the ambiguous `gt-pr` class  (#23008)
+  * handle deprecated settings (#22992)
+  * Add scopes to API to create token and display them (#22989)
+  * Improve PR Review Box UI (#22986)
+  * Improve issues.LoadProject (#22982)
+  * Add all units to the units permission list in org team members sidebar (#22971)
+  * Rename `GetUnits` to `LoadUnits` (#22970)
+  * Rename `repo.GetOwner` to `repo.LoadOwner` (#22967)
+  * Rename "People" to "Members" in organization page and use a better icon (#22960)
+  * Fix avatar misalignment (#22955)
+  * Sort issues and pulls by recently updated in user and organization home (#22925)
+  * Add `title` to PR file tree items (#22918)
+  * First step to refactor the `.hide` to `.gt-hidden` (#22916)
+  * Add tooltip to issue reference (#22913)
+  * Always show the `command line instructions` button even if there are conflicts (#22909)
+  * Fix dark-colored description text in arc-green theme (#22908)
+  * Remove Fomantic-UI's `.hidden` CSS class for menu elements (#22895)
+  * Move helpers to be prefixed with `gt-` (#22879)
+  * Move `IsReadmeFile*` from `modules/markup/` to `modules/util` (#22877)
+  * Highlight focused diff file (#22870)
+  * Add some headings to repo views (#22869)
+  * Fix milestone title font problem (#22863)
+  * Pull Requests: setting to allow edits by maintainers by default, tweak UI (#22862)
+  * Introduce customized HTML elements, fix incorrect AppUrl usages in templates (#22861)
+  * Add `/$count` endpoints for NuGet v2 (#22855)
+  * Remove Fomantic-UI's `.hidden` CSS class for checkbox elements (#22851)
+  * Fix notification and stopwatch empty states (#22845)
+  * Always go full width in PR view (#22844)
+  * Improve AppUrl/ROOT_URL checking (#22836)
+  * Fix style of actions rerun button (#22835)
+  * Fix more HTMLURL in templates (#22831)
+  * Fix inconsistent Filter Project name in issue list (#22827)
+  * include build info in Prometheus metrics (#22819)
+  * Make clone URL use current page's host (#22808)
+  * Refactor legacy strange git operations (#22756)
+  * Improve error report when user passes a private key (#22726)
+  * set user dashboard org visibility to basic (#22706)
+  * Fix diff UI for unexpandable items (#22700)
+  * Remove 'primary' class from tab counter labels (#22687)
+  * Add more events details supports for actions (#22680)
+  * Refactor git command package to improve security and maintainability (#22678)
+  * Use relative url in actions view (#22675)
+  * set user visibility class to basic (#22674)
+  * Add repository setting to enable/disable releases unit (#22671)
+  * Remove label color from global issue filters (#22660)
+  * Fix poor alignment of organization description on organization home page (#22656)
+  * Small refactor for loading PRs (#22652)
+  * Allow setting access token scope by CLI (#22648)
+  * Improve accessibility of navigation bar and footer (#22635)
+  * Fixes accessibility behavior of Watching, Staring and Fork buttons (#22634)
+  * Fixes accessibility of empty repository commit status (#22632)
+  * Pull request yaml template support for including commit body in a field (#22629)
+  * Show migration validation error (#22619)
+  * set org visibility class to basic in header (#22605)
+  * Fix cache-control header clearing comment text when editing issue (#22604)
+  * Add ARIA support for Fomantic UI checkboxes (#22599)
+  * Add templates to customize text when creating and migrating repositories (#22597)
+  * Allow setting `redirect_to` cookie on OAuth login (#22594)
+  * Improve checkbox accessibility a bit by adding the title attribute (#22593)
+  * Allow issue templates to not render title (#22589)
+  * Webhooks: for issue close/reopen action, add commit ID that caused it (#22583)
+  * Fix missing title and filter in issue sidebar project menu (#22557)
+  * Issues: support setting issue template field values with query (#22545)
+  * Issues: add Project filter to issues list and search (#22544)
+  * Pull Requests: add color to approved/reject icon in pull requests list (#22543)
+  * Mute all links in issue timeline (#22533)
+  * Dropzone: Add "Copy link" button for new uploads (#22517)
+  * Support importing comment types (#22510)
+  * Load asciicast css async (#22502)
+  * Move delete user to service (#22478)
+  * Change use of Walk to WalkDir to improve disk performance (#22462)
+  * Add reply hint to mail text (#22459)
+  * fix wrong theme class when logged out if default theme is changed (#22408)
+  * Refactor the setting to make unit test easier (#22405)
+  * Improve utils of slices (#22379)
+  * Use context parameter in models/git (#22367)
+  * Always reuse transaction (#22362)
+  * Fix unstable emoji sort (#22346)
+  * Add context cache as a request level cache (#22294)
+  * Reminder for no more logs to console (#22282)
+  * Support estimated count with multiple schemas (#22276)
+  * Move `convert` package to services (#22264)
+  * Use dynamic package type list (#22263)
+  * Hide file borders on sticky diff box (#22217)
+  * Improve notification and stopwatch styles (#22169)
+  * Fixed Project view .board-column height for tall screens. (#22108)
+  * Use multi reader instead to concat strings (#22099)
+  * Use git command instead of exec.Cmd in blame (#22098)
+  * Fix autofilled text visibility in dark mode (#22088)
+  * Rename almost all Ctx functions (#22071)
+  * Rename actions to operations on UI (#22067)
+  * refactor bind functions based on generics (#22055)
+  * Support disabling database auto migration (#22053)
+  * remove duplicated read file code (#22042)
+  * Use link in UI which returned a relative url but not html_url which contains an absolute url (#21986)
+  * Skip initing disabled storages (#21985)
+  * Add doctor command for full GC of LFS (#21978)
+  * Util type to parse ref name (#21969)
+  * Replace fmt.Sprintf with hex.EncodeToString (#21960)
+  * Use random bytes to generate access token (#21959)
+  * Add index for access_token (#21908)
+  * Move all remaining colors into CSS variables (#21903)
+  * Webhook list enhancements (#21893)
+  * Embed Matrix icon as SVG (#21890)
+  * Remove useless "Cancel" buttons (#21872)
+  * fix(web): keep the pages of the navigation in the center (#21867)
+  * fix(web): reduce page jitter on browsers that support overlay scrollbar (#21850)
+  * Improvements for Content Copy (#21842)
+  * Tweak katex options (#21828)
+  * Show syntax lexer name in file view/blame (#21814)
+  * Remove `href="javascript:;"` in "save topics (Done)" button (#21813)
+  * Render number of commits in repo page in a user friendly way (#21786)
+  * Adjust clone timeout error to suggest increasing timeout (#21769)
+  * Update message of reach_limit_of_creation (#21757)
+  * Allow detect whether it's in a database transaction for a context.Context (#21756)
+  * Add configuration for CORS allowed headers (#21747)
+  * Move svg html render to modules/svg (#21716)
+  * Release and Tag List tweaks (#21712)
+  * Remove template previewer (#21701)
+  * Clean up formatting on install page (#21668)
+  * Configure update checker on installation page (#21655)
+  * Merge db.Iterate and IterateObjects (#21641)
+  * Add option to enable CAPTCHA validation for login (#21638)
+  * Allow disable RSS/Atom feed (#21622)
+  * Use CSS color-scheme instead of invert (#21616)
+  * Localize time units on activity heatmap (#21570)
+  * Fix UI column width, button overflow Fomantic's grid (#21559)
+  * feat: notify doers of a merge when automerging (#21553)
+  * Split migrations folder (#21549)
+  * feat: add button to quickly clear merge message (#21548)
+  * Add `context.Context` to more methods (#21546)
+  * Add index for hook_task table (#21545)
+  * Allow disable code tab (#20805)
+* BUGFIXES
+  * Fix template error when reference Project (#23584)
+  * Fix dropdown icon misalignment when using fomantic icon (#23558) (#23577)
+  * Fix diff detail buttons wrapping, use tippy for review box (#23271) (#23546)
+  * Handle missing `README` in create repos API (#23387) (#23510)
+  * Disable sending email after push a commit to a closed PR (#23462) (#23492)
+  * Fix aria.js bugs: incorrect role element problem, mobile focus problem, tippy problem (#23450) (#23486)
+  * Fix due date being wrong on issue list (#23475) (#23477)
+  * Remove wrongly added column on migration test fixtures (#23456) (#23470)
+  * Make branches list page operations remember current page (#23420) (#23460)
+  * Fix missing commit status in PR which from forked repo (#23351) (#23453)
+  * Show edit/close/delete button on organization wide repositories (#23388) (#23429)
+  * Preserve file size when creating attachments (#23406) (#23426)
+  * Fix broken Chroma CSS styles (#23174) (#23402)
+  * Fix incorrect NotFound conditions in org/projects.go (#23384) (#23395)
+  * Set `X-Gitea-Debug` header once (#23361) (#23381)
+  * Pass context to avatar for projects view (#23359) (#23378)
+  * Fix panic when getting notes by ref (#23372) (#23377)
+  * Do not recognize text files as audio (#23355) (#23368)
+  * Fix adding of empty class name (#23352) (#23360)
+  * Fix various ImageDiff/SVG bugs (#23312) (#23358)
+  * Fix incorrect display for comment context menu (#23343) (#23344)
+  * Remove unnecessary space on link (#23334) (#23340)
+  * Fix incorrect redirect link of delete org project (#23327) (#23339)
+  * Fix cannot reopen after pushing commits to a closed PR (#23189) (#23324)
+  * Fix broken code editor diff preview (#23307) (#23320)
+  * Support sanitising the URL by removing extra slashes in the URL (#21333) (#23300)
+  * Avoid panic caused by broken payload when creating commit status (#23216) (#23294)
+  * Fill head commit to in payload when notifying push commits for mirroring (#23215) (#23292)
+  * Fix various bugs for "install" page (#23194) (#23286)
+  * Fix GetFilesChangedBetween if the file name may be escaped (#23272) (#23279)
+  * Revert relative links to absolute links in mail templates (#23267) (#23269)
+  * Fix commit retrieval by tag (#21804) (#23266)
+  * Use correct README link to render the README (#23152) (#23264)
+  * Close the temp file when dumping database to make the temp file can be deleted on Windows (#23249) (#23251)
+  * Use the correct selector to hide the checkmark of selected labels on clear (#23224) (#23228)
+  * Fix incorrect checkbox behaviors in the dashboard repolist's filter (#23147) (#23205)
+  * Properly flush unique queues on startup (#23154) (#23201)
+  * Pass `--global` when calling `git config --get`, for consistency with `git config --set` (#23157) (#23199)
+  * Make `gitea serv` respect git binary home (#23138) (#23197)
+  * Change button text for commenting and closing an issue at the same time (#23135) (#23182)
+  * Fix DBConsistency checks on MSSQL (#23132) (#23134)
+  * Show empty repos in Admin Repository Management page (#23114) (#23130)
+  * Redirect to the commit page after applying patch (#23056) (#23127)
+  * Fix nil context in RenderMarkdownToHtml (#23092) (#23108)
+  * Make issue meta dropdown support Enter, confirm before reloading (#23014) (#23102)
+  * Fix SyncOnCommit always return false in API of push_mirrors (#23088) (#23100)
+  * Fix commit name in Apply Patch page (#23086) (#23099)
+  * Fix some more hidden problems (#23074) (#23075)
+  * Bump golang.org/x/net from 0.4.0 to 0.7.0 (#22980)
+  * Get rules by id when editing branch protection rule (#22932)
+  * Fix panic when call api (/repos/{owner}/{repo}/pulls/{index}/files) (#22921)
+  * Increase Content field size of gpg_import_key to MEDIUMTEXT (#22897)
+  * Fix hidden commit status on multiple checks (#22889)
+  * Fix update by rebase being wrongly disabled by protected base branch (#22825)
+  * Make issue title edit buttons focusable and fix incorrect ajax requests (#22807)
+  * Fix rerun button of Actions (#22798)
+  * remove update language in ProfilePost (#22748)
+  * Do not overwrite empty DefaultBranch (#22708)
+  * Fix ref to trigger Actions (#22679)
+  * Fix time to NotifyPullRequestSynchronized (#22650)
+  * Show all projects, not just repo projects and open/closed projects  (#22640)
+  * Project links should use parent link methods (#22587)
+  * Fix group filter for ldap source sync (#22506)
+  * Check quota limits for container uploads (#22450)
+  * Fix halfCommitter and WithTx (#22366)
+  * Attempt to fix TestExportUserGPGKeys (#22159)
+  * Fix heatmap first color being unused (#22157)
+  * Fix scroll over mermaid frame (#21925)
+  * Move migration test fixtures to the correct directories (#21901)
+  * fix(web): add `alt` for logo in home page (#21887)
+  * Fix webhook attachment text is not set in review comment (#21763)
+  * Alter package_version.metadata_json to LONGTEXT (#21667)
+  * Ensure that Webhook tasks are not double delivered (#21558)
+* TESTING
+  * Make CI use a dummy password hasher for all tests (#22983)
+  * Disable test for incoming email (#22686)
+  * Move fuzz tests into tests/fuzz (#22376)
+  * Test views of LFS files (#22196)
+  * Specify ID in `TestAPITeam` (#22192)
+  * verify nodeinfo response by schema  (#22137)
+  * Skip GitHub migration tests if the API token is undefined (#21824)
+  * Add a simple test for external renderer (#20033)
+* TRANSLATION
+  * Use "Title Case" for text "Reference in new issue" (#22936)
+* BUILD
+  * Wrap unless-check in docker manifests (#23079) (#23081)
+  * Adjust manifest to prevent tagging latest on rcs (#22811)
+  * update to build with go1.20 (#22732)
+  * Add Bash and Zsh completion scripts (#22646)
+  * Add Contributed backport command (#22643)
+  * Remove deprecated packages & staticcheck fixes (#22012)
+  * Update to Alpine 3.17 (#21904)
+  * Fix webpack license warning (#21815)
+* DOCS
+  * Update documentation for the new YAML label file format  (#23020) (#23341)
+  * Update hacking-on-gitea-zh_cn documentation (#23315) (#23323)
+  * Add basic documentation for labels, including scoped labels (#23304) (#23309)
+  * Re-add accidentally removed `hacking-on-gitea.zh-cn.md` (#23297) (#23305)
+  * Fix secrets overview page missing from docs sidebar (#23143) (#23145)
+  * Add some guidelines for refactoring (#22880)
+  * Explain that the no-access team unit does not affect public repositories (#22661)
+  * Fix incorrect Redis URL snippets in the example app.ini (#22573)
+  * docs: add swagger.json file location to FAQ (#22489)
+  * Update index.de-de.md (#22363)
+  * Update Gmail mailer configuration (#22291)
+  * Add missed reverse proxy authentication documentation (#22250)
+  * Add plural definitions for German translations (#21802)
+  * Attempt clarify AppWorkPath etc. (#21656)
+  * Add some documentation to packages (#21648)
+* MISC
+  * Use `<nav>` instead of `<div>` in the global navbar (#23125) (#23533)
+  * Do not create commit graph for temporary repos (#23219) (#23229)
+  * Update button is shown when a Pull Request is marked WIP - Issue #21740 (#22683)
+  * Add main landmark to templates and adjust titles (#22670)
+  * Fix error on account activation with wrong passwd (#22609)
+  * Update JS dependencies (#22538)
+  * Display unreferenced packages total size in package admin panel (#22498)
+  * Mobile fix for Project view: Add delay to Sortable.js on mobile, to ensure scrolling is possible. (#22152)
+  * Update chroma to v2.4.0 (#22000)
+  * Hide collapse icon in diff with no lines (#21094)
+
 ## [1.18.5](https://github.com/go-gitea/gitea/releases/tag/v1.18.5) - 2023-02-21
 
 * ENHANCEMENTS

Makefile

@@ -105,7 +105,7 @@ GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/m
 
 FOMANTIC_WORK_DIR := web_src/fomantic
 
-WEBPACK_SOURCES := $(shell find web_src/js web_src/less -type f)
+WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
 WEBPACK_CONFIGS := webpack.config.js
 WEBPACK_DEST := public/js/index.js public/css/index.css
 WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack public/serviceworker.js
@@ -131,7 +131,7 @@ TEST_TAGS ?= sqlite sqlite_unlock_notify
 TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)
 
 GO_DIRS := cmd tests models modules routers build services tools
-WEB_DIRS := web_src/js web_src/less
+WEB_DIRS := web_src/js web_src/css
 
 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
@@ -341,7 +341,7 @@ lint: lint-frontend lint-backend
 .PHONY: lint-frontend
 lint-frontend: node_modules
 	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
-	npx stylelint --color --max-warnings=0 web_src/less
+	npx stylelint --color --max-warnings=0 web_src/css
 	npx spectral lint -q -F hint $(SWAGGER_SPEC)
 	npx markdownlint docs *.md
 

cmd/admin.go

@@ -7,6 +7,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"net/url"
 	"os"
 	"strings"
 	"text/tabwriter"
@@ -469,11 +470,19 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}
 
+	config := parseOAuth2Config(c)
+	if config.Provider == "openidConnect" {
+		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
+		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
+			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)
+		}
+	}
+
 	return auth_model.CreateSource(&auth_model.Source{
 		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
-		Cfg:      parseOAuth2Config(c),
+		Cfg:      config,
 	})
 }
 

cmd/convert.go

@@ -35,7 +35,7 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("Log path: %s", setting.Log.RootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
 
-	if !setting.Database.UseMySQL {
+	if !setting.Database.Type.IsMySQL() {
 		fmt.Println("This command can only be used with a MySQL database")
 		return nil
 	}

cmd/dump.go

@@ -279,7 +279,7 @@ func runDump(ctx *cli.Context) error {
 	}()
 
 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
+	if len(targetDBType) > 0 && targetDBType != setting.Database.Type.String() {
 		log.Info("Dumping database %s => %s...", setting.Database.Type, targetDBType)
 	} else {
 		log.Info("Dumping database...")

custom/conf/app.example.ini

@@ -1832,7 +1832,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@@ -2256,6 +2256,17 @@ ROUTER = console
 ;PULL = 300
 ;GC = 60
 
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Git Reflog timeout in days
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[git.reflog]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = true
+;EXPIRATION = 90
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[mirror]

docs/Makefile

@@ -1,6 +1,6 @@
 THEME := themes/gitea
 PUBLIC := public
-ARCHIVE := https://dl.gitea.io/theme/master.tar.gz
+ARCHIVE := https://dl.gitea.com/theme/main.tar.gz
 
 HUGO_PACKAGE := github.com/gohugoio/hugo@v0.82.0
 

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -841,7 +841,7 @@ Default templates for project boards:
 ## Issue and pull request attachments (`attachment`)
 
 - `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
-- `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+- `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 - `MAX_SIZE`: **4**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
@@ -1087,6 +1087,11 @@ Default templates for project boards:
 - `DISABLE_CORE_PROTECT_NTFS`: **false** Set to true to forcibly set `core.protectNTFS` to false.
 - `DISABLE_PARTIAL_CLONE`: **false** Disable the usage of using partial clones for git.
 
+## Git - Reflog settings (`git.reflog`)
+
+- `ENABLED`: **true** Set to true to enable Git to write changes to reflogs in each repo.
+- `EXPIRATION`: **90** Reflog entry lifetime, in days. Entries are removed opportunistically by Git.
+
 ## Git - Timeout settings (`git.timeout`)
 
 - `DEFAULT`: **360**: Git operations default timeout seconds.

docs/content/doc/advanced/customizing-gitea.en-us.md

@@ -282,9 +282,22 @@ To add custom .gitignore, add a file with existing [.gitignore rules](https://gi
 
 ### Labels
 
-To add a custom label set, add a file that follows the [label format](https://github.com/go-gitea/gitea/blob/main/options/label/Default) to `$GITEA_CUSTOM/options/label`
+Starting with Gitea 1.19, you can add a file that follows the [YAML label format](https://github.com/go-gitea/gitea/blob/main/options/label/Advanced.yaml) to `$GITEA_CUSTOM/options/label`:
+
+```yaml
+labels:
+  - name: "foo/bar"  # name of the label that will appear in the dropdown
+    exclusive: true # whether to use the exclusive namespace for scoped labels. scoped delimiter is /
+    color: aabbcc # hex colour coding
+    description: Some label # long description of label intent
+ ```
+
+The [legacy file format](https://github.com/go-gitea/gitea/blob/main/options/label/Default) can still be used following the format below, however we strongly recommend using the newer YAML format instead.
+
 `#hex-color label name ; label description`
 
+For more information, see the [labels documentation]({{< relref "doc/usage/labels.en-us.md" >}}).
+
 ### Licenses
 
 To add a custom license, add a file with the license text to `$GITEA_CUSTOM/options/license`
@@ -341,7 +354,7 @@ To make a custom theme available to all users:
 
 Community themes are listed in [gitea/awesome-gitea#themes](https://gitea.com/gitea/awesome-gitea#themes).
 
-The `arc-green` theme source can be found [here](https://github.com/go-gitea/gitea/blob/main/web_src/less/themes/theme-arc-green.less).
+The `arc-green` theme source can be found [here](https://github.com/go-gitea/gitea/blob/main/web_src/css/themes/theme-arc-green.css).
 
 If your custom theme is considered a dark theme, set the global css variable `--is-dark-theme` to `true`.
 This allows Gitea to adjust the Monaco code editor's theme accordingly.

docs/content/doc/developers/guidelines-frontend.en-us.md

@@ -21,13 +21,13 @@ menu:
 
 ## Background
 
-Gitea uses [Less CSS](https://lesscss.org), [Fomantic-UI](https://fomantic-ui.com/introduction/getting-started.html) (based on [jQuery](https://api.jquery.com)) and [Vue3](https://vuejs.org/) for its frontend.
+Gitea uses [Fomantic-UI](https://fomantic-ui.com/introduction/getting-started.html) (based on [jQuery](https://api.jquery.com)) and [Vue3](https://vuejs.org/) for its frontend.
 
 The HTML pages are rendered by [Go HTML Template](https://pkg.go.dev/html/template).
 
 The source files can be found in the following directories:
 
-* **Less styles:** `web_src/less/`
+* **CSS styles:** `web_src/css/`
 * **JavaScript files:** `web_src/js/`
 * **Vue components:** `web_src/js/components/`
 * **Go HTML templates:** `templates/`

docs/content/doc/developers/hacking-on-gitea.zh-cn.md

@@ -1,6 +1,6 @@
 ---
 date: "2016-12-01T16:00:00+02:00"
-title: "加入 Gitea 开源"
+title: "玩转 Gitea"
 slug: "hacking-on-gitea"
 weight: 10
 toc: false
@@ -8,36 +8,342 @@ draft: false
 menu:
   sidebar:
     parent: "developers"
-    name: "加入 Gitea 开源"
+    name: "玩转 Gitea"
     weight: 10
     identifier: "hacking-on-gitea"
 ---
 
 # Hacking on Gitea
 
-首先你需要一些运行环境，这和 [从源代码安装]({{< relref "doc/installation/from-source.zh-cn.md" >}}) 相同，如果你还没有设置好，可以先阅读那个章节。
+**目录**
 
-如果你想为 Gitea 贡献代码，你需要 Fork 这个项目并且以 `master` 为开发分支。Gitea 使用 Govendor
-来管理依赖，因此所有依赖项都被工具自动 copy 在 vendor 子目录下。用下面的命令来下载源码：
+{{< toc >}}
 
-```
-go get -d code.gitea.io/gitea
+## 快速入门
+
+要获得快速工作的开发环境，您可以使用 Gitpod。
+
+[![在 Gitpod 中打开](/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/go-gitea/gitea)
+
+## 安装 Golang
+
+您需要 [安装 go]( https://golang.org/doc/install ) 并设置您的 go 环境。
+
+接下来，[使用 npm 安装 Node.js](https://nodejs.org/en/download/) ，这是构建
+JavaScript 和 CSS 文件的必要工具。最低支持的 Node.js 版本是 {{< min-node-version >}}
+并且推荐使用最新的 LTS 版本。
+
+**注意** ：当执行需要外部工具的 make 任务时，比如
+`make watch-backend`，Gitea 会自动下载并构建这些必要的组件。为了能够使用这些，你必须
+将 `"$GOPATH"/bin` 目录加入到可执行路径上。如果你不把go bin目录添加到可执行路径你必须手动
+指定可执行程序路径。
+
+**注意2** ：Go版本 {{< min-go-version >}} 或更高版本是必须的。Gitea 使用 `gofmt` 来
+格式化源代码。然而，`gofmt` 的结果可能因 `go` 的版本而有差异。因此推荐安装我们持续集成使用
+的 Go版本。截至上次更新，Go 版本应该是 {{< go-version >}}。
+
+## 安装 Make
+
+Gitea 大量使用 `Make` 来自动化任务和改进开发。本指南涵盖了如何安装 Make。
+
+### 在 Linux 上
+
+使用包管理器安装。
+
+在 Ubuntu/Debian 上：
+
+```bash
+sudo apt-get install make
 ```
 
-然后你可以在 Github 上 fork [Gitea 项目](https://github.com/go-gitea/gitea)，之后可以通过下面的命令进入源码目录：
+在 Fedora/RHEL/CentOS 上：
 
-```
-cd $GOPATH/src/code.gitea.io/gitea
+```bash
+sudo yum install make
 ```
 
-要创建 pull requests 你还需要在源码中新增一个 remote 指向你 Fork 的地址，直接推送到 origin 的话会告诉你没有写权限：
+### 在 Windows 上
 
+Make 的这三个发行版都可以在 Windows 上运行：
+
+- [单个二进制构建]( http://www.equation.com/servlet/equation.cmd?fa=make )。复制到某处并添加到 `PATH`。
+  - [32 位版本](http://www.equation.com/ftpdir/make/32/make.exe)
+  - [64 位版本](http://www.equation.com/ftpdir/make/64/make.exe)
+- [MinGW-w64](https://www.mingw-w64.org) / [MSYS2](https://www.msys2.org/)。
+  - MSYS2 是一个工具和库的集合，为您提供一个易于使用的环境来构建、安装和运行本机 Windows 软件，它包括 MinGW-w64。
+  - 在 MingGW-w64 中，二进制文件称为 `mingw32-make.exe` 而不是 `make.exe`。将 `bin` 文件夹添加到 `PATH`。
+  - 在 MSYS2 中，您可以直接使用 `make`。请参阅 [MSYS2 移植](https://www.msys2.org/wiki/Porting/)。
+  - 要使用 CGO_ENABLED（例如：SQLite3）编译 Gitea，您可能需要使用 [tdm-gcc](https://jmeubank.github.io/tdm-gcc/) 而不是 MSYS2 gcc，因为 MSYS2 gcc 标头缺少一些 Windows -只有 CRT 函数像 _beginthread 一样。
+- [Chocolatey包管理器]( https://chocolatey.org/packages/make )。运行`choco install make`
+
+**注意** ：如果您尝试在 Windows 命令提示符下使用 make 进行构建，您可能会遇到问题。建议使用上述提示（Git bash 或 MinGW），但是如果您只有命令提示符（或可能是 PowerShell），则可以使用 [set](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/set_1) 命令，例如 `set TAGS=bindata`。
+
+## 下载并克隆 Gitea 源代码
+
+获取源代码的推荐方法是使用 `git clone`。
+
+```bash
+git clone https://github.com/go-gitea/gitea
 ```
+
+（自从go modules出现后，不再需要构建 go 项目从 `$GOPATH` 中获取，因此不再推荐使用 `go get` 方法。）
+
+## 派生 Gitea
+
+如上所述下载主要的 Gitea 源代码。然后，派生 [Gitea 仓库](https://github.com/go-gitea/gitea)，
+并为您的本地仓库切换 git 远程源，或添加另一个远程源：
+
+```bash
+# 将原来的 Gitea origin 重命名为 upstream
 git remote rename origin upstream
-git remote add origin git@github.com:<USERNAME>/gitea.git
+git remote add origin "git@github.com:$GITHUB_USERNAME/gitea.git"
 git fetch --all --prune
 ```
 
-然后你就可以开始开发了。你可以看一下 `Makefile` 的内容。`make test` 可以运行测试程序， `make build` 将生成一个 `gitea` 可运行文件在根目录。如果你的提交比较复杂，尽量多写一些单元测试代码。
+或者：
 
-好了，到这里你已经设置好了所有的开发 Gitea 所需的环境。欢迎成为 Gitea 的 Contributor。
+```bash
+# 为我们的 fork 添加新的远程
+git remote add "$FORK_NAME" "git@github.com:$GITHUB_USERNAME/gitea.git"
+git fetch --all --prune
+```
+
+为了能够创建合并请求，应将分叉存储库添加为 Gitea 本地仓库的远程，否则无法推送更改。
+
+## 构建 Gitea（基本）
+
+看看我们的
+<a href='{{ < relref "doc/installation/from-source.en-us.md" > }}'>说明</a>
+关于如何 <a href='{{ < relref "doc/installation/from-source.en-us.md" > }}'>从源代码构建</a> 。
+
+从源代码构建的最简单推荐方法是：
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make build
+```
+
+`build` 目标将同时执行 `frontend` 和 `backend` 子目标。如果存在 `bindata` 标签，资源文件将被编译成二进制文件。建议在进行前端开发时省略 `bindata` 标签，以便实时反映更改。
+
+有关所有可用的 `make` 目标，请参阅 `make help`。另请参阅 [`.drone.yml`](https://github.com/go-gitea/gitea/blob/main/.drone.yml) 以了解我们的持续集成是如何工作的。
+
+## 持续构建
+
+要在源文件更改时运行并持续构建：
+
+```bash
+# 对于前端和后端
+make watch
+
+# 或者：只看前端文件（html/js/css）
+make watch-frontend
+
+# 或者：只看后端文件 (go)
+make watch-backend
+```
+
+在 macOS 上，监视所有后端源文件可能会达到默认的打开文件限制，这可以通过当前 shell 的 `ulimit -n 12288` 或所有未来 shell 的 shell 启动文件来增加。
+
+### 格式化、代码分析和拼写检查
+
+我们的持续集成将拒绝未通过代码检查（包括格式检查、代码分析和拼写检查）的 PR。
+
+你应该格式化你的代码：
+
+```bash
+make fmt
+```
+
+并检查源代码：
+
+```bash
+# lint 前端和后端代码
+make lint
+# 仅 lint 后端代码
+make lint-backend
+```
+
+**注意** ：`gofmt` 的结果取决于 `go` 的版本。您应该运行与持续集成相同的 go 版本。
+
+### 处理 JS 和 CSS
+
+前端开发应遵循 [Guidelines for Frontend Development]({{ < 相关参考 "doc/developers/guidelines-frontend.en-us.md" > }})
+
+要使用前端资源构建，请使用上面提到的“watch-frontend”目标或只构建一次：
+
+```bash
+make build && ./gitea
+```
+
+在提交之前，确保 linters 通过：
+
+```bash
+make lint-frontend
+```
+
+### 配置本地 ElasticSearch 实例
+
+使用 docker 启动本地 ElasticSearch 实例：
+
+```sh
+mkdir -p $(pwd) /data/elasticsearch
+sudo chown -R 1000:1000 $(pwd) /data/elasticsearch
+docker run --rm --memory= "4g" -p 127.0.0.1:9200:9200 -p 127.0.0.1:9300:9300 -e "discovery.type=single-node" -v "$(pwd)/data /elasticsearch:/usr/share/elasticsearch/data" docker.elastic.co/elasticsearch/elasticsearch:7.16.3
+```
+
+配置`app.ini`：
+
+```ini
+[indexer]
+ISSUE_INDEXER_TYPE = elasticsearch
+ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
+REPO_INDEXER_ENABLED = true
+REPO_INDEXER_TYPE = elasticsearch
+REPO_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
+```
+
+### 构建和添加 SVGs
+
+SVG 图标是使用 `make svg` 目标构建的，该目标将 `build/generate-svg.js` 中定义的图标源编译到输出目录 `public/img/svg` 中。可以在 `web_src/svg` 目录中添加自定义图标。
+
+### 构建 Logo
+
+Gitea Logo的 PNG 和 SVG 版本是使用 `TAGS="gitea" make generate-images` 目标从单个 SVG 源文件 assets/logo.svg 构建的。要运行它，Node.js 和 npm 必须可用。
+
+通过更新 `assets/logo.svg` 并运行 `make generate-images`，同样的过程也可用于从 SVG 源文件生成自定义 Logo PNG。忽略 gitea 编译选项将仅更新用户指定的 LOGO 文件。
+
+### 更新 API
+
+创建新的 API 路由或修改现有的 API 路由时，您**必须**
+更新和/或创建 [Swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/)
+这些使用 [go-swagger](https://goswagger.io/) 评论的文档。
+[规范]( https://goswagger.io/use/spec.html#annotation-syntax )中描述了这些注释的结构。
+如果您想了解更多有关 Swagger 结构的信息，可以查看
+[Swagger 2.0 文档](https://swagger.io/docs/specification/2-0/basic-structure/)
+或与添加新 API 端点的先前 PR 进行比较，例如 [PR #5483](https://github.com/go-gitea/gitea/pull/5843/files#diff-2e0a7b644cf31e1c8ef7d76b444fe3aaR20)
+
+您应该注意不要破坏下游用户依赖的 API。在稳定的 API 上，一般来说添加是可以接受的，但删除
+或对 API 进行根本性更改将会被拒绝。
+
+创建或更改 API 端点后，请用以下命令重新生成 Swagger 文档：
+
+```bash
+make generate-swagger
+```
+
+您应该验证生成的 Swagger 文件并使用以下命令对其进行拼写检查：
+
+```bash
+make swagger-validate misspell-check
+```
+
+您应该提交更改后的 swagger JSON 文件。持续集成服务器将使用以下方法检查是否已完成：
+
+```bash
+make swagger-check
+```
+
+**注意** ：请注意，您应该使用 Swagger 2.0 文档，而不是 OpenAPI 3 文档。
+
+### 创建新的配置选项
+
+创建新的配置选项时，将它们添加到 `modules/setting` 的对应文件。您应该将信息添加到 `custom/conf/app.ini`
+并到 <a href = '{{ < relref "doc/advanced/config-cheat-sheet.en-us.md" > }}'>配置备忘单</a>
+在 `docs/content/doc/advanced/config-cheat-sheet.en-us.md` 中找到
+
+### 更改Logo
+
+更改 Gitea Logo SVG 时，您将需要运行并提交结果的：
+
+```bash
+make generate-images
+```
+
+这将创建必要的 Gitea 图标和其他图标。
+
+### 数据库迁移
+
+如果您对数据库中的任何数据库持久结构进行重大更改
+`models/` 目录，您将需要进行新的迁移。可以找到这些
+在 `models/migrations/` 中。您可以确保您的迁移适用于主要
+数据库类型使用：
+
+```bash
+make test-sqlite-migration # 将 SQLite 切换为适当的数据库
+```
+
+## 测试
+
+Gitea 运行两种类型的测试：单元测试和集成测试。
+
+### 单元测试
+
+`go test` 系统中的`*_test.go` 涵盖了单元测试。
+您可以设置环境变量 `GITEA_UNIT_TESTS_LOG_SQL=1` 以在详细模式下运行测试时显示所有 SQL 语句（即设置`GOTESTFLAGS=-v` 时）。
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make test # Runs the unit tests
+```
+
+### 集成测试
+
+单元测试不会也不能完全单独测试 Gitea。因此，我们编写了集成测试；但是，这些依赖于数据库。
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make build test-sqlite
+```
+
+将在 SQLite 环境中运行集成测试。集成测试需要安装 `git lfs`。其他数据库测试可用，但
+可能需要适应当地环境。
+
+看看 [`tests/integration/README.md`](https://github.com/go-gitea/gitea/blob/main/tests/integration/README.md) 有关更多信息以及如何运行单个测试。
+
+### 测试 PR
+
+我们的持续集成将测试代码是否通过了单元测试，并且所有支持的数据库都将在 Docker 环境中通过集成测试。
+还将测试从几个最新版本的 Gitea 迁移。
+
+请在PR中附带提交适当的单元测试和集成测试。
+
+## 网站文档
+
+该网站的文档位于 `docs/` 中。如果你改变了文档内容，你可以使用以下测试方法进行持续集成：
+
+```bash
+# 来自 Gitea 中的 docs 目录
+make trans-copy clean build
+```
+
+运行此任务依赖于 [Hugo](https://gohugo.io/)。请注意：这可能会生成一些未跟踪的 Git 对象，
+需要被清理干净。
+
+## Visual Studio Code
+
+`contrib/ide/vscode` 中为 Visual Studio Code 提供了 `launch.json` 和 `tasks.json`。查看
+[`contrib/ide/README.md`](https://github.com/go-gitea/gitea/blob/main/contrib/ide/README.md) 了解更多信息。
+
+## Goland
+
+单击 `/main.go` 中函数 `func main()` 上的 `Run Application` 箭头
+可以快速启动一个可调试的 Gitea 实例。
+
+`Run/Debug Configuration` 中的 `Output Directory` 必须设置为
+gitea 项目目录（包含 `main.go` 和 `go.mod`），
+否则，启动实例的工作目录是 GoLand 的临时目录
+并防止 Gitea 在开发环境中加载动态资源（例如：模板）。
+
+要在 GoLand 中使用 SQLite 运行单元测试，请设置 `-tags sqlite,sqlite_unlock_notify`
+在 `运行/调试配置` 的 `Go 工具参数` 中。
+
+## 提交 PR
+
+对更改感到满意后，将它们推送并打开拉取请求。它建议您允许 Gitea Managers 和 Owners 修改您的 PR
+分支，因为我们需要在合并之前将其更新为 main 和/或可能是能够直接帮助解决问题。
+
+任何 PR 都需要 Gitea 维护者的两次批准，并且需要通过持续集成。看看我们的
+[CONTRIBUTING.md](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md)
+文档。
+
+如果您需要更多帮助，请访问 [Discord](https://discord.gg/gitea) #Develop 频道
+并在那里聊天。
+
+现在，您已准备好 Hacking Gitea。

docs/content/doc/usage/labels.en-us.md

@@ -0,0 +1,40 @@
+---
+date: "2023-03-04T19:00:00+00:00"
+title: "Usage: Labels"
+slug: "labels"
+weight: 13
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Labels"
+    weight: 13
+    identifier: "labels"
+---
+
+# Labels
+
+You can use labels to classify issues and pull requests and to improve your overview over them.
+
+## Creating Labels
+
+For repositories, labels can be created by going to `Issues` and clicking on `Labels`.
+
+For organizations, you can define organization-wide labels that are shared with all organization repositories, including both already-existing repositories as well as newly created ones. Organization-wide labels can be created in the organization `Settings`.
+
+Labels have a mandatory name, a mandatory color, an optional description, and must either be exclusive or not (see `Scoped Labels` below).
+
+When you create a repository, you can ensure certain labels exist by using the `Issue Labels` option. This option lists a number of available label sets that are [configured globally on your instance](../customizing-gitea/#labels). Its contained labels will all be created as well while creating the repository.
+
+## Scoped Labels
+
+Scoped labels are used to ensure at most a single label with the same scope is assigned to an issue or pull request. For example, if labels `kind/bug` and `kind/enhancement` have the Exclusive option set, an issue can only be classified as a bug or an enhancement.
+
+A scoped label must contain `/` in its name (not at either end of the name). The scope of a label is determined based on the **last** `/`, so for example the scope of label `scope/subscope/item` is `scope/subscope`.
+
+## Filtering by Label
+
+Issue and pull request lists can be filtered by label. Selecting multiple labels shows issues and pull requests that have all selected labels assigned.
+
+By holding alt to click the label, issues and pull requests with the chosen label are excluded from the list.

go.mod

@@ -41,7 +41,7 @@ require (
 	github.com/go-chi/cors v1.2.1
 	github.com/go-enry/go-enry/v2 v2.8.3
 	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
-	github.com/go-git/go-billy/v5 v5.4.0
+	github.com/go-git/go-billy/v5 v5.4.1
 	github.com/go-git/go-git/v5 v5.5.2
 	github.com/go-ldap/ldap/v3 v3.4.4
 	github.com/go-redis/redis/v8 v8.11.5
@@ -77,7 +77,7 @@ require (
 	github.com/microcosm-cc/bluemonday v1.0.21
 	github.com/minio/minio-go/v7 v7.0.46
 	github.com/msteinert/pam v1.1.0
-	github.com/nektos/act v0.0.0
+	github.com/nektos/act v0.2.43
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/niklasfasching/go-org v1.6.5
 	github.com/oliamb/cutter v0.2.2
@@ -105,7 +105,7 @@ require (
 	golang.org/x/crypto v0.4.0
 	golang.org/x/net v0.7.0
 	golang.org/x/oauth2 v0.3.0
-	golang.org/x/sys v0.5.0
+	golang.org/x/sys v0.6.0
 	golang.org/x/text v0.7.0
 	golang.org/x/tools v0.1.12
 	google.golang.org/grpc v1.47.0
@@ -172,7 +172,6 @@ require (
 	github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
-	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
 	github.com/go-openapi/errors v0.20.3 // indirect
 	github.com/go-openapi/inflect v0.19.0 // indirect
@@ -239,7 +238,7 @@ require (
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/rhysd/actionlint v1.6.22 // indirect
+	github.com/rhysd/actionlint v1.6.23 // indirect
 	github.com/rivo/uniseg v0.4.3 // indirect
 	github.com/robfig/cron v1.2.0 // indirect
 	github.com/rogpeppe/go-internal v1.9.0 // indirect
@@ -271,7 +270,7 @@ require (
 	go.uber.org/multierr v1.9.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/mod v0.7.0 // indirect
-	golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde // indirect
+	golang.org/x/sync v0.1.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90 // indirect
@@ -286,7 +285,7 @@ replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142
 
 replace github.com/blevesearch/zapx/v15 v15.3.6 => github.com/zeripath/zapx/v15 v15.3.6-alignment-fix
 
-replace github.com/nektos/act => gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744
+replace github.com/nektos/act => gitea.com/gitea/act v0.243.1
 
 exclude github.com/gofrs/uuid v3.2.0+incompatible
 

go.sum

@@ -70,8 +70,8 @@ codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsi
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 h1:cliQ4HHsCo6xi2oWZYKWW4bly/Ory9FuTpFPRxj/mAg=
 git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078/go.mod h1:g/V2Hjas6Z1UHUp4yIx6bATpNzJ7DYtD0FG3+xARWxs=
-gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744 h1:cqzKmGlX0wynSXO04NILpL25eBGwogDrKpkkbwmIpj4=
-gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744/go.mod h1:2C/WbTalu1VPNgbVaZJaZDzlOtAKqkXJhdOClxkMy14=
+gitea.com/gitea/act v0.243.1 h1:zIVlhGOLE4SHFPW++u3+5Y/jX5mub3QIhB13oNf6rtA=
+gitea.com/gitea/act v0.243.1/go.mod h1:iLHCXqOPUElA2nSyHo4wtxSmvdkym3WU7CkP3AxF39Q=
 gitea.com/go-chi/binding v0.0.0-20221013104517-b29891619681 h1:MMSPgnVULVwV9kEBgvyEUhC9v/uviZ55hPJEMjpbNR4=
 gitea.com/go-chi/binding v0.0.0-20221013104517-b29891619681/go.mod h1:77TZu701zMXWJFvB8gvTbQ92zQ3DQq/H7l5wAEjQRKc=
 gitea.com/go-chi/cache v0.0.0-20210110083709-82c4c9ce2d5e/go.mod h1:k2V/gPDEtXGjjMGuBJiapffAXTv76H4snSmlJRLUhH0=
@@ -402,8 +402,9 @@ github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e/go.mod h1:RCMrTZv
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-billy/v5 v5.4.0 h1:Vaw7LaSTRJOUric7pe4vnzBSgyuf2KrLsu2Y4ZpQBDE=
 github.com/go-git/go-billy/v5 v5.4.0/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
+github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
+github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
 github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
 github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
 github.com/go-git/go-git/v5 v5.5.2 h1:v8lgZa5k9ylUw+OR/roJHTxR4QItsNFI5nKtAXFuynw=
@@ -411,8 +412,6 @@ github.com/go-git/go-git/v5 v5.5.2/go.mod h1:BE5hUJ5yaV2YMxhmaP4l6RBQ08kMxKSPD4B
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
-github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
@@ -791,7 +790,7 @@ github.com/jhillyerd/enmime v0.10.1 h1:3VP8gFhK7R948YJBrna5bOgnTXEuPAoICo79kKkBK
 github.com/jhillyerd/enmime v0.10.1/go.mod h1:Qpe8EEemJMFAF8+NZoWdpXvK2Yb9dRF0k/z6mkcDHsA=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
@@ -1099,8 +1098,8 @@ github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqn
 github.com/rcrowley/go-metrics v0.0.0-20190826022208-cac0b30c2563/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
-github.com/rhysd/actionlint v1.6.22 h1:cAEf2PGNwJXhdcTVF2xS/0ORqWS+ueUHwjQYsqFsGSk=
-github.com/rhysd/actionlint v1.6.22/go.mod h1:gIKOdxtV40mBOcD0ZR8EBa8NqjEXToAZioroS3oedMg=
+github.com/rhysd/actionlint v1.6.23 h1:041VOXgZddfvSJa9Il+WT3Iwuo/j0Nmu4bhpAScrds4=
+github.com/rhysd/actionlint v1.6.23/go.mod h1:o5qc1K3I9taGMBhL7mVkpRd64hx3YqI+3t8ewGfYXfE=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.3 h1:utMvzDsuh3suAEnhH0RdHmoPbU648o6CvXxTx4SBMOw=
@@ -1501,8 +1500,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde h1:ejfdSekXMDxDLbRrJMwUk6KnSLZ2McaUCVcIKM+N6jc=
-golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1610,14 +1609,14 @@ golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

models/actions/run.go

@@ -126,6 +126,17 @@ func (run *ActionRun) GetPushEventPayload() (*api.PushPayload, error) {
 	return nil, fmt.Errorf("event %s is not a push event", run.Event)
 }
 
+func (run *ActionRun) GetPullRequestEventPayload() (*api.PullRequestPayload, error) {
+	if run.Event == webhook_module.HookEventPullRequest {
+		var payload api.PullRequestPayload
+		if err := json.Unmarshal([]byte(run.EventPayload), &payload); err != nil {
+			return nil, err
+		}
+		return &payload, nil
+	}
+	return nil, fmt.Errorf("event %s is not a pull request event", run.Event)
+}
+
 func updateRepoRunsNumbers(ctx context.Context, repo *repo_model.Repository) error {
 	_, err := db.GetEngine(ctx).ID(repo.ID).
 		SetExpr("num_action_runs",

models/activities/action.go

@@ -99,7 +99,7 @@ func (a *Action) TableIndices() []*schemas.Index {
 	actUserIndex.AddColumn("act_user_id", "repo_id", "created_unix", "user_id", "is_deleted")
 
 	indices := []*schemas.Index{actUserIndex, repoIndex}
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		cudIndex := schemas.NewIndex("c_u_d", schemas.IndexType)
 		cudIndex.AddColumn("created_unix", "user_id", "is_deleted")
 		indices = append(indices, cudIndex)
@@ -640,7 +640,7 @@ func DeleteIssueActions(ctx context.Context, repoID, issueID int64) error {
 
 // CountActionCreatedUnixString count actions where created_unix is an empty string
 func CountActionCreatedUnixString(ctx context.Context) (int64, error) {
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		return db.GetEngine(ctx).Where(`created_unix = ""`).Count(new(Action))
 	}
 	return 0, nil
@@ -648,7 +648,7 @@ func CountActionCreatedUnixString(ctx context.Context) (int64, error) {
 
 // FixActionCreatedUnixString set created_unix to zero if it is an empty string
 func FixActionCreatedUnixString(ctx context.Context) (int64, error) {
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		res, err := db.GetEngine(ctx).Exec(`UPDATE action SET created_unix = 0 WHERE created_unix = ""`)
 		if err != nil {
 			return 0, err

models/activities/action_test.go

@@ -234,7 +234,7 @@ func TestGetFeedsCorrupted(t *testing.T) {
 }
 
 func TestConsistencyUpdateAction(t *testing.T) {
-	if !setting.Database.UseSQLite3 {
+	if !setting.Database.Type.IsSQLite3() {
 		t.Skip("Test is only for SQLite database.")
 	}
 	assert.NoError(t, unittest.PrepareTestDatabase())

models/activities/user_heatmap.go

@@ -39,9 +39,9 @@ func getUserHeatmapData(user *user_model.User, team *organization.Team, doer *us
 	groupBy := "created_unix / 900 * 900"
 	groupByName := "timestamp" // We need this extra case because mssql doesn't allow grouping by alias
 	switch {
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		groupBy = "created_unix DIV 900 * 900"
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		groupByName = groupBy
 	}
 

models/db/common.go

@@ -15,7 +15,7 @@ import (
 // BuildCaseInsensitiveLike returns a condition to check if the given value is like the given key case-insensitively.
 // Handles especially SQLite correctly as UPPER there only transforms ASCII letters.
 func BuildCaseInsensitiveLike(key, value string) builder.Cond {
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		return builder.Like{"UPPER(" + key + ")", util.ToUpperASCII(value)}
 	}
 	return builder.Like{"UPPER(" + key + ")", strings.ToUpper(value)}

models/db/engine.go

@@ -100,12 +100,12 @@ func newXORMEngine() (*xorm.Engine, error) {
 
 	var engine *xorm.Engine
 
-	if setting.Database.UsePostgreSQL && len(setting.Database.Schema) > 0 {
+	if setting.Database.Type.IsPostgreSQL() && len(setting.Database.Schema) > 0 {
 		// OK whilst we sort out our schema issues - create a schema aware postgres
 		registerPostgresSchemaDriver()
 		engine, err = xorm.NewEngine("postgresschema", connStr)
 	} else {
-		engine, err = xorm.NewEngine(setting.Database.Type, connStr)
+		engine, err = xorm.NewEngine(setting.Database.Type.String(), connStr)
 	}
 
 	if err != nil {

models/db/index.go

@@ -73,7 +73,7 @@ func postgresGetNextResourceIndex(ctx context.Context, tableName string, groupID
 
 // GetNextResourceIndex generates a resource index, it must run in the same transaction where the resource is created
 func GetNextResourceIndex(ctx context.Context, tableName string, groupID int64) (int64, error) {
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		return postgresGetNextResourceIndex(ctx, tableName, groupID)
 	}
 

models/db/sequence.go

@@ -13,7 +13,7 @@ import (
 
 // CountBadSequences looks for broken sequences from recreate-table mistakes
 func CountBadSequences(_ context.Context) (int64, error) {
-	if !setting.Database.UsePostgreSQL {
+	if !setting.Database.Type.IsPostgreSQL() {
 		return 0, nil
 	}
 
@@ -34,7 +34,7 @@ func CountBadSequences(_ context.Context) (int64, error) {
 
 // FixBadSequences fixes for broken sequences from recreate-table mistakes
 func FixBadSequences(_ context.Context) error {
-	if !setting.Database.UsePostgreSQL {
+	if !setting.Database.Type.IsPostgreSQL() {
 		return nil
 	}
 

models/git/commit_status.go

@@ -65,7 +65,7 @@ func postgresGetCommitStatusIndex(ctx context.Context, repoID int64, sha string)
 
 // GetNextCommitStatusIndex retried 3 times to generate a resource index
 func GetNextCommitStatusIndex(ctx context.Context, repoID int64, sha string) (int64, error) {
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		return postgresGetCommitStatusIndex(ctx, repoID, sha)
 	}
 

models/issues/pull_list.go

@@ -52,13 +52,16 @@ func listPullRequestStatement(baseRepoID int64, opts *PullRequestsOptions) (*xor
 
 // GetUnmergedPullRequestsByHeadInfo returns all pull requests that are open and has not been merged
 // by given head information (repo and branch).
-func GetUnmergedPullRequestsByHeadInfo(repoID int64, branch string) ([]*PullRequest, error) {
+// arg `includeClosed` controls whether the SQL returns closed PRs
+func GetUnmergedPullRequestsByHeadInfo(repoID int64, branch string, includeClosed bool) ([]*PullRequest, error) {
 	prs := make([]*PullRequest, 0, 2)
-	return prs, db.GetEngine(db.DefaultContext).
-		Where("head_repo_id = ? AND head_branch = ? AND has_merged = ? AND issue.is_closed = ? AND flow = ?",
-			repoID, branch, false, false, PullRequestFlowGithub).
+	sess := db.GetEngine(db.DefaultContext).
 		Join("INNER", "issue", "issue.id = pull_request.issue_id").
-		Find(&prs)
+		Where("head_repo_id = ? AND head_branch = ? AND has_merged = ? AND flow = ?", repoID, branch, false, PullRequestFlowGithub)
+	if !includeClosed {
+		sess.Where("issue.is_closed = ?", false)
+	}
+	return prs, sess.Find(&prs)
 }
 
 // CanMaintainerWriteToBranch check whether user is a maintainer and could write to the branch
@@ -71,7 +74,7 @@ func CanMaintainerWriteToBranch(p access_model.Permission, branch string, user *
 		return false
 	}
 
-	prs, err := GetUnmergedPullRequestsByHeadInfo(p.Units[0].RepoID, branch)
+	prs, err := GetUnmergedPullRequestsByHeadInfo(p.Units[0].RepoID, branch, false)
 	if err != nil {
 		return false
 	}

models/issues/pull_test.go

@@ -118,7 +118,7 @@ func TestHasUnmergedPullRequestsByHeadInfo(t *testing.T) {
 
 func TestGetUnmergedPullRequestsByHeadInfo(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	prs, err := issues_model.GetUnmergedPullRequestsByHeadInfo(1, "branch2")
+	prs, err := issues_model.GetUnmergedPullRequestsByHeadInfo(1, "branch2", false)
 	assert.NoError(t, err)
 	assert.Len(t, prs, 1)
 	for _, pr := range prs {

models/migrations/base/db.go

@@ -89,7 +89,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 		hasID = hasID || (column.IsPrimaryKey && column.IsAutoIncrement)
 	}
 
-	if hasID && setting.Database.UseMSSQL {
+	if hasID && setting.Database.Type.IsMSSQL() {
 		if _, err := sess.Exec(fmt.Sprintf("SET IDENTITY_INSERT `%s` ON", tempTableName)); err != nil {
 			log.Error("Unable to set identity insert for table %s. Error: %v", tempTableName, err)
 			return err
@@ -143,7 +143,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 		return err
 	}
 
-	if hasID && setting.Database.UseMSSQL {
+	if hasID && setting.Database.Type.IsMSSQL() {
 		if _, err := sess.Exec(fmt.Sprintf("SET IDENTITY_INSERT `%s` OFF", tempTableName)); err != nil {
 			log.Error("Unable to switch off identity insert for table %s. Error: %v", tempTableName, err)
 			return err
@@ -151,7 +151,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 	}
 
 	switch {
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		// SQLite will drop all the constraints on the old table
 		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
 			log.Error("Unable to drop old table %s. Error: %v", tableName, err)
@@ -178,7 +178,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 			return err
 		}
 
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		// MySQL will drop all the constraints on the old table
 		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
 			log.Error("Unable to drop old table %s. Error: %v", tableName, err)
@@ -205,7 +205,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 			log.Error("Unable to recreate uniques on table %s. Error: %v", tableName, err)
 			return err
 		}
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		var originalSequences []string
 		type sequenceData struct {
 			LastValue int  `xorm:"'last_value'"`
@@ -296,7 +296,7 @@ func RecreateTable(sess *xorm.Session, bean interface{}) error {
 
 		}
 
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		// MSSQL will drop all the constraints on the old table
 		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
 			log.Error("Unable to drop old table %s. Error: %v", tableName, err)
@@ -323,7 +323,7 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 	// TODO: This will not work if there are foreign keys
 
 	switch {
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		// First drop the indexes on the columns
 		res, errIndex := sess.Query(fmt.Sprintf("PRAGMA index_list(`%s`)", tableName))
 		if errIndex != nil {
@@ -405,7 +405,7 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 			return err
 		}
 
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		cols := ""
 		for _, col := range columnNames {
 			if cols != "" {
@@ -416,7 +416,7 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` %s", tableName, cols)); err != nil {
 			return fmt.Errorf("Drop table `%s` columns %v: %v", tableName, columnNames, err)
 		}
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		// Drop indexes on columns first
 		sql := fmt.Sprintf("SHOW INDEX FROM %s WHERE column_name IN ('%s')", tableName, strings.Join(columnNames, "','"))
 		res, err := sess.Query(sql)
@@ -444,7 +444,7 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` %s", tableName, cols)); err != nil {
 			return fmt.Errorf("Drop table `%s` columns %v: %v", tableName, columnNames, err)
 		}
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		cols := ""
 		for _, col := range columnNames {
 			if cols != "" {
@@ -543,13 +543,13 @@ func newXORMEngine() (*xorm.Engine, error) {
 
 func deleteDB() error {
 	switch {
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		if err := util.Remove(setting.Database.Path); err != nil {
 			return err
 		}
 		return os.MkdirAll(path.Dir(setting.Database.Path), os.ModePerm)
 
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(%s)/",
 			setting.Database.User, setting.Database.Passwd, setting.Database.Host))
 		if err != nil {
@@ -565,7 +565,7 @@ func deleteDB() error {
 			return err
 		}
 		return nil
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		db, err := sql.Open("postgres", fmt.Sprintf("postgres://%s:%s@%s/?sslmode=%s",
 			setting.Database.User, setting.Database.Passwd, setting.Database.Host, setting.Database.SSLMode))
 		if err != nil {
@@ -612,7 +612,7 @@ func deleteDB() error {
 			}
 			return nil
 		}
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		host, port := setting.ParseMSSQLHostPort(setting.Database.Host)
 		db, err := sql.Open("mssql", fmt.Sprintf("server=%s; port=%s; database=%s; user id=%s; password=%s;",
 			host, port, "master", setting.Database.User, setting.Database.Passwd))

models/migrations/fixtures/Test_DeleteOrphanedIssueLabels/label.yml

@@ -4,7 +4,6 @@
   org_id: 0
   name: label1
   color: '#abcdef'
-  exclusive: false
   num_issues: 2
   num_closed_issues: 0
 
@@ -14,7 +13,6 @@
   org_id: 0
   name: label2
   color: '#000000'
-  exclusive: false
   num_issues: 1
   num_closed_issues: 1
 -
@@ -23,7 +21,6 @@
   org_id:  3
   name: orglabel3
   color: '#abcdef'
-  exclusive: false
   num_issues: 0
   num_closed_issues: 0
 
@@ -33,7 +30,6 @@
   org_id: 3
   name: orglabel4
   color: '#000000'
-  exclusive: false
   num_issues: 1
   num_closed_issues: 0
 
@@ -43,6 +39,5 @@
   org_id: 0
   name: pull-test-label
   color: '#000000'
-  exclusive: false
   num_issues: 0
   num_closed_issues: 0

models/migrations/v1_12/v139.go

@@ -13,9 +13,9 @@ func PrependRefsHeadsToIssueRefs(x *xorm.Engine) error {
 	var query string
 
 	switch {
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		query = "UPDATE `issue` SET `ref` = 'refs/heads/' + `ref` WHERE `ref` IS NOT NULL AND `ref` <> '' AND `ref` NOT LIKE 'refs/%'"
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		query = "UPDATE `issue` SET `ref` = CONCAT('refs/heads/', `ref`) WHERE `ref` IS NOT NULL AND `ref` <> '' AND `ref` NOT LIKE 'refs/%';"
 	default:
 		query = "UPDATE `issue` SET `ref` = 'refs/heads/' || `ref` WHERE `ref` IS NOT NULL AND `ref` <> '' AND `ref` NOT LIKE 'refs/%'"

models/migrations/v1_13/v140.go

@@ -41,7 +41,7 @@ func FixLanguageStatsToSaveSize(x *xorm.Engine) error {
 
 	// Delete language stat statuses
 	truncExpr := "TRUNCATE TABLE"
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		truncExpr = "DELETE FROM"
 	}
 

models/migrations/v1_13/v145.go

@@ -21,7 +21,7 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 		return err
 	}
 
-	if setting.Database.UseSQLite3 {
+	if setting.Database.Type.IsSQLite3() {
 		// SQLite maps VARCHAR to TEXT without size so we're done
 		return nil
 	}
@@ -41,11 +41,11 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 	}
 
 	switch {
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE language_stat MODIFY COLUMN language %s", sqlType)); err != nil {
 			return err
 		}
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		// Yet again MSSQL just has to be awkward.
 		// Here we have to drop the constraints first and then rebuild them
 		constraints := make([]string, 0)
@@ -71,7 +71,7 @@ func IncreaseLanguageField(x *xorm.Engine) error {
 		if err := sess.CreateUniques(new(LanguageStat)); err != nil {
 			return err
 		}
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE language_stat ALTER COLUMN language TYPE %s", sqlType)); err != nil {
 			return err
 		}

models/migrations/v1_13/v151.go

@@ -17,13 +17,13 @@ import (
 
 func SetDefaultPasswordToArgon2(x *xorm.Engine) error {
 	switch {
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		_, err := x.Exec("ALTER TABLE `user` ALTER passwd_hash_algo SET DEFAULT 'argon2';")
 		return err
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		_, err := x.Exec("ALTER TABLE `user` ALTER COLUMN passwd_hash_algo SET DEFAULT 'argon2';")
 		return err
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		// need to find the constraint and drop it, then recreate it.
 		sess := x.NewSession()
 		defer sess.Close()
@@ -53,7 +53,7 @@ func SetDefaultPasswordToArgon2(x *xorm.Engine) error {
 		}
 		return sess.Commit()
 
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		// drop through
 	default:
 		log.Fatal("Unrecognized DB")

models/migrations/v1_14/v158.go

@@ -62,7 +62,7 @@ func UpdateCodeCommentReplies(x *xorm.Engine) error {
 			return err
 		}
 
-		if setting.Database.UseMSSQL {
+		if setting.Database.Type.IsMSSQL() {
 			if _, err := sess.Exec(sqlSelect + " INTO #temp_comments" + sqlTail); err != nil {
 				log.Error("unable to create temporary table")
 				return err
@@ -72,13 +72,13 @@ func UpdateCodeCommentReplies(x *xorm.Engine) error {
 		comments := make([]*Comment, 0, batchSize)
 
 		switch {
-		case setting.Database.UseMySQL:
+		case setting.Database.Type.IsMySQL():
 			sqlCmd = sqlSelect + sqlTail + " LIMIT " + strconv.Itoa(batchSize) + ", " + strconv.Itoa(start)
-		case setting.Database.UsePostgreSQL:
+		case setting.Database.Type.IsPostgreSQL():
 			fallthrough
-		case setting.Database.UseSQLite3:
+		case setting.Database.Type.IsSQLite3():
 			sqlCmd = sqlSelect + sqlTail + " LIMIT " + strconv.Itoa(batchSize) + " OFFSET " + strconv.Itoa(start)
-		case setting.Database.UseMSSQL:
+		case setting.Database.Type.IsMSSQL():
 			sqlCmd = "SELECT TOP " + strconv.Itoa(batchSize) + " * FROM #temp_comments WHERE " +
 				"(id NOT IN ( SELECT TOP " + strconv.Itoa(start) + " id FROM #temp_comments ORDER BY id )) ORDER BY id"
 		default:

models/migrations/v1_14/v175.go

@@ -14,7 +14,7 @@ import (
 )
 
 func FixPostgresIDSequences(x *xorm.Engine) error {
-	if !setting.Database.UsePostgreSQL {
+	if !setting.Database.Type.IsPostgreSQL() {
 		return nil
 	}
 

models/migrations/v1_15/v184.go

@@ -54,11 +54,11 @@ func RenameTaskErrorsToMessage(x *xorm.Engine) error {
 	}
 
 	switch {
-	case setting.Database.UseMySQL:
+	case setting.Database.Type.IsMySQL():
 		if _, err := sess.Exec("ALTER TABLE `task` CHANGE errors message text"); err != nil {
 			return err
 		}
-	case setting.Database.UseMSSQL:
+	case setting.Database.Type.IsMSSQL():
 		if _, err := sess.Exec("sp_rename 'task.errors', 'message', 'COLUMN'"); err != nil {
 			return err
 		}

models/migrations/v1_16/v191.go

@@ -16,7 +16,7 @@ func AlterIssueAndCommentTextFieldsToLongText(x *xorm.Engine) error {
 		return err
 	}
 
-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `issue` CHANGE `content` `content` LONGTEXT"); err != nil {
 			return err
 		}

models/migrations/v1_17/v217.go

@@ -16,7 +16,7 @@ func AlterHookTaskTextFieldsToLongText(x *xorm.Engine) error {
 		return err
 	}
 
-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `hook_task` CHANGE `payload_content` `payload_content` LONGTEXT, CHANGE `request_content` `request_content` LONGTEXT, change `response_content` `response_content` LONGTEXT"); err != nil {
 			return err
 		}

models/migrations/v1_17/v218.go

@@ -38,7 +38,7 @@ func (*improveActionTableIndicesAction) TableIndices() []*schemas.Index {
 	actUserIndex := schemas.NewIndex("au_r_c_u_d", schemas.IndexType)
 	actUserIndex.AddColumn("act_user_id", "repo_id", "created_unix", "user_id", "is_deleted")
 	indices := []*schemas.Index{actUserIndex, repoIndex}
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		cudIndex := schemas.NewIndex("c_u_d", schemas.IndexType)
 		cudIndex.AddColumn("created_unix", "user_id", "is_deleted")
 		indices = append(indices, cudIndex)

models/migrations/v1_17/v223.go

@@ -65,11 +65,11 @@ func RenameCredentialIDBytes(x *xorm.Engine) error {
 		}
 
 		switch {
-		case setting.Database.UseMySQL:
+		case setting.Database.Type.IsMySQL():
 			if _, err := sess.Exec("ALTER TABLE `webauthn_credential` CHANGE credential_id_bytes credential_id VARBINARY(1024)"); err != nil {
 				return err
 			}
-		case setting.Database.UseMSSQL:
+		case setting.Database.Type.IsMSSQL():
 			if _, err := sess.Exec("sp_rename 'webauthn_credential.credential_id_bytes', 'credential_id', 'COLUMN'"); err != nil {
 				return err
 			}

models/migrations/v1_18/v225.go

@@ -16,7 +16,7 @@ func AlterPublicGPGKeyContentFieldsToMediumText(x *xorm.Engine) error {
 		return err
 	}
 
-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `gpg_key` CHANGE `content` `content` MEDIUMTEXT"); err != nil {
 			return err
 		}

models/migrations/v1_19/v232.go

@@ -16,7 +16,7 @@ func AlterPackageVersionMetadataToLongText(x *xorm.Engine) error {
 		return err
 	}
 
-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `package_version` MODIFY COLUMN `metadata_json` LONGTEXT"); err != nil {
 			return err
 		}

models/migrations/v1_19/v242.go

@@ -17,7 +17,7 @@ func AlterPublicGPGKeyImportContentFieldToMediumText(x *xorm.Engine) error {
 		return err
 	}
 
-	if setting.Database.UseMySQL {
+	if setting.Database.Type.IsMySQL() {
 		if _, err := sess.Exec("ALTER TABLE `gpg_key_import` CHANGE `content` `content` MEDIUMTEXT"); err != nil {
 			return err
 		}

models/organization/org.go

@@ -239,6 +239,32 @@ func (org *Organization) CustomAvatarRelativePath() string {
 	return org.Avatar
 }
 
+// UnitPermission returns unit permission
+func (org *Organization) UnitPermission(ctx context.Context, doer *user_model.User, unitType unit.Type) perm.AccessMode {
+	if doer != nil {
+		teams, err := GetUserOrgTeams(ctx, org.ID, doer.ID)
+		if err != nil {
+			log.Error("GetUserOrgTeams: %v", err)
+			return perm.AccessModeNone
+		}
+
+		if err := teams.LoadUnits(ctx); err != nil {
+			log.Error("LoadUnits: %v", err)
+			return perm.AccessModeNone
+		}
+
+		if len(teams) > 0 {
+			return teams.UnitMaxAccess(unitType)
+		}
+	}
+
+	if org.Visibility.IsPublic() {
+		return perm.AccessModeRead
+	}
+
+	return perm.AccessModeNone
+}
+
 // CreateOrganization creates record of a new organization.
 func CreateOrganization(org *Organization, owner *user_model.User) (err error) {
 	if !owner.CanCreateOrganization() {

models/project/project.go

@@ -416,7 +416,7 @@ func DeleteProjectByID(ctx context.Context, id int64) error {
 
 func DeleteProjectByRepoID(ctx context.Context, repoID int64) error {
 	switch {
-	case setting.Database.UseSQLite3:
+	case setting.Database.Type.IsSQLite3():
 		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_issue WHERE project_issue.id IN (SELECT project_issue.id FROM project_issue INNER JOIN project WHERE project.id = project_issue.project_id AND project.repo_id = ?)", repoID); err != nil {
 			return err
 		}
@@ -426,7 +426,7 @@ func DeleteProjectByRepoID(ctx context.Context, repoID int64) error {
 		if _, err := db.GetEngine(ctx).Table("project").Where("repo_id = ? ", repoID).Delete(&Project{}); err != nil {
 			return err
 		}
-	case setting.Database.UsePostgreSQL:
+	case setting.Database.Type.IsPostgreSQL():
 		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_issue USING project WHERE project.id = project_issue.project_id AND project.repo_id = ? ", repoID); err != nil {
 			return err
 		}

models/repo/repo_list.go

@@ -498,7 +498,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		subQueryCond := builder.NewCond()
 
 		// Topic checking. Topics are present.
-		if setting.Database.UsePostgreSQL { // postgres stores the topics as json and not as text
+		if setting.Database.Type.IsPostgreSQL() { // postgres stores the topics as json and not as text
 			subQueryCond = subQueryCond.Or(builder.And(builder.NotNull{"topics"}, builder.Neq{"(topics)::text": "[]"}))
 		} else {
 			subQueryCond = subQueryCond.Or(builder.And(builder.Neq{"topics": "null"}, builder.Neq{"topics": "[]"}))

models/unittest/testdb.go

@@ -76,7 +76,7 @@ func MainTest(m *testing.M, testOpts *TestOptions) {
 	setting.SSH.BuiltinServerUser = "builtinuser"
 	setting.SSH.Port = 3000
 	setting.SSH.Domain = "try.gitea.io"
-	setting.Database.UseSQLite3 = true
+	setting.Database.Type = "sqlite3"
 	setting.Repository.DefaultBranch = "master" // many test code still assume that default branch is called "master"
 	repoRootPath, err := os.MkdirTemp(os.TempDir(), "repos")
 	if err != nil {

models/user/user.go

@@ -393,6 +393,11 @@ func (u *User) IsOrganization() bool {
 	return u.Type == UserTypeOrganization
 }
 
+// IsIndividual returns true if user is actually a individual user.
+func (u *User) IsIndividual() bool {
+	return u.Type == UserTypeIndividual
+}
+
 // DisplayName returns full name if it's not empty,
 // returns username otherwise.
 func (u *User) DisplayName() string {

modules/actions/github.go

@@ -0,0 +1,41 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import (
+	webhook_module "code.gitea.io/gitea/modules/webhook"
+
+	"github.com/nektos/act/pkg/jobparser"
+)
+
+const (
+	githubEventPullRequest              = "pull_request"
+	githubEventPullRequestTarget        = "pull_request_target"
+	githubEventPullRequestReviewComment = "pull_request_review_comment"
+	githubEventPullRequestReview        = "pull_request_review"
+	githubEventRegistryPackage          = "registry_package"
+	githubEventCreate                   = "create"
+	githubEventDelete                   = "delete"
+	githubEventFork                     = "fork"
+	githubEventPush                     = "push"
+	githubEventIssues                   = "issues"
+	githubEventIssueComment             = "issue_comment"
+	githubEventRelease                  = "release"
+	githubEventPullRequestComment       = "pull_request_comment"
+)
+
+func convertFromGithubEvent(evt *jobparser.Event) string {
+	switch evt.Name {
+	case githubEventPullRequest, githubEventPullRequestTarget, githubEventPullRequestReview,
+		githubEventPullRequestReviewComment:
+		return string(webhook_module.HookEventPullRequest)
+	case githubEventRegistryPackage:
+		return string(webhook_module.HookEventPackage)
+	case githubEventCreate, githubEventDelete, githubEventFork, githubEventPush,
+		githubEventIssues, githubEventIssueComment, githubEventRelease, githubEventPullRequestComment:
+		fallthrough
+	default:
+		return evt.Name
+	}
+}

modules/actions/workflows.go

@@ -72,9 +72,7 @@ func DetectWorkflows(commit *git.Commit, triggedEvent webhook_module.HookEventTy
 			continue
 		}
 		for _, evt := range events {
-			if evt.Name != triggedEvent.Event() {
-				continue
-			}
+			log.Trace("detect workflow %q for event %#v matching %q", entry.Name(), evt, triggedEvent)
 			if detectMatched(commit, triggedEvent, payload, evt) {
 				workflows[entry.Name()] = content
 			}
@@ -85,138 +83,197 @@ func DetectWorkflows(commit *git.Commit, triggedEvent webhook_module.HookEventTy
 }
 
 func detectMatched(commit *git.Commit, triggedEvent webhook_module.HookEventType, payload api.Payloader, evt *jobparser.Event) bool {
+	if convertFromGithubEvent(evt) != string(triggedEvent) {
+		return false
+	}
+
+	switch triggedEvent {
+	case webhook_module.HookEventCreate,
+		webhook_module.HookEventDelete,
+		webhook_module.HookEventFork,
+		webhook_module.HookEventIssueAssign,
+		webhook_module.HookEventIssueLabel,
+		webhook_module.HookEventIssueMilestone,
+		webhook_module.HookEventPullRequestAssign,
+		webhook_module.HookEventPullRequestLabel,
+		webhook_module.HookEventPullRequestMilestone,
+		webhook_module.HookEventPullRequestComment,
+		webhook_module.HookEventPullRequestReviewApproved,
+		webhook_module.HookEventPullRequestReviewRejected,
+		webhook_module.HookEventPullRequestReviewComment,
+		webhook_module.HookEventWiki,
+		webhook_module.HookEventRepository,
+		webhook_module.HookEventRelease,
+		webhook_module.HookEventPackage:
+		if len(evt.Acts) != 0 {
+			log.Warn("Ignore unsupported %s event arguments %q", triggedEvent, evt.Acts)
+		}
+		// no special filter parameters for these events, just return true if name matched
+		return true
+
+	case webhook_module.HookEventPush:
+		return matchPushEvent(commit, payload.(*api.PushPayload), evt)
+
+	case webhook_module.HookEventIssues:
+		return matchIssuesEvent(commit, payload.(*api.IssuePayload), evt)
+
+	case webhook_module.HookEventPullRequest, webhook_module.HookEventPullRequestSync:
+		return matchPullRequestEvent(commit, payload.(*api.PullRequestPayload), evt)
+
+	case webhook_module.HookEventIssueComment:
+		return matchIssueCommentEvent(commit, payload.(*api.IssueCommentPayload), evt)
+
+	default:
+		log.Warn("unsupported event %q", triggedEvent)
+		return false
+	}
+}
+
+func matchPushEvent(commit *git.Commit, pushPayload *api.PushPayload, evt *jobparser.Event) bool {
+	// with no special filter parameters
 	if len(evt.Acts) == 0 {
 		return true
 	}
 
-	switch triggedEvent {
-	case webhook_module.HookEventCreate:
-		fallthrough
-	case webhook_module.HookEventDelete:
-		fallthrough
-	case webhook_module.HookEventFork:
-		log.Warn("unsupported event %q", triggedEvent.Event())
-		return false
-	case webhook_module.HookEventPush:
-		pushPayload := payload.(*api.PushPayload)
-		matchTimes := 0
-		// all acts conditions should be satisfied
-		for cond, vals := range evt.Acts {
-			switch cond {
-			case "branches", "tags":
-				refShortName := git.RefName(pushPayload.Ref).ShortName()
-				for _, val := range vals {
-					if glob.MustCompile(val, '/').Match(refShortName) {
-						matchTimes++
-						break
-					}
+	matchTimes := 0
+	// all acts conditions should be satisfied
+	for cond, vals := range evt.Acts {
+		switch cond {
+		case "branches", "tags":
+			refShortName := git.RefName(pushPayload.Ref).ShortName()
+			for _, val := range vals {
+				if glob.MustCompile(val, '/').Match(refShortName) {
+					matchTimes++
+					break
 				}
-			case "paths":
-				filesChanged, err := commit.GetFilesChangedSinceCommit(pushPayload.Before)
-				if err != nil {
-					log.Error("GetFilesChangedSinceCommit [commit_sha1: %s]: %v", commit.ID.String(), err)
-				} else {
-					for _, val := range vals {
-						matched := false
-						for _, file := range filesChanged {
-							if glob.MustCompile(val, '/').Match(file) {
-								matched = true
-								break
-							}
-						}
-						if matched {
-							matchTimes++
+			}
+		case "paths":
+			filesChanged, err := commit.GetFilesChangedSinceCommit(pushPayload.Before)
+			if err != nil {
+				log.Error("GetFilesChangedSinceCommit [commit_sha1: %s]: %v", commit.ID.String(), err)
+			} else {
+				for _, val := range vals {
+					matched := false
+					for _, file := range filesChanged {
+						if glob.MustCompile(val, '/').Match(file) {
+							matched = true
 							break
 						}
 					}
-				}
-			default:
-				log.Warn("unsupported condition %q", cond)
-			}
-		}
-		return matchTimes == len(evt.Acts)
-
-	case webhook_module.HookEventIssues:
-		fallthrough
-	case webhook_module.HookEventIssueAssign:
-		fallthrough
-	case webhook_module.HookEventIssueLabel:
-		fallthrough
-	case webhook_module.HookEventIssueMilestone:
-		fallthrough
-	case webhook_module.HookEventIssueComment:
-		fallthrough
-	case webhook_module.HookEventPullRequest:
-		prPayload := payload.(*api.PullRequestPayload)
-		matchTimes := 0
-		// all acts conditions should be satisfied
-		for cond, vals := range evt.Acts {
-			switch cond {
-			case "types":
-				for _, val := range vals {
-					if glob.MustCompile(val, '/').Match(string(prPayload.Action)) {
+					if matched {
 						matchTimes++
 						break
 					}
 				}
-			case "branches":
-				refShortName := git.RefName(prPayload.PullRequest.Base.Ref).ShortName()
-				for _, val := range vals {
-					if glob.MustCompile(val, '/').Match(refShortName) {
-						matchTimes++
-						break
-					}
-				}
-			case "paths":
-				filesChanged, err := commit.GetFilesChangedSinceCommit(prPayload.PullRequest.Base.Ref)
-				if err != nil {
-					log.Error("GetFilesChangedSinceCommit [commit_sha1: %s]: %v", commit.ID.String(), err)
-				} else {
-					for _, val := range vals {
-						matched := false
-						for _, file := range filesChanged {
-							if glob.MustCompile(val, '/').Match(file) {
-								matched = true
-								break
-							}
-						}
-						if matched {
-							matchTimes++
-							break
-						}
-					}
-				}
-			default:
-				log.Warn("unsupported condition %q", cond)
 			}
+		default:
+			log.Warn("push event unsupported condition %q", cond)
 		}
-		return matchTimes == len(evt.Acts)
-	case webhook_module.HookEventPullRequestAssign:
-		fallthrough
-	case webhook_module.HookEventPullRequestLabel:
-		fallthrough
-	case webhook_module.HookEventPullRequestMilestone:
-		fallthrough
-	case webhook_module.HookEventPullRequestComment:
-		fallthrough
-	case webhook_module.HookEventPullRequestReviewApproved:
-		fallthrough
-	case webhook_module.HookEventPullRequestReviewRejected:
-		fallthrough
-	case webhook_module.HookEventPullRequestReviewComment:
-		fallthrough
-	case webhook_module.HookEventPullRequestSync:
-		fallthrough
-	case webhook_module.HookEventWiki:
-		fallthrough
-	case webhook_module.HookEventRepository:
-		fallthrough
-	case webhook_module.HookEventRelease:
-		fallthrough
-	case webhook_module.HookEventPackage:
-		fallthrough
-	default:
-		log.Warn("unsupported event %q", triggedEvent.Event())
 	}
-	return false
+	return matchTimes == len(evt.Acts)
+}
+
+func matchIssuesEvent(commit *git.Commit, issuePayload *api.IssuePayload, evt *jobparser.Event) bool {
+	// with no special filter parameters
+	if len(evt.Acts) == 0 {
+		return true
+	}
+
+	matchTimes := 0
+	// all acts conditions should be satisfied
+	for cond, vals := range evt.Acts {
+		switch cond {
+		case "types":
+			for _, val := range vals {
+				if glob.MustCompile(val, '/').Match(string(issuePayload.Action)) {
+					matchTimes++
+					break
+				}
+			}
+		default:
+			log.Warn("issue event unsupported condition %q", cond)
+		}
+	}
+	return matchTimes == len(evt.Acts)
+}
+
+func matchPullRequestEvent(commit *git.Commit, prPayload *api.PullRequestPayload, evt *jobparser.Event) bool {
+	// with no special filter parameters
+	if len(evt.Acts) == 0 {
+		// defaultly, only pull request opened and synchronized will trigger workflow
+		return prPayload.Action == api.HookIssueSynchronized || prPayload.Action == api.HookIssueOpened
+	}
+
+	matchTimes := 0
+	// all acts conditions should be satisfied
+	for cond, vals := range evt.Acts {
+		switch cond {
+		case "types":
+			action := prPayload.Action
+			if prPayload.Action == api.HookIssueSynchronized {
+				action = "synchronize"
+			}
+			log.Trace("matching pull_request %s with %v", action, vals)
+			for _, val := range vals {
+				if glob.MustCompile(val, '/').Match(string(action)) {
+					matchTimes++
+					break
+				}
+			}
+		case "branches":
+			refShortName := git.RefName(prPayload.PullRequest.Base.Ref).ShortName()
+			for _, val := range vals {
+				if glob.MustCompile(val, '/').Match(refShortName) {
+					matchTimes++
+					break
+				}
+			}
+		case "paths":
+			filesChanged, err := commit.GetFilesChangedSinceCommit(prPayload.PullRequest.Base.Ref)
+			if err != nil {
+				log.Error("GetFilesChangedSinceCommit [commit_sha1: %s]: %v", commit.ID.String(), err)
+			} else {
+				for _, val := range vals {
+					matched := false
+					for _, file := range filesChanged {
+						if glob.MustCompile(val, '/').Match(file) {
+							matched = true
+							break
+						}
+					}
+					if matched {
+						matchTimes++
+						break
+					}
+				}
+			}
+		default:
+			log.Warn("pull request event unsupported condition %q", cond)
+		}
+	}
+	return matchTimes == len(evt.Acts)
+}
+
+func matchIssueCommentEvent(commit *git.Commit, issueCommentPayload *api.IssueCommentPayload, evt *jobparser.Event) bool {
+	// with no special filter parameters
+	if len(evt.Acts) == 0 {
+		return true
+	}
+
+	matchTimes := 0
+	// all acts conditions should be satisfied
+	for cond, vals := range evt.Acts {
+		switch cond {
+		case "types":
+			for _, val := range vals {
+				if glob.MustCompile(val, '/').Match(string(issueCommentPayload.Action)) {
+					matchTimes++
+					break
+				}
+			}
+		default:
+			log.Warn("issue comment unsupported condition %q", cond)
+		}
+	}
+	return matchTimes == len(evt.Acts)
 }

modules/context/api.go

@@ -244,7 +244,7 @@ func APIContexter() func(http.Handler) http.Handler {
 				}
 			}
 
-			httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
+			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
 			ctx.Data["Context"] = &ctx

modules/context/context.go

@@ -388,7 +388,7 @@ func (ctx *Context) SetServeHeaders(opts *ServeHeaderOptions) {
 	if duration == 0 {
 		duration = 5 * time.Minute
 	}
-	httpcache.AddCacheControlToHeader(header, duration)
+	httpcache.SetCacheControlInHeader(header, duration)
 
 	if !opts.LastModified.IsZero() {
 		header.Set("Last-Modified", opts.LastModified.UTC().Format(http.TimeFormat))
@@ -753,7 +753,7 @@ func Contexter(ctx context.Context) func(next http.Handler) http.Handler {
 				}
 			}
 
-			httpcache.AddCacheControlToHeader(ctx.Resp.Header(), 0, "no-transform")
+			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
 			ctx.Data["CsrfToken"] = ctx.csrf.GetToken()

modules/context/org.go

@@ -11,7 +11,6 @@ import (
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 )
@@ -31,29 +30,34 @@ type Organization struct {
 }
 
 func (org *Organization) CanWriteUnit(ctx *Context, unitType unit.Type) bool {
-	if ctx.Doer == nil {
-		return false
-	}
-	return org.UnitPermission(ctx, ctx.Doer.ID, unitType) >= perm.AccessModeWrite
+	return org.Organization.UnitPermission(ctx, ctx.Doer, unitType) >= perm.AccessModeWrite
 }
 
-func (org *Organization) UnitPermission(ctx *Context, doerID int64, unitType unit.Type) perm.AccessMode {
-	if doerID > 0 {
-		teams, err := organization.GetUserOrgTeams(ctx, org.Organization.ID, doerID)
-		if err != nil {
-			log.Error("GetUserOrgTeams: %v", err)
-			return perm.AccessModeNone
-		}
-		if len(teams) > 0 {
-			return teams.UnitMaxAccess(unitType)
-		}
-	}
+func (org *Organization) CanReadUnit(ctx *Context, unitType unit.Type) bool {
+	return org.Organization.UnitPermission(ctx, ctx.Doer, unitType) >= perm.AccessModeRead
+}
 
-	if org.Organization.Visibility == structs.VisibleTypePublic {
-		return perm.AccessModeRead
-	}
+func GetOrganizationByParams(ctx *Context) {
+	orgName := ctx.Params(":org")
 
-	return perm.AccessModeNone
+	var err error
+
+	ctx.Org.Organization, err = organization.GetOrgByName(ctx, orgName)
+	if err != nil {
+		if organization.IsErrOrgNotExist(err) {
+			redirectUserID, err := user_model.LookupUserRedirect(orgName)
+			if err == nil {
+				RedirectToUser(ctx, orgName, redirectUserID)
+			} else if user_model.IsErrUserRedirectNotExist(err) {
+				ctx.NotFound("GetUserByName", err)
+			} else {
+				ctx.ServerError("LookupUserRedirect", err)
+			}
+		} else {
+			ctx.ServerError("GetUserByName", err)
+		}
+		return
+	}
 }
 
 // HandleOrgAssignment handles organization assignment
@@ -77,25 +81,26 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 		requireTeamAdmin = args[3]
 	}
 
-	orgName := ctx.Params(":org")
-
 	var err error
-	ctx.Org.Organization, err = organization.GetOrgByName(ctx, orgName)
-	if err != nil {
-		if organization.IsErrOrgNotExist(err) {
-			redirectUserID, err := user_model.LookupUserRedirect(orgName)
-			if err == nil {
-				RedirectToUser(ctx, orgName, redirectUserID)
-			} else if user_model.IsErrUserRedirectNotExist(err) {
-				ctx.NotFound("GetUserByName", err)
-			} else {
-				ctx.ServerError("LookupUserRedirect", err)
+
+	if ctx.ContextUser == nil {
+		// if Organization is not defined, get it from params
+		if ctx.Org.Organization == nil {
+			GetOrganizationByParams(ctx)
+			if ctx.Written() {
+				return
 			}
-		} else {
-			ctx.ServerError("GetUserByName", err)
 		}
+	} else if ctx.ContextUser.IsOrganization() {
+		if ctx.Org == nil {
+			ctx.Org = &Organization{}
+		}
+		ctx.Org.Organization = (*organization.Organization)(ctx.ContextUser)
+	} else {
+		// ContextUser is an individual User
 		return
 	}
+
 	org := ctx.Org.Organization
 
 	// Handle Visibility
@@ -156,6 +161,7 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 	}
 	ctx.Data["IsOrganizationOwner"] = ctx.Org.IsOwner
 	ctx.Data["IsOrganizationMember"] = ctx.Org.IsMember
+	ctx.Data["IsProjectEnabled"] = true
 	ctx.Data["IsPackageEnabled"] = setting.Packages.Enabled
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
 	ctx.Data["IsPublicMember"] = func(uid int64) bool {
@@ -231,6 +237,10 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 			return
 		}
 	}
+
+	ctx.Data["CanReadProjects"] = ctx.Org.CanReadUnit(ctx, unit.TypeProjects)
+	ctx.Data["CanReadPackages"] = ctx.Org.CanReadUnit(ctx, unit.TypePackages)
+	ctx.Data["CanReadCode"] = ctx.Org.CanReadUnit(ctx, unit.TypeCode)
 }
 
 // OrgAssignment returns a middleware to handle organization assignment

modules/context/pagination.go

@@ -18,10 +18,11 @@ type Pagination struct {
 	urlParams []string
 }
 
-// NewPagination creates a new instance of the Pagination struct
-func NewPagination(total, page, issueNum, numPages int) *Pagination {
+// NewPagination creates a new instance of the Pagination struct.
+// "pagingNum" is "page size" or "limit", "current" is "page"
+func NewPagination(total, pagingNum, current, numPages int) *Pagination {
 	p := &Pagination{}
-	p.Paginater = paginator.New(total, page, issueNum, numPages)
+	p.Paginater = paginator.New(total, pagingNum, current, numPages)
 	return p
 }
 

modules/csv/csv_test.go

@@ -11,6 +11,7 @@ import (
 	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/markup"
 
 	"github.com/stretchr/testify/assert"
@@ -229,7 +230,10 @@ John Doe	john@doe.com	This,note,had,a,lot,of,commas,to,test,delimiters`,
 	}
 
 	for n, c := range cases {
-		delimiter := determineDelimiter(&markup.RenderContext{RelativePath: c.filename}, []byte(decodeSlashes(t, c.csv)))
+		delimiter := determineDelimiter(&markup.RenderContext{
+			Ctx:          git.DefaultContext,
+			RelativePath: c.filename,
+		}, []byte(decodeSlashes(t, c.csv)))
 		assert.EqualValues(t, c.expectedDelimiter, delimiter, "case %d: delimiter should be equal, expected '%c' got '%c'", n, c.expectedDelimiter, delimiter)
 	}
 }

modules/doctor/dbconsistency.go

@@ -155,7 +155,7 @@ func checkDBConsistency(ctx context.Context, logger log.Logger, autofix bool) er
 
 	// TODO: function to recalc all counters
 
-	if setting.Database.UsePostgreSQL {
+	if setting.Database.Type.IsPostgreSQL() {
 		consistencyChecks = append(consistencyChecks, consistencyCheck{
 			Name:         "Sequence values",
 			Counter:      db.CountBadSequences,

modules/git/command.go

@@ -179,7 +179,7 @@ func (c *Command) AddDashesAndList(list ...string) *Command {
 }
 
 // ToTrustedCmdArgs converts a list of strings (trusted as argument) to TrustedCmdArgs
-// In most cases, it shouldn't be used. Use AddXxx function instead
+// In most cases, it shouldn't be used. Use NewCommand().AddXxx() function instead
 func ToTrustedCmdArgs(args []string) TrustedCmdArgs {
 	ret := make(TrustedCmdArgs, len(args))
 	for i, arg := range args {

modules/git/git.go

@@ -201,6 +201,23 @@ func InitFull(ctx context.Context) (err error) {
 	return syncGitConfig()
 }
 
+func enableReflogs() error {
+	if err := configSet("core.logAllRefUpdates", "true"); err != nil {
+		return err
+	}
+	err := configSet("gc.reflogExpire", fmt.Sprintf("%d", setting.Git.Reflog.Expiration))
+	return err
+}
+
+func disableReflogs() error {
+	if err := configUnsetAll("core.logAllRefUpdates", "true"); err != nil {
+		return err
+	} else if err := configUnsetAll("gc.reflogExpire", ""); err != nil {
+		return err
+	}
+	return nil
+}
+
 // syncGitConfig only modifies gitconfig, won't change global variables (otherwise there will be data-race problem)
 func syncGitConfig() (err error) {
 	if err = os.MkdirAll(HomeDir(), os.ModePerm); err != nil {
@@ -224,6 +241,16 @@ func syncGitConfig() (err error) {
 		return err
 	}
 
+	if setting.Git.Reflog.Enabled {
+		if err := enableReflogs(); err != nil {
+			return err
+		}
+	} else {
+		if err := disableReflogs(); err != nil {
+			return err
+		}
+	}
+
 	if CheckGitVersionAtLeast("2.10") == nil {
 		if err := configSet("receive.advertisePushOptions", "true"); err != nil {
 			return err

modules/git/pipeline/revlist.go

@@ -42,7 +42,10 @@ func RevListObjects(ctx context.Context, revListWriter *io.PipeWriter, wg *sync.
 	defer revListWriter.Close()
 	stderr := new(bytes.Buffer)
 	var errbuf strings.Builder
-	cmd := git.NewCommand(ctx, "rev-list", "--objects").AddDynamicArguments(headSHA).AddArguments("--not").AddDynamicArguments(baseSHA)
+	cmd := git.NewCommand(ctx, "rev-list", "--objects").AddDynamicArguments(headSHA)
+	if baseSHA != "" {
+		cmd = cmd.AddArguments("--not").AddDynamicArguments(baseSHA)
+	}
 	if err := cmd.Run(&git.RunOpts{
 		Dir:    tmpBasePath,
 		Stdout: revListWriter,

modules/httpcache/httpcache.go

@@ -15,8 +15,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 )
 
-// AddCacheControlToHeader adds suitable cache-control headers to response
-func AddCacheControlToHeader(h http.Header, maxAge time.Duration, additionalDirectives ...string) {
+// SetCacheControlInHeader sets suitable cache-control headers in the response
+func SetCacheControlInHeader(h http.Header, maxAge time.Duration, additionalDirectives ...string) {
 	directives := make([]string, 0, 2+len(additionalDirectives))
 
 	// "max-age=0 + must-revalidate" (aka "no-cache") is preferred instead of "no-store"
@@ -31,7 +31,7 @@ func AddCacheControlToHeader(h http.Header, maxAge time.Duration, additionalDire
 		directives = append(directives, "max-age=0", "private", "must-revalidate")
 
 		// to remind users they are using non-prod setting.
-		h.Add("X-Gitea-Debug", "RUN_MODE="+setting.RunMode)
+		h.Set("X-Gitea-Debug", "RUN_MODE="+setting.RunMode)
 	}
 
 	h.Set("Cache-Control", strings.Join(append(directives, additionalDirectives...), ", "))
@@ -50,7 +50,7 @@ func HandleTimeCache(req *http.Request, w http.ResponseWriter, fi os.FileInfo) (
 
 // HandleGenericTimeCache handles time-based caching for a HTTP request
 func HandleGenericTimeCache(req *http.Request, w http.ResponseWriter, lastModified time.Time) (handled bool) {
-	AddCacheControlToHeader(w.Header(), setting.StaticCacheTime)
+	SetCacheControlInHeader(w.Header(), setting.StaticCacheTime)
 
 	ifModifiedSince := req.Header.Get("If-Modified-Since")
 	if ifModifiedSince != "" {
@@ -81,7 +81,7 @@ func HandleGenericETagCache(req *http.Request, w http.ResponseWriter, etag strin
 			return true
 		}
 	}
-	AddCacheControlToHeader(w.Header(), setting.StaticCacheTime)
+	SetCacheControlInHeader(w.Header(), setting.StaticCacheTime)
 	return false
 }
 
@@ -125,6 +125,6 @@ func HandleGenericETagTimeCache(req *http.Request, w http.ResponseWriter, etag s
 			}
 		}
 	}
-	AddCacheControlToHeader(w.Header(), setting.StaticCacheTime)
+	SetCacheControlInHeader(w.Header(), setting.StaticCacheTime)
 	return false
 }

modules/markup/console/console_test.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/markup"
 
 	"github.com/stretchr/testify/assert"
@@ -23,7 +24,8 @@ func TestRenderConsole(t *testing.T) {
 		canRender := render.CanRender("test", strings.NewReader(k))
 		assert.True(t, canRender)
 
-		err := render.Render(&markup.RenderContext{}, strings.NewReader(k), &buf)
+		err := render.Render(&markup.RenderContext{Ctx: git.DefaultContext},
+			strings.NewReader(k), &buf)
 		assert.NoError(t, err)
 		assert.EqualValues(t, v, buf.String())
 	}

modules/markup/csv/csv_test.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/markup"
 
 	"github.com/stretchr/testify/assert"
@@ -23,7 +24,8 @@ func TestRenderCSV(t *testing.T) {
 
 	for k, v := range kases {
 		var buf strings.Builder
-		err := render.Render(&markup.RenderContext{}, strings.NewReader(k), &buf)
+		err := render.Render(&markup.RenderContext{Ctx: git.DefaultContext},
+			strings.NewReader(k), &buf)
 		assert.NoError(t, err)
 		assert.EqualValues(t, v, buf.String())
 	}

modules/markup/html.go

@@ -291,9 +291,10 @@ func RenderDescriptionHTML(
 // RenderEmoji for when we want to just process emoji and shortcodes
 // in various places it isn't already run through the normal markdown processor
 func RenderEmoji(
+	ctx *RenderContext,
 	content string,
 ) (string, error) {
-	return renderProcessString(&RenderContext{}, emojiProcessors, content)
+	return renderProcessString(ctx, emojiProcessors, content)
 }
 
 var (

modules/markup/html_internal_test.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 
@@ -70,8 +71,13 @@ var localMetas = map[string]string{
 func TestRender_IssueIndexPattern(t *testing.T) {
 	// numeric: render inputs without valid mentions
 	test := func(s string) {
-		testRenderIssueIndexPattern(t, s, s, &RenderContext{})
-		testRenderIssueIndexPattern(t, s, s, &RenderContext{Metas: numericMetas})
+		testRenderIssueIndexPattern(t, s, s, &RenderContext{
+			Ctx: git.DefaultContext,
+		})
+		testRenderIssueIndexPattern(t, s, s, &RenderContext{
+			Ctx:   git.DefaultContext,
+			Metas: numericMetas,
+		})
 	}
 
 	// should not render anything when there are no mentions
@@ -119,7 +125,10 @@ func TestRender_IssueIndexPattern2(t *testing.T) {
 			links[i] = numericIssueLink(util.URLJoin(TestRepoURL, path), "ref-issue", index, marker)
 		}
 		expectedNil := fmt.Sprintf(expectedFmt, links...)
-		testRenderIssueIndexPattern(t, s, expectedNil, &RenderContext{Metas: localMetas})
+		testRenderIssueIndexPattern(t, s, expectedNil, &RenderContext{
+			Ctx:   git.DefaultContext,
+			Metas: localMetas,
+		})
 
 		class := "ref-issue"
 		if isExternal {
@@ -130,7 +139,10 @@ func TestRender_IssueIndexPattern2(t *testing.T) {
 			links[i] = numericIssueLink(prefix, class, index, marker)
 		}
 		expectedNum := fmt.Sprintf(expectedFmt, links...)
-		testRenderIssueIndexPattern(t, s, expectedNum, &RenderContext{Metas: numericMetas})
+		testRenderIssueIndexPattern(t, s, expectedNum, &RenderContext{
+			Ctx:   git.DefaultContext,
+			Metas: numericMetas,
+		})
 	}
 
 	// should render freestanding mentions
@@ -164,7 +176,10 @@ func TestRender_IssueIndexPattern3(t *testing.T) {
 
 	// alphanumeric: render inputs without valid mentions
 	test := func(s string) {
-		testRenderIssueIndexPattern(t, s, s, &RenderContext{Metas: alphanumericMetas})
+		testRenderIssueIndexPattern(t, s, s, &RenderContext{
+			Ctx:   git.DefaultContext,
+			Metas: alphanumericMetas,
+		})
 	}
 	test("")
 	test("this is a test")
@@ -194,7 +209,10 @@ func TestRender_IssueIndexPattern4(t *testing.T) {
 			links[i] = externalIssueLink("https://someurl.com/someUser/someRepo/", "ref-issue ref-external-issue", name)
 		}
 		expected := fmt.Sprintf(expectedFmt, links...)
-		testRenderIssueIndexPattern(t, s, expected, &RenderContext{Metas: alphanumericMetas})
+		testRenderIssueIndexPattern(t, s, expected, &RenderContext{
+			Ctx:   git.DefaultContext,
+			Metas: alphanumericMetas,
+		})
 	}
 	test("OTT-1234 test", "%s test", "OTT-1234")
 	test("test T-12 issue", "test %s issue", "T-12")
@@ -214,7 +232,10 @@ func TestRender_IssueIndexPattern5(t *testing.T) {
 		}
 
 		expected := fmt.Sprintf(expectedFmt, links...)
-		testRenderIssueIndexPattern(t, s, expected, &RenderContext{Metas: metas})
+		testRenderIssueIndexPattern(t, s, expected, &RenderContext{
+			Ctx:   git.DefaultContext,
+			Metas: metas,
+		})
 	}
 
 	test("abc ISSUE-123 def", "abc %s def",
@@ -235,7 +256,10 @@ func TestRender_IssueIndexPattern5(t *testing.T) {
 		[]string{"ISSUE-123"},
 	)
 
-	testRenderIssueIndexPattern(t, "will not match", "will not match", &RenderContext{Metas: regexpMetas})
+	testRenderIssueIndexPattern(t, "will not match", "will not match", &RenderContext{
+		Ctx:   git.DefaultContext,
+		Metas: regexpMetas,
+	})
 }
 
 func testRenderIssueIndexPattern(t *testing.T, input, expected string, ctx *RenderContext) {
@@ -255,6 +279,7 @@ func TestRender_AutoLink(t *testing.T) {
 	test := func(input, expected string) {
 		var buffer strings.Builder
 		err := PostProcess(&RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: TestRepoURL,
 			Metas:     localMetas,
 		}, strings.NewReader(input), &buffer)
@@ -263,6 +288,7 @@ func TestRender_AutoLink(t *testing.T) {
 
 		buffer.Reset()
 		err = PostProcess(&RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: TestRepoURL,
 			Metas:     localMetas,
 			IsWiki:    true,
@@ -292,6 +318,7 @@ func TestRender_FullIssueURLs(t *testing.T) {
 	test := func(input, expected string) {
 		var result strings.Builder
 		err := postProcess(&RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: TestRepoURL,
 			Metas:     localMetas,
 		}, []processor{fullIssuePatternProcessor}, strings.NewReader(input), &result)

modules/markup/html_test.go

@@ -91,6 +91,7 @@ func TestRender_CrossReferences(t *testing.T) {
 
 	test := func(input, expected string) {
 		buffer, err := RenderString(&RenderContext{
+			Ctx:          git.DefaultContext,
 			RelativePath: "a.md",
 			URLPrefix:    setting.AppSubURL,
 			Metas:        localMetas,
@@ -135,6 +136,7 @@ func TestRender_links(t *testing.T) {
 
 	test := func(input, expected string) {
 		buffer, err := RenderString(&RenderContext{
+			Ctx:          git.DefaultContext,
 			RelativePath: "a.md",
 			URLPrefix:    TestRepoURL,
 		}, input)
@@ -234,6 +236,7 @@ func TestRender_email(t *testing.T) {
 
 	test := func(input, expected string) {
 		res, err := RenderString(&RenderContext{
+			Ctx:          git.DefaultContext,
 			RelativePath: "a.md",
 			URLPrefix:    TestRepoURL,
 		}, input)
@@ -292,6 +295,7 @@ func TestRender_emoji(t *testing.T) {
 	test := func(input, expected string) {
 		expected = strings.ReplaceAll(expected, "&", "&")
 		buffer, err := RenderString(&RenderContext{
+			Ctx:          git.DefaultContext,
 			RelativePath: "a.md",
 			URLPrefix:    TestRepoURL,
 		}, input)
@@ -355,11 +359,13 @@ func TestRender_ShortLinks(t *testing.T) {
 
 	test := func(input, expected, expectedWiki string) {
 		buffer, err := markdown.RenderString(&RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: tree,
 		}, input)
 		assert.NoError(t, err)
 		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer))
 		buffer, err = markdown.RenderString(&RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: TestRepoURL,
 			Metas:     localMetas,
 			IsWiki:    true,
@@ -461,12 +467,14 @@ func TestRender_RelativeImages(t *testing.T) {
 
 	test := func(input, expected, expectedWiki string) {
 		buffer, err := markdown.RenderString(&RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: tree,
 			Metas:     localMetas,
 		}, input)
 		assert.NoError(t, err)
 		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer))
 		buffer, err = markdown.RenderString(&RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: TestRepoURL,
 			Metas:     localMetas,
 			IsWiki:    true,
@@ -501,6 +509,7 @@ func Test_ParseClusterFuzz(t *testing.T) {
 
 	var res strings.Builder
 	err := PostProcess(&RenderContext{
+		Ctx:       git.DefaultContext,
 		URLPrefix: "https://example.com",
 		Metas:     localMetas,
 	}, strings.NewReader(data), &res)
@@ -511,6 +520,7 @@ func Test_ParseClusterFuzz(t *testing.T) {
 
 	res.Reset()
 	err = PostProcess(&RenderContext{
+		Ctx:       git.DefaultContext,
 		URLPrefix: "https://example.com",
 		Metas:     localMetas,
 	}, strings.NewReader(data), &res)
@@ -531,6 +541,7 @@ func TestIssue16020(t *testing.T) {
 
 	var res strings.Builder
 	err := PostProcess(&RenderContext{
+		Ctx:       git.DefaultContext,
 		URLPrefix: "https://example.com",
 		Metas:     localMetas,
 	}, strings.NewReader(data), &res)
@@ -547,6 +558,7 @@ func BenchmarkEmojiPostprocess(b *testing.B) {
 	for i := 0; i < b.N; i++ {
 		var res strings.Builder
 		err := PostProcess(&RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: "https://example.com",
 			Metas:     localMetas,
 		}, strings.NewReader(data), &res)
@@ -557,6 +569,7 @@ func BenchmarkEmojiPostprocess(b *testing.B) {
 func TestFuzz(t *testing.T) {
 	s := "t/l/issues/8#/../../a"
 	renderContext := RenderContext{
+		Ctx:       git.DefaultContext,
 		URLPrefix: "https://example.com/go-gitea/gitea",
 		Metas: map[string]string{
 			"user": "go-gitea",
@@ -574,6 +587,7 @@ func TestIssue18471(t *testing.T) {
 
 	var res strings.Builder
 	err := PostProcess(&RenderContext{
+		Ctx:       git.DefaultContext,
 		URLPrefix: "https://example.com",
 		Metas:     localMetas,
 	}, strings.NewReader(data), &res)

modules/markup/markdown/markdown_test.go

@@ -52,12 +52,14 @@ func TestRender_StandardLinks(t *testing.T) {
 
 	test := func(input, expected, expectedWiki string) {
 		buffer, err := RenderString(&markup.RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: setting.AppSubURL,
 		}, input)
 		assert.NoError(t, err)
 		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer))
 
 		buffer, err = RenderString(&markup.RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: setting.AppSubURL,
 			IsWiki:    true,
 		}, input)
@@ -81,6 +83,7 @@ func TestRender_Images(t *testing.T) {
 
 	test := func(input, expected string) {
 		buffer, err := RenderString(&markup.RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: setting.AppSubURL,
 		}, input)
 		assert.NoError(t, err)
@@ -311,6 +314,7 @@ func TestTotal_RenderWiki(t *testing.T) {
 
 	for i := 0; i < len(testCases); i += 2 {
 		line, err := RenderString(&markup.RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: AppSubURL,
 			IsWiki:    true,
 		}, testCases[i])
@@ -339,6 +343,7 @@ func TestTotal_RenderString(t *testing.T) {
 
 	for i := 0; i < len(testCases); i += 2 {
 		line, err := RenderString(&markup.RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: AppSubURL,
 		}, testCases[i])
 		assert.NoError(t, err)
@@ -348,17 +353,17 @@ func TestTotal_RenderString(t *testing.T) {
 
 func TestRender_RenderParagraphs(t *testing.T) {
 	test := func(t *testing.T, str string, cnt int) {
-		res, err := RenderRawString(&markup.RenderContext{}, str)
+		res, err := RenderRawString(&markup.RenderContext{Ctx: git.DefaultContext}, str)
 		assert.NoError(t, err)
 		assert.Equal(t, cnt, strings.Count(res, "<p"), "Rendered result for unix should have %d paragraph(s) but has %d:\n%s\n", cnt, strings.Count(res, "<p"), res)
 
 		mac := strings.ReplaceAll(str, "\n", "\r")
-		res, err = RenderRawString(&markup.RenderContext{}, mac)
+		res, err = RenderRawString(&markup.RenderContext{Ctx: git.DefaultContext}, mac)
 		assert.NoError(t, err)
 		assert.Equal(t, cnt, strings.Count(res, "<p"), "Rendered result for mac should have %d paragraph(s) but has %d:\n%s\n", cnt, strings.Count(res, "<p"), res)
 
 		dos := strings.ReplaceAll(str, "\n", "\r\n")
-		res, err = RenderRawString(&markup.RenderContext{}, dos)
+		res, err = RenderRawString(&markup.RenderContext{Ctx: git.DefaultContext}, dos)
 		assert.NoError(t, err)
 		assert.Equal(t, cnt, strings.Count(res, "<p"), "Rendered result for windows should have %d paragraph(s) but has %d:\n%s\n", cnt, strings.Count(res, "<p"), res)
 	}
@@ -386,7 +391,7 @@ func TestMarkdownRenderRaw(t *testing.T) {
 
 	for _, testcase := range testcases {
 		log.Info("Test markdown render error with fuzzy data: %x, the following errors can be recovered", testcase)
-		_, err := RenderRawString(&markup.RenderContext{}, string(testcase))
+		_, err := RenderRawString(&markup.RenderContext{Ctx: git.DefaultContext}, string(testcase))
 		assert.NoError(t, err)
 	}
 }
@@ -398,7 +403,7 @@ func TestRenderSiblingImages_Issue12925(t *testing.T) {
 	expected := `<p><a href="/image1" target="_blank" rel="nofollow noopener"><img src="/image1" alt="image1"></a><br>
 <a href="/image2" target="_blank" rel="nofollow noopener"><img src="/image2" alt="image2"></a></p>
 `
-	res, err := RenderRawString(&markup.RenderContext{}, testcase)
+	res, err := RenderRawString(&markup.RenderContext{Ctx: git.DefaultContext}, testcase)
 	assert.NoError(t, err)
 	assert.Equal(t, expected, res)
 }
@@ -407,7 +412,7 @@ func TestRenderEmojiInLinks_Issue12331(t *testing.T) {
 	testcase := `[Link with emoji :moon: in text](https://gitea.io)`
 	expected := `<p><a href="https://gitea.io" rel="nofollow">Link with emoji <span class="emoji" aria-label="waxing gibbous moon">🌔</span> in text</a></p>
 `
-	res, err := RenderString(&markup.RenderContext{}, testcase)
+	res, err := RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, testcase)
 	assert.NoError(t, err)
 	assert.Equal(t, expected, res)
 }
@@ -441,7 +446,7 @@ func TestColorPreview(t *testing.T) {
 	}
 
 	for _, test := range positiveTests {
-		res, err := RenderString(&markup.RenderContext{}, test.testcase)
+		res, err := RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test.testcase)
 		assert.NoError(t, err, "Unexpected error in testcase: %q", test.testcase)
 		assert.Equal(t, test.expected, res, "Unexpected result in testcase %q", test.testcase)
 
@@ -461,7 +466,7 @@ func TestColorPreview(t *testing.T) {
 	}
 
 	for _, test := range negativeTests {
-		res, err := RenderString(&markup.RenderContext{}, test)
+		res, err := RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test)
 		assert.NoError(t, err, "Unexpected error in testcase: %q", test)
 		assert.NotContains(t, res, `<span class="color-preview" style="background-color: `, "Unexpected result in testcase %q", test)
 	}
@@ -508,7 +513,7 @@ func TestMathBlock(t *testing.T) {
 	}
 
 	for _, test := range testcases {
-		res, err := RenderString(&markup.RenderContext{}, test.testcase)
+		res, err := RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test.testcase)
 		assert.NoError(t, err, "Unexpected error in testcase: %q", test.testcase)
 		assert.Equal(t, test.expected, res, "Unexpected result in testcase %q", test.testcase)
 

modules/markup/orgmode/orgmode_test.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"testing"
 
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -26,6 +27,7 @@ func TestRender_StandardLinks(t *testing.T) {
 
 	test := func(input, expected string) {
 		buffer, err := RenderString(&markup.RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: setting.AppSubURL,
 		}, input)
 		assert.NoError(t, err)
@@ -46,6 +48,7 @@ func TestRender_Images(t *testing.T) {
 
 	test := func(input, expected string) {
 		buffer, err := RenderString(&markup.RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: setting.AppSubURL,
 		}, input)
 		assert.NoError(t, err)
@@ -65,6 +68,7 @@ func TestRender_Source(t *testing.T) {
 
 	test := func(input, expected string) {
 		buffer, err := RenderString(&markup.RenderContext{
+			Ctx:       git.DefaultContext,
 			URLPrefix: setting.AppSubURL,
 		}, input)
 		assert.NoError(t, err)

modules/queue/queue_channel.go

@@ -124,7 +124,10 @@ func (q *ChannelQueue) Shutdown() {
 		log.Trace("ChannelQueue: %s Flushing", q.name)
 		// We can't use Cleanup here because that will close the channel
 		if err := q.FlushWithContext(q.terminateCtx); err != nil {
-			log.Warn("ChannelQueue: %s Terminated before completed flushing", q.name)
+			count := atomic.LoadInt64(&q.numInQueue)
+			if count > 0 {
+				log.Warn("ChannelQueue: %s Terminated before completed flushing", q.name)
+			}
 			return
 		}
 		log.Debug("ChannelQueue: %s Flushed", q.name)

modules/queue/queue_disk_channel.go

@@ -94,7 +94,8 @@ func NewPersistableChannelQueue(handle HandlerFunc, cfg, exemplar interface{}) (
 			},
 			Workers: 0,
 		},
-		DataDir: config.DataDir,
+		DataDir:   config.DataDir,
+		QueueName: config.Name + "-level",
 	}
 
 	levelQueue, err := NewLevelQueue(wrappedHandle, levelCfg, exemplar)
@@ -172,16 +173,18 @@ func (q *PersistableChannelQueue) Run(atShutdown, atTerminate func(func())) {
 	atShutdown(q.Shutdown)
 	atTerminate(q.Terminate)
 
-	if lq, ok := q.internal.(*LevelQueue); ok && lq.byteFIFO.Len(lq.shutdownCtx) != 0 {
+	if lq, ok := q.internal.(*LevelQueue); ok && lq.byteFIFO.Len(lq.terminateCtx) != 0 {
 		// Just run the level queue - we shut it down once it's flushed
 		go q.internal.Run(func(_ func()) {}, func(_ func()) {})
 		go func() {
-			for !q.IsEmpty() {
-				_ = q.internal.Flush(0)
+			for !lq.IsEmpty() {
+				_ = lq.Flush(0)
 				select {
 				case <-time.After(100 * time.Millisecond):
-				case <-q.internal.(*LevelQueue).shutdownCtx.Done():
-					log.Warn("LevelQueue: %s shut down before completely flushed", q.internal.(*LevelQueue).Name())
+				case <-lq.shutdownCtx.Done():
+					if lq.byteFIFO.Len(lq.terminateCtx) > 0 {
+						log.Warn("LevelQueue: %s shut down before completely flushed", q.internal.(*LevelQueue).Name())
+					}
 					return
 				}
 			}
@@ -316,10 +319,22 @@ func (q *PersistableChannelQueue) Shutdown() {
 	// Redirect all remaining data in the chan to the internal channel
 	log.Trace("PersistableChannelQueue: %s Redirecting remaining data", q.delayedStarter.name)
 	close(q.channelQueue.dataChan)
+	countOK, countLost := 0, 0
 	for data := range q.channelQueue.dataChan {
-		_ = q.internal.Push(data)
+		err := q.internal.Push(data)
+		if err != nil {
+			log.Error("PersistableChannelQueue: %s Unable redirect %v due to: %v", q.delayedStarter.name, data, err)
+			countLost++
+		} else {
+			countOK++
+		}
 		atomic.AddInt64(&q.channelQueue.numInQueue, -1)
 	}
+	if countLost > 0 {
+		log.Warn("PersistableChannelQueue: %s %d will be restored on restart, %d lost", q.delayedStarter.name, countOK, countLost)
+	} else if countOK > 0 {
+		log.Warn("PersistableChannelQueue: %s %d will be restored on restart", q.delayedStarter.name, countOK)
+	}
 	log.Trace("PersistableChannelQueue: %s Done Redirecting remaining data", q.delayedStarter.name)
 
 	log.Debug("PersistableChannelQueue: %s Shutdown", q.delayedStarter.name)

modules/queue/queue_disk_channel_test.go

@@ -39,7 +39,7 @@ func TestPersistableChannelQueue(t *testing.T) {
 		Workers:      1,
 		BoostWorkers: 0,
 		MaxWorkers:   10,
-		Name:         "first",
+		Name:         "test-queue",
 	}, &testData{})
 	assert.NoError(t, err)
 
@@ -135,7 +135,7 @@ func TestPersistableChannelQueue(t *testing.T) {
 		Workers:      1,
 		BoostWorkers: 0,
 		MaxWorkers:   10,
-		Name:         "second",
+		Name:         "test-queue",
 	}, &testData{})
 	assert.NoError(t, err)
 
@@ -227,7 +227,7 @@ func TestPersistableChannelQueue_Pause(t *testing.T) {
 		Workers:      1,
 		BoostWorkers: 0,
 		MaxWorkers:   10,
-		Name:         "first",
+		Name:         "test-queue",
 	}, &testData{})
 	assert.NoError(t, err)
 
@@ -433,7 +433,7 @@ func TestPersistableChannelQueue_Pause(t *testing.T) {
 		Workers:      1,
 		BoostWorkers: 0,
 		MaxWorkers:   10,
-		Name:         "second",
+		Name:         "test-queue",
 	}, &testData{})
 	assert.NoError(t, err)
 	pausable, ok = queue.(Pausable)

modules/queue/unique_queue_channel.go

@@ -177,7 +177,9 @@ func (q *ChannelUniqueQueue) Shutdown() {
 	go func() {
 		log.Trace("ChannelUniqueQueue: %s Flushing", q.name)
 		if err := q.FlushWithContext(q.terminateCtx); err != nil {
-			log.Warn("ChannelUniqueQueue: %s Terminated before completed flushing", q.name)
+			if !q.IsEmpty() {
+				log.Warn("ChannelUniqueQueue: %s Terminated before completed flushing", q.name)
+			}
 			return
 		}
 		log.Debug("ChannelUniqueQueue: %s Flushed", q.name)

modules/queue/unique_queue_channel_test.go

@@ -8,10 +8,13 @@ import (
 	"testing"
 	"time"
 
+	"code.gitea.io/gitea/modules/log"
+
 	"github.com/stretchr/testify/assert"
 )
 
 func TestChannelUniqueQueue(t *testing.T) {
+	_ = log.NewLogger(1000, "console", "console", `{"level":"warn","stacktracelevel":"NONE","stderr":true}`)
 	handleChan := make(chan *testData)
 	handle := func(data ...Data) []Data {
 		for _, datum := range data {
@@ -52,6 +55,8 @@ func TestChannelUniqueQueue(t *testing.T) {
 }
 
 func TestChannelUniqueQueue_Batch(t *testing.T) {
+	_ = log.NewLogger(1000, "console", "console", `{"level":"warn","stacktracelevel":"NONE","stderr":true}`)
+
 	handleChan := make(chan *testData)
 	handle := func(data ...Data) []Data {
 		for _, datum := range data {
@@ -98,6 +103,8 @@ func TestChannelUniqueQueue_Batch(t *testing.T) {
 }
 
 func TestChannelUniqueQueue_Pause(t *testing.T) {
+	_ = log.NewLogger(1000, "console", "console", `{"level":"warn","stacktracelevel":"NONE","stderr":true}`)
+
 	lock := sync.Mutex{}
 	var queue Queue
 	var err error

modules/queue/unique_queue_disk_channel.go

@@ -94,7 +94,8 @@ func NewPersistableChannelUniqueQueue(handle HandlerFunc, cfg, exemplar interfac
 			},
 			Workers: 0,
 		},
-		DataDir: config.DataDir,
+		DataDir:   config.DataDir,
+		QueueName: config.Name + "-level",
 	}
 
 	queue.channelQueue = channelUniqueQueue.(*ChannelUniqueQueue)
@@ -209,17 +210,29 @@ func (q *PersistableChannelUniqueQueue) Run(atShutdown, atTerminate func(func())
 	atTerminate(q.Terminate)
 	_ = q.channelQueue.AddWorkers(q.channelQueue.workers, 0)
 
-	if luq, ok := q.internal.(*LevelUniqueQueue); ok && luq.ByteFIFOUniqueQueue.byteFIFO.Len(luq.shutdownCtx) != 0 {
+	if luq, ok := q.internal.(*LevelUniqueQueue); ok && !luq.IsEmpty() {
 		// Just run the level queue - we shut it down once it's flushed
-		go q.internal.Run(func(_ func()) {}, func(_ func()) {})
+		go luq.Run(func(_ func()) {}, func(_ func()) {})
 		go func() {
-			_ = q.internal.Flush(0)
-			log.Debug("LevelUniqueQueue: %s flushed so shutting down", q.internal.(*LevelUniqueQueue).Name())
-			q.internal.(*LevelUniqueQueue).Shutdown()
-			GetManager().Remove(q.internal.(*LevelUniqueQueue).qid)
+			_ = luq.Flush(0)
+			for !luq.IsEmpty() {
+				_ = luq.Flush(0)
+				select {
+				case <-time.After(100 * time.Millisecond):
+				case <-luq.shutdownCtx.Done():
+					if luq.byteFIFO.Len(luq.terminateCtx) > 0 {
+						log.Warn("LevelUniqueQueue: %s shut down before completely flushed", luq.Name())
+					}
+					return
+				}
+			}
+			log.Debug("LevelUniqueQueue: %s flushed so shutting down", luq.Name())
+			luq.Shutdown()
+			GetManager().Remove(luq.qid)
 		}()
 	} else {
 		log.Debug("PersistableChannelUniqueQueue: %s Skipping running the empty level queue", q.delayedStarter.name)
+		_ = q.internal.Flush(0)
 		q.internal.(*LevelUniqueQueue).Shutdown()
 		GetManager().Remove(q.internal.(*LevelUniqueQueue).qid)
 	}
@@ -285,8 +298,20 @@ func (q *PersistableChannelUniqueQueue) Shutdown() {
 	// Redirect all remaining data in the chan to the internal channel
 	close(q.channelQueue.dataChan)
 	log.Trace("PersistableChannelUniqueQueue: %s Redirecting remaining data", q.delayedStarter.name)
+	countOK, countLost := 0, 0
 	for data := range q.channelQueue.dataChan {
-		_ = q.internal.Push(data)
+		err := q.internal.(*LevelUniqueQueue).Push(data)
+		if err != nil {
+			log.Error("PersistableChannelUniqueQueue: %s Unable redirect %v due to: %v", q.delayedStarter.name, data, err)
+			countLost++
+		} else {
+			countOK++
+		}
+	}
+	if countLost > 0 {
+		log.Warn("PersistableChannelUniqueQueue: %s %d will be restored on restart, %d lost", q.delayedStarter.name, countOK, countLost)
+	} else if countOK > 0 {
+		log.Warn("PersistableChannelUniqueQueue: %s %d will be restored on restart", q.delayedStarter.name, countOK)
 	}
 	log.Trace("PersistableChannelUniqueQueue: %s Done Redirecting remaining data", q.delayedStarter.name)
 

modules/queue/unique_queue_disk_channel_test.go

@@ -0,0 +1,259 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package queue
+
+import (
+	"fmt"
+	"strconv"
+	"sync"
+	"testing"
+	"time"
+
+	"code.gitea.io/gitea/modules/log"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPersistableChannelUniqueQueue(t *testing.T) {
+	tmpDir := t.TempDir()
+	fmt.Printf("TempDir %s\n", tmpDir)
+	_ = log.NewLogger(1000, "console", "console", `{"level":"warn","stacktracelevel":"NONE","stderr":true}`)
+
+	// Common function to create the Queue
+	newQueue := func(name string, handle func(data ...Data) []Data) Queue {
+		q, err := NewPersistableChannelUniqueQueue(handle,
+			PersistableChannelUniqueQueueConfiguration{
+				Name:         name,
+				DataDir:      tmpDir,
+				QueueLength:  200,
+				MaxWorkers:   1,
+				BlockTimeout: 1 * time.Second,
+				BoostTimeout: 5 * time.Minute,
+				BoostWorkers: 1,
+				Workers:      0,
+			}, "task-0")
+		assert.NoError(t, err)
+		return q
+	}
+
+	// runs the provided queue and provides some timer function
+	type channels struct {
+		readyForShutdown  chan struct{} // closed when shutdown functions have been assigned
+		readyForTerminate chan struct{} // closed when terminate functions have been assigned
+		signalShutdown    chan struct{} // Should close to signal shutdown
+		doneShutdown      chan struct{} // closed when shutdown function is done
+		queueTerminate    []func()      // list of atTerminate functions to call atTerminate - need to be accessed with lock
+	}
+	runQueue := func(q Queue, lock *sync.Mutex) *channels {
+		chans := &channels{
+			readyForShutdown:  make(chan struct{}),
+			readyForTerminate: make(chan struct{}),
+			signalShutdown:    make(chan struct{}),
+			doneShutdown:      make(chan struct{}),
+		}
+		go q.Run(func(atShutdown func()) {
+			go func() {
+				lock.Lock()
+				select {
+				case <-chans.readyForShutdown:
+				default:
+					close(chans.readyForShutdown)
+				}
+				lock.Unlock()
+				<-chans.signalShutdown
+				atShutdown()
+				close(chans.doneShutdown)
+			}()
+		}, func(atTerminate func()) {
+			lock.Lock()
+			defer lock.Unlock()
+			select {
+			case <-chans.readyForTerminate:
+			default:
+				close(chans.readyForTerminate)
+			}
+			chans.queueTerminate = append(chans.queueTerminate, atTerminate)
+		})
+
+		return chans
+	}
+
+	// call to shutdown and terminate the queue associated with the channels
+	doTerminate := func(chans *channels, lock *sync.Mutex) {
+		<-chans.readyForTerminate
+
+		lock.Lock()
+		callbacks := []func(){}
+		callbacks = append(callbacks, chans.queueTerminate...)
+		lock.Unlock()
+
+		for _, callback := range callbacks {
+			callback()
+		}
+	}
+
+	mapLock := sync.Mutex{}
+	executedInitial := map[string][]string{}
+	hasInitial := map[string][]string{}
+
+	fillQueue := func(name string, done chan struct{}) {
+		t.Run("Initial Filling: "+name, func(t *testing.T) {
+			lock := sync.Mutex{}
+
+			startAt100Queued := make(chan struct{})
+			stopAt20Shutdown := make(chan struct{}) // stop and shutdown at the 20th item
+
+			handle := func(data ...Data) []Data {
+				<-startAt100Queued
+				for _, datum := range data {
+					s := datum.(string)
+					mapLock.Lock()
+					executedInitial[name] = append(executedInitial[name], s)
+					mapLock.Unlock()
+					if s == "task-20" {
+						close(stopAt20Shutdown)
+					}
+				}
+				return nil
+			}
+
+			q := newQueue(name, handle)
+
+			// add 100 tasks to the queue
+			for i := 0; i < 100; i++ {
+				_ = q.Push("task-" + strconv.Itoa(i))
+			}
+			close(startAt100Queued)
+
+			chans := runQueue(q, &lock)
+
+			<-chans.readyForShutdown
+			<-stopAt20Shutdown
+			close(chans.signalShutdown)
+			<-chans.doneShutdown
+			_ = q.Push("final")
+
+			// check which tasks are still in the queue
+			for i := 0; i < 100; i++ {
+				if has, _ := q.(UniqueQueue).Has("task-" + strconv.Itoa(i)); has {
+					mapLock.Lock()
+					hasInitial[name] = append(hasInitial[name], "task-"+strconv.Itoa(i))
+					mapLock.Unlock()
+				}
+			}
+			if has, _ := q.(UniqueQueue).Has("final"); has {
+				mapLock.Lock()
+				hasInitial[name] = append(hasInitial[name], "final")
+				mapLock.Unlock()
+			} else {
+				assert.Fail(t, "UnqueQueue %s should have \"final\"", name)
+			}
+			doTerminate(chans, &lock)
+			mapLock.Lock()
+			assert.Equal(t, 101, len(executedInitial[name])+len(hasInitial[name]))
+			mapLock.Unlock()
+		})
+		close(done)
+	}
+
+	doneA := make(chan struct{})
+	doneB := make(chan struct{})
+
+	go fillQueue("QueueA", doneA)
+	go fillQueue("QueueB", doneB)
+
+	<-doneA
+	<-doneB
+
+	executedEmpty := map[string][]string{}
+	hasEmpty := map[string][]string{}
+	emptyQueue := func(name string, done chan struct{}) {
+		t.Run("Empty Queue: "+name, func(t *testing.T) {
+			lock := sync.Mutex{}
+			stop := make(chan struct{})
+
+			// collect the tasks that have been executed
+			handle := func(data ...Data) []Data {
+				lock.Lock()
+				for _, datum := range data {
+					mapLock.Lock()
+					executedEmpty[name] = append(executedEmpty[name], datum.(string))
+					mapLock.Unlock()
+					if datum.(string) == "final" {
+						close(stop)
+					}
+				}
+				lock.Unlock()
+				return nil
+			}
+
+			q := newQueue(name, handle)
+			chans := runQueue(q, &lock)
+
+			<-chans.readyForShutdown
+			<-stop
+			close(chans.signalShutdown)
+			<-chans.doneShutdown
+
+			// check which tasks are still in the queue
+			for i := 0; i < 100; i++ {
+				if has, _ := q.(UniqueQueue).Has("task-" + strconv.Itoa(i)); has {
+					mapLock.Lock()
+					hasEmpty[name] = append(hasEmpty[name], "task-"+strconv.Itoa(i))
+					mapLock.Unlock()
+				}
+			}
+			doTerminate(chans, &lock)
+
+			mapLock.Lock()
+			assert.Equal(t, 101, len(executedInitial[name])+len(executedEmpty[name]))
+			assert.Equal(t, 0, len(hasEmpty[name]))
+			mapLock.Unlock()
+		})
+		close(done)
+	}
+
+	doneA = make(chan struct{})
+	doneB = make(chan struct{})
+
+	go emptyQueue("QueueA", doneA)
+	go emptyQueue("QueueB", doneB)
+
+	<-doneA
+	<-doneB
+
+	mapLock.Lock()
+	t.Logf("TestPersistableChannelUniqueQueue executedInitiallyA=%v, executedInitiallyB=%v, executedToEmptyA=%v, executedToEmptyB=%v",
+		len(executedInitial["QueueA"]), len(executedInitial["QueueB"]), len(executedEmpty["QueueA"]), len(executedEmpty["QueueB"]))
+
+	// reset and rerun
+	executedInitial = map[string][]string{}
+	hasInitial = map[string][]string{}
+	executedEmpty = map[string][]string{}
+	hasEmpty = map[string][]string{}
+	mapLock.Unlock()
+
+	doneA = make(chan struct{})
+	doneB = make(chan struct{})
+
+	go fillQueue("QueueA", doneA)
+	go fillQueue("QueueB", doneB)
+
+	<-doneA
+	<-doneB
+
+	doneA = make(chan struct{})
+	doneB = make(chan struct{})
+
+	go emptyQueue("QueueA", doneA)
+	go emptyQueue("QueueB", doneB)
+
+	<-doneA
+	<-doneB
+
+	mapLock.Lock()
+	t.Logf("TestPersistableChannelUniqueQueue executedInitiallyA=%v, executedInitiallyB=%v, executedToEmptyA=%v, executedToEmptyB=%v",
+		len(executedInitial["QueueA"]), len(executedInitial["QueueB"]), len(executedEmpty["QueueA"]), len(executedEmpty["QueueB"]))
+	mapLock.Unlock()
+}

modules/setting/attachment.go

@@ -26,7 +26,7 @@ func loadAttachmentFrom(rootCfg ConfigProvider) {
 
 	Attachment.Storage = getStorage(rootCfg, "attachments", storageType, sec)
 
-	Attachment.AllowedTypes = sec.Key("ALLOWED_TYPES").MustString(".csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip")
+	Attachment.AllowedTypes = sec.Key("ALLOWED_TYPES").MustString(".csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip")
 	Attachment.MaxSize = sec.Key("MAX_SIZE").MustInt64(4)
 	Attachment.MaxFiles = sec.Key("MAX_FILES").MustInt(5)
 	Attachment.Enabled = sec.Key("ENABLED").MustBool(true)

modules/setting/database.go

@@ -27,7 +27,7 @@ var (
 
 	// Database holds the database settings
 	Database = struct {
-		Type              string
+		Type              DatabaseType
 		Host              string
 		Name              string
 		User              string
@@ -39,10 +39,6 @@ var (
 		Charset           string
 		Timeout           int // seconds
 		SQLiteJournalMode string
-		UseSQLite3        bool
-		UseMySQL          bool
-		UseMSSQL          bool
-		UsePostgreSQL     bool
 		DBConnectRetries  int
 		DBConnectBackoff  time.Duration
 		MaxIdleConns      int
@@ -59,24 +55,13 @@ var (
 // LoadDBSetting loads the database settings
 func LoadDBSetting() {
 	sec := CfgProvider.Section("database")
-	Database.Type = sec.Key("DB_TYPE").String()
+	Database.Type = DatabaseType(sec.Key("DB_TYPE").String())
 	defaultCharset := "utf8"
-	Database.UseMySQL = false
-	Database.UseSQLite3 = false
-	Database.UsePostgreSQL = false
-	Database.UseMSSQL = false
 
-	switch Database.Type {
-	case "sqlite3":
-		Database.UseSQLite3 = true
-	case "mysql":
-		Database.UseMySQL = true
+	if Database.Type.IsMySQL() {
 		defaultCharset = "utf8mb4"
-	case "postgres":
-		Database.UsePostgreSQL = true
-	case "mssql":
-		Database.UseMSSQL = true
 	}
+
 	Database.Host = sec.Key("HOST").String()
 	Database.Name = sec.Key("NAME").String()
 	Database.User = sec.Key("USER").String()
@@ -86,7 +71,7 @@ func LoadDBSetting() {
 	Database.Schema = sec.Key("SCHEMA").String()
 	Database.SSLMode = sec.Key("SSL_MODE").MustString("disable")
 	Database.Charset = sec.Key("CHARSET").In(defaultCharset, []string{"utf8", "utf8mb4"})
-	if Database.UseMySQL && defaultCharset != "utf8mb4" {
+	if Database.Type.IsMySQL() && defaultCharset != "utf8mb4" {
 		log.Error("Deprecated database mysql charset utf8 support, please use utf8mb4 or convert utf8 to utf8mb4.")
 	}
 
@@ -95,7 +80,7 @@ func LoadDBSetting() {
 	Database.SQLiteJournalMode = sec.Key("SQLITE_JOURNAL_MODE").MustString("")
 
 	Database.MaxIdleConns = sec.Key("MAX_IDLE_CONNS").MustInt(2)
-	if Database.UseMySQL {
+	if Database.Type.IsMySQL() {
 		Database.ConnMaxLifetime = sec.Key("CONN_MAX_LIFETIME").MustDuration(3 * time.Second)
 	} else {
 		Database.ConnMaxLifetime = sec.Key("CONN_MAX_LIFETIME").MustDuration(0)
@@ -207,3 +192,25 @@ func ParseMSSQLHostPort(info string) (string, string) {
 	}
 	return host, port
 }
+
+type DatabaseType string
+
+func (t DatabaseType) String() string {
+	return string(t)
+}
+
+func (t DatabaseType) IsSQLite3() bool {
+	return t == "sqlite3"
+}
+
+func (t DatabaseType) IsMySQL() bool {
+	return t == "mysql"
+}
+
+func (t DatabaseType) IsMSSQL() bool {
+	return t == "mssql"
+}
+
+func (t DatabaseType) IsPostgreSQL() bool {
+	return t == "postgres"
+}

modules/setting/git.go

@@ -12,9 +12,13 @@ import (
 
 // Git settings
 var Git = struct {
-	Path                      string
-	HomePath                  string
-	DisableDiffHighlight      bool
+	Path                 string
+	HomePath             string
+	DisableDiffHighlight bool
+	Reflog               struct {
+		Enabled    bool
+		Expiration int
+	} `ini:"git.reflog"`
 	MaxGitDiffLines           int
 	MaxGitDiffLineCharacters  int
 	MaxGitDiffFiles           int
@@ -37,6 +41,13 @@ var Git = struct {
 		GC      int `ini:"GC"`
 	} `ini:"git.timeout"`
 }{
+	Reflog: struct {
+		Enabled    bool
+		Expiration int
+	}{
+		Enabled:    true,
+		Expiration: 90,
+	},
 	DisableDiffHighlight:      false,
 	MaxGitDiffLines:           1000,
 	MaxGitDiffLineCharacters:  5000,

modules/templates/helper.go

@@ -385,10 +385,10 @@ func NewFuncMap() []template.FuncMap {
 			// the table is NOT sorted with this header
 			return ""
 		},
-		"RenderLabel": func(label *issues_model.Label) template.HTML {
-			return template.HTML(RenderLabel(label))
+		"RenderLabel": func(ctx context.Context, label *issues_model.Label) template.HTML {
+			return template.HTML(RenderLabel(ctx, label))
 		},
-		"RenderLabels": func(labels []*issues_model.Label, repoLink string) template.HTML {
+		"RenderLabels": func(ctx context.Context, labels []*issues_model.Label, repoLink string) template.HTML {
 			htmlCode := `<span class="labels-list">`
 			for _, label := range labels {
 				// Protect against nil value in labels - shouldn't happen but would cause a panic if so
@@ -396,7 +396,7 @@ func NewFuncMap() []template.FuncMap {
 					continue
 				}
 				htmlCode += fmt.Sprintf("<a href='%s/issues?labels=%d'>%s</a> ",
-					repoLink, label.ID, RenderLabel(label))
+					repoLink, label.ID, RenderLabel(ctx, label))
 			}
 			htmlCode += "</span>"
 			return template.HTML(htmlCode)
@@ -808,7 +808,7 @@ func RenderIssueTitle(ctx context.Context, text, urlPrefix string, metas map[str
 }
 
 // RenderLabel renders a label
-func RenderLabel(label *issues_model.Label) string {
+func RenderLabel(ctx context.Context, label *issues_model.Label) string {
 	labelScope := label.ExclusiveScope()
 
 	textColor := "#111"
@@ -821,12 +821,12 @@ func RenderLabel(label *issues_model.Label) string {
 	if labelScope == "" {
 		// Regular label
 		return fmt.Sprintf("<div class='ui label' style='color: %s !important; background-color: %s !important' title='%s'>%s</div>",
-			textColor, label.Color, description, RenderEmoji(label.Name))
+			textColor, label.Color, description, RenderEmoji(ctx, label.Name))
 	}
 
 	// Scoped label
-	scopeText := RenderEmoji(labelScope)
-	itemText := RenderEmoji(label.Name[len(labelScope)+1:])
+	scopeText := RenderEmoji(ctx, labelScope)
+	itemText := RenderEmoji(ctx, label.Name[len(labelScope)+1:])
 
 	itemColor := label.Color
 	scopeColor := label.Color
@@ -834,7 +834,7 @@ func RenderLabel(label *issues_model.Label) string {
 		// Make scope and item background colors slightly darker and lighter respectively.
 		// More contrast needed with higher luminance, empirically tweaked.
 		luminance := (0.299*r + 0.587*g + 0.114*b) / 255
-		contrast := 0.01 + luminance*0.06
+		contrast := 0.01 + luminance*0.03
 		// Ensure we add the same amount of contrast also near 0 and 1.
 		darken := contrast + math.Max(luminance+contrast-1.0, 0.0)
 		lighten := contrast + math.Max(contrast-luminance, 0.0)
@@ -859,18 +859,17 @@ func RenderLabel(label *issues_model.Label) string {
 
 	return fmt.Sprintf("<span class='ui label scope-parent' title='%s'>"+
 		"<div class='ui label scope-left' style='color: %s !important; background-color: %s !important'>%s</div>"+
-		"<div class='ui label scope-middle' style='background: linear-gradient(-80deg, %s 48%%, %s 52%% 0%%);'>&nbsp;</div>"+
 		"<div class='ui label scope-right' style='color: %s !important; background-color: %s !important''>%s</div>"+
 		"</span>",
 		description,
 		textColor, scopeColor, scopeText,
-		itemColor, scopeColor,
 		textColor, itemColor, itemText)
 }
 
 // RenderEmoji renders html text with emoji post processors
-func RenderEmoji(text string) template.HTML {
-	renderedText, err := markup.RenderEmoji(template.HTMLEscapeString(text))
+func RenderEmoji(ctx context.Context, text string) template.HTML {
+	renderedText, err := markup.RenderEmoji(&markup.RenderContext{Ctx: ctx},
+		template.HTMLEscapeString(text))
 	if err != nil {
 		log.Error("RenderEmoji: %v", err)
 		return template.HTML("")

modules/timeutil/since.go

@@ -233,7 +233,7 @@ func TimeSince(then time.Time, lang translation.Locale) template.HTML {
 }
 
 func htmlTimeSince(then, now time.Time, lang translation.Locale) template.HTML {
-	return template.HTML(fmt.Sprintf(`<span class="time-since tooltip" data-content="%s">%s</span>`,
+	return template.HTML(fmt.Sprintf(`<span class="time-since tooltip" data-content="%s" data-tooltip-interactive="true">%s</span>`,
 		then.In(setting.DefaultUILocation).Format(GetTimeFormat(lang.Language())),
 		timeSince(then, now, lang)))
 }
@@ -244,7 +244,7 @@ func TimeSinceUnix(then TimeStamp, lang translation.Locale) template.HTML {
 }
 
 func htmlTimeSinceUnix(then, now TimeStamp, lang translation.Locale) template.HTML {
-	return template.HTML(fmt.Sprintf(`<span class="time-since tooltip" data-content="%s">%s</span>`,
+	return template.HTML(fmt.Sprintf(`<span class="time-since tooltip" data-content="%s" data-tooltip-interactive="true">%s</span>`,
 		then.FormatInLocation(GetTimeFormat(lang.Language()), setting.DefaultUILocation),
 		timeSinceUnix(int64(then), int64(now), lang)))
 }

modules/typesniffer/typesniffer.go

@@ -4,6 +4,7 @@
 package typesniffer
 
 import (
+	"bytes"
 	"fmt"
 	"io"
 	"net/http"
@@ -24,8 +25,9 @@ const (
 )
 
 var (
-	svgTagRegex      = regexp.MustCompile(`(?si)\A\s*(?:(<!--.*?-->|<!DOCTYPE\s+svg([\s:]+.*?>|>))\s*)*<svg[\s>\/]`)
-	svgTagInXMLRegex = regexp.MustCompile(`(?si)\A<\?xml\b.*?\?>\s*(?:(<!--.*?-->|<!DOCTYPE\s+svg([\s:]+.*?>|>))\s*)*<svg[\s>\/]`)
+	svgComment       = regexp.MustCompile(`(?s)<!--.*?-->`)
+	svgTagRegex      = regexp.MustCompile(`(?si)\A\s*(?:(<!DOCTYPE\s+svg([\s:]+.*?>|>))\s*)*<svg\b`)
+	svgTagInXMLRegex = regexp.MustCompile(`(?si)\A<\?xml\b.*?\?>\s*(?:(<!DOCTYPE\s+svg([\s:]+.*?>|>))\s*)*<svg\b`)
 )
 
 // SniffedType contains information about a blobs type.
@@ -91,10 +93,27 @@ func DetectContentType(data []byte) SniffedType {
 		data = data[:sniffLen]
 	}
 
-	if (strings.Contains(ct, "text/plain") || strings.Contains(ct, "text/html")) && svgTagRegex.Match(data) ||
-		strings.Contains(ct, "text/xml") && svgTagInXMLRegex.Match(data) {
-		// SVG is unsupported. https://github.com/golang/go/issues/15888
-		ct = SvgMimeType
+	// SVG is unsupported by http.DetectContentType, https://github.com/golang/go/issues/15888
+
+	detectByHTML := strings.Contains(ct, "text/plain") || strings.Contains(ct, "text/html")
+	detectByXML := strings.Contains(ct, "text/xml")
+	if detectByHTML || detectByXML {
+		dataProcessed := svgComment.ReplaceAll(data, nil)
+		dataProcessed = bytes.TrimSpace(dataProcessed)
+		if detectByHTML && svgTagRegex.Match(dataProcessed) ||
+			detectByXML && svgTagInXMLRegex.Match(dataProcessed) {
+			ct = SvgMimeType
+		}
+	}
+
+	if strings.HasPrefix(ct, "audio/") && bytes.HasPrefix(data, []byte("ID3")) {
+		// The MP3 detection is quite inaccurate, any content with "ID3" prefix will result in "audio/mpeg".
+		// So remove the "ID3" prefix and detect again, if result is text, then it must be text content.
+		// This works especially because audio files contain many unprintable/invalid characters like `0x00`
+		ct2 := http.DetectContentType(data[3:])
+		if strings.HasPrefix(ct2, "text/") {
+			ct = ct2
+		}
 	}
 
 	return SniffedType{ct}

modules/typesniffer/typesniffer_test.go

@@ -28,7 +28,6 @@ func TestIsSvgImage(t *testing.T) {
 	assert.True(t, DetectContentType([]byte("<svg></svg>")).IsSvgImage())
 	assert.True(t, DetectContentType([]byte("    <svg></svg>")).IsSvgImage())
 	assert.True(t, DetectContentType([]byte(`<svg width="100"></svg>`)).IsSvgImage())
-	assert.True(t, DetectContentType([]byte("<svg/>")).IsSvgImage())
 	assert.True(t, DetectContentType([]byte(`<?xml version="1.0" encoding="UTF-8"?><svg></svg>`)).IsSvgImage())
 	assert.True(t, DetectContentType([]byte(`<!-- Comment -->
 	<svg></svg>`)).IsSvgImage())
@@ -57,6 +56,10 @@ func TestIsSvgImage(t *testing.T) {
 	<!-- Multline
 	Comment -->
 	<svg></svg>`)).IsSvgImage())
+
+	// the DetectContentType should work for incomplete data, because only beginning bytes are used for detection
+	assert.True(t, DetectContentType([]byte(`<svg>....`)).IsSvgImage())
+
 	assert.False(t, DetectContentType([]byte{}).IsSvgImage())
 	assert.False(t, DetectContentType([]byte("svg")).IsSvgImage())
 	assert.False(t, DetectContentType([]byte("<svgfoo></svgfoo>")).IsSvgImage())
@@ -68,6 +71,26 @@ func TestIsSvgImage(t *testing.T) {
 	assert.False(t, DetectContentType([]byte(`<?xml version="1.0" encoding="UTF-8"?>
 	<!-- <svg></svg> inside comment -->
 	<foo></foo>`)).IsSvgImage())
+
+	assert.False(t, DetectContentType([]byte(`
+<!-- comment1 -->
+<div>
+	<!-- comment2 -->
+	<svg></svg>
+</div>
+`)).IsSvgImage())
+
+	assert.False(t, DetectContentType([]byte(`
+<!-- comment1
+-->
+<div>
+	<!-- comment2
+-->
+	<svg></svg>
+</div>
+`)).IsSvgImage())
+	assert.False(t, DetectContentType([]byte(`<html><body><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg></svg></body></html>`)).IsSvgImage())
+	assert.False(t, DetectContentType([]byte(`<html><body><?xml version="1.0" encoding="UTF-8"?><svg></svg></body></html>`)).IsSvgImage())
 }
 
 func TestIsPDF(t *testing.T) {
@@ -86,6 +109,10 @@ func TestIsAudio(t *testing.T) {
 	mp3, _ := base64.StdEncoding.DecodeString("SUQzBAAAAAABAFRYWFgAAAASAAADbWFqb3JfYnJhbmQAbXA0MgBUWFhYAAAAEQAAA21pbm9yX3Zl")
 	assert.True(t, DetectContentType(mp3).IsAudio())
 	assert.False(t, DetectContentType([]byte("plain text")).IsAudio())
+
+	assert.True(t, DetectContentType([]byte("ID3Toy\000")).IsAudio())
+	assert.True(t, DetectContentType([]byte("ID3Toy\n====\t* hi 🌞, ...")).IsText())          // test ID3 tag for plain text
+	assert.True(t, DetectContentType([]byte("ID3Toy\n====\t* hi 🌞, ..."+"🌛"[0:2])).IsText()) // test ID3 tag with incomplete UTF8 char
 }
 
 func TestDetectContentTypeFromReader(t *testing.T) {

options/locale/locale_en-US.ini

@@ -2806,6 +2806,8 @@ auths.still_in_used = The authentication source is still in use. Convert or dele
 auths.deletion_success = The authentication source has been deleted.
 auths.login_source_exist = The authentication source '%s' already exists.
 auths.login_source_of_type_exist = An authentication source of this type already exists.
+auths.unable_to_initialize_openid = Unable to initialize OpenID Connect Provider: %s
+auths.invalid_openIdConnectAutoDiscoveryURL = Invalid Auto Discovery URL (this must be a valid URL starting with http:// or https://)
 
 config.server_config = Server Configuration
 config.app_name = Site Title
@@ -2926,6 +2928,8 @@ config.git_disable_diff_highlight = Disable Diff Syntax Highlight
 config.git_max_diff_lines = Max Diff Lines (for a single file)
 config.git_max_diff_line_characters = Max Diff Characters (for a single line)
 config.git_max_diff_files = Max Diff Files (to be shown)
+config.git_enable_reflogs = Enable Reflogs
+config.git_reflog_expiry_time = Expiry Time
 config.git_gc_args = GC Arguments
 config.git_migrate_timeout = Migration Timeout
 config.git_mirror_timeout = Mirror Update Timeout

package-lock.json

@@ -28,11 +28,9 @@
         "jquery": "3.6.3",
         "jquery.are-you-sure": "1.9.0",
         "katex": "0.16.4",
-        "less": "4.1.3",
-        "less-loader": "11.1.0",
         "license-checker-webpack-plugin": "0.2.1",
         "mermaid": "10.0.2",
-        "mini-css-extract-plugin": "2.7.2",
+        "mini-css-extract-plugin": "2.7.4",
         "monaco-editor": "0.34.1",
         "monaco-editor-webpack-plugin": "7.0.1",
         "pretty-ms": "8.0.0",
@@ -45,7 +43,7 @@
         "vue-bar-graph": "2.0.0",
         "vue-loader": "17.0.1",
         "vue3-calendar-heatmap": "2.0.0",
-        "webpack": "5.75.0",
+        "webpack": "5.76.2",
         "webpack-cli": "5.0.1",
         "workbox-routing": "6.5.4",
         "workbox-strategies": "6.5.4",
@@ -64,7 +62,6 @@
         "eslint-plugin-vue": "9.9.0",
         "jsdom": "21.0.0",
         "markdownlint-cli": "0.33.0",
-        "postcss-less": "6.0.0",
         "stylelint": "15.2.0",
         "stylelint-declaration-strict-value": "1.9.2",
         "svgo": "3.0.2",
@@ -2667,6 +2664,9 @@
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/copy-anything/-/copy-anything-2.0.6.tgz",
       "integrity": "sha512-1j20GZTsvKNkc4BY3NpMOM8tt///wY3FpIzozTOFO2ffuZcV61nojHXVKIy3WM+7ADCy5FVhdZYHYDdgTU0yJw==",
+      "dev": true,
+      "optional": true,
+      "peer": true,
       "dependencies": {
         "is-what": "^3.14.1"
       },
@@ -3813,7 +3813,9 @@
       "version": "0.1.8",
       "resolved": "https://registry.npmjs.org/errno/-/errno-0.1.8.tgz",
       "integrity": "sha512-dJ6oBr5SQ1VSd9qkk7ByRgb/1SH4JZjCHSW/mr63/QcXO9zLVxvJ6Oy13nio03rxpSnVDDjFor75SjVeZWPW/A==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "dependencies": {
         "prr": "~1.0.1"
       },
@@ -5240,7 +5242,9 @@
       "version": "0.5.5",
       "resolved": "https://registry.npmjs.org/image-size/-/image-size-0.5.5.tgz",
       "integrity": "sha512-6TDAlDPZxUFCv+fuOkIoXT/V/f3Qbq8e37p+YOiYrUv3v9cc3/6x78VdfPgFVaB9dZYeLUfKgHRebpkm/oP2VQ==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "bin": {
         "image-size": "bin/image-size.js"
       },
@@ -5675,7 +5679,10 @@
     "node_modules/is-what": {
       "version": "3.14.1",
       "resolved": "https://registry.npmjs.org/is-what/-/is-what-3.14.1.tgz",
-      "integrity": "sha512-sNxgpk9793nzSs7bA6JQJGeIuRBQhAaNGG77kzYQgMkrID+lS6SlK07K5LaptscDlSaIgH+GPFzf+d75FVxozA=="
+      "integrity": "sha512-sNxgpk9793nzSs7bA6JQJGeIuRBQhAaNGG77kzYQgMkrID+lS6SlK07K5LaptscDlSaIgH+GPFzf+d75FVxozA==",
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "node_modules/isarray": {
       "version": "0.0.1",
@@ -5933,14 +5940,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/klona": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/klona/-/klona-2.0.6.tgz",
-      "integrity": "sha512-dhG34DXATL5hSxJbIexCft8FChFXtmskoZYnoPWjXQuebWYCNkVeV3KkGegCK9CP1oswI/vQibS2GY7Em/sJJA==",
-      "engines": {
-        "node": ">= 8"
-      }
-    },
     "node_modules/known-css-properties": {
       "version": "0.26.0",
       "resolved": "https://registry.npmjs.org/known-css-properties/-/known-css-properties-0.26.0.tgz",
@@ -5956,6 +5955,9 @@
       "version": "4.1.3",
       "resolved": "https://registry.npmjs.org/less/-/less-4.1.3.tgz",
       "integrity": "sha512-w16Xk/Ta9Hhyei0Gpz9m7VS8F28nieJaL/VyShID7cYvP6IL5oHeL6p4TXSDJqZE/lNv0oJ2pGVjJsRkfwm5FA==",
+      "dev": true,
+      "optional": true,
+      "peer": true,
       "dependencies": {
         "copy-anything": "^2.0.1",
         "parse-node-version": "^1.0.1",
@@ -5977,25 +5979,6 @@
         "source-map": "~0.6.0"
       }
     },
-    "node_modules/less-loader": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/less-loader/-/less-loader-11.1.0.tgz",
-      "integrity": "sha512-C+uDBV7kS7W5fJlUjq5mPBeBVhYpTIm5gB09APT9o3n/ILeaXVsiSFTbZpTJCJwQ/Crczfn3DmfQFwxYusWFug==",
-      "dependencies": {
-        "klona": "^2.0.4"
-      },
-      "engines": {
-        "node": ">= 14.15.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/webpack"
-      },
-      "peerDependencies": {
-        "less": "^3.5.0 || ^4.0.0",
-        "webpack": "^5.0.0"
-      }
-    },
     "node_modules/leven": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz",
@@ -6201,7 +6184,9 @@
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-2.1.0.tgz",
       "integrity": "sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "dependencies": {
         "pify": "^4.0.1",
         "semver": "^5.6.0"
@@ -6214,7 +6199,9 @@
       "version": "5.7.1",
       "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
       "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "bin": {
         "semver": "bin/semver"
       }
@@ -6505,7 +6492,9 @@
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
       "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "bin": {
         "mime": "cli.js"
       },
@@ -6542,9 +6531,9 @@
       }
     },
     "node_modules/mini-css-extract-plugin": {
-      "version": "2.7.2",
-      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.2.tgz",
-      "integrity": "sha512-EdlUizq13o0Pd+uCp+WO/JpkLvHRVGt97RqfeGhXqAcorYo1ypJSpkV+WDT0vY/kmh/p7wRdJNJtuyK540PXDw==",
+      "version": "2.7.4",
+      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.4.tgz",
+      "integrity": "sha512-V5zkjajQx9gnedglDap7ZjD1mNFNISzyllzrc+9+R4iwPRUAR0St20ADflQbWkVUQ2u/QU55t8mKaxUek8Cciw==",
       "dependencies": {
         "schema-utils": "^4.0.0"
       },
@@ -6637,7 +6626,7 @@
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
       "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "devOptional": true
+      "dev": true
     },
     "node_modules/nanoid": {
       "version": "3.3.4",
@@ -6660,7 +6649,9 @@
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/needle/-/needle-3.2.0.tgz",
       "integrity": "sha512-oUvzXnyLiVyVGoianLijF9O/RecZUf7TkBfimjGrLM4eQhXyeJwM6GeAWccwfQ9aa4gMCZKqhAOuLaMIcQxajQ==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "dependencies": {
         "debug": "^3.2.6",
         "iconv-lite": "^0.6.3",
@@ -6677,7 +6668,9 @@
       "version": "3.2.7",
       "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
       "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "dependencies": {
         "ms": "^2.1.1"
       }
@@ -7047,6 +7040,9 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/parse-node-version/-/parse-node-version-1.0.1.tgz",
       "integrity": "sha512-3YHlOa/JgH6Mnpr05jP9eDG254US9ek25LyIxZlDItp2iJtwyaXQb57lBYLdT3MowkUFYEV2XXNAYIPlESvJlA==",
+      "dev": true,
+      "optional": true,
+      "peer": true,
       "engines": {
         "node": ">= 0.10"
       }
@@ -7148,7 +7144,9 @@
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
       "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "engines": {
         "node": ">=6"
       }
@@ -7288,18 +7286,6 @@
         "node": "^10 || ^12 || >=14"
       }
     },
-    "node_modules/postcss-less": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/postcss-less/-/postcss-less-6.0.0.tgz",
-      "integrity": "sha512-FPX16mQLyEjLzEuuJtxA8X3ejDLNGGEG503d2YGZR5Ask1SpDN8KmZUMpzCvyalWRywAn1n1VOA5dcqfCLo5rg==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "peerDependencies": {
-        "postcss": "^8.3.5"
-      }
-    },
     "node_modules/postcss-media-query-parser": {
       "version": "0.2.3",
       "resolved": "https://registry.npmjs.org/postcss-media-query-parser/-/postcss-media-query-parser-0.2.3.tgz",
@@ -7481,7 +7467,9 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz",
       "integrity": "sha512-yPw4Sng1gWghHQWj0B3ZggWUm4qVbPwPFcRG8KyxiU7J2OHFSoEHKS+EZ3fv5l1t9CyCiop6l/ZYeWbrgoQejw==",
-      "optional": true
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "node_modules/psl": {
       "version": "1.9.0",
@@ -7987,7 +7975,9 @@
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
       "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==",
-      "optional": true
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "node_modules/saxes": {
       "version": "6.0.0",
@@ -8917,7 +8907,8 @@
     "node_modules/tslib": {
       "version": "2.4.1",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz",
-      "integrity": "sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA=="
+      "integrity": "sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==",
+      "dev": true
     },
     "node_modules/type-check": {
       "version": "0.4.0",
@@ -9413,9 +9404,9 @@
       }
     },
     "node_modules/webpack": {
-      "version": "5.75.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.75.0.tgz",
-      "integrity": "sha512-piaIaoVJlqMsPtX/+3KTTO6jfvrSYgauFVdt8cr9LTHKmcq/AMd4mhzsiP7ZF/PGRNPGA8336jldh9l2Kt2ogQ==",
+      "version": "5.76.2",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.76.2.tgz",
+      "integrity": "sha512-Th05ggRm23rVzEOlX8y67NkYCHa9nTNcwHPBhdg+lKG+mtiW7XgggjAeeLnADAe7mLjJ6LUNfgHAuRRh+Z6J7w==",
       "dependencies": {
         "@types/eslint-scope": "^3.7.3",
         "@types/estree": "^0.0.51",
@@ -11852,6 +11843,9 @@
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/copy-anything/-/copy-anything-2.0.6.tgz",
       "integrity": "sha512-1j20GZTsvKNkc4BY3NpMOM8tt///wY3FpIzozTOFO2ffuZcV61nojHXVKIy3WM+7ADCy5FVhdZYHYDdgTU0yJw==",
+      "dev": true,
+      "optional": true,
+      "peer": true,
       "requires": {
         "is-what": "^3.14.1"
       }
@@ -12710,7 +12704,9 @@
       "version": "0.1.8",
       "resolved": "https://registry.npmjs.org/errno/-/errno-0.1.8.tgz",
       "integrity": "sha512-dJ6oBr5SQ1VSd9qkk7ByRgb/1SH4JZjCHSW/mr63/QcXO9zLVxvJ6Oy13nio03rxpSnVDDjFor75SjVeZWPW/A==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "requires": {
         "prr": "~1.0.1"
       }
@@ -13783,7 +13779,9 @@
       "version": "0.5.5",
       "resolved": "https://registry.npmjs.org/image-size/-/image-size-0.5.5.tgz",
       "integrity": "sha512-6TDAlDPZxUFCv+fuOkIoXT/V/f3Qbq8e37p+YOiYrUv3v9cc3/6x78VdfPgFVaB9dZYeLUfKgHRebpkm/oP2VQ==",
-      "optional": true
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "immer": {
       "version": "9.0.18",
@@ -14076,7 +14074,10 @@
     "is-what": {
       "version": "3.14.1",
       "resolved": "https://registry.npmjs.org/is-what/-/is-what-3.14.1.tgz",
-      "integrity": "sha512-sNxgpk9793nzSs7bA6JQJGeIuRBQhAaNGG77kzYQgMkrID+lS6SlK07K5LaptscDlSaIgH+GPFzf+d75FVxozA=="
+      "integrity": "sha512-sNxgpk9793nzSs7bA6JQJGeIuRBQhAaNGG77kzYQgMkrID+lS6SlK07K5LaptscDlSaIgH+GPFzf+d75FVxozA==",
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "isarray": {
       "version": "0.0.1",
@@ -14269,11 +14270,6 @@
       "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz",
       "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw=="
     },
-    "klona": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/klona/-/klona-2.0.6.tgz",
-      "integrity": "sha512-dhG34DXATL5hSxJbIexCft8FChFXtmskoZYnoPWjXQuebWYCNkVeV3KkGegCK9CP1oswI/vQibS2GY7Em/sJJA=="
-    },
     "known-css-properties": {
       "version": "0.26.0",
       "resolved": "https://registry.npmjs.org/known-css-properties/-/known-css-properties-0.26.0.tgz",
@@ -14289,6 +14285,9 @@
       "version": "4.1.3",
       "resolved": "https://registry.npmjs.org/less/-/less-4.1.3.tgz",
       "integrity": "sha512-w16Xk/Ta9Hhyei0Gpz9m7VS8F28nieJaL/VyShID7cYvP6IL5oHeL6p4TXSDJqZE/lNv0oJ2pGVjJsRkfwm5FA==",
+      "dev": true,
+      "optional": true,
+      "peer": true,
       "requires": {
         "copy-anything": "^2.0.1",
         "errno": "^0.1.1",
@@ -14302,14 +14301,6 @@
         "tslib": "^2.3.0"
       }
     },
-    "less-loader": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/less-loader/-/less-loader-11.1.0.tgz",
-      "integrity": "sha512-C+uDBV7kS7W5fJlUjq5mPBeBVhYpTIm5gB09APT9o3n/ILeaXVsiSFTbZpTJCJwQ/Crczfn3DmfQFwxYusWFug==",
-      "requires": {
-        "klona": "^2.0.4"
-      }
-    },
     "leven": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz",
@@ -14484,7 +14475,9 @@
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-2.1.0.tgz",
       "integrity": "sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "requires": {
         "pify": "^4.0.1",
         "semver": "^5.6.0"
@@ -14494,7 +14487,9 @@
           "version": "5.7.1",
           "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
           "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
-          "optional": true
+          "dev": true,
+          "optional": true,
+          "peer": true
         }
       }
     },
@@ -14721,7 +14716,9 @@
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
       "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
-      "optional": true
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "mime-db": {
       "version": "1.52.0",
@@ -14743,9 +14740,9 @@
       "dev": true
     },
     "mini-css-extract-plugin": {
-      "version": "2.7.2",
-      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.2.tgz",
-      "integrity": "sha512-EdlUizq13o0Pd+uCp+WO/JpkLvHRVGt97RqfeGhXqAcorYo1ypJSpkV+WDT0vY/kmh/p7wRdJNJtuyK540PXDw==",
+      "version": "2.7.4",
+      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.4.tgz",
+      "integrity": "sha512-V5zkjajQx9gnedglDap7ZjD1mNFNISzyllzrc+9+R4iwPRUAR0St20ADflQbWkVUQ2u/QU55t8mKaxUek8Cciw==",
       "requires": {
         "schema-utils": "^4.0.0"
       }
@@ -14817,7 +14814,7 @@
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
       "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-      "devOptional": true
+      "dev": true
     },
     "nanoid": {
       "version": "3.3.4",
@@ -14834,7 +14831,9 @@
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/needle/-/needle-3.2.0.tgz",
       "integrity": "sha512-oUvzXnyLiVyVGoianLijF9O/RecZUf7TkBfimjGrLM4eQhXyeJwM6GeAWccwfQ9aa4gMCZKqhAOuLaMIcQxajQ==",
+      "dev": true,
       "optional": true,
+      "peer": true,
       "requires": {
         "debug": "^3.2.6",
         "iconv-lite": "^0.6.3",
@@ -14845,7 +14844,9 @@
           "version": "3.2.7",
           "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
           "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+          "dev": true,
           "optional": true,
+          "peer": true,
           "requires": {
             "ms": "^2.1.1"
           }
@@ -15127,7 +15128,10 @@
     "parse-node-version": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/parse-node-version/-/parse-node-version-1.0.1.tgz",
-      "integrity": "sha512-3YHlOa/JgH6Mnpr05jP9eDG254US9ek25LyIxZlDItp2iJtwyaXQb57lBYLdT3MowkUFYEV2XXNAYIPlESvJlA=="
+      "integrity": "sha512-3YHlOa/JgH6Mnpr05jP9eDG254US9ek25LyIxZlDItp2iJtwyaXQb57lBYLdT3MowkUFYEV2XXNAYIPlESvJlA==",
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "parse5": {
       "version": "7.1.2",
@@ -15198,7 +15202,9 @@
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
       "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
-      "optional": true
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "pkg-dir": {
       "version": "4.2.0",
@@ -15296,13 +15302,6 @@
         "source-map-js": "^1.0.2"
       }
     },
-    "postcss-less": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/postcss-less/-/postcss-less-6.0.0.tgz",
-      "integrity": "sha512-FPX16mQLyEjLzEuuJtxA8X3ejDLNGGEG503d2YGZR5Ask1SpDN8KmZUMpzCvyalWRywAn1n1VOA5dcqfCLo5rg==",
-      "dev": true,
-      "requires": {}
-    },
     "postcss-media-query-parser": {
       "version": "0.2.3",
       "resolved": "https://registry.npmjs.org/postcss-media-query-parser/-/postcss-media-query-parser-0.2.3.tgz",
@@ -15433,7 +15432,9 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz",
       "integrity": "sha512-yPw4Sng1gWghHQWj0B3ZggWUm4qVbPwPFcRG8KyxiU7J2OHFSoEHKS+EZ3fv5l1t9CyCiop6l/ZYeWbrgoQejw==",
-      "optional": true
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "psl": {
       "version": "1.9.0",
@@ -15792,7 +15793,9 @@
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
       "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==",
-      "optional": true
+      "dev": true,
+      "optional": true,
+      "peer": true
     },
     "saxes": {
       "version": "6.0.0",
@@ -16527,7 +16530,8 @@
     "tslib": {
       "version": "2.4.1",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz",
-      "integrity": "sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA=="
+      "integrity": "sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==",
+      "dev": true
     },
     "type-check": {
       "version": "0.4.0",
@@ -16847,9 +16851,9 @@
       "dev": true
     },
     "webpack": {
-      "version": "5.75.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.75.0.tgz",
-      "integrity": "sha512-piaIaoVJlqMsPtX/+3KTTO6jfvrSYgauFVdt8cr9LTHKmcq/AMd4mhzsiP7ZF/PGRNPGA8336jldh9l2Kt2ogQ==",
+      "version": "5.76.2",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.76.2.tgz",
+      "integrity": "sha512-Th05ggRm23rVzEOlX8y67NkYCHa9nTNcwHPBhdg+lKG+mtiW7XgggjAeeLnADAe7mLjJ6LUNfgHAuRRh+Z6J7w==",
       "requires": {
         "@types/eslint-scope": "^3.7.3",
         "@types/estree": "^0.0.51",

package.json

@@ -28,11 +28,9 @@
     "jquery": "3.6.3",
     "jquery.are-you-sure": "1.9.0",
     "katex": "0.16.4",
-    "less": "4.1.3",
-    "less-loader": "11.1.0",
     "license-checker-webpack-plugin": "0.2.1",
     "mermaid": "10.0.2",
-    "mini-css-extract-plugin": "2.7.2",
+    "mini-css-extract-plugin": "2.7.4",
     "monaco-editor": "0.34.1",
     "monaco-editor-webpack-plugin": "7.0.1",
     "pretty-ms": "8.0.0",
@@ -45,7 +43,7 @@
     "vue-bar-graph": "2.0.0",
     "vue-loader": "17.0.1",
     "vue3-calendar-heatmap": "2.0.0",
-    "webpack": "5.75.0",
+    "webpack": "5.76.2",
     "webpack-cli": "5.0.1",
     "workbox-routing": "6.5.4",
     "workbox-strategies": "6.5.4",
@@ -64,7 +62,6 @@
     "eslint-plugin-vue": "9.9.0",
     "jsdom": "21.0.0",
     "markdownlint-cli": "0.33.0",
-    "postcss-less": "6.0.0",
     "stylelint": "15.2.0",
     "stylelint-declaration-strict-value": "1.9.2",
     "svgo": "3.0.2",

routers/api/v1/admin/repo.go

@@ -32,6 +32,8 @@ func CreateRepo(ctx *context.APIContext) {
 	// responses:
 	//   "201":
 	//     "$ref": "#/responses/Repository"
+	//   "400":
+	//     "$ref": "#/responses/error"
 	//   "403":
 	//     "$ref": "#/responses/forbidden"
 	//   "404":

routers/api/v1/admin/user.go

@@ -305,6 +305,10 @@ func DeleteUser(ctx *context.APIContext) {
 	//   description: username of user to delete
 	//   type: string
 	//   required: true
+	// - name: purge
+	//   in: query
+	//   description: purge the user from the system completely
+	//   type: boolean
 	// responses:
 	//   "204":
 	//     "$ref": "#/responses/empty"

routers/api/v1/repo/issue_attachment.go

@@ -176,7 +176,7 @@ func CreateIssueAttachment(ctx *context.APIContext) {
 		filename = query
 	}
 
-	attachment, err := attachment.UploadAttachment(file, setting.Attachment.AllowedTypes, &repo_model.Attachment{
+	attachment, err := attachment.UploadAttachment(file, setting.Attachment.AllowedTypes, header.Size, &repo_model.Attachment{
 		Name:       filename,
 		UploaderID: ctx.Doer.ID,
 		RepoID:     ctx.Repo.Repository.ID,

routers/api/v1/repo/issue_comment_attachment.go

@@ -180,7 +180,7 @@ func CreateIssueCommentAttachment(ctx *context.APIContext) {
 		filename = query
 	}
 
-	attachment, err := attachment.UploadAttachment(file, setting.Attachment.AllowedTypes, &repo_model.Attachment{
+	attachment, err := attachment.UploadAttachment(file, setting.Attachment.AllowedTypes, header.Size, &repo_model.Attachment{
 		Name:       filename,
 		UploaderID: ctx.Doer.ID,
 		RepoID:     ctx.Repo.Repository.ID,

routers/api/v1/repo/migrate.go

@@ -154,7 +154,7 @@ func Migrate(ctx *context.APIContext) {
 		Issues:         form.Issues,
 		Milestones:     form.Milestones,
 		Labels:         form.Labels,
-		Comments:       true,
+		Comments:       form.Issues || form.PullRequests,
 		PullRequests:   form.PullRequests,
 		Releases:       form.Releases,
 		GitServiceType: gitServiceType,

routers/api/v1/repo/notes.go

@@ -58,8 +58,18 @@ func getNote(ctx *context.APIContext, identifier string) {
 		return
 	}
 
+	commitSHA, err := ctx.Repo.GitRepo.ConvertToSHA1(identifier)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound(err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "ConvertToSHA1", err)
+		}
+		return
+	}
+
 	var note git.Note
-	if err := git.GetNote(ctx, ctx.Repo.GitRepo, identifier, &note); err != nil {
+	if err := git.GetNote(ctx, ctx.Repo.GitRepo, commitSHA.String(), &note); err != nil {
 		if git.IsErrNotExist(err) {
 			ctx.NotFound(identifier)
 			return

routers/api/v1/repo/release_attachment.go

@@ -194,7 +194,7 @@ func CreateReleaseAttachment(ctx *context.APIContext) {
 	}
 
 	// Create a new attachment and save the file
-	attach, err := attachment.UploadAttachment(file, setting.Repository.Release.AllowedTypes, &repo_model.Attachment{
+	attach, err := attachment.UploadAttachment(file, setting.Repository.Release.AllowedTypes, header.Size, &repo_model.Attachment{
 		Name:       filename,
 		UploaderID: ctx.Doer.ID,
 		RepoID:     release.RepoID,

routers/api/v1/repo/repo.go

@@ -231,6 +231,13 @@ func CreateUserRepo(ctx *context.APIContext, owner *user_model.User, opt api.Cre
 	if opt.AutoInit && opt.Readme == "" {
 		opt.Readme = "Default"
 	}
+
+	// If the readme template does not exist, a 400 will be returned.
+	if opt.AutoInit && len(opt.Readme) > 0 && !util.SliceContains(repo_module.Readmes, opt.Readme) {
+		ctx.Error(http.StatusBadRequest, "", fmt.Errorf("readme template does not exist, available templates: %v", repo_module.Readmes))
+		return
+	}
+
 	repo, err := repo_service.CreateRepository(ctx.Doer, owner, repo_module.CreateRepoOptions{
 		Name:          opt.Name,
 		Description:   opt.Description,
@@ -283,6 +290,8 @@ func Create(ctx *context.APIContext) {
 	// responses:
 	//   "201":
 	//     "$ref": "#/responses/Repository"
+	//   "400":
+	//     "$ref": "#/responses/error"
 	//   "409":
 	//     description: The repository with the same name already exists.
 	//   "422":
@@ -464,6 +473,8 @@ func CreateOrgRepo(ctx *context.APIContext) {
 	// responses:
 	//   "201":
 	//     "$ref": "#/responses/Repository"
+	//   "400":
+	//     "$ref": "#/responses/error"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	//   "403":

routers/init.go

@@ -141,7 +141,7 @@ func GlobalInitInstalled(ctx context.Context) {
 
 	if setting.EnableSQLite3 {
 		log.Info("SQLite3 support is enabled")
-	} else if setting.Database.UseSQLite3 {
+	} else if setting.Database.Type.IsSQLite3() {
 		log.Fatal("SQLite3 support is disabled, but it is used for database setting. Please get or build a Gitea release with SQLite3 support.")
 	}
 

routers/install/install.go

@@ -104,7 +104,7 @@ func Install(ctx *context.Context) {
 	form.DbSchema = setting.Database.Schema
 	form.Charset = setting.Database.Charset
 
-	curDBType := setting.Database.Type
+	curDBType := setting.Database.Type.String()
 	var isCurDBTypeSupported bool
 	for _, dbType := range setting.SupportedDatabaseTypes {
 		if dbType == curDBType {
@@ -272,7 +272,7 @@ func SubmitInstall(ctx *context.Context) {
 	// ---- Basic checks are passed, now test configuration.
 
 	// Test database setting.
-	setting.Database.Type = form.DbType
+	setting.Database.Type = setting.DatabaseType(form.DbType)
 	setting.Database.Host = form.DbHost
 	setting.Database.User = form.DbUser
 	setting.Database.Passwd = form.DbPasswd
@@ -392,7 +392,7 @@ func SubmitInstall(ctx *context.Context) {
 			log.Error("Failed to load custom conf '%s': %v", setting.CustomConf, err)
 		}
 	}
-	cfg.Section("database").Key("DB_TYPE").SetValue(setting.Database.Type)
+	cfg.Section("database").Key("DB_TYPE").SetValue(setting.Database.Type.String())
 	cfg.Section("database").Key("HOST").SetValue(setting.Database.Host)
 	cfg.Section("database").Key("NAME").SetValue(setting.Database.Name)
 	cfg.Section("database").Key("USER").SetValue(setting.Database.User)

routers/install/routes.go

@@ -64,7 +64,7 @@ func installRecovery(ctx goctx.Context) func(next http.Handler) http.Handler {
 						"SignedUserName": "",
 					}
 
-					httpcache.AddCacheControlToHeader(w.Header(), 0, "no-transform")
+					httpcache.SetCacheControlInHeader(w.Header(), 0, "no-transform")
 					w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
 					if !setting.IsProd {

routers/web/admin/auths.go

@@ -271,6 +271,15 @@ func NewAuthSourcePost(ctx *context.Context) {
 		}
 	case auth.OAuth2:
 		config = parseOAuth2Config(form)
+		oauth2Config := config.(*oauth2.Source)
+		if oauth2Config.Provider == "openidConnect" {
+			discoveryURL, err := url.Parse(oauth2Config.OpenIDConnectAutoDiscoveryURL)
+			if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
+				ctx.Data["Err_DiscoveryURL"] = true
+				ctx.RenderWithErr(ctx.Tr("admin.auths.invalid_openIdConnectAutoDiscoveryURL"), tplAuthNew, form)
+				return
+			}
+		}
 	case auth.SSPI:
 		var err error
 		config, err = parseSSPIConfig(ctx, form)
@@ -305,6 +314,10 @@ func NewAuthSourcePost(ctx *context.Context) {
 		if auth.IsErrSourceAlreadyExist(err) {
 			ctx.Data["Err_Name"] = true
 			ctx.RenderWithErr(ctx.Tr("admin.auths.login_source_exist", err.(auth.ErrSourceAlreadyExist).Name), tplAuthNew, form)
+		} else if oauth2.IsErrOpenIDConnectInitialize(err) {
+			ctx.Data["Err_DiscoveryURL"] = true
+			unwrapped := err.(oauth2.ErrOpenIDConnectInitialize).Unwrap()
+			ctx.RenderWithErr(ctx.Tr("admin.auths.unable_to_initialize_openid", unwrapped), tplAuthNew, form)
 		} else {
 			ctx.ServerError("auth.CreateSource", err)
 		}
@@ -389,6 +402,15 @@ func EditAuthSourcePost(ctx *context.Context) {
 		}
 	case auth.OAuth2:
 		config = parseOAuth2Config(form)
+		oauth2Config := config.(*oauth2.Source)
+		if oauth2Config.Provider == "openidConnect" {
+			discoveryURL, err := url.Parse(oauth2Config.OpenIDConnectAutoDiscoveryURL)
+			if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
+				ctx.Data["Err_DiscoveryURL"] = true
+				ctx.RenderWithErr(ctx.Tr("admin.auths.invalid_openIdConnectAutoDiscoveryURL"), tplAuthEdit, form)
+				return
+			}
+		}
 	case auth.SSPI:
 		config, err = parseSSPIConfig(ctx, form)
 		if err != nil {
@@ -408,6 +430,7 @@ func EditAuthSourcePost(ctx *context.Context) {
 	if err := auth.UpdateSource(source); err != nil {
 		if oauth2.IsErrOpenIDConnectInitialize(err) {
 			ctx.Flash.Error(err.Error(), true)
+			ctx.Data["Err_DiscoveryURL"] = true
 			ctx.HTML(http.StatusOK, tplAuthEdit)
 		} else {
 			ctx.ServerError("UpdateSource", err)

routers/web/base.go

@@ -158,7 +158,7 @@ func Recovery(ctx goctx.Context) func(next http.Handler) http.Handler {
 						store["SignedUserName"] = ""
 					}
 
-					httpcache.AddCacheControlToHeader(w.Header(), 0, "no-transform")
+					httpcache.SetCacheControlInHeader(w.Header(), 0, "no-transform")
 					w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
 					if !setting.IsProd {

routers/web/healthcheck/check.go

@@ -100,7 +100,7 @@ func checkDatabase(checks checks) status {
 		st.Time = getCheckTime()
 	}
 
-	if setting.Database.UseSQLite3 && st.Status == pass {
+	if setting.Database.Type.IsSQLite3() && st.Status == pass {
 		if !setting.EnableSQLite3 {
 			st.Status = fail
 			st.Time = getCheckTime()

routers/web/org/home.go

@@ -156,6 +156,7 @@ func Home(ctx *context.Context) {
 	pager.SetDefaultParams(ctx)
 	pager.AddParam(ctx, "language", "Language")
 	ctx.Data["Page"] = pager
+	ctx.Data["ContextUser"] = ctx.ContextUser
 
 	ctx.HTML(http.StatusOK, tplOrgHome)
 }