Vendor updated

* BUGFIXES
   * Fix bug clone wiki (#15499) (#15502)
   * Github Migration ignore rate limit, if not enabled (#15490) (#15495)
   * Use subdir for URL (#15446) (#15493)
   * Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
   * Ensure review dismissal only dismisses the correct review (#15477) (#15489)
   * Use index of the supported tags to choose user lang (#15452) (#15488)
   * Fix wrong file link in code search page (#15466) (#15486)
   * Quick template fix for built-in SSH server in admin config (#15464) (#15481)
   * Prevent superfluous response.WriteHeader (#15456) (#15476)
   * Fix ambiguous argument error on tags (#15432) (#15474)
   * Add created_unix instead of expiry to migration (#15458) (#15463)
   * Fix repository search (#15428) (#15442)
   * Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
   * Fix wiki clone urls (#15430) (#15431)
   * Fix dingtalk icon url at webhook (#15417) (#15426)
   * Standardise icon on projects PR page (#15387) (#15408)
 * ENHANCEMENTS
   * Add option to skip LFS/attachment files for `dump` (#15407) (#15492)
   * Clone panel fixes (#15436)
   * Use semantic dropdown for code search query type (#15276) (#15364)
 * BUILD
   * Build go-git variants for windows (#15482) (#15487)
   * Lock down build-images dependencies (Partial #15479) (#15480)
 * MISC
   * Performance improvement for list pull requests (#15447) (#15500)
   * Fix potential copy lfs records failure when fork a repository (#15441) (#15485)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEtW48dDeknhNoYvXenYpXraojLpUFAmB49LoACgkQnYpXraoj
 LpU5qg//VeGo6XqAvilX9xFbX1Q6ZgtiASE1tFGBZhj13Os2U7tFSPsSfYCtloQu
 MUD1Bvdh87bLztg5X/x8u2uHKVnLed7Nuur3o5JATeR54qvA0ySguTX3al+PDTD9
 JOKcEECCcRgLOqJpYjNBj9h2tOjgjBHKN4VmJWv14epmE+5U/TTKxRmbUS6famFA
 C0YeqMg5VSiWjv1JnM/bydKLKLR38FZMUfhkQAnUn4f3tcVEoK4zud9pPPt86AtH
 DM822Fs2jOdk4ItUE3FQ0iWJSpAInlAIZak+qQMhEdbeHQbWwuKRxX+E4swZncUA
 AKOcackLjcCIysHwBHpvaAFqVkiBirnLF2rdqxupASzQKLgqfbSy8M7Ono5f0k1o
 6NG2WsbSu94fmYm4mIAH6A61KWQjSqo1jMVcbyemHue9VsUeD4NY1yWg3G/9EsAd
 iIeGzbqMdrKD06SsfTaGKmg+zzkBXvimftZefgk4mqJGUhghvdozM6wAiPkA6rlO
 brfNBx5MnYvtbt+Sc81MmCqzl+DFrPZKCNd7gG/asjslw2jfzf7KXtjI3HXoa4Ja
 GE5spEgo77Pi+xuejJoSno2eqtvp+eoNKGLvKN62XjQtEazayHRYaYdLVz37qI1E
 uuPgmGLPa1+vn56vroOQKzguTdfnALsMRONJWM3m+mobMNpzE50=
 =DcnL
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEP9qOr5Mr8pQiKmVSxS6Qfm84+osFAmB/18sACgkQxS6Qfm84
 +ourtA//cbNXDOKQDMtfGt3WIGp5VpJAY9KXWpM0ZsY7/o+NS02xl77rk+ij674v
 EZ5tmjlBIjTGiAjirgdvviFyNN7JzufyIA5GOHYlp65MBnBJZHW4spZ8nuID0o3G
 taindLrYUd0wncAMUCd3K1K6PDWfZ9HamlQZgmyOuwIK/USNMF70yTC7OyvJdWm2
 5S43QKN/LfrPrN26CFjV7IHHB+9WbWuhE4RCSeillX8zzFcvahpuKM2Gf62mvghJ
 kbOCad+B3g+m3TTLLmYA5F8WagW9RMoPF90/Yf8n9QVq2CpfuJ6xuEaL78xJQ/o3
 fgXNPpxeIUIGS+u6I4NykAfoB0gO5SCuuADxotAE8G+aTs2y2FyxpdGBJcJNwf/F
 hWApSc8ku3JtkuOwXEjJGqHobu7emRSoqyR4+NKSaGnHbML49XzW6YNe1/zQQikD
 xb9vVWU5RNychq8uVa+X0XPdjEWWVN1ZvbY0Gvafx9nj0qFBtQ8wcd56JpnBIOoy
 X6Z7+SBFcu5lsOH6h2IlT0flsB4J3iypdvRG4RXSVmWKoGjpKli8UnP4yzryiILq
 hGpSTmp9SM8wyFEr5aJvsxVq7QttzqHEWjAXYEFp1Wn8HSu7kSOMJgGtI/BwNF68
 KhJVz4J7boYVToAIHGO1g0eDhvRy+AIYOv3HfCA5fzLCIjiy8gg=
 =3sN9
 -----END PGP SIGNATURE-----

Merge tag 'v1.14.1' of github.com:go-gitea/gitea into dev

v1.14.1

* BUGFIXES
  * Fix bug clone wiki (#15499) (#15502)
  * Github Migration ignore rate limit, if not enabled (#15490) (#15495)
  * Use subdir for URL (#15446) (#15493)
  * Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
  * Ensure review dismissal only dismisses the correct review (#15477) (#15489)
  * Use index of the supported tags to choose user lang (#15452) (#15488)
  * Fix wrong file link in code search page (#15466) (#15486)
  * Quick template fix for built-in SSH server in admin config (#15464) (#15481)
  * Prevent superfluous response.WriteHeader (#15456) (#15476)
  * Fix ambiguous argument error on tags (#15432) (#15474)
  * Add created_unix instead of expiry to migration (#15458) (#15463)
  * Fix repository search (#15428) (#15442)
  * Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
  * Fix wiki clone urls (#15430) (#15431)
  * Fix dingtalk icon url at webhook (#15417) (#15426)
  * Standardise icon on projects PR page (#15387) (#15408)
* ENHANCEMENTS
  * Add option to skip LFS/attachment files for `dump` (#15407) (#15492)
  * Clone panel fixes (#15436)
  * Use semantic dropdown for code search query type (#15276) (#15364)
* BUILD
  * Build go-git variants for windows (#15482) (#15487)
  * Lock down build-images dependencies (Partial #15479) (#15480)
* MISC
  * Performance improvement for list pull requests (#15447) (#15500)
  * Fix potential copy lfs records failure when fork a repository (#15441) (#15485)

.air.conf

@@ -0,0 +1,9 @@
+root = "."
+tmp_dir = ".air"
+
+[build]
+cmd = "make backend"
+bin = "gitea"
+include_ext = ["go", "tmpl"]
+exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
+include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]

.changelog.yml

@@ -22,6 +22,10 @@ groups:
     name: SECURITY
     labels:
       - kind/security
+  -
+    name: API
+    labels:
+      - kind/api
   -
     name: BUGFIXES
     labels:

.drone.yml

@@ -6,27 +6,28 @@ platform:
   os: linux
   arch: arm64
 
-workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
 
 steps:
   - name: deps-frontend
     pull: always
-    image: node:12
+    image: node:14
     commands:
       - make node_modules
 
   - name: lint-frontend
-    pull: always
-    image: node:12
+    image: node:14
     commands:
       - make lint-frontend
     depends_on: [deps-frontend]
 
   - name: lint-backend
     pull: always
-    image: golang:1.14
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
     commands:
       - make lint-backend
     environment:
@@ -34,40 +35,84 @@ steps:
       GOSUMDB: sum.golang.org
       TAGS: bindata sqlite sqlite_unlock_notify
 
-  - name: build-frontend
+  - name: lint-backend-windows
     pull: always
-    image: node:10 # this step is kept at the lowest version of node that we support
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    commands:
+      - make golangci-lint vet
+    environment:
+      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
+      GOSUMDB: sum.golang.org
+      TAGS: bindata sqlite sqlite_unlock_notify
+      GOOS: windows
+      GOARCH: amd64
+
+  - name: lint-backend-gogit
+    pull: always
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
+    commands:
+      - make lint-backend
+    environment:
+      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
+      GOSUMDB: sum.golang.org
+      TAGS: bindata gogit sqlite sqlite_unlock_notify
+
+  - name: checks-frontend
+    image: node:14
+    commands:
+      - make checks-frontend
+    depends_on: [deps-frontend]
+
+  - name: checks-backend
+    pull: always
+    image: golang:1.16
+    commands:
+      - make checks-backend
+    depends_on: [lint-backend]
+
+  - name: build-frontend
+    image: node:14
     commands:
       - make frontend
     depends_on: [lint-frontend]
 
   - name: build-backend-no-gcc
     pull: always
-    image: golang:1.12 # this step is kept as the lowest version of golang that we support
+    image: golang:1.14 # this step is kept as the lowest version of golang that we support
     environment:
       GO111MODULE: on
       GOPROXY: off
     commands:
       - go build -mod=vendor -o gitea_no_gcc # test if build succeeds without the sqlite tag
-    depends_on: [lint-backend]
+    depends_on: [checks-backend]
 
   - name: build-backend-arm64
-    pull: always
-    image: golang:1.14
+    image: golang:1.16
     environment:
       GO111MODULE: on
       GOPROXY: off
       GOOS: linux
       GOARCH: arm64
-      TAGS: bindata
+      TAGS: bindata gogit
     commands:
       - make backend # test cross compile
       - rm ./gitea # clean
-    depends_on: [lint-backend]
+    depends_on: [checks-backend]
+
+  - name: build-backend-windows
+    image: golang:1.16
+    environment:
+      GO111MODULE: on
+      GOPROXY: off
+      GOOS: windows
+      GOARCH: amd64
+      TAGS: bindata gogit
+    commands:
+      - go build -mod=vendor -o gitea_windows
+    depends_on: [checks-backend]
 
   - name: build-backend-386
-    pull: always
-    image: golang:1.14
+    image: golang:1.16
     environment:
       GO111MODULE: on
       GOPROXY: off
@@ -75,7 +120,7 @@ steps:
       GOARCH: 386
     commands:
       - go build -mod=vendor -o gitea_linux_386 # test if compatible with 32 bit
-    depends_on: [lint-backend]
+    depends_on: [checks-backend]
 
 ---
 kind: pipeline
@@ -88,39 +133,26 @@ platform:
 depends_on:
   - compliance
 
-workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
 
 services:
   - name: mysql
-    pull: default
     image: mysql:5.7
     environment:
       MYSQL_ALLOW_EMPTY_PASSWORD: yes
       MYSQL_DATABASE: test
-      GOPROXY: off
-      TAGS: bindata sqlite sqlite_unlock_notify
-      GITLAB_READ_TOKEN:
-        from_secret: gitlab_read_token
-    depends_on:
-      - build
-    when:
-      branch:
-        - master
-      event:
-        - push
-        - pull_request
 
   - name: mysql8
-    pull: default
     image: mysql:8.0
     environment:
       MYSQL_ALLOW_EMPTY_PASSWORD: yes
       MYSQL_DATABASE: testgitea
 
   - name: mssql
-    pull: default
     image: mcr.microsoft.com/mssql/server:latest
     environment:
       ACCEPT_EULA: Y
@@ -128,18 +160,23 @@ services:
       SA_PASSWORD: MwantsaSecurePassword1
 
   - name: ldap
-    pull: default
     image: gitea/test-openldap:latest
 
   - name: elasticsearch
-    pull: default
     environment:
       discovery.type: single-node
     image: elasticsearch:7.5.0
 
+  - name: minio
+    image: minio/minio:RELEASE.2021-03-12T00-00-47Z
+    commands:
+    - minio server /data
+    environment:
+      MINIO_ACCESS_KEY: 123456
+      MINIO_SECRET_KEY: 12345678
+
 steps:
   - name: fetch-tags
-    pull: default
     image: docker:git
     commands:
       - git fetch --tags --force
@@ -150,7 +187,7 @@ steps:
 
   - name: build
     pull: always
-    image: golang:1.14
+    image: golang:1.16
     commands:
       - make backend
     environment:
@@ -165,8 +202,7 @@ steps:
       - git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}
 
   - name: unit-test
-    pull: always
-    image: golang:1.14
+    image: golang:1.16
     commands:
       - make unit-test-coverage test-check
     environment:
@@ -175,27 +211,33 @@ steps:
       GITHUB_READ_TOKEN:
         from_secret: github_read_token
 
-  - name: test-mysql
+  - name: unit-test-gogit
     pull: always
-    image: golang:1.14
+    image: golang:1.16
+    commands:
+      - make unit-test-coverage test-check
+    environment:
+      GOPROXY: off
+      TAGS: bindata gogit sqlite sqlite_unlock_notify
+      GITHUB_READ_TOKEN:
+        from_secret: github_read_token
+
+  - name: test-mysql
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - make test-mysql-migration integration-test-coverage
     environment:
       GOPROXY: off
       TAGS: bindata
       TEST_LDAP: 1
       USE_REPO_TEST_DIR: 1
+      TEST_INDEXER_CODE_ES_URL: "http://elastic:changeme@elasticsearch:9200"
     depends_on:
       - build
 
   - name: test-mysql8
-    pull: always
-    image: golang:1.14
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - timeout -s ABRT 40m make test-mysql8-migration test-mysql8
     environment:
       GOPROXY: off
@@ -206,11 +248,8 @@ steps:
       - build
 
   - name: test-mssql
-    pull: always
-    image: golang:1.14
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - make test-mssql-migration test-mssql
     environment:
       GOPROXY: off
@@ -221,8 +260,7 @@ steps:
       - build
 
   - name: generate-coverage
-    pull: always
-    image: golang:1.14
+    image: golang:1.16
     commands:
       - make coverage
     environment:
@@ -238,14 +276,13 @@ steps:
         - push
         - pull_request
 
-  - name: coverage
+  - name: coverage-codecov
     pull: always
-    image: robertstettner/drone-codecov
+    image: plugins/codecov
     settings:
       files:
         - coverage.all
-    environment:
-      CODECOV_TOKEN:
+      token:
         from_secret: codecov_token
     depends_on:
       - generate-coverage
@@ -267,9 +304,11 @@ platform:
 depends_on:
   - compliance
 
-workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
 
 services:
   - name: pgsql
@@ -285,7 +324,6 @@ services:
 
 steps:
   - name: fetch-tags
-    pull: default
     image: docker:git
     commands:
       - git fetch --tags --force
@@ -296,38 +334,34 @@ steps:
 
   - name: build
     pull: always
-    image: golang:1.14
+    image: golang:1.16
     commands:
       - make backend
     environment:
       GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
       GOSUMDB: sum.golang.org
-      TAGS: bindata sqlite sqlite_unlock_notify
+      TAGS: bindata gogit sqlite sqlite_unlock_notify
 
   - name: test-sqlite
-    pull: always
-    image: golang:1.14
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - timeout -s ABRT 40m make test-sqlite-migration test-sqlite
     environment:
       GOPROXY: off
-      TAGS: bindata
+      TAGS: bindata gogit sqlite sqlite_unlock_notify
+      TEST_TAGS: gogit sqlite sqlite_unlock_notify
       USE_REPO_TEST_DIR: 1
     depends_on:
       - build
 
   - name: test-pgsql
-    pull: always
-    image: golang:1.14
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
     commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
       - timeout -s ABRT 40m make test-pgsql-migration test-pgsql
     environment:
       GOPROXY: off
-      TAGS: bindata
+      TAGS: bindata gogit
+      TEST_TAGS: gogit
       TEST_LDAP: 1
       USE_REPO_TEST_DIR: 1
     depends_on:
@@ -335,21 +369,19 @@ steps:
 
 ---
 kind: pipeline
-name: translations
+name: update_translations
 
 platform:
   os: linux
   arch: arm64
 
-workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
-
 trigger:
   branch:
     - master
   event:
-    - push
+    - cron
+  cron:
+    - update_translations
 
 steps:
   - name: download
@@ -366,7 +398,7 @@ steps:
 
   - name: update
     pull: default
-    image: alpine:3.12
+    image: alpine:3.13
     commands:
       - ./build/update-locales.sh
 
@@ -395,6 +427,41 @@ steps:
       CROWDIN_KEY:
         from_secret: crowdin_key
 
+---
+kind: pipeline
+name: update_gitignore_and_licenses
+
+platform:
+  os: linux
+  arch: arm64
+
+trigger:
+  branch:
+    - master
+  event:
+    - cron
+  cron:
+    - update_gitignore_and_licenses
+
+steps:
+  - name: download
+    image: golang:1.16
+    commands:
+      - timeout -s ABRT 40m make generate-license generate-gitignore
+
+  - name: push
+    pull: always
+    image: appleboy/drone-git-push
+    settings:
+      author_email: "teabot@gitea.io"
+      author_name: GiteaBot
+      commit: true
+      commit_message: "[skip ci] Updated licenses and gitignores "
+      remote: "git@github.com:go-gitea/gitea.git"
+    environment:
+      GIT_PUSH_SSH_KEY:
+        from_secret: git_push_ssh_key
+
 ---
 kind: pipeline
 name: release-latest
@@ -404,8 +471,8 @@ platform:
   arch: amd64
 
 workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
+  base: /source
+  path: /
 
 trigger:
   branch:
@@ -417,21 +484,18 @@ trigger:
 depends_on:
   - testing-amd64
   - testing-arm64
-  - translations
 
 steps:
   - name: fetch-tags
-    pull: default
     image: docker:git
     commands:
       - git fetch --tags --force
 
   - name: static
     pull: always
-    image: techknowlogick/xgo:go-1.14.x
+    image: techknowlogick/xgo:go-1.16.x
     commands:
-      - apt update && apt -y install curl
-      - curl -sL https://deb.nodesource.com/setup_12.x | bash - && apt -y install nodejs
+      - curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt -y install nodejs
       - export PATH=$PATH:$GOPATH/bin
       - make release
     environment:
@@ -476,7 +540,6 @@ steps:
         - push
 
   - name: release-master
-    pull: always
     image: plugins/s3:1
     settings:
       acl: public-read
@@ -506,8 +569,8 @@ platform:
   arch: amd64
 
 workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
+  base: /source
+  path: /
 
 trigger:
   event:
@@ -526,10 +589,9 @@ steps:
 
   - name: static
     pull: always
-    image: techknowlogick/xgo:go-1.14.x
+    image: techknowlogick/xgo:go-1.16.x
     commands:
-      - apt update && apt -y install curl
-      - curl -sL https://deb.nodesource.com/setup_12.x | bash - && apt -y install nodejs
+      - curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt -y install nodejs
       - export PATH=$PATH:$GOPATH/bin
       - make release
     environment:
@@ -589,6 +651,12 @@ platform:
 depends_on:
   - compliance
 
+trigger:
+  event:
+    - push
+    - tag
+    - pull_request
+
 steps:
   - name: build-docs
     pull: always
@@ -621,10 +689,6 @@ platform:
   os: linux
   arch: amd64
 
-workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
-
 depends_on:
   - testing-amd64
   - testing-arm64
@@ -633,10 +697,12 @@ trigger:
   ref:
   - refs/heads/master
   - "refs/tags/**"
+  event:
+    exclude:
+    - cron
 
 steps:
   - name: fetch-tags
-    pull: default
     image: docker:git
     commands:
       - git fetch --tags --force
@@ -659,6 +725,27 @@ steps:
         exclude:
         - pull_request
 
+  - name: publish-rootless
+    image: plugins/docker:linux-amd64
+    settings:
+      dockerfile: Dockerfile.rootless
+      auto_tag: true
+      auto_tag_suffix: linux-amd64-rootless
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=off
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+    when:
+      event:
+        exclude:
+        - pull_request
+
 ---
 kind: pipeline
 name: docker-linux-arm64-dry-run
@@ -667,10 +754,6 @@ platform:
   os: linux
   arch: arm64
 
-workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
-
 depends_on:
   - compliance
 
@@ -688,6 +771,9 @@ steps:
       tags: linux-arm64
       build_args:
         - GOPROXY=off
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
     when:
       event:
         - pull_request
@@ -700,10 +786,6 @@ platform:
   os: linux
   arch: arm64
 
-workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
-
 depends_on:
   - testing-amd64
   - testing-arm64
@@ -712,9 +794,12 @@ trigger:
   ref:
   - refs/heads/master
   - "refs/tags/**"
+  event:
+    exclude:
+    - cron
+
 steps:
   - name: fetch-tags
-    pull: default
     image: docker:git
     commands:
       - git fetch --tags --force
@@ -732,6 +817,30 @@ steps:
         from_secret: docker_password
       username:
         from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+    when:
+      event:
+        exclude:
+        - pull_request
+
+  - name: publish-rootless
+    image: plugins/docker:linux-arm64
+    settings:
+      dockerfile: Dockerfile.rootless
+      auto_tag: true
+      auto_tag_suffix: linux-arm64-rootless
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=off
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
     when:
       event:
         exclude:
@@ -746,8 +855,19 @@ platform:
   arch: amd64
 
 steps:
-  - name: manifest
+  - name: manifest-rootless
     pull: always
+    image: plugins/manifest
+    settings:
+      auto_tag: true
+      ignore_missing: true
+      spec: docker/manifest.rootless.tmpl
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+
+  - name: manifest
     image: plugins/manifest
     settings:
       auto_tag: true
@@ -762,6 +882,9 @@ trigger:
   ref:
   - refs/heads/master
   - "refs/tags/**"
+  event:
+    exclude:
+    - cron
 
 depends_on:
   - docker-linux-amd64-release
@@ -792,7 +915,6 @@ trigger:
 depends_on:
   - testing-amd64
   - testing-arm64
-  - translations
   - release-version
   - release-latest
   - docker-linux-amd64-release

.editorconfig

@@ -1,25 +1,22 @@
 root = true
 
 [*]
-charset = utf-8
-insert_final_newline = true
-trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+tab_width = 2
 end_of_line = lf
-
-[*.md]
-trim_trailing_whitespace = false
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
 
 [*.{go,tmpl,html}]
 indent_style = tab
-indent_size = 4
-
-[*.{less,css}]
-indent_style = space
-indent_size = 4
-
-[*.{js,json,yml}]
-indent_style = space
-indent_size = 2
 
 [Makefile]
 indent_style = tab
+
+[*.svg]
+insert_final_newline = false
+
+[*.md]
+trim_trailing_whitespace = false

.eslintrc

@@ -3,20 +3,25 @@ reportUnusedDisableDirectives: true
 
 ignorePatterns:
   - /web_src/js/vendor
+  - /templates/base/head.tmpl
+  - /templates/repo/activity.tmpl
+  - /templates/repo/view_file.tmpl
 
 parserOptions:
   sourceType: module
-  ecmaVersion: 2020
+  ecmaVersion: 2021
 
 plugins:
   - eslint-plugin-unicorn
   - eslint-plugin-import
-  - eslint-plugin-sonarjs
+  - eslint-plugin-vue
+  - eslint-plugin-html
+
+extends:
+  - plugin:vue/recommended
 
 env:
-  browser: true
-  es6: true
-  jquery: true
+  es2021: true
   node: true
 
 globals:
@@ -25,12 +30,29 @@ globals:
   Dropzone: false
   SimpleMDE: false
   u2fApi: false
-  Tribute: false
+
+settings:
+  html/html-extensions: [".tmpl"]
 
 overrides:
-  - files: ["web_src/**/*.worker.js", "web_src/js/serviceworker.js"]
+  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
+    env:
+      browser: true
+      jquery: true
+      node: false
+  - files: ["templates/**/*.tmpl"]
+    rules:
+      no-tabs: [0]
+      indent: [2, tab, {SwitchCase: 1}]
+  - files: ["web_src/**/*worker.js"]
     env:
       worker: true
+    rules:
+      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
+  - files: ["build/generate-images.js"]
+    rules:
+      import/no-unresolved: [0]
+      import/no-extraneous-dependencies: [0]
 
 rules:
   accessor-pairs: [2]
@@ -92,7 +114,7 @@ rules:
   import/no-amd: [0]
   import/no-anonymous-default-export: [0]
   import/no-commonjs: [0]
-  import/no-cycle: [0]
+  import/no-cycle: [2, {ignoreExternal: true}]
   import/no-default-export: [0]
   import/no-deprecated: [0]
   import/no-dynamic-require: [0]
@@ -110,13 +132,13 @@ rules:
   import/no-self-import: [2]
   import/no-unassigned-import: [0]
   import/no-unresolved: [2, {commonjs: true}]
-  import/no-unused-modules: [0]
+  import/no-unused-modules: [2, {unusedExports: true}]
   import/no-useless-path-segments: [2, {commonjs: true}]
   import/no-webpack-loader-syntax: [2]
   import/order: [0]
   import/prefer-default-export: [0]
   import/unambiguous: [0]
-  indent: [2, 2, {ignoreComments: true, SwitchCase: 1}]
+  indent: [2, 2, {SwitchCase: 1}]
   init-declarations: [0]
   key-spacing: [2]
   keyword-spacing: [2]
@@ -165,7 +187,7 @@ rules:
   no-dupe-keys: [2]
   no-duplicate-case: [2]
   no-duplicate-imports: [2]
-  no-else-return: [0]
+  no-else-return: [2]
   no-empty-character-class: [2]
   no-empty-function: [0]
   no-empty-pattern: [2]
@@ -204,7 +226,7 @@ rules:
   no-mixed-operators: [0]
   no-mixed-spaces-and-tabs: [2]
   no-multi-assign: [0]
-  no-multi-spaces: [2, {ignoreEOLComments: true, exceptions: {Property: true, VariableDeclarator: true}}]
+  no-multi-spaces: [2, {ignoreEOLComments: true, exceptions: {Property: true}}]
   no-multi-str: [2]
   no-negated-condition: [0]
   no-nested-ternary: [0]
@@ -213,17 +235,19 @@ rules:
   no-new-symbol: [2]
   no-new-wrappers: [2]
   no-new: [0]
+  no-nonoctal-decimal-escape: [2]
   no-obj-calls: [2]
   no-octal-escape: [2]
   no-octal: [2]
   no-param-reassign: [0]
   no-plusplus: [0]
+  no-promise-executor-return: [0]
   no-proto: [2]
   no-prototype-builtins: [2]
   no-redeclare: [2]
   no-regex-spaces: [2]
   no-restricted-exports: [0]
-  no-restricted-globals: [0]
+  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top]
   no-restricted-imports: [0]
   no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
   no-return-assign: [0]
@@ -249,6 +273,7 @@ rules:
   no-unexpected-multiline: [2]
   no-unmodified-loop-condition: [2]
   no-unneeded-ternary: [0]
+  no-unreachable-loop: [2]
   no-unreachable: [2]
   no-unsafe-finally: [2]
   no-unsafe-negation: [2]
@@ -264,7 +289,7 @@ rules:
   no-useless-constructor: [2]
   no-useless-escape: [2]
   no-useless-rename: [2]
-  no-useless-return: [0]
+  no-useless-return: [2]
   no-var: [2]
   no-void: [2]
   no-warning-comments: [0]
@@ -303,31 +328,6 @@ rules:
   semi-spacing: [2, {before: false, after: true}]
   semi-style: [2, last]
   semi: [2, always, {omitLastInOneLineBlock: true}]
-  sonarjs/cognitive-complexity: [0]
-  sonarjs/max-switch-cases: [0]
-  sonarjs/no-all-duplicated-branches: [2]
-  sonarjs/no-collapsible-if: [0]
-  sonarjs/no-collection-size-mischeck: [2]
-  sonarjs/no-duplicate-string: [0]
-  sonarjs/no-duplicated-branches: [0]
-  sonarjs/no-element-overwrite: [2]
-  sonarjs/no-extra-arguments: [0]
-  sonarjs/no-identical-conditions: [2]
-  sonarjs/no-identical-expressions: [0]
-  sonarjs/no-identical-functions: [0]
-  sonarjs/no-inverted-boolean-check: [2]
-  sonarjs/no-one-iteration-loop: [2]
-  sonarjs/no-redundant-boolean: [2]
-  sonarjs/no-redundant-jump: [0]
-  sonarjs/no-same-line-conditional: [2]
-  sonarjs/no-small-switch: [0]
-  sonarjs/no-unused-collection: [2]
-  sonarjs/no-use-of-empty-return-value: [2]
-  sonarjs/no-useless-catch: [0]
-  sonarjs/prefer-immediate-return: [0]
-  sonarjs/prefer-object-literal: [2]
-  sonarjs/prefer-single-boolean-return: [0]
-  sonarjs/prefer-while: [2]
   sort-imports: [0]
   sort-keys: [0]
   sort-vars: [0]
@@ -346,12 +346,14 @@ rules:
   unicorn/catch-error-name: [0]
   unicorn/consistent-function-scoping: [2]
   unicorn/custom-error-definition: [0]
+  unicorn/empty-brace-spaces: [2]
   unicorn/error-message: [0]
   unicorn/escape-case: [0]
   unicorn/expiring-todo-comments: [0]
   unicorn/explicit-length-check: [0]
   unicorn/filename-case: [0]
   unicorn/import-index: [0]
+  unicorn/import-style: [0]
   unicorn/new-for-builtins: [2]
   unicorn/no-abusive-eslint-disable: [0]
   unicorn/no-array-instanceof: [0]
@@ -360,9 +362,11 @@ rules:
   unicorn/no-for-loop: [0]
   unicorn/no-hex-escape: [0]
   unicorn/no-keyword-prefix: [0]
+  unicorn/no-lonely-if: [2]
   unicorn/no-nested-ternary: [0]
   unicorn/no-new-buffer: [0]
   unicorn/no-null: [0]
+  unicorn/no-object-as-default-parameter: [2]
   unicorn/no-process-exit: [0]
   unicorn/no-reduce: [2]
   unicorn/no-unreadable-array-destructuring: [0]
@@ -371,10 +375,14 @@ rules:
   unicorn/no-useless-undefined: [0]
   unicorn/no-zero-fractions: [2]
   unicorn/number-literal-case: [0]
+  unicorn/numeric-separators-style: [0]
   unicorn/prefer-add-event-listener: [2]
+  unicorn/prefer-array-find: [2]
   unicorn/prefer-dataset: [2]
+  unicorn/prefer-date-now: [2]
   unicorn/prefer-event-key: [2]
   unicorn/prefer-includes: [2]
+  unicorn/prefer-math-trunc: [2]
   unicorn/prefer-modern-dom-apis: [0]
   unicorn/prefer-negative-index: [2]
   unicorn/prefer-node-append: [0]
@@ -388,6 +396,7 @@ rules:
   unicorn/prefer-spread: [0]
   unicorn/prefer-starts-ends-with: [2]
   unicorn/prefer-string-slice: [0]
+  unicorn/prefer-ternary: [0]
   unicorn/prefer-text-content: [2]
   unicorn/prefer-trim-start-end: [2]
   unicorn/prefer-type-error: [0]
@@ -397,6 +406,11 @@ rules:
   use-isnan: [2]
   valid-typeof: [2, {requireStringLiterals: true}]
   vars-on-top: [0]
+  vue/attributes-order: [0]
+  vue/component-definition-name-casing: [0]
+  vue/html-closing-bracket-spacing: [0]
+  vue/max-attributes-per-line: [0]
+  vue/one-component-per-file: [0]
   wrap-iife: [2, inside]
   wrap-regex: [0]
   yield-star-spacing: [2, after]

.gitattributes

@@ -1,10 +1,6 @@
 * text=auto eol=lf
-/vendor/** -text -eol
-/public/vendor/** -text -eol
-
-conf/* linguist-vendored
-docker/* linguist-vendored
-options/* linguist-vendored
-public/* linguist-vendored
-build/* linguist-vendored
-templates/* linguist-vendored
+/vendor/** -text -eol linguist-vendored
+/public/vendor/** -text -eol linguist-vendored
+/templates/**/*.tmpl linguist-language=Handlebars
+/.eslintrc linguist-language=YAML
+/.stylelintrc linguist-language=YAML

.github/FUNDING.yml

@@ -1 +1,2 @@
 open_collective: gitea
+custom: https://www.bountysource.com/teams/gitea

.github/issue_template.md

@@ -2,16 +2,20 @@
 
 <!--
     1. Please speak English, this is the language all maintainers can speak and write.
-    2. Please ask questions or configuration/deploy problems on our Discord 
+    2. Please ask questions or configuration/deploy problems on our Discord
        server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
     3. Please take a moment to check that your issue doesn't already exist.
-    4. Please give all relevant information below for bug reports, because 
+    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
+    5. Please give all relevant information below for bug reports, because
        incomplete details will be handled as an invalid report.
 -->
 
 - Gitea version (or commit ref):
 - Git version:
 - Operating system:
+  <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package -->
+  <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. --->
+  <!-- If you are using a package or systemd tell us what distribution you are using -->
 - Database (use `[x]`):
   - [ ] PostgreSQL
   - [ ] MySQL
@@ -20,10 +24,15 @@
 - Can you reproduce the bug at https://try.gitea.io:
   - [ ] Yes (provide example URL)
   - [ ] No
-  - [ ] Not relevant
 - Log gist:
+<!-- It really is important to provide pertinent logs -->
+<!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems -->
+<!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->
 
 ## Description
+<!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please
+     disable the proxy/CDN fully and connect to gitea directly to confirm
+     the issue still persists without those services. -->
 
 ...
 

.github/lock.yml

@@ -0,0 +1,23 @@
+# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
+
+# Number of days of inactivity before a closed issue or pull request is locked
+daysUntilLock: 60
+
+# Skip issues and pull requests created before a given timestamp. Timestamp must
+# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
+skipCreatedBefore: false
+
+# Issues and pull requests with these labels will be ignored.
+exemptLabels: []
+
+# Label to add before locking, such as `outdated`. `false` is disabled
+lockLabel: false
+
+# Comment to post before locking.
+lockComment: >
+  This thread has been automatically locked since there has not been
+  any recent activity after it was closed. Please open a new issue for
+  related bugs and link to relevant comments in this thread.
+
+# Assign `resolved` as the reason for locking. Set to `false` to disable
+setLockReason: true

.gitignore

@@ -79,9 +79,20 @@ coverage.all
 /public/serviceworker.js
 /public/css
 /public/fonts
-/public/fomantic
-/public/img/svg
+/public/img/webpack
+/web_src/fomantic/build/*
+!/web_src/fomantic/build/semantic.js
+!/web_src/fomantic/build/semantic.css
+!/web_src/fomantic/build/themes
+/web_src/fomantic/build/themes/*
+!/web_src/fomantic/build/themes/default
+/web_src/fomantic/build/themes/default/assets/*
+!/web_src/fomantic/build/themes/default/assets/fonts
+/web_src/fomantic/build/themes/default/assets/fonts/*
+!/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2
+!/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
 /VERSION
+/.air
 
 # Snapcraft
 snap/.snapcraft/
@@ -95,3 +106,6 @@ prime/
 
 # Make evidence files
 /.make_evidence
+
+# Manpage
+/man

.golangci.yml

@@ -26,7 +26,7 @@ linters-settings:
   gocritic:
     disabled-checks:
       - ifElseChain
-      - singleCaseSwitch # Every time this occured in the code, there  was no other way.
+      - singleCaseSwitch # Every time this occurred in the code, there  was no other way.
 
 issues:
   exclude-rules:
@@ -70,7 +70,7 @@ issues:
     - path: modules/log/
       linters:
         - errcheck
-    - path: routers/routes/routes.go
+    - path: routers/routes/web.go
       linters:
         - dupl
     - path: routers/api/v1/repo/issue_subscription.go
@@ -98,3 +98,15 @@ issues:
     - path: models/update.go
       linters:
         - unused
+    - path: cmd/dump.go
+      linters:
+        - dupl
+    - path: services/webhook/webhook.go
+      linters:
+        - structcheck
+    - text: "commentFormatting: put a space between `//` and comment text"
+      linters:
+        - gocritic
+    - text: "exitAfterDefer:"
+      linters:
+        - gocritic

.ignore

@@ -1,6 +1,5 @@
 /vendor
 /public/vendor/plugins
-/public/vendor/assets
 /modules/options/bindata.go
 /modules/public/bindata.go
 /modules/templates/bindata.go

.npmrc

@@ -1,2 +1,4 @@
+audit=false
+fund=false
 package-lock=true
 save-exact=true

.stylelintrc

@@ -1,17 +1,15 @@
 extends: stylelint-config-standard
 
-ignoreFiles:
-  - web_src/less/vendor/**/*
-
 rules:
   at-rule-empty-line-before: null
   block-closing-brace-empty-line-before: null
   color-hex-length: null
   comment-empty-line-before: null
+  declaration-block-single-line-max-declarations: null
   declaration-empty-line-before: null
-  indentation: 4
+  indentation: 2
   no-descending-specificity: null
   number-leading-zero: never
   rule-empty-line-before: null
-  selector-pseudo-element-colon-notation: null
+  selector-pseudo-element-colon-notation: double
   shorthand-property-no-redundant-values: true

CHANGELOG.md

@@ -4,6 +4,885 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.14.1](https://github.com/go-gitea/gitea/releases/tag/v1.14.1) - 2021-04-15
+
+* BUGFIXES
+  * Fix bug clone wiki (#15499) (#15502)
+  * Github Migration ignore rate limit, if not enabled (#15490) (#15495)
+  * Use subdir for URL (#15446) (#15493)
+  * Query the DB for the hash before inserting in to email_hash (#15457) (#15491)
+  * Ensure review dismissal only dismisses the correct review (#15477) (#15489)
+  * Use index of the supported tags to choose user lang (#15452) (#15488)
+  * Fix wrong file link in code search page (#15466) (#15486)
+  * Quick template fix for built-in SSH server in admin config (#15464) (#15481)
+  * Prevent superfluous response.WriteHeader (#15456) (#15476)
+  * Fix ambiguous argument error on tags (#15432) (#15474)
+  * Add created_unix instead of expiry to migration (#15458) (#15463)
+  * Fix repository search (#15428) (#15442)
+  * Prevent NPE on avatar direct rendering if federated avatars disabled (#15434) (#15439)
+  * Fix wiki clone urls (#15430) (#15431)
+  * Fix dingtalk icon url at webhook (#15417) (#15426)
+  * Standardise icon on projects PR page (#15387) (#15408)
+* ENHANCEMENTS
+  * Add option to skip LFS/attachment files for `dump` (#15407) (#15492)
+  * Clone panel fixes (#15436)
+  * Use semantic dropdown for code search query type (#15276) (#15364)
+* BUILD
+  * Build go-git variants for windows (#15482) (#15487)
+  * Lock down build-images dependencies (Partial #15479) (#15480)
+* MISC
+  * Performance improvement for list pull requests (#15447) (#15500)
+  * Fix potential copy lfs records failure when fork a repository (#15441) (#15485)
+
+## [1.14.0](https://github.com/go-gitea/gitea/releases/tag/v1.14.0) - 2021-04-11
+
+* SECURITY
+  * Respect approved email domain list for externally validated user registration (#15014)
+  * Add reverse proxy configuration support for remote IP address detection (#14959)
+  * Ensure validation occurs on clone addresses too (#14994)
+* BREAKING
+  * Fix double 'push tag' action feed (#15078) (#15083)
+  * Remove possible resource leak (#15067) (#15082)
+  * Handle unauthorized user events gracefully (#15071) (#15074)
+  * Restore Access.log following migration to Chi framework (Stops access logging of /api/internal routes) (#14475)
+  * Migrate from Macaron to Chi framework (#14293)
+  * Deprecate building for mips (#14174)
+  * Consolidate Logos and update README header (#14136)
+  * Inline manifest.json (#14038)
+  * Store repository data in data path if not previously set (#13991)
+  * Rename "gitea" png to "logo" (#13974)
+  * Standardise logging of failed authentication attempts in internal SSH (#13962)
+  * Add markdown support in organization description (#13549)
+  * Improve users management through the CLI (#6001) (#10492)
+* FEATURES
+  * Create a new issue with reference to lines of code from file view (#14863)
+  * Repository transfer has to be confirmed, if user can not create repo for new owner (#14792)
+  * Allow blocking some email domains from registering an account (#14667)
+  * Create a new issue based on reference to an issue comment (#14366)
+  * Add support to migrate from gogs (#14342)
+  * Add pager to the branches page (#14202)
+  * Minimal OpenID Connect implementation (#14139)
+  * Display current stopwatch in navbar (#14122)
+  * Display SVG files as images instead of text (#14101)
+  * Disable SSH key deletion of externally managed Keys (#13985)
+  * Add support for ed25519_sk and ecdsa_sk SSH keys (#13462)
+  * Add support for Mastodon OAuth2 provider (#13293)
+  * Add gitea sendmail command (#13079)
+  * Create DB session provider(based on xorm) (#13031)
+  * Add dismiss review feature (#12674)
+  * Make manual merge autodetection optional and add manual merge as merge method (#12543)
+  * Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244)
+  * Create Rootless Docker image (#10154)
+* API
+  * Speedup issue search (#15179) (#15192)
+  * Get pull, return head branch sha, even if deleted (#14931)
+  * Export LFS & TimeTracking function status (#14753)
+  * Show Gitea version in swagger (#14654)
+  * Fix PATCH /repos/{owner}/{repo} panic (#14637)
+  * Add Restricted Field to User (#14630)
+  * Add support for ref parameter to get raw file API (#14602)
+  * Add affected files of commits to commit struct (#14579)
+  * Fix CJK fonts again and misc. font issues (#14575)
+  * Add delete release by tag & delete tag (#14563) & (#13358)
+  * Add pagination to ListBranches (#14524)
+  * Add signoff option in commit form (#14516)
+  * GetRelease by tag only return release (#14397)
+  * Add MirrorInterval to the API (#14163)
+  * Make BasicAuth Prefix case insensitive (#14106)
+  * Add user filter to issueTrackedTimes, enable usage for issue managers (#14081)
+  * Add ref to create/edit issue options & deprecated assignee (#13992)
+  * Add Ref to Issue (#13946)
+  * Expose default theme in meta and API (#13809)
+  * Send error message when CSRF token is missing (#13676)
+  * List, Check, Add & delete endpoints for repository teams (#13630)
+  * Admin EditUser: Make FullName, Email, Website & Location optional (#13562)
+  * Add more filters to issues search (#13514)
+  * Add review request api (#11355)
+* BUGFIXES
+  * Fix delete nonexist oauth application 500 and prevent deadlock (#15384) (#15396)
+  * Always set the merge base used to merge the commit (#15352) (#15385)
+  * Upgrade to bluemonday 1.0.7 (#15379) (#15380)
+  * Turn RepoRef and RepoAssignment back into func(*Context) (#15372) (#15377)
+  * Move FCGI req.URL.Path fix-up to the FCGI listener (#15292) (#15361)
+  * Show diff on rename with diff changes (#15338) (#15339)
+  * Fix handling of logout event (#15323) (#15337)
+  * Fix CanCreateRepo check (#15311) (#15321)
+  * Fix xorm log stack level (#15285) (#15316)
+  * Fix bug in Wrap (#15302) (#15309)
+  * Drop the event source if we are unauthorized (#15275) (#15280)
+  * Backport Fix graph pagination (#15225)  (#15249)
+  * Prevent NPE in CommentMustAsDiff if no hunk header (#15199) (#15200)
+  * should run RetrieveRepoMetas() for empty pr (#15187) (#15190)
+  * Move setting to enable closing issue via commit in non default branch to repo settings (#14965)
+  * Show correct issues for team dashboard (#14952)
+  * Ensure that new pull request button works on forked forks owned by owner of the root and reduce ambiguity (#14932)
+  * Only allow issue labels from owner repository or organization (#14928)
+  * Fix alignment of People and Teams right arrow on org homepage (#14924)
+  * Fix overdue marking of closed issues and milestones (#14923)
+  * Prevent panic when empty MilestoneID in repo/issue/list (#14911)
+  * Fix migration context data (#14910)
+  * Handle URLs with trailing slash (#14852)
+  * Add CORS config on to /login/oauth/access_token endpoint (#14850)
+  * Make searching issues by keyword case insensitive on DB (#14848)
+  * Prevent use of double sub-path and incorrect asset path in manifest (#14827)
+  * Fix link account ui (#14763)
+  * Fix preview status switch button on wiki editor (#14742)
+  * Fix github download on migration (#14703)
+  * Fix svg spacing (#14638)
+  * Prevent adding nil label to .AddedLabels or .RemovedLabels (#14623)
+  * Truncated organizations name (#14615)
+  * Exclude the current dump file from the dump (#14606)
+  * Use OldRef instead of CommitSHA for DeleteBranch comments (#14604)
+  * Ensure memcache caching works when TTL greater than 30 days (#14592)
+  * Remove NULs byte arrays passed to PostProcess (#14587)
+  * Restore detection of branches are equal on compare page (#14586)
+  * Fix incorrect key name so registerManualConfirm works (#14455)
+  * Fix close/reopen with comment (#14436)
+  * Allow passcode invalid error to appear (#14371)
+  * Escape branch names in compare url (#14364)
+  * Label and milestone webhooks on issue/pull creation (#14363)
+  * Handle NotifyCreateRef as create branch in feeds (#14245)
+  * Prevent clipping input text in Chrome + Segoe UI Font (#14179)
+  * Fix UI on edit auth source page (#14137)
+  * Fix git.parseTagData (#14105)
+  * Refactor get tag to remove unnecessary steps (#14058)
+  * Fix integrations test error with space in CURDIR path (#14056)
+  * Dropdown triangle fixes (#14028)
+  * Fix label of --id in admin delete user (#14005)
+  * Cause NotifyMigrateRepository to emit a repo create webhook (#14004)
+  * Update HEAD to match defaultBranch in template generation (#13948)
+  * Fix action avatar loading (#13909)
+  * Fix issue participants (#13893)
+  * Fix avatar template error (#13833)
+  * Fix review request notification email links when external issue tracker is enabled (#13723)
+  * Fix blame line alignment (#13542)
+  * Include OriginalAuthor in Reaction constraint (#13505)
+  * Comments on review should have the same sha (#13448)
+  * Fix whitespace rendering in diff (#13415)
+  * Fixed git args duplication (#13411)
+  * Fix bug on release publisherid migrations (#13410)
+  * Fix --port setting (#13288)
+  * Keep database transactions not too big (#13254)
+  * Git version check, ignore pre-releases constraints (#13234)
+  * Handle and propagate errors when checking if paths are Dirs, Files or Exist (#13186)
+  * Update Mirror IsEmpty status on synchronize (#13185)
+  * Use GO variable in go-check target (#13146) (#13147)
+* ENHANCEMENTS
+  * UI style improvements
+  * Dropzone styling improvements (#15291) (#15374)
+  * Add size to Save function (#15264) (#15270)
+  * Monaco improvements (#15333) (#15345)
+  * Support .mailmap in code activity stats (#15009)
+  * Sort release attachments by name (#15008)  
+  * Add ui.explore settings to control view of explore pages (#14094)
+  * Make internal SSH server host key path configurable (#14918)
+  * Hide resync all ssh principals when using internal ssh server (#14904)
+  * Add SameSite setting for cookies (#14900)
+  * Move Bleve and Elastic code indexers to use a common cat-file --batch (#14781)
+  * Add environment-to-ini to docker image (#14762)
+  * Add preview support for wiki editor when disable simpleMDE (#14757)
+  * Add easyMDE(simpleMDE) support for release content editor (#14744)
+  * Organization removal confirmation using name not password (#14738)
+  * Make branch names in PR description clickable (#14716)
+  * Add Password Algorithm option to install page (#14701)
+  * Add fullTextSearch to dropdowns by default (#14694)
+  * Fix truncated organization names (#14655)
+  * Whitespace in commits (#14650)
+  * Sort / move project boards (#14634)
+  * Make fileheader sticky in diffs (#14616)
+  * Add helper descriptions on new repo page (#14591)
+  * Move the stopwatches to the eventsource stream (#14588)
+  * Add Content-Length header to HEAD requests (#14542)
+  * Add Image Diff options in Diff view (#14450)
+  * Improve Description in new/ edit Project template (#14429)
+  * Allow ssh-keygen on Windows to detect ssh key type (#14413)
+  * Display error if twofaSecret cannot be retrieved (#14372)
+  * Sort issue search results by revelance (#14353)
+  * Implement ghost comment mitigation (#14349)
+  * Upgrade blevesearch dependency to v2.0.1 (#14346)
+  * Add edit, delete and reaction support to code review comments on issue page (#14339)
+  * Merge default and system webhooks under one menu (#14244)
+  * Add option for administrator to reset user 2FA (#14243)
+  * Add option to change username to the admin panel (#14229)
+  * Check for 'main' as potential default branch name (#14193)
+  * Project: show referenced PRs in issue cards (#14183)
+  * Use caddy's certmagic library for extensible/robust ACME handling (#14177)
+  * CLI support for OAuth sources custom icons (#14166)
+  * Custom icons for OAuth sources (#14161)
+  * Team dashboards (#14159)
+  * KanBan: be able to set default board (#14147)
+  * Disable Fomantic's custom scrollbars (#14109)
+  * Add UI to delete tracked times (#14100)
+  * Rework heatmap permissions (#14080)
+  * Issue and pull request filters on organization dashboard (#14072)
+  * Fix webhook list styling (#14001)
+  * Show dropdown with all statuses for commit (#13977)
+  * Show status check for merged PRs (#13975)
+  * Diff stat improvements (#13954)
+  * Report permissions denied in internal SSH (#13953)
+  * Markdown task list improvements (#13952)
+  * Heatmap days clickable (#13935)
+  * chore: use octicon-mirror for feeds display (#13928)
+  * Move diff split code into own template file (#13919)
+  * Markdown: Enable wrapping in code blocks and a color tweak (#13894)
+  * Do not reload page after adding comments in Pull Request reviews (#13877)
+  * Add pull request manually merge instruction (#13840)
+  * add thumbnail preview section to issue attachments (#13826)
+  * Move Repo APIFormat to convert package (#13787)
+  * Move notification APIFormat (#13783)
+  * Swap swagger-ui with swagger-ui-dist (#13777)
+  * User Settings: Ignore empty language codes & validate (#13755)
+  * Improve migrate page and add card CSS (#13751)
+  * Add block on official review requests branch protection (#13705)
+  * Add review requested filter on pull request overview (#13701)
+  * Use chronological commit order in default squash message (#13696)
+  * Clickable links in pull request (and issue) titles (#13695)
+  * Support shortened commit SHAs in URLs (#13686)
+  * Use native git variants by default with go-git variants as build tag (#13673)
+  * Don't render dropdown when only 1 merge style is available (#13670)
+  * Move webhook type from int to string (#13664)
+  * Direct avatar rendering (#13649)
+  * Verify password for local-account activation (#13631)
+  * Prevent clone protocol button flash on page load (#13626)
+  * Remove fetch request from heatmap (#13623)
+  * Refactor combine label comments with tests (#13619)
+  * Move metrics from macaron to chi (#13601)
+  * Issue and Pulls lists rework (#13594)
+  * HTTP cache rework and enable caching for storage assets (#13569)
+  * Use mount but not register for chi routes (#13555)
+  * Use monaco for the git hook editor (#13552)
+  * Make heatmap colors more distinct (#13533)
+  * Lazy-load issue reviewers and assignees avatars (#13526)
+  * Change search and filter icons to SVG (#13473)
+  * Create tag on ui (#13467)
+  * updateSize when create a repo with init commit (#13441)
+  * Added title and action buttons to Project view page (#13437)
+  * Override fomantic monospace fonts and set size (#13435)
+  * Rework focused comment styling (#13434)
+  * Tags cleanup (#13428)
+  * Various style tweaks (#13418)
+  * Refactor push update (#13381)
+  * Comment box tweaks and SVG dropdown triangles (#13376)
+  * Various style fixes (#13372)
+  * Change repo home page icons to SVG (#13364)
+  * Use CSS Vars for primary color (#13361)
+  * Refactor image paste code (#13354)
+  * Switch from SimpleMDE to EasyMDE (#13333)
+  * Group Label Changed Comments in timeline (#13304)
+  * Make the logger an interface (#13294)
+  * Fix PR/Issue titles on mobile (#13292)
+  * Rearrange the order of the merged by etc. in locale (#13284)
+  * Replace footer and modal icons with SVG (#13245)
+  * Issues overview should not show issues from archived repos (#13220)
+  * Show stale label for stale code comment which is marked as resolved (#13213)
+  * Use CSS Variables for fonts, remove postcss-loader (#13204)
+  * Add mentionable teams to tributeValues and change team mention rules to gh's style (#13198)
+  * Move install pages out of main macaron routes (#13195)
+  * Update outdated label to use Fomantic UI style (#13181)
+  * Added option to disable webhooks (#13176)
+  * Change order of possible-owner organizations to alphabetical (#13160)
+  * Log IP on SSH authentication failure for Built-in SSH server (#13150)
+  * Added option to disable migrations (#13114)
+  * New "Add Mirror" Button in the Organization view (#13105)
+  * Manually approve new registration (#13083)
+  * Cron job to cleanup hook_task table (#13080)
+  * Use the headline comment of pull-request as the squash commit's message (#13071)
+  * Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL (#12999)
+  * Slightly simplify the queue settings code to help reduce the risk of problems (#12976)
+  * Add precise search type for Elastic Search (#12869)
+  * Move APIFormat functions into convert package (#12856)
+  * Multiple GitGraph improvements: Exclude PR heads, Add branch/PR links, Show only certain branches, (#12766)
+  * Add TrN for repository limit (#12492)
+  * Refactor doctor (#12264)
+  * Add the tag list page to the release page (#12096)
+  * Redirect on changed user and org name (#11649)
+  * load U2F js only on pages which need it (#11585)
+  * Make archival asynchronous (#11296)
+  * Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step (#7420)
+  * Improve vfsgen to not unzip bindata files but send to browser directly (#7109)
+  * Enhance release list (#6025)
+* DOCS
+  * Swagger show models by default (#14880)
+  * Add missing repo.projects unit into swagger (#14876)
+  * Update docs and comments to remove macaron (#14491)
+  * Issue template addition: Are you using Gitea behind CloudFlare? (#14098)
+  * Generate man pages (#13901)
+  * Reformat/fine-tune docs (#13897)
+  * Added Table of Contents to long documentation pages (#13890)
+  * Add docs command (#13429)
+  * Update external-renderers.en-us.md (#13165)
+* MISC
+  * Add builds for apple M1 (darwin arm64) (#14951)
+  * Migrate to use jsoniter instead of encoding/json (#14841)
+  * Reduce make verbosity (#13803)
+  * Add git command error directory on log (#13194)
+
+## [1.13.7](https://github.com/go-gitea/gitea/releases/tag/v1.13.7) - 2021-04-07
+
+* SECURITY
+  * Update to bluemonday-1.0.6 (#15294) (#15298)
+  * Clusterfuzz found another way (#15160) (#15169)
+* API
+  * Fix wrong user returned in API (#15139) (#15150)
+* BUGFIXES
+  * Add 'fonts' into 'KnownPublicEntries' (#15188) (#15317)
+  * Speed up `enry.IsVendor` (#15213) (#15246)
+  * Response 404 for diff/patch of a commit that not exist (#15221) (#15238)
+  * Prevent NPE in CommentMustAsDiff if no hunk header (#15199) (#15201)
+* MISC
+  * Add size to Save function (#15264) (#15271)
+
+## [1.13.6](https://github.com/go-gitea/gitea/releases/tag/v1.13.6) - 2021-03-23
+
+* SECURITY
+  * Fix bug on avatar middleware (#15124) (#15125)
+  * Fix another clusterfuzz identified issue (#15096) (#15114)
+* API
+  * Fix nil pointer exception in get pull reviews API (#15106)
+* BUGFIXES
+  * Fix markdown rendering in milestone content (#15056) (#15092)
+
+## [1.13.5](https://github.com/go-gitea/gitea/releases/tag/v1.13.5) - 2021-03-21
+
+* SECURITY
+  * Update to goldmark 1.3.3 (#15059) (#15061)
+  * Another clusterfuzz spotted issue (#15032) (#15034)
+* API
+  * Fix set milestone on PR creation (#14981) (#15001)
+  * Prevent panic when editing forked repos by API (#14960) (#14963)
+* BUGFIXES
+  * Fix bug when upload on web (#15042) (#15055)
+  * Delete Labels & IssueLabels on Repo Delete too (#15039) (#15051)
+  * Fix postgres ID sequences broken by recreate-table (#15015) (#15029)
+  * Fix several render issues (#14986) (#15013)
+  * Make sure sibling images get a link too (#14979) (#14995)
+  * Fix Anchor jumping with escaped query components (#14969) (#14977)
+  * Fix release mail html template (#14976)
+  * Fix excluding more than two labels on issues list (#14962) (#14973)
+  * Don't mark each comment poster as OP (#14971) (#14972)
+  * Add "captcha" to list of reserved usernames (#14930)
+  * Re-enable import local paths after reversion from #13610 (#14925) (#14927)
+
+## [1.13.4](https://github.com/go-gitea/gitea/releases/tag/v1.13.4) - 2021-03-07
+
+* SECURITY
+  * Fix issue popups (#14898) (#14899)
+* BUGFIXES
+  * Fix race in LFS ContentStore.Put(...) (#14895) (#14913)
+  * Fix a couple of issues with a feeds (#14897) (#14903)
+  * When transfering repository and database transaction failed, rollback the renames (#14864) (#14902)
+  * Fix race in local storage (#14888) (#14901)
+  * Fix 500 on pull view page if user is not loged in (#14885) (#14886)
+* DOCS
+  * Fix how lfs data path is set (#14855) (#14884)
+
+## [1.13.3](https://github.com/go-gitea/gitea/releases/tag/v1.13.3) - 2021-03-04
+
+* BREAKING
+  * Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one (#14673) (#14675)
+* BUGFIXES
+  * Fix paging of file commit logs (#14831) (#14879)
+  * Print useful error if SQLite is used in settings but not supported (#14476) (#14874)
+  * Fix display since time round (#14226) (#14873)
+  * When Deleting Repository only explicitly close PRs whose base is not this repository (#14823) (#14842)
+  * Set HCaptchaSiteKey on Link Account pages (#14834) (#14839)
+  * Fix a couple of CommentAsPatch issues.  (#14804) (#14820)
+  * Disable broken OAuth2 providers at startup (#14802) (#14811)
+  * Repo Transfer permission checks (#14792) (#14794)
+  * Fix double alert in oauth2 application edit view (#14764) (#14768)
+  * Fix broken spans in diffs (#14678) (#14683)
+  * Prevent race in PersistableChannelUniqueQueue.Has (#14651) (#14676)
+  * HasPreviousCommit causes recursive load of commits unnecessarily (#14598) (#14649)
+  * Do not assume all 40 char strings are SHA1s (#14624) (#14648)
+  * Allow org labels to be set with issue templates (#14593) (#14647)
+  * Accept multiple SSH keys in single LDAP SSHPublicKey attribute (#13989) (#14607)
+  * Fix bug about ListOptions and stars/watchers pagnation (#14556) (#14573)
+  * Fix GPG key deletion during account deletion (#14561) (#14569)
+
+## [1.13.2](https://github.com/go-gitea/gitea/releases/tag/v1.13.2) - 2021-01-31
+
+* SECURITY
+  * Prevent panic on fuzzer provided string (#14405) (#14409)
+  * Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
+* API
+  * If release publisher is deleted use ghost user (#14375)
+* BUGFIXES
+  * Internal ssh server respect Ciphers, MACs and KeyExchanges settings (#14523) (#14530)
+  * Set the name Mapper in migrations (#14526) (#14529)
+  * Fix wiki preview (#14515)
+  * Update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2 (#14497)
+  * ChangeUserName: rename user files back on DB issue (#14447)
+  * Fix lfs preview bug (#14428) (#14433)
+  * Ensure timeout error is shown on u2f timeout (#14417) (#14431)
+  * Fix Deadlock & Delete affected reactions on comment deletion (#14392) (#14425)
+  * Use path not filepath in routers/editor (#14390) (#14396)
+  * Check if label template exist first (#14384) (#14389)
+  * Fix migration v141 (#14387) (#14388)
+  * Use Request.URL.RequestURI() for fcgi (#14347)
+  * Use ServerError provided by Context (#14333) (#14345)
+  * Fix edit-label form init (#14337)
+  * Fix mailIssueCommentBatch for pull request (#14252) (#14296)
+  * Render links for commit hashes followed by comma (#14224) (#14227)
+  * Send notifications for mentions in pulls, issues, (code-)comments (#14218) (#14221)
+  * Fix avatar bugs (#14217) (#14220)
+  * Ensure that schema search path is set with every connection on postgres (#14131) (#14216)
+  * Fix dashboard issues labels filter bug (#14210) (#14214)
+  * When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211) (#14213)
+  * Fix branch selector on new issue page (#14194) (#14207)
+  * Check for notExist on profile repository page (#14197) (#14203)
+
+## [1.13.1](https://github.com/go-gitea/gitea/releases/tag/v1.13.1) - 2020-12-29
+
+* SECURITY
+  * Hide private participation in Orgs (#13994) (#14031)
+  * Fix escaping issue in diff (#14153) (#14154)
+* BUGFIXES
+  * Fix bug of link query order on markdown render (#14156) (#14171)
+  * Drop long repo topics during migration (#14152) (#14155)
+  * Ensure that search term and page are not lost on adoption page-turn (#14133) (#14143)
+  * Fix storage config implementation (#14091) (#14095)
+  * Fix panic in BasicAuthDecode (#14046) (#14048)
+  * Always wait for the cmd to finish (#14006) (#14039)
+  * Don't use simpleMDE editor on mobile devices for 1.13 (#14029)
+  * Fix incorrect review comment diffs (#14002) (#14011)
+  * Trim the branch prefix from action.GetBranch (#13981) (#13986)
+  * Ensure template renderer is available before storage handler (#13164) (#13982)
+  * Whenever the password is updated ensure that the hash algorithm is too (#13966) (#13967)
+  * Enforce setting HEAD in wiki to master (#13950) (#13961)
+  * Fix feishu webhook caused by API changed (#13938)
+  * Fix Quote Reply button on review diff (#13830) (#13898)
+  * Fix Pull Merge when tag with same name as base branch exist (#13882) (#13896)
+  * Fix mermaid chart size (#13865)
+  * Fix branch/tag notifications in mirror sync (#13855) (#13862)
+  * Fix crash in short link processor (#13839) (#13841)
+  * Update font stack to bootstrap's latest (#13834) (#13837)
+  * Make sure email recipients can see issue (#13820) (#13827)
+  * Reply button is not removed when deleting a code review comment (#13824)
+  * When reinitialising DBConfig reset the database use flags (#13796) (#13811)
+* ENHANCEMENTS
+  * Add emoji in label to project boards (#13978) (#14021)
+  * Send webhook when tag is removed via Web UI (#14015) (#14019)
+  * Use Process Manager to create own Context (#13792) (#13793)
+* API
+  * GetCombinedCommitStatusByRef always return json & swagger doc fixes (#14047)
+  * Return original URL of Repositories (#13885) (#13886)
+
+## [1.13.0](https://github.com/go-gitea/gitea/releases/tag/v1.13.0) - 2020-12-01
+* SECURITY
+  * Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
+  * Prevent git operations for inactive users (#13527) (#13536)
+  * Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13524)
+  * Mitigate Security vulnerability in the git hook feature (#13058)
+  * Disable DSA ssh keys by default (#13056)
+  * Set TLS minimum version to 1.2 (#12689)
+  * Use argon as default password hash algorithm (#12688)
+* BREAKING
+  * Set RUN_MODE prod by default (#13765) (#13767)
+  * Don't replace underscores in auto-generated IDs in goldmark (#12805)
+  * Add Primary Key to Topic and RepoTopic tables (#12639)
+  * Disable password complexity check default (#12557)
+  * Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid (#12500)
+  * Add extension Support to Attachments (allow all types for releases) (#12465)
+  * Remove IE11 Support (#11470)
+* FEATURES
+  * Adopt repositories (#12920)
+  * Check passwords against HaveIBeenPwned (#12716)
+  * Gitea 2 Gitea migration (#12657)
+  * Support storing Avatars in minio  (#12516)
+  * Allow addition of gpg keyring with multiple keys (#12487)
+  * Add email notify for new release (#12463)
+  * Add Access-Control-Expose-Headers (#12446)
+  * UserProfile Page: Render Description (#12415)
+  * Add command to recreate tables (#12407)
+  * Add mermaid JS renderer (#12334)
+  * Add ssh certificate support (#12281)
+  * Add spent time to referenced issue in commit message (#12220)
+  * Initial support for push options (#12169)
+  * Provide option to unlink a fork (#11858)
+  * Show exact tag for commit on diff view (#11846)
+  * Pause, Resume, Release&Reopen, Add and Remove Logging from command line (#11777)
+  * Issue templates directory (#11450)
+  * Add a storage layer for attachments (#11387)
+  * Add hide activity option (#11353)
+  * Add push commits history comment on PR time-line (#11167)
+  * Support elastic search for code search (#10273)
+  * Kanban board (#8346)
+* API
+  * If User is Admin, show 500 error message on PROD mode too (#13115)
+  * Add Timestamp to Tag list API (#13026)
+  * Return sample message for login error in api context (#12994)
+  * Add IsTemplate option in create repo ui and api (#12942)
+  * GetReleaseByID return 404 if not found (#12933)
+  * Get release by tags endpoint (#12932)
+  * NotificationSubject show Issue/Pull State (#12901)
+  * Expose its limitation settings (#12714)
+  * Add Created & Updated to Milestone (#12662)
+  * Milestone endpoints accept names too (#12649)
+  * Expose Attachment Settings in the API (#12514)
+  * Add Issue and Repo info to StopWatch (#12458)
+  * Add cron running API (#12421)
+  * Add Update Pull HeadBranch Function (#12419)
+  * Add TOTP header to Swagger Documentation (#12402)
+  * Delete Token accept names too (#12366)
+  * Add name filter for GetMilestoneList (#12336)
+  * Fixed count of filtered issues when api request. (#12275)
+  * Do not override API issue pagination with UI settings (#12068)
+  * Expose useful General Repo settings settings (#11758)
+  * Return error when trying to create Mirrors but Mirrors are globally disabled (#11757)
+  * Provide diff and patch API endpoints (#11751)
+  * Allow to create closed milestones (#11745)
+  * Add language Statistics endpoint (#11737)
+  * Add Endpoint to get GetGeneralUI Settings (#11735) & (#11854)
+  * Issue/Pull expose IsLocked Property on API (#11708)
+  * Add endpoint for Branch Creation (#11607)
+  * Add pagination headers on endpoints that support total count from database (#11145)
+* BUGFIXES
+  * Fix bogus http requests on diffs (#13760) (#13761)
+  * Show 'owner' tag for real owner (#13689) (#13743)
+  * Validate email before inserting/updating (#13475) (#13666)
+  * Fix issue/pull request list assignee filter (#13647) (#13651)
+  * Gitlab migration support for subdirectories (#13563) (#13591)
+  * Fix logic for preferred license setting (#13550) (#13557)
+  * Add missed sync branch/tag webhook (#13538) (#13556)
+  * Migration won't fail on non-migrated reactions (#13507)
+  * Fix Italian language file parsing error (#13156)
+  * Show outdated comments in pull request (#13148) (#13162)
+  * Fix parsing of pre-release git version (#13169) (#13172)
+  * Fix diff skipping lines (#13154) (#13155)
+  * When handling errors in storageHandler check underlying error (#13178) (#13193)
+  * Fix size and clickable area on file table back link (#13205) (#13207)
+  * Add better error checking for inline html diff code (#13251)
+  * Fix initial commit page & binary munching problem (#13249) (#13258)
+  * Fix migrations from remote Gitea instances when configuration not set (#13229) (#13273)
+  * Store task errors following migrations and display them (#13246) (#13287)
+  * Fix bug isEnd detection on getIssues/getPullRequests (#13299) (#13301)
+  * When the git ref is unable to be found return broken pr (#13218) (#13303)
+  * Ensure topics added using the API are added to the repository (#13285) (#13302)
+  * Fix avatar autogeneration (#13233) (#13282)
+  * Add migrated pulls to pull request task queue (#13331) (#13334)
+  * Issue comment reactions should also check pull type on API (#13349) (#13350)
+  * Fix links to repositories in /user/setting/repos (#13360) (#13362)
+  * Remove obsolete change of email on profile page (#13341) (#13347)
+  * Fix scrolling to resolved comment anchors (#13343) (#13371)
+  * Storage configuration support `[storage]` (#13314) (#13379)
+  * When creating line diffs do not split within an html entity (#13357) (#13375) (#13425) (#13427)
+  * Fix reactions on code comments (#13390) (#13401)
+  * Add missing full names when DEFAULT_SHOW_FULL_NAME is enabled (#13424)
+  * Replies to outdated code comments should also be outdated (#13217) (#13433)
+  * Fix panic bug in handling multiple references in commit (#13486) (#13487)
+  * Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13491)
+  * Show original author's reviews on pull summary box (#13127)
+  * Update golangci-lint to version 1.31.0 (#13102)
+  * Fix line break for MS teams webhook (#13081)
+  * Fix Issue & Pull Request comment headers on mobile (#13039)
+  * Avoid setting the CONN_STR in queues unless it is meant to be set (#13025)
+  * Remove code-view class from diff view (#13011)
+  * Fix the color of PR comment hyperlinks. (#13009)
+  * (Re)Load issue labels when changing them (#13007)
+  * Fix Media links in org files not liked to media files (#12997)
+  * Always return a list from GetCommitsFromIDs (#12981)
+  * Only set the user password if the password field would have been shown (#12980)
+  * Fix admin/config page (#12979)
+  * Changed width of commit signature avatar (#12961)
+  * Completely quote AppPath and CustomConf paths (#12955)
+  * Fix handling of migration errors (#12928)
+  * Fix anonymous GL migration (#12862)
+  * Fix git open close bug (#12834)
+  * Fix markdown meta parsing (#12817)
+  * Add default storage configurations (#12813)
+  * Show PR settings on empty repos (#12808)
+  * Disable watch and star if not signed in (#12807)
+  * Whilst changing the character set to utf8mb4 we should set ROW_FORMAT=dynamic too (#12804)
+  * Set opengraph attributes on org pages (#12803)
+  * Return error when creating gitlabdownloader failed (#12790)
+  * Add migration for password algorithm change (#12784)
+  * Compare SSH_DOMAIN when parsing submodule URLs (#12753)
+  * Fix editor.commit_empty_file_text locale string (#12744)
+  * Fix wrong poster message for code comment on Pull view (#11721)
+  * Escape failed highlighted files (#12685)
+  * Ensure that all migration requests are cancellable (#12669)
+  * Ensure RepoPath is lowercased in gitea serv (#12668)
+  * Do not disable commit changes button on repost (#12644)
+  * Dark theme for line numbers in blame view (#12632)
+  * Fix message when deleting last owner from an organization (#12628)
+  * Use shellquote to unpack arguments to gitea serv (#12624)
+  * Fix signing.wont_sign.%!s(<nil>) if Require Signing commits but not signed in. (#12581)
+  * Set utf8mb4 as the default charset on MySQL if CHARSET is unset (#12563)
+  * Set context for running CreateArchive to that of the request (#12555)
+  * Prevent redirect back to /user/events (#12462)
+  * Re-attempt to delete temporary upload if the file is locked by another process (#12447)
+  * Mirror System Notice reports are too frequent (#12438)
+  * Do not show arrows on comment diffs on pull comment pages (#12434)
+  * Fix milestone links (#12405)
+  * Increase size of the language column in language_stat (#12396)
+  * Use transaction in V102 migration (#12395)
+  * Only use --exclude on name-rev with git >= 2.13 (#12347)
+  * Add action feed for new release (#12324)
+  * Set NoAutoTime when updating is_archived (#12266)
+  * Support Force-update in Mirror and improve Tracing in mirror (#12242)
+  * Avoid sending "0 new commits" webhooks (#12212)
+  * Fix U2F button icon (#12167)
+  * models/repo_sign.go: break out of loops (#12159)
+  * Ensure that git commit tree continues properly over the page (#12142)
+  * Rewrite GitGraph.js (#12137)
+  * Fix repo API listing stability (#12057)
+  * Add team support for review request (#12039)
+  * Fix 500 error on repos with no tags (#11870)
+  * Fix nil pointer in default issue mail template (#11862)
+  * Fix commit search in all branches (#11849)
+  * Don't consider tag refs as valid for branch name (#11847)
+  * Don't add same line code comment box twice (#11837)
+  * Fix visibility of forked public repos from private orgs (#11717)
+  * Fix chardet test and add ordering option (#11621)
+  * Fix number of files, total additions, and deletions on Diff pages (#11614)
+  * Properly handle and return empty string for dangling commits in GetBranchName (#11587)
+  * Include query in sign in redirect (#11579)
+  * Fix Enter not working in SimpleMDE (#11564)
+  * Fix bug about can't skip commits base on base branch (#11555)
+* ENHANCEMENTS
+  * Only Return JSON for responses (#13511) (#13565)
+  * Use existing analyzer module for language detection for highlighting (#13522) (#13551)
+  * Return the full rejection message and errors in flash errors (#13221) (#13237)
+  * Remove PAM from auth dropdown when unavailable (#13276) (#13281)
+  * Add HostCertificate to sshd_config in Docker image (#13143)
+  * Save TimeStamps for Star, Label, Follow, Watch and Collaboration to Database (#13124)
+  * Improve error feedback for duplicate deploy keys (#13112)
+  * Set appropriate `autocomplete` attributes on password fields (#13078)
+  * Adding visual cue for "Limited" & "Private" organizations. (#13040)
+  * Fix Pull Request merge buttons on mobile (#13035)
+  * Gitea serv, hooks, manager and the like should always display Fatals (#13032)
+  * CSS tweaks to warning/error segments and misc fixes (#13024)
+  * Fix formatting of branches ahead-behind on narrow windows (#12989)
+  * Add config option to make create-on-push repositories public by default (#12936)
+  * Disable migration items when mirror is selected (#12918)
+  * Add the checkbox quick button to the comment tool bar also (#12885)
+  * Support GH enterprise (#12863)
+  * Simplify CheckUnitUser logic (#12854)
+  * Fix background of signed-commits on arc-green of timeline commits (#12837)
+  * Move git update-server-info to hooks (#12826)
+  * Add ui style for "Open a blank issue" button (#12824)
+  * Use a simple format for the big number on ui (#12822)
+  * Make SVG size argument optional (#12814)
+  * Add placeholder text for bio profile text form (#12792)
+  * Set language via AJAX (#12785)
+  * Show git-pull-request icon for closed pull request (#12742)
+  * Migrate version parsing library to hashicorp/go-version (#12719)
+  * Only use async pre-empt hack if go < 1.15 (#12718)
+  * Inform user about meaning of an hourglass on reviews (#12713)
+  * Add a migrate service type switch page (#12697)
+  * Migrations: Gitlab Add Reactions Support for Issues & MergeRequests (#12695)
+  * Remove duplicate logic in initListSubmits (#12660)
+  * Set avatar image dimensions (#12654)
+  * Rename models.ProtectedBranchRepoID/PRID to models.EnvRepoID/PRID and ensure EnvPusherEmail is set (#12646)
+  * Set setting.AppURL as GITEA_ROOT_URL environment variable during pushes (#12752)
+  * Add postgres schema to the search_path on database connection (#12634)
+  * Git migration UX improvements (#12619)
+  * Add link to home page on swagger ui (#12601)
+  * hCaptcha Support (#12594)
+  * OpenGraph: use repo avatar if exist (#12586)
+  * Reaction picker display improvements (#12576)
+  * Fix emoji replacements, make emoji images consistent (#12567)
+  * Increase clickable area on files table links (#12553)
+  * Set z-index for sticky diff box lower (#12537)
+  * Report error if API merge is not allowed (#12528)
+  * LFS support to be stored on minio (#12518)
+  * Show 2FA info on Admin Pannel: Users List (#12515)
+  * Milestone Issue/Pull List: Add octicons type (#12499)
+  * Make dashboard newsfeed list length a configurable item (#12469)
+  * Add placeholder text for send testing email button in admin/config (#12452)
+  * Add SVG favicon (#12437)
+  * In issue comments, put issue participants also in completion list when hitting @ (#12433)
+  * Collapse Swagger UI tags by default (#12428)
+  * Detect full references to issues and pulls in commit messages (#12399)
+  * Allow common redis and leveldb connections (#12385)
+  * Don't use legacy method to send Matrix Webhook (#12348)
+  * Remove padding/border-radius on image diffs (#12346)
+  * Render the git graph on the server (#12333)
+  * Fix clone panel in wiki position not always align right (#12326)
+  * Rework 'make generate-images' (#12316)
+  * Refactor webhook payload convertion (#12310)
+  * Move jquery-minicolors to npm/webpack (#12305)
+  * Support use nvarchar for all varchar columns when using mssql (#12269)
+  * Update Octicons to v10 (#12240)
+  * Disable search box autofocus (#12229)
+  * Replace code fold icons with octicons (#12222)
+  * Ensure syntax highlighting is the same inside diffs (#12205)
+  * Auto-init repo on license, .gitignore select (#12202)
+  * Default to showing closed Issues/PR list when there are only closed issues/PRs (#12200)
+  * Enable cloning via Git Wire Protocol v2 over HTTP (#12170)
+  * Direct SVG rendering (#12157)
+  * Improve arc-green code colors (#12111)
+  * Allow admin to merge pr with protected file changes (#12078)
+  * Show description on individual milestone view (#12055)
+  * Update the wiki repository remote origin while update the mirror repository's Clone From URL (#12053)
+  * Server-side syntax highlighting for all code (#12047)
+  * Use Fomantic's fluid padded for blame full width (#12023)
+  * Use custom SVGs for commit signing lock icon (#12017)
+  * Make tabs smaller (#12003)
+  * Fix sticky diff stats container (#12002)
+  * Move fomantic and jQuery to main webpack bundle (#11997)
+  * Use enry language type to detect special languages (#11974)
+  * Use only first line of commit when creating referenced comment (#11960)
+  * Rename custom/conf/app.ini.sample to custom/conf/app.example.ini for better syntax light on editor (#11926)
+  * Fix double divider on issue sidebar (#11919)
+  * Shorten markdown heading anchors links (#11903)
+  * Add org avatar on top of internal repo icon (#11895)
+  * Use label to describe repository type (#11891)
+  * Make repository size unclickable on repo summary bar (#11887)
+  * Rework blame template and styling (#11885)
+  * Fix icon alignment for show/hide outdated link on resolved conversation (#11881)
+  * Vertically align review icons on repository sidebar (#11880)
+  * Better align items using flex within review request box (#11879)
+  * Only write to global gitconfig if necessary (#11876)
+  * Disable all typographic replacements in markdown renderer (#11871)
+  * Improve label edit buttons labels (#11841)
+  * Use crispEdges rendering for octicon-internal-repo (#11801)
+  * Show update branch item in merge box when it's necessary (#11761)
+  * Add compare link to releases (#11752)
+  * Allow site admin to disable mirrors (#11740)
+  * Export monaco editor on window.codeEditors (#11739)
+  * Add configurable Trust Models (#11712)
+  * Show full GPG commit status on PR commit history (#11702)
+  * Fix align issues and decrease avatar size on PR timeline (#11689)
+  * Replace jquery-datetimepicker with native date input (#11684)
+  * Change Style of Tags on Comments (#11668)
+  * Fix missing styling for shabox on PR commit history (#11625)
+  * Apply padding to approval icons on PR list (#11622)
+  * Fix message wrapping on PR commit list (#11616)
+  * Right-align status icon on pull request commit history (#11594)
+  * Add missing padding for multi-commit list on PR view (#11593)
+  * Do not show avatar for "{{user}} added X commits" (#11591)
+  * Fix styling and padding for commit list on PR view (#11588)
+  * Style code review comment for arc-green (#11572)
+  * Use default commit message for wiki edits (#11550)
+  * Add internal-repo octicon for public repos of private org (#11529)
+  * Fix dropzone color on arc-green (#11514)
+  * Insert ui divider directly in templates instead of from inside heatmap vue component (#11508)
+  * Move tributejs to npm/webpack (#11497)
+  * Fix text-transform on wiki revisions page (#11486)
+  * Do not show lock icon on repo list for public repos in private org (#11445)
+  * Include LFS when calculating repo size (#11060)
+  * Add check for LDAP group membership (#10869)
+  * When starting new stopwatch stop previous if it is still running (#10533)
+  * Add queue for code indexer (#10332)
+  * Move all push update operations to a queue (#10133)
+  * Cache last commit when pushing for big repository (#10109)
+  * Change/remove a branch of an open issue (#9080)
+  * Sortable Tables Header By Click (#7980)
+* TESTING
+  * Use community codecov drone plugin (#12468)
+  * Add more tests for diff highlighting (#12467)
+  * Don't put integration test data outside of test folder (#11746)
+  * Add debug option to hooks (#11624)
+  * Log slow tests (#11487)
+* TRANSLATION
+  * Translate two small lables on commit statuse list (#12821)
+  * Make issues.force_push_codes message shorter (#11575)
+* BUILD
+  * Bump min required golang to 1.13 (#12717)
+  * Add 'make watch' (#12636)
+  * Extract Swagger CSS to its own file (#12616)
+  * Update eslint config (#12609)
+  * Avoid unnecessary system-ui expansion (#12522)
+  * Make the default PID file compile-time settable (#12485)
+  * Add 'watch-backend' (#12330)
+  * Detect version of sed in Makefile (#12319)
+  * Update gitea-vet to v0.2.1 (#12282)
+  * Add logic to build stable and edge builds for gitea snap (#12052)
+  * Fix missing CGO_EXTRA_FLAGS build arg for docker (#11782)
+  * Alpine 3.12 (#11720)
+  * Enable stylelint's shorthand-property-no-redundant-values (#11436)
+* DOCS
+  * Change default log configuration (#13088)
+  * Add automatic JS license generation (#11810)
+  * Remove page size limit comment from swagger (#11806)
+  * Narrow down Edge version in browser support docs (#11640)
+
+## [1.12.5](https://github.com/go-gitea/gitea/releases/tag/v1.12.5) - 2020-10-01
+
+* BUGFIXES
+  * Allow U2F with default settings for gitea in subpath (#12990) (#13001)
+  * Prevent empty div when editing comment (#12404) (#12991)
+  * On mirror update also update address in DB (#12964) (#12967)
+  * Allow extended config on cron settings (#12939) (#12943)
+  * Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
+  * Fix internal server error from ListUserOrgs API (#12910) (#12915)
+  * Update only the repository columns that need updating (#12900) (#12912)
+  * Fix panic when adding long comment (#12892) (#12894)
+  * Add size limit for content of comment on action ui (#12881) (#12890)
+  * Convert User expose ID each time (#12855) (#12883)
+  * Support slashes in release tags (#12864) (#12882)
+  * Add missing information to CreateRepo API endpoint (#12848) (#12867)
+  * On Migration respect old DefaultBranch (#12843) (#12858)
+  * Fix notifications page links (#12838) (#12853)
+  * Stop cloning unnecessarily on PR update (#12839) (#12852)
+  * Escape more things that are passed through str2html (#12622) (#12850)
+  * Remove double escape on labels addition in comments (#12809) (#12810)
+  * Fix "only mail on mention" bug (#12775) (#12789)
+  * Fix yet another bug with diff file names (#12771) (#12776)
+  * RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
+  * Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
+* ENHANCEMENTS
+  * gitea dump: include version & Check InstallLock (#12760) (#12762)
+
+## [1.12.4](https://github.com/go-gitea/gitea/releases/tag/v1.12.4) - 2020-09-02
+
+* SECURITY
+  * Escape provider name in oauth2 provider redirect (#12648) (#12650)
+  * Escape Email on password reset page (#12610) (#12612)
+  * When reading expired sessions - expire them (#12686) (#12690)
+* ENHANCEMENTS
+  * StaticRootPath configurable at compile time (#12371) (#12652)
+* BUGFIXES
+  * Fix to show an issue that is related to a deleted issue (#12651) (#12692)
+  * Expire time acknowledged for cache (#12605) (#12611)
+  * Fix diff path unquoting (#12554) (#12575)
+  * Improve HTML escaping helper (#12562)
+  * models: break out of loop (#12386) (#12561)
+  * Default empty merger list to those with write permissions (#12535) (#12560)
+  * Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
+  * Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
+  * Remove hardcoded ES indexername (#12521) (#12526)
+  * Fix bug preventing transfer to private organization (#12497) (#12501)
+  * Keys should not verify revoked email addresses (#12486) (#12495)
+  * Do not add prefix on http/https submodule links (#12477) (#12479)
+  * Fix ignored login on compare (#12476) (#12478)
+  * Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
+  * Upgrade google/go-github to v32.1.0 (#12361) (#12390)
+  * Render emoji's of Commit message on feed-page (#12373)
+  * Fix handling of diff on unrelated branches when Git 2.28 used (#12370)
+
+## [1.12.3](https://github.com/go-gitea/gitea/releases/tag/v1.12.3) - 2020-07-28
+
+* BUGFIXES
+  * Don't change creation date when updating Release (#12343) (#12351)
+  * Show 404 page when release not found (#12328) (#12332)
+  * Fix emoji detection in certain cases (#12320) (#12327)
+  * Reduce emoji size (#12317) (#12327)
+  * Fix double-indirection bug in logging IDs (#12294) (#12308)
+  * Link to pull list page on sidebar when view pr (#12256) (#12263)
+  * Extend Notifications API and return pinned notifications by default (#12164) (#12232)
+
+## [1.12.2](https://github.com/go-gitea/gitea/releases/tag/v1.12.2) - 2020-07-11
+
+* BUGFIXES
+  * When deleting repository decrese user repository count in cache (#11954) (#12188)
+  * Return full commit message instead of summary in commits API (#12186) (#12187)
+  * Properly set HEAD when a repo is created with a default branch that is not named 'master' (#12135) (#12182)
+  * Ensure GPG Subkeys are verified (#12155) (#12168)
+  * Fix failing to cache last commit with key being to long (#12151) (#12161)
+  * Multiple small admin dashboard fixes (#12153) (#12156)
+  * Remove spurious logging of " Delete all repository archives" at startup (#12139) (#12148)
+  * Fix repository setup instructions when default branch is not named 'master' (#12122) (#12147)
+  * Move EventSource to SharedWorker (#12095) (#12130)
+  * Fix ui bug in wiki commit page (#12089) (#12125)
+  * Fix gitgraph branch continues after merge (#12044) (#12105)
+  * Set the base url when migrating from Gitlab using access token or username without password (#11852) (#12104)
+  * Ensure BlameReaders close at end of request (#12102) (#12103)
+  * Fix panic when adding review comment (#12058)
+* ENHANCEMENTS
+  * Disable dropzone's timeout for file uploads (#12024) (#12032)
+
 ## [1.12.1](https://github.com/go-gitea/gitea/releases/tag/v1.12.1) - 2020-06-21
 
 * BUGFIXES

CONTRIBUTING.md

@@ -158,7 +158,7 @@ import (
 To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The gitea code is divided into the following parts:
 
 - **integration:** Integrations tests
-- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependecies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
+- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
 - **models/fixtures:** Sample model data used in integration tests.
 - **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
 - **modules:** Different modules to handle specific functionality in Gitea.
@@ -181,16 +181,16 @@ The same applies to status responses. If you notice a problem, feel free to leav
 All expected results (errors, success, fail messages) should be documented
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)).
 
-All JSON input types must be defined as a struct in `models/structs/`
+All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
 and referenced in
 [routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).  
 They can then be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
 
-All JSON responses must be defined as a struct in `models/structs/`
+All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
-and referenced in its category in `routers/api/v1/swagger/`
+and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))  
 They can be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
@@ -199,7 +199,7 @@ In general, HTTP methods are chosen as follows:
  * **GET** endpoints return requested object and status **OK (200)**
  * **DELETE** endpoints return status **No Content (204)**
  * **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
- * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Obejcts (e.g. User) to something (e.g. Org-Team)
+ * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
  * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
 
 
@@ -293,6 +293,11 @@ and lead the development of Gitea.
 To honor the past owners, here's the history of the owners and the time
 they served:
 
+* 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+
 * 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
   * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
   * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>

Dockerfile

@@ -1,14 +1,14 @@
 
 ###################################
 #Build stage
-FROM golang:1.14-alpine3.12 AS build-env
+FROM golang:1.16-alpine3.13 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
 
 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS "bindata $TAGS"
+ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS
 
 #Build deps
@@ -22,7 +22,10 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
  && make clean-all build
 
-FROM alpine:3.12
+# Begin env-to-ini build
+RUN go build contrib/environment-to-ini/environment-to-ini.go
+
+FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"
 
 EXPOSE 22 3000
@@ -38,7 +41,6 @@ RUN apk --no-cache add \
     s6 \
     sqlite \
     su-exec \
-    tzdata \
     gnupg
 
 RUN addgroup \
@@ -63,4 +65,5 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 RUN ln -s /app/gitea/gitea /usr/local/bin/gitea

Dockerfile.rootless

@@ -0,0 +1,71 @@
+
+###################################
+#Build stage
+FROM golang:1.16-alpine3.13 AS build-env
+
+ARG GOPROXY
+ENV GOPROXY ${GOPROXY:-direct}
+
+ARG GITEA_VERSION
+ARG TAGS="sqlite sqlite_unlock_notify"
+ENV TAGS "bindata timetzdata $TAGS"
+ARG CGO_EXTRA_CFLAGS 
+
+#Build deps
+RUN apk --no-cache add build-base git nodejs npm
+
+#Setup repo
+COPY . ${GOPATH}/src/code.gitea.io/gitea
+WORKDIR ${GOPATH}/src/code.gitea.io/gitea
+
+#Checkout version if set
+RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
+ && make clean-all build
+
+# Begin env-to-ini build
+RUN go build contrib/environment-to-ini/environment-to-ini.go
+
+FROM alpine:3.13
+LABEL maintainer="maintainers@gitea.io"
+
+EXPOSE 2222 3000
+
+RUN apk --no-cache add \
+    bash \
+    ca-certificates \
+    gettext \
+    git \
+    gnupg
+
+RUN addgroup \
+    -S -g 1000 \
+    git && \
+  adduser \
+    -S -H -D \
+    -h /var/lib/gitea/git \
+    -s /bin/bash \
+    -u 1000 \
+    -G git \
+    git && \
+  echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd
+
+RUN mkdir -p /var/lib/gitea /etc/gitea
+RUN chown git:git /var/lib/gitea /etc/gitea
+
+COPY docker/rootless /
+COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea
+COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
+
+USER git:git
+ENV GITEA_WORK_DIR /var/lib/gitea
+ENV GITEA_CUSTOM /var/lib/gitea/custom
+ENV GITEA_TEMP /tmp/gitea
+#TODO add to docs the ability to define the ini to load (usefull to test and revert a config)
+ENV GITEA_APP_INI /etc/gitea/app.ini
+ENV HOME "/var/lib/gitea/git"
+VOLUME ["/var/lib/gitea", "/etc/gitea"]
+WORKDIR /var/lib/gitea
+
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+CMD []
+

MAINTAINERS

@@ -36,4 +36,8 @@ Mura Li <typeless@ctli.io> (@typeless)
 6543 <6543@obermui.de> (@6543)
 jaqra <jaqra@hotmail.com> (@jaqra)
 David Svantesson <davidsvantesson@gmail.com> (@davidsvantesson)
-CirnoT <gitea.m@i32.pl> (@CirnoT)
+a1012112796 <1012112796@qq.com> (@a1012112796)
+Karl Heinz Marbaise <kama@soebes.de> (@khmarbaise)
+Norwin Roosen <git@nroo.de> (@noerw)
+Kyle Dumont <kdumontnu@gmail.com> (@kdumontnu)
+Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)

Makefile

@@ -1,4 +1,3 @@
-
 ifeq ($(USE_REPO_TEST_DIR),1)
 
 # This rule replaces the whole Makefile when we're trying to use /tmp repository temporary files
@@ -21,15 +20,18 @@ IMPORT := code.gitea.io/gitea
 export GO111MODULE=on
 
 GO ?= go
-SED_INPLACE := sed -i
 SHASUM ?= shasum -a 256
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,
 
-XGO_VERSION := go-1.14.x
-MIN_GO_VERSION := 001012000
+XGO_VERSION := go-1.16.x
+MIN_GO_VERSION := 001014000
 MIN_NODE_VERSION := 010013000
 
+DOCKER_IMAGE ?= gitea/gitea
+DOCKER_TAG ?= latest
+DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
+
 ifeq ($(HAS_GO), GO)
 	GOPATH ?= $(shell $(GO) env GOPATH)
 	export PATH := $(GOPATH)/bin:$(PATH)
@@ -38,23 +40,22 @@ ifeq ($(HAS_GO), GO)
 	CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS)
 endif
 
-
 ifeq ($(OS), Windows_NT)
+	GOFLAGS := -v -buildmode=exe
 	EXECUTABLE ?= gitea.exe
 else
+	GOFLAGS := -v
 	EXECUTABLE ?= gitea
-	UNAME_S := $(shell uname -s)
-	ifeq ($(UNAME_S),Darwin)
-		SED_INPLACE := sed -i ''
-	endif
-	ifeq ($(UNAME_S),FreeBSD)
-		SED_INPLACE := sed -i ''
-	endif
+endif
+
+ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu)
+	SED_INPLACE := sed -i
+else
+	SED_INPLACE := sed -i ''
 endif
 
 GOFMT ?= gofmt -s
 
-GOFLAGS := -v
 EXTRA_GOFLAGS ?=
 
 MAKE_VERSION := $(shell $(MAKE) -v | head -n 1)
@@ -81,21 +82,34 @@ else
 
 LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
 
+LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64
+
 GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations/migration-test,$(filter-out code.gitea.io/gitea/integrations,$(shell $(GO) list -mod=vendor ./... | grep -v /vendor/)))
 
+FOMANTIC_CONFIGS := semantic.json web_src/fomantic/theme.config.less web_src/fomantic/_site/globals/site.variables
+FOMANTIC_DEST := web_src/fomantic/build/semantic.js web_src/fomantic/build/semantic.css
+FOMANTIC_DEST_DIR := web_src/fomantic/build
+
 WEBPACK_SOURCES := $(shell find web_src/js web_src/less -type f)
 WEBPACK_CONFIGS := webpack.config.js
 WEBPACK_DEST := public/js/index.js public/css/index.css
-WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/serviceworker.js public/img/svg
+WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack public/serviceworker.js
 
 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))
 
+SVG_DEST_DIR := public/img/svg
+
+AIR_TMP_DIR := .air
+
 TAGS ?=
 TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS))
 TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags
 
-GO_DIRS := cmd integrations models modules routers build services vendor
+TEST_TAGS ?= sqlite sqlite_unlock_notify
+
+GO_DIRS := cmd integrations models modules routers build services vendor tools
+
 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
 
@@ -105,15 +119,12 @@ endif
 
 GO_SOURCES_OWN := $(filter-out vendor/% %/bindata.go, $(GO_SOURCES))
 
-FOMANTIC_CONFIGS := semantic.json web_src/fomantic/theme.config.less web_src/fomantic/_site/globals/site.variables
-FOMANTIC_DEST := public/fomantic/semantic.min.js public/fomantic/semantic.min.css
-FOMANTIC_DEST_DIR := public/fomantic
-
-#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger@v0.20.1
+#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
 SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
-SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
-SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
+SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
+SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
+SWAGGER_EXCLUDE := code.gitea.io/sdk
 SWAGGER_NEWLINE_COMMAND := -e '$$a\'
 
 TEST_MYSQL_HOST ?= mysql:3306
@@ -137,40 +148,47 @@ TEST_MSSQL_PASSWORD ?= MwantsaSecurePassword1
 .PHONY: all
 all: build
 
-include docker/Makefile
-
 .PHONY: help
 help:
 	@echo "Make Routines:"
-	@echo " - \"\"                             equivalent to \"build\""
+	@echo " - \"\"                               equivalent to \"build\""
 	@echo " - build                            build everything"
 	@echo " - frontend                         build frontend files"
 	@echo " - backend                          build backend files"
+	@echo " - watch                            watch everything and continuously rebuild"
+	@echo " - watch-frontend                   watch frontend files and continuously rebuild"
+	@echo " - watch-backend                    watch backend files and continuously rebuild"
 	@echo " - clean                            delete backend and integration files"
 	@echo " - clean-all                        delete backend, frontend and integration files"
 	@echo " - lint                             lint everything"
 	@echo " - lint-frontend                    lint frontend files"
 	@echo " - lint-backend                     lint backend files"
-	@echo " - watch-frontend                   watch frontend files and continuously rebuild"
+	@echo " - checks                           run various consistency checks"
+	@echo " - checks-frontend                  check frontend files"
+	@echo " - checks-backend                   check backend files"
 	@echo " - webpack                          build webpack files"
+	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
 	@echo " - generate                         run \"go generate\""
 	@echo " - fmt                              format the Go code"
+	@echo " - generate-license                 update license files"
+	@echo " - generate-gitignore               update gitignore files"
+	@echo " - generate-manpage                 generate manpage"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
 	@echo " - revive                           run revive linter"
 	@echo " - misspell                         check for misspellings"
 	@echo " - vet                              examines Go source code and reports suspicious constructs"
-	@echo " - test[\#TestSpecificName]    	   run unit test"
+	@echo " - test[\#TestSpecificName]    	    run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
 	@echo " - pr#<index>                       build and start gitea from a PR with integration test data loaded"
 
 .PHONY: go-check
 go-check:
-	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell go version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
+	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
-		echo "Gitea requires Go 1.12 or greater to build. You can get it at https://golang.org/dl/"; \
+		echo "Gitea requires Go 1.14 or greater to build. You can get it at https://golang.org/dl/"; \
 		exit 1; \
 	fi
 
@@ -192,7 +210,7 @@ node-check:
 
 .PHONY: clean-all
 clean-all: clean
-	rm -rf $(WEBPACK_DEST_ENTRIES) $(FOMANTIC_DEST_DIR)
+	rm -rf $(WEBPACK_DEST_ENTRIES)
 
 .PHONY: clean
 clean:
@@ -201,19 +219,19 @@ clean:
 		integrations*.test \
 		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
 		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
-		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini
+		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini man/
 
 .PHONY: fmt
 fmt:
-	$(GOFMT) -w $(GO_SOURCES_OWN)
+	@echo "Running go fmt..."
+	@$(GOFMT) -w $(GO_SOURCES_OWN)
 
 .PHONY: vet
 vet:
-	# Default vet
-	$(GO) vet $(GO_PACKAGES)
-	# Custom vet
-	$(GO) build -mod=vendor gitea.com/jolheiser/gitea-vet
-	$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
+	@echo "Running go vet..."
+	@$(GO) vet $(GO_PACKAGES)
+	@GOOS= GOARCH= $(GO) build -mod=vendor code.gitea.io/gitea-vet
+	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
 
 .PHONY: $(TAGS_EVIDENCE)
 $(TAGS_EVIDENCE):
@@ -226,7 +244,7 @@ endif
 
 .PHONY: generate-swagger
 generate-swagger:
-	$(SWAGGER) generate spec -o './$(SWAGGER_SPEC)'
+	$(SWAGGER) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
 
@@ -237,7 +255,7 @@ swagger-check: generate-swagger
 		echo "Please run 'make generate-swagger' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
-	fi;
+	fi
 
 .PHONY: swagger-validate
 swagger-validate:
@@ -248,9 +266,10 @@ swagger-validate:
 .PHONY: errcheck
 errcheck:
 	@hash errcheck > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/kisielk/errcheck; \
+		GO111MODULE=off $(GO) get -u github.com/kisielk/errcheck; \
 	fi
-	errcheck $(GO_PACKAGES)
+	@echo "Running errcheck..."
+	@errcheck $(GO_PACKAGES)
 
 .PHONY: revive
 revive:
@@ -259,16 +278,18 @@ revive:
 .PHONY: misspell-check
 misspell-check:
 	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
+		GO111MODULE=off $(GO) get -u github.com/client9/misspell/cmd/misspell; \
 	fi
-	misspell -error -i unknwon,destory $(GO_SOURCES_OWN)
+	@echo "Running misspell-check..."
+	@misspell -error -i unknwon,destory $(GO_SOURCES_OWN)
 
 .PHONY: misspell
 misspell:
 	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
+		GO111MODULE=off $(GO) get -u github.com/client9/misspell/cmd/misspell; \
 	fi
-	misspell -w -i unknwon $(GO_SOURCES_OWN)
+	@echo "Running go misspell..."
+	@misspell -w -i unknwon $(GO_SOURCES_OWN)
 
 .PHONY: fmt-check
 fmt-check:
@@ -278,31 +299,52 @@ fmt-check:
 		echo "Please run 'make fmt' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
-	fi;
+	fi
+
+.PHONY: checks
+checks: checks-frontend checks-backend
+
+.PHONY: checks-frontend
+checks-frontend: svg-check
+
+.PHONY: checks-backend
+checks-backend: misspell-check test-vendor swagger-check swagger-validate
 
 .PHONY: lint
-lint: lint-backend lint-frontend
-
-.PHONY: lint-backend
-lint-backend: golangci-lint revive vet swagger-check swagger-validate test-vendor
+lint: lint-frontend lint-backend
 
 .PHONY: lint-frontend
 lint-frontend: node_modules
-	npx eslint web_src/js webpack.config.js
-	npx stylelint web_src/less
+	npx eslint --color --max-warnings=0 web_src/js build templates webpack.config.js
+	npx stylelint --color --max-warnings=0 web_src/less
+
+.PHONY: lint-backend
+lint-backend: golangci-lint revive vet
+
+.PHONY: watch
+watch:
+	bash tools/watch.sh
 
 .PHONY: watch-frontend
-watch-frontend: node_modules
+watch-frontend: node-check node_modules
 	rm -rf $(WEBPACK_DEST_ENTRIES)
-	NODE_ENV=development npx webpack --hide-modules --display-entrypoints=false --watch --progress
+	NODE_ENV=development npx webpack --watch --progress
+
+.PHONY: watch-backend
+watch-backend: go-check
+	@hash air > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		GO111MODULE=off $(GO) get -u github.com/cosmtrek/air; \
+	fi
+	air -c .air.conf
 
 .PHONY: test
 test:
-	$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='sqlite sqlite_unlock_notify' $(GO_PACKAGES)
+	@echo "Running go test with -tags '$(TEST_TAGS)'..."
+	@$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='$(TEST_TAGS)' $(GO_PACKAGES)
 
 .PHONY: test-check
 test-check:
-	@echo "Checking if tests have changed the source tree...";
+	@echo "Running test-check...";
 	@diff=$$(git status -s); \
 	if [ -n "$$diff" ]; then \
 		echo "make test has changed files in the source tree:"; \
@@ -310,11 +352,12 @@ test-check:
 		echo "You should change the tests to create these files in a temporary directory."; \
 		echo "Do not simply add these files to .gitignore"; \
 		exit 1; \
-	fi;
+	fi
 
 .PHONY: test\#%
 test\#%:
-	$(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' -run $(subst .,/,$*) $(GO_PACKAGES)
+	@echo "Running go test with -tags '$(TEST_TAGS)'..."
+	@$(GO) test -mod=vendor -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)
 
 .PHONY: coverage
 coverage:
@@ -322,7 +365,8 @@ coverage:
 
 .PHONY: unit-test-coverage
 unit-test-coverage:
-	$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='sqlite sqlite_unlock_notify' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@echo "Running unit-test-coverage -tags '$(TEST_TAGS)'..."
+	@$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
 
 .PHONY: vendor
 vendor:
@@ -335,7 +379,7 @@ test-vendor: vendor
 		echo "Please run 'make vendor' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
-	fi;
+	fi
 
 generate-ini-sqlite:
 	sed -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
@@ -343,15 +387,15 @@ generate-ini-sqlite:
 
 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test
 
 .PHONY: test-sqlite\#%
 test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
 
 .PHONY: test-sqlite-migration
 test-sqlite-migration:  migrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
 
 generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
@@ -363,15 +407,15 @@ generate-ini-mysql:
 
 .PHONY: test-mysql
 test-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test
 
 .PHONY: test-mysql\#%
 test-mysql\#%: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
 
 .PHONY: test-mysql-migration
 test-mysql-migration: migrations.mysql.test generate-ini-mysql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
 
 generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
@@ -383,15 +427,15 @@ generate-ini-mysql8:
 
 .PHONY: test-mysql8
 test-mysql8: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test
 
 .PHONY: test-mysql8\#%
 test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
 
 .PHONY: test-mysql8-migration
 test-mysql8-migration: migrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
 
 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
@@ -404,15 +448,15 @@ generate-ini-pgsql:
 
 .PHONY: test-pgsql
 test-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test
 
 .PHONY: test-pgsql\#%
 test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
 
 .PHONY: test-pgsql-migration
 test-pgsql-migration: migrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
 
 generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
@@ -424,35 +468,35 @@ generate-ini-mssql:
 
 .PHONY: test-mssql
 test-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test
 
 .PHONY: test-mssql\#%
 test-mssql\#%: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
 
 .PHONY: test-mssql-migration
 test-mssql-migration: migrations.mssql.test generate-ini-mssql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test -test.failfast
 
 .PHONY: bench-sqlite
 bench-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
 .PHONY: bench-mysql
 bench-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
 .PHONY: bench-mssql
 bench-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
 .PHONY: bench-pgsql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
 .PHONY: integration-test-coverage
 integration-test-coverage: integrations.cover.test generate-ini-mysql
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
 
 integrations.mysql.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql.test
@@ -467,7 +511,7 @@ integrations.mssql.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mssql.test
 
 integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'
+	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'
 
 integrations.cover.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test
@@ -490,7 +534,7 @@ migrations.mssql.test: $(GO_SOURCES)
 
 .PHONY: migrations.sqlite.test
 migrations.sqlite.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
 
 .PHONY: check
 check: test
@@ -503,20 +547,21 @@ install: $(wildcard *.go)
 build: frontend backend
 
 .PHONY: frontend
-frontend: node-check $(FOMANTIC_DEST) $(WEBPACK_DEST)
+frontend: node-check $(WEBPACK_DEST)
 
 .PHONY: backend
 backend: go-check generate $(EXECUTABLE)
 
 .PHONY: generate
 generate: $(TAGS_PREREQ)
-	CC= GOOS= GOARCH= $(GO) generate -mod=vendor -tags '$(TAGS)' $(GO_PACKAGES)
+	@echo "Running go generate..."
+	@CC= GOOS= GOARCH= $(GO) generate -mod=vendor -tags '$(TAGS)' $(GO_PACKAGES)
 
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
 
 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-copy release-compress release-sources release-check
+release: frontend generate release-windows release-linux release-darwin release-copy release-compress release-sources release-docs release-check
 
 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)
@@ -524,9 +569,12 @@ $(DIST_DIRS):
 .PHONY: release-windows
 release-windows: | $(DIST_DIRS)
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u src.techknowlogick.com/xgo; \
+		$(GO) install src.techknowlogick.com/xgo@latest; \
 	fi
-	CGO_CFLAGS="$(CGO_CFLAGS)" GO111MODULE=off xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+ifeq (,$(findstring gogit,$(TAGS)))
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
+endif
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif
@@ -534,9 +582,9 @@ endif
 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u src.techknowlogick.com/xgo; \
+		$(GO) install src.techknowlogick.com/xgo@latest; \
 	fi
-	CGO_CFLAGS="$(CGO_CFLAGS)" GO111MODULE=off xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64,linux/mips64le,linux/mips,linux/mipsle' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif
@@ -544,9 +592,9 @@ endif
 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u src.techknowlogick.com/xgo; \
+		$(GO) install src.techknowlogick.com/xgo@latest; \
 	fi
-	CGO_CFLAGS="$(CGO_CFLAGS)" GO111MODULE=off xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif
@@ -569,9 +617,20 @@ release-compress: | $(DIST_DIRS)
 .PHONY: release-sources
 release-sources: | $(DIST_DIRS) node_modules
 	echo $(VERSION) > $(STORED_VERSION_FILE)
-	tar --exclude=./$(DIST) --exclude=./.git --exclude=./$(MAKE_EVIDENCE_DIR) --exclude=./node_modules/.cache -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
+	tar --exclude=./$(DIST) --exclude=./.git --exclude=./$(MAKE_EVIDENCE_DIR) --exclude=./node_modules/.cache --exclude=./$(AIR_TMP_DIR) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)
 
+.PHONY: release-docs
+release-docs: | $(DIST_DIRS) docs
+	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs/public .
+
+.PHONY: docs
+docs:
+	@hash hugo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		curl -sL https://github.com/gohugoio/hugo/releases/download/v0.74.3/hugo_0.74.3_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
+	fi
+	cd docs; make trans-copy clean build-offline;
+
 node_modules: package-lock.json
 	npm install --no-save
 	@touch node_modules
@@ -581,14 +640,18 @@ npm-update: node-check | node_modules
 	npx updates -cu
 	rm -rf node_modules package-lock.json
 	npm install --package-lock
+	@touch node_modules
 
 .PHONY: fomantic
 fomantic: $(FOMANTIC_DEST)
 
-$(FOMANTIC_DEST): $(FOMANTIC_CONFIGS) package-lock.json | node_modules
+$(FOMANTIC_DEST): $(FOMANTIC_CONFIGS) | node_modules
+	@if [ ! -d node_modules/fomantic-ui ]; then \
+		npm install --no-save --no-package-lock fomantic-ui@2.8.7; \
+	fi
 	rm -rf $(FOMANTIC_DEST_DIR)
-	cp web_src/fomantic/theme.config.less node_modules/fomantic-ui/src/theme.config
-	cp -r web_src/fomantic/_site/* node_modules/fomantic-ui/src/_site/
+	cp -f web_src/fomantic/theme.config.less node_modules/fomantic-ui/src/theme.config
+	cp -rf web_src/fomantic/_site/* node_modules/fomantic-ui/src/_site/
 	npx gulp -f node_modules/fomantic-ui/gulpfile.js build
 	@touch $(FOMANTIC_DEST)
 
@@ -597,9 +660,24 @@ webpack: $(WEBPACK_DEST)
 
 $(WEBPACK_DEST): $(WEBPACK_SOURCES) $(WEBPACK_CONFIGS) package-lock.json | node_modules
 	rm -rf $(WEBPACK_DEST_ENTRIES)
-	npx webpack --hide-modules --display-entrypoints=false
+	npx webpack
 	@touch $(WEBPACK_DEST)
 
+.PHONY: svg
+svg: node-check | node_modules
+	rm -rf $(SVG_DEST_DIR)
+	node build/generate-svg.js
+
+.PHONY: svg-check
+svg-check: svg
+	@git add $(SVG_DEST_DIR)
+	@diff=$$(git diff --cached $(SVG_DEST_DIR)); \
+	if [ -n "$$diff" ]; then \
+		echo "Please run 'make svg' and 'git add $(SVG_DEST_DIR)' and commit the result:"; \
+		echo "$${diff}"; \
+		exit 1; \
+	fi
+
 .PHONY: update-translations
 update-translations:
 	mkdir -p ./translations
@@ -610,36 +688,26 @@ update-translations:
 	mv ./translations/*.ini ./options/locale/
 	rmdir ./translations
 
-.PHONY: generate-images
-generate-images:
-	$(eval TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp'))
-	mkdir -p $(TMPDIR)/images
-	inkscape -f $(PWD)/assets/logo.svg -w 880 -h 880 -e $(PWD)/public/img/gitea-lg.png
-	inkscape -f $(PWD)/assets/logo.svg -w 512 -h 512 -e $(PWD)/public/img/gitea-512.png
-	inkscape -f $(PWD)/assets/logo.svg -w 192 -h 192 -e $(PWD)/public/img/gitea-192.png
-	inkscape -f $(PWD)/assets/logo.svg -w 120 -h 120 -jC -i layer1 -e $(TMPDIR)/images/sm-1.png
-	inkscape -f $(PWD)/assets/logo.svg -w 120 -h 120 -jC -i layer2 -e $(TMPDIR)/images/sm-2.png
-	composite -compose atop $(TMPDIR)/images/sm-2.png $(TMPDIR)/images/sm-1.png $(PWD)/public/img/gitea-sm.png
-	inkscape -f $(PWD)/assets/logo.svg -w 200 -h 200 -e $(PWD)/public/img/avatar_default.png
-	inkscape -f $(PWD)/assets/logo.svg -w 180 -h 180 -e $(PWD)/public/img/favicon.png
-	inkscape -f $(PWD)/assets/logo.svg -w 128 -h 128 -e $(TMPDIR)/images/128-raw.png
-	inkscape -f $(PWD)/assets/logo.svg -w 64 -h 64 -e $(TMPDIR)/images/64-raw.png
-	inkscape -f $(PWD)/assets/logo.svg -w 32 -h 32 -jC -i layer1 -e $(TMPDIR)/images/32-1.png
-	inkscape -f $(PWD)/assets/logo.svg -w 32 -h 32 -jC -i layer2 -e $(TMPDIR)/images/32-2.png
-	composite -compose atop $(TMPDIR)/images/32-2.png $(TMPDIR)/images/32-1.png $(TMPDIR)/images/32-raw.png
-	inkscape -f $(PWD)/assets/logo.svg -w 16 -h 16 -jC -i layer1 -e $(TMPDIR)/images/16-raw.png
-	zopflipng -m -y $(TMPDIR)/images/128-raw.png $(TMPDIR)/images/128.png
-	zopflipng -m -y $(TMPDIR)/images/64-raw.png $(TMPDIR)/images/64.png
-	zopflipng -m -y $(TMPDIR)/images/32-raw.png $(TMPDIR)/images/32.png
-	zopflipng -m -y $(TMPDIR)/images/16-raw.png $(TMPDIR)/images/16.png
-	rm -f $(TMPDIR)/images/*-*.png
-	convert $(TMPDIR)/images/16.png $(TMPDIR)/images/32.png \
-					$(TMPDIR)/images/64.png $(TMPDIR)/images/128.png \
-					$(PWD)/public/img/favicon.ico
-	convert -flatten $(PWD)/public/img/favicon.png $(PWD)/public/img/apple-touch-icon.png
+.PHONY: generate-license
+generate-license:
+	GO111MODULE=on $(GO) run build/generate-licenses.go
 
-	rm -rf $(TMPDIR)/images
-	$(foreach file, $(shell find public/img -type f -name '*.png' ! -name 'loading.png'),zopflipng -m -y $(file) $(file);)
+.PHONY: generate-gitignore
+generate-gitignore:
+	GO111MODULE=on $(GO) run build/generate-gitignores.go
+
+.PHONY: generate-images
+generate-images: | node_modules
+	npm install --no-save --no-package-lock fabric@4 imagemin-zopfli@7
+	node build/generate-images.js $(TAGS)
+
+.PHONY: generate-manpage
+generate-manpage:
+	@[ -f gitea ] || make backend
+	@mkdir -p man/man1/ man/man5
+	@./gitea docs --man > man/man1/gitea.1
+	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
+	@#TODO A smal script witch format config-cheat-sheet.en-us.md nicely to suit as config man page
 
 .PHONY: pr\#%
 pr\#%: clean-all
@@ -649,9 +717,18 @@ pr\#%: clean-all
 golangci-lint:
 	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		export BINARY="golangci-lint"; \
-		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.24.0; \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.37.0; \
 	fi
-	golangci-lint run --timeout 5m
+	golangci-lint run --timeout 10m
+
+.PHONY: docker
+docker:
+	docker build --disable-content-trust=false -t $(DOCKER_REF) .
+# support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite sqlite_unlock_notify"  .
+
+.PHONY: docker-build
+docker-build:
+	docker run -ti --rm -v "$(CURDIR):/srv/app/src/code.gitea.io/gitea" -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" CGO_EXTRA_CFLAGS="$(CGO_EXTRA_CFLAGS)" webhippie/golang:edge make clean build
 
 # This endif closes the if at the top of the file
 endif

README.md

@@ -1,17 +1,13 @@
 # Gitea - WSE
+
 ## Building
 
 From the root of the source tree, run:
 
     TAGS="bindata sqlite sqlite_unlock_notify" make build
 
-More info: https://docs.gitea.io/en-us/install-from-source/
-
 ## Using
 
     ./gitea web
 
-NOTE: If you're interested in using our APIs, we have experimental
-support with [documentation](https://try.gitea.io/api/swagger).
-
-Updated v2.
+Gitea-Version: v1.14.1

README_ZH.md

@@ -1,18 +1,55 @@
-[English](README.md)
+<p align="center">
+  <a href="https://gitea.io/">
+    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/master/public/img/gitea.svg" width="220"/>
+  </a>
+</p>
+<h1 align="center">Gitea - Git with a cup of tea</h1>
 
-<h1> <img src="https://raw.githubusercontent.com/go-gitea/gitea/master/public/img/gitea-192.png" alt="logo" width="30" height="30"> Gitea - Git with a cup of tea</h1>
+<p align="center">
+  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
+    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/master">
+  </a>
+  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
+    <img src="https://img.shields.io/discord/322538954119184384.svg">
+  </a>
+  <a href="https://microbadger.com/images/gitea/gitea" title="Get your own image badge on microbadger.com">
+    <img src="https://images.microbadger.com/badges/image/gitea/gitea.svg">
+  </a>
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
+    <img src="https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg">
+  </a>
+  <a href="https://godoc.org/code.gitea.io/gitea" title="Go Report Card">
+    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
+  </a>
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
+  </a>
+  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
+    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
+  </a>
+  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
+    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
+  </a>
+  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
+    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
+  </a>
+  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
+    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
+  </a>
+  <a href="https://crowdin.com/project/gitea" title="Crowdin">
+    <img src="https://badges.crowdin.net/gitea/localized.svg">
+  </a>
+  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea" title="TODOs">
+    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea">
+  </a>
+  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
+    <img src="https://img.shields.io/bountysource/team/gitea/activity">
+  </a>
+</p>
 
-[![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
-[![Join the Discord chat at https://discord.gg/Gitea](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/Gitea)
-[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
-[![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
-[![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
-[![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
-[![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
-[![Help Contribute to Open Source](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea)
-[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea)
-[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
+<p align="center">
+  <a href="README.md">View the english version of this document</a>
+</p>
 
 ## 目标
 

SECURITY.md

@@ -0,0 +1,10 @@
+# Reporting security issues
+
+The Gitea maintainers take security seriously.  
+If you discover a security issue, please bring it to their attention right away!
+
+### Reporting a Vulnerability
+
+Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
+
+Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.

assets/logo.svg

@@ -1,160 +1,31 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-
-<svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-   width="512"
-   height="512"
-   viewBox="0 0 135.46667 135.46667"
-   version="1.1"
-   id="svg8"
-   sodipodi:docname="logo.svg"
-   inkscape:version="0.92.1 r15371"
-   inkscape:export-filename=""
-   inkscape:export-xdpi="48.000004"
-   inkscape:export-ydpi="48.000004">
-  <defs
-     id="defs2" />
-  <sodipodi:namedview
-     id="base"
-     pagecolor="#ffffff"
-     bordercolor="#666666"
-     borderopacity="1.0"
-     inkscape:pageopacity="0"
-     inkscape:pageshadow="2"
-     inkscape:zoom="0.70710678"
-     inkscape:cx="418.13805"
-     inkscape:cy="177.57445"
-     inkscape:document-units="mm"
-     inkscape:current-layer="layer2"
-     showgrid="false"
-     units="px"
-     width="256px"
-     showguides="false"
-     inkscape:window-width="1920"
-     inkscape:window-height="1137"
-     inkscape:window-x="1912"
-     inkscape:window-y="-8"
-     inkscape:window-maximized="1"
-     inkscape:pagecheckerboard="false"
-     inkscape:measure-start="283.373,243.952"
-     inkscape:measure-end="290.267,236.527">
-    <sodipodi:guide
-       position="0,0"
-       orientation="0,512"
-       id="guide3699"
-       inkscape:locked="false" />
-    <sodipodi:guide
-       position="135.46667,0"
-       orientation="-512,0"
-       id="guide3701"
-       inkscape:locked="false" />
-    <sodipodi:guide
-       position="135.46667,135.46667"
-       orientation="0,-512"
-       id="guide3703"
-       inkscape:locked="false" />
-    <sodipodi:guide
-       position="0,135.46667"
-       orientation="512,0"
-       id="guide3705"
-       inkscape:locked="false" />
-  </sodipodi:namedview>
-  <metadata
-     id="metadata5">
-    <rdf:RDF>
-      <cc:Work
-         rdf:about="">
-        <dc:format>image/svg+xml</dc:format>
-        <dc:type
-           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title></dc:title>
-      </cc:Work>
-    </rdf:RDF>
-  </metadata>
-  <g
-     inkscape:label="Layer 1"
-     inkscape:groupmode="layer"
-     id="layer1"
-     transform="translate(0,-161.53334)"
-     style="display:inline">
-    <path
-       style="fill:#609926;fill-opacity:1;stroke:#428f29;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:none"
-       d="m 27.709937,195.15095 c -9.546573,-0.0272 -22.3392732,6.79805 -21.6317552,23.90397 1.105534,26.72889 25.4565952,29.20839 35.1916502,29.42301 1.068023,5.01357 12.521798,22.30563 21.001818,23.21667 h 37.15277 c 22.27763,-1.66785 38.9607,-75.75671 26.59321,-76.03825 -46.781583,2.47691 -49.995146,2.13838 -88.599758,0 -2.495053,-0.0266 -5.972321,-0.49474 -9.707935,-0.5054 z m 2.491319,9.45886 c 1.351378,13.69267 3.555849,21.70359 8.018216,33.94345 -11.382872,-1.50473 -21.069822,-5.22443 -22.851515,-19.10984 -0.950962,-7.4112 2.390428,-15.16769 14.833299,-14.83361 z"
-       id="path3722"
-       inkscape:connector-curvature="0"
-       sodipodi:nodetypes="sscccccsccsc" />
-  </g>
-  <g
-     inkscape:groupmode="layer"
-     id="layer2"
-     inkscape:label="Layer 2"
-     style="display:inline">
-    <rect
-       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.24757317;stroke-opacity:1"
-       id="rect4599"
-       width="34.762054"
-       height="34.762054"
-       x="87.508659"
-       y="18.291576"
-       transform="rotate(25.914715)"
-       ry="5.4825778" />
-    <path
-       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.26644793px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       d="m 79.804947,57.359056 3.241146,1.609954 V 35.255731 h -3.262698 z"
-       id="path4525"
-       inkscape:connector-curvature="0"
-       sodipodi:nodetypes="ccccc" />
-  </g>
-  <g
-     inkscape:groupmode="layer"
-     id="layer3"
-     inkscape:label="Layer 3"
-     style="display:inline">
-    <g
-       style="display:inline"
-       id="g4539">
-      <circle
-         transform="rotate(-19.796137)"
-         r="3.4745038"
-         cy="90.077766"
-         cx="49.064713"
-         id="path4606"
-         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
-      <circle
-         transform="rotate(-19.796137)"
-         r="3.4745038"
-         cy="102.1049"
-         cx="36.810425"
-         id="path4606-3"
-         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
-      <circle
-         transform="rotate(-19.796137)"
-         r="3.4745038"
-         cy="111.43928"
-         cx="46.484283"
-         id="path4606-1"
-         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
-      <rect
-         transform="rotate(26.024158)"
-         y="18.061695"
-         x="97.333458"
-         height="27.261492"
-         width="2.6726954"
-         id="rect4629-8"
-         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.27444693;stroke-opacity:1" />
-      <path
-         sodipodi:nodetypes="cc"
-         inkscape:connector-curvature="0"
-         id="path4514"
-         d="m 76.558096,68.116343 c 12.97589,6.395378 13.012989,4.101862 4.890858,20.907244"
-         style="fill:none;stroke:#609926;stroke-width:2.68000007;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
-    </g>
-  </g>
+<?xml version="1.0" encoding="utf-8"?>
+<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
+	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
+<g>
+	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
+		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
+		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
+	<g>
+		<g>
+			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
+				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
+				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
+				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
+				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
+				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
+				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
+				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
+				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
+				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
+			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
+				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
+				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
+				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
+				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
+				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
+				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
+				C343.2,346.5,335,363.3,326.8,380.1z"/>
+		</g>
+	</g>
+</g>
 </svg>

build.go

@@ -11,12 +11,12 @@ package main
 
 import (
 	// for lint
-	_ "github.com/BurntSushi/toml"
 	_ "github.com/mgechev/dots"
 	_ "github.com/mgechev/revive/formatter"
 	_ "github.com/mgechev/revive/lint"
 	_ "github.com/mgechev/revive/rule"
 	_ "github.com/mitchellh/go-homedir"
+	_ "github.com/pelletier/go-toml"
 
 	// for embed
 	_ "github.com/shurcooL/vfsgen"
@@ -25,7 +25,7 @@ import (
 	_ "golang.org/x/tools/cover"
 
 	// for vet
-	_ "gitea.com/jolheiser/gitea-vet"
+	_ "code.gitea.io/gitea-vet"
 
 	// for swagger
 	_ "github.com/go-swagger/go-swagger/cmd/swagger"

build/generate-emoji.go

@@ -8,7 +8,6 @@
 package main
 
 import (
-	"encoding/json"
 	"flag"
 	"fmt"
 	"go/format"
@@ -20,6 +19,8 @@ import (
 	"strconv"
 	"strings"
 	"unicode/utf8"
+
+	jsoniter "github.com/json-iterator/go"
 )
 
 const (
@@ -50,6 +51,7 @@ func (e Emoji) MarshalJSON() ([]byte, error) {
 	x.UnicodeVersion = ""
 	x.Description = ""
 	x.SkinTones = false
+	json := jsoniter.ConfigCompatibleWithStandardLibrary
 	return json.Marshal(x)
 }
 
@@ -101,6 +103,7 @@ func generate() ([]byte, error) {
 
 	// unmarshal
 	var data Gemoji
+	json := jsoniter.ConfigCompatibleWithStandardLibrary
 	err = json.Unmarshal(body, &data)
 	if err != nil {
 		return nil, err
@@ -174,7 +177,7 @@ func generate() ([]byte, error) {
 					s = append(s, k)
 				} else {
 					// insert into slice after first element because all emoji that support skin tones
-					// have that modifer placed at this spot
+					// have that modifier placed at this spot
 					s = append(s, "")
 					copy(s[2:], s[1:])
 					s[1] = k

build/generate-gitignores.go

@@ -15,16 +15,22 @@ import (
 	"path"
 	"path/filepath"
 	"strings"
+
+	"code.gitea.io/gitea/modules/util"
 )
 
 func main() {
 	var (
-		prefix      = "gitea-gitignore"
-		url         = "https://api.github.com/repos/github/gitignore/tarball"
-		destination = ""
+		prefix         = "gitea-gitignore"
+		url            = "https://api.github.com/repos/github/gitignore/tarball"
+		githubApiToken = ""
+		githubUsername = ""
+		destination    = ""
 	)
 
 	flag.StringVar(&destination, "dest", "options/gitignore/", "destination for the gitignores")
+	flag.StringVar(&githubUsername, "username", "", "github username")
+	flag.StringVar(&githubApiToken, "token", "", "github api token")
 	flag.Parse()
 
 	file, err := ioutil.TempFile(os.TempDir(), prefix)
@@ -33,14 +39,21 @@ func main() {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
 
-	defer os.Remove(file.Name())
-
-	resp, err := http.Get(url)
+	defer util.Remove(file.Name())
 
+	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
 	}
 
+	if len(githubApiToken) > 0 && len(githubUsername) > 0 {
+		req.SetBasicAuth(githubUsername, githubApiToken)
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		log.Fatalf("Failed to download archive. %s", err)
+	}
 	defer resp.Body.Close()
 
 	if _, err := io.Copy(file, resp.Body); err != nil {

build/generate-images.js

@@ -0,0 +1,82 @@
+#!/usr/bin/env node
+'use strict';
+
+const imageminZopfli = require('imagemin-zopfli');
+const Svgo = require('svgo');
+const {fabric} = require('fabric');
+const {readFile, writeFile} = require('fs').promises;
+const {resolve} = require('path');
+
+const logoFile = resolve(__dirname, '../assets/logo.svg');
+
+function exit(err) {
+  if (err) console.error(err);
+  process.exit(err ? 1 : 0);
+}
+
+function loadSvg(svg) {
+  return new Promise((resolve) => {
+    fabric.loadSVGFromString(svg, (objects, options) => {
+      resolve({objects, options});
+    });
+  });
+}
+
+async function generate(svg, outputFile, {size, bg}) {
+  if (outputFile.endsWith('.svg')) {
+    const svgo = new Svgo({
+      plugins: [
+        {removeDimensions: true},
+        {addAttributesToSVGElement: {attributes: [{width: size}, {height: size}]}},
+      ],
+    });
+
+    const {data} = await svgo.optimize(svg);
+    await writeFile(outputFile, data);
+    return;
+  }
+
+  const {objects, options} = await loadSvg(svg);
+  const canvas = new fabric.Canvas();
+  canvas.setDimensions({width: size, height: size});
+  const ctx = canvas.getContext('2d');
+  ctx.scale(options.width ? (size / options.width) : 1, options.height ? (size / options.height) : 1);
+
+  if (bg) {
+    canvas.add(new fabric.Rect({
+      left: 0,
+      top: 0,
+      height: size * (1 / (size / options.height)),
+      width: size * (1 / (size / options.width)),
+      fill: 'white',
+    }));
+  }
+
+  canvas.add(fabric.util.groupSVGElements(objects, options));
+  canvas.renderAll();
+
+  let png = Buffer.from([]);
+  for await (const chunk of canvas.createPNGStream()) {
+    png = Buffer.concat([png, chunk]);
+  }
+
+  png = await imageminZopfli({more: true})(png);
+  await writeFile(outputFile, png);
+}
+
+async function main() {
+  const gitea = process.argv.slice(2).includes('gitea');
+  const svg = await readFile(logoFile, 'utf8');
+
+  await Promise.all([
+    generate(svg, resolve(__dirname, '../public/img/logo.svg'), {size: 32}),
+    generate(svg, resolve(__dirname, '../public/img/logo.png'), {size: 512}),
+    generate(svg, resolve(__dirname, '../public/img/favicon.png'), {size: 180}),
+    generate(svg, resolve(__dirname, '../public/img/avatar_default.png'), {size: 200}),
+    generate(svg, resolve(__dirname, '../public/img/apple-touch-icon.png'), {size: 180, bg: true}),
+    gitea && generate(svg, resolve(__dirname, '../public/img/gitea.svg'), {size: 32}),
+  ]);
+}
+
+main().then(exit).catch(exit);
+

build/generate-licenses.go

@@ -15,16 +15,22 @@ import (
 	"path"
 	"path/filepath"
 	"strings"
+
+	"code.gitea.io/gitea/modules/util"
 )
 
 func main() {
 	var (
-		prefix      = "gitea-licenses"
-		url         = "https://api.github.com/repos/spdx/license-list-data/tarball"
-		destination = ""
+		prefix         = "gitea-licenses"
+		url            = "https://api.github.com/repos/spdx/license-list-data/tarball"
+		githubApiToken = ""
+		githubUsername = ""
+		destination    = ""
 	)
 
 	flag.StringVar(&destination, "dest", "options/license/", "destination for the licenses")
+	flag.StringVar(&githubUsername, "username", "", "github username")
+	flag.StringVar(&githubApiToken, "token", "", "github api token")
 	flag.Parse()
 
 	file, err := ioutil.TempFile(os.TempDir(), prefix)
@@ -33,10 +39,18 @@ func main() {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
 
-	defer os.Remove(file.Name())
+	defer util.Remove(file.Name())
 
-	resp, err := http.Get(url)
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		log.Fatalf("Failed to download archive. %s", err)
+	}
 
+	if len(githubApiToken) > 0 && len(githubUsername) > 0 {
+		req.SetBasicAuth(githubUsername, githubApiToken)
+	}
+
+	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
 	}

build/generate-svg.js

@@ -0,0 +1,73 @@
+#!/usr/bin/env node
+'use strict';
+
+const fastGlob = require('fast-glob');
+const Svgo = require('svgo');
+const {resolve, parse} = require('path');
+const {readFile, writeFile, mkdir} = require('fs').promises;
+
+const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
+const outputDir = resolve(__dirname, '../public/img/svg');
+
+function exit(err) {
+  if (err) console.error(err);
+  process.exit(err ? 1 : 0);
+}
+
+async function processFile(file, {prefix, fullName} = {}) {
+  let name;
+
+  if (fullName) {
+    name = fullName;
+  } else {
+    name = parse(file).name;
+    if (prefix) name = `${prefix}-${name}`;
+    if (prefix === 'octicon') name = name.replace(/-[0-9]+$/, ''); // chop of '-16' on octicons
+  }
+
+  const svgo = new Svgo({
+    plugins: [
+      {removeXMLNS: true},
+      {removeDimensions: true},
+      {
+        addClassesToSVGElement: {
+          classNames: [
+            'svg',
+            name,
+          ],
+        },
+      },
+      {
+        addAttributesToSVGElement: {
+          attributes: [
+            {'width': '16'},
+            {'height': '16'},
+            {'aria-hidden': 'true'},
+          ],
+        },
+      },
+    ],
+  });
+
+  const {data} = await svgo.optimize(await readFile(file, 'utf8'));
+  await writeFile(resolve(outputDir, `${name}.svg`), data);
+}
+
+function processFiles(pattern, opts) {
+  return glob(pattern).map((file) => processFile(file, opts));
+}
+
+async function main() {
+  try {
+    await mkdir(outputDir);
+  } catch {}
+
+  await Promise.all([
+    ...processFiles('../node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
+    ...processFiles('../web_src/svg/*.svg'),
+    ...processFiles('../public/img/gitea.svg', {fullName: 'gitea-gitea'}),
+  ]);
+}
+
+main().then(exit).catch(exit);
+

build/lint.go

@@ -15,12 +15,12 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/BurntSushi/toml"
 	"github.com/mgechev/dots"
 	"github.com/mgechev/revive/formatter"
 	"github.com/mgechev/revive/lint"
 	"github.com/mgechev/revive/rule"
 	"github.com/mitchellh/go-homedir"
+	"github.com/pelletier/go-toml"
 )
 
 func fail(err string) {
@@ -133,7 +133,7 @@ func parseConfig(path string) *lint.Config {
 	if err != nil {
 		fail("cannot read the config file")
 	}
-	_, err = toml.Decode(string(file), config)
+	err = toml.Unmarshal(file, config)
 	if err != nil {
 		fail("cannot parse the config file: " + err.Error())
 	}

build/update-locales.sh

@@ -10,10 +10,10 @@ sed -i -r -e '/^[a-zA-Z0-9_.-]+[ ]*=[ ]*".*"$/ {
 	}' ./options/locale/*.ini
 
 # Remove translation under 25% of en_us
-baselines=`wc -l "./options/locale_en-US.ini" | cut -d" " -f1`
+baselines=$(wc -l "./options/locale_en-US.ini" | cut -d" " -f1)
 baselines=$((baselines / 4))
 for filename in ./options/locale/*.ini; do
-  lines=`wc -l "$filename" | cut -d" " -f1`
+  lines=$(wc -l "$filename" | cut -d" " -f1)
   if [ $lines -lt $baselines ]; then
     echo "Removing $filename: $lines/$baselines"
     rm "$filename"

cmd/admin.go

@@ -6,9 +6,11 @@
 package cmd
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"os"
+	"strings"
 	"text/tabwriter"
 
 	"code.gitea.io/gitea/models"
@@ -29,16 +31,39 @@ var (
 		Name:  "admin",
 		Usage: "Command line interface to perform common administrative operations",
 		Subcommands: []cli.Command{
-			subcmdCreateUser,
-			subcmdChangePassword,
+			subcmdUser,
 			subcmdRepoSyncReleases,
 			subcmdRegenerate,
 			subcmdAuth,
+			subcmdSendMail,
 		},
 	}
 
-	subcmdCreateUser = cli.Command{
-		Name:   "create-user",
+	subcmdUser = cli.Command{
+		Name:  "user",
+		Usage: "Modify users",
+		Subcommands: []cli.Command{
+			microcmdUserCreate,
+			microcmdUserList,
+			microcmdUserChangePassword,
+			microcmdUserDelete,
+		},
+	}
+
+	microcmdUserList = cli.Command{
+		Name:   "list",
+		Usage:  "List users",
+		Action: runListUsers,
+		Flags: []cli.Flag{
+			cli.BoolFlag{
+				Name:  "admin",
+				Usage: "List only admin users",
+			},
+		},
+	}
+
+	microcmdUserCreate = cli.Command{
+		Name:   "create",
 		Usage:  "Create a new user in database",
 		Action: runCreateUser,
 		Flags: []cli.Flag{
@@ -82,7 +107,7 @@ var (
 		},
 	}
 
-	subcmdChangePassword = cli.Command{
+	microcmdUserChangePassword = cli.Command{
 		Name:   "change-password",
 		Usage:  "Change a user's password",
 		Action: runChangePassword,
@@ -100,6 +125,26 @@ var (
 		},
 	}
 
+	microcmdUserDelete = cli.Command{
+		Name:  "delete",
+		Usage: "Delete specific user by id, name or email",
+		Flags: []cli.Flag{
+			cli.Int64Flag{
+				Name:  "id",
+				Usage: "ID of user of the user to delete",
+			},
+			cli.StringFlag{
+				Name:  "username,u",
+				Usage: "Username of the user to delete",
+			},
+			cli.StringFlag{
+				Name:  "email,e",
+				Usage: "Email of the user to delete",
+			},
+		},
+		Action: runDeleteUser,
+	}
+
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@@ -237,6 +282,11 @@ var (
 			Value: "",
 			Usage: "Use a custom Email URL (option for GitHub)",
 		},
+		cli.StringFlag{
+			Name:  "icon-url",
+			Value: "",
+			Usage: "Custom icon URL for OAuth2 login source",
+		},
 	}
 
 	microcmdAuthUpdateOauth = cli.Command{
@@ -252,6 +302,28 @@ var (
 		Action: runAddOauth,
 		Flags:  oauthCLIFlags,
 	}
+
+	subcmdSendMail = cli.Command{
+		Name:   "sendmail",
+		Usage:  "Send a message to all users",
+		Action: runSendMail,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "title",
+				Usage: `a title of a message`,
+				Value: "",
+			},
+			cli.StringFlag{
+				Name:  "content",
+				Usage: "a content of a message",
+				Value: "",
+			},
+			cli.BoolFlag{
+				Name:  "force,f",
+				Usage: "A flag to bypass a confirmation step",
+			},
+		},
+	}
 )
 
 func runChangePassword(c *cli.Context) error {
@@ -265,17 +337,23 @@ func runChangePassword(c *cli.Context) error {
 	if !pwd.IsComplexEnough(c.String("password")) {
 		return errors.New("Password does not meet complexity requirements")
 	}
+	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
+	if err != nil {
+		return err
+	}
+	if pwned {
+		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
+	}
 	uname := c.String("username")
 	user, err := models.GetUserByName(uname)
 	if err != nil {
 		return err
 	}
-	if user.Salt, err = models.GetUserSalt(); err != nil {
+	if err = user.SetPassword(c.String("password")); err != nil {
 		return err
 	}
-	user.HashPassword(c.String("password"))
 
-	if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil {
+	if err = models.UpdateUserCols(user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}
 
@@ -369,6 +447,71 @@ func runCreateUser(c *cli.Context) error {
 	return nil
 }
 
+func runListUsers(c *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	users, err := models.GetAllUsers()
+
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
+
+	if c.IsSet("admin") {
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
+		for _, u := range users {
+			if u.IsAdmin {
+				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
+			}
+		}
+	} else {
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\n")
+		for _, u := range users {
+			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin)
+		}
+
+	}
+
+	w.Flush()
+	return nil
+
+}
+
+func runDeleteUser(c *cli.Context) error {
+	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
+		return fmt.Errorf("You must provide the id, username or email of a user to delete")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	var err error
+	var user *models.User
+	if c.IsSet("email") {
+		user, err = models.GetUserByEmail(c.String("email"))
+	} else if c.IsSet("username") {
+		user, err = models.GetUserByName(c.String("username"))
+	} else {
+		user, err = models.GetUserByID(c.Int64("id"))
+	}
+	if err != nil {
+		return err
+	}
+	if c.IsSet("username") && user.LowerName != strings.ToLower(strings.TrimSpace(c.String("username"))) {
+		return fmt.Errorf("The user %s who has email %s does not match the provided username %s", user.Name, c.String("email"), c.String("username"))
+	}
+
+	if c.IsSet("id") && user.ID != c.Int64("id") {
+		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
+	}
+
+	return models.DeleteUser(user)
+}
+
 func runRepoSyncReleases(c *cli.Context) error {
 	if err := initDB(); err != nil {
 		return err
@@ -467,6 +610,7 @@ func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
 		ClientSecret:                  c.String("secret"),
 		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
 		CustomURLMapping:              customURLMapping,
+		IconURL:                       c.String("icon-url"),
 	}
 }
 
@@ -519,6 +663,10 @@ func runUpdateOauth(c *cli.Context) error {
 		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
 	}
 
+	if c.IsSet("icon-url") {
+		oAuth2Config.IconURL = c.String("icon-url")
+	}
+
 	// update custom URL mapping
 	var customURLMapping = &oauth2.CustomURLMapping{}
 

cmd/cmd.go

@@ -9,6 +9,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"strings"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
@@ -32,6 +33,25 @@ func argsSet(c *cli.Context, args ...string) error {
 	return nil
 }
 
+// confirm waits for user input which confirms an action
+func confirm() (bool, error) {
+	var response string
+
+	_, err := fmt.Scanln(&response)
+	if err != nil {
+		return false, err
+	}
+
+	switch strings.ToLower(response) {
+	case "y", "yes":
+		return true, nil
+	case "n", "no":
+		return false, nil
+	default:
+		return false, errors.New(response + " isn't a correct confirmation string")
+	}
+}
+
 func initDB() error {
 	return initDBDisableConsole(false)
 }

cmd/docs.go

@@ -0,0 +1,61 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/urfave/cli"
+)
+
+// CmdDocs represents the available docs sub-command.
+var CmdDocs = cli.Command{
+	Name:        "docs",
+	Usage:       "Output CLI documentation",
+	Description: "A command to output Gitea's CLI documentation, optionally to a file.",
+	Action:      runDocs,
+	Flags: []cli.Flag{
+		&cli.BoolFlag{
+			Name:  "man",
+			Usage: "Output man pages instead",
+		},
+		&cli.StringFlag{
+			Name:  "output, o",
+			Usage: "Path to output to instead of stdout (will overwrite if exists)",
+		},
+	},
+}
+
+func runDocs(ctx *cli.Context) error {
+	docs, err := ctx.App.ToMarkdown()
+	if ctx.Bool("man") {
+		docs, err = ctx.App.ToMan()
+	}
+	if err != nil {
+		return err
+	}
+
+	if !ctx.Bool("man") {
+		// Clean up markdown. The following bug was fixed in v2, but is present in v1.
+		// It affects markdown output (even though the issue is referring to man pages)
+		// https://github.com/urfave/cli/issues/1040
+		docs = docs[strings.Index(docs, "#"):]
+	}
+
+	out := os.Stdout
+	if ctx.String("output") != "" {
+		fi, err := os.Create(ctx.String("output"))
+		if err != nil {
+			return err
+		}
+		defer fi.Close()
+		out = fi
+	}
+
+	_, err = fmt.Fprintln(out, docs)
+	return err
+}

cmd/doctor.go

@@ -5,26 +5,20 @@
 package cmd
 
 import (
-	"bufio"
-	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
 	golog "log"
 	"os"
-	"os/exec"
-	"path/filepath"
 	"strings"
 	"text/tabwriter"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/migrations"
-	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/options"
-	"code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
-	"xorm.io/builder"
+
+	"xorm.io/xorm"
 
 	"github.com/urfave/cli"
 )
@@ -60,67 +54,73 @@ var CmdDoctor = cli.Command{
 			Name:  "log-file",
 			Usage: `Name of the log file (default: "doctor.log"). Set to "-" to output to stdout, set to "" to disable`,
 		},
+		cli.BoolFlag{
+			Name:  "color, H",
+			Usage: "Use color for outputted information",
+		},
+	},
+	Subcommands: []cli.Command{
+		cmdRecreateTable,
 	},
 }
 
-type check struct {
-	title            string
-	name             string
-	isDefault        bool
-	f                func(ctx *cli.Context) ([]string, error)
-	abortIfFailed    bool
-	skipDatabaseInit bool
+var cmdRecreateTable = cli.Command{
+	Name:      "recreate-table",
+	Usage:     "Recreate tables from XORM definitions and copy the data.",
+	ArgsUsage: "[TABLE]... : (TABLEs to recreate - leave blank for all)",
+	Flags: []cli.Flag{
+		cli.BoolFlag{
+			Name:  "debug",
+			Usage: "Print SQL commands sent",
+		},
+	},
+	Description: `The database definitions Gitea uses change across versions, sometimes changing default values and leaving old unused columns.
+
+This command will cause Xorm to recreate tables, copying over the data and deleting the old table.
+
+You should back-up your database before doing this and ensure that your database is up-to-date first.`,
+	Action: runRecreateTable,
 }
 
-// checklist represents list for all checks
-var checklist = []check{
-	{
-		// NOTE: this check should be the first in the list
-		title:            "Check paths and basic configuration",
-		name:             "paths",
-		isDefault:        true,
-		f:                runDoctorPathInfo,
-		abortIfFailed:    true,
-		skipDatabaseInit: true,
-	},
-	{
-		title:         "Check Database Version",
-		name:          "check-db-version",
-		isDefault:     true,
-		f:             runDoctorCheckDBVersion,
-		abortIfFailed: false,
-	},
-	{
-		title:     "Check consistency of database",
-		name:      "check-db-consistency",
-		isDefault: false,
-		f:         runDoctorCheckDBConsistency,
-	},
-	{
-		title:     "Check if OpenSSH authorized_keys file is up-to-date",
-		name:      "authorized_keys",
-		isDefault: true,
-		f:         runDoctorAuthorizedKeys,
-	},
-	{
-		title:     "Check if SCRIPT_TYPE is available",
-		name:      "script-type",
-		isDefault: false,
-		f:         runDoctorScriptType,
-	},
-	{
-		title:     "Check if hook files are up-to-date and executable",
-		name:      "hooks",
-		isDefault: false,
-		f:         runDoctorHooks,
-	},
-	{
-		title:     "Recalculate merge bases",
-		name:      "recalculate_merge_bases",
-		isDefault: false,
-		f:         runDoctorPRMergeBase,
-	},
-	// more checks please append here
+func runRecreateTable(ctx *cli.Context) error {
+	// Redirect the default golog to here
+	golog.SetFlags(0)
+	golog.SetPrefix("")
+	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
+
+	setting.NewContext()
+	setting.InitDBConfig()
+
+	setting.EnableXORMLog = ctx.Bool("debug")
+	setting.Database.LogSQL = ctx.Bool("debug")
+	setting.Cfg.Section("log").Key("XORM").SetValue(",")
+
+	setting.NewXORMLogService(!ctx.Bool("debug"))
+	if err := models.SetEngine(); err != nil {
+		fmt.Println(err)
+		fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
+		return nil
+	}
+
+	args := ctx.Args()
+	names := make([]string, 0, ctx.NArg())
+	for i := 0; i < ctx.NArg(); i++ {
+		names = append(names, args.Get(i))
+	}
+
+	beans, err := models.NamesToBean(names...)
+	if err != nil {
+		return err
+	}
+	recreateTables := migrations.RecreateTables(beans...)
+
+	return models.NewEngine(context.Background(), func(x *xorm.Engine) error {
+		if err := migrations.EnsureUpToDate(x); err != nil {
+			return err
+		}
+		return recreateTables(x)
+	})
+
 }
 
 func runDoctor(ctx *cli.Context) error {
@@ -135,10 +135,15 @@ func runDoctor(ctx *cli.Context) error {
 		logFile = "doctor.log"
 	}
 
+	colorize := log.CanColorStdout
+	if ctx.IsSet("color") {
+		colorize = ctx.Bool("color")
+	}
+
 	if len(logFile) == 0 {
-		log.NewLogger(1000, "doctor", "console", `{"level":"NONE","stacktracelevel":"NONE","colorize":"%t"}`)
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
 	} else if logFile == "-" {
-		log.NewLogger(1000, "doctor", "console", `{"level":"trace","stacktracelevel":"NONE"}`)
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"trace","stacktracelevel":"NONE","colorize":%t}`, colorize))
 	} else {
 		log.NewLogger(1000, "doctor", "file", fmt.Sprintf(`{"filename":%q,"level":"trace","stacktracelevel":"NONE"}`, logFile))
 	}
@@ -149,24 +154,24 @@ func runDoctor(ctx *cli.Context) error {
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
 
 	if ctx.IsSet("list") {
-		w := tabwriter.NewWriter(os.Stdout, 0, 8, 0, '\t', 0)
+		w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
 		_, _ = w.Write([]byte("Default\tName\tTitle\n"))
-		for _, check := range checklist {
-			if check.isDefault {
+		for _, check := range doctor.Checks {
+			if check.IsDefault {
 				_, _ = w.Write([]byte{'*'})
 			}
 			_, _ = w.Write([]byte{'\t'})
-			_, _ = w.Write([]byte(check.name))
+			_, _ = w.Write([]byte(check.Name))
 			_, _ = w.Write([]byte{'\t'})
-			_, _ = w.Write([]byte(check.title))
+			_, _ = w.Write([]byte(check.Title))
 			_, _ = w.Write([]byte{'\n'})
 		}
 		return w.Flush()
 	}
 
-	var checks []check
+	var checks []*doctor.Check
 	if ctx.Bool("all") {
-		checks = checklist
+		checks = doctor.Checks
 	} else if ctx.IsSet("run") {
 		addDefault := ctx.Bool("default")
 		names := ctx.StringSlice("run")
@@ -174,423 +179,37 @@ func runDoctor(ctx *cli.Context) error {
 			names[i] = strings.ToLower(strings.TrimSpace(name))
 		}
 
-		for _, check := range checklist {
-			if addDefault && check.isDefault {
+		for _, check := range doctor.Checks {
+			if addDefault && check.IsDefault {
 				checks = append(checks, check)
 				continue
 			}
 			for _, name := range names {
-				if name == check.name {
+				if name == check.Name {
 					checks = append(checks, check)
 					break
 				}
 			}
 		}
 	} else {
-		for _, check := range checklist {
-			if check.isDefault {
+		for _, check := range doctor.Checks {
+			if check.IsDefault {
 				checks = append(checks, check)
 			}
 		}
 	}
 
-	dbIsInit := false
-
-	for i, check := range checks {
-		if !dbIsInit && !check.skipDatabaseInit {
-			// Only open database after the most basic configuration check
-			setting.EnableXORMLog = false
-			if err := initDBDisableConsole(true); err != nil {
-				fmt.Println(err)
-				fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
-				return nil
-			}
-			dbIsInit = true
-		}
-		fmt.Println("[", i+1, "]", check.title)
-		messages, err := check.f(ctx)
-		for _, message := range messages {
-			fmt.Println("-", message)
-		}
-		if err != nil {
-			fmt.Println("Error:", err)
-			if check.abortIfFailed {
-				return nil
-			}
-		} else {
-			fmt.Println("OK.")
-		}
-		fmt.Println()
-	}
-	return nil
-}
-
-func runDoctorPathInfo(ctx *cli.Context) ([]string, error) {
-
-	res := make([]string, 0, 10)
-
-	if fi, err := os.Stat(setting.CustomConf); err != nil || !fi.Mode().IsRegular() {
-		res = append(res, fmt.Sprintf("Failed to find configuration file at '%s'.", setting.CustomConf))
-		res = append(res, fmt.Sprintf("If you've never ran Gitea yet, this is normal and '%s' will be created for you on first run.", setting.CustomConf))
-		res = append(res, "Otherwise check that you are running this command from the correct path and/or provide a `--config` parameter.")
-		return res, fmt.Errorf("can't proceed without a configuration file")
-	}
-
-	setting.NewContext()
-
-	fail := false
-
-	check := func(name, path string, is_dir, required, is_write bool) {
-		res = append(res, fmt.Sprintf("%-25s  '%s'", name+":", path))
-		fi, err := os.Stat(path)
-		if err != nil {
-			if os.IsNotExist(err) && ctx.Bool("fix") && is_dir {
-				if err := os.MkdirAll(path, 0777); err != nil {
-					res = append(res, fmt.Sprintf("    ERROR: %v", err))
-					fail = true
-					return
-				}
-				fi, err = os.Stat(path)
-			}
-		}
-		if err != nil {
-			if required {
-				res = append(res, fmt.Sprintf("    ERROR: %v", err))
-				fail = true
-				return
-			}
-			res = append(res, fmt.Sprintf("    NOTICE: not accessible (%v)", err))
-			return
-		}
-
-		if is_dir && !fi.IsDir() {
-			res = append(res, "    ERROR: not a directory")
-			fail = true
-			return
-		} else if !is_dir && !fi.Mode().IsRegular() {
-			res = append(res, "    ERROR: not a regular file")
-			fail = true
-		} else if is_write {
-			if err := runDoctorWritableDir(path); err != nil {
-				res = append(res, fmt.Sprintf("    ERROR: not writable: %v", err))
-				fail = true
-			}
-		}
-	}
-
-	// Note print paths inside quotes to make any leading/trailing spaces evident
-	check("Configuration File Path", setting.CustomConf, false, true, false)
-	check("Repository Root Path", setting.RepoRootPath, true, true, true)
-	check("Data Root Path", setting.AppDataPath, true, true, true)
-	check("Custom File Root Path", setting.CustomPath, true, false, false)
-	check("Work directory", setting.AppWorkPath, true, true, false)
-	check("Log Root Path", setting.LogRootPath, true, true, true)
-
-	if options.IsDynamic() {
-		// Do not check/report on StaticRootPath if data is embedded in Gitea (-tags bindata)
-		check("Static File Root Path", setting.StaticRootPath, true, true, false)
-	}
-
-	if fail {
-		return res, fmt.Errorf("please check your configuration file and try again")
-	}
-
-	return res, nil
-}
-
-func runDoctorWritableDir(path string) error {
-	// There's no platform-independent way of checking if a directory is writable
-	// https://stackoverflow.com/questions/20026320/how-to-tell-if-folder-exists-and-is-writable
-
-	tmpFile, err := ioutil.TempFile(path, "doctors-order")
-	if err != nil {
+	// Now we can set up our own logger to return information about what the doctor is doing
+	if err := log.NewNamedLogger("doctorouter",
+		1000,
+		"console",
+		"console",
+		fmt.Sprintf(`{"level":"INFO","stacktracelevel":"NONE","colorize":%t,"flags":-1}`, colorize)); err != nil {
+		fmt.Println(err)
 		return err
 	}
-	if err := os.Remove(tmpFile.Name()); err != nil {
-		fmt.Printf("Warning: can't remove temporary file: '%s'\n", tmpFile.Name())
-	}
-	tmpFile.Close()
-	return nil
-}
-
-const tplCommentPrefix = `# gitea public key`
-
-func runDoctorAuthorizedKeys(ctx *cli.Context) ([]string, error) {
-	if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile {
-		return nil, nil
-	}
-
-	fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
-	f, err := os.Open(fPath)
-	if err != nil {
-		if ctx.Bool("fix") {
-			return []string{fmt.Sprintf("Error whilst opening authorized_keys: %v. Attempting regeneration", err)}, models.RewriteAllPublicKeys()
-		}
-		return nil, err
-	}
-	defer f.Close()
-
-	linesInAuthorizedKeys := map[string]bool{}
-
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		line := scanner.Text()
-		if strings.HasPrefix(line, tplCommentPrefix) {
-			continue
-		}
-		linesInAuthorizedKeys[line] = true
-	}
-	f.Close()
-
-	// now we regenerate and check if there are any lines missing
-	regenerated := &bytes.Buffer{}
-	if err := models.RegeneratePublicKeys(regenerated); err != nil {
-		return nil, err
-	}
-	scanner = bufio.NewScanner(regenerated)
-	for scanner.Scan() {
-		line := scanner.Text()
-		if strings.HasPrefix(line, tplCommentPrefix) {
-			continue
-		}
-		if ok := linesInAuthorizedKeys[line]; ok {
-			continue
-		}
-		if ctx.Bool("fix") {
-			return []string{"authorized_keys is out of date, attempting regeneration"}, models.RewriteAllPublicKeys()
-		}
-		return nil, fmt.Errorf(`authorized_keys is out of date and should be regenerated with "gitea admin regenerate keys" or "gitea doctor --run authorized_keys --fix"`)
-	}
-	return nil, nil
-}
-
-func runDoctorCheckDBVersion(ctx *cli.Context) ([]string, error) {
-	if err := models.NewEngine(context.Background(), migrations.EnsureUpToDate); err != nil {
-		if ctx.Bool("fix") {
-			return []string{fmt.Sprintf("WARN: Got Error %v during ensure up to date", err), "Attempting to migrate to the latest DB version to fix this."}, models.NewEngine(context.Background(), migrations.Migrate)
-		}
-		return nil, err
-	}
-	return nil, nil
-}
-
-func iterateRepositories(each func(*models.Repository) ([]string, error)) ([]string, error) {
-	results := []string{}
-	err := models.Iterate(
-		models.DefaultDBContext(),
-		new(models.Repository),
-		builder.Gt{"id": 0},
-		func(idx int, bean interface{}) error {
-			res, err := each(bean.(*models.Repository))
-			results = append(results, res...)
-			return err
-		},
-	)
-	return results, err
-}
-
-func iteratePRs(repo *models.Repository, each func(*models.Repository, *models.PullRequest) ([]string, error)) ([]string, error) {
-	results := []string{}
-	err := models.Iterate(
-		models.DefaultDBContext(),
-		new(models.PullRequest),
-		builder.Eq{"base_repo_id": repo.ID},
-		func(idx int, bean interface{}) error {
-			res, err := each(repo, bean.(*models.PullRequest))
-			results = append(results, res...)
-			return err
-		},
-	)
-	return results, err
-}
-
-func runDoctorHooks(ctx *cli.Context) ([]string, error) {
-	// Need to iterate across all of the repositories
-	return iterateRepositories(func(repo *models.Repository) ([]string, error) {
-		results, err := repository.CheckDelegateHooks(repo.RepoPath())
-		if err != nil {
-			return nil, err
-		}
-		if len(results) > 0 && ctx.Bool("fix") {
-			return []string{fmt.Sprintf("regenerated hooks for %s", repo.FullName())}, repository.CreateDelegateHooks(repo.RepoPath())
-		}
-
-		return results, nil
-	})
-}
-
-func runDoctorPRMergeBase(ctx *cli.Context) ([]string, error) {
-	numRepos := 0
-	numPRs := 0
-	numPRsUpdated := 0
-	results, err := iterateRepositories(func(repo *models.Repository) ([]string, error) {
-		numRepos++
-		return iteratePRs(repo, func(repo *models.Repository, pr *models.PullRequest) ([]string, error) {
-			numPRs++
-			results := []string{}
-			pr.BaseRepo = repo
-			repoPath := repo.RepoPath()
-
-			oldMergeBase := pr.MergeBase
-
-			if !pr.HasMerged {
-				var err error
-				pr.MergeBase, err = git.NewCommand("merge-base", "--", pr.BaseBranch, pr.GetGitRefName()).RunInDir(repoPath)
-				if err != nil {
-					var err2 error
-					pr.MergeBase, err2 = git.NewCommand("rev-parse", git.BranchPrefix+pr.BaseBranch).RunInDir(repoPath)
-					if err2 != nil {
-						results = append(results, fmt.Sprintf("WARN: Unable to get merge base for PR ID %d, #%d onto %s in %s/%s", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name))
-						log.Error("Unable to get merge base for PR ID %d, Index %d in %s/%s. Error: %v & %v", pr.ID, pr.Index, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err, err2)
-						return results, nil
-					}
-				}
-			} else {
-				parentsString, err := git.NewCommand("rev-list", "--parents", "-n", "1", pr.MergedCommitID).RunInDir(repoPath)
-				if err != nil {
-					results = append(results, fmt.Sprintf("WARN: Unable to get parents for merged PR ID %d, #%d onto %s in %s/%s", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name))
-					log.Error("Unable to get parents for merged PR ID %d, Index %d in %s/%s. Error: %v", pr.ID, pr.Index, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err)
-					return results, nil
-				}
-				parents := strings.Split(strings.TrimSpace(parentsString), " ")
-				if len(parents) < 2 {
-					return results, nil
-				}
-
-				args := append([]string{"merge-base", "--"}, parents[1:]...)
-				args = append(args, pr.GetGitRefName())
-
-				pr.MergeBase, err = git.NewCommand(args...).RunInDir(repoPath)
-				if err != nil {
-					results = append(results, fmt.Sprintf("WARN: Unable to get merge base for merged PR ID %d, #%d onto %s in %s/%s", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name))
-					log.Error("Unable to get merge base for merged PR ID %d, Index %d in %s/%s. Error: %v", pr.ID, pr.Index, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err)
-					return results, nil
-				}
-			}
-			pr.MergeBase = strings.TrimSpace(pr.MergeBase)
-			if pr.MergeBase != oldMergeBase {
-				if ctx.Bool("fix") {
-					if err := pr.UpdateCols("merge_base"); err != nil {
-						return results, err
-					}
-				} else {
-					results = append(results, fmt.Sprintf("#%d onto %s in %s/%s: MergeBase should be %s but is %s", pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, oldMergeBase, pr.MergeBase))
-				}
-				numPRsUpdated++
-			}
-			return results, nil
-		})
-	})
-
-	if ctx.Bool("fix") {
-		results = append(results, fmt.Sprintf("%d PR mergebases updated of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos))
-	} else {
-		if numPRsUpdated > 0 && err == nil {
-			return results, fmt.Errorf("%d PRs with incorrect mergebases of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos)
-		}
-		results = append(results, fmt.Sprintf("%d PRs with incorrect mergebases of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos))
-	}
-
-	return results, err
-}
-
-func runDoctorScriptType(ctx *cli.Context) ([]string, error) {
-	path, err := exec.LookPath(setting.ScriptType)
-	if err != nil {
-		return []string{fmt.Sprintf("ScriptType %s is not on the current PATH", setting.ScriptType)}, err
-	}
-	return []string{fmt.Sprintf("ScriptType %s is on the current PATH at %s", setting.ScriptType, path)}, nil
-}
-
-func runDoctorCheckDBConsistency(ctx *cli.Context) ([]string, error) {
-	var results []string
-
-	// make sure DB version is uptodate
-	if err := models.NewEngine(context.Background(), migrations.EnsureUpToDate); err != nil {
-		return nil, fmt.Errorf("model version on the database does not match the current Gitea version. Model consistency will not be checked until the database is upgraded")
-	}
-
-	//find labels without existing repo or org
-	count, err := models.CountOrphanedLabels()
-	if err != nil {
-		return nil, err
-	}
-	if count > 0 {
-		if ctx.Bool("fix") {
-			if err = models.DeleteOrphanedLabels(); err != nil {
-				return nil, err
-			}
-			results = append(results, fmt.Sprintf("%d labels without existing repository/organisation deleted", count))
-		} else {
-			results = append(results, fmt.Sprintf("%d labels without existing repository/organisation", count))
-		}
-	}
-
-	//find issues without existing repository
-	count, err = models.CountOrphanedIssues()
-	if err != nil {
-		return nil, err
-	}
-	if count > 0 {
-		if ctx.Bool("fix") {
-			if err = models.DeleteOrphanedIssues(); err != nil {
-				return nil, err
-			}
-			results = append(results, fmt.Sprintf("%d issues without existing repository deleted", count))
-		} else {
-			results = append(results, fmt.Sprintf("%d issues without existing repository", count))
-		}
-	}
-
-	//find pulls without existing issues
-	count, err = models.CountOrphanedObjects("pull_request", "issue", "pull_request.issue_id=issue.id")
-	if err != nil {
-		return nil, err
-	}
-	if count > 0 {
-		if ctx.Bool("fix") {
-			if err = models.DeleteOrphanedObjects("pull_request", "issue", "pull_request.issue_id=issue.id"); err != nil {
-				return nil, err
-			}
-			results = append(results, fmt.Sprintf("%d pull requests without existing issue deleted", count))
-		} else {
-			results = append(results, fmt.Sprintf("%d pull requests without existing issue", count))
-		}
-	}
-
-	//find tracked times without existing issues/pulls
-	count, err = models.CountOrphanedObjects("tracked_time", "issue", "tracked_time.issue_id=issue.id")
-	if err != nil {
-		return nil, err
-	}
-	if count > 0 {
-		if ctx.Bool("fix") {
-			if err = models.DeleteOrphanedObjects("tracked_time", "issue", "tracked_time.issue_id=issue.id"); err != nil {
-				return nil, err
-			}
-			results = append(results, fmt.Sprintf("%d tracked times without existing issue deleted", count))
-		} else {
-			results = append(results, fmt.Sprintf("%d tracked times without existing issue", count))
-		}
-	}
-
-	count, err = models.CountNullArchivedRepository()
-	if err != nil {
-		return nil, err
-	}
-	if count > 0 {
-		if ctx.Bool("fix") {
-			updatedCount, err := models.FixNullArchivedRepository()
-			if err != nil {
-				return nil, err
-			}
-			results = append(results, fmt.Sprintf("%d repositories with null is_archived updated", updatedCount))
-		} else {
-			results = append(results, fmt.Sprintf("%d repositories with null is_archived", count))
-		}
-	}
-
-	//ToDo: function to recalc all counters
-
-	return results, nil
+
+	logger := log.GetLogger("doctorouter")
+	defer logger.Close()
+	return doctor.RunChecks(logger, ctx.Bool("fix"), checks)
 }

cmd/dump.go

@@ -6,7 +6,6 @@
 package cmd
 
 import (
-	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -18,10 +17,12 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
+	"code.gitea.io/gitea/modules/util"
 
-	"gitea.com/macaron/session"
+	"gitea.com/go-chi/session"
+	jsoniter "github.com/json-iterator/go"
 	archiver "github.com/mholt/archiver/v3"
-	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 )
 
@@ -48,36 +49,6 @@ func addFile(w archiver.Writer, filePath string, absPath string, verbose bool) e
 	})
 }
 
-func addRecursive(w archiver.Writer, dirPath string, absPath string, verbose bool) error {
-	if verbose {
-		log.Info("Adding dir  %s\n", dirPath)
-	}
-	dir, err := os.Open(absPath)
-	if err != nil {
-		return fmt.Errorf("Could not open directory %s: %s", absPath, err)
-	}
-	files, err := dir.Readdir(0)
-	if err != nil {
-		return fmt.Errorf("Unable to list files in %s: %s", absPath, err)
-	}
-
-	if err := addFile(w, dirPath, absPath, false); err != nil {
-		return err
-	}
-
-	for _, fileInfo := range files {
-		if fileInfo.IsDir() {
-			err = addRecursive(w, filepath.Join(dirPath, fileInfo.Name()), filepath.Join(absPath, fileInfo.Name()), verbose)
-		} else {
-			err = addFile(w, filepath.Join(dirPath, fileInfo.Name()), filepath.Join(absPath, fileInfo.Name()), verbose)
-		}
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 func isSubdir(upper string, lower string) (bool, error) {
 	if relPath, err := filepath.Rel(upper, lower); err != nil {
 		return false, err
@@ -154,6 +125,18 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-log, L",
 			Usage: "Skip the log dumping",
 		},
+		cli.BoolFlag{
+			Name:  "skip-custom-dir",
+			Usage: "Skip custom directory",
+		},
+		cli.BoolFlag{
+			Name:  "skip-lfs-data",
+			Usage: "Skip LFS data",
+		},
+		cli.BoolFlag{
+			Name:  "skip-attachment-data",
+			Usage: "Skip attachment data",
+		},
 		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
@@ -185,6 +168,10 @@ func runDump(ctx *cli.Context) error {
 	if _, err := setting.Cfg.Section("log.console").NewKey("STDERR", "true"); err != nil {
 		fatal("Setting console logger to stderr failed: %v", err)
 	}
+	if !setting.InstallLock {
+		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
+		return fmt.Errorf("gitea is not initialized")
+	}
 	setting.NewServices() // cannot access session settings otherwise
 
 	err := models.SetEngine()
@@ -192,6 +179,10 @@ func runDump(ctx *cli.Context) error {
 		return err
 	}
 
+	if err := storage.Init(); err != nil {
+		return err
+	}
+
 	if file == nil {
 		file, err = os.Create(fileName)
 		if err != nil {
@@ -200,6 +191,11 @@ func runDump(ctx *cli.Context) error {
 	}
 	defer file.Close()
 
+	absFileName, err := filepath.Abs(fileName)
+	if err != nil {
+		return err
+	}
+
 	verbose := ctx.Bool("verbose")
 	outType := ctx.String("type")
 	var iface interface{}
@@ -222,15 +218,27 @@ func runDump(ctx *cli.Context) error {
 		log.Info("Skip dumping local repositories")
 	} else {
 		log.Info("Dumping local repositories... %s", setting.RepoRootPath)
-		if err := addRecursive(w, "repos", setting.RepoRootPath, verbose); err != nil {
+		if err := addRecursiveExclude(w, "repos", setting.RepoRootPath, []string{absFileName}, verbose); err != nil {
 			fatal("Failed to include repositories: %v", err)
 		}
 
-		if _, err := os.Stat(setting.LFS.ContentPath); !os.IsNotExist(err) {
-			log.Info("Dumping lfs... %s", setting.LFS.ContentPath)
-			if err := addRecursive(w, "lfs", setting.LFS.ContentPath, verbose); err != nil {
-				fatal("Failed to include lfs: %v", err)
+		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
+			log.Info("Skip dumping LFS data")
+		} else if err := storage.LFS.IterateObjects(func(objPath string, object storage.Object) error {
+			info, err := object.Stat()
+			if err != nil {
+				return err
 			}
+
+			return w.Write(archiver.File{
+				FileInfo: archiver.FileInfo{
+					FileInfo:   info,
+					CustomName: path.Join("data", "lfs", objPath),
+				},
+				ReadCloser: object,
+			})
+		}); err != nil {
+			fatal("Failed to dump LFS objects: %v", err)
 		}
 	}
 
@@ -243,7 +251,11 @@ func runDump(ctx *cli.Context) error {
 	if err != nil {
 		fatal("Failed to create tmp file: %v", err)
 	}
-	defer os.Remove(dbDump.Name())
+	defer func() {
+		if err := util.Remove(dbDump.Name()); err != nil {
+			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
+		}
+	}()
 
 	targetDBType := ctx.String("database")
 	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
@@ -267,25 +279,34 @@ func runDump(ctx *cli.Context) error {
 		}
 	}
 
-	customDir, err := os.Stat(setting.CustomPath)
-	if err == nil && customDir.IsDir() {
-		if is, _ := isSubdir(setting.AppDataPath, setting.CustomPath); !is {
-			if err := addRecursive(w, "custom", setting.CustomPath, verbose); err != nil {
-				fatal("Failed to include custom: %v", err)
+	if ctx.IsSet("skip-custom-dir") && ctx.Bool("skip-custom-dir") {
+		log.Info("Skiping custom directory")
+	} else {
+		customDir, err := os.Stat(setting.CustomPath)
+		if err == nil && customDir.IsDir() {
+			if is, _ := isSubdir(setting.AppDataPath, setting.CustomPath); !is {
+				if err := addRecursiveExclude(w, "custom", setting.CustomPath, []string{absFileName}, verbose); err != nil {
+					fatal("Failed to include custom: %v", err)
+				}
+			} else {
+				log.Info("Custom dir %s is inside data dir %s, skipped", setting.CustomPath, setting.AppDataPath)
 			}
 		} else {
-			log.Info("Custom dir %s is inside data dir %s, skipped", setting.CustomPath, setting.AppDataPath)
+			log.Info("Custom dir %s doesn't exist, skipped", setting.CustomPath)
 		}
-	} else {
-		log.Info("Custom dir %s doesn't exist, skipped", setting.CustomPath)
 	}
 
-	if com.IsExist(setting.AppDataPath) {
+	isExist, err := util.IsExist(setting.AppDataPath)
+	if err != nil {
+		log.Error("Unable to check if %s exists. Error: %v", setting.AppDataPath, err)
+	}
+	if isExist {
 		log.Info("Packing data directory...%s", setting.AppDataPath)
 
 		var excludes []string
 		if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
 			var opts session.Options
+			json := jsoniter.ConfigCompatibleWithStandardLibrary
 			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
 				return err
 			}
@@ -293,27 +314,54 @@ func runDump(ctx *cli.Context) error {
 		}
 
 		excludes = append(excludes, setting.RepoRootPath)
-		excludes = append(excludes, setting.LFS.ContentPath)
+		excludes = append(excludes, setting.LFS.Path)
+		excludes = append(excludes, setting.Attachment.Path)
 		excludes = append(excludes, setting.LogRootPath)
+		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
 			fatal("Failed to include data directory: %v", err)
 		}
 	}
 
+	if ctx.IsSet("skip-attachment-data") && ctx.Bool("skip-attachment-data") {
+		log.Info("Skip dumping attachment data")
+	} else if err := storage.Attachments.IterateObjects(func(objPath string, object storage.Object) error {
+		info, err := object.Stat()
+		if err != nil {
+			return err
+		}
+
+		return w.Write(archiver.File{
+			FileInfo: archiver.FileInfo{
+				FileInfo:   info,
+				CustomName: path.Join("data", "attachments", objPath),
+			},
+			ReadCloser: object,
+		})
+	}); err != nil {
+		fatal("Failed to dump attachments: %v", err)
+	}
+
 	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
 	// ensuring that it's clear the dump is skipped whether the directory's initialized
 	// yet or not.
 	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
 		log.Info("Skip dumping log files")
-	} else if com.IsExist(setting.LogRootPath) {
-		if err := addRecursive(w, "log", setting.LogRootPath, verbose); err != nil {
-			fatal("Failed to include log: %v", err)
+	} else {
+		isExist, err := util.IsExist(setting.LogRootPath)
+		if err != nil {
+			log.Error("Unable to check if %s exists. Error: %v", setting.LogRootPath, err)
+		}
+		if isExist {
+			if err := addRecursiveExclude(w, "log", setting.LogRootPath, []string{absFileName}, verbose); err != nil {
+				fatal("Failed to include log: %v", err)
+			}
 		}
 	}
 
 	if fileName != "-" {
 		if err = w.Close(); err != nil {
-			_ = os.Remove(fileName)
+			_ = util.Remove(fileName)
 			fatal("Failed to save %s: %v", fileName, err)
 		}
 

cmd/dump_repo.go

@@ -0,0 +1,162 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"context"
+	"errors"
+	"strings"
+
+	"code.gitea.io/gitea/modules/convert"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/migrations"
+	"code.gitea.io/gitea/modules/migrations/base"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
+
+	"github.com/urfave/cli"
+)
+
+// CmdDumpRepository represents the available dump repository sub-command.
+var CmdDumpRepository = cli.Command{
+	Name:        "dump-repo",
+	Usage:       "Dump the repository from git/github/gitea/gitlab",
+	Description: "This is a command for dumping the repository data.",
+	Action:      runDumpRepository,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "git_service",
+			Value: "",
+			Usage: "Git service, git, github, gitea, gitlab. If clone_addr could be recognized, this could be ignored.",
+		},
+		cli.StringFlag{
+			Name:  "repo_dir, r",
+			Value: "./data",
+			Usage: "Repository dir path to store the data",
+		},
+		cli.StringFlag{
+			Name:  "clone_addr",
+			Value: "",
+			Usage: "The URL will be clone, currently could be a git/github/gitea/gitlab http/https URL",
+		},
+		cli.StringFlag{
+			Name:  "auth_username",
+			Value: "",
+			Usage: "The username to visit the clone_addr",
+		},
+		cli.StringFlag{
+			Name:  "auth_password",
+			Value: "",
+			Usage: "The password to visit the clone_addr",
+		},
+		cli.StringFlag{
+			Name:  "auth_token",
+			Value: "",
+			Usage: "The personal token to visit the clone_addr",
+		},
+		cli.StringFlag{
+			Name:  "owner_name",
+			Value: "",
+			Usage: "The data will be stored on a directory with owner name if not empty",
+		},
+		cli.StringFlag{
+			Name:  "repo_name",
+			Value: "",
+			Usage: "The data will be stored on a directory with repository name if not empty",
+		},
+		cli.StringFlag{
+			Name:  "units",
+			Value: "",
+			Usage: `Which items will be migrated, one or more units should be separated as comma. 
+wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
+		},
+	},
+}
+
+func runDumpRepository(ctx *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	setting.InitDBConfig()
+
+	var (
+		serviceType structs.GitServiceType
+		cloneAddr   = ctx.String("clone_addr")
+		serviceStr  = ctx.String("git_service")
+	)
+
+	if strings.HasPrefix(strings.ToLower(cloneAddr), "https://github.com/") {
+		serviceStr = "github"
+	} else if strings.HasPrefix(strings.ToLower(cloneAddr), "https://gitlab.com/") {
+		serviceStr = "gitlab"
+	} else if strings.HasPrefix(strings.ToLower(cloneAddr), "https://gitea.com/") {
+		serviceStr = "gitea"
+	}
+	if serviceStr == "" {
+		return errors.New("git_service missed or clone_addr cannot be recognized")
+	}
+	serviceType = convert.ToGitServiceType(serviceStr)
+
+	var opts = base.MigrateOptions{
+		GitServiceType: serviceType,
+		CloneAddr:      cloneAddr,
+		AuthUsername:   ctx.String("auth_username"),
+		AuthPassword:   ctx.String("auth_password"),
+		AuthToken:      ctx.String("auth_token"),
+		RepoName:       ctx.String("repo_name"),
+	}
+
+	if len(ctx.String("units")) == 0 {
+		opts.Wiki = true
+		opts.Issues = true
+		opts.Milestones = true
+		opts.Labels = true
+		opts.Releases = true
+		opts.Comments = true
+		opts.PullRequests = true
+		opts.ReleaseAssets = true
+	} else {
+		units := strings.Split(ctx.String("units"), ",")
+		for _, unit := range units {
+			switch strings.ToLower(unit) {
+			case "wiki":
+				opts.Wiki = true
+			case "issues":
+				opts.Issues = true
+			case "milestones":
+				opts.Milestones = true
+			case "labels":
+				opts.Labels = true
+			case "releases":
+				opts.Releases = true
+			case "release_assets":
+				opts.ReleaseAssets = true
+			case "comments":
+				opts.Comments = true
+			case "pull_requests":
+				opts.PullRequests = true
+			}
+		}
+	}
+
+	if err := migrations.DumpRepository(
+		context.Background(),
+		ctx.String("repo_dir"),
+		ctx.String("owner_name"),
+		opts,
+	); err != nil {
+		log.Fatal("Failed to dump repository: %v", err)
+		return err
+	}
+
+	log.Trace("Dump finished!!!")
+
+	return nil
+}

cmd/hook.go

@@ -170,7 +170,7 @@ Gitea or set your environment appropriately.`, "")
 	username := os.Getenv(models.EnvRepoUsername)
 	reponame := os.Getenv(models.EnvRepoName)
 	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
-	prID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchPRID), 10, 64)
+	prID, _ := strconv.ParseInt(os.Getenv(models.EnvPRID), 10, 64)
 	isDeployKey, _ := strconv.ParseBool(os.Getenv(models.EnvIsDeployKey))
 
 	hookOptions := private.HookOptions{
@@ -178,6 +178,7 @@ Gitea or set your environment appropriately.`, "")
 		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
+		GitPushOptions:                  pushOptions(),
 		ProtectedBranchID:               prID,
 		IsDeployKey:                     isDeployKey,
 	}
@@ -284,6 +285,12 @@ func runHookUpdate(c *cli.Context) error {
 }
 
 func runHookPostReceive(c *cli.Context) error {
+	// First of all run update-server-info no matter what
+	if _, err := git.NewCommand("update-server-info").Run(); err != nil {
+		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
+	}
+
+	// Now if we're an internal don't do anything else
 	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
@@ -326,6 +333,7 @@ Gitea or set your environment appropriately.`, "")
 		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
+		GitPushOptions:                  pushOptions(),
 	}
 	oldCommitIDs := make([]string, hookBatchSize)
 	newCommitIDs := make([]string, hookBatchSize)
@@ -438,3 +446,17 @@ func hookPrintResults(results []private.HookPostReceiveBranchResult) {
 		os.Stderr.Sync()
 	}
 }
+
+func pushOptions() map[string]string {
+	opts := make(map[string]string)
+	if pushCount, err := strconv.Atoi(os.Getenv(private.GitPushOptionCount)); err == nil {
+		for idx := 0; idx < pushCount; idx++ {
+			opt := os.Getenv(fmt.Sprintf("GIT_PUSH_OPTION_%d", idx))
+			kv := strings.SplitN(opt, "=", 2)
+			if len(kv) == 2 {
+				opts[kv[0]] = kv[1]
+			}
+		}
+	}
+	return opts
+}

cmd/mailer.go

@@ -0,0 +1,51 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+	"net/http"
+
+	"code.gitea.io/gitea/modules/private"
+	"code.gitea.io/gitea/modules/setting"
+	"github.com/urfave/cli"
+)
+
+func runSendMail(c *cli.Context) error {
+	setting.NewContext()
+
+	if err := argsSet(c, "title"); err != nil {
+		return err
+	}
+
+	subject := c.String("title")
+	confirmSkiped := c.Bool("force")
+	body := c.String("content")
+
+	if !confirmSkiped {
+		if len(body) == 0 {
+			fmt.Print("warning: Content is empty")
+		}
+
+		fmt.Print("Proceed with sending email? [Y/n] ")
+		isConfirmed, err := confirm()
+		if err != nil {
+			return err
+		} else if !isConfirmed {
+			fmt.Println("The mail was not sent")
+			return nil
+		}
+	}
+
+	status, message := private.SendEmail(subject, body, nil)
+	if status != http.StatusOK {
+		fmt.Printf("error: %s\n", message)
+		return nil
+	}
+
+	fmt.Printf("Success: %s\n", message)
+
+	return nil
+}

cmd/manager.go

@@ -10,6 +10,7 @@ import (
 	"os"
 	"time"
 
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 
 	"github.com/urfave/cli"
@@ -25,16 +26,27 @@ var (
 			subcmdShutdown,
 			subcmdRestart,
 			subcmdFlushQueues,
+			subcmdLogging,
 		},
 	}
 	subcmdShutdown = cli.Command{
-		Name:   "shutdown",
-		Usage:  "Gracefully shutdown the running process",
+		Name:  "shutdown",
+		Usage: "Gracefully shutdown the running process",
+		Flags: []cli.Flag{
+			cli.BoolFlag{
+				Name: "debug",
+			},
+		},
 		Action: runShutdown,
 	}
 	subcmdRestart = cli.Command{
-		Name:   "restart",
-		Usage:  "Gracefully restart the running process - (not implemented for windows servers)",
+		Name:  "restart",
+		Usage: "Gracefully restart the running process - (not implemented for windows servers)",
+		Flags: []cli.Flag{
+			cli.BoolFlag{
+				Name: "debug",
+			},
+		},
 		Action: runRestart,
 	}
 	subcmdFlushQueues = cli.Command{
@@ -46,17 +58,331 @@ var (
 				Name:  "timeout",
 				Value: 60 * time.Second,
 				Usage: "Timeout for the flushing process",
-			},
-			cli.BoolFlag{
+			}, cli.BoolFlag{
 				Name:  "non-blocking",
 				Usage: "Set to true to not wait for flush to complete before returning",
 			},
+			cli.BoolFlag{
+				Name: "debug",
+			},
+		},
+	}
+	defaultLoggingFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "group, g",
+			Usage: "Group to add logger to - will default to \"default\"",
+		}, cli.StringFlag{
+			Name:  "name, n",
+			Usage: "Name of the new logger - will default to mode",
+		}, cli.StringFlag{
+			Name:  "level, l",
+			Usage: "Logging level for the new logger",
+		}, cli.StringFlag{
+			Name:  "stacktrace-level, L",
+			Usage: "Stacktrace logging level",
+		}, cli.StringFlag{
+			Name:  "flags, F",
+			Usage: "Flags for the logger",
+		}, cli.StringFlag{
+			Name:  "expression, e",
+			Usage: "Matching expression for the logger",
+		}, cli.StringFlag{
+			Name:  "prefix, p",
+			Usage: "Prefix for the logger",
+		}, cli.BoolFlag{
+			Name:  "color",
+			Usage: "Use color in the logs",
+		}, cli.BoolFlag{
+			Name: "debug",
+		},
+	}
+	subcmdLogging = cli.Command{
+		Name:  "logging",
+		Usage: "Adjust logging commands",
+		Subcommands: []cli.Command{
+			{
+				Name:  "pause",
+				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					},
+				},
+				Action: runPauseLogging,
+			}, {
+				Name:  "resume",
+				Usage: "Resume logging",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					},
+				},
+				Action: runResumeLogging,
+			}, {
+				Name:  "release-and-reopen",
+				Usage: "Cause Gitea to release and re-open files used for logging",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					},
+				},
+				Action: runReleaseReopenLogging,
+			}, {
+				Name:      "remove",
+				Usage:     "Remove a logger",
+				ArgsUsage: "[name] Name of logger to remove",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					}, cli.StringFlag{
+						Name:  "group, g",
+						Usage: "Group to add logger to - will default to \"default\"",
+					},
+				},
+				Action: runRemoveLogger,
+			}, {
+				Name:  "add",
+				Usage: "Add a logger",
+				Subcommands: []cli.Command{
+					{
+						Name:  "console",
+						Usage: "Add a console logger",
+						Flags: append(defaultLoggingFlags,
+							cli.BoolFlag{
+								Name:  "stderr",
+								Usage: "Output console logs to stderr - only relevant for console",
+							}),
+						Action: runAddConsoleLogger,
+					}, {
+						Name:  "file",
+						Usage: "Add a file logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.StringFlag{
+								Name:  "filename, f",
+								Usage: "Filename for the logger - this must be set.",
+							}, cli.BoolTFlag{
+								Name:  "rotate, r",
+								Usage: "Rotate logs",
+							}, cli.Int64Flag{
+								Name:  "max-size, s",
+								Usage: "Maximum size in bytes before rotation",
+							}, cli.BoolTFlag{
+								Name:  "daily, d",
+								Usage: "Rotate logs daily",
+							}, cli.IntFlag{
+								Name:  "max-days, D",
+								Usage: "Maximum number of daily logs to keep",
+							}, cli.BoolTFlag{
+								Name:  "compress, z",
+								Usage: "Compress rotated logs",
+							}, cli.IntFlag{
+								Name:  "compression-level, Z",
+								Usage: "Compression level to use",
+							},
+						}...),
+						Action: runAddFileLogger,
+					}, {
+						Name:  "conn",
+						Usage: "Add a net conn logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.BoolFlag{
+								Name:  "reconnect-on-message, R",
+								Usage: "Reconnect to host for every message",
+							}, cli.BoolFlag{
+								Name:  "reconnect, r",
+								Usage: "Reconnect to host when connection is dropped",
+							}, cli.StringFlag{
+								Name:  "protocol, P",
+								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
+							}, cli.StringFlag{
+								Name:  "address, a",
+								Usage: "Host address and port to connect to (defaults to :7020)",
+							},
+						}...),
+						Action: runAddConnLogger,
+					}, {
+						Name:  "smtp",
+						Usage: "Add an SMTP logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.StringFlag{
+								Name:  "username, u",
+								Usage: "Mail server username",
+							}, cli.StringFlag{
+								Name:  "password, P",
+								Usage: "Mail server password",
+							}, cli.StringFlag{
+								Name:  "host, H",
+								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
+							}, cli.StringSliceFlag{
+								Name:  "send-to, s",
+								Usage: "Email address(es) to send to",
+							}, cli.StringFlag{
+								Name:  "subject, S",
+								Usage: "Subject header of sent emails",
+							},
+						}...),
+						Action: runAddSMTPLogger,
+					},
+				},
+			},
 		},
 	}
 )
 
+func runRemoveLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	group := c.String("group")
+	if len(group) == 0 {
+		group = log.DEFAULT
+	}
+	name := c.Args().First()
+	statusCode, msg := private.RemoveLogger(group, name)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runAddSMTPLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "smtp"
+	if c.IsSet("host") {
+		vals["host"] = c.String("host")
+	} else {
+		vals["host"] = "127.0.0.1:25"
+	}
+
+	if c.IsSet("username") {
+		vals["username"] = c.String("username")
+	}
+	if c.IsSet("password") {
+		vals["password"] = c.String("password")
+	}
+
+	if !c.IsSet("send-to") {
+		return fmt.Errorf("Some recipients must be provided")
+	}
+	vals["sendTos"] = c.StringSlice("send-to")
+
+	if c.IsSet("subject") {
+		vals["subject"] = c.String("subject")
+	} else {
+		vals["subject"] = "Diagnostic message from Gitea"
+	}
+
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddConnLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "conn"
+	vals["net"] = "tcp"
+	if c.IsSet("protocol") {
+		switch c.String("protocol") {
+		case "udp":
+			vals["net"] = "udp"
+		case "unix":
+			vals["net"] = "unix"
+		}
+	}
+	if c.IsSet("address") {
+		vals["address"] = c.String("address")
+	} else {
+		vals["address"] = ":7020"
+	}
+	if c.IsSet("reconnect") {
+		vals["reconnect"] = c.Bool("reconnect")
+	}
+	if c.IsSet("reconnect-on-message") {
+		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddFileLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "file"
+	if c.IsSet("filename") {
+		vals["filename"] = c.String("filename")
+	} else {
+		return fmt.Errorf("filename must be set when creating a file logger")
+	}
+	if c.IsSet("rotate") {
+		vals["rotate"] = c.Bool("rotate")
+	}
+	if c.IsSet("max-size") {
+		vals["maxsize"] = c.Int64("max-size")
+	}
+	if c.IsSet("daily") {
+		vals["daily"] = c.Bool("daily")
+	}
+	if c.IsSet("max-days") {
+		vals["maxdays"] = c.Int("max-days")
+	}
+	if c.IsSet("compress") {
+		vals["compress"] = c.Bool("compress")
+	}
+	if c.IsSet("compression-level") {
+		vals["compressionLevel"] = c.Int("compression-level")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddConsoleLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "console"
+	if c.IsSet("stderr") && c.Bool("stderr") {
+		vals["stderr"] = c.Bool("stderr")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
+	if len(c.String("level")) > 0 {
+		vals["level"] = log.FromString(c.String("level")).String()
+	}
+	if len(c.String("stacktrace-level")) > 0 {
+		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
+	}
+	if len(c.String("expression")) > 0 {
+		vals["expression"] = c.String("expression")
+	}
+	if len(c.String("prefix")) > 0 {
+		vals["prefix"] = c.String("prefix")
+	}
+	if len(c.String("flags")) > 0 {
+		vals["flags"] = log.FlagsFromString(c.String("flags"))
+	}
+	if c.IsSet("color") {
+		vals["colorize"] = c.Bool("color")
+	}
+	group := "default"
+	if c.IsSet("group") {
+		group = c.String("group")
+	}
+	name := mode
+	if c.IsSet("name") {
+		name = c.String("name")
+	}
+	statusCode, msg := private.AddLogger(group, name, mode, vals)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
 func runShutdown(c *cli.Context) error {
-	setup("manager", false)
+	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.Shutdown()
 	switch statusCode {
 	case http.StatusInternalServerError:
@@ -68,7 +394,7 @@ func runShutdown(c *cli.Context) error {
 }
 
 func runRestart(c *cli.Context) error {
-	setup("manager", false)
+	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.Restart()
 	switch statusCode {
 	case http.StatusInternalServerError:
@@ -80,7 +406,7 @@ func runRestart(c *cli.Context) error {
 }
 
 func runFlushQueues(c *cli.Context) error {
-	setup("manager", false)
+	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.FlushQueues(c.Duration("timeout"), c.Bool("non-blocking"))
 	switch statusCode {
 	case http.StatusInternalServerError:
@@ -90,3 +416,39 @@ func runFlushQueues(c *cli.Context) error {
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
+
+func runPauseLogging(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.PauseLogging()
+	switch statusCode {
+	case http.StatusInternalServerError:
+		fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runResumeLogging(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.ResumeLogging()
+	switch statusCode {
+	case http.StatusInternalServerError:
+		fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runReleaseReopenLogging(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.ReleaseReopenLogging()
+	switch statusCode {
+	case http.StatusInternalServerError:
+		fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}

cmd/migrate_storage.go

@@ -0,0 +1,190 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/migrations"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
+
+	"github.com/urfave/cli"
+)
+
+// CmdMigrateStorage represents the available migrate storage sub-command.
+var CmdMigrateStorage = cli.Command{
+	Name:        "migrate-storage",
+	Usage:       "Migrate the storage",
+	Description: "This is a command for migrating storage.",
+	Action:      runMigrateStorage,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "type, t",
+			Value: "",
+			Usage: "Kinds of files to migrate, currently only 'attachments' is supported",
+		},
+		cli.StringFlag{
+			Name:  "storage, s",
+			Value: "",
+			Usage: "New storage type: local (default) or minio",
+		},
+		cli.StringFlag{
+			Name:  "path, p",
+			Value: "",
+			Usage: "New storage placement if store is local (leave blank for default)",
+		},
+		cli.StringFlag{
+			Name:  "minio-endpoint",
+			Value: "",
+			Usage: "Minio storage endpoint",
+		},
+		cli.StringFlag{
+			Name:  "minio-access-key-id",
+			Value: "",
+			Usage: "Minio storage accessKeyID",
+		},
+		cli.StringFlag{
+			Name:  "minio-secret-access-key",
+			Value: "",
+			Usage: "Minio storage secretAccessKey",
+		},
+		cli.StringFlag{
+			Name:  "minio-bucket",
+			Value: "",
+			Usage: "Minio storage bucket",
+		},
+		cli.StringFlag{
+			Name:  "minio-location",
+			Value: "",
+			Usage: "Minio storage location to create bucket",
+		},
+		cli.StringFlag{
+			Name:  "minio-base-path",
+			Value: "",
+			Usage: "Minio storage basepath on the bucket",
+		},
+		cli.BoolFlag{
+			Name:  "minio-use-ssl",
+			Usage: "Enable SSL for minio",
+		},
+	},
+}
+
+func migrateAttachments(dstStorage storage.ObjectStorage) error {
+	return models.IterateAttachment(func(attach *models.Attachment) error {
+		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
+		return err
+	})
+}
+
+func migrateLFS(dstStorage storage.ObjectStorage) error {
+	return models.IterateLFS(func(mo *models.LFSMetaObject) error {
+		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
+		return err
+	})
+}
+
+func migrateAvatars(dstStorage storage.ObjectStorage) error {
+	return models.IterateUser(func(user *models.User) error {
+		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
+		return err
+	})
+}
+
+func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
+	return models.IterateRepository(func(repo *models.Repository) error {
+		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
+		return err
+	})
+}
+
+func runMigrateStorage(ctx *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	setting.InitDBConfig()
+
+	if err := models.NewEngine(context.Background(), migrations.Migrate); err != nil {
+		log.Fatal("Failed to initialize ORM engine: %v", err)
+		return err
+	}
+
+	goCtx := context.Background()
+
+	if err := storage.Init(); err != nil {
+		return err
+	}
+
+	var dstStorage storage.ObjectStorage
+	var err error
+	switch strings.ToLower(ctx.String("storage")) {
+	case "":
+		fallthrough
+	case string(storage.LocalStorageType):
+		p := ctx.String("path")
+		if p == "" {
+			log.Fatal("Path must be given when storage is loal")
+			return nil
+		}
+		dstStorage, err = storage.NewLocalStorage(
+			goCtx,
+			storage.LocalStorageConfig{
+				Path: p,
+			})
+	case string(storage.MinioStorageType):
+		dstStorage, err = storage.NewMinioStorage(
+			goCtx,
+			storage.MinioStorageConfig{
+				Endpoint:        ctx.String("minio-endpoint"),
+				AccessKeyID:     ctx.String("minio-access-key-id"),
+				SecretAccessKey: ctx.String("minio-secret-access-key"),
+				Bucket:          ctx.String("minio-bucket"),
+				Location:        ctx.String("minio-location"),
+				BasePath:        ctx.String("minio-base-path"),
+				UseSSL:          ctx.Bool("minio-use-ssl"),
+			})
+	default:
+		return fmt.Errorf("Unsupported storage type: %s", ctx.String("storage"))
+	}
+	if err != nil {
+		return err
+	}
+
+	tp := strings.ToLower(ctx.String("type"))
+	switch tp {
+	case "attachments":
+		if err := migrateAttachments(dstStorage); err != nil {
+			return err
+		}
+	case "lfs":
+		if err := migrateLFS(dstStorage); err != nil {
+			return err
+		}
+	case "avatars":
+		if err := migrateAvatars(dstStorage); err != nil {
+			return err
+		}
+	case "repo-avatars":
+		if err := migrateRepoAvatars(dstStorage); err != nil {
+			return err
+		}
+	default:
+		return fmt.Errorf("Unsupported storage: %s", ctx.String("type"))
+	}
+
+	log.Warn("All files have been copied to the new placement but old files are still on the orignial placement.")
+
+	return nil
+}

cmd/restore_repo.go

@@ -0,0 +1,119 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"context"
+	"strings"
+
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/migrations"
+	"code.gitea.io/gitea/modules/migrations/base"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
+	pull_service "code.gitea.io/gitea/services/pull"
+
+	"github.com/urfave/cli"
+)
+
+// CmdRestoreRepository represents the available restore a repository sub-command.
+var CmdRestoreRepository = cli.Command{
+	Name:        "restore-repo",
+	Usage:       "Restore the repository from disk",
+	Description: "This is a command for restoring the repository data.",
+	Action:      runRestoreRepository,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "repo_dir, r",
+			Value: "./data",
+			Usage: "Repository dir path to restore from",
+		},
+		cli.StringFlag{
+			Name:  "owner_name",
+			Value: "",
+			Usage: "Restore destination owner name",
+		},
+		cli.StringFlag{
+			Name:  "repo_name",
+			Value: "",
+			Usage: "Restore destination repository name",
+		},
+		cli.StringFlag{
+			Name:  "units",
+			Value: "",
+			Usage: `Which items will be restored, one or more units should be separated as comma. 
+wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
+		},
+	},
+}
+
+func runRestoreRepository(ctx *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	setting.InitDBConfig()
+
+	if err := storage.Init(); err != nil {
+		return err
+	}
+
+	if err := pull_service.Init(); err != nil {
+		return err
+	}
+
+	var opts = base.MigrateOptions{
+		RepoName: ctx.String("repo_name"),
+	}
+
+	if len(ctx.String("units")) == 0 {
+		opts.Wiki = true
+		opts.Issues = true
+		opts.Milestones = true
+		opts.Labels = true
+		opts.Releases = true
+		opts.Comments = true
+		opts.PullRequests = true
+		opts.ReleaseAssets = true
+	} else {
+		units := strings.Split(ctx.String("units"), ",")
+		for _, unit := range units {
+			switch strings.ToLower(unit) {
+			case "wiki":
+				opts.Wiki = true
+			case "issues":
+				opts.Issues = true
+			case "milestones":
+				opts.Milestones = true
+			case "labels":
+				opts.Labels = true
+			case "releases":
+				opts.Releases = true
+			case "release_assets":
+				opts.ReleaseAssets = true
+			case "comments":
+				opts.Comments = true
+			case "pull_requests":
+				opts.PullRequests = true
+			}
+		}
+	}
+
+	if err := migrations.RestoreRepository(
+		context.Background(),
+		ctx.String("repo_dir"),
+		ctx.String("owner_name"),
+		ctx.String("repo_name"),
+	); err != nil {
+		log.Fatal("Failed to restore repository: %v", err)
+		return err
+	}
+
+	return nil
+}

cmd/serv.go

@@ -6,7 +6,6 @@
 package cmd
 
 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -25,7 +24,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/dgrijalva/jwt-go"
-	"github.com/unknwon/com"
+	jsoniter "github.com/json-iterator/go"
+	"github.com/kballard/go-shellquote"
 	"github.com/urfave/cli"
 )
 
@@ -50,23 +50,18 @@ var CmdServ = cli.Command{
 }
 
 func setup(logPath string, debug bool) {
-	if !debug {
-		_ = log.DelLogger("console")
+	_ = log.DelLogger("console")
+	if debug {
+		_ = log.NewLogger(1000, "console", "console", `{"level":"trace","stacktracelevel":"NONE","stderr":true}`)
+	} else {
+		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
 	}
 	setting.NewContext()
 	if debug {
-		setting.ProdMode = false
+		setting.RunMode = "dev"
 	}
 }
 
-func parseCmd(cmd string) (string, string) {
-	ss := strings.SplitN(cmd, " ", 2)
-	if len(ss) != 2 {
-		return "", ""
-	}
-	return ss[0], strings.Replace(ss[1], "'/", "'", 1)
-}
-
 var (
 	allowedCommands = map[string]models.AccessMode{
 		"git-upload-pack":    models.AccessModeRead,
@@ -81,7 +76,7 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 	fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
 
 	if len(logMessage) > 0 {
-		if !setting.ProdMode {
+		if !setting.IsProd() {
 			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
 	}
@@ -109,7 +104,10 @@ func runServ(c *cli.Context) error {
 	if len(keys) != 2 || keys[0] != "key" {
 		fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
 	}
-	keyID := com.StrTo(keys[1]).MustInt64()
+	keyID, err := strconv.ParseInt(keys[1], 10, 64)
+	if err != nil {
+		fail("Key ID format error", "Invalid key argument: %s", c.Args()[1])
+	}
 
 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
 	if len(cmd) == 0 {
@@ -117,16 +115,34 @@ func runServ(c *cli.Context) error {
 		if err != nil {
 			fail("Internal error", "Failed to check provided key: %v", err)
 		}
-		if key.Type == models.KeyTypeDeploy {
+		switch key.Type {
+		case models.KeyTypeDeploy:
 			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
-		} else {
+		case models.KeyTypePrincipal:
+			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
+		default:
 			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
 		}
 		println("If this is unexpected, please log in with password and setup Gitea under another user.")
 		return nil
+	} else if c.Bool("debug") {
+		log.Debug("SSH_ORIGINAL_COMMAND: %s", os.Getenv("SSH_ORIGINAL_COMMAND"))
 	}
 
-	verb, args := parseCmd(cmd)
+	words, err := shellquote.Split(cmd)
+	if err != nil {
+		fail("Error parsing arguments", "Failed to parse arguments: %v", err)
+	}
+
+	if len(words) < 2 {
+		fail("Too few arguments", "Too few arguments in cmd: %s", cmd)
+	}
+
+	verb := words[0]
+	repoPath := words[1]
+	if repoPath[0] == '/' {
+		repoPath = repoPath[1:]
+	}
 
 	var lfsVerb string
 	if verb == lfsAuthenticateVerb {
@@ -134,17 +150,17 @@ func runServ(c *cli.Context) error {
 			fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
 		}
 
-		argsSplit := strings.Split(args, " ")
-		if len(argsSplit) >= 2 {
-			args = strings.TrimSpace(argsSplit[0])
-			lfsVerb = strings.TrimSpace(argsSplit[1])
+		if len(words) > 2 {
+			lfsVerb = words[2]
 		}
 	}
 
-	repoPath := strings.ToLower(strings.Trim(args, "'"))
+	// LowerCase and trim the repoPath as that's how they are stored.
+	repoPath = strings.ToLower(strings.TrimSpace(repoPath))
+
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
-		fail("Invalid repository path", "Invalid repository path: %v", args)
+		fail("Invalid repository path", "Invalid repository path: %v", repoPath)
 	}
 
 	username := strings.ToLower(rr[0])
@@ -203,11 +219,13 @@ func runServ(c *cli.Context) error {
 	os.Setenv(models.EnvRepoName, results.RepoName)
 	os.Setenv(models.EnvRepoUsername, results.OwnerName)
 	os.Setenv(models.EnvPusherName, results.UserName)
+	os.Setenv(models.EnvPusherEmail, results.UserEmail)
 	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
-	os.Setenv(models.ProtectedBranchRepoID, strconv.FormatInt(results.RepoID, 10))
-	os.Setenv(models.ProtectedBranchPRID, fmt.Sprintf("%d", 0))
+	os.Setenv(models.EnvRepoID, strconv.FormatInt(results.RepoID, 10))
+	os.Setenv(models.EnvPRID, fmt.Sprintf("%d", 0))
 	os.Setenv(models.EnvIsDeployKey, fmt.Sprintf("%t", results.IsDeployKey))
 	os.Setenv(models.EnvKeyID, fmt.Sprintf("%d", results.KeyID))
+	os.Setenv(models.EnvAppURL, setting.AppURL)
 
 	//LFS token authentication
 	if verb == lfsAuthenticateVerb {
@@ -237,6 +255,7 @@ func runServ(c *cli.Context) error {
 		}
 		tokenAuthentication.Header["Authorization"] = fmt.Sprintf("Bearer %s", tokenString)
 
+		json := jsoniter.ConfigCompatibleWithStandardLibrary
 		enc := json.NewEncoder(os.Stdout)
 		err = enc.Encode(tokenAuthentication)
 		if err != nil {

cmd/web.go

@@ -7,6 +7,7 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"net"
 	"net/http"
 	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
 	"os"
@@ -15,13 +16,12 @@ import (
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/routes"
 
 	context2 "github.com/gorilla/context"
-	"github.com/unknwon/com"
 	"github.com/urfave/cli"
-	"golang.org/x/crypto/acme/autocert"
 	ini "gopkg.in/ini.v1"
 )
 
@@ -38,9 +38,14 @@ and it takes care of all the other things for you`,
 			Value: "3000",
 			Usage: "Temporary port number to prevent conflict",
 		},
+		cli.StringFlag{
+			Name:  "install-port",
+			Value: "3000",
+			Usage: "Temporary port number to run the install page on to prevent conflict",
+		},
 		cli.StringFlag{
 			Name:  "pid, P",
-			Value: "/var/run/gitea.pid",
+			Value: setting.PIDFile,
 			Usage: "Custom pid file path",
 		},
 	},
@@ -59,43 +64,13 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})
 
-	var err = runHTTP("tcp", source, context2.ClearHandler(handler))
+	var err = runHTTP("tcp", source, "HTTP Redirector", context2.ClearHandler(handler))
 
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
 	}
 }
 
-func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
-	certManager := autocert.Manager{
-		Prompt:     autocert.AcceptTOS,
-		HostPolicy: autocert.HostWhitelist(domain),
-		Cache:      autocert.DirCache(directory),
-		Email:      email,
-	}
-	go func() {
-		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
-		// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-		var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
-		if err != nil {
-			log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
-		}
-	}()
-	return runHTTPSWithTLSConfig("tcp", listenAddr, certManager.TLSConfig(), context2.ClearHandler(m))
-}
-
-func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" && r.Method != "HEAD" {
-		http.Error(w, "Use HTTPS", http.StatusBadRequest)
-		return
-	}
-	// Remove the trailing slash at the end of setting.AppURL, the request
-	// URI always contains a leading slash, which would result in a double
-	// slash
-	target := strings.TrimRight(setting.AppURL, "/") + r.URL.RequestURI()
-	http.Redirect(w, r, target, http.StatusFound)
-}
-
 func runWeb(ctx *cli.Context) error {
 	managerCtx, cancel := context.WithCancel(context.Background())
 	graceful.InitManager(managerCtx)
@@ -109,59 +84,36 @@ func runWeb(ctx *cli.Context) error {
 
 	// Set pid file setting
 	if ctx.IsSet("pid") {
-		setting.CustomPID = ctx.String("pid")
+		setting.PIDFile = ctx.String("pid")
+		setting.WritePIDFile = true
 	}
 
-	// Perform global initialization
-	routers.GlobalInit(graceful.GetManager().HammerContext())
-
-	// Set up Macaron
-	m := routes.NewMacaron()
-	routes.RegisterRoutes(m)
-
-	// Flag for port number in case first time run conflict.
-	if ctx.IsSet("port") {
-		setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, ctx.String("port"), 1)
-		setting.HTTPPort = ctx.String("port")
-
-		switch setting.Protocol {
-		case setting.UnixSocket:
-		case setting.FCGI:
-		case setting.FCGIUnix:
-		default:
-			// Save LOCAL_ROOT_URL if port changed
-			cfg := ini.Empty()
-			if com.IsFile(setting.CustomConf) {
-				// Keeps custom settings if there is already something.
-				if err := cfg.Append(setting.CustomConf); err != nil {
-					return fmt.Errorf("Failed to load custom conf '%s': %v", setting.CustomConf, err)
-				}
-			}
-
-			defaultLocalURL := string(setting.Protocol) + "://"
-			if setting.HTTPAddr == "0.0.0.0" {
-				defaultLocalURL += "localhost"
-			} else {
-				defaultLocalURL += setting.HTTPAddr
-			}
-			defaultLocalURL += ":" + setting.HTTPPort + "/"
-
-			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
-
-			if err := cfg.SaveTo(setting.CustomConf); err != nil {
-				return fmt.Errorf("Error saving generated JWT Secret to custom config: %v", err)
+	// Perform pre-initialization
+	needsInstall := routers.PreInstallInit(graceful.GetManager().HammerContext())
+	if needsInstall {
+		// Flag for port number in case first time run conflict
+		if ctx.IsSet("port") {
+			if err := setPort(ctx.String("port")); err != nil {
+				return err
 			}
 		}
-	}
-
-	listenAddr := setting.HTTPAddr
-	if setting.Protocol != setting.UnixSocket && setting.Protocol != setting.FCGIUnix {
-		listenAddr += ":" + setting.HTTPPort
-	}
-	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
-
-	if setting.LFS.StartServer {
-		log.Info("LFS server enabled")
+		if ctx.IsSet("install-port") {
+			if err := setPort(ctx.String("install-port")); err != nil {
+				return err
+			}
+		}
+		c := routes.InstallRoutes()
+		err := listen(c, false)
+		select {
+		case <-graceful.GetManager().IsShutdown():
+			<-graceful.GetManager().Done()
+			log.Info("PID: %d Gitea Web Finished", os.Getpid())
+			log.Close()
+			return err
+		default:
+		}
+	} else {
+		NoInstallListener()
 	}
 
 	if setting.EnablePprof {
@@ -171,31 +123,110 @@ func runWeb(ctx *cli.Context) error {
 		}()
 	}
 
+	log.Info("Global init")
+	// Perform global initialization
+	routers.GlobalInit(graceful.GetManager().HammerContext())
+
+	// Override the provided port number within the configuration
+	if ctx.IsSet("port") {
+		if err := setPort(ctx.String("port")); err != nil {
+			return err
+		}
+	}
+
+	// Set up Chi routes
+	c := routes.NormalRoutes()
+	err := listen(c, true)
+	<-graceful.GetManager().Done()
+	log.Info("PID: %d Gitea Web Finished", os.Getpid())
+	log.Close()
+	return err
+}
+
+func setPort(port string) error {
+	setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, port, 1)
+	setting.HTTPPort = port
+
+	switch setting.Protocol {
+	case setting.UnixSocket:
+	case setting.FCGI:
+	case setting.FCGIUnix:
+	default:
+		// Save LOCAL_ROOT_URL if port changed
+		cfg := ini.Empty()
+		isFile, err := util.IsFile(setting.CustomConf)
+		if err != nil {
+			log.Fatal("Unable to check if %s is a file", err)
+		}
+		if isFile {
+			// Keeps custom settings if there is already something.
+			if err := cfg.Append(setting.CustomConf); err != nil {
+				return fmt.Errorf("Failed to load custom conf '%s': %v", setting.CustomConf, err)
+			}
+		}
+
+		defaultLocalURL := string(setting.Protocol) + "://"
+		if setting.HTTPAddr == "0.0.0.0" {
+			defaultLocalURL += "localhost"
+		} else {
+			defaultLocalURL += setting.HTTPAddr
+		}
+		defaultLocalURL += ":" + setting.HTTPPort + "/"
+
+		cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
+		if err := cfg.SaveTo(setting.CustomConf); err != nil {
+			return fmt.Errorf("Error saving generated JWT Secret to custom config: %v", err)
+		}
+	}
+	return nil
+}
+
+func listen(m http.Handler, handleRedirector bool) error {
+	listenAddr := setting.HTTPAddr
+	if setting.Protocol != setting.UnixSocket && setting.Protocol != setting.FCGIUnix {
+		listenAddr = net.JoinHostPort(listenAddr, setting.HTTPPort)
+	}
+	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
+
+	if setting.LFS.StartServer {
+		log.Info("LFS server enabled")
+	}
+
 	var err error
 	switch setting.Protocol {
 	case setting.HTTP:
-		NoHTTPRedirector()
-		err = runHTTP("tcp", listenAddr, context2.ClearHandler(m))
+		if handleRedirector {
+			NoHTTPRedirector()
+		}
+		err = runHTTP("tcp", listenAddr, "Web", context2.ClearHandler(m))
 	case setting.HTTPS:
 		if setting.EnableLetsEncrypt {
 			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
 			break
 		}
-		if setting.RedirectOtherPort {
-			go runHTTPRedirector()
-		} else {
+		if handleRedirector {
+			if setting.RedirectOtherPort {
+				go runHTTPRedirector()
+			} else {
+				NoHTTPRedirector()
+			}
+		}
+		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
+	case setting.FCGI:
+		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTPS("tcp", listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
-	case setting.FCGI:
-		NoHTTPRedirector()
-		err = runFCGI("tcp", listenAddr, context2.ClearHandler(m))
+		err = runFCGI("tcp", listenAddr, "FCGI Web", context2.ClearHandler(m))
 	case setting.UnixSocket:
-		NoHTTPRedirector()
-		err = runHTTP("unix", listenAddr, context2.ClearHandler(m))
+		if handleRedirector {
+			NoHTTPRedirector()
+		}
+		err = runHTTP("unix", listenAddr, "Web", context2.ClearHandler(m))
 	case setting.FCGIUnix:
-		NoHTTPRedirector()
-		err = runFCGI("unix", listenAddr, context2.ClearHandler(m))
+		if handleRedirector {
+			NoHTTPRedirector()
+		}
+		err = runFCGI("unix", listenAddr, "Web", context2.ClearHandler(m))
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}
@@ -204,8 +235,5 @@ func runWeb(ctx *cli.Context) error {
 		log.Critical("Failed to start server: %v", err)
 	}
 	log.Info("HTTP Listener: %s Closed", listenAddr)
-	<-graceful.GetManager().Done()
-	log.Info("PID: %d Gitea Web Finished", os.Getpid())
-	log.Close()
-	return nil
+	return err
 }

cmd/web_graceful.go

@@ -9,21 +9,23 @@ import (
 	"net"
 	"net/http"
 	"net/http/fcgi"
+	"strings"
 
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
 )
 
-func runHTTP(network, listenAddr string, m http.Handler) error {
-	return graceful.HTTPListenAndServe(network, listenAddr, m)
+func runHTTP(network, listenAddr, name string, m http.Handler) error {
+	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
 }
 
-func runHTTPS(network, listenAddr, certFile, keyFile string, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLS(network, listenAddr, certFile, keyFile, m)
+func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLS(network, listenAddr, name, certFile, keyFile, m)
 }
 
-func runHTTPSWithTLSConfig(network, listenAddr string, tlsConfig *tls.Config, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, tlsConfig, m)
+func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
 
 // NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
@@ -37,12 +39,23 @@ func NoMainListener() {
 	graceful.GetManager().InformCleanup()
 }
 
-func runFCGI(network, listenAddr string, m http.Handler) error {
+// NoInstallListener tells our cleanup routine that we will not be using a possibly provided listener
+// for our install HTTP/HTTPS service
+func NoInstallListener() {
+	graceful.GetManager().InformCleanup()
+}
+
+func runFCGI(network, listenAddr, name string, m http.Handler) error {
 	// This needs to handle stdin as fcgi point
-	fcgiServer := graceful.NewServer(network, listenAddr)
+	fcgiServer := graceful.NewServer(network, listenAddr, name)
 
 	err := fcgiServer.ListenAndServe(func(listener net.Listener) error {
-		return fcgi.Serve(listener, m)
+		return fcgi.Serve(listener, http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+			if setting.AppSubURL != "" {
+				req.URL.Path = strings.TrimPrefix(req.URL.Path, setting.AppSubURL)
+			}
+			m.ServeHTTP(resp, req)
+		}))
 	})
 	if err != nil {
 		log.Fatal("Failed to start FCGI main server: %v", err)

cmd/web_letsencrypt.go

@@ -0,0 +1,69 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/caddyserver/certmagic"
+	context2 "github.com/gorilla/context"
+)
+
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
+
+	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
+	// Due to docker port mapping this can't be checked programatically
+	// TODO: these are placeholders until we add options for each in settings with appropriate warning
+	enableHTTPChallenge := true
+	enableTLSALPNChallenge := true
+
+	magic := certmagic.NewDefault()
+	magic.Storage = &certmagic.FileStorage{Path: directory}
+	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
+		Email:                   email,
+		Agreed:                  setting.LetsEncryptTOS,
+		DisableHTTPChallenge:    !enableHTTPChallenge,
+		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
+	})
+
+	magic.Issuer = myACME
+
+	// this obtains certificates or renews them if necessary
+	err := magic.ManageSync([]string{domain})
+	if err != nil {
+		return err
+	}
+
+	tlsConfig := magic.TLSConfig()
+
+	if enableHTTPChallenge {
+		go func() {
+			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
+			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
+			if err != nil {
+				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
+			}
+		}()
+	}
+
+	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, context2.ClearHandler(m))
+}
+
+func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
+	}
+	// Remove the trailing slash at the end of setting.AppURL, the request
+	// URI always contains a leading slash, which would result in a double
+	// slash
+	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}

contrib/environment-to-ini/README

@@ -22,11 +22,13 @@ The environment variables should be of the form:
 
 	GITEA__SECTION_NAME__KEY_NAME
 
+Note, SECTION_NAME in the notation above is case-insensitive.
+
 Environment variables are usually restricted to a reduced character
 set "0-9A-Z_" - in order to allow the setting of sections with
 characters outside of that set, they should be escaped as following:
-"_0X2E_" for ".". The entire section and key names can be escaped as
-a UTF8 byte string if necessary. E.g. to configure:
+"_0X2E_" for "." and "_0X2D_" for "-". The entire section and key names 
+can be escaped as a UTF8 byte string if necessary. E.g. to configure:
 
 	"""
 	...
@@ -40,27 +42,6 @@ You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=fals
 and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
 on the configuration cheat sheet.
 
-To plug this command in to the docker, you simply compile the provided go file using:
-
-	go build environment-to-ini.go
-
-And copy the resulting `environment-to-ini` command to /app/gitea in the docker.
-
-Apply the below patch to /etc/s6/gitea.setup to wire this in.
-
-If you find this useful please comment on #7287
-
-
-diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup
-index f87ce9115..565bfcba9 100755
---- a/docker/root/etc/s6/gitea/setup
-+++ b/docker/root/etc/s6/gitea/setup
-@@ -44,6 +44,8 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
-     SECRET_KEY=${SECRET_KEY:-""} \
-     envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini
-
-+    /app/gitea/environment-to-ini -c ${GITEA_CUSTOM}/conf/app.ini
-+
-     chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
- fi
+To build locally, run:
 
+	go build contrib/environment-to-ini/environment-to-ini.go

contrib/environment-to-ini/environment-to-ini.go

@@ -12,8 +12,8 @@ import (
 
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 
-	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 	ini "gopkg.in/ini.v1"
 )
@@ -97,7 +97,11 @@ func runEnvironmentToIni(c *cli.Context) error {
 	setting.SetCustomPathAndConf(providedCustom, providedConf, providedWorkPath)
 
 	cfg := ini.Empty()
-	if com.IsFile(setting.CustomConf) {
+	isFile, err := util.IsFile(setting.CustomConf)
+	if err != nil {
+		log.Fatal("Unable to check if %s is a file. Error: %v", setting.CustomConf, err)
+	}
+	if isFile {
 		if err := cfg.Append(setting.CustomConf); err != nil {
 			log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err)
 		}
@@ -145,7 +149,7 @@ func runEnvironmentToIni(c *cli.Context) error {
 	if len(destination) == 0 {
 		destination = setting.CustomConf
 	}
-	err := cfg.SaveTo(destination)
+	err = cfg.SaveTo(destination)
 	if err != nil {
 		return err
 	}
@@ -220,5 +224,6 @@ func DecodeSectionKey(encoded string) (string, string) {
 	} else {
 		key += remaining
 	}
+	section = strings.ToLower(section)
 	return section, key
 }

contrib/ide/vscode/launch.json

@@ -19,7 +19,7 @@
       "type": "go",
       "request": "launch",
       "mode": "debug",
-      "buildFlags": "-tags=\"sqlite sqlite_unlock_notify\"",
+      "buildFlags": "-tags='sqlite sqlite_unlock_notify'",
       "port": 2345,
       "host": "127.0.0.1",
       "program": "${workspaceRoot}/main.go",

contrib/ide/vscode/settings.json

@@ -0,0 +1,4 @@
+{
+    "go.buildTags": "'sqlite sqlite_unlock_notify'",
+    "go.testFlags": ["-v"]
+}

contrib/ide/vscode/tasks.json

@@ -12,15 +12,14 @@
         "focus": false,
         "panel": "shared"
       },
-      "args": ["build"],
       "linux": {
-        "args": [ "-o", "gitea", "${workspaceRoot}/main.go" ]
+        "args": ["build", "-o", "gitea", "${workspaceRoot}/main.go" ]
       },
       "osx": {
-        "args": [ "-o", "gitea", "${workspaceRoot}/main.go" ]
+        "args": ["build", "-o", "gitea", "${workspaceRoot}/main.go" ]
       },
       "windows": {
-        "args": [ "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
+        "args": ["build", "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
       },
       "problemMatcher": ["$go"]
     },
@@ -35,15 +34,14 @@
         "focus": false,
         "panel": "shared"
       },
-      "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\""],
       "linux": {
-        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
+        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea", "${workspaceRoot}/main.go"]
       },
       "osx": {
-        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
+        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea", "${workspaceRoot}/main.go"]
       },
       "windows": {
-        "args": ["-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
+        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
       },
       "problemMatcher": ["$go"]
     }

contrib/init/debian/gitea

@@ -18,7 +18,7 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
 DESC="Gitea - Git with a cup of tea"
 NAME=gitea
 SERVICEVERBOSE=yes
-PIDFILE=/var/run/$NAME.pid
+PIDFILE=/run/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 WORKINGDIR=/var/lib/$NAME
 DAEMON=/usr/local/bin/$NAME

contrib/init/gentoo/gitea

@@ -7,7 +7,7 @@ start_stop_daemon_args="--user ${USER} --chdir ${DIR}"
 command="/usr/local/bin/gitea"
 command_args="web -c /etc/gitea/app.ini"
 command_background=yes
-pidfile=/var/run/gitea.pid
+pidfile=/run/gitea.pid
 
 depend()
 {

contrib/init/suse/gitea

@@ -93,7 +93,7 @@ case "$1" in
 
 		# Return value is slightly different for the status command:
 		# 0 - service up and running
-		# 1 - service dead, but /var/run/  pid  file exists
+		# 1 - service dead, but /run/  pid  file exists
 		# 2 - service dead, but /var/lock/ lock file exists
 		# 3 - service not running (unused)
 		# 4 - service status unknown :-(

contrib/k8s/gitea.yml

@@ -1,107 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: gitea
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gitea
-  namespace: gitea
-  labels:
-    app: gitea
-spec:
-  replicas: 1
-  template:
-    metadata:
-      name: gitea
-      labels:
-        app: gitea
-    spec:
-      containers:
-      - name: gitea
-        image: gitea/gitea:latest
-        imagePullPolicy: Always
-        volumeMounts:
-          - mountPath: "/var/lib/gitea"
-            name: "root"
-          - mountPath: "/data"
-            name: "data"
-        ports:
-          - containerPort: 22
-            name: ssh
-            protocol: TCP
-          - containerPort: 3000
-            name: http
-            protocol: TCP
-      restartPolicy: Always
-      volumes:
-        # Set up a data directory for gitea
-        # For production usage, you should consider using PV/PVC instead(or simply using storage like NAS)
-        # For more details, please see https://kubernetes.io/docs/concepts/storage/volumes/
-      - name: "root"
-        hostPath:
-          # directory location on host
-          path: "/var/lib/gitea"
-          # this field is optional
-          type: Directory
-      - name: "data"
-        hostPath:
-          path: "/data/gitea"
-          type: Directory
-  selector:
-    matchLabels:
-      app: gitea
----
-# Using cluster mode
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea-web
-  namespace: gitea
-  labels:
-    app: gitea-web
-spec:
-  ports:
-  - port: 80
-    targetPort: 3000
-    name: http
-  selector:
-    app: gitea
----
-# Using node-port mode
-# This mainly open a specific TCP port for SSH usage on each host,
-# so you can use a proxy layer to handle it(e.g. slb, nginx)
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea-ssh
-  namespace: gitea
-  labels:
-    app: gitea-ssh
-spec:
-  ports:
-  - port: 22
-    targetPort: 22
-    nodePort: 30022
-    name: ssh
-  selector:
-    app: gitea
-  type: NodePort
----
-# Ingress is always suitable for HTTP usage,
-# we suggest using an proxy layer such as slb to send traffic to different ports.
-# Usually 80/443 for web and 22 directly for SSH.
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: gitea
-  namespace: gitea
-spec:
-  rules:
-  - host: your-gitea-host.com
-    http:
-      paths:
-      - backend:
-          serviceName: gitea-web
-          servicePort: 80

contrib/pr/checkout.go

@@ -29,6 +29,7 @@ import (
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/external"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/routes"
 
@@ -36,7 +37,6 @@ import (
 	"github.com/go-git/go-git/v5/config"
 	"github.com/go-git/go-git/v5/plumbing"
 	context2 "github.com/gorilla/context"
-	"github.com/unknwon/com"
 	"xorm.io/xorm"
 )
 
@@ -108,16 +108,15 @@ func runPR() {
 		os.Exit(1)
 	}
 	models.LoadFixtures()
-	os.RemoveAll(setting.RepoRootPath)
-	os.RemoveAll(models.LocalCopyPath())
-	com.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
+	util.RemoveAll(setting.RepoRootPath)
+	util.RemoveAll(models.LocalCopyPath())
+	util.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
 
 	log.Printf("[PR] Setting up router\n")
 	//routers.GlobalInit()
 	external.RegisterParsers()
 	markup.Init()
-	m := routes.NewMacaron()
-	routes.RegisterRoutes(m)
+	c := routes.NormalRoutes()
 
 	log.Printf("[PR] Ready for testing !\n")
 	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
@@ -137,24 +136,24 @@ func runPR() {
 	*/
 
 	//Start the server
-	http.ListenAndServe(":8080", context2.ClearHandler(m))
+	http.ListenAndServe(":8080", context2.ClearHandler(c))
 
 	log.Printf("[PR] Cleaning up ...\n")
 	/*
-		if err = os.RemoveAll(setting.Indexer.IssuePath); err != nil {
-			fmt.Printf("os.RemoveAll: %v\n", err)
+		if err = util.RemoveAll(setting.Indexer.IssuePath); err != nil {
+			fmt.Printf("util.RemoveAll: %v\n", err)
 			os.Exit(1)
 		}
-		if err = os.RemoveAll(setting.Indexer.RepoPath); err != nil {
+		if err = util.RemoveAll(setting.Indexer.RepoPath); err != nil {
 			fmt.Printf("Unable to remove repo indexer: %v\n", err)
 			os.Exit(1)
 		}
 	*/
-	if err = os.RemoveAll(setting.RepoRootPath); err != nil {
-		log.Fatalf("os.RemoveAll: %v\n", err)
+	if err = util.RemoveAll(setting.RepoRootPath); err != nil {
+		log.Fatalf("util.RemoveAll: %v\n", err)
 	}
-	if err = os.RemoveAll(setting.AppDataPath); err != nil {
-		log.Fatalf("os.RemoveAll: %v\n", err)
+	if err = util.RemoveAll(setting.AppDataPath); err != nil {
+		log.Fatalf("util.RemoveAll: %v\n", err)
 	}
 }
 
@@ -198,7 +197,9 @@ func main() {
 	}
 	remoteUpstream := "origin" //Default
 	for _, r := range remotes {
-		if r.Config().URLs[0] == "https://github.com/go-gitea/gitea" || r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { //fetch at index 0
+		if r.Config().URLs[0] == "https://github.com/go-gitea/gitea.git" ||
+			r.Config().URLs[0] == "https://github.com/go-gitea/gitea" ||
+			r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { //fetch at index 0
 			remoteUpstream = r.Config().Name
 			break
 		}

contrib/systemd/gitea.service

@@ -57,6 +57,12 @@ WorkingDirectory=/var/lib/gitea/
 ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
 Restart=always
 Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+# If you install Git to directory prefix other than default PATH (which happens
+# for example if you install other versions of Git side-to-side with
+# distribution version), uncomment below line and add that prefix to PATH
+# Don't forget to place git-lfs binary on the PATH below if you want to enable
+# Git LFS support
+#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
 # If you want to bind Gitea to a port below 1024, uncomment
 # the two values below, or use socket activation to pass Gitea its ports as above
 ###

custom/conf/app.example.ini

@@ -1,6 +1,8 @@
 ; This file lists the default values used by Gitea
 ; Copy required sections to your own app.ini (default is custom/conf/app.ini)
 ; and modify as needed.
+; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes.
+; If you don't know what a setting is you should not set it.
 
 ; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
 
@@ -8,23 +10,32 @@
 APP_NAME = Gitea: Git with a cup of tea
 ; Change it if you run locally
 RUN_USER = git
-; Either "dev", "prod" or "test", default is "dev"
-RUN_MODE = dev
+; Application run mode, affects performance and debugging. Either "dev", "prod" or "test", default is "prod"
+RUN_MODE = prod
+
+[project]
+; Default templates for project boards
+PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done
+PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed
 
 [repository]
+; Root path for storing all repository data. It must be an absolute path. By default it is stored in a sub-directory of `APP_DATA_PATH`.
 ROOT =
+; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
 SCRIPT_TYPE = bash
 ; DETECTED_CHARSETS_ORDER tie-break order for detected charsets.
 ; If the charsets have equal confidence, tie-breaking will be done by order in this list
 ; with charsets earlier in the list chosen in preference to those later.
 ; Adding "defaults" will place the unused charsets at that position.
-DETECTED_CHARSETS_ORDER=UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr
+DETECTED_CHARSETS_ORDER = UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr
 ; Default ANSI charset to override non-UTF-8 charsets to
 ANSI_CHARSET =
 ; Force every new repository to be private
 FORCE_PRIVATE = false
 ; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
 DEFAULT_PRIVATE = last
+; Default private when using push-to-create
+DEFAULT_PUSH_CREATE_PRIVATE = true
 ; Global limit of repositories per user, applied at creation time. -1 means no limit
 MAX_CREATION_LIMIT = -1
 ; Mirror sync queue length, increase if mirror syncing starts hanging
@@ -48,17 +59,23 @@ ENABLE_PUSH_CREATE_USER = false
 ENABLE_PUSH_CREATE_ORG = false
 ; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki
 DISABLED_REPO_UNITS =
-; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki.
+; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
 ; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
 ; External wiki and issue tracker can't be enabled by default as it requires additional settings.
 ; Disabled repo units will not be added to new repositories regardless if it is in the default list.
-DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki
+DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
 ; Prefix archive files by placing them in a directory named after the repository
 PREFIX_ARCHIVE_FILES = true
 ; Disable the creation of new mirrors. Pre-existing mirrors remain valid.
 DISABLE_MIRRORS = false
+; Disable migrating feature.
+DISABLE_MIGRATIONS = false
 ; The default branch name of new repositories
-DEFAULT_BRANCH=master
+DEFAULT_BRANCH = master
+; Allow adoption of unadopted repositories
+ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES = false
+; Allow deletion of unadopted repositories
+ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES = false
 
 [repository.editor]
 ; List of file extensions for which lines should be wrapped in the Monaco editor
@@ -71,15 +88,13 @@ PREVIEWABLE_FILE_MODES = markdown
 [repository.local]
 ; Path for local repository copy. Defaults to `tmp/local-repo`
 LOCAL_COPY_PATH = tmp/local-repo
-; Path for local wiki copy. Defaults to `tmp/local-wiki`
-LOCAL_WIKI_PATH = tmp/local-wiki
 
 [repository.upload]
 ; Whether repository file uploads are enabled. Defaults to `true`
 ENABLED = true
 ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
 TEMP_PATH = data/tmp/uploads
-; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
+; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ALLOWED_TYPES =
 ; Max size of each file in megabytes. Defaults to 3MB
 FILE_MAX_SIZE = 3
@@ -88,25 +103,29 @@ MAX_FILES = 5
 
 [repository.pull-request]
 ; List of prefixes used in Pull Request title to mark them as Work In Progress
-WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
 ; List of keywords used in Pull Request comments to automatically close a related issue
-CLOSE_KEYWORDS=close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
+CLOSE_KEYWORDS = close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
 ; List of keywords used in Pull Request comments to automatically reopen a related issue
-REOPEN_KEYWORDS=reopen,reopens,reopened
+REOPEN_KEYWORDS = reopen,reopens,reopened
 ; In the default merge message for squash commits include at most this many commits
-DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT=50
+DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT = 50
 ; In the default merge message for squash commits limit the size of the commit messages to this
-DEFAULT_MERGE_MESSAGE_SIZE=5120
+DEFAULT_MERGE_MESSAGE_SIZE = 5120
 ; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
-DEFAULT_MERGE_MESSAGE_ALL_AUTHORS=false
+DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = false
 ; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
-DEFAULT_MERGE_MESSAGE_MAX_APPROVERS=10
+DEFAULT_MERGE_MESSAGE_MAX_APPROVERS = 10
 ; In default merge messages only include approvers who are official
-DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY=true
+DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY = true
 
 [repository.issue]
 ; List of reasons why a Pull Request or Issue can be locked
-LOCK_REASONS=Too heated,Off-topic,Resolved,Spam
+LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
+
+[repository.release]
+; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+ALLOWED_TYPES =
 
 [repository.signing]
 ; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
@@ -119,6 +138,8 @@ SIGNING_KEY = default
 ; by setting the SIGNING_KEY ID to the correct ID.)
 SIGNING_NAME =
 SIGNING_EMAIL =
+; Sets the default trust model for repositories. Options are: collaborator, committer, collaboratorcommitter
+DEFAULT_TRUST_MODEL = collaborator
 ; Determines when gitea should sign the initial commit when creating a repository
 ; Either:
 ; - never
@@ -143,19 +164,19 @@ MERGES = pubkey, twofa, basesigned, commitssigned
 [cors]
 ; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
 ; enable cors headers (disabled by default)
-ENABLED=false
+ENABLED = false
 ; scheme of allowed requests
-SCHEME=http
+SCHEME = http
 ; list of requesting domains that are allowed
-ALLOW_DOMAIN=*
+ALLOW_DOMAIN = *
 ; allow subdomains of headers listed above to request
-ALLOW_SUBDOMAIN=false
+ALLOW_SUBDOMAIN = false
 ; list of methods allowed to request
-METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
+METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
 ; max time to cache response
-MAX_AGE=10m
+MAX_AGE = 10m
 ; allow request with credentials
-ALLOW_CREDENTIALS=false
+ALLOW_CREDENTIALS = false
 
 [ui]
 ; Number of repositories that are displayed on one explore page
@@ -164,6 +185,8 @@ EXPLORE_PAGING_NUM = 20
 ISSUE_PAGING_NUM = 10
 ; Number of maximum commits displayed in one activity feed
 FEED_MAX_COMMIT_NUM = 5
+; Number of items that are displayed in home feed
+FEED_PAGING_NUM = 20
 ; Number of maximum commits displayed in commit graph.
 GRAPH_MAX_COMMIT_NUM = 100
 ; Number of line of codes shown for a code comment
@@ -218,9 +241,13 @@ MIN_TIMEOUT = 10s
 MAX_TIMEOUT = 60s
 TIMEOUT_STEP = 10s
 ; This setting determines how often the db is queried to get the latest notification counts.
-; If the browser client supports EventSource, it will be used in preference to polling notification.
+; If the browser client supports EventSource and SharedWorker, a SharedWorker will be used in preference to polling notification. Set to -1 to disable the EventSource
 EVENT_SOURCE_UPDATE_TIME = 10s
 
+[ui.svg]
+; Whether to render SVG files as images.  If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images.
+ENABLE_RENDER = true
+
 [markdown]
 ; Render soft line breaks as hard line breaks, which means a single newline character between
 ; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not
@@ -280,6 +307,9 @@ SSH_ROOT_PATH =
 ; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
 ; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
 SSH_CREATE_AUTHORIZED_KEYS_FILE = true
+; Gitea will create a authorized_principals file by default when it is not using the internal ssh server
+; If you intend to use the AuthorizedPrincipalsCommand functionality then you should turn this off.
+SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE = true
 ; For the built-in SSH server, choose the ciphers to support for SSH connections,
 ; for system SSH this setting has no effect
 SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
@@ -289,13 +319,36 @@ SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sh
 ; For the built-in SSH server, choose the MACs to support for SSH connections,
 ; for system SSH this setting has no effect
 SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
+; For the built-in SSH server, choose the keypair to offer as the host key
+; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
+; relative paths are made absolute relative to the APP_DATA_PATH
+SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
 ; Directory to create temporary files in when testing public keys using ssh-keygen,
 ; default is the system temporary directory.
 SSH_KEY_TEST_PATH =
 ; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
 SSH_KEYGEN_PATH = ssh-keygen
 ; Enable SSH Authorized Key Backup when rewriting all keys, default is true
-SSH_BACKUP_AUTHORIZED_KEYS = true
+SSH_AUTHORIZED_KEYS_BACKUP = true
+; Determines which principals to allow
+; - empty: if SSH_TRUSTED_USER_CA_KEYS is empty this will default to off, otherwise will default to email, username.
+; - off: Do not allow authorized principals
+; - email: the principal must match the user's email
+; - username: the principal must match the user's username
+; - anything: there will be no checking on the content of the principal
+SSH_AUTHORIZED_PRINCIPALS_ALLOW = email, username
+; Enable SSH Authorized Principals Backup when rewriting all keys, default is true
+SSH_AUTHORIZED_PRINCIPALS_BACKUP = true
+; Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication.
+; Multiple keys should be comma separated.
+; E.g."ssh-<algorithm> <key>". or "ssh-<algorithm> <key1>, ssh-<algorithm> <key2>".
+; For more information see "TrustedUserCAKeys" in the sshd config manpages.
+SSH_TRUSTED_USER_CA_KEYS =
+; Absolute path of the `TrustedUserCaKeys` file gitea will manage.
+; Default this `RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem
+; If you're running your own ssh server and you want to use the gitea managed file you'll also need to modify your
+; sshd_config to point to this file. The official docker image will automatically work without further configuration.
+SSH_TRUSTED_USER_CA_KEYS_FILENAME =
 ; Enable exposure of SSH clone URL to anonymous visitors, default is false
 SSH_EXPOSE_ANONYMOUS = false
 ; Indicate whether to check minimum key size with corresponding type
@@ -318,7 +371,7 @@ KEY_FILE = https/key.pem
 STATIC_ROOT_PATH =
 ; Default path for App data
 APP_DATA_PATH = data
-; Application level GZIP support
+; Enable gzip compression for runtime-generated content, static resources excluded
 ENABLE_GZIP = false
 ; Application profiling (memory and cpu)
 ; For "web" command it listens on localhost:6060
@@ -350,7 +403,7 @@ GRACEFUL_HAMMER_TIME = 60s
 ; Allows the setting of a startup timeout and waithint for Windows as SVC service
 ; 0 disables this.
 STARTUP_TIMEOUT = 0
-; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time, default is 6h
+; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time. Note that this cache is disabled when RUN_MODE is "dev". Default is 6h
 STATIC_CACHE_TIME = 6h
 
 ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
@@ -358,7 +411,7 @@ STATIC_CACHE_TIME = 6h
 ED25519 = 256
 ECDSA = 256
 RSA = 2048
-DSA = 1024
+DSA = -1 ; set to 1024 to switch on
 
 [database]
 ; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3".
@@ -408,20 +461,31 @@ ISSUE_INDEXER_NAME = gitea_issues
 ISSUE_INDEXER_PATH = indexers/issues.bleve
 ; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue
 ISSUE_INDEXER_QUEUE_TYPE = levelqueue
-; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
+; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
+; This can be overriden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
 ; default is indexers/issues.queue
 ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
 ; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of
+; the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`.
 ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
 ; Batch queue number, default is 20
 ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20
 ; Timeout the indexer if it takes longer than this to start.
 ; Set to zero to disable timeout.
-STARTUP_TIMEOUT=30s
+STARTUP_TIMEOUT = 30s
 
 ; repo indexer by default disabled, since it uses a lot of disk space
 REPO_INDEXER_ENABLED = false
+; Code search engine type, could be `bleve` or `elasticsearch`.
+REPO_INDEXER_TYPE = bleve
+; Index file used for code search.
 REPO_INDEXER_PATH = indexers/repos.bleve
+; Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200
+REPO_INDEXER_CONN_STR =
+; Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch
+REPO_INDEXER_NAME = gitea_codes
+
 UPDATE_BUFFER_LEN = 20
 MAX_FILE_SIZE = 1048576
 ; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include
@@ -443,9 +507,13 @@ LENGTH = 20
 ; Batch size to send for batched queues
 BATCH_LENGTH = 20
 ; Connection string for redis queues this will store the redis connection string.
+; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
+; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
 CONN_STR = "addrs=127.0.0.1:6379 db=0"
-; Provide the suffix of the default redis queue name - specific queues can be overriden within in their [queue.name] sections.
+; Provides the suffix of the default redis/disk queue name - specific queues can be overriden within in their [queue.name] sections.
 QUEUE_NAME = "_queue"
+; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overriden within in their [queue.name] sections.
+SET_NAME = "_unique"
 ; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
 WRAP_IF_NECESSARY = true
 ; Attempt to create the wrapped queue at max
@@ -481,22 +549,35 @@ COOKIE_REMEMBER_NAME = gitea_incredible
 ; Reverse proxy authentication header name of user name
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
 REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
+; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
+REVERSE_PROXY_LIMIT = 1
+; List of IP addresses and networks seperated by comma of trusted proxy servers. Use `*` to trust all.
+REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
 ; The minimum password length for new Users
 MIN_PASSWORD_LENGTH = 6
 ; Set to true to allow users to import local server paths
 IMPORT_LOCAL_PATHS = false
-; Set to true to prevent all users (including admin) from creating custom git hooks
-DISABLE_GIT_HOOKS = false
+; Set to false to allow users with git hook privileges to create custom git hooks.
+; Custom git hooks can be used to perform arbitrary code execution on the host operating system.
+; This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
+; By modifying the Gitea database, users can gain Gitea administrator privileges.
+; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
+; WARNING: This maybe harmful to you website or your operating system.
+DISABLE_GIT_HOOKS = true
+; Set to true to disable webhooks feature.
+DISABLE_WEBHOOKS = false
 ; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
 ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
 ;Comma separated list of character classes required to pass minimum complexity.
-;If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used.
-;Use "off" to disable checking.
-PASSWORD_COMPLEXITY = lower,upper,digit,spec
-; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"
+;If left empty or no valid values are specified, the default is off (no checking)
+;Classes include "lower,upper,digit,spec"
+PASSWORD_COMPLEXITY = off
+; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
 PASSWORD_HASH_ALGO = pbkdf2
 ; Set false to allow JavaScript to read CSRF cookie
 CSRF_COOKIE_HTTP_ONLY = true
+; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed
+PASSWORD_CHECK_PWN = false
 
 [openid]
 ;
@@ -539,9 +620,13 @@ ACTIVE_CODE_LIVE_MINUTES = 180
 RESET_PASSWD_CODE_LIVE_MINUTES = 180
 ; Whether a new user needs to confirm their email when registering.
 REGISTER_EMAIL_CONFIRM = false
+; Whether a new user needs to be confirmed manually after registration. (Requires `REGISTER_EMAIL_CONFIRM` to be disabled.)
+REGISTER_MANUAL_CONFIRM = false
 ; List of domain names that are allowed to be used to register on a Gitea instance
 ; gitea.io,example.com
-EMAIL_DOMAIN_WHITELIST=
+EMAIL_DOMAIN_WHITELIST =
+; Comma-separated list of domain names that are not allowed to be used to register on a Gitea instance
+EMAIL_DOMAIN_BLOCKLIST =
 ; Disallow registration, only allow admins to create accounts.
 DISABLE_REGISTRATION = false
 ; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
@@ -560,12 +645,15 @@ ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ENABLE_REVERSE_PROXY_EMAIL = false
 ; Enable captcha validation for registration
 ENABLE_CAPTCHA = false
-; Type of captcha you want to use. Options: image, recaptcha
+; Type of captcha you want to use. Options: image, recaptcha, hcaptcha
 CAPTCHA_TYPE = image
 ; Enable recaptcha to use Google's recaptcha service
 ; Go to https://www.google.com/recaptcha/admin to sign up for a key
-RECAPTCHA_SECRET  =
+RECAPTCHA_SECRET =
 RECAPTCHA_SITEKEY =
+; For hCaptcha, create an account at https://accounts.hcaptcha.com/login to get your keys
+HCAPTCHA_SECRET =
+HCAPTCHA_SITEKEY =
 ; Change this to use recaptcha.net or other recaptcha service
 RECAPTCHA_URL = https://www.google.com/recaptcha/
 ; Default value for KeepEmailPrivate
@@ -612,6 +700,8 @@ AUTO_WATCH_NEW_REPOS = true
 ; Default value for AutoWatchOnChanges
 ; Make the user watch a repository When they commit for the first time
 AUTO_WATCH_ON_CHANGES = false
+; Minimum amount of time a user must exist before comments are kept when the user is deleted.
+USER_DELETE_WITH_COMMENTS_MAX_TIME = 0
 
 [webhook]
 ; Hook task queue length, increase if webhook shooting starts hanging
@@ -643,8 +733,8 @@ HOST =
 DISABLE_HELO =
 ; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
 HELO_HOSTNAME =
-; Do not verify the certificate of the server. Only use this for self-signed certificates
-SKIP_VERIFY =
+; Whether or not to skip verification of certificates; `true` to disable verification. This option is unsafe. Consider adding the certificate to the system trust store instead.
+SKIP_VERIFY = false
 ; Use client certificate
 USE_CERTIFICATE = false
 CERT_FILE = custom/mailer/cert.pem
@@ -708,12 +798,12 @@ PROVIDER_CONFIG = data/sessions
 COOKIE_NAME = i_like_gitea
 ; If you use session in https only, default is false
 COOKIE_SECURE = false
-; Enable set cookie, default is true
-ENABLE_SET_COOKIE = true
 ; Session GC time interval in seconds, default is 86400 (1 day)
 GC_INTERVAL_TIME = 86400
 ; Session life time in seconds, default is 86400 (1 day)
 SESSION_LIFE_TIME = 86400
+; SameSite settings. Either "none", "lax", or "strict"
+SAME_SITE=lax
 
 [picture]
 AVATAR_UPLOAD_PATH = data/avatars
@@ -740,16 +830,36 @@ DISABLE_GRAVATAR = false
 ENABLE_FEDERATED_AVATAR = false
 
 [attachment]
-; Whether attachments are enabled. Defaults to `true`
+; Whether issue and pull request attachments are enabled. Defaults to `true`
 ENABLED = true
-; Path for attachments. Defaults to `data/attachments`
-PATH = data/attachments
-; One or more allowed types, e.g. "image/jpeg|image/png". Use "*/*" for all types.
-ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
+; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
 ; Max size of each file. Defaults to 4MB
 MAX_SIZE = 4
 ; Max number of files per upload. Defaults to 5
 MAX_FILES = 5
+; Storage type for attachments, `local` for local disk or `minio` for s3 compatible
+; object storage service, default is `local`.
+STORAGE_TYPE = local
+; Allows the storage driver to redirect to authenticated URLs to serve files directly
+; Currently, only `minio` is supported.
+SERVE_DIRECT = false
+; Path for attachments. Defaults to `data/attachments` only available when STORAGE_TYPE is `local`
+PATH = data/attachments
+; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+MINIO_ENDPOINT = localhost:9000
+; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+MINIO_ACCESS_KEY_ID =
+; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+MINIO_SECRET_ACCESS_KEY =
+; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+MINIO_BUCKET = gitea
+; Minio location to create bucket only available when STORAGE_TYPE is `minio`
+MINIO_LOCATION = us-east-1
+; Minio base path on the bucket only available when STORAGE_TYPE is `minio`
+MINIO_BASE_PATH = attachments/
+; Minio enabled ssl only available when STORAGE_TYPE is `minio`
+MINIO_USE_SSL = false
 
 [time]
 ; Specifies the format for fully outputted dates. Defaults to RFC1123
@@ -767,13 +877,11 @@ ROOT_PATH =
 MODE = console
 ; Buffer length of the channel, keep it as it is if you don't know what it is.
 BUFFER_LEN = 10000
-REDIRECT_MACARON_LOG = false
-MACARON = file
 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
 ROUTER_LOG_LEVEL = Info
 ROUTER = console
 ENABLE_ACCESS_LOG = false
-ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
+ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
 ACCESS = file
 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
 LEVEL = Info
@@ -800,8 +908,6 @@ LEVEL =
 FILE_NAME =
 ; This enables automated log rotate(switch of following options), default is true
 LOG_ROTATE = true
-; Max number of lines in a single file, default is 1000000
-MAX_LINES = 1000000
 ; Max size shift of a single file, default is 28 means 1 << 28, 256MB
 MAX_SIZE_SHIFT = 28
 ; Segment log daily, default is true
@@ -840,27 +946,12 @@ PASSWD =
 RECEIVERS =
 
 [cron]
-; Enable running cron tasks periodically.
-ENABLED = true
+; Enable running all cron tasks periodically with default settings.
+ENABLED = false
 ; Run cron tasks when Gitea starts.
 RUN_AT_START = false
 
-; Update mirrors
-[cron.update_mirrors]
-SCHEDULE = @every 10m
-
-; Repository health check
-[cron.repo_health_check]
-SCHEDULE = @every 24h
-TIMEOUT = 60s
-; Arguments for command 'git fsck', e.g. "--unreachable --tags"
-; see more on http://git-scm.com/docs/git-fsck
-ARGS =
-
-; Check repository statistics
-[cron.check_repo_stats]
-RUN_AT_START = true
-SCHEDULE = @every 24h
+; Basic cron tasks - enabled by default
 
 ; Clean up old repository archives
 [cron.archive_cleanup]
@@ -868,25 +959,159 @@ SCHEDULE = @every 24h
 ENABLED = true
 ; Whether to always run at least once at start up time (if ENABLED)
 RUN_AT_START = true
+; Notice if not success
+NO_SUCCESS_NOTICE = false
 ; Time interval for job to run
 SCHEDULE = @every 24h
 ; Archives created more than OLDER_THAN ago are subject to deletion
 OLDER_THAN = 24h
 
+; Update mirrors
+[cron.update_mirrors]
+SCHEDULE = @every 10m
+; Enable running Update mirrors task periodically.
+ENABLED = true
+; Run Update mirrors task when Gitea starts.
+RUN_AT_START = false
+; Notice if not success
+NO_SUCCESS_NOTICE = true
+
+; Repository health check
+[cron.repo_health_check]
+SCHEDULE = @every 24h
+; Enable running Repository health check task periodically.
+ENABLED = true
+; Run Repository health check task when Gitea starts.
+RUN_AT_START = false
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+TIMEOUT = 60s
+; Arguments for command 'git fsck', e.g. "--unreachable --tags"
+; see more on http://git-scm.com/docs/git-fsck
+ARGS =
+
+; Check repository statistics
+[cron.check_repo_stats]
+; Enable running check repository statistics task periodically.
+ENABLED = true
+; Run check repository statistics task when Gitea starts.
+RUN_AT_START = true
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 24h
+
+[cron.update_migration_poster_id]
+; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
+ENABLED = true
+; Update migrated repositories' issues and comments' posterid when starting server (default true)
+RUN_AT_START = true
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+; Interval as a duration between each synchronization. (default every 24h)
+SCHEDULE = @every 24h
+
 ; Synchronize external user data (only LDAP user synchronization is supported)
 [cron.sync_external_users]
+ENABLED = true
 ; Synchronize external user data when starting server (default false)
 RUN_AT_START = false
+; Notice if not success
+NO_SUCCESS_NOTICE = false
 ; Interval as a duration between each synchronization (default every 24h)
 SCHEDULE = @every 24h
 ; Create new users, update existing user data and disable users that are not in external source anymore (default)
 ;   or only create new users if UPDATE_EXISTING is set to false
 UPDATE_EXISTING = true
 
-; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
-[cron.update_migration_poster_id]
-; Interval as a duration between each synchronization. (default every 24h)
+; Clean-up deleted branches
+[cron.deleted_branches_cleanup]
+ENABLED = true
+; Clean-up deleted branches when starting server (default true)
+RUN_AT_START = true
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+; Interval as a duration between each synchronization (default every 24h)
 SCHEDULE = @every 24h
+; deleted branches than OLDER_THAN ago are subject to deletion
+OLDER_THAN = 24h
+
+; Cleanup hook_task table
+[cron.cleanup_hook_task_table]
+; Whether to enable the job
+ENABLED = true
+; Whether to always run at start up time (if ENABLED)
+RUN_AT_START = false
+; Time interval for job to run
+SCHEDULE = @every 24h
+; OlderThan or PerWebhook. How the records are removed, either by age (i.e. how long ago hook_task record was delivered) or by the number to keep per webhook (i.e. keep most recent x deliveries per webhook).
+CLEANUP_TYPE = OlderThan
+; If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
+OLDER_THAN = 168h
+; If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
+NUMBER_TO_KEEP = 10
+
+; Extended cron task - not enabled by default
+
+; Delete all unactivated accounts
+[cron.delete_inactive_accounts]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @annually
+OLDER_THAN = 168h
+
+; Delete all repository archives
+[cron.delete_repo_archives]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @annually
+
+; Garbage collect all repositories
+[cron.git_gc_repos]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+TIMEOUT = 60s
+; Arguments for command 'git gc'
+; The default value is same with [git] -> GC_ARGS
+ARGS =
+
+; Update the '.ssh/authorized_keys' file with Gitea SSH keys
+[cron.resync_all_sshkeys]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+; Resynchronize pre-receive, update and post-receive hooks of all repositories.
+[cron.resync_all_hooks]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+; Reinitialize all missing Git repositories for which records exist
+[cron.reinit_missing_repos]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+; Delete all repositories missing their Git files
+[cron.delete_missing_repos]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+; Delete generated repository avatars
+[cron.delete_generated_repository_avatars]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
 
 [git]
 ; The path of git executable. If empty, Gitea searches through the PATH environment.
@@ -899,6 +1124,10 @@ MAX_GIT_DIFF_LINES = 1000
 MAX_GIT_DIFF_LINE_CHARACTERS = 5000
 ; Max number of files shown in diff view
 MAX_GIT_DIFF_FILES = 100
+; Set the default commits range size
+COMMITS_RANGE_SIZE = 50
+; Set the default branches range size
+BRANCHES_RANGE_SIZE = 20
 ; Arguments for command 'git gc', e.g. "--aggressive --auto"
 ; see more on http://git-scm.com/docs/git-gc/
 GC_ARGS =
@@ -938,15 +1167,15 @@ DEFAULT_MAX_BLOB_SIZE = 10485760
 ; Enables OAuth2 provider
 ENABLE = true
 ; Lifetime of an OAuth2 access token in seconds
-ACCESS_TOKEN_EXPIRATION_TIME=3600
-; Lifetime of an OAuth2 access token in hours
-REFRESH_TOKEN_EXPIRATION_TIME=730
+ACCESS_TOKEN_EXPIRATION_TIME = 3600
+; Lifetime of an OAuth2 refresh token in hours
+REFRESH_TOKEN_EXPIRATION_TIME = 730
 ; Check if refresh token got already used
-INVALIDATE_REFRESH_TOKENS=false
-; OAuth2 authentication secret for access and refresh tokens, change this to a unique string.
-JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
+INVALIDATE_REFRESH_TOKENS = false
+; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
+JWT_SECRET =
 ; Maximum length of oauth2 token/cookie stored on server
-MAX_TOKEN_LENGTH=32767
+MAX_TOKEN_LENGTH = 32767
 
 [i18n]
 LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
@@ -957,7 +1186,7 @@ NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,D
 ; Two Factor authentication with security keys
 ; https://developers.yubico.com/U2F/App_ID.html
 ;APP_ID = http://localhost:3000/
-; Comma seperated list of trusted facets
+; Comma separated list of trusted facets
 ;TRUSTED_FACETS = http://localhost:3000/
 
 ; Extension mapping to highlight class
@@ -1008,3 +1237,36 @@ QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
 MAX_ATTEMPTS = 3
 ; Backoff time per http/https request retry (seconds)
 RETRY_BACKOFF = 3
+; Allowed domains for migrating, default is blank. Blank means everything will be allowed.
+; Multiple domains could be separated by commas.
+ALLOWED_DOMAINS =
+; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
+; When ALLOWED_DOMAINS is not blank, this option will be ignored.
+BLOCKED_DOMAINS =
+; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
+ALLOW_LOCALNETWORKS = false
+
+; default storage for attachments, lfs and avatars
+[storage]
+; storage type
+STORAGE_TYPE = local
+
+; lfs storage will override storage
+[lfs]
+STORAGE_TYPE = local
+
+; customize storage
+;[storage.my_minio]
+;STORAGE_TYPE = minio
+; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+;MINIO_ENDPOINT = localhost:9000
+; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+;MINIO_ACCESS_KEY_ID =
+; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+;MINIO_SECRET_ACCESS_KEY =
+; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+;MINIO_BUCKET = gitea
+; Minio location to create bucket only available when STORAGE_TYPE is `minio`
+;MINIO_LOCATION = us-east-1
+; Minio enabled ssl only available when STORAGE_TYPE is `minio`
+;MINIO_USE_SSL = false

docker/Makefile

@@ -1,14 +0,0 @@
-#Makefile related to docker
-
-DOCKER_IMAGE ?= gitea/gitea
-DOCKER_TAG ?= latest
-DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
-
-.PHONY: docker
-docker:
-	docker build --disable-content-trust=false -t $(DOCKER_REF) .
-# support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite sqlite_unlock_notify"  .
-
-.PHONY: docker-build
-docker-build:
-	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" CGO_EXTRA_CFLAGS="$(CGO_EXTRA_CFLAGS)" webhippie/golang:edge make clean build

docker/README.md

@@ -0,0 +1,7 @@
+# Gitea - Docker
+
+Dockerfile is found in root of repository.
+
+Docker image can be found on [docker hub](https://hub.docker.com/r/gitea/gitea)
+
+Documentation on using docker image can be found on [Gitea Docs site](https://docs.gitea.io/en-us/install-with-docker/)

docker/manifest.rootless.tmpl

@@ -0,0 +1,19 @@
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-rootless
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+  - {{this}}-rootless
+{{/each}}
+{{/if}}
+manifests:
+  -
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64-rootless
+    platform:
+      architecture: amd64
+      os: linux
+  -
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64-rootless
+    platform:
+      architecture: arm64
+      os: linux
+      variant: v8

docker/root/etc/s6/gitea/run

@@ -1,6 +1,6 @@
 #!/bin/bash
 [[ -f ./setup ]] && source ./setup
 
-pushd /app/gitea > /dev/null
-    exec su-exec $USER /app/gitea/gitea web
+pushd /app/gitea >/dev/null
+exec su-exec $USER /app/gitea/gitea web
 popd

docker/root/etc/s6/gitea/setup

@@ -25,7 +25,7 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
 
     # Substitude the environment variables in the template
     APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
-    RUN_MODE=${RUN_MODE:-"dev"} \
+    RUN_MODE=${RUN_MODE:-"prod"} \
     DOMAIN=${DOMAIN:-"localhost"} \
     SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
     HTTP_PORT=${HTTP_PORT:-"3000"} \
@@ -48,6 +48,9 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
     chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
 fi
 
+# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME
+environment-to-ini --config ${GITEA_CUSTOM}/conf/app.ini
+
 # only chown if current owner is not already the gitea ${USER}. No recursive check to save time
 if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi
 if ! [[ $(ls -ld /app/gitea  | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea;  fi

docker/root/etc/s6/openssh/run

@@ -1,6 +1,6 @@
 #!/bin/bash
 [[ -f ./setup ]] && source ./setup
 
-pushd /root > /dev/null
-    exec su-exec root /usr/sbin/sshd -D -e 2>&1
+pushd /root >/dev/null
+exec su-exec root /usr/sbin/sshd -D -e 2>&1
 popd

docker/root/etc/templates/app.ini

@@ -29,6 +29,7 @@ HOST    = $DB_HOST
 NAME    = $DB_NAME
 USER    = $DB_USER
 PASSWD  = $DB_PASSWD
+LOG_SQL = false
 
 [indexer]
 ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
@@ -44,11 +45,16 @@ REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
 PATH = /data/gitea/attachments
 
 [log]
+MODE = console
+LEVEL = info
+ROUTER = console
 ROOT_PATH = /data/gitea/log
 
 [security]
 INSTALL_LOCK = $INSTALL_LOCK
 SECRET_KEY   = $SECRET_KEY
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
 
 [service]
 DISABLE_REGISTRATION = $DISABLE_REGISTRATION

docker/root/etc/templates/sshd_config

@@ -8,11 +8,18 @@ ListenAddress ::
 LogLevel INFO
 
 HostKey /data/ssh/ssh_host_ed25519_key
+HostCertificate /data/ssh/ssh_host_ed25519_cert
 HostKey /data/ssh/ssh_host_rsa_key
-HostKey /data/ssh/ssh_host_dsa_key
+HostCertificate /data/ssh/ssh_host_rsa_cert
 HostKey /data/ssh/ssh_host_ecdsa_key
+HostCertificate /data/ssh/ssh_host_ecdsa_cert
+HostKey /data/ssh/ssh_host_dsa_key
+HostCertificate /data/ssh/ssh_host_dsa_cert
 
 AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedPrincipalsFile .ssh/authorized_principals
+TrustedUserCAKeys /data/git/.ssh/gitea-trusted-user-ca-keys.pem
+CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 
 UseDNS no
 AllowAgentForwarding no

docker/rootless/etc/templates/app.ini

@@ -0,0 +1,57 @@
+APP_NAME = $APP_NAME
+RUN_USER = $RUN_USER
+RUN_MODE = $RUN_MODE
+
+[repository]
+ROOT = $GITEA_WORK_DIR/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = $GITEA_TEMP/local-repo
+
+[repository.upload]
+TEMP_PATH = $GITEA_TEMP/uploads
+
+[server]
+APP_DATA_PATH = $GITEA_WORK_DIR
+SSH_DOMAIN       = $SSH_DOMAIN
+HTTP_PORT        = $HTTP_PORT
+ROOT_URL         = $ROOT_URL
+DISABLE_SSH      = $DISABLE_SSH
+; In rootless gitea container only internal ssh server is supported
+START_SSH_SERVER = true
+SSH_PORT         = $SSH_PORT
+SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
+BUILTIN_SSH_SERVER_USER = $RUN_USER
+LFS_START_SERVER = $LFS_START_SERVER
+LFS_CONTENT_PATH = $GITEA_WORK_DIR/git/lfs
+
+[database]
+PATH = $GITEA_WORK_DIR/data/gitea.db
+DB_TYPE = $DB_TYPE
+HOST    = $DB_HOST
+NAME    = $DB_NAME
+USER    = $DB_USER
+PASSWD  = $DB_PASSWD
+
+[session]
+PROVIDER_CONFIG = $GITEA_WORK_DIR/data/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/gitea/repo-avatars
+
+[attachment]
+PATH = $GITEA_WORK_DIR/data/attachments
+
+[log]
+ROOT_PATH = $GITEA_WORK_DIR/data/log
+
+[security]
+INSTALL_LOCK = $INSTALL_LOCK
+SECRET_KEY   = $SECRET_KEY
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+
+[service]
+DISABLE_REGISTRATION = $DISABLE_REGISTRATION
+REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW

docker/rootless/usr/local/bin/docker-entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ -x /usr/local/bin/docker-setup.sh ]; then
+    /usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; }
+fi
+
+if [ $# -gt 0 ]; then
+    exec "$@"
+else
+    exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web
+fi

docker/rootless/usr/local/bin/docker-setup.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Prepare git folder
+mkdir -p ${HOME} && chmod 0700 ${HOME}
+if [ ! -w ${HOME} ]; then echo "${HOME} is not writable"; exit 1; fi
+
+# Prepare custom folder
+mkdir -p ${GITEA_CUSTOM} && chmod 0500 ${GITEA_CUSTOM}
+
+# Prepare temp folder
+mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
+if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi
+
+#Prepare config file
+if [ ! -f ${GITEA_APP_INI} ]; then
+
+    #Prepare config file folder
+    GITEA_APP_INI_DIR=$(dirname ${GITEA_APP_INI})
+    mkdir -p ${GITEA_APP_INI_DIR} && chmod 0700 ${GITEA_APP_INI_DIR}
+    if [ ! -w ${GITEA_APP_INI_DIR} ]; then echo "${GITEA_APP_INI_DIR} is not writable"; exit 1; fi
+
+    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
+    # INSTALL_LOCK is empty
+    if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
+        INSTALL_LOCK=true
+    fi
+
+    # Substitude the environment variables in the template
+    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+    RUN_MODE=${RUN_MODE:-"prod"} \
+    RUN_USER=${USER:-"git"} \
+    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
+    HTTP_PORT=${HTTP_PORT:-"3000"} \
+    ROOT_URL=${ROOT_URL:-""} \
+    DISABLE_SSH=${DISABLE_SSH:-"false"} \
+    SSH_PORT=${SSH_PORT:-"2222"} \
+    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-$SSH_PORT} \
+    DB_TYPE=${DB_TYPE:-"sqlite3"} \
+    DB_HOST=${DB_HOST:-"localhost:3306"} \
+    DB_NAME=${DB_NAME:-"gitea"} \
+    DB_USER=${DB_USER:-"root"} \
+    DB_PASSWD=${DB_PASSWD:-""} \
+    INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
+    DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
+    REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
+    SECRET_KEY=${SECRET_KEY:-""} \
+    envsubst < /etc/templates/app.ini > ${GITEA_APP_INI}
+fi
+
+# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME
+environment-to-ini --config ${GITEA_APP_INI}

docs/.editorconfig

@@ -1,34 +0,0 @@
-# http://editorconfig.org
-
-root = true
-
-[*]
-charset = utf-8
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-[*.go]
-indent_style = tab
-indent_size = 8
-
-[*.{tmpl,html}]
-indent_style = tab
-indent_size = 4
-
-[*.{less}]
-indent_style = space
-indent_size = 4
-
-[*.{yml}]
-indent_style = space
-indent_size = 2
-
-[*.js]
-indent_style = space
-indent_size = 4
-
-[Makefile]
-indent_style = tab
-
-[*.md]
-trim_trailing_whitespace = false

docs/Makefile

@@ -21,6 +21,10 @@ server: $(THEME)
 build: $(THEME)
 	hugo --cleanDestinationDir
 
+.PHONY: build-offline
+build-offline: $(THEME)
+	hugo --baseURL="/" --cleanDestinationDir
+
 .PHONY: update
 update: $(THEME)
 

docs/config.yaml

@@ -18,9 +18,9 @@ params:
   description: Git with a cup of tea
   author: The Gitea Authors
   website: https://docs.gitea.io
-  version: 1.12.1
-  minGoVersion: 1.12
-  goVersion: 1.14
+  version: 1.13.3
+  minGoVersion: 1.14
+  goVersion: 1.16
   minNodeVersion: 10.13
 
 outputs:
@@ -48,10 +48,10 @@ menu:
       url: https://blog.gitea.io/
       weight: 30
       pre: rss
-    - name: Code
-      url: https://code.gitea.io/
+    - name: Shop
+      url: https://shop.gitea.io/
       weight: 40
-      pre: code
+      pre: shopping-cart
     - name: Translation
       url: https://crowdin.com/project/gitea
       weight: 41
@@ -147,15 +147,15 @@ languages:
           url: https://blog.gitea.io/
           weight: 30
           pre: rss
-        - name: 程式碼
-          url: https://code.gitea.io/
+        - name: 商店
+          url: https://shop.gitea.io/
           weight: 40
-          pre: code
-        - name: 翻译
+          pre: shopping-cart
+        - name: 翻譯
           url: https://crowdin.com/project/gitea
           weight: 41
           pre: language
-        - name: 下载
+        - name: 下載
           url: https://dl.gitea.io/
           weight: 50
           pre: download
@@ -163,11 +163,11 @@ languages:
           url: https://github.com/go-gitea/
           weight: 60
           pre: github
-        - name: Discord Chat
+        - name: Discord 聊天室
           url: https://discord.gg/Gitea
           weight: 70
           pre: comment
-        - name: Forum
+        - name: 討論區
           url: https://discourse.gitea.io/
           weight: 80
           pre: group
@@ -313,20 +313,20 @@ languages:
           weight: 80
           pre: group
 
-  pt-pt:
+  de-de:
     weight: 6
-    languageName: Português de Portugal
+    languageName: Deutsch
     menu:
       page:
-        - name: Página inicial
-          url: https://gitea.io/pt-pt/
+        - name: Webseite
+          url: https://gitea.io/en-us/
           weight: 10
           pre: home
-        - name: Documentação
-          url: /pt-pt/
+          post: active
+        - name: Dokumentation
+          url: /de-de/
           weight: 20
           pre: question
-          post: active
         - name: API
           url: https://try.gitea.io/api/swagger
           weight: 45
@@ -335,15 +335,15 @@ languages:
           url: https://blog.gitea.io/
           weight: 30
           pre: rss
-        - name: Código-fonte
+        - name: Code
           url: https://code.gitea.io/
           weight: 40
           pre: code
-        - name: Tradução
+        - name: Übersetzung
           url: https://crowdin.com/project/gitea
           weight: 41
           pre: language
-        - name: Descarregamentos
+        - name: Downloads
           url: https://dl.gitea.io/
           weight: 50
           pre: download
@@ -351,11 +351,11 @@ languages:
           url: https://github.com/go-gitea/
           weight: 60
           pre: github
-        - name: Discussão no Discord
+        - name: Discord Chat
           url: https://discord.gg/Gitea
           weight: 70
           pre: comment
-        - name: Fórum
+        - name: Forum
           url: https://discourse.gitea.io/
           weight: 80
           pre: group

docs/content/doc/advanced.zh-tw.md

@@ -0,0 +1,13 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "進階"
+slug: "advanced"
+weight: 30
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "進階"
+    weight: 40
+    identifier: "advanced"
+---

docs/content/doc/advanced/ci-cd.en-us.md

@@ -1,37 +0,0 @@
----
-date: "2019-08-27:00:00+02:00"
-title: "CI/CD Usage"
-slug: "ci-cd"
-weight: 40
-toc: true
-draft: false
-menu:
-  sidebar:
-    parent: "advanced"
-    name: "CI/CD Usage"
-    weight: 40
-    identifier: "ci-cd"
----
-
-# Gitea and CI/CD
-**NOTE:** These tools are not endorsed by Gitea. They are listed here for convenience only.
-
-## Hey! This page may be out of date or even removed in the future! :scream:
-Instead, check out [awesome-gitea](https://gitea.com/gitea/awesome-gitea/src/branch/master/README.md#user-content-devops)!
-
-## Listing
-
-CI/CD solutions that have integration with Gitea. Following list is not complete,
-the purpose is to give a starting point to integrate a CI/CD process with your Gitea instance.
-
- - [Drone](https://drone.io) with [Gitea documentation](https://docs.drone.io/installation/providers/gitea/)
- - [Jenkins](https://jenkins.io/) with [Gitea plugin](https://plugins.jenkins.io/gitea)
- - [Agola](https://agola.io)
- - [Buildkite](https://buildkite.com) with [Gitea connector](https://github.com/techknowlogick/gitea-buildkite-connector)
- - [AppVeyor](https://www.appveyor.com) with [built-in Gitea support](https://www.appveyor.com/blog/2019/09/05/gitea-receives-first-class-support-in-appveyor/)
- - [Buildbot](https://www.buildbot.net/) with [Gitea plugin](https://github.com/lab132/buildbot-gitea)
- 
-
-Others CI/CD solutions that can partially be integrated with Gitea:
-
- - [Concourse](https://www.concourse-ci.org), see more information at [Concourse community forum](https://discuss.concourse-ci.org/t/concourse-ci-and-gitea-oauth/1475)

docs/content/doc/advanced/clone-filter.en-us.md

@@ -0,0 +1,65 @@
+---
+date: "2021-02-02"
+title: "Clone filters (partial clone)"
+slug: "clone-filters"
+weight: 25
+draft: false
+toc: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Clone filters"
+    weight: 25
+    identifier: "clone-filters"
+---
+
+# Clone filters (partial clone)
+
+Git introduces `--filter` option to `git clone` command, which filters out
+large files and objects (such as blobs) to create partial clone of a repo.
+Clone filters are especially useful for large repo and/or metered connection,
+where full clone (without `--filter`) can be expensive (as all history data
+must be downloaded).
+
+This requires Git version 2.22 or later, both on the Gitea server and on the
+client. For clone filters to work properly, make sure that Git version
+on the client is at least the same as on the server (or later). Login to
+Gitea server as admin and head to Site Administration -> Configuration to
+see Git version of the server.
+
+By default, clone filters are disabled, which cause the server to ignore
+`--filter` option.
+
+To enable clone filters on per-repo basis, edit the repo's `config` on
+repository location. Consult `ROOT` option on `repository` section of
+Gitea configuration (`app.ini`) for the exact location. For example, to
+enable clone filters for `some-repo`, edit
+`/var/gitea/data/gitea-repositories/some-user/some-repo.git/config` and add:
+
+```ini
+[uploadpack]
+	allowfilter = true
+```
+
+To enable clone filters globally, add that config above to `~/.gitconfig`
+of user that run Gitea (for example `git`).
+
+Alternatively, you can use `git config` to set the option.
+
+To enable for a specific repo:
+
+```bash
+cd /var/gitea/data/gitea-repositories/some-user/some-repo.git
+git config --local uploadpack.allowfilter true
+```
+To enable globally, login as user that run Gitea and:
+
+```bash
+git config --global uploadpack.allowfilter true
+```
+
+See [GitHub blog post: Get up to speed with partial clone](https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/)
+for common use cases of clone filters (blobless and treeless clones), and
+[Gitlab docs for partial clone](https://docs.gitlab.com/ee/topics/git/partial_clone.html)
+for more advanced use cases (such as filter by file size and remove
+filters to turn partial clone into full clone).

docs/content/doc/advanced/cmd-embedded.en-us.md

@@ -3,7 +3,7 @@ date: "2020-01-25T21:00:00-03:00"
 title: "Embedded data extraction tool"
 slug: "cmd-embedded"
 weight: 40
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:
@@ -15,6 +15,10 @@ menu:
 
 # Embedded data extraction tool
 
+**Table of Contents**
+
+{{< toc >}}
+
 Gitea's executable contains all the resources required to run: templates, images, style-sheets
 and translations. Any of them can be overridden by placing a replacement in a matching path
 inside the `custom` directory (see [Customizing Gitea]({{< relref "doc/advanced/customizing-gitea.en-us.md" >}})).
@@ -28,7 +32,7 @@ can be used from the OS shell interface.
 
 To list resources embedded in Gitea's executable, use the following syntax:
 
-```
+```sh
 gitea embedded list [--include-vendored] [patterns...]
 ```
 
@@ -48,11 +52,11 @@ a special meaning for your command shell.
 
 If no pattern is provided, all files are listed.
 
-#### Example
+### Example
 
 Listing all embedded files with `openid` in their path:
 
-```
+```sh
 $ gitea embedded list '**openid**'
 public/img/auth/openid_connect.svg
 public/img/openid-16x16.png
@@ -68,7 +72,7 @@ templates/user/settings/security_openid.tmpl
 
 To extract resources embedded in Gitea's executable, use the following syntax:
 
-```
+```sh
 gitea [--config {file}] embedded extract [--destination {dir}|--custom] [--overwrite|--rename] [--include-vendored] {patterns...}
 ```
 
@@ -91,7 +95,7 @@ as `filename.bak`. Previous `.bak` files are overwritten.
 At least one file search pattern must be provided; see `list` subcomand above for pattern
 syntax and examples.
 
-#### Important notice
+### Important notice
 
 Make sure to **only extract those files that require customization**. Files that
 are present in the `custom` directory are not upgraded by Gitea's upgrade process.
@@ -99,11 +103,11 @@ When Gitea is upgraded to a new version (by replacing the executable), many of t
 embedded files will suffer changes. Gitea will honor and use any files found
 in the `custom` directory, even if they are old and incompatible.
 
-#### Example
+### Example
 
 Extracting mail templates to a temporary directory:
 
-```
+```sh
 $ mkdir tempdir
 $ gitea embedded extract --destination tempdir 'templates/mail/**.tmpl'
 Extracting to tempdir:

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -31,19 +31,19 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 
 **Note:** A full restart is required for Gitea configuration changes to take effect.
 
+{{< toc >}}
+
 ## Overall (`DEFAULT`)
 
 - `APP_NAME`: **Gitea: Git with a cup of tea**: Application name, used in the page title.
 - `RUN_USER`: **git**: The user Gitea will run as. This should be a dedicated system
    (non-user) account. Setting this incorrectly will cause Gitea to not start.
-- `RUN_MODE`: **dev**: For performance and other purposes, change this to `prod` when
-   deployed to a production environment. The installation process will set this to `prod`
-   automatically. \[prod, dev, test\]
+- `RUN_MODE`: **prod**: Application run mode, affects performance and debugging. Either "dev", "prod" or "test".
 
 ## Repository (`repository`)
 
-- `ROOT`: **~/gitea-repositories/**: Root path for storing all repository data. It must be
-   an absolute path.
+- `ROOT`: **data/gitea-repositories/**: Root path for storing all repository data. It must be
+   an absolute path. By default it is stored in a sub-directory of `APP_DATA_PATH`.
 - `SCRIPT_TYPE`: **bash**: The script type this server supports. Usually this is `bash`,
    but some users report that only `sh` is available.
 - `DETECTED_CHARSETS_ORDER`: **UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr**: Tie-break order of detected charsets - if the detected charsets have equal confidence, charsets earlier in the list will be chosen in preference to those later. Adding `defaults` will place the unnamed charsets at that point.
@@ -51,6 +51,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `FORCE_PRIVATE`: **false**: Force every new repository to be private.
 - `DEFAULT_PRIVATE`: **last**: Default private when creating a new repository.
    \[last, private, public\]
+- `DEFAULT_PUSH_CREATE_PRIVATE`: **true**: Default private when creating a new repository with push-to-create.
 - `MAX_CREATION_LIMIT`: **-1**: Global maximum creation limit of repositories per user,
    `-1` means no limit.
 - `PULL_REQUEST_QUEUE_LENGTH`: **1000**: Length of pull request patch test queue, make it
@@ -69,9 +70,19 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`:  **false**: Close an issue if a commit on a non default branch marks it as closed.
 - `ENABLE_PUSH_CREATE_USER`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for a user.
 - `ENABLE_PUSH_CREATE_ORG`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for an org.
+- `DISABLED_REPO_UNITS`: **_empty_**: Comma separated list of globally disabled repo units. Allowed values: \[repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects\]
+- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects**: Comma separated list of default repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
 - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
 - `DISABLE_MIRRORS`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid.
+- `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
 - `DEFAULT_BRANCH`: **master**: Default branch name of all repositories.
+- `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
+- `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
+
+### Repository - Editor (`repository.editor`)
+
+- `LINE_WRAP_EXTENSIONS`: **.txt,.md,.markdown,.mdown,.mkd,**: List of file extensions for which lines should be wrapped in the Monaco editor. Separate extensions with a comma. To line wrap files without an extension, just put a comma
+- `PREVIEWABLE_FILE_MODES`: **markdown**: Valid file modes that have a preview API associated with them, such as `api/v1/markdown`. Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match.
 
 ### Repository - Pull Request (`repository.pull-request`)
 
@@ -91,6 +102,18 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 
 - `LOCK_REASONS`: **Too heated,Off-topic,Resolved,Spam**: A list of reasons why a Pull Request or Issue can be locked
 
+### Repository - Upload (`repository.upload`)
+
+- `ENABLED`: **true**: Whether repository file uploads are enabled
+- `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (tmp gets deleted on gitea restart)
+- `ALLOWED_TYPES`: **\<empty\>**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+- `FILE_MAX_SIZE`: **3**: Max size of each file in megabytes.
+- `MAX_FILES`: **5**: Max number of files per upload
+
+### Repository - Release (`repository.release`)
+
+- `ALLOWED_TYPES`: **\<empty\>**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+
 ### Repository - Signing (`repository.signing`)
 
 - `SIGNING_KEY`: **default**: \[none, KEYID, default \]: Key to sign with.
@@ -101,6 +124,10 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
   - `twofa`: Only sign if the user is logged in with twofa
   - `always`: Always sign
   - Options other than `never` and `always` can be combined as a comma separated list.
+- `DEFAULT_TRUST_MODEL`: **collaborator**: \[collaborator, committer, collaboratorcommitter\]: The default trust model used for verifying commits.
+   - `collaborator`: Trust signatures signed by keys of collaborators.
+   - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the commmitter).
+   - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the commiter.
 - `WIKI`: **never**: \[never, pubkey, twofa, always, parentsigned\]: Sign commits to wiki.
 - `CRUD_ACTIONS`: **pubkey, twofa, parentsigned**: \[never, pubkey, twofa, parentsigned, always\]: Sign CRUD actions.
   - Options as above, with the addition of:
@@ -111,6 +138,10 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
   - `headsigned`: Only sign if the head commit in the head branch is signed.
   - `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
 
+## Repository - Local (`repository.local`)
+
+- `LOCAL_COPY_PATH`: **tmp/local-repo**: Path for temporary local repository copies. Defaults to `tmp/local-repo`
+
 ## CORS (`cors`)
 
 - `ENABLED`: **false**: enable cors headers (disabled by default)
@@ -127,10 +158,15 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
 - `MEMBERS_PAGING_NUM`: **20**: Number of members that are shown in organization members.
 - `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
+- `FEED_PAGING_NUM`: **20**: Number of items that are displayed in home feed.
 - `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
+- `CODE_COMMENT_LINES`: **4**: Number of line of codes shown for a code comment.
 - `DEFAULT_THEME`: **gitea**: \[gitea, arc-green\]: Set the default theme for the Gitea install.
-- `THEMES`:  **gitea,arc-green**: All available themes. Allow users select personalized themes
+- `SHOW_USER_EMAIL`: **true**: Whether the email of the user should be shown in the Explore Users page.
+- `THEMES`:  **gitea,arc-green**: All available themes. Allow users select personalized themes.
   regardless of the value of `DEFAULT_THEME`.
+- `THEME_COLOR_META_TAG`: **#6cc644**:  Value of `theme-color` meta tag, used by Android >= 5.0. An invalid color like "none" or "disable" will have the default style.  More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+- `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB)
 - `REACTIONS`: All available reactions users can choose on issues/prs and comments
     Values can be emoji alias (:smile:) or a unicode emoji.
     For custom reactions, add a tightly cropped square image to public/emoji/img/reaction_name.png
@@ -145,13 +181,22 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `NOTICE_PAGING_NUM`: **25**: Number of notices that are shown in one page.
 - `ORG_PAGING_NUM`: **50**: Number of organizations that are shown in one page.
 
+### UI - Metadata (`ui.meta`)
+
+- `AUTHOR`: **Gitea - Git with a cup of tea**: Author meta tag of the homepage.
+- `DESCRIPTION`: **Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go**: Description meta tag of the homepage.
+- `KEYWORDS`: **go,git,self-hosted,gitea**: Keywords meta tag of the homepage.
+
 ### UI - Notification (`ui.notification`)
 
 - `MIN_TIMEOUT`: **10s**: These options control how often notification endpoint is polled to update the notification count. On page load the notification count will be checked after `MIN_TIMEOUT`. The timeout will increase to `MAX_TIMEOUT` by `TIMEOUT_STEP` if the notification count is unchanged. Set MIN_TIMEOUT to 0 to turn off.
 - `MAX_TIMEOUT`: **60s**.
 - `TIMEOUT_STEP`: **10s**.
-- `EVENT_SOURCE_UPDATE_TIME`: **10s**: This setting determines how often the database is queried to update notification counts. If the browser client supports `EventSource`, it will be used in preference to polling notification endpoint.
+- `EVENT_SOURCE_UPDATE_TIME`: **10s**: This setting determines how often the database is queried to update notification counts. If the browser client supports `EventSource` and `SharedWorker`, a `SharedWorker` will be used in preference to polling notification endpoint. Set to **-1** to disable the `EventSource`.
 
+### UI - SVG Images (`ui.svg`)
+
+- `ENABLE_RENDER`: **true**: Whether to render SVG files as images.  If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images.
 
 ## Markdown (`markdown`)
 
@@ -192,26 +237,50 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
    most cases you do not need to change the default value. Alter it only if
    your SSH server node is not the same as HTTP node. Do not set this variable
    if `PROTOCOL` is set to `unix`.
+
 - `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 - `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server.
+- `BUILTIN_SSH_SERVER_USER`: **%(RUN_USER)s**: Username to use for the built-in SSH Server.
 - `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
 - `SSH_PORT`: **22**: SSH port displayed in clone URL.
 - `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server.
 - `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
+- `SSH_ROOT_PATH`: **~/.ssh**: Root path of SSH directory.
+- `SSH_CREATE_AUTHORIZED_KEYS_FILE`: **true**: Gitea will create a authorized_keys file by default when it is not using the internal ssh server. If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
+- `SSH_AUTHORIZED_KEYS_BACKUP`: **true**: Enable SSH Authorized Key Backup when rewriting all keys, default is true.
+- `SSH_TRUSTED_USER_CA_KEYS`: **\<empty\>**: Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication. Multiple keys should be comma separated. E.g.`ssh-<algorithm> <key>` or `ssh-<algorithm> <key1>, ssh-<algorithm> <key2>`. For more information see `TrustedUserCAKeys` in the sshd config man pages. When empty no file will be created and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` will default to `off`.
+- `SSH_TRUSTED_USER_CA_KEYS_FILENAME`: **`RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem**: Absolute path of the `TrustedUserCaKeys` file gitea will manage. If you're running your own ssh server and you want to use the gitea managed file you'll also need to modify your sshd_config to point to this file. The official docker image will automatically work without further configuration.
+- `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
+- `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
+- `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
+- `SSH_SERVER_CIPHERS`: **aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
+- `SSH_SERVER_KEY_EXCHANGES`: **diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
+- `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
+- `SSH_SERVER_HOST_KEYS`: **ssh/gitea.rsa, ssh/gogs.rsa**: For the built-in SSH server, choose the keypairs to offer as the host key. The private key should be at `SSH_SERVER_HOST_KEY` and the public `SSH_SERVER_HOST_KEY.pub`. Relative paths are made absolute relative to the `APP_DATA_PATH`. If no key exists a 4096 bit RSA key will be created for you.
+- `SSH_KEY_TEST_PATH`: **/tmp**: Directory to create temporary files in when testing public keys using ssh-keygen, default is the system temporary directory.
+- `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+- `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false.
+- `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type.
+
 - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
 - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
-- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
+- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). From 1.11 paths are relative to `CUSTOM_PATH`.
 - `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
 - `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
-- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars.
-- `ENABLE_GZIP`: **false**: Enables application-level GZIP support.
+- `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
+- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
+- `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded.
+- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on localhost:6060. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
+- `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start gitea as service
 - `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login\].
+
 - `LFS_START_SERVER`: **false**: Enables git-lfs support.
-- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
+- `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)/lfs**:  DEPRECATED: Default LFS content path. (if it is on local storage.)
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
 - `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
 - `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit).
-- `LFS_LOCK_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page.
+- `LFS_LOCKS_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page.
+
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
 - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
 - `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
@@ -229,9 +298,9 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `HOST`: **127.0.0.1:3306**: Database host address and port or absolute path for unix socket \[mysql, postgres\] (ex: /var/run/mysqld/mysqld.sock).
 - `NAME`: **gitea**: Database name.
 - `USER`: **root**: Database username.
-- `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
+- `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` or """your password""" for quoting if you use special characters in the password.
 - `SCHEMA`: **\<empty\>**: For PostgreSQL only, schema to use if different from "public". The schema must exist beforehand,
-  the user must have creation privileges on it, and the user search path must be set to the look into the schema first 
+  the user must have creation privileges on it, and the user search path must be set to the look into the schema first
   (e.g. `ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;`).
 - `SSL_MODE`: **disable**: SSL/TLS encryption mode for connecting to the database. This option is only applied for PostgreSQL and MySQL.
   - Valid values for MySQL:
@@ -245,6 +314,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
      - `require`: Enable TLS without any verifications.
      - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
      - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
+- `SQLITE_TIMEOUT`: **500**: Query timeout for sqlite3 only.
+- `ITERATE_BUFFER_SIZE`: **50**: Internal buffer size for iterating.
 - `CHARSET`: **utf8mb4**: For MySQL only, either "utf8" or "utf8mb4". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
 - `LOG_SQL`: **true**: Log the executed SQL.
@@ -253,7 +324,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `MAX_OPEN_CONNS` **0**: Database maximum open connections - default is 0, meaning there is no limit.
 - `MAX_IDLE_CONNS` **2**: Max idle database connections on connnection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
 - `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
-  
+
 Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their
 relation to port exhaustion.
 
@@ -265,12 +336,16 @@ relation to port exhaustion.
 - `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch.
 - The next 4 configuration values are deprecated and should be set in `queue.issue_indexer` however are kept for backwards compatibility:
 - `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`.
-- `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the queue will be saved path.
-- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+- `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the path where the queue will be saved.
+- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string. When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`.
 - `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: Batch queue number.
 
 - `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space, about 6 times more than the repository size).
+- `REPO_INDEXER_TYPE`: **bleve**: Code search engine type, could be `bleve` or `elasticsearch`.
 - `REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search.
+- `REPO_INDEXER_CONN_STR`: ****: Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200
+- `REPO_INDEXER_NAME`: **gitea_codes**: Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch
+
 - `REPO_INDEXER_INCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **include** in the index. Use `**.txt` to match any files with .txt extension. An empty list means include all files.
 - `REPO_INDEXER_EXCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **exclude** from the index. Files that match this list will not be indexed, even if they match in `REPO_INDEXER_INCLUDE`.
 - `REPO_INDEXER_EXCLUDE_VENDORED`: **true**: Exclude vendored files from index.
@@ -280,16 +355,14 @@ relation to port exhaustion.
 
 ## Queue (`queue` and `queue.*`)
 
-- `TYPE`: **persistable-channel**: General queue type, currently support: `persistable-channel`, `channel`, `level`, `redis`, `dummy`
-- `DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for inidividual queues can be set in `queue.name` sections but will default to `DATADIR/`**`name`**.
+- `TYPE`: **persistable-channel**: General queue type, currently support: `persistable-channel` (uses a LevelDB internally), `channel`, `level`, `redis`, `dummy`
+- `DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for individual queues can be set in `queue.name` sections but will default to `DATADIR/`**`name`**.
 - `LENGTH`: **20**: Maximal queue size before channel queues block
 - `BATCH_LENGTH`: **20**: Batch data before passing to the handler
-- `CONN_STR`: **addrs=127.0.0.1:6379 db=0**: Connection string for the redis queue type.
-- `QUEUE_NAME`: **_queue**: The suffix for default redis queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overriden in the specific `queue.name` section.
-- `SET_NAME`: **_unique**: The suffix that will added to the default redis
-set name for unique queues. Individual queues will default to
-**`name`**`QUEUE_NAME`_`SET_NAME`_ but can be overridden in the specific
-`queue.name` section.
+- `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the redis queue type. Options can be set using query params. Similarly LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR`
+- `QUEUE_NAME`: **_queue**: The suffix for default redis and disk queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overriden in the specific `queue.name` section.
+- `SET_NAME`: **_unique**: The suffix that will be added to the default redis and disk queue `set` name for unique queues. Individual queues will default to
+ **`name`**`QUEUE_NAME`_`SET_NAME`_ but can be overridden in the specific `queue.name` section.
 - `WRAP_IF_NECESSARY`: **true**: Will wrap queues with a timeoutable queue if the selected queue is not ready to be created - (Only relevant for the level queue.)
 - `MAX_ATTEMPTS`: **10**: Maximum number of attempts to create the wrapped queue
 - `TIMEOUT`: **GRACEFUL_HAMMER_TIME + 30s**: Timeout the creation of the wrapped queue if it takes longer than this to create.
@@ -301,7 +374,9 @@ set name for unique queues. Individual queues will default to
 - `BOOST_WORKERS`: **5**: This many workers will be added to the worker pool if there is a boost.
 
 ## Admin (`admin`)
+
 - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
+- `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations.
 
 ## Security (`security`)
 
@@ -315,20 +390,31 @@ set name for unique queues. Individual queues will default to
    authentication.
 - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
    authentication provided email.
-- `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom
-   git hooks.
+- `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request.
+   Number of trusted proxy count. Set to zero to not use these headers.
+- `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
+- `DISABLE_GIT_HOOKS`: **true**: Set to `false` to enable users with git hook privilege to create custom git hooks.
+   WARNING: Custom git hooks can be used to perform arbitrary code execution on the host operating system.
+   This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
+   By modifying the Gitea database, users can gain Gitea administrator privileges.
+   It also enables them to access other resources available to the user on the operating system that is running the
+   Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
+   This maybe harmful to you website or your operating system.
+- `DISABLE_WEBHOOKS`: **false**: Set to `true` to disable webhooks feature.
 - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to gitea repositories you should set the environment appropriately.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
 - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
 - `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
-- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[pbkdf2, argon2, scrypt, bcrypt\].
+- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\], argon2 will spend more memory than others.
 - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
-- `PASSWORD_COMPLEXITY`: **lower,upper,digit,spec**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, the default values will be used. Possible values are: 
+- `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users.
+- `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
     - lower - use one or more lower latin characters
     - upper - use one or more upper latin characters
     - digit - use one or more digits
     - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
     - off - do not check password complexity
+- `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
 
 ## OpenID (`openid`)
 
@@ -346,6 +432,8 @@ set name for unique queues. Individual queues will default to
    process.
 - `REGISTER_EMAIL_CONFIRM`: **false**: Enable this to ask for mail confirmation of registration.
    Requires `Mailer` to be enabled.
+- `REGISTER_MANUAL_CONFIRM`: **false**: Enable this to manually confirm new registrations.
+   Requires `REGISTER_EMAIL_CONFIRM` to be disabled.
 - `DISABLE_REGISTRATION`: **false**: Disable registration, after which only admin can create
    accounts for users.
 - `REQUIRE_EXTERNAL_REGISTRATION_PASSWORD`: **false**: Enable this to force externally created
@@ -366,15 +454,23 @@ set name for unique queues. Individual queues will default to
 - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
 - `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
    even for External Accounts (i.e. GitHub, OpenID Connect, etc). You must `ENABLE_CAPTCHA` also.
-- `CAPTCHA_TYPE`: **image**: \[image, recaptcha\]
+- `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha\]
 - `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
 - `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
 - `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
+- `HCAPTCHA_SECRET`: **""**: Sign up at https://www.hcaptcha.com/ to get a secret for hcaptcha.
+- `HCAPTCHA_SITEKEY`: **""**: Sign up at https://www.hcaptcha.com/ to get a sitekey for hcaptcha.
+- `DEFAULT_KEEP_EMAIL_PRIVATE`: **false**: By default set users to keep their email address private.
+- `DEFAULT_ALLOW_CREATE_ORGANIZATION`: **true**: Allow new users to create organizations by default.
 - `DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default.
 - `ALLOW_CROSS_REPOSITORY_DEPENDENCIES` : **true** Enable this to allow dependencies on issues from any repository where the user is granted access.
 - `ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles.
+- `ENABLE_TIMETRACKING`: **true**: Enable Timetracking feature.
+- `DEFAULT_ENABLE_TIMETRACKING`: **true**: Allow repositories to use timetracking by deault.
+- `DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME`: **true**: Only allow users with write permissions to track time.
 - `EMAIL_DOMAIN_WHITELIST`: **\<empty\>**: If non-empty, list of domain names that can only be used to register
   on this instance.
+- `EMAIL_DOMAIN_BLOCKLIST`: **\<empty\>**: If non-empty, list of domain names that cannot be used to register on this instance
 - `SHOW_REGISTRATION_BUTTON`: **! DISABLE\_REGISTRATION**: Show Registration Button
 - `SHOW_MILESTONES_DASHBOARD_PAGE`: **true** Enable this to show the milestones dashboard page - a view of all the user's milestones
 - `AUTO_WATCH_NEW_REPOS`: **true**: Enable this to let all organisation users watch new repos when they are created
@@ -382,8 +478,24 @@ set name for unique queues. Individual queues will default to
 - `DEFAULT_ORG_VISIBILITY`: **public**: Set default visibility mode for organisations, either "public", "limited" or "private".
 - `DEFAULT_ORG_MEMBER_VISIBLE`: **false** True will make the membership of the users visible when added to the organisation.
 - `ALLOW_ONLY_EXTERNAL_REGISTRATION`: **false** Set to true to force registration only using third-party services.
-- `NO_REPLY_ADDRESS`: **DOMAIN** Default value for the domain part of the user's email address in the git log if he has set KeepEmailPrivate to true. 
+- `NO_REPLY_ADDRESS`: **DOMAIN** Default value for the domain part of the user's email address in the git log if he has set KeepEmailPrivate to true.
   The user's email will be replaced with a concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
+- `USER_DELETE_WITH_COMMENTS_MAX_TIME`: **0** Minimum amount of time a user must exist before comments are kept when the user is deleted.
+
+### Service - Expore (`service.explore`)
+
+- `REQUIRE_SIGNIN_VIEW`: **false**: Only allow signed in users to view the explore pages.
+- `DISABLE_USERS_PAGE`: **false**: Disable the users explore page.
+
+
+## SSH Minimum Key Sizes (`ssh.minimum_key_sizes`)
+
+Define allowed algorithms and their minimum key length (use -1 to disable a type):
+
+- `ED25519`: **256**
+- `ECDSA`: **256**
+- `RSA`: **2048**
+- `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider
 
 ## Webhook (`webhook`)
 
@@ -401,7 +513,7 @@ set name for unique queues. Individual queues will default to
 - `HELO_HOSTNAME`: **\<empty\>**: Custom hostname for HELO operation.
 - `HOST`: **\<empty\>**: SMTP mail host address and port (example: smtp.gitea.io:587).
   - Using opportunistic TLS via STARTTLS on port 587 is recommended per RFC 6409.
-- `IS_TLS_ENABLED` :  **false** : Forcibly use TLS to connect even if not on a default SMTPS port. 
+- `IS_TLS_ENABLED` :  **false** : Forcibly use TLS to connect even if not on a default SMTPS port.
   - Note, if the port ends with `465` SMTPS/SMTP over TLS will be used despite this setting.
   - Otherwise if `IS_TLS_ENABLED=false` and the server supports `STARTTLS` this will be used. Thus if `STARTTLS` is preferred you should set `IS_TLS_ENABLED=false`.
 - `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or
@@ -409,8 +521,13 @@ set name for unique queues. Individual queues will default to
 - `USER`: **\<empty\>**: Username of mailing user (usually the sender's e-mail address).
 - `PASSWD`: **\<empty\>**: Password of mailing user.  Use \`your password\` for quoting if you use special characters in the password.
    - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or `HOST=localhost`. See [Email Setup]({{< relref "doc/usage/email-setup.en-us.md" >}}) for more information.
-- `SKIP_VERIFY`: **\<empty\>**: Do not verify the self-signed certificates.
+- `SEND_AS_PLAIN_TEXT`: **false**: Send mails as plain text.
+- `SKIP_VERIFY`: **false**: Whether or not to skip verification of certificates; `true` to disable verification.
+   - **Warning:** This option is unsafe. Consider adding the certificate to the system trust store instead.
    - **Note:** Gitea only supports SMTP with STARTTLS.
+- `USE_CERTIFICATE`: **false**: Use client certificate.
+- `CERT_FILE`: **custom/mailer/cert.pem**
+- `KEY_FILE`: **custom/mailer/key.pem**
 - `SUBJECT_PREFIX`: **\<empty\>**: Prefix to be placed before e-mail subject lines.
 - `MAILER_TYPE`: **smtp**: \[smtp, sendmail, dummy\]
    - **smtp** Use SMTP to send mail
@@ -422,7 +539,9 @@ set name for unique queues. Individual queues will default to
    - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
 - `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
    command or full path).
+- `SENDMAIL_ARGS`: **_empty_**: Specify any extra sendmail arguments.
 - `SENDMAIL_TIMEOUT`: **5m**: default timeout for sending email through sendmail
+- `SEND_BUFFER_LEN`: **100**: Buffer length of mailing queue.
 
 ## Cache (`cache`)
 
@@ -430,7 +549,7 @@ set name for unique queues. Individual queues will default to
 - `ADAPTER`: **memory**: Cache engine adapter, either `memory`, `redis`, or `memcache`.
 - `INTERVAL`: **60**: Garbage Collection interval (sec), for memory cache only.
 - `HOST`: **\<empty\>**: Connection string for `redis` and `memcache`.
-   - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
+   - Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
    - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
 - `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to 0 disables caching.
 
@@ -442,11 +561,14 @@ set name for unique queues. Individual queues will default to
 
 ## Session (`session`)
 
-- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, mysql, couchbase, memcache, nodb, postgres\].
+- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, db, mysql, couchbase, memcache, postgres\].
 - `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for others, the connection string.
 - `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
 - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.
 - `GC_INTERVAL_TIME`: **86400**: GC interval in seconds.
+- `SESSION_LIFE_TIME`: **86400**: Session life time in seconds, default is 86400 (1 day)
+- `DOMAIN`: **\<empty\>**: Sets the cookie Domain
+- `SAME_SITE`: **lax** \[strict, lax, none\]: Set the SameSite setting for the cookie.
 
 ## Picture (`picture`)
 
@@ -455,25 +577,45 @@ set name for unique queues. Individual queues will default to
 - `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only.
 - `ENABLE_FEDERATED_AVATAR`: **false**: Enable support for federated avatars (see
    [http://www.libravatar.org](http://www.libravatar.org)).
+
+- `AVATAR_STORAGE_TYPE`: **default**: Storage type defined in `[storage.xxx]`. Default is `default` which will read `[storage]` if no section `[storage]` will be a type `local`.
 - `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store user avatar image files.
-- `REPOSITORY_AVATAR_UPLOAD_PATH`: **data/repo-avatars**: Path to store repository avatar image files.
-- `REPOSITORY_AVATAR_FALLBACK`: **none**: How Gitea deals with missing repository avatars
-  - none = no avatar will be displayed
-  - random = random avatar will be generated
-  - image = default image will be used (which is set in `REPOSITORY_AVATAR_DEFAULT_IMAGE`)
-- `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)
 - `AVATAR_MAX_WIDTH`: **4096**: Maximum avatar image width in pixels.
 - `AVATAR_MAX_HEIGHT`: **3072**: Maximum avatar image height in pixels.
 - `AVATAR_MAX_FILE_SIZE`: **1048576** (1Mb): Maximum avatar image file size in bytes.
 
-## Attachment (`attachment`)
+- `REPOSITORY_AVATAR_STORAGE_TYPE`: **default**: Storage type defined in `[storage.xxx]`. Default is `default` which will read `[storage]` if no section `[storage]` will be a type `local`.
+- `REPOSITORY_AVATAR_UPLOAD_PATH`: **data/repo-avatars**: Path to store repository avatar image files.
+- `REPOSITORY_AVATAR_FALLBACK`: **none**: How Gitea deals with missing repository avatars
+  - none = no avatar will be displayed
+  - random = random avatar will be generated
+  - image = default image will be used (which is set in `REPOSITORY_AVATAR_FALLBACK_IMAGE`)
+- `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)
 
-- `ENABLED`: **true**: Enable this to allow uploading attachments.
-- `PATH`: **data/attachments**: Path to store attachments.
-- `ALLOWED_TYPES`: **see app.example.ini**: Allowed MIME types, e.g. `image/jpeg|image/png`.
-   Use `*/*` for all types.
+
+## Project (`project`)
+
+Default templates for project boards:
+
+- `PROJECT_BOARD_BASIC_KANBAN_TYPE`: **To Do, In Progress, Done**
+- `PROJECT_BOARD_BUG_TRIAGE_TYPE`: **Needs Triage, High Priority, Low Priority, Closed**
+
+## Issue and pull request attachments (`attachment`)
+
+- `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
+- `ALLOWED_TYPES`: **.docx,.gif,.gz,.jpeg,.jpg,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 - `MAX_SIZE`: **4**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
+- `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
+- `SERVE_DIRECT`: **false**: Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
+- `PATH`: **data/attachments**: Path to store attachments only available when STORAGE_TYPE is `local`
+- `MINIO_ENDPOINT`: **localhost:9000**: Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+- `MINIO_ACCESS_KEY_ID`: Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+- `MINIO_SECRET_ACCESS_KEY`: Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+- `MINIO_BUCKET`: **gitea**: Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+- `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when STORAGE_TYPE is `minio`
+- `MINIO_BASE_PATH`: **attachments/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
+- `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when STORAGE_TYPE is `minio`
 
 ## Log (`log`)
 
@@ -481,16 +623,14 @@ set name for unique queues. Individual queues will default to
 - `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections `\[log.modename\]`. By default the file mode will log to `$ROOT_PATH/gitea.log`.
 - `LEVEL`: **Info**: General log level. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
 - `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
-- `REDIRECT_MACARON_LOG`: **false**: Redirects the Macaron log to its own logger or the default logger.
-- `MACARON`: **file**: Logging mode for the macaron logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.macaron\]`. By default the file mode will log to `$ROOT_PATH/macaron.log`. (If you set this to `,` it will log to default gitea logger.)
 - `ROUTER_LOG_LEVEL`: **Info**: The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)
 - `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default gitea logger.)
-NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
+NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
 - `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
 - `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default gitea logger.)
 - `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
   - The following variables are available:
-  - `Ctx`: the `macaron.Context` of the request.
+  - `Ctx`: the `context.Context` of the request.
   - `Identity`: the SignedUserName or `"-"` if not logged in.
   - `Start`: the start time of the request.
   - `ResponseWriter`: the responseWriter from the request.
@@ -539,41 +679,102 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
 
 ## Cron (`cron`)
 
-- `ENABLED`: **true**: Run cron tasks periodically.
+- `ENABLED`: **false**: Enable to run all cron tasks periodically with default settings.
 - `RUN_AT_START`: **false**: Run cron tasks at application start-up.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 
-### Cron - Cleanup old repository archives (`cron.archive_cleanup`)
+### Basic cron tasks - enabled by default
+
+#### Cron - Cleanup old repository archives (`cron.archive_cleanup`)
 
 - `ENABLED`: **true**: Enable service.
 - `RUN_AT_START`: **true**: Run tasks at start up time (if ENABLED).
 - `SCHEDULE`: **@every 24h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
 - `OLDER_THAN`: **24h**: Archives created more than `OLDER_THAN` ago are subject to deletion, e.g. `12h`.
 
-### Cron - Update Mirrors (`cron.update_mirrors`)
+#### Cron - Update Mirrors (`cron.update_mirrors`)
 
 - `SCHEDULE`: **@every 10m**: Cron syntax for scheduling update mirrors, e.g. `@every 3h`.
+- `NO_SUCCESS_NOTICE`: **true**: The cron task for update mirrors success report is not very useful - as it just means that the mirrors have been queued. Therefore this is turned off by default.
 
-### Cron - Repository Health Check (`cron.repo_health_check`)
+#### Cron - Repository Health Check (`cron.repo_health_check`)
 
 - `SCHEDULE`: **@every 24h**: Cron syntax for scheduling repository health check.
 - `TIMEOUT`: **60s**: Time duration syntax for health check execution timeout.
 - `ARGS`: **\<empty\>**: Arguments for command `git fsck`, e.g. `--unreachable --tags`. See more on http://git-scm.com/docs/git-fsck
 
-### Cron - Repository Statistics Check (`cron.check_repo_stats`)
+#### Cron - Repository Statistics Check (`cron.check_repo_stats`)
 
 - `RUN_AT_START`: **true**: Run repository statistics check at start time.
 - `SCHEDULE`: **@every 24h**: Cron syntax for scheduling repository statistics check.
 
-### Cron - Update Migration Poster ID (`cron.update_migration_poster_id`)
+### Cron - Cleanup hook_task Table (`cron.cleanup_hook_task_table`)
+
+- `ENABLED`: **true**: Enable cleanup hook_task job.
+- `RUN_AT_START`: **false**: Run cleanup hook_task at start time (if ENABLED).
+- `SCHEDULE`: **@every 24h**: Cron syntax for cleaning hook_task table.
+- `CLEANUP_TYPE` **OlderThan** OlderThan or PerWebhook Method to cleanup hook_task, either by age (i.e. how long ago hook_task record was delivered) or by the number to keep per webhook (i.e. keep most recent x deliveries per webhook).
+- `OLDER_THAN`: **168h**: If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
+- `NUMBER_TO_KEEP`: **10**: If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
+
+#### Cron - Update Migration Poster ID (`cron.update_migration_poster_id`)
 
 - `SCHEDULE`: **@every 24h** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
 
+#### Cron - Sync External Users (`cron.sync_external_users`)
+
+- `SCHEDULE`: **@every 24h** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
+- `UPDATE_EXISTING`: **true**: Create new users, update existing user data and disable users that are not in external source anymore (default) or only create new users if UPDATE_EXISTING is set to false.
+
+### Extended cron tasks (not enabled by default)
+
+#### Cron - Garbage collect all repositories ('cron.git_gc_repos')
+- `ENABLED`: **false**: Enable service.
+- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
+- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
+- `TIMEOUT`: **60s**: Time duration syntax for garbage collection execution timeout.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
+- `ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. The default value is same with [git] -> GC_ARGS
+
+#### Cron - Update the '.ssh/authorized_keys' file with Gitea SSH keys ('cron.resync_all_sshkeys')
+- `ENABLED`: **false**: Enable service.
+- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
+- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
+
+#### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories ('cron.resync_all_hooks')
+- `ENABLED`: **false**: Enable service.
+- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
+- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
+
+#### Cron - Reinitialize all missing Git repositories for which records exist ('cron.reinit_missing_repos')
+- `ENABLED`: **false**: Enable service.
+- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
+- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
+
+#### Cron - Delete all repositories missing their Git files ('cron.delete_missing_repos')
+- `ENABLED`: **false**: Enable service.
+- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
+- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
+
+#### Cron -  Delete generated repository avatars ('cron.delete_generated_repository_avatars')
+- `ENABLED`: **false**: Enable service.
+- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
+- `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
+
 ## Git (`git`)
 
 - `PATH`: **""**: The path of git executable. If empty, Gitea searches through the PATH environment.
-- `MAX_GIT_DIFF_LINES`: **100**: Max number of lines allowed of a single file in diff view.
+- `DISABLE_DIFF_HIGHLIGHT`: **false**: Disables highlight of added and removed changes.
+- `MAX_GIT_DIFF_LINES`: **1000**: Max number of lines allowed of a single file in diff view.
 - `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
 - `MAX_GIT_DIFF_FILES`: **100**: Max number of files shown in diff view.
+- `COMMITS_RANGE_SIZE`: **50**: Set the default commits range size
+- `BRANCHES_RANGE_SIZE`: **20**: Set the default branches range size
 - `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
 - `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
 - `PULL_REQUEST_PUSH_MESSAGE`: **true**: Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
@@ -605,8 +806,8 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
 
 - `ENABLE`: **true**: Enables OAuth2 provider.
 - `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
-- `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 access token in hours
-- `INVALIDATE_REFRESH_TOKEN`: **false**: Check if refresh token got already used
+- `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 refresh token in hours
+- `INVALIDATE_REFRESH_TOKENS`: **false**: Check if refresh token has already been used
 - `JWT_SECRET`: **\<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this a unique string.
 - `MAX_TOKEN_LENGTH`: **32767**: Maximum length of token/cookie to accept from OAuth2 provider
 
@@ -670,15 +871,73 @@ Task queue configuration has been moved to `queue.task`. However, the below conf
 
 - `QUEUE_TYPE`: **channel**: Task queue type, could be `channel` or `redis`.
 - `QUEUE_LENGTH`: **1000**: Task queue length, available only when `QUEUE_TYPE` is `channel`.
-- `QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: Task queue connection string, available only when `QUEUE_TYPE` is `redis`. If redis needs a password, use `addrs=127.0.0.1:6379 password=123 db=0`.
+- `QUEUE_CONN_STR`: **redis://127.0.0.1:6379/0**: Task queue connection string, available only when `QUEUE_TYPE` is `redis`. If redis needs a password, use `redis://123@127.0.0.1:6379/0`.
 
 ## Migrations (`migrations`)
 
 - `MAX_ATTEMPTS`: **3**: Max attempts per http/https request on migrations.
 - `RETRY_BACKOFF`: **3**: Backoff time per http/https request retry (seconds)
+- `ALLOWED_DOMAINS`: **\<empty\>**: Domains allowlist for migrating repositories, default is blank. It means everything will be allowed. Multiple domains could be separated by commas.
+- `BLOCKED_DOMAINS`: **\<empty\>**: Domains blocklist for migrating repositories, default is blank. Multiple domains could be separated by commas. When `ALLOWED_DOMAINS` is not blank, this option will be ignored.
+- `ALLOW_LOCALNETWORKS`: **false**: Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291
+
+## Mirror (`mirror`)
+
+- `DEFAULT_INTERVAL`: **8h**: Default interval between each check
+- `MIN_INTERVAL`: **10m**: Minimum interval for checking. (Must be >1m).
+
+## LFS (`lfs`)
+
+Storage configuration for lfs data. It will be derived from default `[storage]` or
+`[storage.xxx]` when set `STORAGE_TYPE` to `xxx`. When derived, the default of `PATH`
+is `data/lfs` and the default of `MINIO_BASE_PATH` is `lfs/`.
+
+- `STORAGE_TYPE`: **local**: Storage type for lfs, `local` for local disk or `minio` for s3 compatible object storage service or other name defined with `[storage.xxx]`
+- `SERVE_DIRECT`: **false**: Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
+- `PATH`: **./data/lfs**: Where to store LFS files, only available when `STORAGE_TYPE` is `local`. If not set it fall back to deprecated LFS_CONTENT_PATH value in [server] section.
+- `MINIO_ENDPOINT`: **localhost:9000**: Minio endpoint to connect only available when `STORAGE_TYPE` is `minio`
+- `MINIO_ACCESS_KEY_ID`: Minio accessKeyID to connect only available when `STORAGE_TYPE` is `minio`
+- `MINIO_SECRET_ACCESS_KEY`: Minio secretAccessKey to connect only available when `STORAGE_TYPE is` `minio`
+- `MINIO_BUCKET`: **gitea**: Minio bucket to store the lfs only available when `STORAGE_TYPE` is `minio`
+- `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
+- `MINIO_BASE_PATH`: **lfs/**: Minio base path on the bucket only available when `STORAGE_TYPE` is `minio`
+- `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
+
+## Storage (`storage`)
+
+Default storage configuration for attachments, lfs, avatars and etc.
+
+- `SERVE_DIRECT`: **false**: Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
+- `MINIO_ENDPOINT`: **localhost:9000**: Minio endpoint to connect only available when `STORAGE_TYPE` is `minio`
+- `MINIO_ACCESS_KEY_ID`: Minio accessKeyID to connect only available when `STORAGE_TYPE` is `minio`
+- `MINIO_SECRET_ACCESS_KEY`: Minio secretAccessKey to connect only available when `STORAGE_TYPE is` `minio`
+- `MINIO_BUCKET`: **gitea**: Minio bucket to store the data only available when `STORAGE_TYPE` is `minio`
+- `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket only available when `STORAGE_TYPE` is `minio`
+- `MINIO_USE_SSL`: **false**: Minio enabled ssl only available when `STORAGE_TYPE` is `minio`
+
+And you can also define a customize storage like below:
+
+```ini
+[storage.my_minio]
+STORAGE_TYPE = minio
+; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+MINIO_ENDPOINT = localhost:9000
+; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+MINIO_ACCESS_KEY_ID =
+; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+MINIO_SECRET_ACCESS_KEY =
+; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+MINIO_BUCKET = gitea
+; Minio location to create bucket only available when STORAGE_TYPE is `minio`
+MINIO_LOCATION = us-east-1
+; Minio enabled ssl only available when STORAGE_TYPE is `minio`
+MINIO_USE_SSL = false
+```
+
+And used by `[attachment]`, `[lfs]` and etc. as `STORAGE_TYPE`.
 
 ## Other (`other`)
 
 - `SHOW_FOOTER_BRANDING`: **false**: Show Gitea branding in the footer.
-- `SHOW_FOOTER_VERSION`: **true**: Show Gitea version information in the footer.
+- `SHOW_FOOTER_VERSION`: **true**: Show Gitea and Go version information in the footer.
 - `SHOW_FOOTER_TEMPLATE_LOAD_TIME`: **true**: Show time of template execution in the footer.

docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

@@ -17,6 +17,8 @@ menu:
 
 这是针对Gitea配置文件的说明，你可以了解Gitea的强大配置。需要说明的是，你的所有改变请修改 `custom/conf/app.ini` 文件而不是源文件。所有默认值可以通过 [app.example.ini](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini) 查看到。如果你发现 `%(X)s` 这样的内容，请查看 [ini](https://github.com/go-ini/ini/#recursive-values) 这里的说明。标注了 :exclamation: 的配置项表明除非你真的理解这个配置项的意义，否则最好使用默认值。
 
+{{< toc >}}
+
 ## Overall (`DEFAULT`)
 
 - `APP_NAME`: 应用名称，改成你希望的名字。
@@ -30,6 +32,7 @@ menu:
 - `ANSI_CHARSET`: 默认字符编码。
 - `FORCE_PRIVATE`: 强制所有git工程必须私有。
 - `DEFAULT_PRIVATE`: 默认创建的git工程为私有。 可以是`last`, `private` 或 `public`。默认值是 `last`表示用户最后创建的Repo的选择。
+- `DEFAULT_PUSH_CREATE_PRIVATE`: **true**:  通过 ``push-to-create`` 方式创建的仓库是否默认为私有仓库.
 - `MAX_CREATION_LIMIT`: 全局最大每个用户创建的git工程数目， `-1` 表示没限制。
 - `PULL_REQUEST_QUEUE_LENGTH`: 小心：合并请求测试队列的长度，尽量放大。
 
@@ -67,11 +70,12 @@ menu:
 - `KEY_FILE`: 启用HTTPS的密钥文件。
 - `STATIC_ROOT_PATH`: 存放模板和静态文件的根目录，默认是 Gitea 的根目录。
 - `STATIC_CACHE_TIME`: **6h**: 静态资源文件，包括 `custom/`, `public/` 和所有上传的头像的浏览器缓存时间。
-- `ENABLE_GZIP`: 启用应用级别的 GZIP 压缩。
+- `ENABLE_GZIP`: 启用实时生成的数据启用 GZIP 压缩，不包括静态资源。
 - `LANDING_PAGE`: 未登录用户的默认页面，可选 `home` 或 `explore`。
+
 - `LFS_START_SERVER`: 是否启用 git-lfs 支持. 可以为 `true` 或 `false`， 默认是 `false`。
-- `LFS_CONTENT_PATH`: 存放 lfs 命令上传的文件的地方，默认是 `data/lfs`。
 - `LFS_JWT_SECRET`: LFS 认证密钥，改成自己的。
+- `LFS_CONTENT_PATH`: **已废弃**, 存放 lfs 命令上传的文件的地方，默认是 `data/lfs`。
 
 ## Database (`database`)
 
@@ -98,8 +102,12 @@ menu:
 - `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: 当 `ISSUE_INDEXER_QUEUE_TYPE` 为 `redis` 时，保存Redis队列的连接字符串。
 - `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: 队列处理中批量提交数量。
 
-- `REPO_INDEXER_ENABLED`: **false**: 是否启用代码搜索（启用后会占用比较大的磁盘空间）。
+- `REPO_INDEXER_ENABLED`: **false**: 是否启用代码搜索（启用后会占用比较大的磁盘空间，如果是bleve可能需要占用约6倍存储空间）。
+- `REPO_INDEXER_TYPE`: **bleve**: 代码搜索引擎类型，可以为 `bleve` 或者 `elasticsearch`。
 - `REPO_INDEXER_PATH`: **indexers/repos.bleve**: 用于代码搜索的索引文件路径。
+- `REPO_INDEXER_CONN_STR`: ****: 代码搜索引擎连接字符串，当 `REPO_INDEXER_TYPE` 为 `elasticsearch` 时有效。例如： http://elastic:changeme@localhost:9200
+- `REPO_INDEXER_NAME`: **gitea_codes**: 代码搜索引擎的名字，当 `REPO_INDEXER_TYPE` 为 `elasticsearch` 时有效。
+
 - `UPDATE_BUFFER_LEN`: **20**: 代码索引请求的缓冲区长度。
 - `MAX_FILE_SIZE`: **1048576**: 进行解析的源代码文件的最大长度，小于该值时才会索引。
 
@@ -117,6 +125,7 @@ menu:
 - `ACTIVE_CODE_LIVE_MINUTES`: 登录验证码失效时间，单位分钟。
 - `RESET_PASSWD_CODE_LIVE_MINUTES`: 重置密码失效时间，单位分钟。
 - `REGISTER_EMAIL_CONFIRM`: 启用注册邮件激活，前提是 `Mailer` 已经启用。
+- `REGISTER_MANUAL_CONFIRM`: **false**: 新注册用户必须由管理员手动激活,启用此选项需取消`REGISTER_EMAIL_CONFIRM`.
 - `DISABLE_REGISTRATION`: 禁用注册，启用后只能用管理员添加用户。
 - `SHOW_REGISTRATION_BUTTON`: 是否显示注册按钮。
 - `REQUIRE_SIGNIN_VIEW`: 是否所有页面都必须登录后才可访问。
@@ -126,6 +135,11 @@ menu:
 - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: 允许通过反向认证做自动注册。
 - `ENABLE_CAPTCHA`: 注册时使用图片验证码。
 
+### Service - Expore (`service.explore`)
+
+- `REQUIRE_SIGNIN_VIEW`: **false**: 仅允许已登录的用户查看探索页面。
+- `DISABLE_USERS_PAGE`: **false**: 不显示用户探索页面。
+
 ## Webhook (`webhook`)
 
 - `QUEUE_LENGTH`: 说明: Hook 任务队列长度。
@@ -177,13 +191,35 @@ menu:
 - `DISABLE_GRAVATAR`: 开启则只使用内部头像。
 - `ENABLE_FEDERATED_AVATAR`: 启用头像联盟支持 (参见 http://www.libravatar.org)
 
+- `AVATAR_STORAGE_TYPE`: **local**: 头像存储类型，可以为 `local` 或 `minio`，分别支持本地文件系统和 minio 兼容的API。
+- `AVATAR_UPLOAD_PATH`: **data/avatars**: 存储头像的文件系统路径。
+- `AVATAR_MAX_WIDTH`: **4096**: 头像最大宽度，单位像素。
+- `AVATAR_MAX_HEIGHT`: **3072**: 头像最大高度，单位像素。
+- `AVATAR_MAX_FILE_SIZE`: **1048576** (1Mb): 头像最大大小。
+
+- `REPOSITORY_AVATAR_STORAGE_TYPE`: **local**: 仓库头像存储类型，可以为 `local` 或 `minio`，分别支持本地文件系统和 minio 兼容的API。
+- `REPOSITORY_AVATAR_UPLOAD_PATH`: **data/repo-avatars**: 存储仓库头像的路径。
+- `REPOSITORY_AVATAR_FALLBACK`: **none**: 当头像丢失时的处理方式
+  - none = 不显示头像
+  - random = 显示随机生成的头像
+  - image = 显示默认头像，通过 `REPOSITORY_AVATAR_FALLBACK_IMAGE` 设置
+- `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: 默认仓库头像
+
 ## Attachment (`attachment`)
 
 - `ENABLED`: 是否允许用户上传附件。
-- `PATH`: 附件存储路径
 - `ALLOWED_TYPES`: 允许上传的附件类型。比如：`image/jpeg|image/png`，用 `*/*` 表示允许任何类型。
 - `MAX_SIZE`: 附件最大限制，单位 MB，比如： `4`。
 - `MAX_FILES`: 一次最多上传的附件数量，比如： `5`。
+- `STORAGE_TYPE`: **local**: 附件存储类型，`local` 将存储到本地文件夹， `minio` 将存储到 s3 兼容的对象存储服务中。
+- `PATH`: **data/attachments**: 附件存储路径，仅当 `STORAGE_TYPE` 为 `local` 时有效。
+- `MINIO_ENDPOINT`: **localhost:9000**: Minio 终端，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_ACCESS_KEY_ID`: Minio accessKeyID ，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_SECRET_ACCESS_KEY`: Minio secretAccessKey，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_BUCKET`: **gitea**: Minio bucket to store the attachments，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_BASE_PATH`: **attachments/**: Minio base path on the bucket，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_USE_SSL`: **false**: Minio enabled ssl，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
 
 关于 `ALLOWED_TYPES`， 在 (*)unix 系统中可以使用`file -I <filename>` 来快速获得对应的 `MIME type`。
 
@@ -286,6 +322,58 @@ IS_INPUT_FILE = false
 
 - `MAX_ATTEMPTS`: **3**: 在迁移过程中的 http/https 请求重试次数。
 - `RETRY_BACKOFF`: **3**: 等待下一次重试的时间，单位秒。
+- `ALLOWED_DOMAINS`: **\<empty\>**: 迁移仓库的域名白名单，默认为空，表示允许从任意域名迁移仓库，多个域名用逗号分隔。
+- `BLOCKED_DOMAINS`: **\<empty\>**: 迁移仓库的域名黑名单，默认为空，多个域名用逗号分隔。如果 `ALLOWED_DOMAINS` 不为空，此选项将会被忽略。
+- `ALLOW_LOCALNETWORKS`: **false**: Allow private addresses defined by RFC 1918
+
+## LFS (`lfs`)
+
+LFS 的存储配置。 如果 `STORAGE_TYPE` 为空，则此配置将从 `[storage]` 继承。如果不为 `local` 或者 `minio` 而为 `xxx`， 则从 `[storage.xxx]` 继承。当继承时， `PATH` 默认为 `data/lfs`，`MINIO_BASE_PATH` 默认为 `lfs/`。
+
+- `STORAGE_TYPE`: **local**: LFS 的存储类型，`local` 将存储到磁盘，`minio` 将存储到 s3 兼容的对象服务。
+- `SERVE_DIRECT`: **false**: 允许直接重定向到存储系统。当前，仅 Minio/S3 是支持的。
+- `PATH`: 存放 lfs 命令上传的文件的地方，默认是 `data/lfs`。
+- `MINIO_ENDPOINT`: **localhost:9000**: Minio 地址，仅当 `LFS_STORAGE_TYPE` 为 `minio` 时有效。
+- `MINIO_ACCESS_KEY_ID`: Minio accessKeyID，仅当 `LFS_STORAGE_TYPE` 为 `minio` 时有效。
+- `MINIO_SECRET_ACCESS_KEY`: Minio secretAccessKey，仅当 `LFS_STORAGE_TYPE` 为 `minio` 时有效。
+- `MINIO_BUCKET`: **gitea**: Minio bucket，仅当 `LFS_STORAGE_TYPE` 为 `minio` 时有效。
+- `MINIO_LOCATION`: **us-east-1**: Minio location ，仅当 `LFS_STORAGE_TYPE` 为 `minio` 时有效。
+- `MINIO_BASE_PATH`: **lfs/**: Minio base path ，仅当 `LFS_STORAGE_TYPE` 为 `minio` 时有效。
+- `MINIO_USE_SSL`: **false**: Minio 是否启用 ssl ，仅当 `LFS_STORAGE_TYPE` 为 `minio` 时有效。
+
+## Storage (`storage`)
+
+Attachments, lfs, avatars and etc 的默认存储配置。
+
+- `STORAGE_TYPE`: **local**: 附件存储类型，`local` 将存储到本地文件夹， `minio` 将存储到 s3 兼容的对象存储服务中。
+- `SERVE_DIRECT`: **false**: 允许直接重定向到存储系统。当前，仅 Minio/S3 是支持的。
+- `MINIO_ENDPOINT`: **localhost:9000**: Minio 终端，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_ACCESS_KEY_ID`: Minio accessKeyID ，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_SECRET_ACCESS_KEY`: Minio secretAccessKey，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_BUCKET`: **gitea**: Minio bucket to store the attachments，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_LOCATION`: **us-east-1**: Minio location to create bucket，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+- `MINIO_USE_SSL`: **false**: Minio enabled ssl，仅当 `STORAGE_TYPE` 是 `minio` 时有效。
+
+你也可以自定义一个存储的名字如下：
+
+```ini
+[storage.my_minio]
+STORAGE_TYPE = minio
+; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+MINIO_ENDPOINT = localhost:9000
+; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+MINIO_ACCESS_KEY_ID =
+; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+MINIO_SECRET_ACCESS_KEY =
+; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+MINIO_BUCKET = gitea
+; Minio location to create bucket only available when STORAGE_TYPE is `minio`
+MINIO_LOCATION = us-east-1
+; Minio enabled ssl only available when STORAGE_TYPE is `minio`
+MINIO_USE_SSL = false
+```
+
+然后你在 `[attachment]`, `[lfs]` 等中可以把这个名字用作 `STORAGE_TYPE` 的值。
 
 ## Other (`other`)
 

docs/content/doc/advanced/customizing-gitea.en-us.md

@@ -30,7 +30,7 @@ the Linux Filesystem Standard. Gitea will attempt to create required folders, in
 `custom/`. Distributions may provide a symlink for `custom` using `/etc/gitea/`.
 
 Application settings can be found in file `CustomConf` which is by default,
-`CustomPath/conf/app.ini` but may be different if your build has set this differently.
+`$GITEA_CUSTOM/conf/app.ini` but may be different if your build has set this differently.
 Again `gitea help` will allow you review this variable and you can override it using the
 `--config` option on the `gitea` binary.
 
@@ -39,23 +39,41 @@ Again `gitea help` will allow you review this variable and you can override it u
 
 If the `CustomPath` folder can't be found despite checking `gitea help`, check the `GITEA_CUSTOM`
 environment variable; this can be used to override the default path to something else.
-`GITEA_CUSTOM` might, for example, be set by an init script.
+`GITEA_CUSTOM` might, for example, be set by an init script. You can check whether the value
+is set under the "Configuration" tab on the site administration page.
 
 - [List of Environment Variables](https://docs.gitea.io/en-us/specific-variables/)
 
 **Note:** Gitea must perform a full restart to see configuration changes.
 
+**Table of Contents**
+
+{{< toc >}}
+
 ## Serving custom public files
 
 To make Gitea serve custom public files (like pages and images), use the folder
-`custom/public/` as the webroot. Symbolic links will be followed.
+`$GITEA_CUSTOM/public/` as the webroot. Symbolic links will be followed.
 
-For example, a file `image.png` stored in `custom/public/`, can be accessed with
+For example, a file `image.png` stored in `$GITEA_CUSTOM/public/`, can be accessed with
 the url `http://gitea.domain.tld/image.png`.
 
+## Changing the default logo
+
+To build a custom logo replace `assets/logo.svg` and run `make generate-images`. This will update
+these customizable logo files which you can then place in `$GITEA_CUSTOM/public/img` on your server:
+
+- `public/img/logo.svg`
+- `public/img/logo.png`
+- `public/img/favicon.png`
+- `public/img/avatar_default.png`
+- `public/img/apple-touch-icon.png`
+
 ## Changing the default avatar
 
-Place the png image at the following path: `custom/public/img/avatar_default.png`
+Either generate it via above method or place the png image at the following path:
+
+- `$GITEA_CUSTOM/public/img/avatar_default.png`
 
 ## Customizing Gitea pages and resources
 
@@ -63,11 +81,11 @@ Gitea's executable contains all the resources required to run: templates, images
 and translations. Any of them can be overridden by placing a replacement in a matching path
 inside the `custom` directory. For example, to replace the default `.gitignore` provided
 for C++ repositories, we want to replace `options/gitignore/C++`. To do this, a replacement
-must be placed in `custom/options/gitignore/C++` (see about the location of the `custom`
+must be placed in `$GITEA_CUSTOM/options/gitignore/C++` (see about the location of the `CustomPath`
 directory at the top of this document).
 
 Every single page of Gitea can be changed. Dynamic content is generated using [go templates](https://golang.org/pkg/html/template/),
-which can be modified by placing replacements below the `custom/templates` directory.
+which can be modified by placing replacements below the `$GITEA_CUSTOM/templates` directory.
 
 To obtain any embedded file (including templates), the [`gitea embedded` tool]({{< relref "doc/advanced/cmd-embedded.en-us.md" >}}) can be used. Alternatively, they can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/master/templates) directory of Gitea source (Note: the example link is from the `master` branch. Make sure to use templates compatible with the release you are using).
 
@@ -76,16 +94,16 @@ shouldn't be touched without fully understanding these components.
 
 ### Customizing startpage / homepage
 
-Copy [`home.tmpl`](https://github.com/go-gitea/gitea/blob/master/templates/home.tmpl) for your version of Gitea from `templates` to `custom/templates`.
+Copy [`home.tmpl`](https://github.com/go-gitea/gitea/blob/master/templates/home.tmpl) for your version of Gitea from `templates` to `$GITEA_CUSTOM/templates`.
 Edit as you wish.
 Dont forget to restart your gitea to apply the changes.
 
 ### Adding links and tabs
 
-If all you want is to add extra links to the top navigation bar or footer, or extra tabs to the repository view, you can put them in `extra_links.tmpl` (links added to the navbar), `extra_links_footer.tmpl` (links added to the left side of footer), and `extra_tabs.tmpl` inside your `custom/templates/custom/` directory.
+If all you want is to add extra links to the top navigation bar or footer, or extra tabs to the repository view, you can put them in `extra_links.tmpl` (links added to the navbar), `extra_links_footer.tmpl` (links added to the left side of footer), and `extra_tabs.tmpl` inside your `$GITEA_CUSTOM/templates/custom/` directory.
 
 For instance, let's say you are in Germany and must add the famously legally-required "Impressum"/about page, listing who is responsible for the site's content:
-just place it under your "custom/public/" directory (for instance `custom/public/impressum.html`) and put a link to it in either `custom/templates/custom/extra_links.tmpl` or `custom/templates/custom/extra_links_footer.tmpl`.
+just place it under your "$GITEA_CUSTOM/public/" directory (for instance `$GITEA_CUSTOM/public/impressum.html`) and put a link to it in either `$GITEA_CUSTOM/templates/custom/extra_links.tmpl` or `$GITEA_CUSTOM/templates/custom/extra_links_footer.tmpl`.
 
 To match the current style, the link should have the class name "item", and you can use `{{AppSubUrl}}` to get the base URL:
 `<a class="item" href="{{AppSubUrl}}/impressum.html">Impressum</a>`
@@ -99,7 +117,7 @@ The exact HTML needed to match the style of other tabs is in the file
 
 ### Other additions to the page
 
-Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful templates you can put in your `custom/templates/custom/` directory:
+Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful templates you can put in your `$GITEA_CUSTOM/templates/custom/` directory:
 
 - `header.tmpl`, just before the end of the `<head>` tag where you can add custom CSS files for instance.
 - `body_outer_pre.tmpl`, right after the start of `<body>`.
@@ -108,45 +126,6 @@ Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful temp
 - `body_outer_post.tmpl`, before the bottom `<footer>` element.
 - `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional Javascript.
 
-#### Example: Mermaid.js
-
-If you would like to add [mermaid.js](https://mermaid-js.github.io/mermaid) support to Gitea's markdown you simply add:
-
-```html
-{{if .RequireHighlightJS}}
-<script src="https://unpkg.com/mermaid@8.4.5/dist/mermaid.min.js"></script>
-<!-- or wherever you have placed it -->
-<script>mermaid.init(".language-mermaid")</script>
-{{end}}
-```
-
-to `custom/footer.tmpl`. You then can add blocks
-like below to your markdown:
-
-    ```mermaid
-        stateDiagram
-        [*] --> Active
-
-        state Active {
-            [*] --> NumLockOff
-            NumLockOff --> NumLockOn : EvNumLockPressed
-            NumLockOn --> NumLockOff : EvNumLockPressed
-            --
-            [*] --> CapsLockOff
-            CapsLockOff --> CapsLockOn : EvCapsLockPressed
-            CapsLockOn --> CapsLockOff : EvCapsLockPressed
-            --
-            [*] --> ScrollLockOff
-            ScrollLockOff --> ScrollLockOn : EvCapsLockPressed
-            ScrollLockOn --> ScrollLockOff : EvCapsLockPressed
-        }
-    ```
-
-If you want to use Mermaid.js outside of markdown, e.g. in other templates or HTML files,
-you would need to remove `{{if .RequireHighlightJS}}` and `{{end}}`.
-
-Mermaid will detect and use tags with `class="language-mermaid"`.
-
 #### Example: PlantUML
 
 You can add [PlantUML](https://plantuml.com/) support to Gitea's markdown by using a PlantUML server.
@@ -154,7 +133,7 @@ The data is encoded and sent to the PlantUML server which generates the picture.
 demo server at http://www.plantuml.com/plantuml, but if you (or your users) have sensitive data you
 can set up your own [PlantUML server](https://plantuml.com/server) instead. To set up PlantUML rendering,
 copy javascript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
-`custom/public` folder. Then add the following to `custom/footer.tmpl`:
+`$GITEA_CUSTOM/public` folder. Then add the following to `custom/footer.tmpl`:
 
 ```html
 {{if .RequireHighlightJS}}
@@ -162,8 +141,8 @@ copy javascript files from https://gitea.com/davidsvantesson/plantuml-code-highl
 <script src="https://your-server.com/encode.js"></script>
 <script src="https://your-server.com/plantuml_codeblock_parse.js"></script>
 <script>
-<!-- Replace call with address to your plantuml server-->
-parsePlantumlCodeBlocks("http://www.plantuml..com/plantuml")
+  <!-- Replace call with address to your plantuml server-->
+  parsePlantumlCodeBlocks("http://www.plantuml..com/plantuml");
 </script>
 {{end}}
 ```
@@ -183,43 +162,55 @@ The script will detect tags with `class="language-plantuml"`, but you can change
 #### Example: STL Preview
 
 You can display STL file directly in Gitea by adding:
+
 ```html
 <script>
-function lS(src){
-  return new Promise(function(resolve, reject) {
-    let s = document.createElement('script')
-    s.src = src
-    s.addEventListener('load', () => {
-      resolve()
-    })
-    document.body.appendChild(s)
-  });
-}
-
-if($('.view-raw>a[href$=".stl" i]').length){
-  $('body').append('<link href="/Madeleine.js/src/css/Madeleine.css" rel="stylesheet">');
-  Promise.all([lS("/Madeleine.js/src/lib/stats.js"),lS("/Madeleine.js/src/lib/detector.js"), lS("/Madeleine.js/src/lib/three.min.js"), lS("/Madeleine.js/src/Madeleine.js")]).then(function() {
-    $('.view-raw').attr('id', 'view-raw').attr('style', 'padding: 0;margin-bottom: -10px;');
-    new Madeleine({
-      target: 'view-raw',
-      data: $('.view-raw>a[href$=".stl" i]').attr('href'),
-      path: '/Madeleine.js/src'
+  function lS(src) {
+    return new Promise(function (resolve, reject) {
+      let s = document.createElement("script");
+      s.src = src;
+      s.addEventListener("load", () => {
+        resolve();
+      });
+      document.body.appendChild(s);
     });
-    $('.view-raw>a[href$=".stl"]').remove()
-  });
-}
+  }
+
+  if ($('.view-raw>a[href$=".stl" i]').length) {
+    $("body").append(
+      '<link href="/Madeleine.js/src/css/Madeleine.css" rel="stylesheet">'
+    );
+    Promise.all([
+      lS("/Madeleine.js/src/lib/stats.js"),
+      lS("/Madeleine.js/src/lib/detector.js"),
+      lS("/Madeleine.js/src/lib/three.min.js"),
+      lS("/Madeleine.js/src/Madeleine.js"),
+    ]).then(function () {
+      $(".view-raw")
+        .attr("id", "view-raw")
+        .attr("style", "padding: 0;margin-bottom: -10px;");
+      new Madeleine({
+        target: "view-raw",
+        data: $('.view-raw>a[href$=".stl" i]').attr("href"),
+        path: "/Madeleine.js/src",
+      });
+      $('.view-raw>a[href$=".stl"]').remove();
+    });
+  }
 </script>
 ```
+
 to the file `templates/custom/footer.tmpl`
 
-You also need to download the content of the library [Madeleine.js](https://jinjunho.github.io/Madeleine.js/) and place it under `custom/public/` folder.
+You also need to download the content of the library [Madeleine.js](https://jinjunho.github.io/Madeleine.js/) and place it under `$GITEA_CUSTOM/public/` folder.
 
 You should end-up with a folder structucture similar to:
+
 ```
-custom/templates
+$GITEA_CUSTOM/templates
 -- custom
     `-- footer.tmpl
-custom/public
+$GITEA_CUSTOM/public
 -- Madeleine.js
    |-- LICENSE
    |-- README.md
@@ -265,11 +256,11 @@ Then restart gitea and open a STL file on your gitea instance.
 
 ## Customizing Gitea mails
 
-The `custom/templates/mail` folder allows changing the body of every mail of Gitea.
+The `$GITEA_CUSTOM/templates/mail` folder allows changing the body of every mail of Gitea.
 Templates to override can be found in the
 [`templates/mail`](https://github.com/go-gitea/gitea/tree/master/templates/mail)
 directory of Gitea source.
-Override by making a copy of the file under `custom/templates/mail` using a
+Override by making a copy of the file under `$GITEA_CUSTOM/templates/mail` using a
 full path structure matching source.
 
 Any statement contained inside `{{` and `}}` are Gitea's template
@@ -277,7 +268,7 @@ syntax and shouldn't be touched without fully understanding these components.
 
 ## Adding Analytics to Gitea
 
-Google Analytics, Matomo (previously Piwik), and other analytics services can be added to Gitea. To add the tracking code, refer to the `Other additions to the page` section of this document, and add the JavaScript to the `custom/templates/custom/header.tmpl` file.
+Google Analytics, Matomo (previously Piwik), and other analytics services can be added to Gitea. To add the tracking code, refer to the `Other additions to the page` section of this document, and add the JavaScript to the `$GITEA_CUSTOM/templates/custom/header.tmpl` file.
 
 ## Customizing gitignores, labels, licenses, locales, and readmes.
 
@@ -287,22 +278,22 @@ Place custom files in corresponding sub-folder under `custom/options`.
 
 ### gitignores
 
-To add custom .gitignore, add a file with existing [.gitignore rules](https://git-scm.com/docs/gitignore) in it to `custom/options/gitignore`
+To add custom .gitignore, add a file with existing [.gitignore rules](https://git-scm.com/docs/gitignore) in it to `$GITEA_CUSTOM/options/gitignore`
 
 ### Labels
 
-To add a custom label set, add a file that follows the [label format](https://github.com/go-gitea/gitea/blob/master/options/label/Default) to `custom/options/label`  
+To add a custom label set, add a file that follows the [label format](https://github.com/go-gitea/gitea/blob/master/options/label/Default) to `$GITEA_CUSTOM/options/label`
 `#hex-color label name ; label description`
 
 ### Licenses
 
-To add a custom license, add a file with the license text to `custom/options/license`
+To add a custom license, add a file with the license text to `$GITEA_CUSTOM/options/license`
 
 ### Locales
 
-Locales are managed via our [crowdin](https://crowdin.com/project/gitea).  
-You can override a locale by placing an altered locale file in `custom/options/locale`.  
-Gitea's default locale files can be found in  the [`options/locale`](https://github.com/go-gitea/gitea/tree/master/options/locale) source folder and these should be used as examples for your changes.  
+Locales are managed via our [crowdin](https://crowdin.com/project/gitea).
+You can override a locale by placing an altered locale file in `$GITEA_CUSTOM/options/locale`.
+Gitea's default locale files can be found in the [`options/locale`](https://github.com/go-gitea/gitea/tree/master/options/locale) source folder and these should be used as examples for your changes.
 
 To add a completely new locale, as well as placing the file in the above location, you will need to add the new lang and name to the `[i18n]` section in your `app.ini`. Keep in mind that Gitea will use those settings as **overrides**, so if you want to keep the other languages as well you will need to copy/paste the default values and add your own to them.
 
@@ -316,21 +307,35 @@ Locales may change between versions, so keeping track of your customized locales
 
 ### Readmes
 
-To add a custom Readme, add a markdown formatted file (without an `.md` extension) to `custom/options/readme`
+To add a custom Readme, add a markdown formatted file (without an `.md` extension) to `$GITEA_CUSTOM/options/readme`
 
-**NOTE:** readme templates support **variable expansion**.  
+**NOTE:** readme templates support **variable expansion**.
 currently there are `{Name}` (name of repository), `{Description}`, `{CloneURL.SSH}`, `{CloneURL.HTTPS}` and `{OwnerName}`
 
 ### Reactions
 
 To change reaction emoji's you can set allowed reactions at app.ini
+
 ```
 [ui]
 REACTIONS = +1, -1, laugh, confused, heart, hooray, eyes
 ```
+
 A full list of supported emoji's is at [emoji list](https://gitea.com/gitea/gitea.com/issues/8)
 
 ## Customizing the look of Gitea
 
-As of version 1.6.0 Gitea has built-in themes. The two built-in themes are, the default theme `gitea`, and a dark theme `arc-green`. To change the look of your Gitea install change the value of `DEFAULT_THEME` in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` to another one of the available options.  
+As of version 1.6.0 Gitea has built-in themes. The two built-in themes are, the default theme `gitea`, and a dark theme `arc-green`. To change the look of your Gitea install change the value of `DEFAULT_THEME` in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` to another one of the available options.
 As of version 1.8.0 Gitea also has per-user themes. The list of themes a user can choose from can be configured with the `THEMES` value in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` (defaults to `gitea` and `arc-green`, light and dark respectively)
+
+## Customizing fonts
+
+Fonts can be customized using CSS variables:
+
+```css
+:root {
+  --fonts-proportional: /* custom proportional fonts */ !important;
+  --fonts-monospace: /* custom monospace fonts */ !important;
+  --fonts-emoji: /* custom emoji fonts */ !important;
+}
+```

docs/content/doc/advanced/environment-variables.en-us.md

@@ -0,0 +1,63 @@
+---
+date: "2017-04-08T11:34:00+02:00"
+title: "Environment variables"
+slug: "environment-variables"
+weight: 20
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Environment variables"
+    weight: 20
+    identifier: "environment-variables"
+---
+
+# Environment variables
+
+**Table of Contents**
+
+{{< toc >}}
+
+This is an inventory of Gitea environment variables. They change Gitea behaviour.
+
+Initialize them before Gitea command to be effective, for example:
+
+```sh
+GITEA_CUSTOM=/home/gitea/custom ./gitea web
+```
+
+## From Go language
+
+As Gitea is written in Go, it uses some Go variables, such as:
+
+- `GOOS`
+- `GOARCH`
+- [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
+
+For documentation about each of the variables available, refer to the
+[official Go documentation](https://golang.org/cmd/go/#hdr-Environment_variables).
+
+## Gitea files
+
+- `GITEA_WORK_DIR`: Absolute path of working directory.
+- `GITEA_CUSTOM`: Gitea uses `GITEA_WORK_DIR`/custom folder by default. Use this variable
+  to change _custom_ directory.
+- `GOGS_WORK_DIR`: Deprecated, use `GITEA_WORK_DIR`
+- `GOGS_CUSTOM`: Deprecated, use `GITEA_CUSTOM`
+
+## Operating system specifics
+
+- `USER`: System user that Gitea will run as. Used for some repository access strings.
+- `USERNAME`: if no `USER` found, Gitea will use `USERNAME`
+- `HOME`: User home directory path. The `USERPROFILE` environment variable is used in Windows.
+
+### Only on Windows
+
+- `USERPROFILE`: User home directory path. If empty, uses `HOMEDRIVE` + `HOMEPATH`
+- `HOMEDRIVE`: Main drive path used to access the home directory (C:)
+- `HOMEPATH`: Home relative path in the given home drive path
+
+## Miscellaneous
+
+- `SKIP_MINWINSVC`: If set to 1, do not run as a service on Windows.

docs/content/doc/advanced/environment-variables.zh-cn.md

@@ -0,0 +1,55 @@
+---
+date: "2017-04-08T11:34:00+02:00"
+title: "环境变量清单"
+slug: "environment-variables"
+weight: 20
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "环境变量清单"
+    weight: 20
+    identifier: "environment-variables"
+---
+
+# 环境变量清单
+
+这里是用来控制 Gitea 行为表现的的环境变量清单，您需要在执行如下 Gitea 启动命令前设置它们来确保配置生效：
+
+```
+GITEA_CUSTOM=/home/gitea/custom ./gitea web
+```
+
+## Go 的配置
+
+因为 Gitea 使用 Go 语言编写，因此它使用了一些相关的 Go 的配置参数：
+
+  * `GOOS`
+  * `GOARCH`
+  * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
+
+您可以在[官方文档](https://golang.org/cmd/go/#hdr-Environment_variables)中查阅这些配置参数的详细信息。
+
+## Gitea 的文件目录
+
+  * `GITEA_WORK_DIR`：工作目录的绝对路径
+  * `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
+  * `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
+  * `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
+
+## 操作系统配置
+
+  * `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
+  * `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
+  * `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
+
+### 仅限于 Windows 的配置
+
+  * `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
+  * `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
+  * `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
+
+## Miscellaneous
+
+  * `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。

docs/content/doc/advanced/external-renderers.en-us.md

@@ -3,7 +3,7 @@ date: "2018-11-23:00:00+02:00"
 title: "External renderers"
 slug: "external-renderers"
 weight: 40
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:
@@ -15,33 +15,37 @@ menu:
 
 # Custom files rendering configuration
 
-Gitea supports custom file renderings (i.e., Jupyter notebooks, asciidoc, etc.) through external binaries, 
+**Table of Contents**
+
+{{< toc >}}
+
+Gitea supports custom file renderings (i.e., Jupyter notebooks, asciidoc, etc.) through external binaries,
 it is just a matter of:
 
-* installing external binaries
-* add some configuration to your `app.ini` file
-* restart your Gitea instance
+- installing external binaries
+- add some configuration to your `app.ini` file
+- restart your Gitea instance
 
 This supports rendering of whole files. If you want to render code blocks in markdown you would need to do something with javascript. See some examples on the [Customizing Gitea](../customizing-gitea) page.
 
 ## Installing external binaries
 
-In order to get file rendering through external binaries, their associated packages must be installed. 
+In order to get file rendering through external binaries, their associated packages must be installed.
 If you're using a Docker image, your `Dockerfile` should contain something along this lines:
 
-```
+```docker
 FROM gitea/gitea:{{< version >}}
 [...]
 
 COPY custom/app.ini /data/gitea/conf/app.ini
 [...]
 
-RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng python-dev py-pip python3-dev py3-pip py3-pyzmq
+RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng libffi-dev py-pip python3-dev py3-pip py3-pyzmq
 # install any other package you need for your external renderers
 
 RUN pip3 install --upgrade pip
 RUN pip3 install -U setuptools
-RUN pip3 install jupyter matplotlib docutils 
+RUN pip3 install jupyter docutils
 # add above any other python package you may need to install
 ```
 
@@ -49,11 +53,11 @@ RUN pip3 install jupyter matplotlib docutils
 
 add one `[markup.XXXXX]` section per external renderer on your custom `app.ini`:
 
-```
+```ini
 [markup.asciidoc]
 ENABLED = true
 FILE_EXTENSIONS = .adoc,.asciidoc
-RENDER_COMMAND = "asciidoctor -e -a leveloffset=-1 --out-file=- -"
+RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
 ; Input is not a standard input but a file
 IS_INPUT_FILE = false
 
@@ -93,4 +97,4 @@ To define multiple entries, add a unique alphanumeric suffix (e.g., `[markup.san
 Once your configuration changes have been made, restart Gitea to have changes take effect.
 
 **Note**: Prior to Gitea 1.12 there was a single `markup.sanitiser` section with keys that were redefined for multiple rules, however,
-there were significant problems with this method of configuration necessitating configuration through multiple sections.
+there were significant problems with this method of configuration necessitating configuration through multiple sections.

docs/content/doc/advanced/logging-documentation.en-us.md

@@ -3,7 +3,7 @@ date: "2019-04-02T17:06:00+01:00"
 title: "Advanced: Logging Configuration"
 slug: "logging-configuration"
 weight: 55
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:
@@ -17,16 +17,19 @@ menu:
 
 The logging framework has been revamped in Gitea 1.9.0.
 
+**Table of Contents**
+
+{{< toc >}}
+
 ## Log Groups
 
 The fundamental thing to be aware of in Gitea is that there are several
 log groups:
 
-* The "Default" logger
-* The Macaron logger
-* The Router logger
-* The Access logger
-* The XORM logger
+- The "Default" logger
+- The Router logger
+- The Access logger
+- The XORM logger
 
 There is also the go log logger.
 
@@ -49,58 +52,28 @@ You can configure the outputs of this logger by setting the `MODE`
 value in the `[log]` section of the configuration.
 
 Each output sublogger is configured in a separate `[log.sublogger.default]`
-which inherits from the sublogger `[log.sublogger]` section and from the 
+which inherits from the sublogger `[log.sublogger]` section and from the
 generic `[log]` section, but there are certain default values. These will
 not be inherited from the `[log]` section:
 
-* `FLAGS` is `stdflags` (Equal to
-`date,time,medfile,shortfuncname,levelinitial`)
-* `FILE_NAME` will default to `%(ROOT_PATH)/gitea.log`
-* `EXPRESSION` will default to `""`
-* `PREFIX` will default to `""`
+- `FLAGS` is `stdflags` (Equal to
+  `date,time,medfile,shortfuncname,levelinitial`)
+- `FILE_NAME` will default to `%(ROOT_PATH)/gitea.log`
+- `EXPRESSION` will default to `""`
+- `PREFIX` will default to `""`
 
 The provider type of the sublogger can be set using the `MODE` value in
 its subsection, but will default to the name. This allows you to have
 multiple subloggers that will log to files.
 
-### The "Macaron" logger
-
-By default Macaron will log to its own go `log` instance. This writes
-to `os.Stdout`. You can redirect this log to a Gitea configurable logger
-through setting the `REDIRECT_MACARON_LOG` setting in the `[log]`
-section which you can configure the outputs of by setting the `MACARON`
-value in the `[log]` section of the configuration. `MACARON` defaults
-to `file` if unset.
-
-Please note, the macaron logger will log at `INFO` level, setting the
-`LEVEL` of this logger to `WARN` or above will result in no macaron logs.
-
-Each output sublogger for this logger is configured in
-`[log.sublogger.macaron]` sections. There are certain default values
-which will not be inherited from the `[log]` or relevant
-`[log.sublogger]` sections:
-
-* `FLAGS` is `stdflags` (Equal to
-`date,time,medfile,shortfuncname,levelinitial`)
-* `FILE_NAME` will default to `%(ROOT_PATH)/macaron.log`
-* `EXPRESSION` will default to `""`
-* `PREFIX` will default to `""`
-
-NB: You can redirect the macaron logger to send its events to the gitea
-log using the value: `MACARON = ,`
-
 ### The "Router" logger
 
-There are two types of Router log. By default Macaron send its own
-router log which will be directed to Macaron's go `log`, however if you
-`REDIRECT_MACARON_LOG` you will enable Gitea's router log. You can
-disable both types of Router log by setting `DISABLE_ROUTER_LOG`.
+You can disable Router log by setting `DISABLE_ROUTER_LOG`.
 
-If you enable the redirect, you can configure the outputs of this
+You can configure the outputs of this
 router log by setting the `ROUTER` value in the `[log]` section of the
 configuration. `ROUTER` will default to `console` if unset. The Gitea
-Router logs the same data as the Macaron log but has slightly different
-coloring. It logs at the `Info` level by default, but this can be
+Router logs at the `Info` level by default, but this can be
 changed if desired by setting the `ROUTER_LOG_LEVEL` value.
 
 Please note, setting the `LEVEL` of this logger to a level above
@@ -111,10 +84,10 @@ Each output sublogger for this logger is configured in
 which will not be inherited from the `[log]` or relevant
 `[log.sublogger]` sections:
 
-* `FILE_NAME` will default to `%(ROOT_PATH)/router.log`
-* `FLAGS` defaults to `date,time`
-* `EXPRESSION` will default to `""`
-* `PREFIX` will default to `""`
+- `FILE_NAME` will default to `%(ROOT_PATH)/router.log`
+- `FLAGS` defaults to `date,time`
+- `EXPRESSION` will default to `""`
+- `PREFIX` will default to `""`
 
 NB: You can redirect the router logger to send its events to the Gitea
 log using the value: `ROUTER = ,`
@@ -136,10 +109,10 @@ Each output sublogger for this logger is configured in
 which will not be inherited from the `[log]` or relevant
 `[log.sublogger]` sections:
 
-* `FILE_NAME` will default to `%(ROOT_PATH)/access.log`
-* `FLAGS` defaults to `` or None
-* `EXPRESSION` will default to `""`
-* `PREFIX` will default to `""`
+- `FILE_NAME` will default to `%(ROOT_PATH)/access.log`
+- `FLAGS` defaults to `` or None
+- `EXPRESSION` will default to `""`
+- `PREFIX` will default to `""`
 
 If desired the format of the Access logger can be changed by changing
 the value of the `ACCESS_LOG_TEMPLATE`.
@@ -158,11 +131,11 @@ This value represent a go template. It's default value is:
 
 The template is passed following options:
 
-* `Ctx` is the `macaron.Context`
-* `Identity` is the `SignedUserName` or `"-"` if the user is not logged
-in
-* `Start` is the start time of the request
-* `ResponseWriter` is the `macaron.ResponseWriter`
+- `Ctx` is the `context.Context`
+- `Identity` is the `SignedUserName` or `"-"` if the user is not logged
+  in
+- `Start` is the start time of the request
+- `ResponseWriter` is the `http.ResponseWriter`
 
 Caution must be taken when changing this template as it runs outside of
 the standard panic recovery trap. The template should also be as simple
@@ -185,31 +158,31 @@ Each output sublogger for this logger is configured in
 which will not be inherited from the `[log]` or relevant
 `[log.sublogger]` sections:
 
-* `FILE_NAME` will default to `%(ROOT_PATH)/xorm.log`
-* `FLAGS` defaults to `date,time`
-* `EXPRESSION` will default to `""`
-* `PREFIX` will default to `""`
+- `FILE_NAME` will default to `%(ROOT_PATH)/xorm.log`
+- `FLAGS` defaults to `date,time`
+- `EXPRESSION` will default to `""`
+- `PREFIX` will default to `""`
 
 ## Log outputs
 
 Gitea provides 4 possible log outputs:
 
-* `console` - Log to `os.Stdout` or `os.Stderr`
-* `file` - Log to a file
-* `conn` - Log to a keep-alive TCP connection
-* `smtp` - Log via email
+- `console` - Log to `os.Stdout` or `os.Stderr`
+- `file` - Log to a file
+- `conn` - Log to a keep-alive TCP connection
+- `smtp` - Log via email
 
 Certain configuration is common to all modes of log output:
 
-* `LEVEL` is the lowest level that this output will log. This value
-is inherited from `[log]` and in the case of the non-default loggers
-from `[log.sublogger]`.
-* `STACKTRACE_LEVEL` is the lowest level that this output will print
-a stacktrace. This value is inherited.
-* `MODE` is the mode of the log output. It will default to the sublogger
-name. Thus `[log.console.macaron]` will default to `MODE = console`.
-* `COLORIZE` will default to `true` for `console` as
-described, otherwise it will default to `false`.
+- `LEVEL` is the lowest level that this output will log. This value
+  is inherited from `[log]` and in the case of the non-default loggers
+  from `[log.sublogger]`.
+- `STACKTRACE_LEVEL` is the lowest level that this output will print
+  a stacktrace. This value is inherited.
+- `MODE` is the mode of the log output. It will default to the sublogger
+  name. Thus `[log.console.router]` will default to `MODE = console`.
+- `COLORIZE` will default to `true` for `console` as
+  described, otherwise it will default to `false`.
 
 ### Non-inherited default values
 
@@ -231,23 +204,23 @@ printed before each message. It is a comma-separated string set. The order of va
 
 Possible values are:
 
-* `none` or `,` - No flags.
-* `date` - the date in the local time zone: `2009/01/23`.
-* `time` - the time in the local time zone: `01:23:23`.
-* `microseconds` - microsecond resolution: `01:23:23.123123`. Assumes
-time.
-* `longfile` - full file name and line number: `/a/b/c/d.go:23`.
-* `shortfile` - final file name element and line number: `d.go:23`.
-* `funcname` - function name of the caller: `runtime.Caller()`.
-* `shortfuncname` - last part of the function name. Overrides
-`funcname`.
-* `utc` - if date or time is set, use UTC rather than the local time
-zone.
-* `levelinitial` - Initial character of the provided level in brackets eg. `[I]` for info.
-* `level` - Provided level in brackets `[INFO]`
-* `medfile` - Last 20 characters of the filename - equivalent to
-`shortfile,longfile`.
-* `stdflags` - Equivalent to `date,time,medfile,shortfuncname,levelinitial`
+- `none` or `,` - No flags.
+- `date` - the date in the local time zone: `2009/01/23`.
+- `time` - the time in the local time zone: `01:23:23`.
+- `microseconds` - microsecond resolution: `01:23:23.123123`. Assumes
+  time.
+- `longfile` - full file name and line number: `/a/b/c/d.go:23`.
+- `shortfile` - final file name element and line number: `d.go:23`.
+- `funcname` - function name of the caller: `runtime.Caller()`.
+- `shortfuncname` - last part of the function name. Overrides
+  `funcname`.
+- `utc` - if date or time is set, use UTC rather than the local time
+  zone.
+- `levelinitial` - Initial character of the provided level in brackets eg. `[I]` for info.
+- `level` - Provided level in brackets `[INFO]`
+- `medfile` - Last 20 characters of the filename - equivalent to
+  `shortfile,longfile`.
+- `stdflags` - Equivalent to `date,time,medfile,shortfuncname,levelinitial`
 
 ### Console mode
 
@@ -265,34 +238,71 @@ to the provided `ROOT_PATH` in the master `[log]` section.
 
 Other values:
 
-* `LOG_ROTATE`: **true**: Rotate the log files.
-* `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
-* `DAILY_ROTATE`: **true**: Rotate logs daily.
-* `MAX_DAYS`: **7**: Delete the log file after n days
-* `COMPRESS`: **true**: Compress old log files by default with gzip
-* `COMPRESSION_LEVEL`: **-1**: Compression level
+- `LOG_ROTATE`: **true**: Rotate the log files.
+- `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
+- `DAILY_ROTATE`: **true**: Rotate logs daily.
+- `MAX_DAYS`: **7**: Delete the log file after n days
+- `COMPRESS`: **true**: Compress old log files by default with gzip
+- `COMPRESSION_LEVEL`: **-1**: Compression level
 
 ### Conn mode
 
-* `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
-* `RECONNECT`: **false**: Try to reconnect when connection is lost.
-* `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
-* `ADDR`: **:7020**: Sets the address to connect to.
+- `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
+- `RECONNECT`: **false**: Try to reconnect when connection is lost.
+- `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
+- `ADDR`: **:7020**: Sets the address to connect to.
 
 ### SMTP mode
 
 It is not recommended to use this logger to send general logging
 messages. However, you could perhaps set this logger to work on `FATAL`.
 
-* `USER`: User email address to send from.
-* `PASSWD`: Password for the smtp server.
-* `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
-* `RECEIVERS`: Email addresses to send to.
-* `SUBJECT`: **Diagnostic message from Gitea**
+- `USER`: User email address to send from.
+- `PASSWD`: Password for the smtp server.
+- `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
+- `RECEIVERS`: Email addresses to send to.
+- `SUBJECT`: **Diagnostic message from Gitea**
 
-## Default Configuration
+## Debugging problems
 
-The default empty configuration is equivalent to:
+When submitting logs in Gitea issues it is often helpful to submit
+merged logs obtained by either by redirecting the console log to a file or
+copying and pasting it. To that end it is recommended to set your logging to:
+
+```ini
+[database]
+LOG_SQL = false ; SQL logs are rarely helpful unless we specifically ask for them
+
+...
+
+[log]
+MODE = console
+LEVEL = debug ; please set the level to debug when we are debugging a problem
+ROUTER = console
+COLORIZE = false ; this can be true if you can strip out the ansi coloring
+```
+
+Sometimes it will be helpful get some specific `TRACE` level logging retricted
+to messages that match a specific `EXPRESSION`. Adjusting the `MODE` in the
+`[log]` section to `MODE = console,traceconsole` to add a new logger output
+`traceconsole` and then adding its corresponding section would be helpful:
+
+```ini
+[log.traceconsole] ; traceconsole here is just a name
+MODE = console ; this is the output that the traceconsole writes to
+LEVEL = trace
+EXPRESSION = ; putting a string here will restrict this logger to logging only those messages that match this expression
+```
+
+(It's worth noting that log messages that match the expression at or above debug
+level will get logged twice so don't worry about that.)
+
+`STACKTRACE_LEVEL` should generally be left unconfigured (and hence kept at
+`none`). There are only very specific occasions when it useful.
+
+## Empty Configuration
+
+The empty configuration is equivalent to:
 
 ```ini
 [log]
@@ -300,7 +310,6 @@ ROOT_PATH = %(GITEA_WORK_DIR)/log
 MODE = console
 LEVEL = Info
 STACKTRACE_LEVEL = None
-REDIRECT_MACARON_LOG = false
 ENABLE_ACCESS_LOG = false
 ENABLE_XORM_LOG = true
 XORM = ,
@@ -316,6 +325,28 @@ COLORIZE = true # Or false if your windows terminal cannot color
 
 This is equivalent to sending all logs to the console, with default go log being sent to the console log too.
 
+## Releasing-and-Reopening, Pausing and Resuming logging
+
+If you are running on Unix you may wish to release-and-reopen logs in order to use `logrotate` or other tools.
+It is possible force gitea to release and reopen it's logging files and connections by sending `SIGUSR1` to the
+running process, or running `gitea manager logging release-and-reopen`.
+
+Alternatively, you may wish to pause and resume logging - this can be accomplished through the use of the
+`gitea manager logging pause` and `gitea manager logging resume` commands. Please note that whilst logging
+is paused log events below INFO level will not be stored and only a limited number of events will be stored.
+Logging may block, albeit temporarily, slowing gitea considerably whilst paused - therefore it is
+recommended that pausing only done for a very short period of time.
+
+## Adding and removing logging whilst Gitea is running
+
+It is possible to add and remove logging whilst Gitea is running using the `gitea manager logging add` and `remove` subcommands.
+This functionality can only adjust running log systems and cannot be used to start the access or router loggers if they
+were not already initialised. If you wish to start these systems you are advised to adjust the app.ini and (gracefully) restart
+the Gitea service.
+
+The main intention of these commands is to easily add a temporary logger to investigate problems on running systems where a restart
+may cause the issue to disappear.
+
 ## Log colorization
 
 Logs to the console will be colorized by default when not running on
@@ -323,7 +354,7 @@ Windows. Terminal sniffing will occur on Windows and if it is
 determined that we are running on a terminal capable of color we will
 colorize.
 
-Further, on *nix it is becoming common to have file logs that are
+Further, on \*nix it is becoming common to have file logs that are
 colored by default. Therefore file logs will be colorised by default
 when not running on Windows.
 
@@ -341,14 +372,14 @@ string of bytes which should represent a color and second set of reset
 bytes. Pointers were chosen to prevent copying of large numbers of
 values. There are several helper methods:
 
-* `log.NewColoredValue` takes a value and 0 or more color attributes
-that represent the color. If 0 are provided it will default to a cached
-bold. Note, it is recommended that color bytes constructed from
-attributes should be cached if this is a commonly used log message.
-* `log.NewColoredValuePointer` takes a pointer to a value, and
-0 or more color attributes that represent the color.
-* `log.NewColoredValueBytes` takes a value and a pointer to an array
-of bytes representing the color.
+- `log.NewColoredValue` takes a value and 0 or more color attributes
+  that represent the color. If 0 are provided it will default to a cached
+  bold. Note, it is recommended that color bytes constructed from
+  attributes should be cached if this is a commonly used log message.
+- `log.NewColoredValuePointer` takes a pointer to a value, and
+  0 or more color attributes that represent the color.
+- `log.NewColoredValueBytes` takes a value and a pointer to an array
+  of bytes representing the color.
 
 These functions will not double wrap a `log.ColoredValue`. They will
 also set the `resetBytes` to the cached `resetBytes`.
@@ -399,3 +430,14 @@ func newNewoneLogService() {
 
 You should then add `newOneLogService` to `NewServices()` in
 `modules/setting/setting.go`
+
+## Using `logrotate` instead of built-in log rotation
+
+Gitea includes built-in log rotation, which should be enough for most deployments. However, if you instead want to use the `logrotate` utility:
+
+- Disable built-in log rotation by setting `LOG_ROTATE` to `false` in your `app.ini`.
+- Install `logrotate`.
+- Configure `logrotate` to match your deployment requirements, see `man 8 logrotate` for configuration syntax details. In the `postrotate/endscript` block send Gitea a `USR1` signal via `kill -USR1` or `kill -10`, or run `gitea manager logging release-and-reopen` (with the appropriate environment). Ensure that your configurations apply to all files emitted by Gitea loggers as described in the above sections.
+- Always do `logrotate /etc/logrotate.conf --debug` to test your configurations.
+
+The next `logrotate` jobs will include your configurations, so no restart is needed. You can also immediately reload `logrotate` with `logrotate /etc/logrotate.conf --force`.

docs/content/doc/advanced/mail-templates-us.md

@@ -3,7 +3,7 @@ date: "2019-10-23T17:00:00-03:00"
 title: "Mail templates"
 slug: "mail-templates"
 weight: 45
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:
@@ -15,6 +15,10 @@ menu:
 
 # Mail templates
 
+**Table of Contents**
+
+{{< toc >}}
+
 To craft the e-mail subject and contents for certain operations, Gitea can be customized by using templates. The templates
 for these functions are located under the [`custom` directory](https://docs.gitea.io/en-us/customizing-gitea/).
 Gitea has an internal template that serves as default in case there's no custom alternative.
@@ -25,29 +29,30 @@ Custom templates are loaded when Gitea starts. Changes made to them are not reco
 
 Currently, the following notification events make use of templates:
 
-| Action name   | Usage                                                                                                        |
-|---------------|--------------------------------------------------------------------------------------------------------------|
-| `new`         | A new issue or pull request was created.                                                                     |
-| `comment`     | A new comment was created in an existing issue or pull request.                                              |
-| `close`       | An issue or pull request was closed.                                                                         |
-| `reopen`      | An issue or pull request was reopened.                                                                       |
-| `review`      | The head comment of a review in a pull request.                                                              |
-| `approve`     | The head comment of a approving review for a pull request.                                                   |
-| `reject`      | The head comment of a review requesting changes for a pull request.                                          |
-| `code`        | A single comment on the code of a pull request.                                                              |
-| `assigned`    | Used was assigned to an issue or pull request.                                                               |
-| `default`     | Any action not included in the above categories, or when the corresponding category template is not present. |
+| Action name | Usage                                                                                                        |
+| ----------- | ------------------------------------------------------------------------------------------------------------ |
+| `new`       | A new issue or pull request was created.                                                                     |
+| `comment`   | A new comment was created in an existing issue or pull request.                                              |
+| `close`     | An issue or pull request was closed.                                                                         |
+| `reopen`    | An issue or pull request was reopened.                                                                       |
+| `review`    | The head comment of a review in a pull request.                                                              |
+| `approve`   | The head comment of a approving review for a pull request.                                                   |
+| `reject`    | The head comment of a review requesting changes for a pull request.                                          |
+| `code`      | A single comment on the code of a pull request.                                                              |
+| `assigned`  | Used was assigned to an issue or pull request.                                                               |
+| `default`   | Any action not included in the above categories, or when the corresponding category template is not present. |
 
 The path for the template of a particular message type is:
 
-```
+```sh
 custom/templates/mail/{action type}/{action name}.tmpl
 ```
 
 Where `{action type}` is one of `issue` or `pull` (for pull requests), and `{action name}` is one of the names listed above.
 
 For example, the specific template for a mail regarding a comment in a pull request is:
-```
+
+```sh
 custom/templates/mail/pull/comment.tmpl
 ```
 
@@ -55,10 +60,10 @@ However, creating templates for each and every action type/name combination is n
 A fallback system is used to choose the appropriate template for an event. The _first existing_
 template on this list is used:
 
-* The specific template for the desired **action type** and **action name**.
-* The template for action type `issue` and the desired **action name**.
-* The template for the desired **action type**, action name `default`.
-* The template for action type `issue`, action name `default`.
+- The specific template for the desired **action type** and **action name**.
+- The template for action type `issue` and the desired **action name**.
+- The template for the desired **action type**, action name `default`.
+- The template for action type `issue`, action name `default`.
 
 The only mandatory template is action type `issue`, action name `default`, which is already embedded in Gitea
 unless it's overridden by the user in the `custom` directory.
@@ -82,27 +87,26 @@ Text and macros for the mail body
 Specifying a _subject_ section is optional (and therefore also the dash line separator). When used, the separator between
 _subject_ and _mail body_ templates requires at least three dashes; no other characters are allowed in the separator line.
 
-
 _Subject_ and _mail body_ are parsed by [Golang's template engine](https://golang.org/pkg/text/template/) and
 are provided with a _metadata context_ assembled for each notification. The context contains the following elements:
 
-| Name               | Type             | Available     | Usage                                                                                                                                                |
-|--------------------|------------------|---------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `.FallbackSubject` | string           | Always        | A default subject line. See Below.                                                                                                                   |
-| `.Subject`         | string           | Only in body  | The _subject_, once resolved.                                                                                                                        |
-| `.Body`            | string           | Always        | The message of the issue, pull request or comment, parsed from Markdown into HTML and sanitized. Do not confuse with the _mail body_.                |
-| `.Link`            | string           | Always        | The address of the originating issue, pull request or comment.                                                                                       |
-| `.Issue`           | models.Issue     | Always        | The issue (or pull request) originating the notification. To get data specific to a pull request (e.g. `HasMerged`), `.Issue.PullRequest` can be used, but care should be taken as this field will be `nil` if the issue is *not* a pull request. |
-| `.Comment`         | models.Comment   | If applicable | If the notification is from a comment added to an issue or pull request, this will contain the information about the comment.                        |
-| `.IsPull`          | bool             | Always        | `true` if the mail notification is associated with a pull request (i.e. `.Issue.PullRequest` is not `nil`).                                          |
-| `.Repo`            | string           | Always        | Name of the repository, including owner name (e.g. `mike/stuff`)                                                                                     |
-| `.User`            | models.User      | Always        | Owner of the repository from which the event originated. To get the user name (e.g. `mike`),`.User.Name` can be used.                                |
-| `.Doer`            | models.User      | Always        | User that executed the action triggering the notification event. To get the user name (e.g. `rhonda`), `.Doer.Name` can be used.                     |
-| `.IsMention`       | bool             | Always        | `true` if this notification was only generated because the user was mentioned in the comment, while not being subscribed to the source. It will be `false` if the recipient was subscribed to the issue or repository. |
-| `.SubjectPrefix`   | string           | Always        | `Re: ` if the notification is about other than issue or pull request creation; otherwise an empty string.                                            |
-| `.ActionType`      | string           | Always        | `"issue"` or `"pull"`. Will correspond to the actual _action type_ independently of which template was selected.                                     |
-| `.ActionName`      | string           | Always        | It will be one of the action types described above (`new`, `comment`, etc.), and will correspond to the actual _action name_ independently of which template was selected. |
-| `.ReviewComments`  | []models.Comment | Always        | List of code comments in a review. The comment text will be in `.RenderedContent` and the referenced code will be in `.Patch`.                       |
+| Name               | Type             | Available     | Usage                                                                                                                                                                                                                                             |
+| ------------------ | ---------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `.FallbackSubject` | string           | Always        | A default subject line. See Below.                                                                                                                                                                                                                |
+| `.Subject`         | string           | Only in body  | The _subject_, once resolved.                                                                                                                                                                                                                     |
+| `.Body`            | string           | Always        | The message of the issue, pull request or comment, parsed from Markdown into HTML and sanitized. Do not confuse with the _mail body_.                                                                                                             |
+| `.Link`            | string           | Always        | The address of the originating issue, pull request or comment.                                                                                                                                                                                    |
+| `.Issue`           | models.Issue     | Always        | The issue (or pull request) originating the notification. To get data specific to a pull request (e.g. `HasMerged`), `.Issue.PullRequest` can be used, but care should be taken as this field will be `nil` if the issue is _not_ a pull request. |
+| `.Comment`         | models.Comment   | If applicable | If the notification is from a comment added to an issue or pull request, this will contain the information about the comment.                                                                                                                     |
+| `.IsPull`          | bool             | Always        | `true` if the mail notification is associated with a pull request (i.e. `.Issue.PullRequest` is not `nil`).                                                                                                                                       |
+| `.Repo`            | string           | Always        | Name of the repository, including owner name (e.g. `mike/stuff`)                                                                                                                                                                                  |
+| `.User`            | models.User      | Always        | Owner of the repository from which the event originated. To get the user name (e.g. `mike`),`.User.Name` can be used.                                                                                                                             |
+| `.Doer`            | models.User      | Always        | User that executed the action triggering the notification event. To get the user name (e.g. `rhonda`), `.Doer.Name` can be used.                                                                                                                  |
+| `.IsMention`       | bool             | Always        | `true` if this notification was only generated because the user was mentioned in the comment, while not being subscribed to the source. It will be `false` if the recipient was subscribed to the issue or repository.                            |
+| `.SubjectPrefix`   | string           | Always        | `Re: ` if the notification is about other than issue or pull request creation; otherwise an empty string.                                                                                                                                         |
+| `.ActionType`      | string           | Always        | `"issue"` or `"pull"`. Will correspond to the actual _action type_ independently of which template was selected.                                                                                                                                  |
+| `.ActionName`      | string           | Always        | It will be one of the action types described above (`new`, `comment`, etc.), and will correspond to the actual _action name_ independently of which template was selected.                                                                        |
+| `.ReviewComments`  | []models.Comment | Always        | List of code comments in a review. The comment text will be in `.RenderedContent` and the referenced code will be in `.Patch`.                                                                                                                    |
 
 All names are case sensitive.
 
@@ -113,19 +117,19 @@ Please refer to the linked documentation for details about its syntax.
 
 The _subject_ is built using the following steps:
 
-* A template is selected according to the type of notification and to what templates are present.
-* The template is parsed and resolved (e.g. `{{.Issue.Index}}` is converted to the number of the issue
+- A template is selected according to the type of notification and to what templates are present.
+- The template is parsed and resolved (e.g. `{{.Issue.Index}}` is converted to the number of the issue
   or pull request).
-* All space-like characters (e.g. `TAB`, `LF`, etc.) are converted to normal spaces.
-* All leading, trailing and redundant spaces are removed.
-* The string is truncated to its first 256 runes (characters).
+- All space-like characters (e.g. `TAB`, `LF`, etc.) are converted to normal spaces.
+- All leading, trailing and redundant spaces are removed.
+- The string is truncated to its first 256 runes (characters).
 
 If the end result is an empty string, **or** no subject template was available (i.e. the selected template
 did not include a subject part), Gitea's **internal default** will be used.
 
 The internal default (fallback) subject is the equivalent of:
 
-```
+```sh
 {{.SubjectPrefix}}[{{.Repo}}] {{.Issue.Title}} (#.Issue.Index)
 ```
 
@@ -169,7 +173,7 @@ Please check [Gitea's logs](https://docs.gitea.io/en-us/logging-configuration/)
 
 `custom/templates/mail/issue/default.tmpl`:
 
-```
+```html
 [{{.Repo}}] @{{.Doer.Name}}
 {{if eq .ActionName "new"}}
     created
@@ -235,21 +239,21 @@ Please check [Gitea's logs](https://docs.gitea.io/en-us/logging-configuration/)
 
 This template produces something along these lines:
 
-#### Subject
+### Subject
 
 > [mike/stuff] @rhonda commented on pull request #38: New color palette
 
-#### Mail body
+### Mail body
 
 > [@rhonda](#) (Rhonda Myers) updated [mike/stuff#38](#).
 >
 > #### Message content:
 >
-> \__________________________________________________________________
+> \_********************************\_********************************
 >
 > Mike, I think we should tone down the blues a little.  
-> \__________________________________________________________________
-> 
+> \_********************************\_********************************
+>
 > [View it on Gitea](#).
 
 ## Advanced
@@ -257,18 +261,18 @@ This template produces something along these lines:
 The template system contains several functions that can be used to further process and format
 the messages. Here's a list of some of them:
 
-| Name                 | Parameters  | Available | Usage                                                                        |
-|----------------------|-------------|-----------|------------------------------------------------------------------------------|
-| `AppUrl`             | -           | Any       | Gitea's URL                                                                  |
-| `AppName`            | -           | Any       | Set from `app.ini`, usually "Gitea"                                          |
-| `AppDomain`          | -           | Any       | Gitea's host name                                                            |
-| `EllipsisString`     | string, int | Any       | Truncates a string to the specified length; adds ellipsis as needed          |
-| `Str2html`           | string      | Body only | Sanitizes text by removing any HTML tags from it.                            |
-| `Safe`               | string      | Body only | Takes the input as HTML; can be used for `.ReviewComments.RenderedContent`.  |
+| Name             | Parameters  | Available | Usage                                                                       |
+| ---------------- | ----------- | --------- | --------------------------------------------------------------------------- |
+| `AppUrl`         | -           | Any       | Gitea's URL                                                                 |
+| `AppName`        | -           | Any       | Set from `app.ini`, usually "Gitea"                                         |
+| `AppDomain`      | -           | Any       | Gitea's host name                                                           |
+| `EllipsisString` | string, int | Any       | Truncates a string to the specified length; adds ellipsis as needed         |
+| `Str2html`       | string      | Body only | Sanitizes text by removing any HTML tags from it.                           |
+| `Safe`           | string      | Body only | Takes the input as HTML; can be used for `.ReviewComments.RenderedContent`. |
 
 These are _functions_, not metadata, so they have to be used:
 
-```
+```html
 Like this:         {{Str2html "Escape<my>text"}}
 Or this:           {{"Escape<my>text" | Str2html}}
 Or this:           {{AppUrl}}

docs/content/doc/advanced/make.en-us.md

@@ -1,46 +0,0 @@
----
-date: "2017-01-14T11:00:00-02:00"
-title: "Make"
-slug: "make"
-weight: 10
-toc: true
-draft: false
-menu:
-  sidebar:
-    parent: "advanced"
-    name: "Make"
-    weight: 30
-    identifier: "make"
----
-
-# Make
-
-Gitea makes heavy use of Make to automate tasks and improve development. This
-guide covers how to install Make.
-
-### On Linux
-
-Install with the package manager.
-
-On Ubuntu/Debian:
-
-```bash
-sudo apt-get install make
-```
-
-On Fedora/RHEL/CentOS:
-
-```bash
-sudo yum install make
-```
-
-### On Windows
-
-One of these three distributions of Make will run on Windows:
-
-- [Single binary build](http://www.equation.com/servlet/equation.cmd?fa=make). Copy somewhere and add to `PATH`.
-  - [32-bits version](ftp://ftp.equation.com/make/32/make.exe)
-  - [64-bits version](ftp://ftp.equation.com/make/64/make.exe)
-- [MinGW](http://www.mingw.org/) includes a build.
-  - The binary is called `mingw32-make.exe` instead of `make.exe`. Add the `bin` folder to `PATH`.
-- [Chocolatey package](https://chocolatey.org/packages/make). Run `choco install make`

docs/content/doc/advanced/make.fr-fr.md

@@ -3,7 +3,7 @@ date: "2017-08-23T09:00:00+02:00"
 title: "Make"
 slug: "make"
 weight: 10
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:
@@ -19,7 +19,7 @@ Gitea fait largement usage de Make pour automatiser les tâches et avoir un dév
 
 ### Linux
 
-Vous pouvez installer Make avec votre gestionnaire de paquetages 
+Vous pouvez installer Make avec votre gestionnaire de paquetages
 
 Depuis Ubuntu/Debian:
 

docs/content/doc/advanced/make.zh-cn.md

@@ -3,7 +3,7 @@ date: "2017-01-14T11:00:00-02:00"
 title: "Make 安装"
 slug: "make"
 weight: 10
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:

docs/content/doc/advanced/migrations.en-us.md

@@ -1,80 +0,0 @@
----
-date: "2019-04-15T17:29:00+08:00"
-title: "Advanced: Migrations Interfaces"
-slug: "migrations-interfaces"
-weight: 30
-toc: true
-draft: false
-menu:
-  sidebar:
-    parent: "advanced"
-    name: "Migrations Interfaces"
-    weight: 55
-    identifier: "migrations-interfaces"
----
-
-# Migration Features
-
-The new migration features were introduced in Gitea 1.9.0. It defines two interfaces to support migrating
-repositories data from other git host platforms to gitea or, in the future migrating gitea data to other
-git host platforms. Currently, only the migrations from github via APIv3 to Gitea is implemented.
-
-First of all, Gitea defines some standard objects in packages `modules/migrations/base`. They are
- `Repository`, `Milestone`, `Release`, `Label`, `Issue`, `Comment`, `PullRequest`, `Reaction`, `Review`, `ReviewComment`.
-
-## Downloader Interfaces
-
-To migrate from a new git host platform, there are two steps to be updated.
-
-- You should implement a `Downloader` which will get all kinds of repository informations.
-- You should implement a `DownloaderFactory` which is used to detect if the URL matches and
-create a Downloader.
-- You'll need to register the `DownloaderFactory` via `RegisterDownloaderFactory` on init.
-
-```Go
-type Downloader interface {
-	SetContext(context.Context)
-	GetRepoInfo() (*Repository, error)
-	GetTopics() ([]string, error)
-	GetMilestones() ([]*Milestone, error)
-	GetReleases() ([]*Release, error)
-	GetLabels() ([]*Label, error)
-	GetIssues(page, perPage int) ([]*Issue, bool, error)
-	GetComments(issueNumber int64) ([]*Comment, error)
-	GetPullRequests(page, perPage int) ([]*PullRequest, error)
-	GetReviews(pullRequestNumber int64) ([]*Review, error)
-}
-```
-
-```Go
-type DownloaderFactory interface {
-	Match(opts MigrateOptions) (bool, error)
-	New(opts MigrateOptions) (Downloader, error)
-}
-```
-
-## Uploader Interface
-
-Currently, only a `GiteaLocalUploader` is implemented, so we only save downloaded
-data via this `Uploader` on the local Gitea instance. Other uploaders are not supported
-and will be implemented in future.
-
-```Go
-// Uploader uploads all the informations
-type Uploader interface {
-	MaxBatchInsertSize(tp string) int
-	CreateRepo(repo *Repository, opts MigrateOptions) error
-	CreateTopics(topic ...string) error
-	CreateMilestones(milestones ...*Milestone) error
-	CreateReleases(releases ...*Release) error
-	SyncTags() error
-	CreateLabels(labels ...*Label) error
-	CreateIssues(issues ...*Issue) error
-	CreateComments(comments ...*Comment) error
-	CreatePullRequests(prs ...*PullRequest) error
-	CreateReviews(reviews ...*Review) error
-	Rollback() error
-	Close()
-}
-
-```

docs/content/doc/advanced/oauth2-provider.md

@@ -1,92 +0,0 @@
----
-date: "2019-04-19:44:00+01:00"
-title: "OAuth2 provider"
-slug: "oauth2-provider"
-weight: 41
-toc: true
-draft: false
-menu:
-  sidebar:
-    parent: "advanced"
-    name: "OAuth2 Provider"
-    weight: 41
-    identifier: "oauth2-provider"
----
-
-
-# OAuth2 provider
-
-Gitea supports acting as an OAuth2 provider to allow third party applications to access its resources with the user's consent. This feature is available since release 1.8.0.
-
-## Endpoints
-
-
-Endpoint               | URL
------------------------|----------------------------
-Authorization Endpoint | `/login/oauth/authorize`
-Access Token Endpoint  | `/login/oauth/access_token`
-
-
-## Supported OAuth2 Grants
-
-At the moment Gitea only supports the [**Authorization Code Grant**](https://tools.ietf.org/html/rfc6749#section-1.3.1) standard with additional support of the [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636) extension.
- 
-
-To use the Authorization Code Grant as a third party application it is required to register a new application via the "Settings" (`/user/settings/applications`) section of the settings.
-
-## Scopes
-
-Currently Gitea does not support scopes (see [#4300](https://github.com/go-gitea/gitea/issues/4300)) and all third party applications will be granted access to all resources of the user and his/her organizations.
-
-## Example
-
-**Note:** This example does not use PKCE.
-
-1. Redirect to user to the authorization endpoint in order to get his/her consent for accessing the resources:
-
-```curl
-https://[YOUR-GITEA-URL]/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI& response_type=code&state=STATE
-``` 
-
-The `CLIENT_ID` can be obtained by registering an application in the settings. The `STATE` is a random string that will be send back to your application after the user authorizes. The `state` parameter is optional but should be used to prevent CSRF attacks.
-
-
-![Authorization Page](/authorize.png)
-
-The user will now be asked to authorize your application. If they authorize it, the user will be redirected to the `REDIRECT_URL`, for example:
-
-```curl
-https://[REDIRECT_URI]?code=RETURNED_CODE&state=STATE
-```
-
-2. Using the provided `code` from the redirect, you can request a new application and refresh token. The access token endpoints accepts POST requests with  `application/json` and `application/x-www-form-urlencoded` body, for example:
-
-```curl
-POST https://[YOUR-GITEA-URL]/login/oauth/access_token
-```
-
-```json
-{
-	"client_id": "YOUR_CLIENT_ID",
-	"client_secret": "YOUR_CLIENT_SECRET",
-	"code": "RETURNED_CODE",
-	"grant_type": "authorization_code",
-	"redirect_uri": "REDIRECT_URI"
-}
-```
-
-Response:
-```json
-{  
-"access_token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjowLCJleHAiOjE1NTUxNzk5MTIsImlhdCI6MTU1NTE3NjMxMn0.0-iFsAwBtxuckA0sNZ6QpBQmywVPz129u75vOM7wPJecw5wqGyBkmstfJHAjEOqrAf_V5Z-1QYeCh_Cz4RiKug",  
-"token_type":"bearer",  
-"expires_in":3600,  
-"refresh_token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjoxLCJjbnQiOjEsImV4cCI6MTU1NzgwNDMxMiwiaWF0IjoxNTU1MTc2MzEyfQ.S_HZQBy4q9r5SEzNGNIoFClT43HPNDbUdHH-GYNYYdkRfft6XptJBkUQscZsGxOW975Yk6RbgtGvq1nkEcklOw"  
-}
-```
-
-The `CLIENT_SECRET` is the unique secret code generated for this application. Please note that the secret will only be visible after you created/registered the application with Gitea and cannot be recovered. If you lose the secret you must regenerate the secret via the application's settings.
-
-The `REDIRECT_URI` in the `access_token` request must match the `REDIRECT_URI` in the `authorize` request.
-
-3. Use the  `access_token` to make [API requests](https://docs.gitea.io/en-us/api-usage#oauth2) to access the user's resources.

docs/content/doc/advanced/repo-indexer.en-us.md

@@ -3,7 +3,7 @@ date: "2019-09-06T01:35:00-03:00"
 title: "Repository indexer"
 slug: "repo-indexer"
 weight: 45
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:
@@ -15,11 +15,15 @@ menu:
 
 # Repository indexer
 
+**Table of Contents**
+
+{{< toc >}}
+
 ## Setting up the repository indexer
 
 Gitea can search through the files of the repositories by enabling this function in your [`app.ini`](https://docs.gitea.io/en-us/config-cheat-sheet/):
 
-```
+```ini
 [indexer]
 ; ...
 REPO_INDEXER_ENABLED = true
@@ -49,12 +53,10 @@ Limiting the list of files prevents the indexes from becoming polluted with deri
 
 Pattern matching works as follows:
 
-* To match all files with a `.txt` extension no matter what directory, use `**.txt`.
-* To match all files with a `.txt` extension _only at the root level of the repository_, use `*.txt`.
-* To match all files inside `resources/bin` and below, use `resources/bin/**`.
-* To match all files _immediately inside_ `resources/bin`, use `resources/bin/*`.
-* To match all files named `Makefile`, use `**Makefile`.
-* Matching a directory has no effect; the pattern `resources/bin` will not include/exclude files inside that directory; `resources/bin/**` will.
-* All files and patterns are normalized to lower case, so `**Makefile`, `**makefile` and `**MAKEFILE` are equivalent.
-
-
+- To match all files with a `.txt` extension no matter what directory, use `**.txt`.
+- To match all files with a `.txt` extension _only at the root level of the repository_, use `*.txt`.
+- To match all files inside `resources/bin` and below, use `resources/bin/**`.
+- To match all files _immediately inside_ `resources/bin`, use `resources/bin/*`.
+- To match all files named `Makefile`, use `**Makefile`.
+- Matching a directory has no effect; the pattern `resources/bin` will not include/exclude files inside that directory; `resources/bin/**` will.
+- All files and patterns are normalized to lower case, so `**Makefile`, `**makefile` and `**MAKEFILE` are equivalent.

docs/content/doc/advanced/search-engines-indexation.en-us.md

@@ -3,7 +3,7 @@ date: "2019-12-31T13:55:00+05:00"
 title: "Advanced: Search Engines Indexation"
 slug: "search-engines-indexation"
 weight: 30
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:

docs/content/doc/advanced/signing.en-us.md

@@ -15,6 +15,10 @@ menu:
 
 # GPG Commit Signatures
 
+**Table of Contents**
+
+{{< toc >}}
+
 Gitea will verify GPG commit signatures in the provided tree by
 checking if the commits are signed by a key within the gitea database,
 or if the commit matches the default key for git.
@@ -36,10 +40,10 @@ this requires git >= 2.0.0.
 
 There are a number of places where Gitea will generate commits itself:
 
-* Repository Initialisation
-* Wiki Changes
-* CRUD actions using the editor or the API
-* Merges from Pull Requests
+- Repository Initialisation
+- Wiki Changes
+- CRUD actions using the editor or the API
+- Merges from Pull Requests
 
 Depending on configuration and server trust you may want Gitea to
 sign these commits.
@@ -78,12 +82,12 @@ MERGES = pubkey, twofa, basesigned, commitssigned
 The first option to discuss is the `SIGNING_KEY`. There are three main
 options:
 
-* `none` - this prevents Gitea from signing any commits
-* `default` - Gitea will default to the key configured within
-`git config`
-* `KEYID` - Gitea will sign commits with the gpg key with the ID
-`KEYID`. In this case you should provide a `SIGNING_NAME` and
-`SIGNING_EMAIL` to be displayed for this key.
+- `none` - this prevents Gitea from signing any commits
+- `default` - Gitea will default to the key configured within
+  `git config`
+- `KEYID` - Gitea will sign commits with the gpg key with the ID
+  `KEYID`. In this case you should provide a `SIGNING_NAME` and
+  `SIGNING_EMAIL` to be displayed for this key.
 
 The `default` option will interrogate `git config` for
 `commit.gpgsign` option - if this is set, then it will use the results
@@ -99,10 +103,10 @@ ideal UI and therefore subject to change.
 This option determines whether Gitea should sign the initial commit
 when creating a repository. The possible values are:
 
-* `never`: Never sign
-* `pubkey`: Only sign if the user has a public key
-* `twofa`: Only sign if the user logs in with two factor authentication
-* `always`: Always sign
+- `never`: Never sign
+- `pubkey`: Only sign if the user has a public key
+- `twofa`: Only sign if the user logs in with two factor authentication
+- `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
 separated list.
@@ -112,11 +116,11 @@ separated list.
 This options determines if Gitea should sign commits to the Wiki.
 The possible values are:
 
-* `never`: Never sign
-* `pubkey`: Only sign if the user has a public key
-* `twofa`: Only sign if the user logs in with two factor authentication
-* `parentsigned`: Only sign if the parent commit is signed.
-* `always`: Always sign
+- `never`: Never sign
+- `pubkey`: Only sign if the user has a public key
+- `twofa`: Only sign if the user logs in with two factor authentication
+- `parentsigned`: Only sign if the parent commit is signed.
+- `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
 separated list.
@@ -126,11 +130,11 @@ separated list.
 This option determines if Gitea should sign commits from the web
 editor or API CRUD actions. The possible values are:
 
-* `never`: Never sign
-* `pubkey`: Only sign if the user has a public key
-* `twofa`: Only sign if the user logs in with two factor authentication
-* `parentsigned`: Only sign if the parent commit is signed.
-* `always`: Always sign
+- `never`: Never sign
+- `pubkey`: Only sign if the user has a public key
+- `twofa`: Only sign if the user logs in with two factor authentication
+- `parentsigned`: Only sign if the parent commit is signed.
+- `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
 separated list.
@@ -140,14 +144,14 @@ separated list.
 This option determines if Gitea should sign merge commits from PRs.
 The possible options are:
 
-* `never`: Never sign
-* `pubkey`: Only sign if the user has a public key
-* `twofa`: Only sign if the user logs in with two factor authentication
-* `basesigned`: Only sign if the parent commit in the base repo is signed.
-* `headsigned`: Only sign if the head commit in the head branch is signed.
-* `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
-* `approved`: Only sign approved merges to a protected branch.
-* `always`: Always sign
+- `never`: Never sign
+- `pubkey`: Only sign if the user has a public key
+- `twofa`: Only sign if the user logs in with two factor authentication
+- `basesigned`: Only sign if the parent commit in the base repo is signed.
+- `headsigned`: Only sign if the head commit in the head branch is signed.
+- `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
+- `approved`: Only sign approved merges to a protected branch.
+- `always`: Always sign
 
 Options other than `never` and `always` can be combined as a comma
 separated list.
@@ -156,12 +160,12 @@ separated list.
 
 The public key used to sign Gitea's commits can be obtained from the API at:
 
-```
+```sh
 /api/v1/signing-key.gpg
 ```
 
 In cases where there is a repository specific key this can be obtained from:
 
-```
+```sh
 /api/v1/repos/:username/:reponame/signing-key.gpg
 ```

docs/content/doc/advanced/specific-variables.en-us.md

@@ -1,68 +0,0 @@
----
-date: "2017-04-08T11:34:00+02:00"
-title: "Specific variables"
-slug: "specific-variables"
-weight: 20
-toc: false
-draft: false
-menu:
-  sidebar:
-    parent: "advanced"
-    name: "Specific variables"
-    weight: 20
-    identifier: "specific-variables"
----
-
-# Specific variables
-
-This is an inventory of Gitea environment variables. They change Gitea behaviour.
-
-Initialize them before Gitea command to be effective, for example:
-
-```
-GITEA_CUSTOM=/home/gitea/custom ./gitea web
-```
-
-## From Go language
-
-As Gitea is written in Go, it uses some Go variables, such as:
-
-  * `GOOS`
-  * `GOARCH`
-  * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
-
-For documentation about each of the variables available, refer to the
-[official Go documentation](https://golang.org/cmd/go/#hdr-Environment_variables).
-
-## Gitea files
-
-  * `GITEA_WORK_DIR`: Absolute path of working directory.
-  * `GITEA_CUSTOM`: Gitea uses `GITEA_WORK_DIR`/custom folder by default. Use this variable
-     to change *custom* directory.
-  * `GOGS_WORK_DIR`: Deprecated, use `GITEA_WORK_DIR`
-  * `GOGS_CUSTOM`: Deprecated, use `GITEA_CUSTOM`
-
-## Operating system specifics
-
-  * `USER`: System user that Gitea will run as. Used for some repository access strings.
-  * `USERNAME`: if no `USER` found, Gitea will use `USERNAME`
-  * `HOME`: User home directory path. The `USERPROFILE` environment variable is used in Windows.
-
-### Only on Windows
-
-  * `USERPROFILE`: User home directory path. If empty, uses `HOMEDRIVE` + `HOMEPATH`
-  * `HOMEDRIVE`: Main drive path used to access the home directory (C:)
-  * `HOMEPATH`: Home relative path in the given home drive path
-
-## Macaron (framework used by Gitea)
-
-  * `HOST`: Host Macaron will listen on
-  * `PORT`: Port Macaron will listen on
-  * `MACARON_ENV`: global variable to provide special functionality for development environments
-     vs. production environments. If MACARON_ENV is set to "" or "development", then templates will
-     be recompiled on every request. For more performance, set the MACARON_ENV environment variable
-     to "production".
-
-## Miscellaneous
-
-  * `SKIP_MINWINSVC`: If set to 1, do not run as a service on Windows.

docs/content/doc/advanced/specific-variables.zh-cn.md

@@ -1,62 +0,0 @@
----
-date: "2017-04-08T11:34:00+02:00"
-title: "环境变量清单"
-slug: "specific-variables"
-weight: 20
-toc: false
-draft: false
-menu:
-  sidebar:
-    parent: "advanced"
-    name: "环境变量清单"
-    weight: 20
-    identifier: "specific-variables"
----
-
-# 环境变量清单
-
-这里是用来控制 Gitea 行为表现的的环境变量清单，您需要在执行如下 Gitea 启动命令前设置它们来确保配置生效：
-
-```
-GITEA_CUSTOM=/home/gitea/custom ./gitea web
-```
-
-## Go 的配置
-
-因为 Gitea 使用 Go 语言编写，因此它使用了一些相关的 Go 的配置参数：
-
-  * `GOOS`
-  * `GOARCH`
-  * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
-
-您可以在[官方文档](https://golang.org/cmd/go/#hdr-Environment_variables)中查阅这些配置参数的详细信息。
-
-## Gitea 的文件目录
-
-  * `GITEA_WORK_DIR`：工作目录的绝对路径
-  * `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
-  * `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
-  * `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
-
-## 操作系统配置
-
-  * `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
-  * `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
-  * `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
-
-### 仅限于 Windows 的配置
-
-  * `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
-  * `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
-  * `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
-
-## Macaron（Gitea 使用的 web 框架）
-
-  * `HOST`：Macaron 监听的主机地址
-  * `PORT`：Macaron 监听的端口地址
-  * `MACARON_ENV`：为开发环境和生产环境提供特殊功能性配置的全局变量，当 MACARON_ENV 设置为 "" 或 "development"
-  时，每次请求都会重编译页面模板。为了提高性能表现，可将它设置为 "production"。
-
-## Miscellaneous
-
-  * `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。

docs/content/doc/advanced/third-party-tools.en-us.md

@@ -1,42 +0,0 @@
----
-date: "2018-05-22T11:00:00+00:00"
-title: "Advanced: Third Party Tools"
-slug: "third-party-tools"
-weight: 50
-toc: true
-draft: false
-menu:
-  sidebar:
-    parent: "advanced"
-    name: "Third Party Tools"
-    weight: 50
-    identifier: "third-party-tools"
----
-
-# List of third-party tools
-**NOTE:** These tools are not endorsed by Gitea. They are listed here for convenience only.
-
-## Hey! This page may be out of date or even removed in the future! :scream:
-Instead, check out [awesome-gitea](https://gitea.com/gitea/awesome-gitea/src/branch/master/README.md)!
-
-### Continuous Integration
-
-Check our [CI/CD page]({{< relref "doc/advanced/ci-cd.en-us.md" >}})
-
-### Internationalization 
-- [Weblate](https://docs.weblate.org/en/latest/admin/continuous.html#gitea-setup)
-
-### Migrating
-- [Installation script for Gitea](https://git.coolaj86.com/coolaj86/gitea-installer.sh)  
-- [GitHub Migrator](https://gitea.com/gitea/migrator)
-
-
-### Mobile
-- [GitNex for Android](https://gitlab.com/mmarif4u/gitnex)
-
-###  Editor Extensions
-- [Gitea Extension for Visual Studio](https://github.com/maikebing/Gitea.VisualStudio)
-   - Download from [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio)
- 
-### Project Management
-- [YouTrack by JetBrains](https://blog.jetbrains.com/youtrack/2019/12/whats-new-in-youtrack-2019-3/)

docs/content/doc/advanced/third-party-tools.zh-cn.md

@@ -3,7 +3,7 @@ date: "2019-03-11T21:45:00+00:00"
 title: "高级: 第三方工具"
 slug: "third-party-tools"
 weight: 50
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:

docs/content/doc/developers.en-us.md

@@ -0,0 +1,13 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "Developers"
+slug: "developers"
+weight: 40
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "Developers"
+    weight: 50
+    identifier: "developers"
+---

docs/content/doc/developers.zh-tw.md

@@ -0,0 +1,13 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "開發人員"
+slug: "developers"
+weight: 40
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "開發人員"
+    weight: 50
+    identifier: "developers"
+---

docs/content/doc/developers/api-usage.en-us.md

@@ -3,26 +3,30 @@ date: "2018-06-24:00:00+02:00"
 title: "API Usage"
 slug: "api-usage"
 weight: 40
-toc: true
+toc: false
 draft: false
 menu:
   sidebar:
-    parent: "advanced"
+    parent: "developers"
     name: "API Usage"
     weight: 40
     identifier: "api-usage"
 ---
 
-# Gitea API Usage
+# API Usage
+
+**Table of Contents**
+
+{{< toc >}}
 
 ## Enabling/configuring API access
 
 By default, `ENABLE_SWAGGER` is true, and
-`MAX_RESPONSE_ITEMS` is set to 50.  See [Config Cheat
+`MAX_RESPONSE_ITEMS` is set to 50. See [Config Cheat
 Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) for more
 information.
 
-## Authentication via the API
+## Authentication
 
 Gitea supports these methods of API authentication:
 
@@ -31,7 +35,7 @@ Gitea supports these methods of API authentication:
 - `access_token=...` parameter in URL query string
 - `Authorization: token ...` header in HTTP headers
 
-All of these methods accept the same API key token type.  You can
+All of these methods accept the same API key token type. You can
 better understand this by looking at the code -- as of this writing,
 Gitea parses queries and headers to find the token in
 [modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47).
@@ -39,7 +43,7 @@ Gitea parses queries and headers to find the token in
 You can create an API key token via your Gitea installation's web interface:
 `Settings | Applications | Generate New Token`.
 
-### OAuth2
+## OAuth2 Provider
 
 Access tokens obtained from Gitea's [OAuth2 provider](https://docs.gitea.io/en-us/oauth2-provider) are accepted by these methods:
 
@@ -52,13 +56,13 @@ Access tokens obtained from Gitea's [OAuth2 provider](https://docs.gitea.io/en-u
 For historical reasons, Gitea needs the word `token` included before
 the API key token in an authorization header, like this:
 
-```
+```sh
 Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
 ```
 
 In a `curl` command, for instance, this would look like:
 
-```
+```sh
 curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
     -H "accept: application/json" \
     -H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
@@ -70,11 +74,10 @@ the `token=` string in a GET request.
 
 ## API Guide:
 
-API Reference guide is auto-generated by swagger and available on: 
-    `https://gitea.your.host/api/swagger`
-    or on 
-    [gitea demo instance](https://try.gitea.io/api/swagger)
-
+API Reference guide is auto-generated by swagger and available on:
+`https://gitea.your.host/api/swagger`
+or on
+[gitea demo instance](https://try.gitea.io/api/swagger)
 
 ## Listing your issued tokens via the API
 
@@ -85,17 +88,22 @@ using BasicAuth, as follows:
 
 ### Using basic authentication:
 
-```
+```sh
 $ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
 [{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
 ```
 
 As of v1.8.0 of Gitea, if using basic authentication with the API and your user has two factor authentication enabled, you'll need to send an additional header that contains the one time password (6 digit rotating token). An example of the header is `X-Gitea-OTP: 123456` where `123456` is where you'd place the code from your authenticator. Here is how the request would look like in curl:
 
-```
+```sh
 $ curl -H "X-Gitea-OTP: 123456" --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
 ```
 
 ## Sudo
 
 The API allows admin users to sudo API requests as another user. Simply add either a `sudo=` parameter or `Sudo:` request header with the username of the user to sudo.
+
+## SDKs
+
+- [Official go-sdk](https://gitea.com/gitea/go-sdk)
+- [more](https://gitea.com/gitea/awesome-gitea#user-content-sdk)