From 9ea796b9ab0b3ef80c1fb05e4cc08d42e2be25fe Mon Sep 17 00:00:00 2001
From: Michael Jerger <michael.jerger@meissa-gmbh.de>
Date: Mon, 16 Jun 2025 20:27:47 +0200
Subject: [PATCH 01/39] [gitea] week 2025-21 cherry pick (gitea/main ->
 forgejo) (#8040)

## Checklist

- [x] go to the last cherry-pick PR (forgejo/forgejo#7965) to figure out how far it went: [gitea@9d4ebc1f2c](https://github.com/go-gitea/gitea/commit/9d4ebc1f2caa2cad9f5815e2760c49185b0809e4)
- [x] cherry-pick and open PR (forgejo/forgejo#8040)
- [ ] have the PR pass the CI
- end-to-end (specially important if there are actions related changes)
  - [ ] add `run-end-to-end` label
  - [ ] check the result
- [ ] write release notes
- [ ] assign reviewers
- [ ] 48h later, last call
- merge 1 hour after the last call

## Legend

- :question: - No decision about the commit has been made.
- :cherries: - The commit has been cherry picked.
- :fast_forward: - The commit has been skipped.
- :bulb: - The commit has been skipped, but should be ported to Forgejo.
- :writing_hand: - The commit has been skipped, and a port to Forgejo already exists.

## Commits

- :cherries: [`gitea`](https://github.com/go-gitea/gitea/commit/50d95650884a877936784fae01aaf3f7fea513c6) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/c3e6eab73235ac189ca3a36ce2b8ea8d8ad82c81) Add sort option recentclose for issues and pulls ([gitea#34525](https://github.com/go-gitea/gitea/pull/34525))

## TODO

- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/d5bbaee64e44327e78e39ad7a1977e21ddc59e1c) Retain issue sort type when a keyword search is introduced ([gitea#34559](https://github.com/go-gitea/gitea/pull/34559))
  UI: Small bat might be nice. Test needed? Do we've frontend tests covering the search?
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/82ea2387e4c225617d607c0e25043920837dba7b) Always use an empty line to separate the commit message and trailer ([gitea#34512](https://github.com/go-gitea/gitea/pull/34512))
  Needs merge
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/74858dc5aefeb177c8d377f3f9a408331887d92a) Fix line-button issue after file selection in file tree ([gitea#34574](https://github.com/go-gitea/gitea/pull/34574))
  Frontend: Makes it sense to pick/port ui logic in *.ts files?
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/7149c9c55d7e960bd5fa59a66243fc8445e7bf37) Fix doctor deleting orphaned issues attachments ([gitea#34142](https://github.com/go-gitea/gitea/pull/34142))
  Doctor: seems useful.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/0cec4b84e2e2385d33cd19351f8a9e098a29ecc2) Fix actions skipped commit status indicator ([gitea#34507](https://github.com/go-gitea/gitea/pull/34507))
  Actions: Might benefit from additional tests.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/4cb0c641ce856224bb53245b6946d9da0f2c38dd) Add "View workflow file" to Actions list page ([gitea#34538](https://github.com/go-gitea/gitea/pull/34538))
  Actions: Needs tests
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/b0936f4f4120169fab31f21610e9fcd915e36fb4) Do not mutate incoming options to RenderUserSearch and SearchUsers ([gitea#34544](https://github.com/go-gitea/gitea/pull/34544))
  Nice refactoring but needs manual merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/498088c0536f228eceb7c04ab53742f69a0024b4) Add webhook assigning test and fix possible bug ([gitea#34420](https://github.com/go-gitea/gitea/pull/34420))
  Integrationtest has conflicts needs merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/24a51059d7fffe75564f7dc2fffeba1f3789f55e) Fix possible nil description of pull request when migrating from CodeCommit ([gitea#34541](https://github.com/go-gitea/gitea/pull/34541))
  Is this relevant to forgejo? Did not find the place to apply this small change.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/688da55f543f82265cc7df2bd1cf2bce53188b7a) Split GetLatestCommitStatus as two functions ([gitea#34535](https://github.com/go-gitea/gitea/pull/34535))
  Merge required.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/ab9691291d313aedab7b459c42e1e1dd15f05461) Don't display error log when .git-blame-ignore-revs doesn't exist ([gitea#34457](https://github.com/go-gitea/gitea/pull/34457))
  Unsure wheter this affects forgejo. Tests missing.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/11ee7ff3bfb21fedf6a069d61149b0b3d51ce7f2) fix: return 201 Created for CreateVariable API responses ([gitea#34517](https://github.com/go-gitea/gitea/pull/34517))
  Actions: This is marked as breaking the api. Pls think about whether this breaking change iss needed & how this impact api-version-increase.
  The corresponding clinet change can be found here: https://gitea.com/gitea/go-sdk/pulls/713/files
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/9b295e984a15f0b903675adfe4ee8bd2c5f7c0d4) Actions list ([gitea#34530](https://github.com/go-gitea/gitea/pull/34530))
  Actions: Regression from https://github.com/go-gitea/gitea/pull/34337 Part of https://codeberg.org/forgejo/forgejo/pulls/7909
------

## Skipped

- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/bb6377d0807e56586a94a1f14a5ffa7da7155865) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/07d802a815aceec9474661102fc8d73e67afd64f) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/c6e2093f427b05624d8a21381710b50206cd17a4) Clean up "file-view" related styles ([gitea#34558](https://github.com/go-gitea/gitea/pull/34558))

  - gitea ui specific specific
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/9f10885b2194b6ee19f9b165b06edda775b792b2) Refactor commit reader ([gitea#34542](https://github.com/go-gitea/gitea/pull/34542))

  - gitea refactor specific
------

<details>
<summary><h2>Stats</h2></summary>

<br>

Between [`gitea@9d4ebc1f2c`](https://github.com/go-gitea/gitea/commit/9d4ebc1f2caa2cad9f5815e2760c49185b0809e4) and [`gitea@d5bbaee64e`](https://github.com/go-gitea/gitea/commit/d5bbaee64e44327e78e39ad7a1977e21ddc59e1c), **18** commits have been reviewed. We picked **1**, skipped **4**, and decided to port **13**.

</details>

Co-authored-by: Markus Amshove <scm@amshove.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8040
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
---
 models/issues/issue_search.go  |  2 ++
 models/issues/pull_list.go     |  3 ++-
 models/issues/pull_test.go     | 41 ++++++++++++++++++++++++++++++++++
 routers/api/v1/repo/pull.go    |  2 +-
 templates/swagger/v1_json.tmpl |  1 +
 5 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/models/issues/issue_search.go b/models/issues/issue_search.go
index bf4b89ee0b..91a69c26a7 100644
--- a/models/issues/issue_search.go
+++ b/models/issues/issue_search.go
@@ -66,6 +66,8 @@ func applySorts(sess *xorm.Session, sortType string, priorityRepoID int64) {
 		sess.Asc("issue.created_unix").Asc("issue.id")
 	case "recentupdate":
 		sess.Desc("issue.updated_unix").Desc("issue.created_unix").Desc("issue.id")
+	case "recentclose":
+		sess.Desc("issue.closed_unix").Desc("issue.created_unix").Desc("issue.id")
 	case "leastupdate":
 		sess.Asc("issue.updated_unix").Asc("issue.created_unix").Asc("issue.id")
 	case "mostcomment":
diff --git a/models/issues/pull_list.go b/models/issues/pull_list.go
index a448673454..8fc0491026 100644
--- a/models/issues/pull_list.go
+++ b/models/issues/pull_list.go
@@ -152,7 +152,8 @@ func PullRequests(ctx context.Context, baseRepoID int64, opts *PullRequestsOptio
 	applySorts(findSession, opts.SortType, 0)
 	findSession = db.SetSessionPagination(findSession, opts)
 	prs := make([]*PullRequest, 0, opts.PageSize)
-	return prs, maxResults, findSession.Find(&prs)
+	found := findSession.Find(&prs)
+	return prs, maxResults, found
 }
 
 // PullRequestList defines a list of pull requests
diff --git a/models/issues/pull_test.go b/models/issues/pull_test.go
index 5a8e8d8aaf..3682f6fd25 100644
--- a/models/issues/pull_test.go
+++ b/models/issues/pull_test.go
@@ -79,6 +79,47 @@ func TestPullRequestsNewest(t *testing.T) {
 	}
 }
 
+func TestPullRequests_Closed_RecentSortType(t *testing.T) {
+	// Issue ID | Closed At.  | Updated At
+	//    2     | 1707270001  | 1707270001
+	//    3     | 1707271000  | 1707279999
+	//    11    | 1707279999  | 1707275555
+	tests := []struct {
+		sortType             string
+		expectedIssueIDOrder []int64
+	}{
+		{"recentupdate", []int64{3, 11, 2}},
+		{"recentclose", []int64{11, 3, 2}},
+	}
+
+	require.NoError(t, unittest.PrepareTestDatabase())
+	_, err := db.Exec(db.DefaultContext, "UPDATE issue SET closed_unix = 1707270001, updated_unix = 1707270001, is_closed = true WHERE id = 2")
+	require.NoError(t, err)
+	_, err = db.Exec(db.DefaultContext, "UPDATE issue SET closed_unix = 1707271000, updated_unix = 1707279999, is_closed = true WHERE id = 3")
+	require.NoError(t, err)
+	_, err = db.Exec(db.DefaultContext, "UPDATE issue SET closed_unix = 1707279999, updated_unix = 1707275555, is_closed = true WHERE id = 11")
+	require.NoError(t, err)
+
+	for _, test := range tests {
+		t.Run(test.sortType, func(t *testing.T) {
+			prs, _, err := issues_model.PullRequests(db.DefaultContext, 1, &issues_model.PullRequestsOptions{
+				ListOptions: db.ListOptions{
+					Page: 1,
+				},
+				State:    "closed",
+				SortType: test.sortType,
+			})
+			require.NoError(t, err)
+
+			if assert.Len(t, prs, len(test.expectedIssueIDOrder)) {
+				for i := range test.expectedIssueIDOrder {
+					assert.Equal(t, test.expectedIssueIDOrder[i], prs[i].IssueID)
+				}
+			}
+		})
+	}
+}
+
 func TestLoadRequestedReviewers(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 75b4870e51..c9dda124de 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -71,7 +71,7 @@ func ListPullRequests(ctx *context.APIContext) {
 	//   in: query
 	//   description: Type of sort
 	//   type: string
-	//   enum: [oldest, recentupdate, leastupdate, mostcomment, leastcomment, priority]
+	//   enum: [oldest, recentupdate, recentclose, leastupdate, mostcomment, leastcomment, priority]
 	// - name: milestone
 	//   in: query
 	//   description: ID of the milestone
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 124d5bd1bd..bba4ac4949 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -12994,6 +12994,7 @@
             "enum": [
               "oldest",
               "recentupdate",
+              "recentclose",
               "leastupdate",
               "mostcomment",
               "leastcomment",

From 0c55cdf6b6b3df4d2588ec44232ed2c5ff899898 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 17 Jun 2025 03:48:53 +0200
Subject: [PATCH 02/39] Update dependency chart.js to v4.5.0 (forgejo) (#8190)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8190
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 4a91eeecc2..40601d8536 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,7 +16,7 @@
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
         "asciinema-player": "3.8.2",
-        "chart.js": "4.4.9",
+        "chart.js": "4.5.0",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
         "clippie": "4.1.7",
@@ -5373,9 +5373,9 @@
       }
     },
     "node_modules/chart.js": {
-      "version": "4.4.9",
-      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.4.9.tgz",
-      "integrity": "sha512-EyZ9wWKgpAU0fLJ43YAEIF8sr5F2W3LqbS40ZJyHIner2lY14ufqv2VMp69MAiZ2rpwxEUxEhIH/0U3xyRynxg==",
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.5.0.tgz",
+      "integrity": "sha512-aYeC/jDgSEx8SHWZvANYMioYMZ2KX02W6f6uVfyteuCGcadDLcYVHdfdygsTQkQ4TKn5lghoojAsPj5pu0SnvQ==",
       "license": "MIT",
       "dependencies": {
         "@kurkle/color": "^0.3.0"
diff --git a/package.json b/package.json
index f7f04b1c0b..b4d170fdb9 100644
--- a/package.json
+++ b/package.json
@@ -15,7 +15,7 @@
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
     "asciinema-player": "3.8.2",
-    "chart.js": "4.4.9",
+    "chart.js": "4.5.0",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",
     "clippie": "4.1.7",

From b52264c953dcba20b8d23fc450da3f0aadb8d259 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 17 Jun 2025 07:47:00 +0200
Subject: [PATCH 03/39] fix: do not check for `object_format_name` field
 (#8202)

- Only check for the `object_format_name` field if SHA256 is supported.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8202
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 tests/integration/repo_generate_test.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/tests/integration/repo_generate_test.go b/tests/integration/repo_generate_test.go
index d22e6ecc74..44987c14b0 100644
--- a/tests/integration/repo_generate_test.go
+++ b/tests/integration/repo_generate_test.go
@@ -15,6 +15,7 @@ import (
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
@@ -43,9 +44,13 @@ func assertRepoCreateForm(t *testing.T, htmlDoc *HTMLDoc, owner *user_model.User
 	// the template menu is loaded client-side, so don't assert the option exists
 	assert.Equal(t, templateID, htmlDoc.GetInputValueByName("repo_template"), "Unexpected repo_template selection")
 
-	for _, name := range []string{"issue_labels", "gitignores", "license", "object_format_name"} {
+	for _, name := range []string{"issue_labels", "gitignores", "license"} {
 		htmlDoc.AssertDropdownHasOptions(t, name)
 	}
+
+	if git.SupportHashSha256 {
+		htmlDoc.AssertDropdownHasOptions(t, "object_format_name")
+	}
 }
 
 func testRepoGenerate(t *testing.T, session *TestSession, templateID, templateOwnerName, templateRepoName string, user, generateOwner *user_model.User, generateRepoName string) {

From 3a8cea52cd0bcbde839e6c4779265a94bf6c4700 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 17 Jun 2025 08:28:26 +0200
Subject: [PATCH 04/39] chore: remove gopls in Makefile (#8205)

- `lint-go-gopls` runs `gopls check` over Forgejo's codebase. It report errors found by the diagnosis tool of gopls, most of it are errors that can be catched by existing linters. It is not used in the CI, remove it.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8205
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 Makefile               |  8 --------
 tools/lint-go-gopls.sh | 23 -----------------------
 2 files changed, 31 deletions(-)
 delete mode 100755 tools/lint-go-gopls.sh

diff --git a/Makefile b/Makefile
index e6416d5a6f..852c85ccd6 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,6 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.34.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.5.2 # renovate: datasource=go
-GOPLS_PACKAGE ?= golang.org/x/tools/gopls@v0.18.1 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@40.57.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
@@ -222,7 +221,6 @@ help:
 	@echo " - lint-go                          lint go files"
 	@echo " - lint-go-fix                      lint go files and fix issues"
 	@echo " - lint-go-vet                      lint go files with vet"
-	@echo " - lint-go-gopls                    lint go files with gopls"
 	@echo " - lint-js                          lint js files"
 	@echo " - lint-js-fix                      lint js files and fix issues"
 	@echo " - lint-css                         lint css files"
@@ -487,11 +485,6 @@ lint-go-vet:
 	@echo "Running go vet..."
 	@$(GO) vet ./...
 
-.PHONY: lint-go-gopls
-lint-go-gopls:
-	@echo "Running gopls check..."
-	@GO=$(GO) GOPLS_PACKAGE=$(GOPLS_PACKAGE) tools/lint-go-gopls.sh $(GO_SOURCES_NO_BINDATA)
-
 .PHONY: lint-editorconfig
 lint-editorconfig:
 	$(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates .forgejo/workflows
@@ -932,7 +925,6 @@ deps-tools:
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
 	$(GO) install $(GOMOCK_PACKAGE)
-	$(GO) install $(GOPLS_PACKAGE)
 
 node_modules: package-lock.json
 	npm install --no-save
diff --git a/tools/lint-go-gopls.sh b/tools/lint-go-gopls.sh
deleted file mode 100755
index a222ea14d7..0000000000
--- a/tools/lint-go-gopls.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-set -uo pipefail
-
-cd "$(dirname -- "${BASH_SOURCE[0]}")" && cd ..
-
-IGNORE_PATTERNS=(
-  "is deprecated" # TODO: fix these
-)
-
-# lint all go files with 'gopls check' and look for lines starting with the
-# current absolute path, indicating a error was found. This is necessary
-# because the tool does not set non-zero exit code when errors are found.
-# ref: https://github.com/golang/go/issues/67078
-ERROR_LINES=$("$GO" run "$GOPLS_PACKAGE" check "$@" 2>/dev/null | grep -E "^$PWD" | grep -vFf <(printf '%s\n' "${IGNORE_PATTERNS[@]}"));
-NUM_ERRORS=$(echo -n "$ERROR_LINES" | wc -l)
-
-if [ "$NUM_ERRORS" -eq "0" ]; then
-  exit 0;
-else
-  echo "$ERROR_LINES"
-  echo "Found $NUM_ERRORS 'gopls check' errors"
-  exit 1;
-fi

From 3a986d282fcb27a094a3e6e076e3bf9b0e6c09cd Mon Sep 17 00:00:00 2001
From: Lucas Schwiderski <lucas@lschwiderski.de>
Date: Tue, 17 Jun 2025 09:31:50 +0200
Subject: [PATCH 05/39] Implement single-commit PR review flow (#7155)

This implements the UI controls and information displays necessary to allow reviewing pull requests by stepping through commits individually.

Notable changes:

- Within the PR page, commit links now stay in the PR context by navigating to `{owner}/{repo}/pulls/{id}/commits/{sha}`
- When showing a single commit in the "Files changed" tab, the commit header containing commit message and metadata is displayed
  - I dropped the existing buttons, since they make less sense to me in the PR context
  - The SHA links to the separate, dedicated commit view
- "Previous"/"Next" buttons have been added to that header to allow stepping through commits
- Reviews can be submitted in "single commit" view

Talking points:

- The "Showing only changes from" banner made sense when that view was limited (e.g. review submit was disabled). Now that it's on par with the "all commits" view, and visually distinct due to the commit header, this banner could potentially be dropped.

Closes: #5670 #5126 #5671 #2281 #8084

![image](/attachments/cff441dc-a080-42f8-86ae-9b80490761bf)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7155
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Lucas Schwiderski <lucas@lschwiderski.de>
Co-committed-by: Lucas Schwiderski <lucas@lschwiderski.de>
---
 models/fixtures/comment.yml                   |  40 +++++++
 options/locale_next/locale_en-US.json         |   2 +
 routers/web/repo/pull.go                      | 110 +++++++++++++++++-
 routers/web/web.go                            |   5 +-
 templates/repo/commit_header.tmpl             |  32 +++--
 .../repo/commit_load_branches_and_tags.tmpl   |   2 +-
 templates/repo/commits_list.tmpl              |   3 +
 templates/repo/commits_list_small.tmpl        |   9 +-
 templates/repo/diff/box.tmpl                  |   9 +-
 templates/repo/diff/new_review.tmpl           |   8 +-
 tests/e2e/pr-review.test.e2e.ts               |  91 ++++++++++++++-
 .../commitsonpr.git/logs/refs/heads/branch1   |   1 +
 .../06/c5865eaeaaa2f92e8fce75a281f6272ee68e90 | Bin 0 -> 223 bytes
 .../2d/65d92dc800c6f448541240c18e82bf36b954bb | Bin 0 -> 221 bytes
 .../9b/93963cf6de4dc33f915bb67f192d099c301f43 | Bin 0 -> 224 bytes
 .../ab/a2b386a1eb0b0273ada0fed4f7d075d6e343c1 | Bin 0 -> 223 bytes
 .../b3/b178fe7c45986f6325aeac1b036c74825ae8f4 | Bin 0 -> 223 bytes
 .../c9/cf8a3095808af2425255056e01746fef420801 | Bin 0 -> 223 bytes
 .../user2/commitsonpr.git/refs/heads/branch1  |   2 +-
 .../user2/commitsonpr.git/refs/pull/1/head    |   2 +-
 tests/integration/pull_commit_test.go         |  17 +++
 tests/integration/pull_diff_test.go           |  13 +--
 tests/integration/pull_files_test.go          | 106 +++++++++++++++++
 tests/integration/pull_test.go                |  37 ++++++
 web_src/css/repo.css                          |  15 ++-
 25 files changed, 471 insertions(+), 33 deletions(-)
 create mode 100644 tests/gitea-repositories-meta/user2/commitsonpr.git/objects/06/c5865eaeaaa2f92e8fce75a281f6272ee68e90
 create mode 100644 tests/gitea-repositories-meta/user2/commitsonpr.git/objects/2d/65d92dc800c6f448541240c18e82bf36b954bb
 create mode 100644 tests/gitea-repositories-meta/user2/commitsonpr.git/objects/9b/93963cf6de4dc33f915bb67f192d099c301f43
 create mode 100644 tests/gitea-repositories-meta/user2/commitsonpr.git/objects/ab/a2b386a1eb0b0273ada0fed4f7d075d6e343c1
 create mode 100644 tests/gitea-repositories-meta/user2/commitsonpr.git/objects/b3/b178fe7c45986f6325aeac1b036c74825ae8f4
 create mode 100644 tests/gitea-repositories-meta/user2/commitsonpr.git/objects/c9/cf8a3095808af2425255056e01746fef420801
 create mode 100644 tests/integration/pull_files_test.go

diff --git a/models/fixtures/comment.yml b/models/fixtures/comment.yml
index f4121284a6..2c47196c05 100644
--- a/models/fixtures/comment.yml
+++ b/models/fixtures/comment.yml
@@ -113,3 +113,43 @@
   review_id: 22
   assignee_id: 5
   created_unix: 946684817
+
+-
+  id: 13
+  type: 29 # push
+  poster_id: 2
+  issue_id: 19 # in repo_id 58
+  content: '{"is_force_push":false,"commit_ids":["4ca8bcaf27e28504df7bf996819665986b01c847","96cef4a7b72b3c208340ae6f0cf55a93e9077c93","c5626fc9eff57eb1bb7b796b01d4d0f2f3f792a2"]}'
+  created_unix: 1688672373
+
+-
+  id: 14
+  type: 29 # push
+  poster_id: 2
+  issue_id: 19 # in repo_id 58
+  content: '{"is_force_push":false,"commit_ids":["23576dd018294e476c06e569b6b0f170d0558705"]}'
+  created_unix: 1688672374
+
+-
+  id: 15
+  type: 29 # push
+  poster_id: 2
+  issue_id: 19 # in repo_id 58
+  content: '{"is_force_push":false,"commit_ids":["3e64625bd6eb5bcba69ac97de6c8f507402df861", "c704db5794097441aa2d9dd834d5b7e2f8f08108"]}'
+  created_unix: 1688672375
+
+-
+  id: 16
+  type: 29 # push
+  poster_id: 2
+  issue_id: 19 # in repo_id 58
+  content: '{"is_force_push":false,"commit_ids":["811d46c7e518f4f180afb862c0db5cb8c80529ce", "747ddb3506a4fa04a7747808eb56ae16f9e933dc", "837d5c8125633d7d258f93b998e867eab0145520", "1978192d98bb1b65e11c2cf37da854fbf94bffd6"]}'
+  created_unix: 1688672376
+
+-
+  id: 17
+  type: 29 # push
+  poster_id: 2
+  issue_id: 19 # in repo_id 58
+  content: '{"is_force_push":true,"commit_ids":["1978192d98bb1b65e11c2cf37da854fbf94bffd6", "9b93963cf6de4dc33f915bb67f192d099c301f43"]}'
+  created_unix: 1749734240
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 356aaaead0..368152095e 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -89,6 +89,8 @@
     "mail.actions.run_info_previous_status": "Previous Run's Status: %[1]s",
     "mail.actions.run_info_ref": "Branch: %[1]s (%[2]s)",
     "mail.actions.run_info_trigger": "Triggered because: %[1]s by: %[2]s",
+    "repo.diff.commit.next-short": "Next",
+    "repo.diff.commit.previous-short": "Prev",
     "discussion.locked": "This discussion has been locked. Commenting is limited to contributors.",
     "editor.textarea.tab_hint": "Line already indented. Press <kbd>Tab</kbd> again or <kbd>Escape</kbd> to leave the editor.",
     "editor.textarea.shift_tab_hint": "No indentation on this line. Press <kbd>Shift</kbd> + <kbd>Tab</kbd> again or <kbd>Escape</kbd> to leave the editor.",
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 2db982d3b6..8547bbcc03 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -10,13 +10,16 @@ import (
 	"errors"
 	"fmt"
 	"html"
+	"html/template"
 	"net/http"
 	"net/url"
+	"path"
 	"strconv"
 	"strings"
 
 	"forgejo.org/models"
 	activities_model "forgejo.org/models/activities"
+	asymkey_model "forgejo.org/models/asymkey"
 	"forgejo.org/models/db"
 	git_model "forgejo.org/models/git"
 	issues_model "forgejo.org/models/issues"
@@ -28,11 +31,13 @@ import (
 	"forgejo.org/models/unit"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/base"
+	"forgejo.org/modules/charset"
 	"forgejo.org/modules/emoji"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
 	issue_template "forgejo.org/modules/issue/template"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/markup"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/structs"
@@ -498,6 +503,7 @@ func PrepareMergedViewPullInfo(ctx *context.Context, issue *issues_model.Issue)
 			ctx.Data["IsPullRequestBroken"] = true
 			ctx.Data["BaseTarget"] = pull.BaseBranch
 			ctx.Data["NumCommits"] = 0
+			ctx.Data["CommitIDs"] = map[string]bool{}
 			ctx.Data["NumFiles"] = 0
 			return nil
 		}
@@ -508,6 +514,12 @@ func PrepareMergedViewPullInfo(ctx *context.Context, issue *issues_model.Issue)
 	ctx.Data["NumCommits"] = len(compareInfo.Commits)
 	ctx.Data["NumFiles"] = compareInfo.NumFiles
 
+	commitIDs := map[string]bool{}
+	for _, commit := range compareInfo.Commits {
+		commitIDs[commit.ID.String()] = true
+	}
+	ctx.Data["CommitIDs"] = commitIDs
+
 	if len(compareInfo.Commits) != 0 {
 		sha := compareInfo.Commits[0].ID.String()
 		commitStatuses, _, err := git_model.GetLatestCommitStatus(ctx, ctx.Repo.Repository.ID, sha, db.ListOptionsAll)
@@ -591,6 +603,7 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
 				ctx.Data["IsPullRequestBroken"] = true
 				ctx.Data["BaseTarget"] = pull.BaseBranch
 				ctx.Data["NumCommits"] = 0
+				ctx.Data["CommitIDs"] = map[string]bool{}
 				ctx.Data["NumFiles"] = 0
 				return nil
 			}
@@ -601,6 +614,13 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
 
 		ctx.Data["NumCommits"] = len(compareInfo.Commits)
 		ctx.Data["NumFiles"] = compareInfo.NumFiles
+
+		commitIDs := map[string]bool{}
+		for _, commit := range compareInfo.Commits {
+			commitIDs[commit.ID.String()] = true
+		}
+		ctx.Data["CommitIDs"] = commitIDs
+
 		return compareInfo
 	}
 
@@ -659,6 +679,7 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
 			}
 			ctx.Data["BaseTarget"] = pull.BaseBranch
 			ctx.Data["NumCommits"] = 0
+			ctx.Data["CommitIDs"] = map[string]bool{}
 			ctx.Data["NumFiles"] = 0
 			return nil
 		}
@@ -736,6 +757,7 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
 			ctx.Data["IsPullRequestBroken"] = true
 			ctx.Data["BaseTarget"] = pull.BaseBranch
 			ctx.Data["NumCommits"] = 0
+			ctx.Data["CommitIDs"] = map[string]bool{}
 			ctx.Data["NumFiles"] = 0
 			return nil
 		}
@@ -760,6 +782,13 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
 
 	ctx.Data["NumCommits"] = len(compareInfo.Commits)
 	ctx.Data["NumFiles"] = compareInfo.NumFiles
+
+	commitIDs := map[string]bool{}
+	for _, commit := range compareInfo.Commits {
+		commitIDs[commit.ID.String()] = true
+	}
+	ctx.Data["CommitIDs"] = commitIDs
+
 	return compareInfo
 }
 
@@ -919,7 +948,81 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 
 	ctx.Data["IsShowingOnlySingleCommit"] = willShowSpecifiedCommit
 
-	if willShowSpecifiedCommit || willShowSpecifiedCommitRange {
+	if willShowSpecifiedCommit {
+		commitID := specifiedEndCommit
+
+		ctx.Data["CommitID"] = commitID
+
+		var prevCommit, curCommit, nextCommit *git.Commit
+
+		// Iterate in reverse to properly map "previous" and "next" buttons
+		for i := len(prInfo.Commits) - 1; i >= 0; i-- {
+			commit := prInfo.Commits[i]
+
+			if curCommit != nil {
+				nextCommit = commit
+				break
+			}
+
+			if commit.ID.String() == commitID {
+				curCommit = commit
+			} else {
+				prevCommit = commit
+			}
+		}
+
+		if curCommit == nil {
+			ctx.ServerError("Repo.GitRepo.viewPullFiles", git.ErrNotExist{ID: commitID})
+			return
+		}
+
+		ctx.Data["Commit"] = curCommit
+		if prevCommit != nil {
+			ctx.Data["PrevCommitLink"] = path.Join(ctx.Repo.RepoLink, "pulls", strconv.FormatInt(issue.Index, 10), "commits", prevCommit.ID.String())
+		}
+		if nextCommit != nil {
+			ctx.Data["NextCommitLink"] = path.Join(ctx.Repo.RepoLink, "pulls", strconv.FormatInt(issue.Index, 10), "commits", nextCommit.ID.String())
+		}
+
+		statuses, _, err := git_model.GetLatestCommitStatus(ctx, ctx.Repo.Repository.ID, commitID, db.ListOptionsAll)
+		if err != nil {
+			log.Error("GetLatestCommitStatus: %v", err)
+		}
+		if !ctx.Repo.CanRead(unit.TypeActions) {
+			git_model.CommitStatusesHideActionsURL(ctx, statuses)
+		}
+
+		ctx.Data["CommitStatus"] = git_model.CalcCommitStatus(statuses)
+		ctx.Data["CommitStatuses"] = statuses
+
+		verification := asymkey_model.ParseCommitWithSignature(ctx, curCommit)
+		ctx.Data["Verification"] = verification
+		ctx.Data["Author"] = user_model.ValidateCommitWithEmail(ctx, curCommit)
+
+		note := &git.Note{}
+		err = git.GetNote(ctx, ctx.Repo.GitRepo, specifiedEndCommit, note)
+		if err == nil {
+			ctx.Data["NoteCommit"] = note.Commit
+			ctx.Data["NoteAuthor"] = user_model.ValidateCommitWithEmail(ctx, note.Commit)
+			ctx.Data["NoteRendered"], err = markup.RenderCommitMessage(&markup.RenderContext{
+				Links: markup.Links{
+					Base:       ctx.Repo.RepoLink,
+					BranchPath: path.Join("commit", util.PathEscapeSegments(commitID)),
+				},
+				Metas:   ctx.Repo.Repository.ComposeMetas(ctx),
+				GitRepo: ctx.Repo.GitRepo,
+				Ctx:     ctx,
+			}, template.HTMLEscapeString(string(charset.ToUTF8WithFallback(note.Message, charset.ConvertOpts{}))))
+			if err != nil {
+				ctx.ServerError("RenderCommitMessage", err)
+				return
+			}
+		}
+
+		endCommitID = commitID
+		startCommitID = prInfo.MergeBase
+		ctx.Data["IsShowingAllCommits"] = false
+	} else if willShowSpecifiedCommitRange {
 		if len(specifiedEndCommit) > 0 {
 			endCommitID = specifiedEndCommit
 		} else {
@@ -930,6 +1033,7 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		} else {
 			startCommitID = prInfo.MergeBase
 		}
+
 		ctx.Data["IsShowingAllCommits"] = false
 	} else {
 		endCommitID = headCommitID
@@ -937,10 +1041,10 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		ctx.Data["IsShowingAllCommits"] = true
 	}
 
-	ctx.Data["Username"] = ctx.Repo.Owner.Name
-	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
 	ctx.Data["AfterCommitID"] = endCommitID
 	ctx.Data["BeforeCommitID"] = startCommitID
+	ctx.Data["Username"] = ctx.Repo.Owner.Name
+	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
 
 	fileOnly := ctx.FormBool("file-only")
 
diff --git a/routers/web/web.go b/routers/web/web.go
index f8a13dab7e..4b39f22f7d 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1510,7 +1510,10 @@ func registerRoutes(m *web.Route) {
 			m.Group("/commits", func() {
 				m.Get("", context.RepoRef(), repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewPullCommits)
 				m.Get("/list", context.RepoRef(), repo.GetPullCommits)
-				m.Get("/{sha:[a-f0-9]{4,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
+				m.Group("/{sha:[a-f0-9]{4,40}}", func() {
+					m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
+					m.Post("/reviews/submit", context.RepoMustNotBeArchived(), web.Bind(forms.SubmitReviewForm{}), repo.SubmitReview)
+				})
 			})
 			m.Post("/merge", context.RepoMustNotBeArchived(), web.Bind(forms.MergePullRequestForm{}), context.EnforceQuotaWeb(quota_model.LimitSubjectSizeGitAll, context.QuotaTargetRepo), repo.MergePullRequest)
 			m.Post("/cancel_auto_merge", context.RepoMustNotBeArchived(), repo.CancelAutoMergePullRequest)
diff --git a/templates/repo/commit_header.tmpl b/templates/repo/commit_header.tmpl
index 8a074e9545..9604daf2b0 100644
--- a/templates/repo/commit_header.tmpl
+++ b/templates/repo/commit_header.tmpl
@@ -14,10 +14,19 @@
 	{{end}}
 {{end}}
 <div class="ui top attached header clearing segment tw-relative commit-header {{$class}}">
-	<div class="tw-flex tw-mb-4 tw-gap-1">
+	<div class="tw-flex tw-mb-4 tw-gap-1 max-sm:tw-flex-col">
 		<h3 class="tw-mb-0 tw-flex-1"><span class="commit-summary" title="{{.Commit.Summary}}">{{RenderCommitMessage $.Context .Commit.Message ($.Repository.ComposeMetas ctx)}}</span>{{template "repo/commit_statuses" dict "Status" .CommitStatus "Statuses" .CommitStatuses}}</h3>
-		{{if not $.PageIsWiki}}
-			<div class="commit-header-buttons">
+		<div class="commit-header-buttons">
+			{{if .PageIsPullFiles}}
+				<div class="ui buttons">
+					<a class="ui small button {{if .PrevCommitLink}}" href="{{.PrevCommitLink}}"{{else}}disabled"{{end}}>
+						{{svg "octicon-chevron-left"}} {{ctx.Locale.Tr "repo.diff.commit.previous-short"}}
+					</a>
+					<a class="ui small button {{if .NextCommitLink}}" href="{{.NextCommitLink}}"{{else}}disabled"{{end}}>
+						{{ctx.Locale.Tr "repo.diff.commit.next-short"}} {{svg "octicon-chevron-right"}}
+					</a>
+				</div>
+			{{else if not $.PageIsWiki}}
 				<a class="ui primary tiny button" href="{{.SourcePath}}">
 					{{ctx.Locale.Tr "repo.diff.browse_source"}}
 				</a>
@@ -132,8 +141,8 @@
 						</div>
 					</div>
 				{{end}}
-			</div>
-		{{end}}
+			{{end}}
+		</div>
 	</div>
 	{{if IsMultilineCommitMessage .Commit.Message}}
 		<pre class="commit-body">{{RenderCommitBody $.Context .Commit.Message ($.Repository.ComposeMetas ctx)}}</pre>
@@ -185,9 +194,16 @@
 			{{end}}
 			<div class="item">
 				<span>{{ctx.Locale.Tr "repo.diff.commit"}}</span>
-				<span class="ui primary sha label">
-					<span class="shortsha">{{ShortSha .CommitID}}</span>
-				</span>
+				{{if .PageIsPullFiles}}
+					{{$commitShaLink := (printf "%s/commit/%s" $.RepoLink (PathEscape .CommitID))}}
+					<a href="{{$commitShaLink}}" class="ui primary sha label">
+						<span class="shortsha">{{ShortSha .CommitID}}</span>
+					</a>
+				{{else}}
+					<span class="ui primary sha label">
+						<span class="shortsha">{{ShortSha .CommitID}}</span>
+					</span>
+				{{end}}
 			</div>
 		</div>
 </div>
diff --git a/templates/repo/commit_load_branches_and_tags.tmpl b/templates/repo/commit_load_branches_and_tags.tmpl
index ffa0e530e8..25402ca2f4 100644
--- a/templates/repo/commit_load_branches_and_tags.tmpl
+++ b/templates/repo/commit_load_branches_and_tags.tmpl
@@ -1,4 +1,4 @@
-{{if not .PageIsWiki}}
+{{if not (or .PageIsWiki .PageIsPullFiles)}}
 <div class="branch-and-tag-area" data-text-default-branch-tooltip="{{ctx.Locale.Tr "repo.commit.contained_in_default_branch"}}">
 	<button class="ui button ellipsis-button load-branches-and-tags tw-mt-2" aria-expanded="false"
 		data-fetch-url="{{.RepoLink}}/commit/{{.CommitID}}/load-branches-and-tags"
diff --git a/templates/repo/commits_list.tmpl b/templates/repo/commits_list.tmpl
index 0e64a1ab1f..69837bfc1a 100644
--- a/templates/repo/commits_list.tmpl
+++ b/templates/repo/commits_list.tmpl
@@ -49,6 +49,9 @@
 								<span class="commit-summary {{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{.Summary | RenderEmoji $.Context}}</span>
 							{{else}}
 								{{$commitLink:= printf "%s/commit/%s" $commitRepoLink (PathEscape .ID.String)}}
+								{{if $.PageIsPullCommits}}
+									{{$commitLink = (printf "%s/pulls/%d/commits/%s" $commitRepoLink $.Issue.Index (PathEscape .ID.String))}}
+								{{end}}
 								<span class="commit-summary {{if gt .ParentCount 1}} grey text{{end}}" title="{{.Summary}}">{{RenderCommitMessageLinkSubject $.Context .Message $commitLink ($.Repository.ComposeMetas ctx)}}</span>
 							{{end}}
 							</span>
diff --git a/templates/repo/commits_list_small.tmpl b/templates/repo/commits_list_small.tmpl
index 961d4c9ce1..6efc812e8f 100644
--- a/templates/repo/commits_list_small.tmpl
+++ b/templates/repo/commits_list_small.tmpl
@@ -11,7 +11,14 @@
 			{{ctx.AvatarUtils.AvatarByEmail .Author.Email .Author.Name 20}}
 		{{end}}
 
-		{{$commitLink:= printf "%s/commit/%s" $.comment.Issue.PullRequest.BaseRepo.Link (PathEscape .ID.String)}}
+		{{$commitLink := printf "%s/commit/%s" $.comment.Issue.PullRequest.BaseRepo.Link (PathEscape .ID.String)}}
+
+		{{/* Only link those commits in the file diff view that can actually be reviewed there.
+					A force push or other rewriting of history will cause a commit to not be
+					part of the pull request anymore. */}}
+		{{if index $.root.CommitIDs .ID.String}}
+			{{$commitLink = printf "%s/pulls/%d/commits/%s" $.comment.Issue.PullRequest.BaseRepo.Link $.comment.Issue.Index (PathEscape .ID.String)}}
+		{{end}}
 
 		<span class="tw-flex-1 tw-font-mono gt-ellipsis" title="{{.Summary}}">
 			{{- RenderCommitMessageLinkSubject $.root.Context .Message $commitLink ($.comment.Issue.PullRequest.BaseRepo.ComposeMetas ctx) -}}
diff --git a/templates/repo/diff/box.tmpl b/templates/repo/diff/box.tmpl
index e24c880746..f3c0c0989d 100644
--- a/templates/repo/diff/box.tmpl
+++ b/templates/repo/diff/box.tmpl
@@ -53,7 +53,7 @@
 	{{if not .DiffNotAvailable}}
 		{{if and .IsShowingOnlySingleCommit .PageIsPullFiles}}
 			<div class="ui info message">
-				<div>{{ctx.Locale.Tr "repo.pulls.showing_only_single_commit" (ShortSha .AfterCommitID)}} - <a href="{{$.Issue.Link}}/files?style={{if $.IsSplitStyle}}split{{else}}unified{{end}}&whitespace={{$.WhitespaceBehavior}}&show-outdated={{$.ShowOutdatedComments}}">{{ctx.Locale.Tr "repo.pulls.show_all_commits"}}</a></div>
+				<div>{{ctx.Locale.Tr "repo.pulls.showing_only_single_commit" (ShortSha .CommitID)}} - <a href="{{$.Issue.Link}}/files?style={{if $.IsSplitStyle}}split{{else}}unified{{end}}&whitespace={{$.WhitespaceBehavior}}&show-outdated={{$.ShowOutdatedComments}}">{{ctx.Locale.Tr "repo.pulls.show_all_commits"}}</a></div>
 			</div>
 		{{else if and (not .IsShowingAllCommits) .PageIsPullFiles}}
 			<div class="ui info message">
@@ -93,6 +93,12 @@
 				if (diffTreeVisible) document.getElementById('diff-file-tree').classList.remove('tw-hidden');
 			</script>
 		{{end}}
+		<div id="diff-content-container">
+		{{if .IsShowingOnlySingleCommit}}
+			<div id="diff-commit-header">
+			{{template "repo/commit_header" .}}
+			</div>
+		{{end}}
 		{{if .DiffNotAvailable}}
 			<h4>{{ctx.Locale.Tr "repo.diff.data_not_available"}}</h4>
 		{{else}}
@@ -230,6 +236,7 @@
 				{{end}}
 			</div>
 		{{end}}
+		</div>
 	</div>
 
 	{{if and (not $.Repository.IsArchived) (not .DiffNotAvailable)}}
diff --git a/templates/repo/diff/new_review.tmpl b/templates/repo/diff/new_review.tmpl
index 13d09babe1..ded7a6c5fc 100644
--- a/templates/repo/diff/new_review.tmpl
+++ b/templates/repo/diff/new_review.tmpl
@@ -1,17 +1,14 @@
 <div id="review-box">
 	<div
-		{{if not $.IsShowingAllCommits}}
-			data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.review_only_possible_for_full_diff"}}"
-		{{else if .Repository.IsArchived}}
+		{{if .Repository.IsArchived}}
 			data-tooltip-content="{{ctx.Locale.Tr "repo.archive.pull.noreview"}}"
 		{{end}}>
-		<button class="ui tiny primary button tw-pr-1 tw-flex js-btn-review {{if or (not $.IsShowingAllCommits) .Repository.IsArchived}}disabled{{end}}">
+		<button class="ui tiny primary button tw-pr-1 tw-flex js-btn-review {{if .Repository.IsArchived}}disabled{{end}}">
 			{{ctx.Locale.Tr "repo.diff.review"}}
 			<span class="ui small label review-comments-counter" data-pending-comment-number="{{.PendingCodeCommentNumber}}">{{.PendingCodeCommentNumber}}</span>
 			{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 		</button>
 	</div>
-	{{if $.IsShowingAllCommits}}
 	<div class="review-box-panel tippy-target">
 		<div class="ui segment">
 			<form class="ui form form-fetch-action" action="{{.Link}}/reviews/submit" method="post">
@@ -55,5 +52,4 @@
 			</form>
 		</div>
 	</div>
-	{{end}}
 </div>
diff --git a/tests/e2e/pr-review.test.e2e.ts b/tests/e2e/pr-review.test.e2e.ts
index b619cdbcd1..577c8bf20a 100644
--- a/tests/e2e/pr-review.test.e2e.ts
+++ b/tests/e2e/pr-review.test.e2e.ts
@@ -11,7 +11,7 @@ import {save_visual, test} from './utils_e2e.ts';
 
 test.use({user: 'user2'});
 
-test('PR: Finish review', async ({page}) => {
+test('PR: Create review from files', async ({page}) => {
   const response = await page.goto('/user2/repo1/pulls/5/files');
   expect(response?.status()).toBe(200);
 
@@ -22,4 +22,93 @@ test('PR: Finish review', async ({page}) => {
   await page.locator('#review-box .js-btn-review').click();
   await expect(page.locator('.tippy-box .review-box-panel')).toBeVisible();
   await save_visual(page);
+
+  await page.locator('.review-box-panel textarea#_combo_markdown_editor_0')
+    .fill('This is a review');
+  await page.locator('.review-box-panel button.btn-submit[value="approve"]').click();
+  await page.waitForURL(/.*\/user2\/repo1\/pulls\/5#issuecomment-\d+/);
+  await save_visual(page);
+});
+
+test('PR: Create review from commit', async ({page}) => {
+  const response = await page.goto('/user2/repo1/pulls/3/commits/4a357436d925b5c974181ff12a994538ddc5a269');
+  expect(response?.status()).toBe(200);
+
+  await page.locator('button.add-code-comment').click();
+  const code_comment = page.locator('.comment-code-cloud form textarea.markdown-text-editor');
+  await expect(code_comment).toBeVisible();
+
+  await code_comment.fill('This is a code comment');
+  await save_visual(page);
+
+  const start_button = page.locator('.comment-code-cloud form button.btn-start-review');
+  // Workaround for #7152, where there might already be a pending review state from previous
+  // test runs (most likely to happen when debugging tests).
+  if (await start_button.isVisible({timeout: 100})) {
+    await start_button.click();
+  } else {
+    await page.locator('.comment-code-cloud form button.btn-add-comment').click();
+  }
+
+  await expect(page.locator('.comment-list .comment-container')).toBeVisible();
+
+  // We need to wait for the review to be processed. Checking the comment counter
+  // conveniently does that.
+  await expect(page.locator('#review-box .js-btn-review > span.review-comments-counter')).toHaveText('1');
+
+  await page.locator('#review-box .js-btn-review').click();
+  await expect(page.locator('.tippy-box .review-box-panel')).toBeVisible();
+  await save_visual(page);
+
+  await page.locator('.review-box-panel textarea.markdown-text-editor')
+    .fill('This is a review');
+  await page.locator('.review-box-panel button.btn-submit[value="approve"]').click();
+  await page.waitForURL(/.*\/user2\/repo1\/pulls\/3#issuecomment-\d+/);
+  await save_visual(page);
+
+  // In addition to testing the ability to delete comments, this also
+  // performs clean up. If tests are run for multiple platforms, the data isn't reset
+  // in-between, and subsequent runs of this test would fail, because when there already is
+  // a comment, the on-hover button to start a conversation doesn't appear anymore.
+  await page.goto('/user2/repo1/pulls/3/commits/4a357436d925b5c974181ff12a994538ddc5a269');
+  await page.locator('.comment-header-right.actions a.context-menu').click();
+
+  await expect(page.locator('.comment-header-right.actions div.menu').getByText(/Copy link.*/)).toBeVisible();
+  // The button to delete a comment will prompt for confirmation using a browser alert.
+  page.on('dialog', (dialog) => dialog.accept());
+  await page.locator('.comment-header-right.actions div.menu .delete-comment').click();
+
+  await expect(page.locator('.comment-list .comment-container')).toBeHidden();
+  await save_visual(page);
+});
+
+test('PR: Navigate by single commit', async ({page}) => {
+  const response = await page.goto('/user2/repo1/pulls/3/commits');
+  expect(response?.status()).toBe(200);
+
+  await page.locator('tbody.commit-list td.message a').nth(1).click();
+  await page.waitForURL(/.*\/user2\/repo1\/pulls\/3\/commits\/4a357436d925b5c974181ff12a994538ddc5a269/);
+  await save_visual(page);
+
+  let prevButton = page.locator('.commit-header-buttons').getByText(/Prev/);
+  let nextButton = page.locator('.commit-header-buttons').getByText(/Next/);
+  await prevButton.waitFor();
+  await nextButton.waitFor();
+
+  await expect(prevButton).toHaveClass(/disabled/);
+  await expect(nextButton).not.toHaveClass(/disabled/);
+  await expect(nextButton).toHaveAttribute('href', '/user2/repo1/pulls/3/commits/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd');
+  await nextButton.click();
+
+  await page.waitForURL(/.*\/user2\/repo1\/pulls\/3\/commits\/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd/);
+  await save_visual(page);
+
+  prevButton = page.locator('.commit-header-buttons').getByText(/Prev/);
+  nextButton = page.locator('.commit-header-buttons').getByText(/Next/);
+  await prevButton.waitFor();
+  await nextButton.waitFor();
+
+  await expect(prevButton).not.toHaveClass(/disabled/);
+  await expect(nextButton).toHaveClass(/disabled/);
+  await expect(prevButton).toHaveAttribute('href', '/user2/repo1/pulls/3/commits/4a357436d925b5c974181ff12a994538ddc5a269');
 });
diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/logs/refs/heads/branch1 b/tests/gitea-repositories-meta/user2/commitsonpr.git/logs/refs/heads/branch1
index cf96195665..34c9ccecdd 100644
--- a/tests/gitea-repositories-meta/user2/commitsonpr.git/logs/refs/heads/branch1
+++ b/tests/gitea-repositories-meta/user2/commitsonpr.git/logs/refs/heads/branch1
@@ -1 +1,2 @@
 0000000000000000000000000000000000000000 1978192d98bb1b65e11c2cf37da854fbf94bffd6 Gitea <gitea@fake.local> 1688672383 +0200	push
+1978192d98bb1b65e11c2cf37da854fbf94bffd6 9b93963cf6de4dc33f915bb67f192d099c301f43 Forgejo <forgejo@fake.local> 1749737639 +0200	push
diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/06/c5865eaeaaa2f92e8fce75a281f6272ee68e90 b/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/06/c5865eaeaaa2f92e8fce75a281f6272ee68e90
new file mode 100644
index 0000000000000000000000000000000000000000..009c9849d9cd98d1b00f31317ff405b14e76dbcd
GIT binary patch
literal 223
zcmV<503iQ(0ZY!$&CM)PFfuY@C@D%!RWLQOFiB1{Pct<)HMcM{OEoi3Hn6lXGBQcD
zFg7z!Of)hzF)=bSO5rL<EK1EQQ7|$#H8)F1F)*|+vNTCGF*i##FiSNxvrIBeGDtHt
zH%KusHMKA|Fy%@tEy>6)QV32>N-QqPOw3aVPAp9=Qm`ooQF_HNVTbhG#LOJM<osMa
z1w%6n3o~;gV{>B#Z380%11^YTOHzvz-13XkQ?v3FY|<bMhqT1(RK1-1<is311w(Ta
ZOLJp$6B8q-KCY6~;t~Z@E&$YBMP6WWPcQ%g

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/2d/65d92dc800c6f448541240c18e82bf36b954bb b/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/2d/65d92dc800c6f448541240c18e82bf36b954bb
new file mode 100644
index 0000000000000000000000000000000000000000..e50c7ad5eb229687f4ca25c6fbc9e6fc3a288840
GIT binary patch
literal 221
zcmV<303!c*0ZY!$&CM)PFfuY@C@D%!Rj@EmPDwU2Ha1Q(O*1q!PqZ{jGfqxTGq*@h
zN;NPxFf=qYNisGwG~g;oEK1EQQAjdQGBmeHOEph6F}1WXOEWVzGEGcPOg2n1Fg8mz
zH?aV5Ez(T55=%=m@{1ILQ<D;lOEMGl6oL~=Q;QUAib0fKF-+JYJvT8kM=v=)*G|FE
z%)-LV+{oD6SV7ys$iRRL;@FbZA_cenqV&|Pd<B~{2*V*QF*{W+CqFqc$4<e}+{Dt{
X*xba#462W-B(=Ci!IBFAF&{@>pDtGx

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/9b/93963cf6de4dc33f915bb67f192d099c301f43 b/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/9b/93963cf6de4dc33f915bb67f192d099c301f43
new file mode 100644
index 0000000000000000000000000000000000000000..41814996f1fb04ca0555fd0e2118797036fd8d4d
GIT binary patch
literal 224
zcmV<603ZK&0ZY!$&CM)PFfuY{C@D%!RWMIYF-$QrN=-?$G&D3YGdD{yO*T$6H#ai0
zG&4;xOHDCMOiQ&ePUb2|EK1EQQ7}p|GflBHN=ddbFi18_GcmC+H8C_YF-SJFNVPCZ
zN;5V~vNSbGO5#c^Ey>6)QV32>N-QqPOw3aVPAp9=Qm`ooQF_HNVTbhG#LOJM<osMa
z1w%6n3o~;gV{>B#Z380%11^YTOHzvz-13XkQ?v3FY|<bMhqT1(RK1-1<is311w(Ta
aOLJp$6B9G2KCY6~;t~Zz11<oEPe+j#)KC!s

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/ab/a2b386a1eb0b0273ada0fed4f7d075d6e343c1 b/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/ab/a2b386a1eb0b0273ada0fed4f7d075d6e343c1
new file mode 100644
index 0000000000000000000000000000000000000000..2d936251cd14c0a1569c5b46cf1b5ce88ce75911
GIT binary patch
literal 223
zcmV<503iQ(0ZY!$&CM)PFfuY@C@D%!RWPzJG)qcLOGz}aOg2a}GB!6iO-(dON;NXK
zOi48`FiA18NHn%EFy<;qEK1EQQAoB-PP0ffHn23cFtA8WGcqwUH8M3dFf~gxFf=zY
zOG`~NF*2|)Fyu-sEy>6)QV32>N-QqPOw3aVPAp9=Qm`ooQF_HNVTbhG#LOJM<osMa
z1w%6n3o~;gV{>B#Z380%11^YTOHzvz-13XkQ?v3FY|<bMhqT1(RK1-1<is311w(Ta
ZOLJp$6B9G2KCY6~;t~aOE&$BhMw((yQKA3<

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/b3/b178fe7c45986f6325aeac1b036c74825ae8f4 b/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/b3/b178fe7c45986f6325aeac1b036c74825ae8f4
new file mode 100644
index 0000000000000000000000000000000000000000..7852ab910041abc4ffc5600b2002c9bf3ee99a94
GIT binary patch
literal 223
zcmV<503iQ(0ZY!$&CM)PFfuY@C@D%!RWLL#NKG@bG&M7|FtSWFPfD>cHZV0$F-l2H
zvam=qwMa5BNJ+9VHsmTuEK1EQQAkWmG)gkIFiSK{O)^L_FfunzOi46IOHDCJGfy!v
zH%&21H8wF$HsneyEy>6)QV32>N-QqPOw3aVPAp9=Qm`ooQF_HNVTbhG#LOJM<osMa
z1w%6n3o~;gV{>B#Z380%11^YTOHzvz-13XkQ?v3FY|<bMhqT1(RK1-1<is311w(Ta
ZOLJp$6B9G2KCY6~;t~Z5E&y<_N83|>P@Vt)

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/c9/cf8a3095808af2425255056e01746fef420801 b/tests/gitea-repositories-meta/user2/commitsonpr.git/objects/c9/cf8a3095808af2425255056e01746fef420801
new file mode 100644
index 0000000000000000000000000000000000000000..32a51a2837f6416b0eea0793fbeb53e47a4e74c2
GIT binary patch
literal 223
zcmV<503iQ(0ZY!$&CM)PFfuY@C@D%!RY)~7Pc=wOG%`ptPBAhxGPN``OEXGKGD<Tw
zOf$4JGBGeSw@6O1Fy<;qEK1EQQ7|w|HnlJ_O-)QqOiVONvouPzNJ~yNH%&CMFibNu
zGB-+1HM2;yG~h}sEy>6)QV32>N-QqPOw3aVPAp9=Qm`ooQF_HNVTbhG#LOJM<osMa
z1w%6n3o~;gV{>B#Z380%11^YTOHzvz-13XkQ?v3FY|<bMhqT1(RK1-1<is311w(Ta
ZOLJp$6B9G2KCY6~;t~ZjE&xzpN17VxP=){i

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/refs/heads/branch1 b/tests/gitea-repositories-meta/user2/commitsonpr.git/refs/heads/branch1
index 357fc9d6ed..6fc9179bdd 100644
--- a/tests/gitea-repositories-meta/user2/commitsonpr.git/refs/heads/branch1
+++ b/tests/gitea-repositories-meta/user2/commitsonpr.git/refs/heads/branch1
@@ -1 +1 @@
-1978192d98bb1b65e11c2cf37da854fbf94bffd6
+9b93963cf6de4dc33f915bb67f192d099c301f43
diff --git a/tests/gitea-repositories-meta/user2/commitsonpr.git/refs/pull/1/head b/tests/gitea-repositories-meta/user2/commitsonpr.git/refs/pull/1/head
index 357fc9d6ed..6fc9179bdd 100644
--- a/tests/gitea-repositories-meta/user2/commitsonpr.git/refs/pull/1/head
+++ b/tests/gitea-repositories-meta/user2/commitsonpr.git/refs/pull/1/head
@@ -1 +1 @@
-1978192d98bb1b65e11c2cf37da854fbf94bffd6
+9b93963cf6de4dc33f915bb67f192d099c301f43
diff --git a/tests/integration/pull_commit_test.go b/tests/integration/pull_commit_test.go
index 90d16d725d..8ca78f8147 100644
--- a/tests/integration/pull_commit_test.go
+++ b/tests/integration/pull_commit_test.go
@@ -31,3 +31,20 @@ func TestListPullCommits(t *testing.T) {
 	}
 	assert.Equal(t, "4a357436d925b5c974181ff12a994538ddc5a269", pullCommitList.LastReviewCommitSha)
 }
+
+func TestPullCommitLinks(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/pulls/3/commits")
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	commitSha := htmlDoc.Find(".commit-list td.sha a.sha.label").First()
+	commitShaHref, _ := commitSha.Attr("href")
+	assert.Equal(t, "/user2/repo1/pulls/3/commits/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd", commitShaHref)
+
+	commitLink := htmlDoc.Find(".commit-list td.message a").First()
+	commitLinkHref, _ := commitLink.Attr("href")
+	assert.Equal(t, "/user2/repo1/pulls/3/commits/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd", commitLinkHref)
+}
diff --git a/tests/integration/pull_diff_test.go b/tests/integration/pull_diff_test.go
index 70e0d5d33a..6db9fc25d8 100644
--- a/tests/integration/pull_diff_test.go
+++ b/tests/integration/pull_diff_test.go
@@ -14,22 +14,22 @@ import (
 )
 
 func TestPullDiff_CompletePRDiff(t *testing.T) {
-	doTestPRDiff(t, "/user2/commitsonpr/pulls/1/files", false, []string{"test1.txt", "test10.txt", "test2.txt", "test3.txt", "test4.txt", "test5.txt", "test6.txt", "test7.txt", "test8.txt", "test9.txt"})
+	doTestPRDiff(t, "/user2/commitsonpr/pulls/1/files", []string{"test1.txt", "test10.txt", "test2.txt", "test3.txt", "test4.txt", "test5.txt", "test6.txt", "test7.txt", "test8.txt", "test9.txt"})
 }
 
 func TestPullDiff_SingleCommitPRDiff(t *testing.T) {
-	doTestPRDiff(t, "/user2/commitsonpr/pulls/1/commits/c5626fc9eff57eb1bb7b796b01d4d0f2f3f792a2", true, []string{"test3.txt"})
+	doTestPRDiff(t, "/user2/commitsonpr/pulls/1/commits/c5626fc9eff57eb1bb7b796b01d4d0f2f3f792a2", []string{"test3.txt"})
 }
 
 func TestPullDiff_CommitRangePRDiff(t *testing.T) {
-	doTestPRDiff(t, "/user2/commitsonpr/pulls/1/files/4ca8bcaf27e28504df7bf996819665986b01c847..23576dd018294e476c06e569b6b0f170d0558705", true, []string{"test2.txt", "test3.txt", "test4.txt"})
+	doTestPRDiff(t, "/user2/commitsonpr/pulls/1/files/4ca8bcaf27e28504df7bf996819665986b01c847..23576dd018294e476c06e569b6b0f170d0558705", []string{"test2.txt", "test3.txt", "test4.txt"})
 }
 
 func TestPullDiff_StartingFromBaseToCommitPRDiff(t *testing.T) {
-	doTestPRDiff(t, "/user2/commitsonpr/pulls/1/files/c5626fc9eff57eb1bb7b796b01d4d0f2f3f792a2", true, []string{"test1.txt", "test2.txt", "test3.txt"})
+	doTestPRDiff(t, "/user2/commitsonpr/pulls/1/files/c5626fc9eff57eb1bb7b796b01d4d0f2f3f792a2", []string{"test1.txt", "test2.txt", "test3.txt"})
 }
 
-func doTestPRDiff(t *testing.T, prDiffURL string, reviewBtnDisabled bool, expectedFilenames []string) {
+func doTestPRDiff(t *testing.T, prDiffURL string, expectedFilenames []string) {
 	defer tests.PrepareTestEnv(t)()
 
 	session := loginUser(t, "user2")
@@ -52,7 +52,4 @@ func doTestPRDiff(t *testing.T, prDiffURL string, reviewBtnDisabled bool, expect
 		filename, _ := s.Attr("data-old-filename")
 		assert.Equal(t, expectedFilenames[i], filename)
 	})
-
-	// Ensure the review button is enabled for full PR reviews
-	assert.Equal(t, reviewBtnDisabled, doc.doc.Find(".js-btn-review").HasClass("disabled"))
 }
diff --git a/tests/integration/pull_files_test.go b/tests/integration/pull_files_test.go
new file mode 100644
index 0000000000..eb7072a4e6
--- /dev/null
+++ b/tests/integration/pull_files_test.go
@@ -0,0 +1,106 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/git"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPullFilesCommitHeader(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Verify commit info", func(t *testing.T) {
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		gitRepo, err := git.OpenRepository(git.DefaultContext, repo.RepoPath())
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		commit, err := gitRepo.GetCommit("62fb502a7172d4453f0322a2cc85bddffa57f07a")
+		require.NoError(t, err)
+
+		req := NewRequest(t, "GET", "/user2/repo1/pulls/5/commits/62fb502a7172d4453f0322a2cc85bddffa57f07a")
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		header := htmlDoc.doc.Find("#diff-commit-header")
+
+		summary := header.Find(".commit-header h3")
+		assert.Equal(t, commit.Summary(), strings.TrimSpace(summary.Text()))
+
+		author := header.Find(".author strong")
+		assert.Equal(t, commit.Author.Name, author.Text())
+
+		date, _ := header.Find("#authored-time relative-time").Attr("datetime")
+		assert.Equal(t, commit.Author.When.Format(time.RFC3339), date)
+
+		sha := header.Find(".commit-header-row .sha.label")
+		shaHref, _ := sha.Attr("href")
+		assert.Equal(t, commit.ID.String()[:10], sha.Find(".shortsha").Text())
+		assert.Equal(t, "/user2/repo1/commit/62fb502a7172d4453f0322a2cc85bddffa57f07a", shaHref)
+	})
+
+	t.Run("Navigation", func(t *testing.T) {
+		t.Run("No previous on first commit", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/user2/commitsonpr/pulls/1/commits/4ca8bcaf27e28504df7bf996819665986b01c847")
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			buttons := htmlDoc.doc.Find(".commit-header-buttons a.small.button")
+
+			assert.Equal(t, 2, buttons.Length(), "expected two buttons in commit header")
+
+			assert.True(t, buttons.First().HasClass("disabled"), "'prev' button should be disabled")
+			assert.False(t, buttons.Last().HasClass("disabled"), "'next' button should not be disabled")
+
+			href, _ := buttons.Last().Attr("href")
+			assert.Equal(t, "/user2/commitsonpr/pulls/1/commits/96cef4a7b72b3c208340ae6f0cf55a93e9077c93", href)
+		})
+
+		t.Run("No next on last commit", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/user2/commitsonpr/pulls/1/commits/9b93963cf6de4dc33f915bb67f192d099c301f43")
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			buttons := htmlDoc.doc.Find(".commit-header-buttons a.small.button")
+
+			assert.Equal(t, 2, buttons.Length(), "expected two buttons in commit header")
+
+			assert.False(t, buttons.First().HasClass("disabled"), "'prev' button should not be disabled")
+			assert.True(t, buttons.Last().HasClass("disabled"), "'next' button should be disabled")
+
+			href, _ := buttons.First().Attr("href")
+			assert.Equal(t, "/user2/commitsonpr/pulls/1/commits/2d65d92dc800c6f448541240c18e82bf36b954bb", href)
+		})
+
+		t.Run("Both directions on middle commit", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/user2/commitsonpr/pulls/1/commits/c5626fc9eff57eb1bb7b796b01d4d0f2f3f792a2")
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			buttons := htmlDoc.doc.Find(".commit-header-buttons a.small.button")
+
+			assert.Equal(t, 2, buttons.Length(), "expected two buttons in commit header")
+
+			assert.False(t, buttons.First().HasClass("disabled"), "'prev' button should not be disabled")
+			assert.False(t, buttons.Last().HasClass("disabled"), "'next' button should not be disabled")
+
+			href, _ := buttons.First().Attr("href")
+			assert.Equal(t, "/user2/commitsonpr/pulls/1/commits/96cef4a7b72b3c208340ae6f0cf55a93e9077c93", href)
+
+			href, _ = buttons.Last().Attr("href")
+			assert.Equal(t, "/user2/commitsonpr/pulls/1/commits/23576dd018294e476c06e569b6b0f170d0558705", href)
+		})
+	})
+}
diff --git a/tests/integration/pull_test.go b/tests/integration/pull_test.go
index d5321f6ae5..fd9dbf8888 100644
--- a/tests/integration/pull_test.go
+++ b/tests/integration/pull_test.go
@@ -30,6 +30,43 @@ func TestViewPulls(t *testing.T) {
 	assert.Equal(t, "Search pulls…", placeholder)
 }
 
+func TestPullViewConversation(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/commitsonpr/pulls/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	t.Run("Commits", func(t *testing.T) {
+		commitLists := htmlDoc.Find(".timeline-item.commits-list")
+		assert.Equal(t, 4, commitLists.Length())
+
+		commits := commitLists.Find(".singular-commit")
+		assert.Equal(t, 10, commits.Length())
+
+		// First one has not been affected by a force push, therefore it's still part of the
+		// PR and should link to the PR-scoped review tab
+		firstCommit := commits.Eq(0)
+		firstCommitMessageHref, _ := firstCommit.Find("a.default-link").Attr("href")
+		firstCommitShaHref, _ := firstCommit.Find("a.sha.label").Attr("href")
+		assert.Equal(t, "/user2/commitsonpr/pulls/1/commits/4ca8bcaf27e28504df7bf996819665986b01c847", firstCommitMessageHref)
+		assert.Equal(t, "/user2/commitsonpr/pulls/1/commits/4ca8bcaf27e28504df7bf996819665986b01c847", firstCommitShaHref)
+
+		// The fifth commit has been overwritten by a force push.
+		// Attempting to view the old one in the review tab won't work:
+		req := NewRequest(t, "GET", "/user2/commitsonpr/pulls/1/commits/3e64625bd6eb5bcba69ac97de6c8f507402df861")
+		MakeRequest(t, req, http.StatusNotFound)
+
+		// Therefore, this commit should link to the non-PR commit view instead
+		fifthCommit := commits.Eq(4)
+		fifthCommitMessageHref, _ := fifthCommit.Find("a.default-link").Attr("href")
+		fifthCommitShaHref, _ := fifthCommit.Find("a.sha.label").Attr("href")
+		assert.Equal(t, "/user2/commitsonpr/commit/3e64625bd6eb5bcba69ac97de6c8f507402df861", fifthCommitMessageHref)
+		assert.Equal(t, "/user2/commitsonpr/commit/3e64625bd6eb5bcba69ac97de6c8f507402df861", fifthCommitShaHref)
+	})
+}
+
 func TestPullManuallyMergeWarning(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index cf916f0361..144424937c 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -2468,8 +2468,21 @@ tbody.commit-list {
   display: flex;
 }
 
-#diff-file-boxes {
+#diff-content-container {
   flex: 1;
+}
+
+#diff-commit-header {
+  /* Counteract the `+2px` for width in `.segment` */
+  padding: 0 2px;
+}
+
+#diff-commit-header + h4,
+#diff-commit-header + #diff-file-boxes {
+  margin-top: 8px;
+}
+
+#diff-file-boxes {
   max-width: 100%;
   display: flex;
   flex-direction: column;

From 16dbc0efd350cdc15760c2e40346c1e9fbb0bd01 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Tue, 17 Jun 2025 10:15:48 +0200
Subject: [PATCH 06/39] fix: git_model.CommitStatusesHideActionsURL is obsolete
 (#8209)

Refs: https://codeberg.org/forgejo/forgejo/pulls/7155
Refs: https://codeberg.org/forgejo/forgejo/pulls/8177
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8209
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 routers/web/repo/pull.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 8547bbcc03..fd18646211 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -988,9 +988,6 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		if err != nil {
 			log.Error("GetLatestCommitStatus: %v", err)
 		}
-		if !ctx.Repo.CanRead(unit.TypeActions) {
-			git_model.CommitStatusesHideActionsURL(ctx, statuses)
-		}
 
 		ctx.Data["CommitStatus"] = git_model.CalcCommitStatus(statuses)
 		ctx.Data["CommitStatuses"] = statuses

From adc273e3a893bf64b7d95416d3ae9c39a4a23df0 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Tue, 17 Jun 2025 10:58:07 +0200
Subject: [PATCH 07/39] fix: do not ignore automerge while a PR is checking for
 conflicts (#8189)

Automerge can be ignored when the following race happens:

* Conflict check is happening on a repository and
  `pr.Status = issues_model.PullRequestStatusChecking` for all open pull
  requests (this happens every time a pull request is merged).
* While the conflict check is ongoing, an event (Forgejo Actions being
  successful for instance) happens and and `StartPRCheckAndAutoMerge*` is called.
* Because `pr.CanAutoMerge()` is false, the pull request is not
  selected and not added to the automerge queue.
* When the conflict check completes and `pr.CanAutoMerge()` becomes
  true, there no longer is a task in the auto merge queue and the
  auto merge does not happen.

This is fixed by adding a task to the auto merge queue when the conflict check for a pull request completes. This is done when the mutx protecting the conflict check task is released to prevent a deadlock when a synchronous queues are used in the following situation:

* the conflict check task finds the pull request is mergeable
* it schedules the auto merge tasks that finds it must be merged
* merging concludes with scheduling a conflict check task

Avoid an extra loop where a conflict check task queues an auto merge task that will schedule a conflict check task if the pull request can be merged. The auto merge row is removed from the database before merging. It would otherwise be removed after the merge commit is received via the git hook which happens asynchronously and can lead to a race.

StartPRCheckAndAutoMerge is modified to re-use HeadCommitID when available, such as when called after a pull request conflict check.

---

A note on tests: they cover the new behavior, i.e. automerge being triggered by a successful conflict check. This is also on the critical paths for every test that involve creating, merging or updating a pull request.

- `tests/integration/git_test.go`
- `tests/integration/actions_commit_status_test.go`
- `tests/integration/api_helper_for_declarative_test.go`
- `tests/integration/patch_status_test.go`
- `tests/integration/pull_merge_test.go`

The [missing fixture file](https://codeberg.org/forgejo/forgejo/pulls/8189/files#diff-b86fdd79108b3ba3cb2e56ffcfd1be2a7b32f46c) for the auto merge table can be verified to be necessary simply by removing it an observing that the integration tests fail.

The [scheduling of the auto merge task](https://codeberg.org/forgejo/forgejo/pulls/8189/files#diff-9489262e93967f6bb2db41837f37c06f4e70d978) in `testPR` can be verified to be required by moving it in the `testPRProtected` function and observing that the tests hang forever because of the deadlock.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8189): <!--number 8189 --><!--line 0 --><!--description ZG8gbm90IGlnbm9yZSBhdXRvbWVyZ2Ugd2hpbGUgYSBQUiBpcyBjaGVja2luZyBmb3IgY29uZmxpY3Rz-->do not ignore automerge while a PR is checking for conflicts<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8189
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 models/fixtures/pull_auto_merge.yml    |  1 +
 models/pull/automerge.go               |  9 ++++-
 services/automerge/automerge.go        |  5 +++
 services/pull/check.go                 | 30 +++++++++++-----
 services/shared/automerge/automerge.go | 48 ++++++++++++++++++--------
 tests/integration/README.md            |  4 +--
 tests/integration/patch_status_test.go | 26 ++++++++++++--
 7 files changed, 94 insertions(+), 29 deletions(-)
 create mode 100644 models/fixtures/pull_auto_merge.yml

diff --git a/models/fixtures/pull_auto_merge.yml b/models/fixtures/pull_auto_merge.yml
new file mode 100644
index 0000000000..ca780a73aa
--- /dev/null
+++ b/models/fixtures/pull_auto_merge.yml
@@ -0,0 +1 @@
+[] # empty
diff --git a/models/pull/automerge.go b/models/pull/automerge.go
index 63f572309b..dcc1f39271 100644
--- a/models/pull/automerge.go
+++ b/models/pull/automerge.go
@@ -10,6 +10,7 @@ import (
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/log"
 	"forgejo.org/modules/timeutil"
 )
 
@@ -58,13 +59,15 @@ func ScheduleAutoMerge(ctx context.Context, doer *user_model.User, pullID int64,
 		return ErrAlreadyScheduledToAutoMerge{PullID: pullID}
 	}
 
-	_, err := db.GetEngine(ctx).Insert(&AutoMerge{
+	scheduledPRM, err := db.GetEngine(ctx).Insert(&AutoMerge{
 		DoerID:                 doer.ID,
 		PullID:                 pullID,
 		MergeStyle:             style,
 		Message:                message,
 		DeleteBranchAfterMerge: deleteBranch,
 	})
+	log.Trace("ScheduleAutoMerge %+v for PR %d", scheduledPRM, pullID)
+
 	return err
 }
 
@@ -81,6 +84,8 @@ func GetScheduledMergeByPullID(ctx context.Context, pullID int64) (bool, *AutoMe
 		return false, nil, err
 	}
 
+	log.Trace("GetScheduledMergeByPullID found %+v for PR %d", scheduledPRM, pullID)
+
 	scheduledPRM.Doer = doer
 	return true, scheduledPRM, nil
 }
@@ -94,6 +99,8 @@ func DeleteScheduledAutoMerge(ctx context.Context, pullID int64) error {
 		return db.ErrNotExist{Resource: "auto_merge", ID: pullID}
 	}
 
+	log.Trace("DeleteScheduledAutoMerge %+v for PR %d", scheduledPRM, pullID)
+
 	_, err = db.GetEngine(ctx).ID(scheduledPRM.ID).Delete(&AutoMerge{})
 	return err
 }
diff --git a/services/automerge/automerge.go b/services/automerge/automerge.go
index f183136907..cbfe3bd54e 100644
--- a/services/automerge/automerge.go
+++ b/services/automerge/automerge.go
@@ -107,6 +107,7 @@ func handlePullRequestAutoMerge(pullID int64, sha string) {
 		return
 	}
 	if !exists {
+		log.Trace("GetScheduledMergeByPullID found nothing for PR %d", pullID)
 		return
 	}
 
@@ -204,6 +205,10 @@ func handlePullRequestAutoMerge(pullID int64, sha string) {
 		return
 	}
 
+	if err := pull_model.DeleteScheduledAutoMerge(ctx, pr.ID); err != nil && !db.IsErrNotExist(err) {
+		log.Error("DeleteScheduledAutoMerge[%d]: %v", pr.ID, err)
+	}
+
 	if err := pull_service.Merge(ctx, pr, doer, baseGitRepo, scheduledPRM.MergeStyle, "", scheduledPRM.Message, true); err != nil {
 		log.Error("pull_service.Merge: %v", err)
 		// FIXME: if merge failed, we should display some error message to the pull request page.
diff --git a/services/pull/check.go b/services/pull/check.go
index afeb7e675e..6002e2ae26 100644
--- a/services/pull/check.go
+++ b/services/pull/check.go
@@ -28,6 +28,7 @@ import (
 	"forgejo.org/modules/timeutil"
 	asymkey_service "forgejo.org/services/asymkey"
 	notify_service "forgejo.org/services/notify"
+	shared_automerge "forgejo.org/services/shared/automerge"
 )
 
 // prPatchCheckerQueue represents a queue to handle update pull request tests
@@ -170,7 +171,7 @@ func isSignedIfRequired(ctx context.Context, pr *issues_model.PullRequest, doer
 
 // checkAndUpdateStatus checks if pull request is possible to leaving checking status,
 // and set to be either conflict or mergeable.
-func checkAndUpdateStatus(ctx context.Context, pr *issues_model.PullRequest) {
+func checkAndUpdateStatus(ctx context.Context, pr *issues_model.PullRequest) bool {
 	// If status has not been changed to conflict by testPatch then we are mergeable
 	if pr.Status == issues_model.PullRequestStatusChecking {
 		pr.Status = issues_model.PullRequestStatusMergeable
@@ -184,12 +185,15 @@ func checkAndUpdateStatus(ctx context.Context, pr *issues_model.PullRequest) {
 
 	if has {
 		log.Trace("Not updating status for %-v as it is due to be rechecked", pr)
-		return
+		return false
 	}
 
 	if err := pr.UpdateColsIfNotMerged(ctx, "merge_base", "status", "conflicted_files", "changed_protected_files"); err != nil {
 		log.Error("Update[%-v]: %v", pr, err)
+		return false
 	}
+
+	return true
 }
 
 // getMergeCommit checks if a pull request has been merged
@@ -339,15 +343,22 @@ func handler(items ...string) []string {
 }
 
 func testPR(id int64) {
-	pullWorkingPool.CheckIn(fmt.Sprint(id))
-	defer pullWorkingPool.CheckOut(fmt.Sprint(id))
 	ctx, _, finished := process.GetManager().AddContext(graceful.GetManager().HammerContext(), fmt.Sprintf("Test PR[%d] from patch checking queue", id))
 	defer finished()
 
+	if pr, updated := testPRProtected(ctx, id); pr != nil && updated {
+		shared_automerge.AddToQueueIfMergeable(ctx, pr)
+	}
+}
+
+func testPRProtected(ctx context.Context, id int64) (*issues_model.PullRequest, bool) {
+	pullWorkingPool.CheckIn(fmt.Sprint(id))
+	defer pullWorkingPool.CheckOut(fmt.Sprint(id))
+
 	pr, err := issues_model.GetPullRequestByID(ctx, id)
 	if err != nil {
 		log.Error("Unable to GetPullRequestByID[%d] for testPR: %v", id, err)
-		return
+		return nil, false
 	}
 
 	log.Trace("Testing %-v", pr)
@@ -357,12 +368,12 @@ func testPR(id int64) {
 
 	if pr.HasMerged {
 		log.Trace("%-v is already merged (status: %s, merge commit: %s)", pr, pr.Status, pr.MergedCommitID)
-		return
+		return nil, false
 	}
 
 	if manuallyMerged(ctx, pr) {
 		log.Trace("%-v is manually merged (status: %s, merge commit: %s)", pr, pr.Status, pr.MergedCommitID)
-		return
+		return nil, false
 	}
 
 	if err := TestPatch(pr); err != nil {
@@ -371,9 +382,10 @@ func testPR(id int64) {
 		if err := pr.UpdateCols(ctx, "status"); err != nil {
 			log.Error("update pr [%-v] status to PullRequestStatusError failed: %v", pr, err)
 		}
-		return
+		return nil, false
 	}
-	checkAndUpdateStatus(ctx, pr)
+
+	return pr, checkAndUpdateStatus(ctx, pr)
 }
 
 // CheckPRsForBaseBranch check all pulls with baseBrannch
diff --git a/services/shared/automerge/automerge.go b/services/shared/automerge/automerge.go
index 1dc309f4b3..be7b2f6eb4 100644
--- a/services/shared/automerge/automerge.go
+++ b/services/shared/automerge/automerge.go
@@ -21,9 +21,9 @@ import (
 var PRAutoMergeQueue *queue.WorkerPoolQueue[string]
 
 func addToQueue(pr *issues_model.PullRequest, sha string) {
-	log.Trace("Adding pullID: %d to the pull requests patch checking queue with sha %s", pr.ID, sha)
+	log.Trace("Adding pullID: %d to the automerge queue with sha %s", pr.ID, sha)
 	if err := PRAutoMergeQueue.Push(fmt.Sprintf("%d_%s", pr.ID, sha)); err != nil {
-		log.Error("Error adding pullID: %d to the pull requests patch checking queue %v", pr.ID, err)
+		log.Error("Error adding pullID: %d to the automerge queue %v", pr.ID, err)
 	}
 }
 
@@ -43,32 +43,29 @@ func StartPRCheckAndAutoMergeBySHA(ctx context.Context, sha string, repo *repo_m
 	return nil
 }
 
-// StartPRCheckAndAutoMerge start an automerge check and auto merge task for a pull request
 func StartPRCheckAndAutoMerge(ctx context.Context, pull *issues_model.PullRequest) {
 	if pull == nil || pull.HasMerged || !pull.CanAutoMerge() {
 		return
 	}
 
-	if err := pull.LoadBaseRepo(ctx); err != nil {
-		log.Error("LoadBaseRepo: %v", err)
-		return
+	commitID := pull.HeadCommitID
+	if commitID == "" {
+		commitID = getCommitIDFromRefName(ctx, pull)
 	}
 
-	gitRepo, err := gitrepo.OpenRepository(ctx, pull.BaseRepo)
-	if err != nil {
-		log.Error("OpenRepository: %v", err)
-		return
-	}
-	defer gitRepo.Close()
-	commitID, err := gitRepo.GetRefCommitID(pull.GetGitRefName())
-	if err != nil {
-		log.Error("GetRefCommitID: %v", err)
+	if commitID == "" {
 		return
 	}
 
 	addToQueue(pull, commitID)
 }
 
+var AddToQueueIfMergeable = func(ctx context.Context, pull *issues_model.PullRequest) {
+	if pull.Status == issues_model.PullRequestStatusMergeable {
+		StartPRCheckAndAutoMerge(ctx, pull)
+	}
+}
+
 func getPullRequestsByHeadSHA(ctx context.Context, sha string, repo *repo_model.Repository, filter func(*issues_model.PullRequest) bool) (map[int64]*issues_model.PullRequest, error) {
 	gitRepo, err := gitrepo.OpenRepository(ctx, repo)
 	if err != nil {
@@ -118,3 +115,24 @@ func getPullRequestsByHeadSHA(ctx context.Context, sha string, repo *repo_model.
 
 	return pulls, nil
 }
+
+func getCommitIDFromRefName(ctx context.Context, pull *issues_model.PullRequest) string {
+	if err := pull.LoadBaseRepo(ctx); err != nil {
+		log.Error("LoadBaseRepo: %v", err)
+		return ""
+	}
+
+	gitRepo, err := gitrepo.OpenRepository(ctx, pull.BaseRepo)
+	if err != nil {
+		log.Error("OpenRepository: %v", err)
+		return ""
+	}
+	defer gitRepo.Close()
+	commitID, err := gitRepo.GetRefCommitID(pull.GetGitRefName())
+	if err != nil {
+		log.Error("GetRefCommitID: %v", err)
+		return ""
+	}
+
+	return commitID
+}
diff --git a/tests/integration/README.md b/tests/integration/README.md
index d83685388e..a6be7fe72c 100644
--- a/tests/integration/README.md
+++ b/tests/integration/README.md
@@ -71,11 +71,11 @@ TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test?multiStatements=true TEST_
 ### Run pgsql integration tests
 Setup a pgsql database inside docker
 ```
-docker run -e "POSTGRES_DB=test" -e POSTGRES_PASSWORD=postgres -p 5432:5432 --rm --name pgsql postgres:latest #(Ctrl-c to stop the database)
+docker run -e "POSTGRES_DB=test" -e POSTGRES_PASSWORD=postgres POSTGRESQL_FSYNC=off POSTGRESQL_EXTRA_FLAGS="-c full_page_writes=off" -p 5432:5432 --rm --name pgsql data.forgejo.org/oci/bitnami/postgresql:16 #(Ctrl-c to stop the database)
 ```
 Start tests based on the database container
 ```
-TEST_STORAGE_TYPE=local TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
+TEST_STORAGE_TYPE=local TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make 'test-pgsql#Test'
 ```
 
 ### Running individual tests
diff --git a/tests/integration/patch_status_test.go b/tests/integration/patch_status_test.go
index 078051fe63..3ce1dc4cb9 100644
--- a/tests/integration/patch_status_test.go
+++ b/tests/integration/patch_status_test.go
@@ -4,6 +4,7 @@
 package integration
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -20,7 +21,10 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/optional"
+	"forgejo.org/modules/test"
+	pull_service "forgejo.org/services/pull"
 	files_service "forgejo.org/services/repository/files"
+	shared_automerge "forgejo.org/services/shared/automerge"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -51,6 +55,20 @@ func TestPatchStatus(t *testing.T) {
 		})
 		defer f()
 
+		testAutomergeQueued := func(t *testing.T, pr *issues_model.PullRequest, expected issues_model.PullRequestStatus) {
+			t.Helper()
+
+			var actual issues_model.PullRequestStatus = -1
+			defer test.MockVariableValue(&shared_automerge.AddToQueueIfMergeable, func(ctx context.Context, pull *issues_model.PullRequest) {
+				actual = pull.Status
+			})()
+
+			pull_service.AddToTaskQueue(t.Context(), pr)
+			assert.Eventually(t, func() bool {
+				return expected == actual
+			}, time.Second*5, time.Millisecond*200)
+		}
+
 		testRepoFork(t, session, "user2", repo.Name, "org3", "forked-repo")
 		forkRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerName: "org3", Name: "forked-repo"})
 
@@ -91,7 +109,9 @@ func TestPatchStatus(t *testing.T) {
 				require.NoError(t, git.NewCommand(t.Context(), "push", "fork", "HEAD:normal").Run(&git.RunOpts{Dir: dstPath}))
 				testPullCreateDirectly(t, session, repo.OwnerName, repo.Name, repo.DefaultBranch, forkRepo.OwnerName, forkRepo.Name, "normal", "across repo normal")
 
-				test(t, unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: repo.ID, HeadRepoID: forkRepo.ID, HeadBranch: "normal"}, "flow = 0"))
+				pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: repo.ID, HeadRepoID: forkRepo.ID, HeadBranch: "normal"}, "flow = 0")
+				test(t, pr)
+				testAutomergeQueued(t, pr, issues_model.PullRequestStatusMergeable)
 			})
 
 			t.Run("Same repository", func(t *testing.T) {
@@ -144,7 +164,9 @@ func TestPatchStatus(t *testing.T) {
 				t.Run("Existing", func(t *testing.T) {
 					defer tests.PrintCurrentTest(t)()
 
-					test(t, unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: repo.ID, HeadRepoID: forkRepo.ID, HeadBranch: "normal"}, "flow = 0"))
+					pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: repo.ID, HeadRepoID: forkRepo.ID, HeadBranch: "normal"}, "flow = 0")
+					test(t, pr)
+					testAutomergeQueued(t, pr, issues_model.PullRequestStatusConflict)
 				})
 
 				t.Run("New", func(t *testing.T) {

From 15bb6b7f924600fd1c2ca1ea0c5eb45779a8c070 Mon Sep 17 00:00:00 2001
From: Michael Jerger <michael.jerger@meissa-gmbh.de>
Date: Tue, 17 Jun 2025 18:28:07 +0200
Subject: [PATCH 08/39] [gitea] week 2025-22 cherry pick (gitea/main ->
 forgejo) (#8198)

## Checklist

- [x] go to the last cherry-pick PR (forgejo/forgejo#8040) to figure out how far it went: [gitea@d5bbaee64e](https://github.com/go-gitea/gitea/commit/d5bbaee64e44327e78e39ad7a1977e21ddc59e1c)
- [x] cherry-pick and open PR (forgejo/forgejo#8198)
- [ ] have the PR pass the CI
- end-to-end (specially important if there are actions related changes)
  - [ ] add `run-end-to-end` label
  - [ ] check the result
- [ ] write release notes
- [ ] assign reviewers
- [ ] 48h later, last call
- merge 1 hour after the last call

## Legend

- :question: - No decision about the commit has been made.
- :cherries: - The commit has been cherry picked.
- :fast_forward: - The commit has been skipped.
- :bulb: - The commit has been skipped, but should be ported to Forgejo.
- :writing_hand: - The commit has been skipped, and a port to Forgejo already exists.

## Commits

- :cherries: [`gitea`](https://github.com/go-gitea/gitea/commit/17cfae82a5e8357f90701815b11c9bc615d0f7e8) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/6397da88d30de0a470dabadb8e27fbb202d75458) Hide href attribute of a tag if there is no target_url ([gitea#34556](https://github.com/go-gitea/gitea/pull/34556))
- :cherries: [`gitea`](https://github.com/go-gitea/gitea/commit/b408bf2f0bb6e76e73421e63128f08d42047e7c0) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/46bc899d57515fc5349e9113e92da2e4b0d93c75) Fix: skip paths check on tag push events in workflows ([gitea#34602](https://github.com/go-gitea/gitea/pull/34602))
- :cherries: [`gitea`](https://github.com/go-gitea/gitea/commit/9165ea8713adb959b6dda4e64bee1a9b2f818288) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/04332f31bfd8a1c0e8676e4764d44e087f1ccc30) Only activity tab needs heatmap data loading ([gitea#34652](https://github.com/go-gitea/gitea/pull/34652))
- :cherries: [`gitea`](https://github.com/go-gitea/gitea/commit/3f7dbbdaf1dbec3b741b3b883f7e44104e77c80b) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/2a9019fd0491684cdeab6d50a16e5cffaef5508b) Small fix in Pull Requests page ([gitea#34612](https://github.com/go-gitea/gitea/pull/34612))
- :cherries: [`gitea`](https://github.com/go-gitea/gitea/commit/497b83b75d567e6ee867d6be41ce37c4cee74e7e) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/9a83cc7bad79fe79447bf6e3cb3144292f922ebb) Fix migration pull request title too long ([gitea#34577](https://github.com/go-gitea/gitea/pull/34577))

## TODO

- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/6b8b5802185f8ba3cd2d0416cc5640fe758ea532) Refactor container and UI ([gitea#34736](https://github.com/go-gitea/gitea/pull/34736))
  Packages: Fix for container, needs careful merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/bbee652e293dd761c1d1255a14106e6b9f726003) Prevent duplicate form submissions when creating forks ([gitea#34714](https://github.com/go-gitea/gitea/pull/34714))
  Fork: Fix, needs careful merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/d21ce9fa0739a954e2ecbc5d2aa1e324b5781a4b) Improve the performance when detecting the file editable ([gitea#34653](https://github.com/go-gitea/gitea/pull/34653))
  LFS: Performance improvement - needs careful merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/8fed27bf6a8a7582a3b2afcda7842b735f6ea5bd) Fix various problems ([gitea#34708](https://github.com/go-gitea/gitea/pull/34708))
  Various: Fixes, tests missing.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/c9505a26b9c4147bc7098e20de732a415669520e) Improve instance wide ssh commit signing ([gitea#34341](https://github.com/go-gitea/gitea/pull/34341))
  CodeSign: Nice feature - needs careful merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/fbc3796f9e26e38e1ab8624d5d9ab24ccf1ba6ac) Fix pull requests API convert panic when head repository is deleted. ([gitea#34685](https://github.com/go-gitea/gitea/pull/34685))
  Pull: Fix, needs careful merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/1610a63bfd9e243a0d1ad8a5d05a5ae011a957a9) Fix commit message rendering and some UI problems ([gitea#34680](https://github.com/go-gitea/gitea/pull/34680))
  Various Fixes - needs carefull merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/0082cb51fa381338c8f96076f90f9e7a49909f8e) Fix last admin check when syncing users ([gitea#34649](https://github.com/go-gitea/gitea/pull/34649))
  oidc: fix "first user is always admin". Needs careful merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/c6b2cbd75d290b3b831d9b0ee8b47270e68b273b) Fix footnote jump behavior on the issue page. ([gitea#34621](https://github.com/go-gitea/gitea/pull/34621))
  Issues: Fix Markdown rendering. Needs carefull merge
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/7a59f5a8253402d6f98234bf0047ec53156d3af9) Ignore "Close" error when uploading container blob ([gitea#34620](https://github.com/go-gitea/gitea/pull/34620))
  No issue, no test.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/6d0b24064a922ee8195a7a7cb858823763bac524) Keeping consistent between UI and API about combined commit status state and fix some bugs ([gitea#34562](https://github.com/go-gitea/gitea/pull/34562))
  Next PR in Commit-Status story.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/f6041441ee280faba5f06ec4b7a78c35a402bf87) Refactor FindOrgOptions to use enum instead of bool, fix membership visibility ([gitea#34629](https://github.com/go-gitea/gitea/pull/34629))
  Just for a common sense here: How should I consider refactorings?
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/cc942e2a86152939305b30373b618536d46aedca) Fix GetUsersByEmails ([gitea#34643](https://github.com/go-gitea/gitea/pull/34643))
  User: Seems to fix email validation - but seems not to be finished.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/7fa5a88831141f9e7b858e282558e786b7e95716) Add `--color-logo` for text that should match logo color ([gitea#34639](https://github.com/go-gitea/gitea/pull/34639))
  UI: Nice idea - can we adapt this?
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/47d69b7749689a7a7570ac20bdfd30d336daf7c1) Validate hex colors when creating/editing labels ([gitea#34623](https://github.com/go-gitea/gitea/pull/34623))
  Label: Color validation but needs careful merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/108db0b04f007a0dc03262cb100aa1fe7b80e785) Fix possible pull request broken when leave the page immediately after clicking the update button ([gitea#34509](https://github.com/go-gitea/gitea/pull/34509))
  Nice fix for a bug hard to trace down.
  Needs careful merge & think about whether a test is possible.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/79cc3698928cdddec433199ac4d9339b4bfcde7d) Fix issue label delete incorrect labels webhook payload ([gitea#34575](https://github.com/go-gitea/gitea/pull/34575))
  Small fix but would expect a test, showing what was fixed.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/fe57ee3074c1d6421845bce67e9c580a14e2529e) fixed incorrect page navigation with up and down arrow on last item of dashboard repos ([gitea#34570](https://github.com/go-gitea/gitea/pull/34570))
  Small & simple - but tests are missing.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/4e471487fbc680c89985d6afa10724e53739ae8b) Remove unnecessary duplicate code ([gitea#34552](https://github.com/go-gitea/gitea/pull/34552))
  Fix arround "Split GetLatestCommitStatus".
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/c5e78fc7addd29b8949883134bc0d5339f64341e) Do not mutate incoming options to SearchRepositoryByName ([gitea#34553](https://github.com/go-gitea/gitea/pull/34553))
  Large refactoring to simplify options handling. But needs careful merge.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/f48c0135a611bd8e59b4262c9d2514bda6bb91c1) Fix/improve avatar sync from LDAP ([gitea#34573](https://github.com/go-gitea/gitea/pull/34573))
  Nice fix but needs test.
------
- :bulb: [`gitea`](https://github.com/go-gitea/gitea/commit/e8d8984f7c2c49c91bb24ac9c0d86e92a8ec795a) Fix some trivial problems ([gitea#34579](https://github.com/go-gitea/gitea/pull/34579))
  Various fixes, tests missing.
------

## Skipped

- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/637070e07bd34c914162cc479aa1683507d9cb14) Fix container range bug ([gitea#34725](https://github.com/go-gitea/gitea/pull/34725))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/0d3e9956cd73b78514a0507eb05446dcc9b7b8cc) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/28debdbe00a51ae031d539f95919351032254695) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/dcc9206a597e9f77a9ecedb0201f48af1e64f258) Raise minimum Node.js version to 20, test on 24 ([gitea#34713](https://github.com/go-gitea/gitea/pull/34713))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/bc28654b49e7bea0ee3088977c86b29b5c032fca) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/65986f423fd7718e8c0afc68261d2655bf60571c) Refactor embedded assets and drop unnecessary dependencies ([gitea#34692](https://github.com/go-gitea/gitea/pull/34692))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/18bafcc3785e0afe66b8c1188bb940eb5bb864a6) Bump minimum go version to 1.24.4 ([gitea#34699](https://github.com/go-gitea/gitea/pull/34699))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/8d135ef5cf2cd64ae7311ef23469689ed333de9d) Update JS deps ([gitea#34701](https://github.com/go-gitea/gitea/pull/34701))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/d5893ee260d6fa7cb1919748555fc1d69b9145cb) Fix markdown wrap ([gitea#34697](https://github.com/go-gitea/gitea/pull/34697))

  - gitea UI specific specific
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/06ccb3a1d46433aa0dda24f697f7586f3024c032) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/94db956e319232b35a12d4f2e186b188a88a1be2) frontport changelog ([gitea#34689](https://github.com/go-gitea/gitea/pull/34689))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/d5afdccde82e7f00e54d140533308fe76bf41783) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/e9f5105e9502c4cedd19b7f6dde02adee8caff2a) Migrate to urfave v3 ([gitea#34510](https://github.com/go-gitea/gitea/pull/34510))
  already in Forgejo - see https://codeberg.org/forgejo/forgejo/pulls/8035
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/2c341b6803622772619621e2620755a0ddce07e8) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/92e7e98c565235cd24db82679aa801dace2d1bd8) Update x/crypto package and make builtin SSH use default parameters ([gitea#34667](https://github.com/go-gitea/gitea/pull/34667))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/7b39c8258779363e2071b6171726166c58f843ae) Fix "oras" OCI client compatibility ([gitea#34666](https://github.com/go-gitea/gitea/pull/34666))
  Already in forgejo - see https://codeberg.org/forgejo/forgejo/issues/8070
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/1fe652cd2697b5bb459741f988782163a091c6c8) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/a9a705f4db95dfcfd21a0ad4fcb8f6a7a8809ff5) Fix missed merge commit sha and time when migrating from codecommit ([gitea#34645](https://github.com/go-gitea/gitea/pull/34645))
  Migration: Seems to be an important fix, but no tests.

  As I know @earl-warren worked hard on migration, is this still relevant to us?
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/1e0758a9f1aade415de434163bb0f6363dc6ca50) [skip ci] Updated translations via Crowdin
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/f6f6aedd4fe918df7b5b3593dd1a4e65f6b2ae10) Update JS deps, regenerate SVGs ([gitea#34640](https://github.com/go-gitea/gitea/pull/34640))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/aa2b3b2b1fdaf37917014770cd6bef3a2a5028a3) Misc CSS fixes ([gitea#34638](https://github.com/go-gitea/gitea/pull/34638))

  - gitea UI specific specific
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/b38f2d31fdcd1fc5facda86be33d3f830503f538) add codecommit to supported services in api docs ([gitea#34626](https://github.com/go-gitea/gitea/pull/34626))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/74a0178c6a9c28da6ab76545b466ed68c569eb75) add openssh-keygen to rootless image ([gitea#34625](https://github.com/go-gitea/gitea/pull/34625))
  already in Forgejo - see https://codeberg.org/forgejo/forgejo/issues/6896
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/5b22af4373c3936a951dd91da38860a830fcf743) bump to alpine 3.22 ([gitea#34613](https://github.com/go-gitea/gitea/pull/34613))
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/9e0e107d236022d550d077da7aa9af415ac02f8a) Fix notification count positioning for variable-width elements ([gitea#34597](https://github.com/go-gitea/gitea/pull/34597))

  - gitea UI specific specific
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/e5781cec75d7ba350fb9162b3882192574c80429) Fix margin issue in markup paragraph rendering ([gitea#34599](https://github.com/go-gitea/gitea/pull/34599))

  - gitea UI specific specific
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/375dab111198e6432b303a3c29b8e91bec95d361) Make pull request and issue history more compact ([gitea#34588](https://github.com/go-gitea/gitea/pull/34588))

  - gitea UI specific specific
------
- :fast_forward: [`gitea`](https://github.com/go-gitea/gitea/commit/2a1585b32ea2c3cb961cd1aedf4117d880255a53) Refactor some tests ([gitea#34580](https://github.com/go-gitea/gitea/pull/34580))
------

<details>
<summary><h2>Stats</h2></summary>

<br>

Between [`gitea@d5bbaee64e`](https://github.com/go-gitea/gitea/commit/d5bbaee64e44327e78e39ad7a1977e21ddc59e1c) and [`gitea@6b8b580218`](https://github.com/go-gitea/gitea/commit/6b8b5802185f8ba3cd2d0416cc5640fe758ea532), **55** commits have been reviewed. We picked **5**, skipped **28** (of which **3** were already in Forgejo!), and decided to port **22**.

</details>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: NorthRealm <155140859+NorthRealm@users.noreply.github.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-authored-by: endo0911engineer <161911062+endo0911engineer@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8198
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
---
 modules/actions/workflows.go                |  8 ++++++++
 modules/actions/workflows_test.go           | 18 +++++++++++++++++
 modules/util/truncate.go                    |  9 +++++++++
 modules/util/truncate_test.go               | 15 ++++++++++++++
 options/locale/locale_en-US.ini             |  1 +
 routers/web/user/profile.go                 | 22 ++++++++++-----------
 services/migrations/gitea_uploader.go       |  2 +-
 templates/repo/issue/filter_list.tmpl       |  2 +-
 web_src/js/components/DashboardRepoList.vue |  2 +-
 9 files changed, 65 insertions(+), 14 deletions(-)

diff --git a/modules/actions/workflows.go b/modules/actions/workflows.go
index daf453fb47..7ae4557ed6 100644
--- a/modules/actions/workflows.go
+++ b/modules/actions/workflows.go
@@ -323,6 +323,10 @@ func matchPushEvent(commit *git.Commit, pushPayload *api.PushPayload, evt *jobpa
 				matchTimes++
 			}
 		case "paths":
+			if refName.IsTag() {
+				matchTimes++
+				break
+			}
 			filesChanged, err := commit.GetFilesChangedSinceCommit(pushPayload.Before)
 			if err != nil {
 				log.Error("GetFilesChangedSinceCommit [commit_sha1: %s]: %v", commit.ID.String(), err)
@@ -336,6 +340,10 @@ func matchPushEvent(commit *git.Commit, pushPayload *api.PushPayload, evt *jobpa
 				}
 			}
 		case "paths-ignore":
+			if refName.IsTag() {
+				matchTimes++
+				break
+			}
 			filesChanged, err := commit.GetFilesChangedSinceCommit(pushPayload.Before)
 			if err != nil {
 				log.Error("GetFilesChangedSinceCommit [commit_sha1: %s]: %v", commit.ID.String(), err)
diff --git a/modules/actions/workflows_test.go b/modules/actions/workflows_test.go
index b85ed7fd56..9068ce31c3 100644
--- a/modules/actions/workflows_test.go
+++ b/modules/actions/workflows_test.go
@@ -150,6 +150,24 @@ func TestDetectMatched(t *testing.T) {
 			yamlOn:         "on: workflow_dispatch",
 			expected:       true,
 		},
+		{
+			desc:           "push to tag matches workflow with paths condition (should skip paths check)",
+			triggeredEvent: webhook_module.HookEventPush,
+			payload: &api.PushPayload{
+				Ref:    "refs/tags/v1.0.0",
+				Before: "0000000",
+				Commits: []*api.PayloadCommit{
+					{
+						ID:      "abcdef123456",
+						Added:   []string{"src/main.go"},
+						Message: "Release v1.0.0",
+					},
+				},
+			},
+			commit:   nil,
+			yamlOn:   "on:\n  push:\n    paths:\n      - src/**",
+			expected: true,
+		},
 	}
 
 	for _, tc := range testCases {
diff --git a/modules/util/truncate.go b/modules/util/truncate.go
index f2edbdc673..7207a89177 100644
--- a/modules/util/truncate.go
+++ b/modules/util/truncate.go
@@ -54,3 +54,12 @@ func SplitTrimSpace(input, sep string) []string {
 
 	return stringList
 }
+
+// TruncateRunes returns a truncated string with given rune limit,
+// it returns input string if its rune length doesn't exceed the limit.
+func TruncateRunes(str string, limit int) string {
+	if utf8.RuneCountInString(str) < limit {
+		return str
+	}
+	return string([]rune(str)[:limit])
+}
diff --git a/modules/util/truncate_test.go b/modules/util/truncate_test.go
index dfe1230fd4..8187b13eb2 100644
--- a/modules/util/truncate_test.go
+++ b/modules/util/truncate_test.go
@@ -44,3 +44,18 @@ func TestSplitString(t *testing.T) {
 	}
 	test(tc, SplitStringAtByteN)
 }
+
+func TestTruncateRunes(t *testing.T) {
+	assert.Empty(t, TruncateRunes("", 0))
+	assert.Empty(t, TruncateRunes("", 1))
+
+	assert.Empty(t, TruncateRunes("ab", 0))
+	assert.Equal(t, "a", TruncateRunes("ab", 1))
+	assert.Equal(t, "ab", TruncateRunes("ab", 2))
+	assert.Equal(t, "ab", TruncateRunes("ab", 3))
+
+	assert.Empty(t, TruncateRunes("测试", 0))
+	assert.Equal(t, "测", TruncateRunes("测试", 1))
+	assert.Equal(t, "测试", TruncateRunes("测试", 2))
+	assert.Equal(t, "测试", TruncateRunes("测试", 3))
+}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 7479ab80af..101591d5a9 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1628,6 +1628,7 @@ issues.filter_poster = Author
 issues.filter_poster_no_select = All authors
 issues.filter_type = Type
 issues.filter_type.all_issues = All issues
+issues.filter_type.all_pull_requests = All pull requests
 issues.filter_type.assigned_to_you = Assigned to you
 issues.filter_type.created_by_you = Created by you
 issues.filter_type.mentioning_you = Mentioning you
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index 8068c1c6bc..58f6d4a5f2 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -70,17 +70,6 @@ func userProfile(ctx *context.Context) {
 	ctx.Data["OpenGraphURL"] = ctx.ContextUser.HTMLURL()
 	ctx.Data["OpenGraphDescription"] = ctx.ContextUser.Description
 
-	// prepare heatmap data
-	if setting.Service.EnableUserHeatmap {
-		data, err := activities_model.GetUserHeatmapDataByUser(ctx, ctx.ContextUser, ctx.Doer)
-		if err != nil {
-			ctx.ServerError("GetUserHeatmapDataByUser", err)
-			return
-		}
-		ctx.Data["HeatmapData"] = data
-		ctx.Data["HeatmapTotalContributions"] = activities_model.GetTotalContributionsInHeatmap(data)
-	}
-
 	profileDbRepo, profileGitRepo, profileReadmeBlob, profileClose := shared_user.FindUserProfileReadme(ctx, ctx.Doer)
 	defer profileClose()
 
@@ -186,6 +175,17 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 			ctx.Data["CardsNoneMsg"] = ctx.Tr("followers.outgoing.list.none", ctx.ContextUser.Name)
 		}
 	case "activity":
+		// prepare heatmap data
+		if setting.Service.EnableUserHeatmap {
+			data, err := activities_model.GetUserHeatmapDataByUser(ctx, ctx.ContextUser, ctx.Doer)
+			if err != nil {
+				ctx.ServerError("GetUserHeatmapDataByUser", err)
+				return
+			}
+			ctx.Data["HeatmapData"] = data
+			ctx.Data["HeatmapTotalContributions"] = activities_model.GetTotalContributionsInHeatmap(data)
+		}
+
 		date := ctx.FormString("date")
 		pagingNum = setting.UI.FeedPagingNum
 		items, count, err := activities_model.GetFeeds(ctx, activities_model.GetFeedsOptions{
diff --git a/services/migrations/gitea_uploader.go b/services/migrations/gitea_uploader.go
index 55adad9685..7887dacdb1 100644
--- a/services/migrations/gitea_uploader.go
+++ b/services/migrations/gitea_uploader.go
@@ -766,7 +766,7 @@ func (g *GiteaLocalUploader) newPullRequest(pr *base.PullRequest) (*issues_model
 	issue := issues_model.Issue{
 		RepoID:      g.repo.ID,
 		Repo:        g.repo,
-		Title:       prTitle,
+		Title:       util.TruncateRunes(prTitle, 255),
 		Index:       pr.Number,
 		Content:     pr.Content,
 		MilestoneID: milestoneID,
diff --git a/templates/repo/issue/filter_list.tmpl b/templates/repo/issue/filter_list.tmpl
index ae50ac4c46..84ba6e5358 100644
--- a/templates/repo/issue/filter_list.tmpl
+++ b/templates/repo/issue/filter_list.tmpl
@@ -127,7 +127,7 @@
 		</span>
 		{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 		<div class="menu">
-			<a rel="nofollow" class="{{if eq .ViewType "all"}}active {{end}}item" href="?q={{$.Keyword}}&type=all&sort={{$.SortType}}&state={{$.State}}&labels={{.SelectLabels}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_type.all_issues"}}</a>
+			<a rel="nofollow" class="{{if eq .ViewType "all"}}active {{end}}item" href="?q={{$.Keyword}}&type=all&sort={{$.SortType}}&state={{$.State}}&labels={{.SelectLabels}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_type.all_pull_requests"}}</a>
 			<a rel="nofollow" class="{{if eq .ViewType "assigned"}}active {{end}}item" href="?q={{$.Keyword}}&type=assigned&sort={{$.SortType}}&state={{$.State}}&labels={{.SelectLabels}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_type.assigned_to_you"}}</a>
 			<a rel="nofollow" class="{{if eq .ViewType "created_by"}}active {{end}}item" href="?q={{$.Keyword}}&type=created_by&sort={{$.SortType}}&state={{$.State}}&labels={{.SelectLabels}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_type.created_by_you"}}</a>
 			{{if .PageIsPullList}}
diff --git a/web_src/js/components/DashboardRepoList.vue b/web_src/js/components/DashboardRepoList.vue
index 4b48376088..58c5461baa 100644
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@@ -411,7 +411,7 @@ export default sfc; // activate the IDE's Vue plugin
                 <svg-icon name="octicon-archive" :size="16"/>
               </div>
             </a>
-            <a class="tw-flex tw-items-center" v-if="repo.latest_commit_status" :href="repo.latest_commit_status.TargetURL" :data-tooltip-content="repo.locale_latest_commit_status">
+            <a class="tw-flex tw-items-center" v-if="repo.latest_commit_status" :href="repo.latest_commit_status.TargetURL || null" :data-tooltip-content="repo.locale_latest_commit_status">
               <!-- the commit status icon logic is taken from templates/repo/commit_status.tmpl -->
               <svg-icon :name="statusIcon(repo.latest_commit_status.State)" :class="'tw-ml-2 commit-status icon text ' + statusColor(repo.latest_commit_status.State)" :size="16"/>
             </a>

From 9caa3c6c5fc34a40d313ab3a2c52d2b1469a1f9f Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 18 Jun 2025 00:32:14 +0200
Subject: [PATCH 09/39] Update dependency eslint-plugin-wc to v3 (forgejo)
 (#8215) Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
 Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>

---
 package-lock.json | 16 ++++++++--------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 40601d8536..e506928512 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -84,7 +84,7 @@
         "eslint-plugin-vitest-globals": "1.5.0",
         "eslint-plugin-vue": "10.2.0",
         "eslint-plugin-vue-scoped-css": "2.10.0",
-        "eslint-plugin-wc": "2.2.1",
+        "eslint-plugin-wc": "3.0.1",
         "globals": "16.1.0",
         "happy-dom": "18.0.0",
         "license-checker-rseidelsohn": "4.4.2",
@@ -7683,14 +7683,14 @@
       }
     },
     "node_modules/eslint-plugin-wc": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-2.2.1.tgz",
-      "integrity": "sha512-KstLqGmyQz088DvFlDYHg0sHih+w2QeulreCi1D1ftr357klO2zqHdG/bbnNMmuQdVFDuNkopNIyNhmG0XCT/g==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-3.0.1.tgz",
+      "integrity": "sha512-0p1wkSlA2Ue3FA4qW+5LZ+15sy0p1nUyVl1eyBMLq4rtN1LtE9IdI49BXNWMz8N8bM/y7Ulx8SWGAni5f8XO5g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "is-valid-element-name": "^1.0.0",
-        "js-levenshtein-esm": "^1.2.0"
+        "js-levenshtein-esm": "^2.0.0"
       },
       "peerDependencies": {
         "eslint": ">=8.40.0"
@@ -9692,9 +9692,9 @@
       }
     },
     "node_modules/js-levenshtein-esm": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/js-levenshtein-esm/-/js-levenshtein-esm-1.2.0.tgz",
-      "integrity": "sha512-fzreKVq1eD7eGcQr7MtRpQH94f8gIfhdrc7yeih38xh684TNMK9v5aAu2wxfIRMk/GpAJRrzcirMAPIaSDaByQ==",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/js-levenshtein-esm/-/js-levenshtein-esm-2.0.0.tgz",
+      "integrity": "sha512-1n4LEPOL4wRXY8rOQcuA7Iuaphe5xCMayvufCzlLAi+hRsnBRDbSS6XPuV58CBVJxj5D9ApFLyjQ7KzFToyHBw==",
       "dev": true,
       "license": "MIT"
     },
diff --git a/package.json b/package.json
index b4d170fdb9..dde1c64852 100644
--- a/package.json
+++ b/package.json
@@ -83,7 +83,7 @@
     "eslint-plugin-vitest-globals": "1.5.0",
     "eslint-plugin-vue": "10.2.0",
     "eslint-plugin-vue-scoped-css": "2.10.0",
-    "eslint-plugin-wc": "2.2.1",
+    "eslint-plugin-wc": "3.0.1",
     "globals": "16.1.0",
     "happy-dom": "18.0.0",
     "license-checker-rseidelsohn": "4.4.2",

From fc69250f0fab0b3bec00b0391148561a8ff6a3b8 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 18 Jun 2025 06:34:30 +0200
Subject: [PATCH 10/39] Update module github.com/minio/minio-go/v7 to v7.0.94
 (forgejo) (#8217)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | require | patch | `v7.0.93` -> `v7.0.94` |

---

### Release Notes

<details>
<summary>minio/minio-go (github.com/minio/minio-go/v7)</summary>

### [`v7.0.94`](https://github.com/minio/minio-go/compare/v7.0.93...v7.0.94)

[Compare Source](https://github.com/minio/minio-go/compare/v7.0.93...v7.0.94)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC41Ny4xIiwidXBkYXRlZEluVmVyIjoiNDAuNTcuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8217
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b993bcbe3b..b8b2344d89 100644
--- a/go.mod
+++ b/go.mod
@@ -76,7 +76,7 @@ require (
 	github.com/meilisearch/meilisearch-go v0.31.0
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.93
+	github.com/minio/minio-go/v7 v7.0.94
 	github.com/msteinert/pam/v2 v2.1.0
 	github.com/nektos/act v0.2.52
 	github.com/niklasfasching/go-org v1.8.0
diff --git a/go.sum b/go.sum
index d6c7b2c6a5..7f16dc54a8 100644
--- a/go.sum
+++ b/go.sum
@@ -411,8 +411,8 @@ github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY
 github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.93 h1:lAB4QJp8Nq3vDMOU0eKgMuyBiEGMNlXQ5Glc8qAxqSU=
-github.com/minio/minio-go/v7 v7.0.93/go.mod h1:71t2CqDt3ThzESgZUlU1rBN54mksGGlkLcFgguDnnAc=
+github.com/minio/minio-go/v7 v7.0.94 h1:1ZoksIKPyaSt64AVOyaQvhDOgVC3MfZsWM6mZXRUGtM=
+github.com/minio/minio-go/v7 v7.0.94/go.mod h1:71t2CqDt3ThzESgZUlU1rBN54mksGGlkLcFgguDnnAc=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=

From 34987a2be7f997e1d32e1bf062678254b9681b2f Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 18 Jun 2025 08:07:21 +0200
Subject: [PATCH 11/39] Update module code.forgejo.org/forgejo/act to v1.28.0
 (forgejo) (#8219)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [code.forgejo.org/forgejo/act](https://code.forgejo.org/forgejo/act) | replace | minor | `v1.26.0` -> `v1.28.0` |

---

### Release Notes

<details>
<summary>forgejo/act (code.forgejo.org/forgejo/act)</summary>

### [`v1.28.0`](https://code.forgejo.org/forgejo/act/compare/v1.27.0...v1.28.0)

[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.27.0...v1.28.0)

### [`v1.27.0`](https://code.forgejo.org/forgejo/act/compare/v1.26.0...v1.27.0)

[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.26.0...v1.27.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC41Ny4xIiwidXBkYXRlZEluVmVyIjoiNDAuNTcuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8219
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b8b2344d89..87755b206a 100644
--- a/go.mod
+++ b/go.mod
@@ -242,7 +242,7 @@ require (
 
 replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
 
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.26.0
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.28.0
 
 replace github.com/mholt/archiver/v3 => code.forgejo.org/forgejo/archiver/v3 v3.5.1
 
diff --git a/go.sum b/go.sum
index 7f16dc54a8..54710930e8 100644
--- a/go.sum
+++ b/go.sum
@@ -4,8 +4,8 @@ code.forgejo.org/f3/gof3/v3 v3.11.0 h1:f/xToKwqTgxG6PYxvewywjDQyCcyHEEJ6sZqUitFs
 code.forgejo.org/f3/gof3/v3 v3.11.0/go.mod h1:4FaRUNSQGBiD1M0DuB0yNv+Z2wMtlOeckgygHSSq4KQ=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251 h1:HTZl3CBk3ABNYtFI6TPLvJgGKFIhKT5CBk0sbOtkDKU=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
-code.forgejo.org/forgejo/act v1.26.0 h1:6mTmoaw7d/WpYiw/Pw6AaypxFdgJog5OFi/PMEgEbxs=
-code.forgejo.org/forgejo/act v1.26.0/go.mod h1:HFDFrXPrqfM9aH2RCnMiBdo/3ThxDmZjp58InPjGOfo=
+code.forgejo.org/forgejo/act v1.28.0 h1:96njNC7C1YNyjWq5OWvLZMF/nw0PMthzIA8Nwbnn7jo=
+code.forgejo.org/forgejo/act v1.28.0/go.mod h1:dFuiwAmD5vyrzecysHB2kL/GM3wRpoVPl+WdbCTC8Bs=
 code.forgejo.org/forgejo/archiver/v3 v3.5.1 h1:UmmbA7D5550uf71SQjarmrn6yKwOGxtEjb3jaYYtmSE=
 code.forgejo.org/forgejo/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0 h1:RZGGeKt70p/WaIEL97pyT6uiiEIoN8/aLmS5Z6WmX0M=

From e934d0a3f3902dd86e96271c5c5dcc231acbdd13 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Wed, 18 Jun 2025 10:56:30 +0200
Subject: [PATCH 12/39] fix(tests): TestInitInstructions must use
 forEachObjectFormat (#8220)

Otherwise it [fails with older git versions](https://codeberg.org/forgejo-integration/forgejo/actions/runs/10341/jobs/1#jobstep-5-2706).

```
--- FAIL: TestInitInstructions (0.12s)
    testlogger.go:411: 2025/06/18 00:32:37 ...les/storage/local.go:33:NewLocalStorage() [I] Creating new Local Storage at /workspace/***/forgejo/tests/gitea-lfs-meta
    testlogger.go:411: 2025/06/18 00:32:37 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/login for test-mock:12345, 200 OK in 4.7ms @ auth/auth.go:145(auth.SignIn)
    testlogger.go:411: 2025/06/18 00:32:37 ...eb/routing/logger.go:102:func1() [I] router: completed POST /user/login for test-mock:12345, 303 See Other in 3.8ms @ auth/auth.go:179(auth.SignInPost)
    repo_test.go:1456:
        	Error Trace:	/workspace/***/forgejo/tests/test_utils.go:383
        	            				/workspace/***/forgejo/tests/integration/repo_test.go:1456
        	Error:      	Received unexpected error:
        	            	initRepository: git.InitRepository: invalid object format: sha256
        	Test:       	TestInitInstructions
```

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8220
Reviewed-by: Antonin Delpeuch <wetneb@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 tests/integration/repo_test.go | 61 ++++++++++++----------------------
 1 file changed, 22 insertions(+), 39 deletions(-)

diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 19e8553bb2..b66726a3e6 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -1453,51 +1453,34 @@ func TestInitInstructions(t *testing.T) {
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 	session := loginUser(t, user.Name)
 
-	sha256Repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-		Name:         optional.Some("sha256-instruction"),
-		AutoInit:     optional.Some(false),
-		EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeCode}),
-		ObjectFormat: optional.Some("sha256"),
-	})
-	defer f()
-
-	sha1Repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-		Name:         optional.Some("sha1-instruction"),
-		AutoInit:     optional.Some(false),
-		EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeCode}),
-		ObjectFormat: optional.Some("sha1"),
-	})
-	defer f()
-
-	portMatcher := regexp.MustCompile(`localhost:\d+`)
-
-	t.Run("sha256", func(t *testing.T) {
+	forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
 		defer tests.PrintCurrentTest(t)()
+		name := objectFormat.Name()
+		var init string
+		if name == "sha1" {
+			init = "git init"
+		} else {
+			init = fmt.Sprintf("git init --object-format=%s", name)
+		}
 
-		resp := session.MakeRequest(t, NewRequest(t, "GET", "/"+sha256Repo.FullName()), http.StatusOK)
+		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
+			Name:         optional.Some(name + "-instruction"),
+			AutoInit:     optional.Some(false),
+			EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeCode}),
+			ObjectFormat: optional.Some(name),
+		})
+		defer f()
+
+		portMatcher := regexp.MustCompile(`localhost:\d+`)
+		resp := session.MakeRequest(t, NewRequest(t, "GET", "/"+repo.FullName()), http.StatusOK)
 
 		htmlDoc := NewHTMLParser(t, resp.Body)
-		assert.Equal(t, `touch README.md
-git init --object-format=sha256
+		assert.Equal(t, fmt.Sprintf(`touch README.md
+%s
 git switch -c main
 git add README.md
 git commit -m "first commit"
-git remote add origin http://localhost/user2/sha256-instruction.git
-git push -u origin main`, portMatcher.ReplaceAllString(htmlDoc.Find(".empty-repo-guide code").First().Text(), "localhost"))
-	})
-
-	t.Run("sha1", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		resp := session.MakeRequest(t, NewRequest(t, "GET", "/"+sha1Repo.FullName()), http.StatusOK)
-
-		htmlDoc := NewHTMLParser(t, resp.Body)
-		assert.Equal(t, `touch README.md
-git init
-git switch -c main
-git add README.md
-git commit -m "first commit"
-git remote add origin http://localhost/user2/sha1-instruction.git
-git push -u origin main`, portMatcher.ReplaceAllString(htmlDoc.Find(".empty-repo-guide code").First().Text(), "localhost"))
+git remote add origin http://localhost/user2/%s-instruction.git
+git push -u origin main`, init, name), portMatcher.ReplaceAllString(htmlDoc.Find(".empty-repo-guide code").First().Text(), "localhost"))
 	})
 }

From b1e75421c117b9c4af1b8d0f1495b8d7fced2915 Mon Sep 17 00:00:00 2001
From: Earl Warren <earl-warren@noreply.codeberg.org>
Date: Wed, 18 Jun 2025 11:31:23 +0200
Subject: [PATCH 13/39] chore(release-notes): Forgejo v11.0.2 (#8224)

Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8224
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
---
 release-notes-published/11.0.2.md | 33 +++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 release-notes-published/11.0.2.md

diff --git a/release-notes-published/11.0.2.md b/release-notes-published/11.0.2.md
new file mode 100644
index 0000000000..a1a8549984
--- /dev/null
+++ b/release-notes-published/11.0.2.md
@@ -0,0 +1,33 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7986) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7991)): <!--number 7991 --><!--line 0 --><!--description ZmVhdDogbWFrZSBGb3JnZWpvIEFjdGlvbnMgc2VydmVyIGxvZ3MgbGVzcyBub2lzeQ==-->feat: make Forgejo Actions server logs less noisy<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8155) ([backported](https://codeberg.org/forgejo/forgejo/pulls/8167)): <!--number 8167 --><!--line 0 --><!--description Zml4OiBkbyBub3QgZmFpbCB3aGVuIHJlbGVhc2Ugb3Igd2lraSBpcyBzZXQgaW4gYC9yZXBvcy9taWdyYXRlYCBBUEk=-->fix: do not fail when release or wiki is set in `/repos/migrate` API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7976) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7985)): <!--number 7985 --><!--line 0 --><!--description Zml4OiBpZ25vcmUgZXhwaXJlZCBhcnRpZmFjdHMgZm9yIHF1b3RhIGNhbGN1bGF0aW9u-->fix: ignore expired artifacts for quota calculation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7979) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7983)): <!--number 7983 --><!--line 0 --><!--description Zml4OiBwdWxsIHJlcXVlc3QgY3Jvc3MgcmVmZXJlbmNlcw==-->fix: pull request cross references<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7883) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7886)): <!--number 7886 --><!--line 0 --><!--description Zml4OiBxdW90ZSByZXBseSBpbiBDaHJvbWl1bQ==-->fix: quote reply in Chromium<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7775) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7779)): <!--number 7779 --><!--line 0 --><!--description Zml4OiBtYWtlIGhhc2ggcGF0dGVybiBtb3JlIHN0cmljdA==-->fix: make hash pattern more strict<!--description-->
+- Included for completeness but not worth a release note
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8112) ([backported](https://codeberg.org/forgejo/forgejo/pulls/8120)): <!--number 8120 --><!--line 0 --><!--description Zml4OiByZW1vdmUgZG93bmxvYWQgYXR0cmlidXRlIGZyb20gZXh0ZXJuYWwgYXNzZXRz-->fix: remove download attribute from external assets<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8110): <!--number 8110 --><!--line 0 --><!--description VXBkYXRlIGJsZXZlIHRvIHYyLjUuMiB3aXRoIGNoYW5nZXMgbWFkZSBpbiBiYWNrcG9ydCBvZiAyLjUuMA==-->Update bleve to v2.5.2 with changes made in backport of 2.5.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8094) ([backported](https://codeberg.org/forgejo/forgejo/pulls/8095)): <!--number 8095 --><!--line 0 --><!--description Zml4OiBzaG93IG1lbWJlcnNoaXAgb2YgbGltaXRlZCBvcmdz-->fix: show membership of limited orgs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8059): <!--number 8059 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjQuMyAodjExLjAvZm9yZ2Vqbyk=-->Update dependency go to v1.24.3 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8057): <!--number 8057 --><!--line 0 --><!--description Y2hvcmU6IGRyb3AgdW51c2VkIGBAdHlwZXNjcmlwdC1lc2xpbnQvcGFyc2VyYCBwYWNrYWdl-->chore: drop unused `@typescript-eslint/parser` package<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8021) ([backported](https://codeberg.org/forgejo/forgejo/pulls/8022)): <!--number 8022 --><!--line 0 --><!--description Y2hvcmUoY2xlYW51cCk6IHN1cHByZXNzIG5vbiBhY3Rpb25hYmxlIFhPUk0gd2FybmluZ3M=-->chore(cleanup): suppress non actionable XORM warnings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7987) ([backported](https://codeberg.org/forgejo/forgejo/pulls/8000)): <!--number 8000 --><!--line 0 --><!--description Zml4OiBhZ2dyZWdhdGUgZGVsZXRlZCB0ZWFtIGFzIGdob3N0IHRlYW0=-->fix: aggregate deleted team as ghost team<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7925) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7937)): <!--number 7937 --><!--line 0 --><!--description Zml4KHVpKTogY2VudGVyIGZvb3RlciBsaW5rcw==-->fix(ui): center footer links<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7894) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7903)): <!--number 7903 --><!--line 0 --><!--description Zml4KHVpKTogZml4IGZvcmNlLXB1c2ggY29tcGFyZSBsaW5lIGxheW91dA==-->fix(ui): fix force-push compare line layout<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7884) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7887)): <!--number 7887 --><!--line 0 --><!--description Zml4OiBwYXJzZSBgY2hhbmdlLWlkYCBpbiB0aGUgZ2l0IGNvbW1pdCBoZWFkZXI=-->fix: parse `change-id` in the git commit header<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7885): <!--number 7885 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2JsZXZlc2VhcmNoL2JsZXZlL3YyIHRvIHYyLjUuMSAodjExLjAvZm9yZ2VqbykgLSBhYmFuZG9uZWQ=-->Update module github.com/blevesearch/bleve/v2 to v2.5.1 (v11.0/forgejo) - abandoned<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7746) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7871)): <!--number 7871 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBmb3JjZS1wdXNoIGNvbXBhcmUgbGluZSBsYXlvdXQ=-->fix(ui): improve force-push compare line layout<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7640) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7869)): <!--number 7869 --><!--line 0 --><!--description Zml4OiBSZW1vdmUgImNyZWF0ZSBicmFuY2giIGJ1dHRvbiBvbiBtaXJyb3JlZCByZXBvcw==-->fix: Remove "create branch" button on mirrored repos<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7858): <!--number 7858 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21zdGVpbmVydC9wYW0vdjIgdG8gdjIuMS4wICh2MTEuMC9mb3JnZWpvKQ==-->Update module github.com/msteinert/pam/v2 to v2.1.0 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7817) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7821)): <!--number 7821 --><!--line 0 --><!--description Zml4OiByZXBsYWNlIMOfIHdpdGggc3MgaW4gbm9ybWFsaXplVXNlck5hbWU=-->fix: replace ß with ss in normalizeUserName<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7784) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7786)): <!--number 7786 --><!--line 0 --><!--description Zml4KGFwaSk6IGRvY3VtZW50IGBpc19zeXN0ZW1fd2ViaG9va2AgZmllbGQ=-->fix(api): document `is_system_webhook` field<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7773) ([backported](https://codeberg.org/forgejo/forgejo/pulls/7774)): <!--number 7774 --><!--line 0 --><!--description Zml4OiByZW1vdmUgYXJ0aWZpY2lhbCBkZWxheSBmb3IgUFIgdXBkYXRl-->fix: remove artificial delay for PR update<!--description-->
+<!--end release-notes-assistant-->

From 321561d315a05e22bfdf49b08d9b133c8c12cd6c Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 18 Jun 2025 12:47:18 +0200
Subject: [PATCH 14/39] Update data.forgejo.org/oci/alpine Docker tag to v3.22
 (forgejo) (#8218)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8218
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/testdata/build-release/Dockerfile | 2 +-
 Dockerfile                                 | 4 ++--
 Dockerfile.rootless                        | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.forgejo/testdata/build-release/Dockerfile b/.forgejo/testdata/build-release/Dockerfile
index d10564359e..09cce06c47 100644
--- a/.forgejo/testdata/build-release/Dockerfile
+++ b/.forgejo/testdata/build-release/Dockerfile
@@ -1,4 +1,4 @@
-FROM data.forgejo.org/oci/alpine:3.21
+FROM data.forgejo.org/oci/alpine:3.22
 ARG RELEASE_VERSION=unkown
 LABEL maintainer="contact@forgejo.org" \
       org.opencontainers.image.version="${RELEASE_VERSION}"
diff --git a/Dockerfile b/Dockerfile
index 397e97acb1..322e2c61a2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/xx AS xx
 
-FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.24-alpine3.21 AS build-env
+FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.24-alpine3.22 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://proxy.golang.org,direct}
@@ -51,7 +51,7 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
               /go/src/forgejo.org/environment-to-ini
 RUN chmod 644 /go/src/forgejo.org/contrib/autocompletion/bash_autocomplete
 
-FROM data.forgejo.org/oci/alpine:3.21
+FROM data.forgejo.org/oci/alpine:3.22
 ARG RELEASE_VERSION
 LABEL maintainer="contact@forgejo.org" \
       org.opencontainers.image.authors="Forgejo" \
diff --git a/Dockerfile.rootless b/Dockerfile.rootless
index 9ee71f64e0..6a3abaa4b9 100644
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/xx AS xx
 
-FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.24-alpine3.21 AS build-env
+FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.24-alpine3.22 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://proxy.golang.org,direct}
@@ -49,7 +49,7 @@ RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
               /go/src/forgejo.org/environment-to-ini
 RUN chmod 644 /go/src/forgejo.org/contrib/autocompletion/bash_autocomplete
 
-FROM data.forgejo.org/oci/alpine:3.21
+FROM data.forgejo.org/oci/alpine:3.22
 ARG RELEASE_VERSION
 LABEL maintainer="contact@forgejo.org" \
       org.opencontainers.image.authors="Forgejo" \

From ae00a1d61b40cf2cd1372585d729256a92d265fb Mon Sep 17 00:00:00 2001
From: Danko Aleksejevs <danko@very.lv>
Date: Wed, 18 Jun 2025 12:58:31 +0200
Subject: [PATCH 15/39] fix: Remove 1ms delay before inserting list prefix, fix
 race condition in tests (#8207)

Fixed the race condition that made the existing E2E tests fail. There was a 1ms delay between inserting a newline and the line prefix to facilitate creation of two "undo" entries (so "ctrl+z" basically undoes the list continuation, but not the newline). Thus scripted text changes may have happened out of order.

This only ever reliably worked in Firefox and seems to still work there even without a timeout.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8207
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Danko Aleksejevs <danko@very.lv>
Co-committed-by: Danko Aleksejevs <danko@very.lv>
---
 web_src/js/features/comp/ComboMarkdownEditor.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/web_src/js/features/comp/ComboMarkdownEditor.js b/web_src/js/features/comp/ComboMarkdownEditor.js
index 21bc7e694f..5f452b3802 100644
--- a/web_src/js/features/comp/ComboMarkdownEditor.js
+++ b/web_src/js/features/comp/ComboMarkdownEditor.js
@@ -587,9 +587,7 @@ class ComboMarkdownEditor {
     // Split the newline and prefix addition in two, so that it's two separate undo entries in Firefox
     // Chrome seems to bundle everything together more aggressively, even with prior text input.
     if (document.execCommand('insertText', false, '\n')) {
-      setTimeout(() => {
-        document.execCommand('insertText', false, text);
-      }, 1);
+      document.execCommand('insertText', false, text);
     } else {
       this.textarea.setRangeText(`\n${text}`);
     }

From 1879ce8efeac1d60ee490d571674107b85f6d610 Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Tue, 17 Jun 2025 23:33:56 +0200
Subject: [PATCH 16/39] fix(ui): issue comment anchor on time stamp

---
 options/locale/locale_en-US.ini               | 22 +++++++++----------
 .../repo/issue/view_content/comments.tmpl     | 17 +++++++-------
 2 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 7479ab80af..057edda3a5 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1693,15 +1693,13 @@ issues.close_comment_issue = Close with comment
 issues.reopen_issue = Reopen
 issues.reopen_comment_issue = Reopen with comment
 issues.create_comment = Comment
-issues.closed_at = `closed this issue <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.reopened_at = `reopened this issue <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.commit_ref_at = `referenced this issue from a commit <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_issue_from = `<a href="%[3]s">referenced this issue %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_pull_from = `<a href="%[3]s">referenced this pull request %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_closing_from = `<a href="%[3]s">referenced this issue from a pull request %[4]s that will close it</a>, <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_reopening_from = `<a href="%[3]s">referenced this issue from a pull request %[4]s that will reopen it</a>, <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_closed_from = `<a href="%[3]s">closed this issue %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-issues.ref_reopened_from = `<a href="%[3]s">reopened this issue %[4]s</a> <a id="%[1]s" href="#%[1]s">%[2]s</a>`
+issues.closed_at = `closed this issue %s`
+issues.reopened_at = `reopened this issue %s`
+issues.commit_ref_at = `referenced this issue from a commit %s`
+issues.ref_issue_from = `<a href="%[2]s">referenced this issue %[3]s</a> %[1]s`
+issues.ref_pull_from = `<a href="%[2]s">referenced this pull request %[3]s</a> %[1]s`
+issues.ref_closing_from = `<a href="%[2]s">referenced this issue from a pull request %[3]s that will close it</a>, %[1]s`
+issues.ref_reopening_from = `<a href="%[2]s">referenced this issue from a pull request %[3]s that will reopen it</a>, %[1]s`
 issues.ref_from = `from %[1]s`
 issues.author = Author
 issues.author.tooltip.issue = This user is the author of this issue.
@@ -2013,9 +2011,9 @@ pulls.update_branch_success = Branch update was successful
 pulls.update_not_allowed = You are not allowed to update branch
 pulls.outdated_with_base_branch = This branch is out-of-date with the base branch
 pulls.close = Close pull request
-pulls.closed_at = `closed this pull request <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-pulls.reopened_at = `reopened this pull request <a id="%[1]s" href="#%[1]s">%[2]s</a>`
-pulls.commit_ref_at = `referenced this pull request from a commit <a id="%[1]s" href="#%[1]s">%[2]s</a>`
+pulls.closed_at = `closed this pull request %s`
+pulls.reopened_at = `reopened this pull request %s`
+pulls.commit_ref_at = `referenced this pull request from a commit %s`
 pulls.cmd_instruction_hint = View command line instructions
 pulls.cmd_instruction_checkout_title = Checkout
 pulls.cmd_instruction_checkout_desc = From your project repository, check out a new branch and test the changes.
diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl
index 9eb9307f9f..aca77a92e5 100644
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@@ -1,7 +1,7 @@
 {{template "base/alert"}}
 {{range .Issue.Comments}}
 	{{if call $.ShouldShowCommentType .Type}}
-		{{$createdStr:= DateUtils.TimeSince .CreatedUnix}}
+		{{$createdStr := HTMLFormat `<a id="%s" href="#%s">%s</a>` .EventTag .HashTag (DateUtils.TimeSince .CreatedUnix)}}
 
 		<!-- 0 = COMMENT, 1 = REOPEN, 2 = CLOSE, 3 = ISSUE_REF, 4 = COMMIT_REF,
 		5 = COMMENT_REF, 6 = PULL_REF, 7 = COMMENT_LABEL, 8 = MILESTONE_CHANGE,
@@ -87,9 +87,9 @@
 				<span class="text grey muted-links">
 					{{template "repo/issue/view_content/comments_authorlink" dict "ctxData" $ "comment" .}}
 					{{if .Issue.IsPull}}
-						{{ctx.Locale.Tr "repo.pulls.reopened_at" .EventTag $createdStr}}
+						{{ctx.Locale.Tr "repo.pulls.reopened_at" $createdStr}}
 					{{else}}
-						{{ctx.Locale.Tr "repo.issues.reopened_at" .EventTag $createdStr}}
+						{{ctx.Locale.Tr "repo.issues.reopened_at" $createdStr}}
 					{{end}}
 				</span>
 			</div>
@@ -102,9 +102,9 @@
 				<span class="text grey muted-links">
 					{{template "repo/issue/view_content/comments_authorlink" dict "ctxData" $ "comment" .}}
 					{{if .Issue.IsPull}}
-						{{ctx.Locale.Tr "repo.pulls.closed_at" .EventTag $createdStr}}
+						{{ctx.Locale.Tr "repo.pulls.closed_at" $createdStr}}
 					{{else}}
-						{{ctx.Locale.Tr "repo.issues.closed_at" .EventTag $createdStr}}
+						{{ctx.Locale.Tr "repo.issues.closed_at" $createdStr}}
 					{{end}}
 				</span>
 			</div>
@@ -137,14 +137,13 @@
 			{{else if eq .RefAction 2}}
 				{{$refTr = "repo.issues.ref_reopening_from"}}
 			{{end}}
-			{{$createdStr:= DateUtils.TimeSince .CreatedUnix}}
 			<div class="timeline-item event" id="{{.HashTag}}">
 				<span class="badge">{{svg "octicon-bookmark"}}</span>
 				{{template "shared/user/avatarlink" dict "user" .Poster}}
 				{{if eq .RefAction 3}}<del>{{end}}
 				<span class="text grey muted-links">
 					{{template "shared/user/authorlink" .Poster}}
-					{{ctx.Locale.Tr $refTr .EventTag $createdStr (.RefCommentLink ctx) $refFrom}}
+					{{ctx.Locale.Tr $refTr $createdStr (.RefCommentLink ctx) $refFrom}}
 				</span>
 				{{if eq .RefAction 3}}</del>{{end}}
 
@@ -159,9 +158,9 @@
 				<span class="text grey muted-links">
 					{{template "shared/user/authorlink" .Poster}}
 					{{if .Issue.IsPull}}
-						{{ctx.Locale.Tr "repo.pulls.commit_ref_at" .EventTag $createdStr}}
+						{{ctx.Locale.Tr "repo.pulls.commit_ref_at" $createdStr}}
 					{{else}}
-						{{ctx.Locale.Tr "repo.issues.commit_ref_at" .EventTag $createdStr}}
+						{{ctx.Locale.Tr "repo.issues.commit_ref_at" $createdStr}}
 					{{end}}
 				</span>
 				<div class="detail flex-text-block">

From 1e114a122554828e49ce420bff210186a704f4cd Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Wed, 18 Jun 2025 17:14:00 +0200
Subject: [PATCH 17/39] chore(ui): add integration tests for issue comments

---
 models/fixtures/comment.yml             | 301 +++++++++++++++++++++++
 tests/integration/issue_comment_test.go | 311 ++++++++++++++++++++++++
 2 files changed, 612 insertions(+)
 create mode 100644 tests/integration/issue_comment_test.go

diff --git a/models/fixtures/comment.yml b/models/fixtures/comment.yml
index 2c47196c05..34407d6f81 100644
--- a/models/fixtures/comment.yml
+++ b/models/fixtures/comment.yml
@@ -153,3 +153,304 @@
   issue_id: 19 # in repo_id 58
   content: '{"is_force_push":true,"commit_ids":["1978192d98bb1b65e11c2cf37da854fbf94bffd6", "9b93963cf6de4dc33f915bb67f192d099c301f43"]}'
   created_unix: 1749734240
+
+-
+  id: 2000
+  type: 8 # milestone
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  milestone_id: 1
+  old_milestone_id: 0
+  created_unix: 946684820
+
+-
+  id: 2001
+  type: 8 # milestone
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  milestone_id: 2
+  old_milestone_id: 1
+  created_unix: 946684920
+
+-
+  id: 2002
+  type: 8 # milestone
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  milestone_id: 0
+  old_milestone_id: 2
+  created_unix: 946685020
+
+-
+  id: 2003
+  type: 8 # milestone
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  milestone_id: 10 # not exsting milestone
+  old_milestone_id: 0
+  created_unix: 946685080
+
+-
+  id: 2010
+  type: 30 # project
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  project_id: 1
+  old_project_id: 0
+  created_unix: 946685120
+
+-
+  id: 2011
+  type: 30 # project
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  project_id: 2
+  old_project_id: 1
+  created_unix: 946685220
+
+-
+  id: 2012
+  type: 30 # project
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  project_id: 0
+  old_project_id: 2
+  created_unix: 946685320
+
+-
+  id: 2013
+  type: 30 # project
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  project_id: 10 # not existing project
+  old_project_id: 0
+  created_unix: 946685420
+
+-
+  id: 2020
+  type: 7 # label
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  label_id: 1
+  content: 1 # add label
+  created_unix: 946685520
+
+-
+  id: 2021
+  type: 7 # label
+  poster_id: 1
+  issue_id: 1
+  label_id: 2
+  content: 1 # add label
+  created_unix: 946685620
+
+-
+  id: 2022
+  type: 7 # label
+  poster_id: 2
+  issue_id: 1 # in repo_id 1
+  label_id: 1
+  content: 0 # remove label
+  created_unix: 946685720
+
+-
+  id: 2023
+  type: 7 # label
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  label_id: 1
+  content: 1 # add label
+  created_unix: 946685720
+
+-
+  id: 2024
+  type: 7 # label
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  label_id: 2
+  content: 0 # remove label
+  created_unix: 946685720
+
+-
+  id: 2025
+  type: 7 # label
+  poster_id: 2
+  issue_id: 1 # in repo_id 1
+  label_id: 2
+  content: 1 # add label
+  created_unix: 946685820
+
+-
+  id: 2026
+  type: 7 # label
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  label_id: 1
+  content: 0 # remove label
+  created_unix: 946685920
+
+-
+  id: 2027
+  type: 7 # label
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  label_id: 2
+  content: 0 # remove label
+  created_unix: 946685920
+
+- id: 2040
+  type: 9 # assignee
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  assignee_id: 1 # self
+  removed_assignee: false # add assignee
+  created_unix: 946688020
+
+- id: 2041
+  type: 9 # assignee
+  poster_id: 2
+  issue_id: 1 # in repo_id 1
+  assignee_id: 1
+  removed_assignee: true # remove assignee
+  created_unix: 946688120
+
+- id: 2042
+  type: 9 # assignee
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  assignee_id: 2
+  removed_assignee: false # add assignee
+  created_unix: 946688220
+
+- id: 2043
+  type: 9 # assignee
+  poster_id: 2
+  issue_id: 1 # in repo_id 1
+  assignee_id: 2 # self
+  removed_assignee: true # remove assignee
+  created_unix: 946688320
+
+- id: 2050
+  type: 23 # lock
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  created_unix: 946688420
+
+- id: 2051
+  type: 24 # unlock
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  created_unix: 946688520
+
+- id: 2052
+  type: 23 # lock
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  content: "Too heated"
+  created_unix: 946688620
+
+- id: 2053
+  type: 24 # unlock
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  created_unix: 946688720
+
+- id: 2060
+  type: 36 # pin
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  created_unix: 946688820
+
+- id: 2061
+  type: 37 # unpin
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  created_unix: 946688920
+
+- id: 2070
+  type: 2 # close
+  poster_id: 1
+  issue_id: 1 # in repo_id 1
+  created_unix: 946689020
+
+- id: 2071
+  type: 1 # reopen
+  poster_id: 2
+  issue_id: 1 # in repo_id 1
+  created_unix: 946689220
+
+- id: 2072
+  type: 2 # close
+  poster_id: 1
+  issue_id: 2 # pull in repo_id 1
+  created_unix: 946689320
+
+- id: 2073
+  type: 1 # reopen
+  poster_id: 2
+  issue_id: 2 # pull in repo_id 1
+  created_unix: 946689420
+
+- id: 2080
+  type: 3 # issue reference
+  poster_id: 1
+  issue_id: 1 # issue in repo_id 1
+  ref_repo_id: 1
+  ref_issue_id: 5 # issue in repo_id 1
+  created_unix: 946689500
+
+- id: 2081
+  type: 3 # issue reference
+  poster_id: 1
+  issue_id: 1 # issue in repo_id 1
+  ref_repo_id: 1
+  ref_issue_id: 2 # pull in repo_id 1
+  created_unix: 946689600
+
+- id: 2082
+  type: 3 # issue reference
+  poster_id: 1
+  issue_id: 1 # issue in repo_id 1
+  ref_repo_id: 32
+  ref_issue_id: 16 # issue in repo_id 32
+  created_unix: 946689700
+
+- id: 2083
+  type: 3 # issue reference
+  poster_id: 1
+  issue_id: 1 # issue in repo_id 1
+  ref_repo_id: 10
+  ref_issue_id: 8 # pull in repo_id 10
+  created_unix: 946689800
+
+- id: 2090
+  type: 6 # pull reference
+  poster_id: 1
+  issue_id: 2 # pull in repo_id 1
+  ref_repo_id: 1
+  ref_issue_id: 1 # issue in repo_id 1
+  created_unix: 946689900
+
+- id: 2091
+  type: 6 # pull reference
+  poster_id: 1
+  issue_id: 2 # pull in repo_id 1
+  ref_repo_id: 1
+  ref_issue_id: 2 # pull in repo_id 1
+  created_unix: 946690000
+
+- id: 2092
+  type: 6 # pull reference
+  poster_id: 1
+  issue_id: 2 # pull in repo_id 1
+  ref_repo_id: 32
+  ref_issue_id: 16 # issue in repo_id 32
+  created_unix: 946690050
+
+- id: 2093
+  type: 6 # pull reference
+  poster_id: 1
+  issue_id: 2 # pull in repo_id 1
+  ref_repo_id: 10
+  ref_issue_id: 8 # pull in repo_id 10
+  created_unix: 946690100
diff --git a/tests/integration/issue_comment_test.go b/tests/integration/issue_comment_test.go
new file mode 100644
index 0000000000..a09dd7c45e
--- /dev/null
+++ b/tests/integration/issue_comment_test.go
@@ -0,0 +1,311 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+
+	"forgejo.org/tests"
+
+	"github.com/PuerkitoBio/goquery"
+	"github.com/stretchr/testify/assert"
+)
+
+func testIssueCommentChangeEvent(t *testing.T, htmlDoc *HTMLDoc, commentID string, texts, links []string) {
+	event := htmlDoc.Find("#issuecomment-" + commentID + " .text")
+
+	for _, text := range texts {
+		assert.Contains(t, strings.Join(strings.Fields(event.Text()), " "), text)
+	}
+
+	var ids []string
+	var hrefs []string
+	event.Find("a").Each(func(i int, s *goquery.Selection) {
+		if id, exists := s.Attr("id"); exists {
+			ids = append(ids, id)
+		}
+		if href, exists := s.Attr("href"); exists {
+			hrefs = append(hrefs, href)
+		}
+	})
+
+	assert.Equal(t, []string{"event-" + commentID}, ids)
+
+	issueCommentLink := "#issuecomment-" + commentID
+	found := false
+	for _, link := range links {
+		if link == issueCommentLink {
+			found = true
+			break
+		}
+	}
+	if !found {
+		links = append(links, issueCommentLink)
+	}
+	assert.Equal(t, links, hrefs)
+}
+
+func TestIssueCommentChangeMilestone(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/issues/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Add milestone
+	testIssueCommentChangeEvent(t, htmlDoc, "2000",
+		[]string{"user1 added this to the milestone1 milestone"},
+		[]string{"/user1"})
+	// []string{"/user1", "/user2/repo1/milestone/1"})
+
+	// Modify milestone
+	testIssueCommentChangeEvent(t, htmlDoc, "2001",
+		[]string{"user1 modified the milestone from milestone1 to milestone2"},
+		[]string{"/user1"})
+	// []string{"/user1", "/user2/repo1/milestone/1", "/user2/repo1/milestone/2"})
+
+	// Remove milestone
+	testIssueCommentChangeEvent(t, htmlDoc, "2002",
+		[]string{"user1 removed this from the milestone2 milestone"},
+		[]string{"/user1"})
+	// []string{"/user1", "/user2/repo1/milestone/2"})
+
+	// Deleted milestone
+	testIssueCommentChangeEvent(t, htmlDoc, "2003",
+		[]string{"user1 added this to the (deleted) milestone"},
+		[]string{"/user1"})
+}
+
+func TestIssueCommentChangeProject(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/issues/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Add project
+	testIssueCommentChangeEvent(t, htmlDoc, "2010",
+		[]string{"user1 added this to the First project project"},
+		[]string{"/user1"})
+	// []string{"/user1", "/user2/repo1/projects/1"})
+
+	// Modify project
+	testIssueCommentChangeEvent(t, htmlDoc, "2011",
+		[]string{"user1 modified the project from First project to second project"},
+		[]string{"/user1"})
+	// []string{"/user1", "/user2/repo1/projects/1", "/user2/repo1/projects/2"})
+
+	// Remove project
+	testIssueCommentChangeEvent(t, htmlDoc, "2012",
+		[]string{"user1 removed this from the second project project"},
+		[]string{"/user1"})
+	// []string{"/user1", "/user2/repo1/projects/2"})
+
+	// Deleted project
+	testIssueCommentChangeEvent(t, htmlDoc, "2013",
+		[]string{"user1 added this to the (deleted) project"},
+		[]string{"/user1"})
+}
+
+func TestIssueCommentChangeLabel(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/issues/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Add multiple labels
+	testIssueCommentChangeEvent(t, htmlDoc, "2020",
+		[]string{"user1 added the label1 label2 labels "},
+		[]string{"/user1", "/user2/repo1/issues?labels=1", "/user2/repo1/issues?labels=2"})
+	assert.Empty(t, htmlDoc.Find("#issuecomment-2021 .text").Text())
+
+	// Remove single label
+	testIssueCommentChangeEvent(t, htmlDoc, "2022",
+		[]string{"user2 removed the label1 label "},
+		[]string{"/user2", "/user2/repo1/issues?labels=1"})
+
+	// Modify labels (add and remove)
+	testIssueCommentChangeEvent(t, htmlDoc, "2023",
+		[]string{"user1 added label1 and removed label2 labels "},
+		[]string{"/user1", "/user2/repo1/issues?labels=1", "/user2/repo1/issues?labels=2"})
+	assert.Empty(t, htmlDoc.Find("#issuecomment-2024 .text").Text())
+
+	// Add single label
+	testIssueCommentChangeEvent(t, htmlDoc, "2025",
+		[]string{"user2 added the label2 label "},
+		[]string{"/user2", "/user2/repo1/issues?labels=2"})
+
+	// Remove multiple labels
+	testIssueCommentChangeEvent(t, htmlDoc, "2026",
+		[]string{"user1 removed the label1 label2 labels "},
+		[]string{"/user1", "/user2/repo1/issues?labels=1", "/user2/repo1/issues?labels=2"})
+	assert.Empty(t, htmlDoc.Find("#issuecomment-2027 .text").Text())
+}
+
+func TestIssueCommentChangeAssignee(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/issues/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Self-assign
+	testIssueCommentChangeEvent(t, htmlDoc, "2040",
+		[]string{"user1 self-assigned this"},
+		[]string{"/user1"})
+
+	// Remove other
+	testIssueCommentChangeEvent(t, htmlDoc, "2041",
+		[]string{"user1 was unassigned by user2"},
+		[]string{"/user1"})
+	// []string{"/user1", "/user2"})
+
+	// Add other
+	testIssueCommentChangeEvent(t, htmlDoc, "2042",
+		[]string{"user2 was assigned by user1"},
+		[]string{"/user2"})
+	// []string{"/user2", "/user1"})
+
+	// Self-remove
+	testIssueCommentChangeEvent(t, htmlDoc, "2043",
+		[]string{"user2 removed their assignment"},
+		[]string{"/user2"})
+}
+
+func TestIssueCommentChangeLock(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/issues/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Lock without reason
+	testIssueCommentChangeEvent(t, htmlDoc, "2050",
+		[]string{"user1 locked and limited conversation to collaborators"},
+		[]string{"/user1"})
+
+	// Unlock
+	testIssueCommentChangeEvent(t, htmlDoc, "2051",
+		[]string{"user1 unlocked this conversation"},
+		[]string{"/user1"})
+
+	// Lock with reason
+	testIssueCommentChangeEvent(t, htmlDoc, "2052",
+		[]string{"user1 locked as Too heated and limited conversation to collaborators"},
+		[]string{"/user1"})
+
+	// Unlock
+	testIssueCommentChangeEvent(t, htmlDoc, "2053",
+		[]string{"user1 unlocked this conversation"},
+		[]string{"/user1"})
+}
+
+func TestIssueCommentChangePin(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/issues/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Pin
+	testIssueCommentChangeEvent(t, htmlDoc, "2060",
+		[]string{"user1 pinned this"},
+		[]string{"/user1"})
+
+	// Unpin
+	testIssueCommentChangeEvent(t, htmlDoc, "2061",
+		[]string{"user1 unpinned this"},
+		[]string{"/user1"})
+}
+
+func TestIssueCommentChangeOpen(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/issues/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Close issue
+	testIssueCommentChangeEvent(t, htmlDoc, "2070",
+		[]string{"user1 closed this issue"},
+		[]string{"/user1"})
+
+	// Reopen issue
+	testIssueCommentChangeEvent(t, htmlDoc, "2071",
+		[]string{"user2 reopened this issue"},
+		[]string{"/user2"})
+
+	req = NewRequest(t, "GET", "/user2/repo1/pulls/2")
+	resp = MakeRequest(t, req, http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+
+	// Close pull request
+	testIssueCommentChangeEvent(t, htmlDoc, "2072",
+		[]string{"user1 closed this pull request"},
+		[]string{"/user1"})
+
+	// Reopen pull request
+	testIssueCommentChangeEvent(t, htmlDoc, "2073",
+		[]string{"user2 reopened this pull request"},
+		[]string{"/user2"})
+}
+
+func TestIssueCommentChangeIssueReference(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/issues/1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Issue reference from issue
+	testIssueCommentChangeEvent(t, htmlDoc, "2080",
+		[]string{"user1 referenced this issue ", "issue5 #4"},
+		[]string{"/user1", "/user2/repo1/issues/4", "#issuecomment-2080", "/user2/repo1/issues/4"})
+
+	// Issue reference from pull
+	testIssueCommentChangeEvent(t, htmlDoc, "2081",
+		[]string{"user1 referenced this issue ", "issue2 #2"},
+		[]string{"/user1", "/user2/repo1/pulls/2", "#issuecomment-2081", "/user2/repo1/pulls/2"})
+
+	// Issue reference from issue in different repo
+	testIssueCommentChangeEvent(t, htmlDoc, "2082",
+		[]string{"user1 referenced this issue from org3/repo21", "just a normal issue #1"},
+		[]string{"/user1", "/org3/repo21/issues/1", "#issuecomment-2082", "/org3/repo21/issues/1"})
+
+	// Issue reference from pull in different repo
+	testIssueCommentChangeEvent(t, htmlDoc, "2083",
+		[]string{"user1 referenced this issue from user12/repo10 ", "pr2 #1"},
+		[]string{"/user1", "/user12/repo10/pulls/1", "#issuecomment-2083", "/user12/repo10/pulls/1"})
+}
+
+func TestIssueCommentChangePullReference(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user2/repo1/pulls/2")
+	resp := MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	// Pull reference from issue
+	testIssueCommentChangeEvent(t, htmlDoc, "2090",
+		[]string{"user1 referenced this pull request ", "issue1 #1"},
+		[]string{"/user1", "/user2/repo1/issues/1", "#issuecomment-2090", "/user2/repo1/issues/1"})
+
+	// Pull reference from pull
+	testIssueCommentChangeEvent(t, htmlDoc, "2091",
+		[]string{"user1 referenced this pull request ", "issue2 #2"},
+		[]string{"/user1", "/user2/repo1/pulls/2", "#issuecomment-2091", "/user2/repo1/pulls/2"})
+
+	// Pull reference from issue in different repo
+	testIssueCommentChangeEvent(t, htmlDoc, "2092",
+		[]string{"user1 referenced this pull request from org3/repo21", "just a normal issue #1"},
+		[]string{"/user1", "/org3/repo21/issues/1", "#issuecomment-2092", "/org3/repo21/issues/1"})
+
+	// Pull reference from pull in different repo
+	testIssueCommentChangeEvent(t, htmlDoc, "2093",
+		[]string{"user1 referenced this pull request from user12/repo10 ", "pr2 #1"},
+		[]string{"/user1", "/user12/repo10/pulls/1", "#issuecomment-2093", "/user12/repo10/pulls/1"})
+}

From 5fa37539ded111a003e31daf36a7636d56c2f5a7 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Wed, 18 Jun 2025 21:12:08 +0200
Subject: [PATCH 18/39] chore: sort mailer messages in test assertion (#8226)

- Ref https://codeberg.org/forgejo/forgejo/issues/8221#issuecomment-5461218
- Databases might return users in a different order, sort them before doing assertions on them.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8226
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 tests/integration/integration_test.go | 8 ++++++++
 tests/integration/pull_review_test.go | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 4f49408157..34a975de44 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -19,6 +19,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"slices"
 	"strconv"
 	"strings"
 	"sync/atomic"
@@ -40,6 +41,7 @@ import (
 	"forgejo.org/routers"
 	"forgejo.org/services/auth/source/remote"
 	gitea_context "forgejo.org/services/context"
+	"forgejo.org/services/mailer"
 	user_service "forgejo.org/services/user"
 	"forgejo.org/tests"
 
@@ -694,3 +696,9 @@ func GetHTMLTitle(t testing.TB, session *TestSession, urlStr string) string {
 	doc := NewHTMLParser(t, resp.Body)
 	return doc.Find("head title").Text()
 }
+
+func SortMailerMessages(msgs []*mailer.Message) {
+	slices.SortFunc(msgs, func(a, b *mailer.Message) int {
+		return strings.Compare(b.To, a.To)
+	})
+}
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index 0c05b3da37..603252f45f 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -680,6 +680,7 @@ func TestPullRequestReplyMail(t *testing.T) {
 			called := false
 			defer test.MockVariableValue(&mailer.SendAsync, func(msgs ...*mailer.Message) {
 				assert.Len(t, msgs, 2)
+				SortMailerMessages(msgs)
 				assert.Equal(t, "user1@example.com", msgs[0].To)
 				assert.Equal(t, "Re: [user2/repo1] issue2 (PR #2)", msgs[0].Subject)
 				assert.Contains(t, msgs[0].Body, "Notification time!")
@@ -708,6 +709,7 @@ func TestPullRequestReplyMail(t *testing.T) {
 			called := false
 			defer test.MockVariableValue(&mailer.SendAsync, func(msgs ...*mailer.Message) {
 				assert.Len(t, msgs, 2)
+				SortMailerMessages(msgs)
 				assert.Equal(t, "user1@example.com", msgs[0].To)
 				assert.Equal(t, "Re: [user2/repo1] issue2 (PR #2)", msgs[0].Subject)
 				assert.Contains(t, msgs[0].Body, "Notification time 2!")

From e7eca7f36cdebaa5d16841353b01d783cde2a85f Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Thu, 19 Jun 2025 07:14:42 +0200
Subject: [PATCH 19/39] chore: migrate to `@stylistic/eslint-plugin` (#8216)

- The JS variant is deprecated, move to the unified package.
`[@stylistic/eslint-plugin-js] This package is deprecated in favor of
the unified @stylistic/eslint-plugin, please consider migrating to the
main package` is logged when running `make lint-frontend`.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8216
Reviewed-by: floss4good <floss4good@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 eslint.config.mjs                        | 136 +++++++++++------------
 package-lock.json                        |  26 ++++-
 package.json                             |   2 +-
 tests/e2e/issue-sidebar.test.e2e.ts      |   2 +-
 tests/e2e/org-teams-overview.test.e2e.ts |   2 +-
 5 files changed, 92 insertions(+), 76 deletions(-)

diff --git a/eslint.config.mjs b/eslint.config.mjs
index 5737bed623..28cfa80089 100644
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@@ -1,5 +1,5 @@
 import eslintCommunityEslintPluginEslintComments from '@eslint-community/eslint-plugin-eslint-comments';
-import stylisticEslintPluginJs from '@stylistic/eslint-plugin-js';
+import stylisticEslintPlugin from '@stylistic/eslint-plugin';
 import vitest from '@vitest/eslint-plugin';
 import arrayFunc from 'eslint-plugin-array-func';
 import eslintPluginImportX from 'eslint-plugin-import-x';
@@ -26,7 +26,7 @@ export default tseslint.config(
   {
     plugins: {
       '@eslint-community/eslint-comments': eslintCommunityEslintPluginEslintComments,
-      '@stylistic/js': stylisticEslintPluginJs,
+      '@stylistic': stylisticEslintPlugin,
       '@vitest': vitest,
       'array-func': arrayFunc,
       'no-jquery': noJquery,
@@ -69,62 +69,62 @@ export default tseslint.config(
       '@eslint-community/eslint-comments/no-unused-enable': [2],
       '@eslint-community/eslint-comments/no-use': [0],
       '@eslint-community/eslint-comments/require-description': [0],
-      '@stylistic/js/array-bracket-newline': [0],
-      '@stylistic/js/array-bracket-spacing': [2, 'never'],
-      '@stylistic/js/array-element-newline': [0],
-      '@stylistic/js/arrow-parens': [2, 'always'],
+      '@stylistic/array-bracket-newline': [0],
+      '@stylistic/array-bracket-spacing': [2, 'never'],
+      '@stylistic/array-element-newline': [0],
+      '@stylistic/arrow-parens': [2, 'always'],
 
-      '@stylistic/js/arrow-spacing': [2, {
+      '@stylistic/arrow-spacing': [2, {
         before: true,
         after: true,
       }],
 
-      '@stylistic/js/block-spacing': [0],
+      '@stylistic/block-spacing': [0],
 
-      '@stylistic/js/brace-style': [2, '1tbs', {
+      '@stylistic/brace-style': [2, '1tbs', {
         allowSingleLine: true,
       }],
 
-      '@stylistic/js/comma-dangle': [2, 'always-multiline'],
+      '@stylistic/comma-dangle': [2, 'always-multiline'],
 
-      '@stylistic/js/comma-spacing': [2, {
+      '@stylistic/comma-spacing': [2, {
         before: false,
         after: true,
       }],
 
-      '@stylistic/js/comma-style': [2, 'last'],
-      '@stylistic/js/computed-property-spacing': [2, 'never'],
-      '@stylistic/js/dot-location': [2, 'property'],
-      '@stylistic/js/eol-last': [2],
-      '@stylistic/js/function-call-spacing': [2, 'never'],
-      '@stylistic/js/function-call-argument-newline': [0],
-      '@stylistic/js/function-paren-newline': [0],
-      '@stylistic/js/generator-star-spacing': [0],
-      '@stylistic/js/implicit-arrow-linebreak': [0],
+      '@stylistic/comma-style': [2, 'last'],
+      '@stylistic/computed-property-spacing': [2, 'never'],
+      '@stylistic/dot-location': [2, 'property'],
+      '@stylistic/eol-last': [2],
+      '@stylistic/function-call-spacing': [2, 'never'],
+      '@stylistic/function-call-argument-newline': [0],
+      '@stylistic/function-paren-newline': [0],
+      '@stylistic/generator-star-spacing': [0],
+      '@stylistic/implicit-arrow-linebreak': [0],
 
-      '@stylistic/js/indent': [2, 2, {
+      '@stylistic/indent': [2, 2, {
         ignoreComments: true,
         SwitchCase: 1,
       }],
 
-      '@stylistic/js/key-spacing': [2],
-      '@stylistic/js/keyword-spacing': [2],
-      '@stylistic/js/linebreak-style': [2, 'unix'],
-      '@stylistic/js/lines-around-comment': [0],
-      '@stylistic/js/lines-between-class-members': [0],
-      '@stylistic/js/max-len': [0],
-      '@stylistic/js/max-statements-per-line': [0],
-      '@stylistic/js/multiline-ternary': [0],
-      '@stylistic/js/new-parens': [2],
-      '@stylistic/js/newline-per-chained-call': [0],
-      '@stylistic/js/no-confusing-arrow': [0],
-      '@stylistic/js/no-extra-parens': [0],
-      '@stylistic/js/no-extra-semi': [2],
-      '@stylistic/js/no-floating-decimal': [0],
-      '@stylistic/js/no-mixed-operators': [0],
-      '@stylistic/js/no-mixed-spaces-and-tabs': [2],
+      '@stylistic/key-spacing': [2],
+      '@stylistic/keyword-spacing': [2],
+      '@stylistic/linebreak-style': [2, 'unix'],
+      '@stylistic/lines-around-comment': [0],
+      '@stylistic/lines-between-class-members': [0],
+      '@stylistic/max-len': [0],
+      '@stylistic/max-statements-per-line': [0],
+      '@stylistic/multiline-ternary': [0],
+      '@stylistic/new-parens': [2],
+      '@stylistic/newline-per-chained-call': [0],
+      '@stylistic/no-confusing-arrow': [0],
+      '@stylistic/no-extra-parens': [0],
+      '@stylistic/no-extra-semi': [2],
+      '@stylistic/no-floating-decimal': [0],
+      '@stylistic/no-mixed-operators': [0],
+      '@stylistic/no-mixed-spaces-and-tabs': [2],
 
-      '@stylistic/js/no-multi-spaces': [2, {
+      '@stylistic/no-multi-spaces': [2, {
         ignoreEOLComments: true,
 
         exceptions: {
@@ -132,60 +132,60 @@ export default tseslint.config(
         },
       }],
 
-      '@stylistic/js/no-multiple-empty-lines': [2, {
+      '@stylistic/no-multiple-empty-lines': [2, {
         max: 1,
         maxEOF: 0,
         maxBOF: 0,
       }],
 
-      '@stylistic/js/no-tabs': [2],
-      '@stylistic/js/no-trailing-spaces': [2],
-      '@stylistic/js/no-whitespace-before-property': [2],
-      '@stylistic/js/nonblock-statement-body-position': [2],
-      '@stylistic/js/object-curly-newline': [0],
-      '@stylistic/js/object-curly-spacing': [2, 'never'],
-      '@stylistic/js/object-property-newline': [0],
-      '@stylistic/js/one-var-declaration-per-line': [0],
-      '@stylistic/js/operator-linebreak': [2, 'after'],
-      '@stylistic/js/padded-blocks': [2, 'never'],
-      '@stylistic/js/padding-line-between-statements': [0],
-      '@stylistic/js/quote-props': [0],
+      '@stylistic/no-tabs': [2],
+      '@stylistic/no-trailing-spaces': [2],
+      '@stylistic/no-whitespace-before-property': [2],
+      '@stylistic/nonblock-statement-body-position': [2],
+      '@stylistic/object-curly-newline': [0],
+      '@stylistic/object-curly-spacing': [2, 'never'],
+      '@stylistic/object-property-newline': [0],
+      '@stylistic/one-var-declaration-per-line': [0],
+      '@stylistic/operator-linebreak': [2, 'after'],
+      '@stylistic/padded-blocks': [2, 'never'],
+      '@stylistic/padding-line-between-statements': [0],
+      '@stylistic/quote-props': [0],
 
-      '@stylistic/js/quotes': [2, 'single', {
+      '@stylistic/quotes': [2, 'single', {
         avoidEscape: true,
         allowTemplateLiterals: true,
       }],
 
-      '@stylistic/js/rest-spread-spacing': [2, 'never'],
+      '@stylistic/rest-spread-spacing': [2, 'never'],
 
-      '@stylistic/js/semi': [2, 'always', {
+      '@stylistic/semi': [2, 'always', {
         omitLastInOneLineBlock: true,
       }],
 
-      '@stylistic/js/semi-spacing': [2, {
+      '@stylistic/semi-spacing': [2, {
         before: false,
         after: true,
       }],
 
-      '@stylistic/js/semi-style': [2, 'last'],
-      '@stylistic/js/space-before-blocks': [2, 'always'],
+      '@stylistic/semi-style': [2, 'last'],
+      '@stylistic/space-before-blocks': [2, 'always'],
 
-      '@stylistic/js/space-before-function-paren': [2, {
+      '@stylistic/space-before-function-paren': [2, {
         anonymous: 'ignore',
         named: 'never',
         asyncArrow: 'always',
       }],
 
-      '@stylistic/js/space-in-parens': [2, 'never'],
-      '@stylistic/js/space-infix-ops': [2],
-      '@stylistic/js/space-unary-ops': [2],
-      '@stylistic/js/spaced-comment': [2, 'always'],
-      '@stylistic/js/switch-colon-spacing': [2],
-      '@stylistic/js/template-curly-spacing': [2, 'never'],
-      '@stylistic/js/template-tag-spacing': [2, 'never'],
-      '@stylistic/js/wrap-iife': [2, 'inside'],
-      '@stylistic/js/wrap-regex': [0],
-      '@stylistic/js/yield-star-spacing': [2, 'after'],
+      '@stylistic/space-in-parens': [2, 'never'],
+      '@stylistic/space-infix-ops': [2],
+      '@stylistic/space-unary-ops': [2],
+      '@stylistic/spaced-comment': [2, 'always'],
+      '@stylistic/switch-colon-spacing': [2],
+      '@stylistic/template-curly-spacing': [2, 'never'],
+      '@stylistic/template-tag-spacing': [2, 'never'],
+      '@stylistic/wrap-iife': [2, 'inside'],
+      '@stylistic/wrap-regex': [0],
+      '@stylistic/yield-star-spacing': [2, 'after'],
       'accessor-pairs': [2],
 
       'array-callback-return': [2, {
diff --git a/package-lock.json b/package-lock.json
index e506928512..179c0e496c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -64,7 +64,7 @@
         "@eslint-community/eslint-plugin-eslint-comments": "4.5.0",
         "@playwright/test": "1.53.0",
         "@stoplight/spectral-cli": "6.15.0",
-        "@stylistic/eslint-plugin-js": "4.4.1",
+        "@stylistic/eslint-plugin": "4.4.1",
         "@stylistic/stylelint-plugin": "3.1.2",
         "@vitejs/plugin-vue": "5.2.4",
         "@vitest/coverage-v8": "3.2.3",
@@ -3011,15 +3011,18 @@
         "node": "^12.20 || >=14.13"
       }
     },
-    "node_modules/@stylistic/eslint-plugin-js": {
+    "node_modules/@stylistic/eslint-plugin": {
       "version": "4.4.1",
-      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin-js/-/eslint-plugin-js-4.4.1.tgz",
-      "integrity": "sha512-eLisyHvx7Sel8vcFZOEwDEBGmYsYM1SqDn81BWgmbqEXfXRf8oe6Rwp+ryM/8odNjlxtaaxp0Ihmt86CnLAxKg==",
+      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-4.4.1.tgz",
+      "integrity": "sha512-CEigAk7eOLyHvdgmpZsKFwtiqS2wFwI1fn4j09IU9GmD4euFM4jEBAViWeCqaNLlbX2k2+A/Fq9cje4HQBXuJQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
+        "@typescript-eslint/utils": "^8.32.1",
         "eslint-visitor-keys": "^4.2.0",
-        "espree": "^10.3.0"
+        "espree": "^10.3.0",
+        "estraverse": "^5.3.0",
+        "picomatch": "^4.0.2"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3028,6 +3031,19 @@
         "eslint": ">=9.0.0"
       }
     },
+    "node_modules/@stylistic/eslint-plugin/node_modules/picomatch": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
+      "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
     "node_modules/@stylistic/stylelint-plugin": {
       "version": "3.1.2",
       "resolved": "https://registry.npmjs.org/@stylistic/stylelint-plugin/-/stylelint-plugin-3.1.2.tgz",
diff --git a/package.json b/package.json
index dde1c64852..409edecd95 100644
--- a/package.json
+++ b/package.json
@@ -63,7 +63,7 @@
     "@eslint-community/eslint-plugin-eslint-comments": "4.5.0",
     "@playwright/test": "1.53.0",
     "@stoplight/spectral-cli": "6.15.0",
-    "@stylistic/eslint-plugin-js": "4.4.1",
+    "@stylistic/eslint-plugin": "4.4.1",
     "@stylistic/stylelint-plugin": "3.1.2",
     "@vitejs/plugin-vue": "5.2.4",
     "@vitest/coverage-v8": "3.2.3",
diff --git a/tests/e2e/issue-sidebar.test.e2e.ts b/tests/e2e/issue-sidebar.test.e2e.ts
index fe2a6cec87..bc65b0842c 100644
--- a/tests/e2e/issue-sidebar.test.e2e.ts
+++ b/tests/e2e/issue-sidebar.test.e2e.ts
@@ -94,7 +94,7 @@ test.describe('Pull: Toggle WIP', () => {
 test('Issue: Labels', async ({page}, workerInfo) => {
   test.skip(workerInfo.project.name === 'Mobile Safari', 'Unable to get tests working on Safari Mobile, see https://codeberg.org/forgejo/forgejo/pulls/3445#issuecomment-1789636');
 
-  async function submitLabels({page}: { page: Page }) {
+  async function submitLabels({page}: {page: Page}) {
     const submitted = page.waitForResponse('/user2/repo1/issues/labels');
     await page.locator('textarea').first().click(); // close via unrelated element
     await submitted;
diff --git a/tests/e2e/org-teams-overview.test.e2e.ts b/tests/e2e/org-teams-overview.test.e2e.ts
index d968b1e6df..c3006568cd 100644
--- a/tests/e2e/org-teams-overview.test.e2e.ts
+++ b/tests/e2e/org-teams-overview.test.e2e.ts
@@ -31,7 +31,7 @@ const reviewTeamUrl = '/org/org17/teams/review_team';
 const ownersUrl = '/org/org17/teams/owners';
 const adminUrl = '/org/org17/teams/super-user';
 
-const cases: Record<string, { read?: Unit[], write?: Unit[] }> = {
+const cases: Record<string, {read?: Unit[], write?: Unit[]}> = {
   [testTeamUrl]: {write: ['Issues']},
   [reviewTeamUrl]: {read: ['Code']},
 };

From 42ea73d46fc86056ca2157c1f91700a193ee67cd Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Thu, 19 Jun 2025 05:07:37 +0000
Subject: [PATCH 20/39] i18n: update of translations from Codeberg Translate

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Dirk <dirk@noreply.codeberg.org>
Co-authored-by: Edgarsons <edgarsons@noreply.codeberg.org>
Co-authored-by: Fjuro <git@alius.cz>
Co-authored-by: Juno Takano <jutty@noreply.codeberg.org>
Co-authored-by: Laurent FAVOLE <lfavole@noreply.codeberg.org>
Co-authored-by: Lzebulon <lzebulon@noreply.codeberg.org>
Co-authored-by: Outbreak2096 <outbreak2096@noreply.codeberg.org>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: Tin <hntin@noreply.codeberg.org>
Co-authored-by: Vyxie <kitakita@disroot.org>
Co-authored-by: earl-warren <earl-warren@noreply.codeberg.org>
Co-authored-by: hntin <hntin@noreply.codeberg.org>
Co-authored-by: janAkali <janakali@noreply.codeberg.org>
Co-authored-by: justbispo <justbispo@noreply.codeberg.org>
Co-authored-by: tacaly <frederick@tacaly.com>
Co-authored-by: volkan <volkan@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: yeager <yeager@noreply.codeberg.org>
Co-authored-by: yurtpage <yurtpage@noreply.codeberg.org>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/da/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/da/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/tr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/vi/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_cs-CZ.ini       |  1 +
 options/locale/locale_da.ini          |  1 +
 options/locale/locale_de-DE.ini       |  1 +
 options/locale/locale_fil.ini         |  5 +-
 options/locale/locale_fr-FR.ini       |  1 +
 options/locale/locale_lv-LV.ini       |  1 +
 options/locale/locale_nds.ini         |  1 +
 options/locale/locale_ru-RU.ini       | 39 ++++++-------
 options/locale/locale_sv-SE.ini       | 80 +++++++++++++++++++++++++-
 options/locale/locale_tr-TR.ini       |  9 +--
 options/locale/locale_uk-UA.ini       |  3 +-
 options/locale/locale_vi.ini          | 82 ++++++++++++++++++++++-----
 options/locale_next/locale_cs-CZ.json |  5 +-
 options/locale_next/locale_da.json    |  7 ++-
 options/locale_next/locale_de-DE.json |  6 +-
 options/locale_next/locale_fr-FR.json |  8 ++-
 options/locale_next/locale_lv-LV.json |  5 +-
 options/locale_next/locale_nds.json   |  5 +-
 options/locale_next/locale_pt-BR.json |  5 +-
 options/locale_next/locale_pt-PT.json |  4 +-
 options/locale_next/locale_ru-RU.json |  6 +-
 options/locale_next/locale_sv-SE.json |  6 +-
 options/locale_next/locale_uk-UA.json |  9 ++-
 options/locale_next/locale_zh-CN.json |  4 +-
 24 files changed, 239 insertions(+), 55 deletions(-)

diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 5f25cdea43..9448dd8e7e 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -2922,6 +2922,7 @@ settings.event_action_success = Úspěch
 settings.event_action_success_desc = Běh akce byl úspěšný.
 settings.event_header_action = Události běhu akce
 settings.event_action_recover_desc = Běh akce byl úspěšný, předchozí běh akce ve stejném workflow selhal.
+issues.filter_type.all_pull_requests = Všechny žádosti o sloučení
 
 [graphs]
 component_loading_info = Tohle může chvíli trvat…
diff --git a/options/locale/locale_da.ini b/options/locale/locale_da.ini
index 6ec3a10e28..ea22f49e77 100644
--- a/options/locale/locale_da.ini
+++ b/options/locale/locale_da.ini
@@ -2735,6 +2735,7 @@ settings.event_action_success = Success
 settings.event_action_recover_desc = Handlingskørsel lykkedes efter at den sidste handlingskørsel i samme arbejdsgang mislykkedes.
 settings.event_action_failure_desc = Handlingskørsel sluttede som en fejl.
 settings.event_action_recover = Gendan
+issues.filter_type.all_pull_requests = Alle pull-anmodninger
 
 [notification]
 watching = Overvåger
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 4b2e215107..829912b3cc 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -2924,6 +2924,7 @@ settings.event_action_success = Erfolg
 settings.event_header_action = Action-Run-Ereignisse
 settings.event_action_recover_desc = Action-Run war erfolgreich, nachdem der letzte Action-Run im selben Arbeitsablauf fehlgeschlagen ist.
 settings.event_action_recover = Wiederherstellen
+issues.filter_type.all_pull_requests = Alle Pull-Requests
 
 [graphs]
 component_loading_failed = Konnte %s nicht laden
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index 1dbfb588f0..7d1405f633 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -1500,7 +1500,7 @@ issues.content_history.created = ginawa
 editor.patching = Pina-patch:
 editor.fail_to_apply_patch = Hindi malapat ang patch na "%s"
 settings.danger_zone = Mapanganib na lugar
-issues.closed_at = `isinara ang isyung <a id="%[1]s" href="#%[1]s">%[2]s</a>`
+issues.closed_at = `isinara ang isyung ito <a id="%[1]s" href="#%[1]s">%[2]s</a>`
 settings.collaboration.admin = Tagapangasiwa
 settings.admin_settings = Mga setting ng tagapangasiwa
 issues.start_tracking_history = `sinimulan ang trabaho %s`
@@ -2777,6 +2777,9 @@ settings.event_header_action = Mga event sa run ng aksyon
 settings.event_action_failure = Pagkabigo
 settings.event_action_failure_desc = Natapos ang action run bilang pagkabigo.
 settings.event_action_recover = I-recover
+settings.event_action_success = Matagumpay
+settings.event_action_success_desc = Matagumpay na natapos ang Action Run.
+settings.event_action_recover_desc = Matagumpay na natapos ang Action Run pagkatapos na nabigo ang huling Action Run sa katulad na workflow.
 
 [search]
 commit_kind = Maghanap ng mga commit…
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 9ba91fc3a9..3fcfda18bd 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -2920,6 +2920,7 @@ settings.event_header_action = Événements d'exécution d'action
 settings.event_action_success_desc = L'exécution de l'action a réussi.
 settings.event_action_failure_desc = L'exécution de l'action a échoué.
 settings.event_action_recover_desc = L'exécution de l'action a réussi après l'échec de la dernière exécution de l'action dans le même workflow.
+issues.filter_type.all_pull_requests = Toutes les demandes d'ajout
 
 [graphs]
 component_loading = Chargement %s…
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index b53c0faa9b..789871f3c3 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -2920,6 +2920,7 @@ settings.event_action_recover = Atgūt
 settings.event_action_recover_desc = Darbības izpilde bija sekmīga pēc kļūmes iepriekšējā darbības izpildē tajā pašā darbplūsmā.
 settings.event_action_success = Sekmīgi
 settings.event_action_success_desc = Darbības izpilde bija sekmīga.
+issues.filter_type.all_pull_requests = Visi izmaiņu pieprasījumi
 
 [graphs]
 component_loading=Ielādē %s…
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index 2175e11b02..57985942ed 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -2621,6 +2621,7 @@ settings.event_action_recover = Verhaalt
 settings.event_header_action = Aktioons-Loop-Vörfallen
 settings.event_action_failure_desc = Aktioons-Loop is as fehlslagen ennt.
 settings.event_action_recover_desc = Aktioons-Loop is daankregen worden, nadeem de leste Aktioons-Loop in de sülven Warkwies fehlslagen is.
+issues.filter_type.all_pull_requests = All Haalvörslagen
 
 [repo.permissions]
 code.read = <b>Lesen:</b> De Quelltext vun deesem Repositorium ankieken un klonen.
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index bcb62eb23b..9158329978 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1408,7 +1408,7 @@ editor.fail_to_update_file=Не удалось обновить/создать 
 editor.fail_to_update_file_summary=Ошибка:
 editor.push_rejected_no_message=Изменение отклонено сервером без сообщения. Пожалуйста, проверьте Git-хуки.
 editor.push_rejected=Изменение отклонено сервером. Пожалуйста, проверьте Git-хуки.
-editor.push_rejected_summary=Причина отклонения:
+editor.push_rejected_summary=Полная причина отклонения:
 editor.add_subdir=Добавить каталог…
 editor.unable_to_upload_files=Не удалось загрузить файлы в «%s» из-за ошибки: %v
 editor.upload_file_is_locked=Файл «%s» заблокирован %s.
@@ -1545,27 +1545,27 @@ issues.add_labels=добавлены метки %s %s
 issues.remove_label=удалил(а) метку %s %s
 issues.remove_labels=удалил(а) метки %s %s
 issues.add_remove_labels=добавлены метки %s и убраны метки %s %s
-issues.add_milestone_at=`добавлено в этап <b>%s</b> %s`
-issues.add_project_at=`добавлено в проект <b>%s</b> %s`
-issues.change_milestone_at=`изменил(а) целевой этап с <b>%s</b> на <b>%s</b> %s`
-issues.change_project_at=`изменил(а) проект с <b>%s</b> на <b>%s</b> %s`
-issues.remove_milestone_at=`удалил(а) это из этапа <b>%s</b> %s`
-issues.remove_project_at=`удалил(а) это из проекта <b>%s</b> %s`
+issues.add_milestone_at=`добавление в этап <b>%s</b> %s`
+issues.add_project_at=`добавление в проект <b>%s</b> %s`
+issues.change_milestone_at=`этап изменён с <b>%s</b> на <b>%s</b> %s`
+issues.change_project_at=`проект изменён с <b>%s</b> на <b>%s</b> %s`
+issues.remove_milestone_at=`удаление из этапа <b>%s</b> %s`
+issues.remove_project_at=`удаление из проекта <b>%s</b> %s`
 issues.deleted_milestone=`(удалено)`
 issues.deleted_project=`(удалено)`
-issues.self_assign_at=`назначил(а) на себя %s`
-issues.add_assignee_at=`был(а) назначен(а) <b>%s</b> %s`
-issues.remove_assignee_at=`был снят с назначения <b>%s</b> %s`
-issues.remove_self_assignment=`убрал(а) их назначение %s`
-issues.change_title_at=`изменил(а) заголовок с <b><strike>%s</strike></b> на <b>%s</b> %s`
-issues.change_ref_at=`изменил(а) ссылку с <b><strike>%s</strike></b> на <b>%s</b> %s`
-issues.remove_ref_at=`убрал(а) ссылку <b>%s</b> %s`
-issues.add_ref_at=`добавлена ссылка <b>%s</b> %s`
+issues.self_assign_at=`назначение себя %s`
+issues.add_assignee_at=`назначение <b>%s</b> %s`
+issues.remove_assignee_at=`снятие с назначения <b>%s</b> %s`
+issues.remove_self_assignment=`снято назначение с себя %s`
+issues.change_title_at=`заголовок изменён с <b><strike>%s</strike></b> на <b>%s</b> %s`
+issues.change_ref_at=`изменена ссылка с <b><strike>%s</strike></b> на <b>%s</b> %s`
+issues.remove_ref_at=`убрана ссылка на <b>%s</b> %s`
+issues.add_ref_at=`добавлена ссылка на <b>%s</b> %s`
 issues.delete_branch_at=`удалена ветвь <b>%s</b> %s`
-issues.filter_label=Метка
-issues.filter_label_exclude=`Используйте <code>alt</code> + <code>click/enter</code>, чтобы исключить метки`
-issues.filter_label_no_select=Все метки
-issues.filter_label_select_no_label=Нет метки
+issues.filter_label=Метки
+issues.filter_label_exclude=`Исключайте метки с помощью <code>alt</code> + <code>лкм/enter</code>`
+issues.filter_label_no_select=Любые метки
+issues.filter_label_select_no_label=Без меток
 issues.filter_milestone=Этап
 issues.filter_milestone_all=Все этапы
 issues.filter_milestone_none=Нет этапов
@@ -2923,6 +2923,7 @@ settings.event_action_recover = Восстановлен
 settings.event_action_recover_desc = После неудачи повторное выполнение рабочего потока было успешно.
 settings.event_action_success = Успех
 settings.event_action_success_desc = Выполнение завершилось успешно.
+issues.filter_type.all_pull_requests = Все запросы на слияние
 
 [graphs]
 component_loading_failed = Не удалось загрузить %s
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index a4999e9751..541acbf408 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -201,6 +201,9 @@ table_modal.placeholder.content = Innehåll
 table_modal.label.rows = Rader
 table_modal.label.columns = Kolumner
 buttons.switch_to_legacy.tooltip = Använd legacy-redigeraren istället
+link_modal.url = Url
+link_modal.description = Beskrivning
+link_modal.header = Lägg till en länk
 
 [filter]
 string.asc = A - Ö
@@ -329,6 +332,7 @@ invalid_app_data_path = Sökvägen för appdata är ogiltig: %v
 internal_token_failed = Misslyckades att generera intern token: %v
 password_algorithm = Hashalgoritm för lösenord
 invalid_password_algorithm = Ogiltig hashalgoritm för lösenord
+env_config_keys_prompt = Följande miljövariabler kommer också att tillämpas på din konfigurationsfil:
 
 [home]
 uname_holder=Användarnamn eller e-postadress
@@ -462,6 +466,41 @@ reply = eller svara på detta e-postmeddelande direkt
 hi_user_x = Hej <b>%s</b>,
 admin.new_user.user_info = Användarinformation
 admin.new_user.text = Vänligen <a href="%s">klicka här</a> för att hantera denna användare från administratörspanelen.
+admin.new_user.subject = Ny användare %s har just registrerat sig
+totp_disabled.no_2fa = Det finns inga andra 2FA-metoder konfigurerade längre, vilket innebär att det inte längre är nödvändigt att logga in på ditt konto med 2FA.
+removed_security_key.text_1 = Säkerhetsnyckeln ”%[1]s” har just tagits bort från ditt konto.
+repo.transfer.to_you = dig
+repo.transfer.body = För att acceptera eller avvisa det, besök %s eller ignorera det helt enkelt.
+removed_security_key.no_2fa = Det finns inga andra 2FA-metoder konfigurerade längre, vilket innebär att det inte längre är nödvändigt att logga in på ditt konto med 2FA.
+release.note = Notera:
+totp_enrolled.subject = Du har aktiverat TOTP som 2FA-metod
+totp_enrolled.text_1.no_webauthn = Du har just aktiverat TOTP för ditt konto. Det innebär att du måste använda TOTP som 2FA-metod vid alla framtida inloggningar på ditt konto.
+totp_enrolled.text_1.has_webauthn = Du har just aktiverat TOTP för ditt konto. Det innebär att du vid alla framtida inloggningar på ditt konto kan använda TOTP som 2FA-metod eller någon av dina säkerhetsnycklar.
+link_not_working_do_paste = Fungerar inte länken? Prova att kopiera och klistra in den i webbläsarens adressfält.
+primary_mail_change.text_1 = Den primära e-postadressen för ditt konto har just ändrats till %[1]s. Det innebär att denna e-postadress inte längre kommer att ta emot e-postmeddelanden för ditt konto.
+totp_disabled.subject = TOTP har inaktiverats
+totp_disabled.text_1 = Tidsbaserat engångslösenord (TOTP) på ditt konto har just inaktiverats.
+account_security_caution.text_2 = Om detta inte var du, har ditt konto blivit kompromitterat. Kontakta administratören för denna webbplats.
+account_security_caution.text_1 = Om detta var du, kan du tryggt ignorera detta meddelande.
+activate_account.text_2 = Klicka på följande länk för att aktivera ditt konto inom <b>%s</b>:
+activate_email.text = Klicka på följande länk för att verifiera din e-postadress inom <b>%s</b>:
+register_notify.text_3 = Om någon annan har skapat det här kontot åt dig måste du först <a href="%s">ställa in ditt lösenord</a>.
+issue.x_mentioned_you = <b>@%s2</b> nämnde dig:
+repo.collaborator.added.subject = %s har lagt till dig som medarbetare i %s
+repo.collaborator.added.text = Du har lagts till som medarbetare i förrådet:
+team_invite.subject = %[1]s har bjudit in dig att gå med i organisationen %[2]s
+register_notify.text_1 = detta är din registreringsbekräftelse via e-post för %s!
+release.downloads = Hämtningar:
+release.download.zip = Källkod (ZIP)
+release.download.targz = Källkod (TAR.GZ)
+repo.transfer.subject_to = %s vill överföra förrådet ”%s” till %s
+removed_security_key.subject = En säkerhetsnyckel har tagits bort
+issue_assigned.pull = @%[1] har tilldelat dig pull-begäran %[2]s i förrådet %[3]s.
+issue_assigned.issue = @%[1] har tilldelat dig ärendet %[2] i förrådet %[3].
+register_notify.text_2 = Du kan logga in på ditt konto med ditt användarnamn: %s
+reset_password.text = Om detta var du, klicka på följande länk för att återställa ditt konto inom <b>%s</b>:
+issue.action.force_push = <b>%[1]s2</b> gjorde en force-push av <b>%[2]s</b> från %[3]s till %[4]s.
+repo.transfer.subject_to_you = %s vill överföra förrådet ”%s” till dig
 
 
 
@@ -545,6 +584,12 @@ auth_failed=Autentisering misslyckades: %v
 
 
 target_branch_not_exist=Målgrenen finns inte.
+org_still_own_repo = Denna organisation äger fortfarande ett eller flera förråd, ta bort eller överför dem först.
+must_use_public_key = Den nyckel du angav är en privat nyckel. Skicka inte upp din privata nyckel någonstans. Använd istället din publika nyckel.
+unable_verify_ssh_key = SSH-nyckeln kan inte verifieras. Kontrollera att den är korrekt.
+still_own_repo = Ditt konto äger ett eller flera förråd, ta bort eller överför dem först.
+still_has_org = Ditt konto är medlem i en eller flera organisationer. Lämna dem först.
+still_own_packages = Ditt konto har ett eller flera paket, ta bort dem först.
 
 
 [user]
@@ -560,6 +605,13 @@ follow=Följ
 unfollow=Sluta följa
 user_bio=Biografi
 disabled_public_activity=Den här användaren har inaktiverat den publika synligheten av aktiviteten.
+code = Kod
+watched = Övervakade förråd
+unblock = Avblockera
+email_visibility.limited = Din e-postadress är synlig för alla autentiserade användare
+show_on_map = Visa denna plats på en karta
+settings = Användarinställningar
+block = Blockera
 
 
 [settings]
@@ -760,6 +812,17 @@ email_notifications.submit=Ställ in e-postpreferenser
 visibility.public=Offentlig
 visibility.private=Privat
 change_password = Byt lösenord
+user_block_success = Användaren har blockerats.
+blocked_since = Blockerad sedan %s
+user_unblock_success = Användaren har blivit avblockerad.
+visibility.limited = Begränsad
+visibility.limited_tooltip = Synlig endast för inloggade användare
+visibility.private_tooltip = Synlig endast för medlemmar i organisationer som du har gått med i
+select_permissions = Välj behörigheter
+permission_no_access = Ingen åtkomst
+permission_write = Läs och skriv
+user_block_yourself = Du kan inte blockera dig själv.
+gpg_token_help = Du kan skapa en signatur med hjälp av:
 
 [repo]
 owner=Ägare
@@ -1693,6 +1756,21 @@ topic.manage_topics=Hantera ämnen
 topic.done=Klar
 topic.count_prompt=Du kan inte välja fler än 25 ämnen
 settings.enter_repo_name = Ange ägar- och utvecklingskatalog-namnet exakt som det visas:
+release = Utgåva
+commitstatus.success = Lyckades
+visibility_helper = Gör förrådet privat
+download_bundle = Hämta BUNDLE
+download_zip = Hämta ZIP
+download_tar = Hämta TAR.GZ
+repo_desc_helper = Ange kort beskrivning (valfritt)
+all_branches = Alla grenar
+fork_no_valid_owners = Detta förråd kan inte förgrenas eftersom det inte finns några giltiga ägare.
+fork_to_different_account = Förgrena till ett annat konto
+size_format = %[1]s: %[2]s, %[3]s: %[4]s
+already_forked = Du har redan förgrenat %s
+commitstatus.failure = Fel
+ext_issues = Externa fel
+open_with_editor = Öppna med %s
 
 
 
@@ -2255,7 +2333,7 @@ project_kind = Sök projekt...
 search = Sök…
 type_tooltip = Söktyp
 team_kind = Sök lag...
-org_kind = Sök organisationer...
+org_kind = Sök organisationer…
 issue_kind = Sök ärenden...
 regexp_tooltip = Tolka söktermen som ett reguljärt uttryck
 code_search_unavailable = Kodsökning är för närvarande inte tillgänglig. Vänligen kontakta webbplatsadministratören.
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 2f749dfd1e..4f51ddcc7e 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -668,6 +668,7 @@ username_error_no_dots = ` sadece alfanumerik karakterler ("0-9","a-z","A-Z"), t
 
 unset_password = Oturum açma kullanıcısı parola belirlemedi.
 unsupported_login_type = Oturum açma türü hesap silmeyi desteklemiyor.
+email_domain_is_not_allowed = Kullanıcı e-posta adresi <b>%s</b> alan adı EMAIL_DOMAIN_ALLOWLIST veya EMAIL_DOMAIN_BLOCKLIST ile çelişiyor. Lütfen işleminizin beklendiğinden emin olun.
 
 [user]
 change_avatar=Profil resmini değiştir…
@@ -2163,7 +2164,7 @@ settings.pulls.allow_rebase_update=Değişiklik isteği dalının yeniden yapıl
 settings.pulls.default_delete_branch_after_merge=Varsayılan olarak birleştirmeden sonra değişiklik isteği dalını sil
 settings.pulls.default_allow_edits_from_maintainers=Bakımcıların düzenlemelerine izin ver
 settings.releases_desc=Depo Sürümlerini Etkinleştir
-settings.packages_desc=Depo Paket Kütüğünü Etkinleştir
+settings.packages_desc=Depo paket kütüğünü etkinleştir
 settings.projects_desc=Depo Projelerini Etkinleştir
 settings.actions_desc=Depo İşlemlerini Etkinleştir
 settings.admin_settings=Yönetici Ayarları
@@ -3492,7 +3493,7 @@ error.unit_not_allowed=Bu depo bölümüne erişme izniniz yok.
 title=Paketler
 desc=Depo paketlerini yönet.
 empty=Henüz hiçbir paket yok.
-empty.documentation=Paket kütüğü hakkında daha fazla bilgi için, <a target="_blank" rel="noopener noreferrer" href="%s">belgeye</a> bakabilirsiniz.
+empty.documentation=Paket deposu hakkında daha fazla bilgi için, <a target="_blank" rel="noopener noreferrer" href="%s">belgeye</a> bakabilirsiniz.
 empty.repo=Bir paket yüklediniz ama burada gösterilmiyor mu? <a href="%[1]s">Paket ayarları</a>na gidin ve bu depoya bağlantı verin.
 registry.documentation=%s kütüğü hakkında daha fazla bilgi için, <a target="_blank" rel="noopener noreferrer" href="%s">belgeye</a> bakabilirsiniz.
 filter.type=Tür
@@ -3635,9 +3636,9 @@ owner.settings.cleanuprules.remove.days=Şundan eski sürümleri kaldır
 owner.settings.cleanuprules.remove.pattern=Eşleşen sürümlari kaldır
 owner.settings.cleanuprules.success.update=Temizleme kuralı güncellendi.
 owner.settings.cleanuprules.success.delete=Temizleme kuralı silindi.
-owner.settings.chef.title=Chef Kütüğü
+owner.settings.chef.title=Chef deposu
 owner.settings.chef.keypair=Anahtar çifti üret
-owner.settings.chef.keypair.description=Chef kütüğünde kimlik doğrulaması için bir anahtar çifti gereklidir. Eğer daha önce bir anahtar çifti ürettiyseniz, yeni bir anahtar çifti üretmek eski anahtar çiftini ıskartaya çıkartacaktır.
+owner.settings.chef.keypair.description=Chef kayıt defterine gönderilen istekler kimlik doğrulama yöntemi olarak kriptografik olarak imzalanmalıdır. Bir anahtar çifti oluştururken, yalnızca genel anahtar Forgejo'da saklanır. Özel anahtar size knife ile kullanılmak üzere sağlanır. Yeni bir anahtar çifti oluşturmak öncekini geçersiz kılar.
 
 npm.dependencies.bundle = Paketlenmiş Bağımlılıklar
 rpm.repository.multiple_groups = Bu paket birçok grupta mevcut.
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index d2d7c58edc..2e536c3d1a 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -2668,6 +2668,7 @@ settings.event_action_success = Успіх
 settings.event_action_recover = Відновлено
 commitstatus.success = Успіх
 commitstatus.failure = Збій
+issues.filter_type.all_pull_requests = Усі запити на злиття
 
 [graphs]
 contributors.what = внески
@@ -3231,7 +3232,7 @@ notices.view_detail_header=Переглянути деталі повідомл
 notices.select_all=Вибрати все
 notices.deselect_all=Скасувати виділення
 notices.inverse_selection=Інвертувати виділене
-notices.delete_selected=Видалити обране
+notices.delete_selected=Видалити вибране
 notices.delete_all=Видалити всі cповіщення
 notices.type=Тип
 notices.type_1=Репозиторій
diff --git a/options/locale/locale_vi.ini b/options/locale/locale_vi.ini
index 57e592a209..28577bc3f7 100644
--- a/options/locale/locale_vi.ini
+++ b/options/locale/locale_vi.ini
@@ -9,7 +9,7 @@ sign_up = Đăng ký
 link_account = Liên kết tài khoản
 register = Đăng ký
 version = Phiên bản
-powered_by = Sử dụng %s
+powered_by = Được cung cấp bởi %s
 page = Trang
 template = Mẫu
 language = Ngôn ngữ
@@ -25,7 +25,7 @@ access_token = Mã truy cập
 captcha = CAPTCHA
 twofa = Xác thực hai lớp
 webauthn_insert_key = Cắm khóa bảo mật của bạn vào
-copy_hash = Chép chuỗi băm
+copy_hash = Sao chép chuỗi băm
 sign_in_with_provider = Đăng nhập bằng %s
 webauthn_press_button = Hãy nhấn nút trên khóa bảo mật…
 webauthn_use_twofa = Dùng mã xác thực hai lớp ở trên điện thoại
@@ -36,7 +36,7 @@ webauthn_error_insecure = WebAuthn chỉ hỗ trợ kết nối mã hóa. Nếu
 webauthn_error_unable_to_process = Máy chủ không thể xử lý yêu cầu của bạn.
 webauthn_error_empty = Bạn phải đặt tên cho khóa này.
 webauthn_error_timeout = Hết thời gian đọc khóa mất rồi. Hãy tải lại trang và thử lại.
-copy_type_unsupported = Không chép được
+copy_type_unsupported = Không thể sao chép loại tệp này
 repository = Kho mã
 organization = Tổ chức
 new_fork = Tạo một nhánh mới
@@ -55,17 +55,17 @@ all = Tất cả
 sources = Nguồn
 forks = Các phân nhánh
 activities = Hoạt động
-pull_requests = Yêu cầu thêm mã
+pull_requests = Yêu cầu kéo mã
 save = Lưu
-issues =
+issues =Vấn đề
 enabled = Bật
 disabled = Tắt
-copy = Chép
-copy_generic = Chép vào bộ nhớ tạm
-copy_url = Chép URL
-copy_content = Chép nội dung
-copy_success = Đã chép!
-copy_error = Không chép được
+copy = Sao chép
+copy_generic = Sao chép vào bộ nhớ tạm
+copy_url = Sao chép URL
+copy_content = Sao chép nội dung
+copy_success = Đã sao chép!
+copy_error = Sao chép thất bại
 write = Viết
 preview = Xem trước
 error = Lỗi
@@ -73,7 +73,7 @@ error413 = Bạn đã dùng hết định mức.
 go_back = Quay lại
 invalid_data = Dữ liệu không hợp lệ: %v
 never = Không bao giờ
-unknown = Không biết
+unknown = Không xác định
 unpin = Bỏ ghim
 pin = Ghim
 archived = Đã lưu trữ
@@ -81,6 +81,60 @@ signed_in_as = Đăng nhập bằng
 re_type = Xác nhận mật khẩu
 webauthn_sign_in = Nhấn nút trên khóa bảo mật, nếu không có nút thì bạn hãy rút ra rồi cắm lại.
 new_org.link = Tạo tổ chức
-error404 = Trang bạn đang tìm <strong>không tồn tại</strong> hoặc <strong>bạn không có quyền xem</strong>.
+error404 = Trang bạn đang tìm <strong>không tồn tại</strong>, <strong>đã bị xoá</strong> hoặc <strong>bạn không có quyền</strong> để xem nó.
 edit = Chỉnh sửa
-filter = Lọc
\ No newline at end of file
+filter = Bộ lọc
+dashboard = Trang quản lý
+logo = Logo
+toc = Mục lục
+user_profile_and_more = Hồ sơ và cài đặt…
+passcode = Mã xác thực
+webauthn_error_duplicated = Khóa bảo mật không được phép cho yêu cầu này. Vui lòng đảm bảo rằng khóa chưa được đăng ký trước đó.
+mirror = Bản sao
+new_mirror = Tạo bản sao mới
+your_starred = Đã đánh sao
+mirrors = Các bản sao
+concept_system_global = Chung
+concept_user_individual = Cá nhân
+show_log_seconds = Hiện giây
+show_full_screen = Toàn màn hình
+download_logs = Tải xuống nhật ký
+confirm_delete_selected = Xác nhận xoá tất cả mục được chọn?
+name = Tên
+filter.clear = Xoá bộ lọc
+filter.not_fork = Không phải phân nhánh
+filter.not_archived = Không bị lưu trữ
+filter.is_archived = Bị lưu trữ
+filter.is_fork = Phân nhánh
+filter.is_mirror = Bản sao
+filter.is_template = Mẫu
+filter.not_template = Không phải mẫu
+filter.public = Công khai
+filter.private = Riêng tư
+twofa_scratch = Mã xác thực 2 lớp dự phòng
+collaborative = Cộng tác
+milestones = Cột mốc
+cancel = Huỷ bỏ
+retry = Thử lại
+rerun = Chạy lại
+rerun_all = Chạy lại tất cả
+ok = Đồng ý
+add = Thêm
+add_all = Thêm tất cả
+remove = Xoá
+remove_all = Xoá tất cả
+remove_label_str = Xoá "%s"
+locked = Bị khoá
+copy_branch = Sao chép tên nhánh
+loading = Đang tải…
+rss_feed = Nguồn RSS
+confirm_delete_artifact = Bạn có chắc muốn xoá "%s" ?
+value = Giá trị
+copy_path = Sao chép đường dẫn
+filter.not_mirror = Không phải bản sao
+show_timestamps = Hiện mốc thời gian
+concept_code_repository = Kho mã
+concept_user_organization = Tổ chức
+
+[search]
+search = Tìm kiếm…
\ No newline at end of file
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 0e3ea260de..97a8536d4f 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -102,5 +102,8 @@
     "editor.textarea.tab_hint": "Řádek je již odsazen. Pro opuštění editoru stiskněte znovu <kbd>Tab</kbd> nebo <kbd>Escape</kbd>.",
     "editor.textarea.shift_tab_hint": "Na tomto řádku není žádné odsazení. Pro opuštění editoru stiskněte znovu <kbd>Shift</kbd> + <kbd>Tab</kbd> nebo <kbd>Escape</kbd>.",
     "admin.dashboard.cleanup_offline_runners": "Vymazat offline runnery",
-    "settings.visibility.description": "Viditelnost profilu ovlivňuje možnost ostatních přistupovat k vašim veřejným repozitářům. <a href=\"%s\" target=\"_blank\">Zjistit více</a>"
+    "settings.visibility.description": "Viditelnost profilu ovlivňuje možnost ostatních přistupovat k vašim veřejným repozitářům. <a href=\"%s\" target=\"_blank\">Zjistit více</a>",
+    "avatar.constraints_hint": "Velikost vlastního avataru nesmí překročit %[1]s nebo být větší než %[2]dx%[3]d pixelů",
+    "repo.diff.commit.next-short": "Další",
+    "repo.diff.commit.previous-short": "Předchozí"
 }
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index fe3c25ab2e..8315e06bcc 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -92,5 +92,10 @@
     "followers.outgoing.list.self.none": "Du følger ikke nogen.",
     "followers.outgoing.list.none": "%s følger ikke nogen.",
     "editor.textarea.tab_hint": "Linjen er allerede indrykket. Tryk på <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> for at forlade editoren.",
-    "editor.textarea.shift_tab_hint": "Ingen indrykning på denne linje. Tryk på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> for at forlade editoren."
+    "editor.textarea.shift_tab_hint": "Ingen indrykning på denne linje. Tryk på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> for at forlade editoren.",
+    "admin.dashboard.cleanup_offline_runners": "Ryd op offline runners",
+    "settings.visibility.description": "Profilsynlighed påvirker andres adgang til dine ikke-private depoter. <a href=\"%s\" target=\"_blank\">Læs mere</a>",
+    "avatar.constraints_hint": "Brugerdefineret avatar må ikke overstige %[1]s i størrelse eller være større end %[2]dx%[3]d pixels",
+    "repo.diff.commit.next-short": "Næste",
+    "repo.diff.commit.previous-short": "Forrige"
 }
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 846e85d094..94ab12f180 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -93,5 +93,9 @@
     "followers.incoming.list.none": "Niemand folgt diesem Benutzer.",
     "editor.textarea.tab_hint": "Zeile bereits eingerückt. Drücke nochmals <kbd>Tab</kbd> oder <kbd>Escape</kbd> um den Editor zu verlassen.",
     "editor.textarea.shift_tab_hint": "Keine Einrückung auf dieser Zeile. Drücke nochmals <kbd>Shift</kbd> + <kbd>Tab</kbd> oder <kbd>Escape</kbd> um den Editor zu verlassen.",
-    "admin.dashboard.cleanup_offline_runners": "Aufräumen der offline Runner"
+    "admin.dashboard.cleanup_offline_runners": "Aufräumen der offline Runner",
+    "settings.visibility.description": "Die Profilsichtbarkeit beeinflusst die Möglichkeit anderer, auf deine nicht-privaten Repositorys zuzugreifen. <a href=\"%s\" target=\"_blank\">Erfahre mehr</a>",
+    "avatar.constraints_hint": "Individuelles Profilbild darf %[1]s in der Größe nicht überschreiten, und nicht größer als %[2]dx%[3]d Pixel sein",
+    "repo.diff.commit.next-short": "Nächste",
+    "repo.diff.commit.previous-short": "Vorherige"
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 0792804bf2..a9035f0848 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -97,5 +97,11 @@
     "repo.issue_indexer.title": "Indexeur de problèmes",
     "stars.list.none": "Personne n'a mis d'étoiles sur ce dépôt.",
     "watch.list.none": "Personne ne consulte ce dépôt.",
-    "repo.form.cannot_create": "Tous les espaces dans lesquels vous pouvez créer des dépôts ont atteint la limite de dépôts."
+    "repo.form.cannot_create": "Tous les espaces dans lesquels vous pouvez créer des dépôts ont atteint la limite de dépôts.",
+    "admin.dashboard.cleanup_offline_runners": "Nettoyer les exécuteurs hors ligne",
+    "mail.actions.run_info_trigger": "Déclenché parce que : %[1]s par : %[2]s",
+    "settings.visibility.description": "La visibilité du profil affecte la capacité des autres à accéder à vos dépôts non-privés. <a href=\"%s\" target=\"_blank\">Voir plus</a>",
+    "editor.textarea.shift_tab_hint": "Pas d'indentation sur cette ligne. Appuyez sur <kbd>Maj</kbd> + <kbd>Tab</kbd> une nouvelle fois ou sur <kbd>Échap</kbd> pour quitter l'éditeur.",
+    "avatar.constraints_hint": "L'avatar personnalisé ne doit pas dépasser une taille de %[1]s ou être plus grand que %[2]dx%[3]d pixels",
+    "editor.textarea.tab_hint": "Ligne déjà indentée. Appuyez sur <kbd>Tab</kbd> une nouvelle fois ou sur <kbd>Échap</kbd> pour quitter l'éditeur."
 }
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 6386f2163b..f71cfa227d 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -102,5 +102,8 @@
     "editor.textarea.tab_hint": "Rinda jau ir ar atkāpi. Spied <kbd>Tab</kbd> vēlreiz vai <kbd>Escape</kbd>, lai izietu no redaktora!",
     "editor.textarea.shift_tab_hint": "Šajā rindā nav atkāpes. Spied <kbd>Shift</kbd> + <kbd>Tab</kbd> vēlreiz vai <kbd>Escape</kbd>, lai izietu no redaktora!",
     "admin.dashboard.cleanup_offline_runners": "Notīrīt bezsaistes izpildītājus",
-    "settings.visibility.description": "Profila redzamība ietekmē iespēju citiem piekļūt Tavām glabātavām, kas nav privātas. <a href=\"%s\" target=\"_blank\">Uzzināt vairāk</a>"
+    "settings.visibility.description": "Profila redzamība ietekmē iespēju citiem piekļūt Tavām glabātavām, kas nav privātas. <a href=\"%s\" target=\"_blank\">Uzzināt vairāk</a>",
+    "avatar.constraints_hint": "Pielāgots profila attēls nevar pārsniegt %[1]s vai būt lielāks par %[2]dx%[3]d pikseļiem",
+    "repo.diff.commit.next-short": "Nāk.",
+    "repo.diff.commit.previous-short": "Iepr."
 }
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index ba8d66a2da..9a3884a87f 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -94,5 +94,8 @@
     "editor.textarea.tab_hint": "Rieg al inschuven. Drück weer <kbd>Tab</kbd> of <kbd>Esc</kbd>, um de Bewarker to verlaten.",
     "editor.textarea.shift_tab_hint": "Keen Inschuuv in deeser Rieg. Drück weer <kbd>Umschalt</kbd>+<kbd>Tab</kbd> of <kbd>Esc</kbd>, um de Bewarker to verlaten.",
     "admin.dashboard.cleanup_offline_runners": "Nich verbunnen Lopers uprümen",
-    "settings.visibility.description": "De Profil-Sichtbaarkeid maakt daar wat an, of un wo anner Lüü diene nich-privaaten Repositoriums ankieken könen. <a href=\"%s\" target=\"_blank\">Mehr unnerhören</a>"
+    "settings.visibility.description": "De Profil-Sichtbaarkeid maakt daar wat an, of un wo anner Lüü diene nich-privaaten Repositoriums ankieken könen. <a href=\"%s\" target=\"_blank\">Mehr unnerhören</a>",
+    "avatar.constraints_hint": "Dat eegene Kontobill düür nich groter as %[1]s wesen of groter as %[2]d×%[3]d Billtüttels wesen",
+    "repo.diff.commit.next-short": "Anner",
+    "repo.diff.commit.previous-short": "Vörig"
 }
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 909c9339d3..92e140878e 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -100,5 +100,8 @@
     "stars.list.none": "Ninguém favoritou este repositório.",
     "followers.outgoing.list.self.none": "Você não está seguindo ninguém.",
     "editor.textarea.tab_hint": "Linha já indentada. Pressione <kbd>Tab</kbd> novamente ou <kbd>Esc</kbd> para sair do editor.",
-    "editor.textarea.shift_tab_hint": "Sem indentação nesta linha. Pressione <kbd>Shift</kbd> + <kbd>Tab</kbd> novamente ou <kbd>Esc</kbd> para sair do editor."
+    "editor.textarea.shift_tab_hint": "Sem indentação nesta linha. Pressione <kbd>Shift</kbd> + <kbd>Tab</kbd> novamente ou <kbd>Esc</kbd> para sair do editor.",
+    "admin.dashboard.cleanup_offline_runners": "Limpar runners desconectados",
+    "avatar.constraints_hint": "Imagem de perfil personalizada não pode exceder %[1]s em tamanho ou ser maior que %[2]dx%[3]d pixels",
+    "settings.visibility.description": "A visibilidade do perfil afeta a habilidade de acessarem seus repositórios não-privados. <a href=\"%s\" target=\"_blank\">Saiba mais</a>"
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index da27faa2ce..78e6dc4493 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -101,5 +101,7 @@
     "editor.textarea.tab_hint": "Linha já indentada. Pressione <kbd>Tab</kbd> novamente ou <kbd>Escape</kbd> para sair do editor.",
     "editor.textarea.shift_tab_hint": "Sem indentação nesta linha. Pressione <kbd>Shift</kbd> + <kbd>Tab</kbd> novamente ou <kbd>Escape</kbd> para sair do editor.",
     "stars.list.none": "Ninguém juntou este repositório aos favoritos.",
-    "admin.dashboard.cleanup_offline_runners": "Limpeza de executores offline"
+    "admin.dashboard.cleanup_offline_runners": "Limpeza de executores offline",
+    "settings.visibility.description": "A visibilidade do perfil afecta a capacidade de outros acederem aos seus repositórios não privados. <a href=\"%s\" target=\"_blank\">Ler mais</a>",
+    "avatar.constraints_hint": "O avatar personalizado não pode exceder %[1]s de tamanho ou ser maior do que %[2]dx%[3]d pixéis"
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 6dd2b6fb7e..8992cc6abd 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -101,5 +101,9 @@
     "moderation.report_abuse_form.header": "Жалоба администрации",
     "editor.textarea.tab_hint": "Отступ уже добавлен. Нажмите <kbd>Tab</kbd> снова или <kbd>Escape</kbd>, чтобы покинуть редактор.",
     "editor.textarea.shift_tab_hint": "В строке нет отступов. Нажмите <kbd>Shift</kbd> + <kbd>Tab</kbd> снова или <kbd>Escape</kbd>, чтобы покинуть редактор.",
-    "admin.dashboard.cleanup_offline_runners": "Удалить недоступных исполнителей"
+    "admin.dashboard.cleanup_offline_runners": "Удалить недоступных исполнителей",
+    "avatar.constraints_hint": "Изображение профиля не может быть более %[1]s и крупнее %[2]dx%[3]d пикселей",
+    "settings.visibility.description": "Видимость профиля влияет на доступ других до ваших не частных репозиториев. <a href=\"%s\" target=\"_blank\">Подробнее</a>",
+    "repo.diff.commit.previous-short": "Предыдущий",
+    "repo.diff.commit.next-short": "Далее"
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index 53b25dffcb..9a8762212c 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -56,7 +56,7 @@
     "mail.actions.successful_run_after_failure": "Arbetsflöde %[1]s återställdes i förrådet %[2]s",
     "mail.actions.not_successful_run": "Arbetsflödet %[1]s misslyckades i förrådet %[2]s",
     "editor.textarea.shift_tab_hint": "Ingen indragning på den här raden. Tryck på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
-    "meta.last_line": "Tack för att du översatte Forgejo! Daniel Nylander heter jag. https://www.danielnylander.se",
+    "meta.last_line": "Daniel Nylander heter jag och har översatt Forgejo. Mer information om mig på https://www.danielnylander.se",
     "editor.textarea.tab_hint": "Raden är redan indragen. Tryck på <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
     "home.welcome.no_activity": "Ingen aktivitet",
     "home.welcome.activity_hint": "Det finns inget i ditt flöde ännu. Dina åtgärder och aktivitet från förråd som du bevakar kommer att visas här.",
@@ -93,5 +93,7 @@
     "moderation.abuse_category": "Kategori",
     "moderation.abuse_category.placeholder": "Välj en kategori",
     "moderation.abuse_category.spam": "Skräppost",
-    "moderation.abuse_category.malware": "Skadlig kod"
+    "moderation.abuse_category.malware": "Skadlig kod",
+    "settings.visibility.description": "Profilens synlighet påverkar andras möjlighet att komma åt dina icke-privata förråd. <a href=\"%s\" target=\"_blank\">Läs mer</a>",
+    "avatar.constraints_hint": "Anpassade avatarer får inte vara större än %[1] eller %[2]dx%[3] bildpunkter"
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index a00d368f4a..c3bcf5397c 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -88,10 +88,10 @@
     "moderation.report_abuse_form.details": "Використовуйте цю форму, щоб повідомити про користувачів, які створюють спам-профілі, репозиторії, задачі, коментарі або поводяться неналежним чином.",
     "moderation.abuse_category": "Категорія",
     "moderation.abuse_category.other_violations": "Інші порушення правил платформи",
-    "moderation.reporting_failed": "Не вдалося надіслати нове повідомлення про порушення: %v",
+    "moderation.reporting_failed": "Не вдалося надіслати повідомлення про порушення: %v",
     "moderation.report_remarks": "Подробиці",
     "moderation.reported_thank_you": "Дякуємо за ваше повідомлення. Адміністрацію поінформовано про нього.",
-    "repo.form.cannot_create": "Усі простори, в яких ви можете створювати репозиторії, досягли максимальної кількості репозиторіїв.",
+    "repo.form.cannot_create": "У всіх просторах, де ви можете створювати репозиторії, досягнуто обмеження кількості репозиторіїв.",
     "repo.issue_indexer.title": "Індексатор задач",
     "followers.incoming.list.self.none": "Ніхто не стежить за вашим профілем.",
     "followers.incoming.list.none": "Ніхто не стежить за цим користувачем.",
@@ -102,5 +102,8 @@
     "editor.textarea.tab_hint": "У рядку вже є відступ. Натисніть <kbd>Tab</kbd> ще раз або <kbd>Esc</kbd>, щоб вийти з редактора.",
     "editor.textarea.shift_tab_hint": "У цьому рядку немає відступів. Натисніть <kbd>Shift</kbd> + <kbd>Tab</kbd> ще раз або <kbd>Esc</kbd>, щоб вийти з редактора.",
     "admin.dashboard.cleanup_offline_runners": "Очистити неактивні раннери",
-    "settings.visibility.description": "Видимість профілю впливає на можливість інших користувачів отримати доступ до ваших неприватних репозиторіїв. <a href=\"%s\" target=\"_blank\">Дізнатися більше</a>"
+    "settings.visibility.description": "Видимість профілю впливає на можливість інших користувачів отримати доступ до ваших неприватних репозиторіїв. <a href=\"%s\" target=\"_blank\">Дізнатися більше</a>",
+    "avatar.constraints_hint": "Розмір користувацького аватара не може перевищувати %[1]s або бути більшим за %[2]d×%[3]d пікселів",
+    "repo.diff.commit.next-short": "Наступний",
+    "repo.diff.commit.previous-short": "Попередній"
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 721e2ad839..e7c1bad81e 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -69,5 +69,7 @@
     "followers.incoming.list.self.none": "没有人关注你的个人资料。",
     "editor.textarea.tab_hint": "此行已缩进。再次按 <kbd>Tab</kbd> 或按 <kbd>Escape</kbd> 退出编辑器。",
     "editor.textarea.shift_tab_hint": "此行无缩进。再次按 <kbd>Shift</kbd> + <kbd>Tab</kbd> 或按 <kbd>Escape</kbd> 退出编辑器。",
-    "admin.dashboard.cleanup_offline_runners": "清理离线运行器"
+    "admin.dashboard.cleanup_offline_runners": "清理离线运行器",
+    "settings.visibility.description": "个人资料可见性设置会影响他人对您的非私有仓库的访问。<a href=\"%s\" target=\"_blank\">了解更多</a>",
+    "avatar.constraints_hint": "自定义头像大小不得超过 %[1]s，或大于 %[2]d×%[3]d 像素"
 }

From 285f66b782491d05e35aa81a6e1a0fede85069b4 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Thu, 19 Jun 2025 18:31:08 +0200
Subject: [PATCH 21/39] fix: prevent 500 message on invalid username (#8236)

Bug introduced by #7998

### Tests

- go to your settings page https://v12.next.forgejo.org/user/settings
- try to change to an invalid username (like `.well--invalid`)
- verify that no 500 error is shown, only a flash message

I tried to add a test in `tests/integration/user_test.go`, but failed to catch the error message:

```
		resp := session.MakeRequest(t, req, http.StatusOK)
		txt := resp.Body.String()
		t.Log(txt) // no template error??
		t.FailNow()
```

### Release notes

- [x] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8236
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
---
 routers/web/user/setting/profile.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/routers/web/user/setting/profile.go b/routers/web/user/setting/profile.go
index 0ddb1b21f5..400ee71f08 100644
--- a/routers/web/user/setting/profile.go
+++ b/routers/web/user/setting/profile.go
@@ -66,6 +66,9 @@ func ProfilePost(ctx *context.Context) {
 	ctx.Data["DisableGravatar"] = setting.Config().Picture.DisableGravatar.Value(ctx)
 	ctx.Data["CooldownPeriod"] = setting.Service.UsernameCooldownPeriod
 	ctx.Data["CommonPronouns"] = commonPronouns
+	ctx.Data["MaxAvatarFileSize"] = setting.Avatar.MaxFileSize
+	ctx.Data["MaxAvatarWidth"] = setting.Avatar.MaxWidth
+	ctx.Data["MaxAvatarHeight"] = setting.Avatar.MaxHeight
 
 	if ctx.HasError() {
 		ctx.HTML(http.StatusOK, tplSettingsProfile)

From 913eaffb8ac3cb3394f240e40cc7134d0483f970 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Thu, 19 Jun 2025 18:35:09 +0200
Subject: [PATCH 22/39] fix: collaborator can edit wiki with write access
 (#8234)

fixes: #8119, replaces #8135

Bug likely introduced in 5eeccecafc578e1b1d9ce4e7503bcc0812a04be4

### Tests

- I added test coverage for Go changes in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8234
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
---
 routers/web/repo/setting/setting.go |   4 +-
 tests/integration/repo_wiki_test.go | 103 ++++++++++++++++++++++++++++
 2 files changed, 104 insertions(+), 3 deletions(-)

diff --git a/routers/web/repo/setting/setting.go b/routers/web/repo/setting/setting.go
index b65d1fbc92..6f35e19880 100644
--- a/routers/web/repo/setting/setting.go
+++ b/routers/web/repo/setting/setting.go
@@ -153,11 +153,9 @@ func UnitsPost(ctx *context.Context) {
 		})
 		deleteUnitTypes = append(deleteUnitTypes, unit_model.TypeWiki)
 	} else if form.EnableWiki && !form.EnableExternalWiki && !unit_model.TypeWiki.UnitGlobalDisabled() {
-		var wikiPermissions repo_model.UnitAccessMode
+		wikiPermissions := repo_model.UnitAccessModeUnset
 		if form.GloballyWriteableWiki {
 			wikiPermissions = repo_model.UnitAccessModeWrite
-		} else {
-			wikiPermissions = repo_model.UnitAccessModeRead
 		}
 		units = append(units, repo_model.RepoUnit{
 			RepoID:             repo.ID,
diff --git a/tests/integration/repo_wiki_test.go b/tests/integration/repo_wiki_test.go
index 96d0b3dda8..7ade01bf10 100644
--- a/tests/integration/repo_wiki_test.go
+++ b/tests/integration/repo_wiki_test.go
@@ -6,6 +6,8 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"net/http/httptest"
+	"strings"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
@@ -113,3 +115,104 @@ func TestWikiTOC(t *testing.T) {
 		assert.Equal(t, "Helpdesk", htmlDoc.Find(".wiki-content-toc a").Text())
 	})
 }
+
+func canEditWiki(t *testing.T, username, url string, canEdit bool) {
+	t.Helper()
+	// t.Parallel()
+
+	req := NewRequest(t, "GET", url)
+
+	var resp *httptest.ResponseRecorder
+	if username != "" {
+		session := loginUser(t, username)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+	} else {
+		resp = MakeRequest(t, req, http.StatusOK)
+	}
+	doc := NewHTMLParser(t, resp.Body)
+	res := doc.Find(`a[href^="` + url + `"]`).Map(func(_ int, el *goquery.Selection) string {
+		return el.AttrOr("href", "")
+	})
+	found := false
+	for _, href := range res {
+		if strings.HasSuffix(href, "?action=_new") {
+			if !canEdit {
+				t.Errorf("unexpected edit link: %s", href)
+			}
+			found = true
+			break
+		}
+	}
+	if canEdit {
+		assert.True(t, found, "could not find ?action=_new link among %v", res)
+	}
+}
+
+func TestWikiPermissions(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("default settings", func(t *testing.T) {
+		t.Run("anonymous", func(t *testing.T) {
+			canEditWiki(t, "", "/user5/repo4/wiki", false)
+		})
+		t.Run("owner", func(t *testing.T) {
+			canEditWiki(t, "user5", "/user5/repo4/wiki", true)
+		})
+		t.Run("collaborator", func(t *testing.T) {
+			canEditWiki(t, "user4", "/user5/repo4/wiki", true)
+			canEditWiki(t, "user29", "/user5/repo4/wiki", true)
+		})
+		t.Run("other user", func(t *testing.T) {
+			canEditWiki(t, "user2", "/user5/repo4/wiki", false)
+		})
+	})
+
+	t.Run("saved unchanged settings", func(t *testing.T) {
+		session := loginUser(t, "user5")
+		csrf := GetCSRF(t, session, "/user5/repo4/settings/units")
+		req := NewRequestWithValues(t, "POST", "/user5/repo4/settings/units", map[string]string{
+			"_csrf":       csrf,
+			"enable_wiki": "on",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		t.Run("anonymous", func(t *testing.T) {
+			canEditWiki(t, "", "/user5/repo4/wiki", false)
+		})
+		t.Run("owner", func(t *testing.T) {
+			canEditWiki(t, "user5", "/user5/repo4/wiki", true)
+		})
+		t.Run("collaborator", func(t *testing.T) {
+			canEditWiki(t, "user4", "/user5/repo4/wiki", true)
+			canEditWiki(t, "user29", "/user5/repo4/wiki", true)
+		})
+		t.Run("other user", func(t *testing.T) {
+			canEditWiki(t, "user2", "/user5/repo4/wiki", false)
+		})
+	})
+
+	t.Run("globally writable", func(t *testing.T) {
+		session := loginUser(t, "user5")
+		csrf := GetCSRF(t, session, "/user5/repo4/settings/units")
+		req := NewRequestWithValues(t, "POST", "/user5/repo4/settings/units", map[string]string{
+			"_csrf":                   csrf,
+			"enable_wiki":             "on",
+			"globally_writeable_wiki": "on",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		t.Run("anonymous", func(t *testing.T) {
+			canEditWiki(t, "", "/user5/repo4/wiki", false)
+		})
+		t.Run("owner", func(t *testing.T) {
+			canEditWiki(t, "user5", "/user5/repo4/wiki", true)
+		})
+		t.Run("collaborator", func(t *testing.T) {
+			canEditWiki(t, "user4", "/user5/repo4/wiki", true)
+			canEditWiki(t, "user29", "/user5/repo4/wiki", true)
+		})
+		t.Run("other user", func(t *testing.T) {
+			canEditWiki(t, "user2", "/user5/repo4/wiki", true)
+		})
+	})
+}

From 31ad7c9353ca1c82bb5785b5391efdd350be40d8 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Thu, 19 Jun 2025 18:36:12 +0200
Subject: [PATCH 23/39] blob: GetBlobContent: reduce allocations (#8223)

See #8222 for context.

## git.Blob.NewTruncatedReader

This introduce a new `NewTruncatedReader` method to return a blob-reader which silently truncates when the limit is reached (io.EOF will be returned).
Since the actual size is also returned `GetBlobContent` can pre-allocate a `[]byte` of the full-size (min of the asked size and the actual size) and call `io.ReadFull(rc, buf)` (instead of `util.ReadWithLimit(dataRc, int(limit))` which is convoluted and not used anywhere else).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8223
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
---
 modules/git/blob.go      | 89 ++++++++++++++++++++++++++--------------
 modules/git/blob_test.go | 37 +++++++++++++++++
 modules/util/io.go       | 37 -----------------
 modules/util/io_test.go  | 67 ------------------------------
 4 files changed, 95 insertions(+), 135 deletions(-)
 delete mode 100644 modules/util/io_test.go

diff --git a/modules/git/blob.go b/modules/git/blob.go
index 3fda358938..8c5c275146 100644
--- a/modules/git/blob.go
+++ b/modules/git/blob.go
@@ -12,7 +12,6 @@ import (
 
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/typesniffer"
-	"forgejo.org/modules/util"
 )
 
 // Blob represents a Git object.
@@ -25,42 +24,25 @@ type Blob struct {
 	repo    *Repository
 }
 
-// DataAsync gets a ReadCloser for the contents of a blob without reading it all.
-// Calling the Close function on the result will discard all unread output.
-func (b *Blob) DataAsync() (io.ReadCloser, error) {
+func (b *Blob) newReader() (*bufio.Reader, int64, func(), error) {
 	wr, rd, cancel, err := b.repo.CatFileBatch(b.repo.Ctx)
 	if err != nil {
-		return nil, err
+		return nil, 0, nil, err
 	}
 
 	_, err = wr.Write([]byte(b.ID.String() + "\n"))
 	if err != nil {
 		cancel()
-		return nil, err
+		return nil, 0, nil, err
 	}
 	_, _, size, err := ReadBatchLine(rd)
 	if err != nil {
 		cancel()
-		return nil, err
+		return nil, 0, nil, err
 	}
 	b.gotSize = true
 	b.size = size
-
-	if size < 4096 {
-		bs, err := io.ReadAll(io.LimitReader(rd, size))
-		defer cancel()
-		if err != nil {
-			return nil, err
-		}
-		_, err = rd.Discard(1)
-		return io.NopCloser(bytes.NewReader(bs)), err
-	}
-
-	return &blobReader{
-		rd:     rd,
-		n:      size,
-		cancel: cancel,
-	}, nil
+	return rd, size, cancel, err
 }
 
 // Size returns the uncompressed size of the blob
@@ -91,10 +73,36 @@ func (b *Blob) Size() int64 {
 	return b.size
 }
 
+// DataAsync gets a ReadCloser for the contents of a blob without reading it all.
+// Calling the Close function on the result will discard all unread output.
+func (b *Blob) DataAsync() (io.ReadCloser, error) {
+	rd, size, cancel, err := b.newReader()
+	if err != nil {
+		return nil, err
+	}
+
+	if size < 4096 {
+		bs, err := io.ReadAll(io.LimitReader(rd, size))
+		defer cancel()
+		if err != nil {
+			return nil, err
+		}
+		_, err = rd.Discard(1)
+		return io.NopCloser(bytes.NewReader(bs)), err
+	}
+
+	return &blobReader{
+		rd:     rd,
+		n:      size,
+		cancel: cancel,
+	}, nil
+}
+
 type blobReader struct {
-	rd     *bufio.Reader
-	n      int64
-	cancel func()
+	rd                *bufio.Reader
+	n                 int64 // number of bytes to read
+	additionalDiscard int64 // additional number of bytes to discard
+	cancel            func()
 }
 
 func (b *blobReader) Read(p []byte) (n int, err error) {
@@ -117,7 +125,8 @@ func (b *blobReader) Close() error {
 
 	defer b.cancel()
 
-	if err := DiscardFull(b.rd, b.n+1); err != nil {
+	// discard the unread bytes, the truncated bytes and the trailing newline
+	if err := DiscardFull(b.rd, b.n+b.additionalDiscard+1); err != nil {
 		return err
 	}
 
@@ -131,17 +140,35 @@ func (b *Blob) Name() string {
 	return b.name
 }
 
-// GetBlobContent Gets the limited content of the blob as raw text
+// NewTruncatedReader return a blob-reader which silently truncates when the limit is reached (io.EOF will be returned)
+func (b *Blob) NewTruncatedReader(limit int64) (rc io.ReadCloser, fullSize int64, err error) {
+	r, fullSize, cancel, err := b.newReader()
+	if err != nil {
+		return nil, fullSize, err
+	}
+
+	limit = min(limit, fullSize)
+	return &blobReader{
+		rd:                r,
+		n:                 limit,
+		additionalDiscard: fullSize - limit,
+		cancel:            cancel,
+	}, fullSize, nil
+}
+
+// GetBlobContent Gets the truncated content of the blob as raw text
 func (b *Blob) GetBlobContent(limit int64) (string, error) {
 	if limit <= 0 {
 		return "", nil
 	}
-	dataRc, err := b.DataAsync()
+	rc, fullSize, err := b.NewTruncatedReader(limit)
 	if err != nil {
 		return "", err
 	}
-	defer dataRc.Close()
-	buf, err := util.ReadWithLimit(dataRc, int(limit))
+	defer rc.Close()
+
+	buf := make([]byte, min(fullSize, limit))
+	_, err = io.ReadFull(rc, buf)
 	return string(buf), err
 }
 
diff --git a/modules/git/blob_test.go b/modules/git/blob_test.go
index 810964b33d..2f81bb84e0 100644
--- a/modules/git/blob_test.go
+++ b/modules/git/blob_test.go
@@ -35,6 +35,43 @@ func TestBlob_Data(t *testing.T) {
 	assert.Equal(t, output, string(data))
 }
 
+func TestBlob_GetBlobContent(t *testing.T) {
+	bareRepo1Path := filepath.Join(testReposDir, "repo1_bare")
+	repo, err := openRepositoryWithDefaultContext(bareRepo1Path)
+	require.NoError(t, err)
+
+	defer repo.Close()
+
+	testBlob, err := repo.GetBlob("6c493ff740f9380390d5c9ddef4af18697ac9375")
+	require.NoError(t, err)
+
+	r, err := testBlob.GetBlobContent(100)
+	require.NoError(t, err)
+	require.Equal(t, "file2\n", r)
+
+	r, err = testBlob.GetBlobContent(-1)
+	require.NoError(t, err)
+	require.Empty(t, r)
+
+	r, err = testBlob.GetBlobContent(4)
+	require.NoError(t, err)
+	require.Equal(t, "file", r)
+
+	r, err = testBlob.GetBlobContent(6)
+	require.NoError(t, err)
+	require.Equal(t, "file2\n", r)
+
+	t.Run("non-existing blob", func(t *testing.T) {
+		inexistingBlob, err := repo.GetBlob("00003ff740f9380390d5c9ddef4af18690000000")
+		require.NoError(t, err)
+
+		r, err := inexistingBlob.GetBlobContent(100)
+		require.Error(t, err)
+		require.IsType(t, ErrNotExist{}, err)
+		require.Empty(t, r)
+	})
+}
+
 func Benchmark_Blob_Data(b *testing.B) {
 	bareRepo1Path := filepath.Join(testReposDir, "repo1_bare")
 	repo, err := openRepositoryWithDefaultContext(bareRepo1Path)
diff --git a/modules/util/io.go b/modules/util/io.go
index 1559b019a0..4c99004c0c 100644
--- a/modules/util/io.go
+++ b/modules/util/io.go
@@ -4,7 +4,6 @@
 package util
 
 import (
-	"bytes"
 	"errors"
 	"io"
 )
@@ -20,42 +19,6 @@ func ReadAtMost(r io.Reader, buf []byte) (n int, err error) {
 	return n, err
 }
 
-// ReadWithLimit reads at most "limit" bytes from r into buf.
-// If EOF or ErrUnexpectedEOF occurs while reading, err will be nil.
-func ReadWithLimit(r io.Reader, n int) (buf []byte, err error) {
-	return readWithLimit(r, 1024, n)
-}
-
-func readWithLimit(r io.Reader, batch, limit int) ([]byte, error) {
-	if limit <= batch {
-		buf := make([]byte, limit)
-		n, err := ReadAtMost(r, buf)
-		if err != nil {
-			return nil, err
-		}
-		return buf[:n], nil
-	}
-	res := bytes.NewBuffer(make([]byte, 0, batch))
-	bufFix := make([]byte, batch)
-	eof := false
-	for res.Len() < limit && !eof {
-		bufTmp := bufFix
-		if res.Len()+batch > limit {
-			bufTmp = bufFix[:limit-res.Len()]
-		}
-		n, err := io.ReadFull(r, bufTmp)
-		if err == io.EOF || err == io.ErrUnexpectedEOF {
-			eof = true
-		} else if err != nil {
-			return nil, err
-		}
-		if _, err = res.Write(bufTmp[:n]); err != nil {
-			return nil, err
-		}
-	}
-	return res.Bytes(), nil
-}
-
 // ErrNotEmpty is an error reported when there is a non-empty reader
 var ErrNotEmpty = errors.New("not-empty")
 
diff --git a/modules/util/io_test.go b/modules/util/io_test.go
deleted file mode 100644
index 870e713646..0000000000
--- a/modules/util/io_test.go
+++ /dev/null
@@ -1,67 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package util
-
-import (
-	"bytes"
-	"errors"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-type readerWithError struct {
-	buf *bytes.Buffer
-}
-
-func (r *readerWithError) Read(p []byte) (n int, err error) {
-	if r.buf.Len() < 2 {
-		return 0, errors.New("test error")
-	}
-	return r.buf.Read(p)
-}
-
-func TestReadWithLimit(t *testing.T) {
-	bs := []byte("0123456789abcdef")
-
-	// normal test
-	buf, err := readWithLimit(bytes.NewBuffer(bs), 5, 2)
-	require.NoError(t, err)
-	assert.Equal(t, []byte("01"), buf)
-
-	buf, err = readWithLimit(bytes.NewBuffer(bs), 5, 5)
-	require.NoError(t, err)
-	assert.Equal(t, []byte("01234"), buf)
-
-	buf, err = readWithLimit(bytes.NewBuffer(bs), 5, 6)
-	require.NoError(t, err)
-	assert.Equal(t, []byte("012345"), buf)
-
-	buf, err = readWithLimit(bytes.NewBuffer(bs), 5, len(bs))
-	require.NoError(t, err)
-	assert.Equal(t, []byte("0123456789abcdef"), buf)
-
-	buf, err = readWithLimit(bytes.NewBuffer(bs), 5, 100)
-	require.NoError(t, err)
-	assert.Equal(t, []byte("0123456789abcdef"), buf)
-
-	// test with error
-	buf, err = readWithLimit(&readerWithError{bytes.NewBuffer(bs)}, 5, 10)
-	require.NoError(t, err)
-	assert.Equal(t, []byte("0123456789"), buf)
-
-	buf, err = readWithLimit(&readerWithError{bytes.NewBuffer(bs)}, 5, 100)
-	require.ErrorContains(t, err, "test error")
-	assert.Empty(t, buf)
-
-	// test public function
-	buf, err = ReadWithLimit(bytes.NewBuffer(bs), 2)
-	require.NoError(t, err)
-	assert.Equal(t, []byte("01"), buf)
-
-	buf, err = ReadWithLimit(bytes.NewBuffer(bs), 9999999)
-	require.NoError(t, err)
-	assert.Equal(t, []byte("0123456789abcdef"), buf)
-}

From ef27d55468c49202e9ab66b23f594601abfd1fc1 Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Thu, 19 Jun 2025 19:10:11 +0200
Subject: [PATCH 24/39] chore(ui): add integration tests for issue comment
 badges and avatars

---
 tests/integration/issue_comment_test.go | 66 ++++++++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/tests/integration/issue_comment_test.go b/tests/integration/issue_comment_test.go
index a09dd7c45e..ee62b418f4 100644
--- a/tests/integration/issue_comment_test.go
+++ b/tests/integration/issue_comment_test.go
@@ -14,9 +14,36 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func testIssueCommentChangeEvent(t *testing.T, htmlDoc *HTMLDoc, commentID string, texts, links []string) {
+func testIssueCommentChangeEvent(t *testing.T, htmlDoc *HTMLDoc, commentID, badgeOcticon, avatarTitle, avatarLink string, texts, links []string) {
+	// Check badge octicon
+	badge := htmlDoc.Find("#issuecomment-" + commentID + " .badge svg." + badgeOcticon)
+	assert.Equal(t, 1, badge.Length())
+
+	// Check avatar title
+	avatarImg := htmlDoc.Find("#issuecomment-" + commentID + " img.avatar")
+	if len(avatarTitle) == 0 {
+		assert.Zero(t, avatarImg.Length())
+	} else {
+		assert.Equal(t, 1, avatarImg.Length())
+		title, exists := avatarImg.Attr("title")
+		assert.True(t, exists)
+		assert.Equal(t, avatarTitle, title)
+	}
+
+	// Check avatar link
+	avatarA := htmlDoc.Find("#issuecomment-" + commentID + " a.avatar")
+	if len(avatarLink) == 0 {
+		assert.Zero(t, avatarA.Length())
+	} else {
+		assert.Equal(t, 1, avatarA.Length())
+		href, exists := avatarA.Attr("href")
+		assert.True(t, exists)
+		assert.Equal(t, avatarLink, href)
+	}
+
 	event := htmlDoc.Find("#issuecomment-" + commentID + " .text")
 
+	// Check text content
 	for _, text := range texts {
 		assert.Contains(t, strings.Join(strings.Fields(event.Text()), " "), text)
 	}
@@ -32,8 +59,10 @@ func testIssueCommentChangeEvent(t *testing.T, htmlDoc *HTMLDoc, commentID strin
 		}
 	})
 
+	// Check anchors (id)
 	assert.Equal(t, []string{"event-" + commentID}, ids)
 
+	// Check links (href)
 	issueCommentLink := "#issuecomment-" + commentID
 	found := false
 	for _, link := range links {
@@ -57,24 +86,28 @@ func TestIssueCommentChangeMilestone(t *testing.T) {
 
 	// Add milestone
 	testIssueCommentChangeEvent(t, htmlDoc, "2000",
+		"octicon-milestone", "User One", "/user1",
 		[]string{"user1 added this to the milestone1 milestone"},
 		[]string{"/user1"})
 	// []string{"/user1", "/user2/repo1/milestone/1"})
 
 	// Modify milestone
 	testIssueCommentChangeEvent(t, htmlDoc, "2001",
+		"octicon-milestone", "User One", "/user1",
 		[]string{"user1 modified the milestone from milestone1 to milestone2"},
 		[]string{"/user1"})
 	// []string{"/user1", "/user2/repo1/milestone/1", "/user2/repo1/milestone/2"})
 
 	// Remove milestone
 	testIssueCommentChangeEvent(t, htmlDoc, "2002",
+		"octicon-milestone", "User One", "/user1",
 		[]string{"user1 removed this from the milestone2 milestone"},
 		[]string{"/user1"})
 	// []string{"/user1", "/user2/repo1/milestone/2"})
 
 	// Deleted milestone
 	testIssueCommentChangeEvent(t, htmlDoc, "2003",
+		"octicon-milestone", "User One", "/user1",
 		[]string{"user1 added this to the (deleted) milestone"},
 		[]string{"/user1"})
 }
@@ -88,24 +121,28 @@ func TestIssueCommentChangeProject(t *testing.T) {
 
 	// Add project
 	testIssueCommentChangeEvent(t, htmlDoc, "2010",
+		"octicon-project", "User One", "/user1",
 		[]string{"user1 added this to the First project project"},
 		[]string{"/user1"})
 	// []string{"/user1", "/user2/repo1/projects/1"})
 
 	// Modify project
 	testIssueCommentChangeEvent(t, htmlDoc, "2011",
+		"octicon-project", "User One", "/user1",
 		[]string{"user1 modified the project from First project to second project"},
 		[]string{"/user1"})
 	// []string{"/user1", "/user2/repo1/projects/1", "/user2/repo1/projects/2"})
 
 	// Remove project
 	testIssueCommentChangeEvent(t, htmlDoc, "2012",
+		"octicon-project", "User One", "/user1",
 		[]string{"user1 removed this from the second project project"},
 		[]string{"/user1"})
 	// []string{"/user1", "/user2/repo1/projects/2"})
 
 	// Deleted project
 	testIssueCommentChangeEvent(t, htmlDoc, "2013",
+		"octicon-project", "User One", "/user1",
 		[]string{"user1 added this to the (deleted) project"},
 		[]string{"/user1"})
 }
@@ -119,28 +156,33 @@ func TestIssueCommentChangeLabel(t *testing.T) {
 
 	// Add multiple labels
 	testIssueCommentChangeEvent(t, htmlDoc, "2020",
+		"octicon-tag", "User One", "/user1",
 		[]string{"user1 added the label1 label2 labels "},
 		[]string{"/user1", "/user2/repo1/issues?labels=1", "/user2/repo1/issues?labels=2"})
 	assert.Empty(t, htmlDoc.Find("#issuecomment-2021 .text").Text())
 
 	// Remove single label
 	testIssueCommentChangeEvent(t, htmlDoc, "2022",
+		"octicon-tag", "< U<se>r Tw<o > ><", "/user2",
 		[]string{"user2 removed the label1 label "},
 		[]string{"/user2", "/user2/repo1/issues?labels=1"})
 
 	// Modify labels (add and remove)
 	testIssueCommentChangeEvent(t, htmlDoc, "2023",
+		"octicon-tag", "User One", "/user1",
 		[]string{"user1 added label1 and removed label2 labels "},
 		[]string{"/user1", "/user2/repo1/issues?labels=1", "/user2/repo1/issues?labels=2"})
 	assert.Empty(t, htmlDoc.Find("#issuecomment-2024 .text").Text())
 
 	// Add single label
 	testIssueCommentChangeEvent(t, htmlDoc, "2025",
+		"octicon-tag", "< U<se>r Tw<o > ><", "/user2",
 		[]string{"user2 added the label2 label "},
 		[]string{"/user2", "/user2/repo1/issues?labels=2"})
 
 	// Remove multiple labels
 	testIssueCommentChangeEvent(t, htmlDoc, "2026",
+		"octicon-tag", "User One", "/user1",
 		[]string{"user1 removed the label1 label2 labels "},
 		[]string{"/user1", "/user2/repo1/issues?labels=1", "/user2/repo1/issues?labels=2"})
 	assert.Empty(t, htmlDoc.Find("#issuecomment-2027 .text").Text())
@@ -155,23 +197,27 @@ func TestIssueCommentChangeAssignee(t *testing.T) {
 
 	// Self-assign
 	testIssueCommentChangeEvent(t, htmlDoc, "2040",
+		"octicon-person", "User One", "/user1",
 		[]string{"user1 self-assigned this"},
 		[]string{"/user1"})
 
 	// Remove other
 	testIssueCommentChangeEvent(t, htmlDoc, "2041",
+		"octicon-person", "User One", "/user1",
 		[]string{"user1 was unassigned by user2"},
 		[]string{"/user1"})
 	// []string{"/user1", "/user2"})
 
 	// Add other
 	testIssueCommentChangeEvent(t, htmlDoc, "2042",
+		"octicon-person", "< U<se>r Tw<o > ><", "/user2",
 		[]string{"user2 was assigned by user1"},
 		[]string{"/user2"})
 	// []string{"/user2", "/user1"})
 
 	// Self-remove
 	testIssueCommentChangeEvent(t, htmlDoc, "2043",
+		"octicon-person", "< U<se>r Tw<o > ><", "/user2",
 		[]string{"user2 removed their assignment"},
 		[]string{"/user2"})
 }
@@ -185,21 +231,25 @@ func TestIssueCommentChangeLock(t *testing.T) {
 
 	// Lock without reason
 	testIssueCommentChangeEvent(t, htmlDoc, "2050",
+		"octicon-lock", "User One", "/user1",
 		[]string{"user1 locked and limited conversation to collaborators"},
 		[]string{"/user1"})
 
 	// Unlock
 	testIssueCommentChangeEvent(t, htmlDoc, "2051",
+		"octicon-key", "User One", "/user1",
 		[]string{"user1 unlocked this conversation"},
 		[]string{"/user1"})
 
 	// Lock with reason
 	testIssueCommentChangeEvent(t, htmlDoc, "2052",
+		"octicon-lock", "User One", "/user1",
 		[]string{"user1 locked as Too heated and limited conversation to collaborators"},
 		[]string{"/user1"})
 
 	// Unlock
 	testIssueCommentChangeEvent(t, htmlDoc, "2053",
+		"octicon-key", "User One", "/user1",
 		[]string{"user1 unlocked this conversation"},
 		[]string{"/user1"})
 }
@@ -213,11 +263,13 @@ func TestIssueCommentChangePin(t *testing.T) {
 
 	// Pin
 	testIssueCommentChangeEvent(t, htmlDoc, "2060",
+		"octicon-pin", "User One", "/user1",
 		[]string{"user1 pinned this"},
 		[]string{"/user1"})
 
 	// Unpin
 	testIssueCommentChangeEvent(t, htmlDoc, "2061",
+		"octicon-pin", "User One", "/user1",
 		[]string{"user1 unpinned this"},
 		[]string{"/user1"})
 }
@@ -231,11 +283,13 @@ func TestIssueCommentChangeOpen(t *testing.T) {
 
 	// Close issue
 	testIssueCommentChangeEvent(t, htmlDoc, "2070",
+		"octicon-circle-slash", "User One", "/user1",
 		[]string{"user1 closed this issue"},
 		[]string{"/user1"})
 
 	// Reopen issue
 	testIssueCommentChangeEvent(t, htmlDoc, "2071",
+		"octicon-dot-fill", "< U<se>r Tw<o > ><", "/user2",
 		[]string{"user2 reopened this issue"},
 		[]string{"/user2"})
 
@@ -245,11 +299,13 @@ func TestIssueCommentChangeOpen(t *testing.T) {
 
 	// Close pull request
 	testIssueCommentChangeEvent(t, htmlDoc, "2072",
+		"octicon-circle-slash", "User One", "/user1",
 		[]string{"user1 closed this pull request"},
 		[]string{"/user1"})
 
 	// Reopen pull request
 	testIssueCommentChangeEvent(t, htmlDoc, "2073",
+		"octicon-dot-fill", "< U<se>r Tw<o > ><", "/user2",
 		[]string{"user2 reopened this pull request"},
 		[]string{"/user2"})
 }
@@ -263,21 +319,25 @@ func TestIssueCommentChangeIssueReference(t *testing.T) {
 
 	// Issue reference from issue
 	testIssueCommentChangeEvent(t, htmlDoc, "2080",
+		"octicon-bookmark", "User One", "/user1",
 		[]string{"user1 referenced this issue ", "issue5 #4"},
 		[]string{"/user1", "/user2/repo1/issues/4", "#issuecomment-2080", "/user2/repo1/issues/4"})
 
 	// Issue reference from pull
 	testIssueCommentChangeEvent(t, htmlDoc, "2081",
+		"octicon-bookmark", "User One", "/user1",
 		[]string{"user1 referenced this issue ", "issue2 #2"},
 		[]string{"/user1", "/user2/repo1/pulls/2", "#issuecomment-2081", "/user2/repo1/pulls/2"})
 
 	// Issue reference from issue in different repo
 	testIssueCommentChangeEvent(t, htmlDoc, "2082",
+		"octicon-bookmark", "User One", "/user1",
 		[]string{"user1 referenced this issue from org3/repo21", "just a normal issue #1"},
 		[]string{"/user1", "/org3/repo21/issues/1", "#issuecomment-2082", "/org3/repo21/issues/1"})
 
 	// Issue reference from pull in different repo
 	testIssueCommentChangeEvent(t, htmlDoc, "2083",
+		"octicon-bookmark", "User One", "/user1",
 		[]string{"user1 referenced this issue from user12/repo10 ", "pr2 #1"},
 		[]string{"/user1", "/user12/repo10/pulls/1", "#issuecomment-2083", "/user12/repo10/pulls/1"})
 }
@@ -291,21 +351,25 @@ func TestIssueCommentChangePullReference(t *testing.T) {
 
 	// Pull reference from issue
 	testIssueCommentChangeEvent(t, htmlDoc, "2090",
+		"octicon-bookmark", "User One", "/user1",
 		[]string{"user1 referenced this pull request ", "issue1 #1"},
 		[]string{"/user1", "/user2/repo1/issues/1", "#issuecomment-2090", "/user2/repo1/issues/1"})
 
 	// Pull reference from pull
 	testIssueCommentChangeEvent(t, htmlDoc, "2091",
+		"octicon-bookmark", "User One", "/user1",
 		[]string{"user1 referenced this pull request ", "issue2 #2"},
 		[]string{"/user1", "/user2/repo1/pulls/2", "#issuecomment-2091", "/user2/repo1/pulls/2"})
 
 	// Pull reference from issue in different repo
 	testIssueCommentChangeEvent(t, htmlDoc, "2092",
+		"octicon-bookmark", "User One", "/user1",
 		[]string{"user1 referenced this pull request from org3/repo21", "just a normal issue #1"},
 		[]string{"/user1", "/org3/repo21/issues/1", "#issuecomment-2092", "/org3/repo21/issues/1"})
 
 	// Pull reference from pull in different repo
 	testIssueCommentChangeEvent(t, htmlDoc, "2093",
+		"octicon-bookmark", "User One", "/user1",
 		[]string{"user1 referenced this pull request from user12/repo10 ", "pr2 #1"},
 		[]string{"/user1", "/user12/repo10/pulls/1", "#issuecomment-2093", "/user12/repo10/pulls/1"})
 }

From c78f56e7cbf1f645a064c25b4e32b06e6df5fb66 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Wed, 18 Jun 2025 12:39:26 +0200
Subject: [PATCH 25/39] git/blob: add truncated tests

---
 modules/git/blob_test.go | 95 +++++++++++++++++++++++++++++++++-------
 1 file changed, 79 insertions(+), 16 deletions(-)

diff --git a/modules/git/blob_test.go b/modules/git/blob_test.go
index 2f81bb84e0..54115013d3 100644
--- a/modules/git/blob_test.go
+++ b/modules/git/blob_test.go
@@ -35,7 +35,7 @@ func TestBlob_Data(t *testing.T) {
 	assert.Equal(t, output, string(data))
 }
 
-func TestBlob_GetBlobContent(t *testing.T) {
+func TestBlob(t *testing.T) {
 	bareRepo1Path := filepath.Join(testReposDir, "repo1_bare")
 	repo, err := openRepositoryWithDefaultContext(bareRepo1Path)
 	require.NoError(t, err)
@@ -45,30 +45,93 @@ func TestBlob_GetBlobContent(t *testing.T) {
 	testBlob, err := repo.GetBlob("6c493ff740f9380390d5c9ddef4af18697ac9375")
 	require.NoError(t, err)
 
-	r, err := testBlob.GetBlobContent(100)
-	require.NoError(t, err)
-	require.Equal(t, "file2\n", r)
+	t.Run("GetBlobContent", func(t *testing.T) {
+		r, err := testBlob.GetBlobContent(100)
+		require.NoError(t, err)
+		require.Equal(t, "file2\n", r)
 
-	r, err = testBlob.GetBlobContent(-1)
-	require.NoError(t, err)
-	require.Empty(t, r)
+		r, err = testBlob.GetBlobContent(-1)
+		require.NoError(t, err)
+		require.Empty(t, r)
 
-	r, err = testBlob.GetBlobContent(4)
-	require.NoError(t, err)
-	require.Equal(t, "file", r)
+		r, err = testBlob.GetBlobContent(4)
+		require.NoError(t, err)
+		require.Equal(t, "file", r)
 
-	r, err = testBlob.GetBlobContent(6)
-	require.NoError(t, err)
-	require.Equal(t, "file2\n", r)
+		r, err = testBlob.GetBlobContent(6)
+		require.NoError(t, err)
+		require.Equal(t, "file2\n", r)
+	})
 
-	t.Run("non-existing blob", func(t *testing.T) {
-		inexistingBlob, err := repo.GetBlob("00003ff740f9380390d5c9ddef4af18690000000")
+	t.Run("NewTruncatedReader", func(t *testing.T) {
+		// read fewer than available
+		rc, size, err := testBlob.NewTruncatedReader(100)
+		require.NoError(t, err)
+		require.Equal(t, int64(6), size)
+
+		buf := make([]byte, 1)
+		n, err := rc.Read(buf)
+		require.NoError(t, err)
+		require.Equal(t, 1, n)
+		require.Equal(t, "f", string(buf))
+		n, err = rc.Read(buf)
+		require.NoError(t, err)
+		require.Equal(t, 1, n)
+		require.Equal(t, "i", string(buf))
+
+		require.NoError(t, rc.Close())
+
+		// read more than available
+		rc, size, err = testBlob.NewTruncatedReader(100)
+		require.NoError(t, err)
+		require.Equal(t, int64(6), size)
+
+		buf = make([]byte, 100)
+		n, err = rc.Read(buf)
+		require.NoError(t, err)
+		require.Equal(t, 6, n)
+		require.Equal(t, "file2\n", string(buf[:n]))
+
+		n, err = rc.Read(buf)
+		require.Error(t, err)
+		require.Equal(t, io.EOF, err)
+		require.Equal(t, 0, n)
+
+		require.NoError(t, rc.Close())
+
+		// read more than truncated
+		rc, size, err = testBlob.NewTruncatedReader(4)
+		require.NoError(t, err)
+		require.Equal(t, int64(6), size)
+
+		buf = make([]byte, 10)
+		n, err = rc.Read(buf)
+		require.NoError(t, err)
+		require.Equal(t, 4, n)
+		require.Equal(t, "file", string(buf[:n]))
+
+		n, err = rc.Read(buf)
+		require.Error(t, err)
+		require.Equal(t, io.EOF, err)
+		require.Equal(t, 0, n)
+
+		require.NoError(t, rc.Close())
+	})
+
+	t.Run("NonExisting", func(t *testing.T) {
+		nonExistingBlob, err := repo.GetBlob("00003ff740f9380390d5c9ddef4af18690000000")
 		require.NoError(t, err)
 
-		r, err := inexistingBlob.GetBlobContent(100)
+		r, err := nonExistingBlob.GetBlobContent(100)
 		require.Error(t, err)
 		require.IsType(t, ErrNotExist{}, err)
 		require.Empty(t, r)
+
+		rc, size, err := nonExistingBlob.NewTruncatedReader(100)
+		require.Error(t, err)
+		require.IsType(t, ErrNotExist{}, err)
+		require.Empty(t, rc)
+		require.Empty(t, size)
 	})
 }
 

From dd79f0ce2b30d975f6c93024d81d32ed10632a6c Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Tue, 17 Jun 2025 13:35:46 +0200
Subject: [PATCH 26/39] blob: use NewTruncatedReader for markdown

---
 modules/markup/markdown/markdown.go    |   7 +-
 routers/web/org/home.go                |  10 ++-
 routers/web/user/profile.go            |  10 ++-
 tests/integration/org_profile_test.go  | 108 +++++++++++++++++++++++++
 tests/integration/user_profile_test.go |  41 ++++++++++
 5 files changed, 167 insertions(+), 9 deletions(-)
 create mode 100644 tests/integration/org_profile_test.go

diff --git a/modules/markup/markdown/markdown.go b/modules/markup/markdown/markdown.go
index 717da464b9..e811d29994 100644
--- a/modules/markup/markdown/markdown.go
+++ b/modules/markup/markdown/markdown.go
@@ -267,8 +267,13 @@ func Render(ctx *markup.RenderContext, input io.Reader, output io.Writer) error
 
 // RenderString renders Markdown string to HTML with all specific handling stuff and return string
 func RenderString(ctx *markup.RenderContext, content string) (template.HTML, error) {
+	return RenderReader(ctx, strings.NewReader(content))
+}
+
+// RenderReader renders Markdown io.Reader to HTML with all specific handling stuff and return string
+func RenderReader(ctx *markup.RenderContext, input io.Reader) (template.HTML, error) {
 	var buf strings.Builder
-	if err := Render(ctx, strings.NewReader(content), &buf); err != nil {
+	if err := Render(ctx, input, &buf); err != nil {
 		return "", err
 	}
 	return template.HTML(buf.String()), nil
diff --git a/routers/web/org/home.go b/routers/web/org/home.go
index a3823565ed..8f14f8899c 100644
--- a/routers/web/org/home.go
+++ b/routers/web/org/home.go
@@ -175,10 +175,12 @@ func prepareOrgProfileReadme(ctx *context.Context, profileGitRepo *git.Repositor
 		return
 	}
 
-	if bytes, err := profileReadme.GetBlobContent(setting.UI.MaxDisplayFileSize); err != nil {
-		log.Error("failed to GetBlobContent: %v", err)
+	if rc, _, err := profileReadme.NewTruncatedReader(setting.UI.MaxDisplayFileSize); err != nil {
+		log.Error("failed to NewTruncatedReader: %v", err)
 	} else {
-		if profileContent, err := markdown.RenderString(&markup.RenderContext{
+		defer rc.Close()
+
+		if profileContent, err := markdown.RenderReader(&markup.RenderContext{
 			Ctx:     ctx,
 			GitRepo: profileGitRepo,
 			Links: markup.Links{
@@ -188,7 +190,7 @@ func prepareOrgProfileReadme(ctx *context.Context, profileGitRepo *git.Repositor
 				BranchPath: path.Join("branch", util.PathEscapeSegments(profileDbRepo.DefaultBranch)),
 			},
 			Metas: map[string]string{"mode": "document"},
-		}, bytes); err != nil {
+		}, rc); err != nil {
 			log.Error("failed to RenderString: %v", err)
 		} else {
 			ctx.Data["ProfileReadme"] = profileContent
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index 58f6d4a5f2..78dd6c5e7c 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -264,10 +264,12 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 
 		total = int(count)
 	case "overview":
-		if bytes, err := profileReadme.GetBlobContent(setting.UI.MaxDisplayFileSize); err != nil {
-			log.Error("failed to GetBlobContent: %v", err)
+		if rc, _, err := profileReadme.NewTruncatedReader(setting.UI.MaxDisplayFileSize); err != nil {
+			log.Error("failed to NewTruncatedReader: %v", err)
 		} else {
-			if profileContent, err := markdown.RenderString(&markup.RenderContext{
+			defer rc.Close()
+
+			if profileContent, err := markdown.RenderReader(&markup.RenderContext{
 				Ctx:     ctx,
 				GitRepo: profileGitRepo,
 				Links: markup.Links{
@@ -280,7 +282,7 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 					BranchPath: path.Join("branch", util.PathEscapeSegments(profileDbRepo.DefaultBranch)),
 				},
 				Metas: map[string]string{"mode": "document"},
-			}, bytes); err != nil {
+			}, rc); err != nil {
 				log.Error("failed to RenderString: %v", err)
 			} else {
 				ctx.Data["ProfileReadme"] = profileContent
diff --git a/tests/integration/org_profile_test.go b/tests/integration/org_profile_test.go
new file mode 100644
index 0000000000..2211a8b3d2
--- /dev/null
+++ b/tests/integration/org_profile_test.go
@@ -0,0 +1,108 @@
+// Copyright 2024 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/http"
+	"net/url"
+	"strings"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	files_service "forgejo.org/services/repository/files"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestOrgProfile(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		checkReadme := func(t *testing.T, title, readmeFilename string, expectedCount int) {
+			t.Run(title, func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				// Prepare the test repository
+				org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})
+
+				var ops []*files_service.ChangeRepoFile
+				op := "create"
+				if readmeFilename != "README.md" {
+					ops = append(ops, &files_service.ChangeRepoFile{
+						Operation: "delete",
+						TreePath:  "README.md",
+					})
+				} else {
+					op = "update"
+				}
+				if readmeFilename != "" {
+					ops = append(ops, &files_service.ChangeRepoFile{
+						Operation:     op,
+						TreePath:      readmeFilename,
+						ContentReader: strings.NewReader("# Hi!\n"),
+					})
+				}
+
+				_, _, f := tests.CreateDeclarativeRepo(t, org3, ".profile", nil, nil, ops)
+				defer f()
+
+				// Perform the test
+				req := NewRequest(t, "GET", "/org3")
+				resp := MakeRequest(t, req, http.StatusOK)
+
+				doc := NewHTMLParser(t, resp.Body)
+				readmeCount := doc.Find("#readme_profile").Length()
+
+				assert.Equal(t, expectedCount, readmeCount)
+			})
+		}
+
+		checkReadme(t, "No readme", "", 0)
+		checkReadme(t, "README.md", "README.md", 1)
+		checkReadme(t, "readme.md", "readme.md", 1)
+		checkReadme(t, "ReadMe.mD", "ReadMe.mD", 1)
+		checkReadme(t, "readme.org does not render", "README.org", 0)
+
+		t.Run("readme-size", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			// Prepare the test repository
+			org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})
+
+			_, _, f := tests.CreateDeclarativeRepo(t, org3, ".profile", nil, nil, []*files_service.ChangeRepoFile{
+				{
+					Operation: "update",
+					TreePath:  "README.md",
+					ContentReader: strings.NewReader(`## Lorem ipsum
+dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
+## Ut enim ad minim veniam
+quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum`),
+				},
+			})
+			defer f()
+
+			t.Run("full", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				defer test.MockVariableValue(&setting.UI.MaxDisplayFileSize, 500)()
+
+				req := NewRequest(t, "GET", "/org3")
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Contains(t, resp.Body.String(), "Ut enim ad minim veniam")
+				assert.Contains(t, resp.Body.String(), "mollit anim id est laborum")
+			})
+
+			t.Run("truncated", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				defer test.MockVariableValue(&setting.UI.MaxDisplayFileSize, 146)()
+
+				req := NewRequest(t, "GET", "/org3")
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Contains(t, resp.Body.String(), "Ut enim ad minim")
+				assert.NotContains(t, resp.Body.String(), "veniam")
+			})
+		})
+	})
+}
diff --git a/tests/integration/user_profile_test.go b/tests/integration/user_profile_test.go
index 04d87c49ab..fb96efcd64 100644
--- a/tests/integration/user_profile_test.go
+++ b/tests/integration/user_profile_test.go
@@ -11,6 +11,8 @@ import (
 
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
@@ -63,5 +65,44 @@ func TestUserProfile(t *testing.T) {
 		checkReadme(t, "readme.md", "readme.md", 1)
 		checkReadme(t, "ReadMe.mD", "ReadMe.mD", 1)
 		checkReadme(t, "readme.org does not render", "README.org", 0)
+
+		t.Run("readme-size", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			// Prepare the test repository
+			user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+			_, _, f := tests.CreateDeclarativeRepo(t, user2, ".profile", nil, nil, []*files_service.ChangeRepoFile{
+				{
+					Operation: "update",
+					TreePath:  "README.md",
+					ContentReader: strings.NewReader(`## Lorem ipsum
+dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
+## Ut enim ad minim veniam
+quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum`),
+				},
+			})
+			defer f()
+
+			t.Run("full", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				defer test.MockVariableValue(&setting.UI.MaxDisplayFileSize, 500)()
+
+				req := NewRequest(t, "GET", "/user2")
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Contains(t, resp.Body.String(), "Ut enim ad minim veniam")
+				assert.Contains(t, resp.Body.String(), "mollit anim id est laborum")
+			})
+
+			t.Run("truncated", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				defer test.MockVariableValue(&setting.UI.MaxDisplayFileSize, 146)()
+
+				req := NewRequest(t, "GET", "/user2")
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Contains(t, resp.Body.String(), "Ut enim ad minim")
+				assert.NotContains(t, resp.Body.String(), "veniam")
+			})
+		})
 	})
 }

From f708bacfffa7f44f0edcdfdb466eafb6e481d38c Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Tue, 17 Jun 2025 14:18:11 +0200
Subject: [PATCH 27/39] blob: use NewTruncatedReader for CodeOwners parsing

tested in tests/integration/pull_review_test.go:TestPullView_CodeOwner
---
 models/issues/pull.go    | 32 +++++++++++++++++++-------------
 routers/web/repo/view.go |  4 ++--
 services/issue/pull.go   | 11 ++++-------
 3 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/models/issues/pull.go b/models/issues/pull.go
index 0781fd0a2d..188ef00814 100644
--- a/models/issues/pull.go
+++ b/models/issues/pull.go
@@ -5,6 +5,7 @@
 package issues
 
 import (
+	"bufio"
 	"context"
 	"errors"
 	"fmt"
@@ -923,31 +924,30 @@ func MergeBlockedByOutdatedBranch(protectBranch *git_model.ProtectedBranch, pr *
 	return protectBranch.BlockOnOutdatedBranch && pr.CommitsBehind > 0
 }
 
-// GetCodeOwnersFromContent returns the code owners configuration
-// Return empty slice if files missing
+// GetCodeOwnersFromReader returns the code owners configuration
 // Return warning messages on parsing errors
 // We're trying to do the best we can when parsing a file.
 // Invalid lines are skipped. Non-existent users and teams too.
-func GetCodeOwnersFromContent(ctx context.Context, data string) ([]*CodeOwnerRule, []string) {
-	if len(data) == 0 {
-		return nil, nil
-	}
+func GetCodeOwnersFromReader(ctx context.Context, rc io.ReadCloser, truncated bool) ([]*CodeOwnerRule, []string) {
+	defer rc.Close()
+	scanner := bufio.NewScanner(rc)
 
-	rules := make([]*CodeOwnerRule, 0)
-	lines := strings.Split(data, "\n")
-	warnings := make([]string, 0)
+	var rules []*CodeOwnerRule
+	var warnings []string
+	line := 0
+	for scanner.Scan() {
+		line++
 
-	for i, line := range lines {
-		tokens := TokenizeCodeOwnersLine(line)
+		tokens := TokenizeCodeOwnersLine(scanner.Text())
 		if len(tokens) == 0 {
 			continue
 		} else if len(tokens) < 2 {
-			warnings = append(warnings, fmt.Sprintf("Line: %d: incorrect format", i+1))
+			warnings = append(warnings, fmt.Sprintf("Line: %d: incorrect format", line))
 			continue
 		}
 		rule, wr := ParseCodeOwnersLine(ctx, tokens)
 		for _, w := range wr {
-			warnings = append(warnings, fmt.Sprintf("Line: %d: %s", i+1, w))
+			warnings = append(warnings, fmt.Sprintf("Line: %d: %s", line, w))
 		}
 		if rule == nil {
 			continue
@@ -955,6 +955,12 @@ func GetCodeOwnersFromContent(ctx context.Context, data string) ([]*CodeOwnerRul
 
 		rules = append(rules, rule)
 	}
+	if err := scanner.Err(); err != nil {
+		warnings = append(warnings, err.Error())
+	}
+	if truncated {
+		warnings = append(warnings, fmt.Sprintf("File too big: truncated while on line %d", line))
+	}
 
 	return rules, warnings
 }
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index c7cc715fc1..d958a11f55 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -439,8 +439,8 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry) {
 			ctx.Data["FileError"] = ctx.Locale.Tr("actions.runs.invalid_workflow_helper", workFlowErr.Error())
 		}
 	} else if slices.Contains([]string{"CODEOWNERS", "docs/CODEOWNERS", ".gitea/CODEOWNERS"}, ctx.Repo.TreePath) {
-		if data, err := blob.GetBlobContent(setting.UI.MaxDisplayFileSize); err == nil {
-			_, warnings := issue_model.GetCodeOwnersFromContent(ctx, data)
+		if rc, size, err := blob.NewTruncatedReader(setting.UI.MaxDisplayFileSize); err == nil {
+			_, warnings := issue_model.GetCodeOwnersFromReader(ctx, rc, size > setting.UI.MaxDisplayFileSize)
 			if len(warnings) > 0 {
 				ctx.Data["FileWarning"] = strings.Join(warnings, "\n")
 			}
diff --git a/services/issue/pull.go b/services/issue/pull.go
index b0a0c47d88..2eef1fbfa8 100644
--- a/services/issue/pull.go
+++ b/services/issue/pull.go
@@ -43,8 +43,6 @@ type ReviewRequestNotifier struct {
 }
 
 func PullRequestCodeOwnersReview(ctx context.Context, issue *issues_model.Issue, pr *issues_model.PullRequest) ([]*ReviewRequestNotifier, error) {
-	files := []string{"CODEOWNERS", "docs/CODEOWNERS", ".gitea/CODEOWNERS"}
-
 	if pr.IsWorkInProgress(ctx) {
 		return nil, nil
 	}
@@ -72,18 +70,17 @@ func PullRequestCodeOwnersReview(ctx context.Context, issue *issues_model.Issue,
 		return nil, err
 	}
 
-	var data string
-	for _, file := range files {
+	var rules []*issues_model.CodeOwnerRule
+	for _, file := range []string{"CODEOWNERS", "docs/CODEOWNERS", ".gitea/CODEOWNERS"} {
 		if blob, err := commit.GetBlobByPath(file); err == nil {
-			data, err = blob.GetBlobContent(setting.UI.MaxDisplayFileSize)
+			rc, size, err := blob.NewTruncatedReader(setting.UI.MaxDisplayFileSize)
 			if err == nil {
+				rules, _ = issues_model.GetCodeOwnersFromReader(ctx, rc, size > setting.UI.MaxDisplayFileSize)
 				break
 			}
 		}
 	}
 
-	rules, _ := issues_model.GetCodeOwnersFromContent(ctx, data)
-
 	// get the mergebase
 	mergeBase, err := getMergeBase(repo, pr, git.BranchPrefix+pr.BaseBranch, pr.GetGitRefName())
 	if err != nil {

From 1efb4f1aaf55cdd15e361a5fc4d43d8c4d327ffd Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 21 Jun 2025 10:57:17 +0200
Subject: [PATCH 28/39] Update module github.com/go-chi/chi/v5 to v5.2.2
 (forgejo) (#8248)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | require | patch | `v5.2.1` -> `v5.2.2` |

---

### Release Notes

<details>
<summary>go-chi/chi (github.com/go-chi/chi/v5)</summary>

### [`v5.2.2`](https://github.com/go-chi/chi/releases/tag/v5.2.2)

[Compare Source](https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2)

#### What's Changed

- Use strings.Cut in a few places by [@&#8203;JRaspass](https://github.com/JRaspass) in https://github.com/go-chi/chi/pull/971
- Fix non-constant format strings in t.Fatalf by [@&#8203;JRaspass](https://github.com/JRaspass) in https://github.com/go-chi/chi/pull/972
- Apply fieldalignment fixes to optimize struct memory layout by [@&#8203;pixel365](https://github.com/pixel365) in https://github.com/go-chi/chi/pull/974
- go 1.24 by [@&#8203;pkieltyka](https://github.com/pkieltyka) in https://github.com/go-chi/chi/pull/977
- chore: delint ioutil usage by [@&#8203;costela](https://github.com/costela) in https://github.com/go-chi/chi/pull/962
- Fixed typo in Router interface definition by [@&#8203;mithileshgupta12](https://github.com/mithileshgupta12) in https://github.com/go-chi/chi/pull/958
- Add support for TinyGo by [@&#8203;efraimbart](https://github.com/efraimbart) in https://github.com/go-chi/chi/pull/978
- Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by [@&#8203;cxjava](https://github.com/cxjava) in https://github.com/go-chi/chi/pull/982
- Make use of strings.Cut by [@&#8203;scop](https://github.com/scop) in https://github.com/go-chi/chi/pull/1005
- Change install command format to code block by [@&#8203;sglkc](https://github.com/sglkc) in https://github.com/go-chi/chi/pull/1001
- Correct documentation by [@&#8203;mrdomino](https://github.com/mrdomino) in https://github.com/go-chi/chi/pull/992

#### Security fix

- Fixes [GHSA-vrw8-fxc6-2r93](https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93) - "Host Header Injection Leads to Open Redirect in RedirectSlashes" [commit](https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65)
  - a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header
  - reported by Anuraag Baishya, [@&#8203;anuraagbaishya](https://github.com/anuraagbaishya). Thank you!

#### New Contributors

- [@&#8203;pixel365](https://github.com/pixel365) made their first contribution in https://github.com/go-chi/chi/pull/974
- [@&#8203;mithileshgupta12](https://github.com/mithileshgupta12) made their first contribution in https://github.com/go-chi/chi/pull/958
- [@&#8203;efraimbart](https://github.com/efraimbart) made their first contribution in https://github.com/go-chi/chi/pull/978
- [@&#8203;cxjava](https://github.com/cxjava) made their first contribution in https://github.com/go-chi/chi/pull/982
- [@&#8203;sglkc](https://github.com/sglkc) made their first contribution in https://github.com/go-chi/chi/pull/1001
- [@&#8203;mrdomino](https://github.com/mrdomino) made their first contribution in https://github.com/go-chi/chi/pull/992

**Full Changelog**: https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC41Ny4xIiwidXBkYXRlZEluVmVyIjoiNDAuNTcuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8248
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 87755b206a..bb2be827eb 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
 	github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
-	github.com/go-chi/chi/v5 v5.2.1
+	github.com/go-chi/chi/v5 v5.2.2
 	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.9.2
diff --git a/go.sum b/go.sum
index 54710930e8..639880e2ce 100644
--- a/go.sum
+++ b/go.sum
@@ -213,8 +213,8 @@ github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73/go.mod h1:jyveZeGw5La
 github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
 github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi/v5 v5.0.1/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
-github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
-github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
+github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
 github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
 github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=

From 1c0e9d8015309d61359e7666e1468c7f5fb4aa64 Mon Sep 17 00:00:00 2001
From: Otto Richter <git@otto.splvs.net>
Date: Sat, 21 Jun 2025 11:50:39 +0200
Subject: [PATCH 29/39] chore(ci): downgrade playwright temporarily and allow
 running all e2e tests (#8245)

In https://codeberg.org/forgejo/forgejo/pulls/7906#issuecomment-5511884, I noticed that the e2e tests were failing without obvious reasons. I was able to reproduce locally with Mobile Chrome, but the error doesn't make sense to me.

So I tried to downgrade playwright to the previous version, and it works fine. I actually suspect a bug in playwright, but I currently lack the capacity to reach out to upstream with a reproducer (I also found conversation with the playwright team a little difficult, unless you have absolutely convincing arguments that the flakiness you observe is really their fault, which is very hard to prove).

Tests pass with this version of playwright. In order to detect such cases earlier, I added a way to run all playwright tests (which I thought I had added with the changed files patch, but apparently forgot).

All tests are triggered by an explicit label (but only after firing a next event, because the testing workflows don't listen to label changes) and when the PR title contains "playwright", which should cover at least renovate dependency updates of playwright and the axe framework (both contain playwright).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8245
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
---
 .forgejo/workflows/testing.yml |  6 ++++++
 package-lock.json              | 24 ++++++++++++------------
 package.json                   |  2 +-
 tests/e2e/changes.go           |  9 +++++++--
 4 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 86e74591f1..7a93bb66a8 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -115,6 +115,11 @@ jobs:
         run: |
           su forgejo -c 'make deps-frontend frontend'
       - uses: ./.forgejo/workflows-composite/build-backend
+      - name: Decide to run all tests
+        id: run-all
+        if: contains(github.event.pull_request.labels.*.name, 'run-all-playwright-tests') || contains(github.event.pull_request.title, 'playwright')
+        run: |
+          echo "all=1" >> "$GITHUB_OUTPUT"
       - name: Get changed files
         id: changed-files
         uses: https://data.forgejo.org/tj-actions/changed-files@v46
@@ -127,6 +132,7 @@ jobs:
           USE_REPO_TEST_DIR: 1
           PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
           CHANGED_FILES: ${{steps.changed-files.outputs.all_changed_files}}
+          RUN_ALL: ${{steps.run-all.all}}
       - name: Upload test artifacts on failure
         if: failure()
         uses: https://data.forgejo.org/forgejo/upload-artifact@v4
diff --git a/package-lock.json b/package-lock.json
index 179c0e496c..1637629a83 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -62,7 +62,7 @@
       "devDependencies": {
         "@axe-core/playwright": "4.10.2",
         "@eslint-community/eslint-plugin-eslint-comments": "4.5.0",
-        "@playwright/test": "1.53.0",
+        "@playwright/test": "1.52.0",
         "@stoplight/spectral-cli": "6.15.0",
         "@stylistic/eslint-plugin": "4.4.1",
         "@stylistic/stylelint-plugin": "3.1.2",
@@ -2143,13 +2143,13 @@
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.53.0",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.53.0.tgz",
-      "integrity": "sha512-15hjKreZDcp7t6TL/7jkAo6Df5STZN09jGiv5dbP9A6vMVncXRqE7/B2SncsyOwrkZRBH2i6/TPOL8BVmm3c7w==",
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.52.0.tgz",
+      "integrity": "sha512-uh6W7sb55hl7D6vsAeA+V2p5JnlAqzhqFyF0VcJkKZXkgnFcVG9PziERRHQfPLfNGx1C292a4JqbWzhR8L4R1g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.53.0"
+        "playwright": "1.52.0"
       },
       "bin": {
         "playwright": "cli.js"
@@ -11859,13 +11859,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.53.0",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.53.0.tgz",
-      "integrity": "sha512-ghGNnIEYZC4E+YtclRn4/p6oYbdPiASELBIYkBXfaTVKreQUYbMUYQDwS12a8F0/HtIjr/CkGjtwABeFPGcS4Q==",
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.52.0.tgz",
+      "integrity": "sha512-JAwMNMBlxJ2oD1kce4KPtMkDeKGHQstdpFPcPH3maElAXon/QZeTvtsfXmTMRyO9TslfoYOXkSsvao2nE1ilTw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.53.0"
+        "playwright-core": "1.52.0"
       },
       "bin": {
         "playwright": "cli.js"
@@ -11878,9 +11878,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.53.0",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.53.0.tgz",
-      "integrity": "sha512-mGLg8m0pm4+mmtB7M89Xw/GSqoNC+twivl8ITteqvAndachozYe2ZA7srU6uleV1vEdAHYqjq+SV8SNxRRFYBw==",
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.52.0.tgz",
+      "integrity": "sha512-l2osTgLXSMeuLZOML9qYODUQoPPnUsKsb5/P6LJ2e6uPKXUdPK5WYhN4z03G+YNbWmGDY4YENauNu4ZKczreHg==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
diff --git a/package.json b/package.json
index 409edecd95..d7c3a5f79f 100644
--- a/package.json
+++ b/package.json
@@ -61,7 +61,7 @@
   "devDependencies": {
     "@axe-core/playwright": "4.10.2",
     "@eslint-community/eslint-plugin-eslint-comments": "4.5.0",
-    "@playwright/test": "1.53.0",
+    "@playwright/test": "1.52.0",
     "@stoplight/spectral-cli": "6.15.0",
     "@stylistic/eslint-plugin": "4.4.1",
     "@stylistic/stylelint-plugin": "3.1.2",
diff --git a/tests/e2e/changes.go b/tests/e2e/changes.go
index d1d318fd06..5e9238dfa7 100644
--- a/tests/e2e/changes.go
+++ b/tests/e2e/changes.go
@@ -16,10 +16,15 @@ import (
 var (
 	changesetFiles     []string
 	changesetAvailable bool
-	globalFullRun      bool
+	globalFullRun      = false
 )
 
 func initChangedFiles() {
+	_, globalFullRun = os.LookupEnv("RUN_ALL")
+	if globalFullRun {
+		log.Info("Full run of all tests requested via RUN_ALL environment.")
+		return
+	}
 	var changes string
 	changes, changesetAvailable = os.LookupEnv("CHANGED_FILES")
 	// the output of the Action seems to actually contain \n and not a newline literal
@@ -44,7 +49,7 @@ func initChangedFiles() {
 	for _, expr := range globalPatterns {
 		fullRunPatterns = append(fullRunPatterns, glob.MustCompile(expr, '.', '/'))
 	}
-	globalFullRun = false
+
 	for _, changedFile := range changesetFiles {
 		for _, pattern := range fullRunPatterns {
 			if pattern.Match(changedFile) {

From 25d596d387eabcbec4eeb53a7f0312b20370b2b0 Mon Sep 17 00:00:00 2001
From: Michael Jerger <michael.jerger@meissa-gmbh.de>
Date: Sat, 21 Jun 2025 12:02:58 +0200
Subject: [PATCH 30/39] Federated user activity following: Isolated model
 changes (#8078)

This PR is part of https://codeberg.org/forgejo/forgejo/pulls/4767

This should not have an outside impact but bring all model changes needed & bring migrations.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8078
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
---
 .deadcode-out                                 |  15 ++
 models/activities/action.go                   |  37 +++--
 models/activities/action_test.go              |   3 +-
 models/activities/federated_user_activity.go  | 106 ++++++++++++++
 .../federated_user_activity_test.go           |  24 ++++
 models/forgefed/federationhost.go             |  12 +-
 models/forgefed/nodeinfo.go                   |   8 +-
 models/forgejo_migrations/migrate.go          |   2 +
 models/forgejo_migrations/v33.go              | 126 +++++++++++++++++
 models/forgejo_migrations/v33_test.go         |  46 ++++++
 models/user/federated_user.go                 |  17 ++-
 models/user/federated_user_follower.go        |  30 ++++
 models/user/federated_user_follower_test.go   |  27 ++++
 models/user/federated_user_test.go            |   2 +
 models/user/follow.go                         |   1 +
 models/user/user_repository.go                | 132 +++++++++++++++++-
 models/user/user_test.go                      |   2 +-
 services/federation/federation_service.go     |   6 +
 services/feed/action.go                       |  56 +++++---
 19 files changed, 604 insertions(+), 48 deletions(-)
 create mode 100644 models/activities/federated_user_activity.go
 create mode 100644 models/activities/federated_user_activity_test.go
 create mode 100644 models/forgejo_migrations/v33.go
 create mode 100644 models/forgejo_migrations/v33_test.go
 create mode 100644 models/user/federated_user_follower.go
 create mode 100644 models/user/federated_user_follower_test.go

diff --git a/.deadcode-out b/.deadcode-out
index e63e4a3dc3..61c5bcb055 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -13,6 +13,13 @@ forgejo.org/models
 	IsErrSHANotFound
 	IsErrMergeDivergingFastForwardOnly
 
+forgejo.org/models/activities
+	GetActivityByID
+	NewFederatedUserActivity
+	CreateUserActivity
+	GetFollowingFeeds
+	FederatedUserActivity.loadActor
+
 forgejo.org/models/auth
 	WebAuthnCredentials
 
@@ -54,9 +61,17 @@ forgejo.org/models/user
 	IsErrExternalLoginUserAlreadyExist
 	IsErrExternalLoginUserNotExist
 	NewFederatedUser
+	NewFederatedUserFollower
 	IsErrUserSettingIsNotExist
 	GetUserAllSettings
 	DeleteUserSetting
+	GetFederatedUser
+	GetFederatedUserByUserID
+	UpdateFederatedUser
+	GetFollowersForUser
+	AddFollower
+	RemoveFollower
+	IsFollowingAp
 
 forgejo.org/modules/activitypub
 	NewContext
diff --git a/models/activities/action.go b/models/activities/action.go
index 1e40546b97..8592f81414 100644
--- a/models/activities/action.go
+++ b/models/activities/action.go
@@ -442,6 +442,12 @@ func (a *Action) GetIssueContent(ctx context.Context) string {
 	return a.Issue.Content
 }
 
+func GetActivityByID(ctx context.Context, id int64) (*Action, error) {
+	var act Action
+	_, err := db.GetEngine(ctx).ID(id).Get(&act)
+	return &act, err
+}
+
 // GetFeedsOptions options for retrieving feeds
 type GetFeedsOptions struct {
 	db.ListOptions
@@ -595,13 +601,14 @@ func DeleteOldActions(ctx context.Context, olderThan time.Duration) (err error)
 }
 
 // NotifyWatchers creates batch of actions for every watcher.
-func NotifyWatchers(ctx context.Context, actions ...*Action) error {
+func NotifyWatchers(ctx context.Context, actions ...*Action) ([]Action, error) {
 	var watchers []*repo_model.Watch
 	var repo *repo_model.Repository
 	var err error
 	var permCode []bool
 	var permIssue []bool
 	var permPR []bool
+	var out []Action
 
 	e := db.GetEngine(ctx)
 
@@ -612,14 +619,14 @@ func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 			// Add feeds for user self and all watchers.
 			watchers, err = repo_model.GetWatchers(ctx, act.RepoID)
 			if err != nil {
-				return fmt.Errorf("get watchers: %w", err)
+				return nil, fmt.Errorf("get watchers: %w", err)
 			}
 
 			// Be aware that optimizing this correctly into the `GetWatchers` SQL
 			// query is for most cases less performant than doing this.
 			blockedDoerUserIDs, err := user_model.ListBlockedByUsersID(ctx, act.ActUserID)
 			if err != nil {
-				return fmt.Errorf("user_model.ListBlockedByUsersID: %w", err)
+				return nil, fmt.Errorf("user_model.ListBlockedByUsersID: %w", err)
 			}
 
 			if len(blockedDoerUserIDs) > 0 {
@@ -634,8 +641,9 @@ func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 		// Add feed for actioner.
 		act.UserID = act.ActUserID
 		if _, err = e.Insert(act); err != nil {
-			return fmt.Errorf("insert new actioner: %w", err)
+			return nil, fmt.Errorf("insert new actioner: %w", err)
 		}
+		out = append(out, *act)
 
 		if repoChanged {
 			act.loadRepo(ctx)
@@ -643,7 +651,7 @@ func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 
 			// check repo owner exist.
 			if err := act.Repo.LoadOwner(ctx); err != nil {
-				return fmt.Errorf("can't get repo owner: %w", err)
+				return nil, fmt.Errorf("can't get repo owner: %w", err)
 			}
 		} else if act.Repo == nil {
 			act.Repo = repo
@@ -654,7 +662,7 @@ func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 			act.ID = 0
 			act.UserID = act.Repo.Owner.ID
 			if err = db.Insert(ctx, act); err != nil {
-				return fmt.Errorf("insert new actioner: %w", err)
+				return nil, fmt.Errorf("insert new actioner: %w", err)
 			}
 		}
 
@@ -707,26 +715,29 @@ func NotifyWatchers(ctx context.Context, actions ...*Action) error {
 			}
 
 			if err = db.Insert(ctx, act); err != nil {
-				return fmt.Errorf("insert new action: %w", err)
+				return nil, fmt.Errorf("insert new action: %w", err)
 			}
 		}
 	}
-	return nil
+	return out, nil
 }
 
 // NotifyWatchersActions creates batch of actions for every watcher.
-func NotifyWatchersActions(ctx context.Context, acts []*Action) error {
+func NotifyWatchersActions(ctx context.Context, acts []*Action) ([]Action, error) {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	defer committer.Close()
+	var out []Action
 	for _, act := range acts {
-		if err := NotifyWatchers(ctx, act); err != nil {
-			return err
+		as, err := NotifyWatchers(ctx, act)
+		if err != nil {
+			return nil, err
 		}
+		out = append(out, as...)
 	}
-	return committer.Commit()
+	return out, committer.Commit()
 }
 
 // DeleteIssueActions delete all actions related with issueID
diff --git a/models/activities/action_test.go b/models/activities/action_test.go
index bcc9c98cec..47dbd8ac2d 100644
--- a/models/activities/action_test.go
+++ b/models/activities/action_test.go
@@ -197,7 +197,8 @@ func TestNotifyWatchers(t *testing.T) {
 		RepoID:    1,
 		OpType:    activities_model.ActionStarRepo,
 	}
-	require.NoError(t, activities_model.NotifyWatchers(db.DefaultContext, action))
+	_, err := activities_model.NotifyWatchers(db.DefaultContext, action)
+	require.NoError(t, err)
 
 	// One watchers are inactive, thus action is only created for user 8, 1, 4, 11
 	unittest.AssertExistsAndLoadBean(t, &activities_model.Action{
diff --git a/models/activities/federated_user_activity.go b/models/activities/federated_user_activity.go
new file mode 100644
index 0000000000..1ff3a855d0
--- /dev/null
+++ b/models/activities/federated_user_activity.go
@@ -0,0 +1,106 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package activities
+
+import (
+	"context"
+	"fmt"
+
+	"forgejo.org/models/db"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/timeutil"
+	"forgejo.org/modules/validation"
+
+	ap "github.com/go-ap/activitypub"
+)
+
+type FederatedUserActivity struct {
+	ID           int64 `xorm:"pk autoincr"`
+	UserID       int64 `xorm:"NOT NULL"`
+	ActorID      int64
+	ActorURI     string
+	Actor        *user_model.User   `xorm:"-"` // transient
+	NoteContent  string             `xorm:"TEXT"`
+	NoteURL      string             `xorm:"VARCHAR(255)"`
+	OriginalNote string             `xorm:"TEXT"`
+	Created      timeutil.TimeStamp `xorm:"created"`
+}
+
+func init() {
+	db.RegisterModel(new(FederatedUserActivity))
+}
+
+func NewFederatedUserActivity(userID, actorID int64, actorURI, noteContent, noteURL string, originalNote ap.Activity) (FederatedUserActivity, error) {
+	jsonString, err := json.Marshal(originalNote)
+	if err != nil {
+		return FederatedUserActivity{}, err
+	}
+	result := FederatedUserActivity{
+		UserID:       userID,
+		ActorID:      actorID,
+		ActorURI:     actorURI,
+		NoteContent:  noteContent,
+		NoteURL:      noteURL,
+		OriginalNote: string(jsonString),
+	}
+	if valid, err := validation.IsValid(result); !valid {
+		return FederatedUserActivity{}, err
+	}
+	return result, nil
+}
+
+func (federatedUserActivity FederatedUserActivity) Validate() []string {
+	var result []string
+	result = append(result, validation.ValidateNotEmpty(federatedUserActivity.UserID, "UserID")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUserActivity.ActorID, "ActorID")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUserActivity.ActorURI, "ActorURI")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUserActivity.NoteContent, "NoteContent")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUserActivity.NoteURL, "NoteURL")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUserActivity.OriginalNote, "OriginalNote")...)
+	return result
+}
+
+func CreateUserActivity(ctx context.Context, federatedUserActivity *FederatedUserActivity) error {
+	if valid, err := validation.IsValid(federatedUserActivity); !valid {
+		return err
+	}
+	_, err := db.GetEngine(ctx).Insert(federatedUserActivity)
+	return err
+}
+
+type GetFollowingFeedsOptions struct {
+	db.ListOptions
+}
+
+func GetFollowingFeeds(ctx context.Context, actorID int64, opts GetFollowingFeedsOptions) ([]*FederatedUserActivity, int64, error) {
+	log.Debug("user_id = %s", actorID)
+	sess := db.GetEngine(ctx).Where("user_id = ?", actorID)
+	opts.SetDefaultValues()
+	sess = db.SetSessionPagination(sess, &opts)
+
+	actions := make([]*FederatedUserActivity, 0, opts.PageSize)
+	count, err := sess.FindAndCount(&actions)
+	if err != nil {
+		return nil, 0, fmt.Errorf("FindAndCount: %w", err)
+	}
+	for _, act := range actions {
+		if err := act.loadActor(ctx); err != nil {
+			return nil, 0, err
+		}
+	}
+	return actions, count, err
+}
+
+func (federatedUserActivity *FederatedUserActivity) loadActor(ctx context.Context) error {
+	log.Debug("for activity %s", federatedUserActivity)
+	actorUser, _, err := user_model.GetFederatedUserByUserID(ctx, federatedUserActivity.ActorID)
+	if err != nil {
+		return err
+	}
+	federatedUserActivity.Actor = actorUser
+
+	return nil
+}
diff --git a/models/activities/federated_user_activity_test.go b/models/activities/federated_user_activity_test.go
new file mode 100644
index 0000000000..9bf4f77984
--- /dev/null
+++ b/models/activities/federated_user_activity_test.go
@@ -0,0 +1,24 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package activities
+
+import (
+	"testing"
+
+	"forgejo.org/modules/validation"
+)
+
+func Test_FederatedUserActivityValidation(t *testing.T) {
+	sut := FederatedUserActivity{}
+	sut.UserID = 13
+	sut.ActorID = 33
+	sut.ActorURI = "33"
+	sut.NoteContent = "Any content!"
+	sut.NoteURL = "https://example.org/note/17"
+	sut.OriginalNote = "federatedUserActivityNote-17"
+
+	if res, _ := validation.IsValid(sut); !res {
+		t.Errorf("sut expected to be valid: %v\n", sut.Validate())
+	}
+}
diff --git a/models/forgefed/federationhost.go b/models/forgefed/federationhost.go
index 29f1b7d28e..978847bd95 100644
--- a/models/forgefed/federationhost.go
+++ b/models/forgefed/federationhost.go
@@ -6,6 +6,7 @@ package forgefed
 import (
 	"database/sql"
 	"fmt"
+	"net/url"
 	"strings"
 	"time"
 
@@ -17,9 +18,9 @@ import (
 // swagger:model
 type FederationHost struct {
 	ID             int64                  `xorm:"pk autoincr"`
-	HostFqdn       string                 `xorm:"host_fqdn UNIQUE INDEX VARCHAR(255) NOT NULL"`
+	HostFqdn       string                 `xorm:"host_fqdn UNIQUE(federation_host) INDEX VARCHAR(255) NOT NULL"`
+	HostPort       uint16                 `xorm:" UNIQUE(federation_host) INDEX NOT NULL DEFAULT 443"`
 	NodeInfo       NodeInfo               `xorm:"extends NOT NULL"`
-	HostPort       uint16                 `xorm:"NOT NULL DEFAULT 443"`
 	HostSchema     string                 `xorm:"NOT NULL DEFAULT 'https'"`
 	LatestActivity time.Time              `xorm:"NOT NULL"`
 	KeyID          sql.NullString         `xorm:"key_id UNIQUE"`
@@ -42,6 +43,13 @@ func NewFederationHost(hostFqdn string, nodeInfo NodeInfo, port uint16, schema s
 	return result, nil
 }
 
+func (host FederationHost) AsURL() url.URL {
+	return url.URL{
+		Scheme: host.HostSchema,
+		Host:   fmt.Sprintf("%v:%v", host.HostFqdn, host.HostPort),
+	}
+}
+
 // Validate collects error strings in a slice and returns this
 func (host FederationHost) Validate() []string {
 	var result []string
diff --git a/models/forgefed/nodeinfo.go b/models/forgefed/nodeinfo.go
index 2461b5e499..38f51304c5 100644
--- a/models/forgefed/nodeinfo.go
+++ b/models/forgefed/nodeinfo.go
@@ -17,12 +17,14 @@ type (
 )
 
 const (
-	ForgejoSourceType SoftwareNameType = "forgejo"
-	GiteaSourceType   SoftwareNameType = "gitea"
+	ForgejoSourceType    SoftwareNameType = "forgejo"
+	GiteaSourceType      SoftwareNameType = "gitea"
+	MastodonSourceType   SoftwareNameType = "mastodon"
+	GoToSocialSourceType SoftwareNameType = "gotosocial"
 )
 
 var KnownSourceTypes = []any{
-	ForgejoSourceType, GiteaSourceType,
+	ForgejoSourceType, GiteaSourceType, MastodonSourceType, GoToSocialSourceType,
 }
 
 // ------------------------------------------------ NodeInfoWellKnown ------------------------------------------------
diff --git a/models/forgejo_migrations/migrate.go b/models/forgejo_migrations/migrate.go
index 21a2077d06..684ef2ed0e 100644
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@@ -103,6 +103,8 @@ var migrations = []*Migration{
 	NewMigration("Normalize repository.topics to empty slice instead of null", SetTopicsAsEmptySlice),
 	// v31 -> v32
 	NewMigration("Migrate maven package name concatenation", ChangeMavenArtifactConcatenation),
+	// v32 -> v33
+	NewMigration("Add federated user activity tables, update the `federated_user` table & add indexes", FederatedUserActivityMigration),
 }
 
 // GetCurrentDBVersion returns the current Forgejo database version.
diff --git a/models/forgejo_migrations/v33.go b/models/forgejo_migrations/v33.go
new file mode 100644
index 0000000000..272035fc23
--- /dev/null
+++ b/models/forgejo_migrations/v33.go
@@ -0,0 +1,126 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgejo_migrations //nolint:revive
+
+import (
+	"fmt"
+
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func dropOldFederationHostIndexes(x *xorm.Engine) {
+	// drop unique index on HostFqdn
+	type FederationHost struct {
+		ID       int64  `xorm:"pk autoincr"`
+		HostFqdn string `xorm:"host_fqdn UNIQUE INDEX VARCHAR(255) NOT NULL"`
+	}
+
+	err := x.DropIndexes(FederationHost{})
+	if err != nil {
+		log.Warn("migration[33]: There was an issue: %v", err)
+		return
+	}
+}
+
+func addFederatedUserActivityTables(x *xorm.Engine) {
+	type FederatedUserActivity struct {
+		ID           int64 `xorm:"pk autoincr"`
+		UserID       int64 `xorm:"NOT NULL INDEX user_id"`
+		ActorID      int64
+		ActorURI     string
+		NoteContent  string             `xorm:"TEXT"`
+		NoteURL      string             `xorm:"VARCHAR(255)"`
+		OriginalNote string             `xorm:"TEXT"`
+		Created      timeutil.TimeStamp `xorm:"created"`
+	}
+
+	// add unique index on HostFqdn+HostPort
+	type FederationHost struct {
+		ID       int64  `xorm:"pk autoincr"`
+		HostFqdn string `xorm:"host_fqdn UNIQUE(federation_host) INDEX VARCHAR(255) NOT NULL"`
+		HostPort uint16 `xorm:"UNIQUE(federation_host) INDEX NOT NULL DEFAULT 443"`
+	}
+
+	type FederatedUserFollower struct {
+		ID int64 `xorm:"pk autoincr"`
+
+		FollowedUserID  int64 `xorm:"NOT NULL unique(fuf_rel)"`
+		FollowingUserID int64 `xorm:"NOT NULL unique(fuf_rel)"`
+	}
+
+	// Add InboxPath to FederatedUser & add index fo UserID
+	type FederatedUser struct {
+		ID        int64 `xorm:"pk autoincr"`
+		UserID    int64 `xorm:"NOT NULL INDEX user_id"`
+		InboxPath string
+	}
+
+	var err error
+
+	err = x.Sync(&FederationHost{})
+	if err != nil {
+		log.Warn("migration[33]: There was an issue: %v", err)
+		return
+	}
+
+	err = x.Sync(&FederatedUserActivity{})
+	if err != nil {
+		log.Warn("migration[33]: There was an issue: %v", err)
+		return
+	}
+
+	err = x.Sync(&FederatedUserFollower{})
+	if err != nil {
+		log.Warn("migration[33]: There was an issue: %v", err)
+		return
+	}
+
+	err = x.Sync(&FederatedUser{})
+	if err != nil {
+		log.Warn("migration[33]: There was an issue: %v", err)
+		return
+	}
+
+	// Migrate
+	sessMigration := x.NewSession()
+	defer sessMigration.Close()
+	if err := sessMigration.Begin(); err != nil {
+		log.Warn("migration[33]: There was an issue: %v", err)
+		return
+	}
+	federatedUsers := make([]*FederatedUser, 0)
+	err = sessMigration.OrderBy("id").Find(&federatedUsers)
+	if err != nil {
+		log.Warn("migration[33]: There was an issue: %v", err)
+		return
+	}
+
+	for _, federatedUser := range federatedUsers {
+		if federatedUser.InboxPath != "" {
+			log.Info("migration[33]: This user was already migrated: %v", federatedUser)
+		} else {
+			// Migrate User.InboxPath
+			sql := "UPDATE `federated_user` SET `inbox_path` = ? WHERE `id` = ?"
+			if _, err := sessMigration.Exec(sql, fmt.Sprintf("/api/v1/activitypub/user-id/%v/inbox", federatedUser.UserID), federatedUser.ID); err != nil {
+				log.Warn("migration[33]: There was an issue: %v", err)
+				return
+			}
+		}
+	}
+
+	err = sessMigration.Commit()
+	if err != nil {
+		log.Warn("migration[33]: There was an issue: %v", err)
+		return
+	}
+}
+
+func FederatedUserActivityMigration(x *xorm.Engine) error {
+	dropOldFederationHostIndexes(x)
+	addFederatedUserActivityTables(x)
+	return nil
+}
diff --git a/models/forgejo_migrations/v33_test.go b/models/forgejo_migrations/v33_test.go
new file mode 100644
index 0000000000..664c704bbc
--- /dev/null
+++ b/models/forgejo_migrations/v33_test.go
@@ -0,0 +1,46 @@
+// Copyright 2025 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations //nolint:revive
+
+import (
+	"testing"
+	"time"
+
+	migration_tests "forgejo.org/models/migrations/test"
+	"forgejo.org/modules/log"
+	ft "forgejo.org/modules/test"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_FederatedUserActivityMigration(t *testing.T) {
+	lc, cl := ft.NewLogChecker(log.DEFAULT, log.WARN)
+	lc.Filter("migration[33]")
+	defer cl()
+
+	// intentionally conflicting definition
+	type FederatedUser struct {
+		ID     int64 `xorm:"pk autoincr"`
+		UserID string
+	}
+
+	// Prepare TestEnv
+	x, deferable := migration_tests.PrepareTestEnv(t, 0,
+		new(FederatedUser),
+	)
+	sessTest := x.NewSession()
+	sessTest.Insert(FederatedUser{UserID: "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" +
+		"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" +
+		"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"})
+	sessTest.Commit()
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, FederatedUserActivityMigration(x))
+	logFiltered, _ := lc.Check(5 * time.Second)
+	assert.NotEmpty(t, logFiltered)
+}
diff --git a/models/user/federated_user.go b/models/user/federated_user.go
index c1833c7de3..d2a9c34c9e 100644
--- a/models/user/federated_user.go
+++ b/models/user/federated_user.go
@@ -11,19 +11,21 @@ import (
 
 type FederatedUser struct {
 	ID                    int64                  `xorm:"pk autoincr"`
-	UserID                int64                  `xorm:"NOT NULL"`
+	UserID                int64                  `xorm:"NOT NULL INDEX user_id"`
 	ExternalID            string                 `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
 	FederationHostID      int64                  `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
 	KeyID                 sql.NullString         `xorm:"key_id UNIQUE"`
 	PublicKey             sql.Null[sql.RawBytes] `xorm:"BLOB"`
-	NormalizedOriginalURL string                 // This field is just to keep original information. Pls. do not use for search or as ID!
+	InboxPath             string
+	NormalizedOriginalURL string // This field is just to keep original information. Pls. do not use for search or as ID!
 }
 
-func NewFederatedUser(userID int64, externalID string, federationHostID int64, normalizedOriginalURL string) (FederatedUser, error) {
+func NewFederatedUser(userID int64, externalID string, federationHostID int64, inboxPath, normalizedOriginalURL string) (FederatedUser, error) {
 	result := FederatedUser{
 		UserID:                userID,
 		ExternalID:            externalID,
 		FederationHostID:      federationHostID,
+		InboxPath:             inboxPath,
 		NormalizedOriginalURL: normalizedOriginalURL,
 	}
 	if valid, err := validation.IsValid(result); !valid {
@@ -32,10 +34,11 @@ func NewFederatedUser(userID int64, externalID string, federationHostID int64, n
 	return result, nil
 }
 
-func (user FederatedUser) Validate() []string {
+func (federatedUser FederatedUser) Validate() []string {
 	var result []string
-	result = append(result, validation.ValidateNotEmpty(user.UserID, "UserID")...)
-	result = append(result, validation.ValidateNotEmpty(user.ExternalID, "ExternalID")...)
-	result = append(result, validation.ValidateNotEmpty(user.FederationHostID, "FederationHostID")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUser.UserID, "UserID")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUser.ExternalID, "ExternalID")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUser.FederationHostID, "FederationHostID")...)
+	result = append(result, validation.ValidateNotEmpty(federatedUser.InboxPath, "InboxPath")...)
 	return result
 }
diff --git a/models/user/federated_user_follower.go b/models/user/federated_user_follower.go
new file mode 100644
index 0000000000..db72c9b5ce
--- /dev/null
+++ b/models/user/federated_user_follower.go
@@ -0,0 +1,30 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package user
+
+import "forgejo.org/modules/validation"
+
+type FederatedUserFollower struct {
+	ID              int64 `xorm:"pk autoincr"`
+	FollowedUserID  int64 `xorm:"NOT NULL unique(fuf_rel)"`
+	FollowingUserID int64 `xorm:"NOT NULL unique(fuf_rel)"`
+}
+
+func NewFederatedUserFollower(followedUserID, federatedUserID int64) (FederatedUserFollower, error) {
+	result := FederatedUserFollower{
+		FollowedUserID:  followedUserID,
+		FollowingUserID: federatedUserID,
+	}
+	if valid, err := validation.IsValid(result); !valid {
+		return FederatedUserFollower{}, err
+	}
+	return result, nil
+}
+
+func (user FederatedUserFollower) Validate() []string {
+	var result []string
+	result = append(result, validation.ValidateNotEmpty(user.FollowedUserID, "FollowedUserID")...)
+	result = append(result, validation.ValidateNotEmpty(user.FollowingUserID, "FollowingUserID")...)
+	return result
+}
diff --git a/models/user/federated_user_follower_test.go b/models/user/federated_user_follower_test.go
new file mode 100644
index 0000000000..e57ba01308
--- /dev/null
+++ b/models/user/federated_user_follower_test.go
@@ -0,0 +1,27 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package user
+
+import (
+	"testing"
+
+	"forgejo.org/modules/validation"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_FederatedUserFollowerValidation(t *testing.T) {
+	sut := FederatedUserFollower{
+		FollowedUserID:  12,
+		FollowingUserID: 1,
+	}
+	res, err := validation.IsValid(sut)
+	assert.Truef(t, res, "sut should be valid but was %q", err)
+
+	sut = FederatedUserFollower{
+		FollowedUserID: 1,
+	}
+	res, _ = validation.IsValid(sut)
+	assert.False(t, res, "sut should be invalid")
+}
diff --git a/models/user/federated_user_test.go b/models/user/federated_user_test.go
index 542798c9bc..be18339670 100644
--- a/models/user/federated_user_test.go
+++ b/models/user/federated_user_test.go
@@ -14,6 +14,7 @@ func Test_FederatedUserValidation(t *testing.T) {
 		UserID:           12,
 		ExternalID:       "12",
 		FederationHostID: 1,
+		InboxPath:        "/api/v1/activitypub/user-id/12/inbox",
 	}
 	if res, err := validation.IsValid(sut); !res {
 		t.Errorf("sut should be valid but was %q", err)
@@ -22,6 +23,7 @@ func Test_FederatedUserValidation(t *testing.T) {
 	sut = FederatedUser{
 		ExternalID:       "12",
 		FederationHostID: 1,
+		InboxPath:        "/api/v1/activitypub/user-id/12/inbox",
 	}
 	if res, _ := validation.IsValid(sut); res {
 		t.Error("sut should be invalid")
diff --git a/models/user/follow.go b/models/user/follow.go
index 5be0f73c35..e32c226385 100644
--- a/models/user/follow.go
+++ b/models/user/follow.go
@@ -11,6 +11,7 @@ import (
 )
 
 // Follow represents relations of user and their followers.
+// TODO: We should unify Activity-pub-following and classical following (see models/user/user_repository.go#IsFollowingAp)
 type Follow struct {
 	ID          int64              `xorm:"pk autoincr"`
 	UserID      int64              `xorm:"UNIQUE(follow)"`
diff --git a/models/user/user_repository.go b/models/user/user_repository.go
index 299d3af64a..3f24efb1fb 100644
--- a/models/user/user_repository.go
+++ b/models/user/user_repository.go
@@ -1,4 +1,4 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
+// Copyright 2024, 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package user
@@ -8,12 +8,14 @@ import (
 	"fmt"
 
 	"forgejo.org/models/db"
+	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/validation"
 )
 
 func init() {
 	db.RegisterModel(new(FederatedUser))
+	db.RegisterModel(new(FederatedUserFollower))
 }
 
 func CreateFederatedUser(ctx context.Context, user *User, federatedUser *FederatedUser) error {
@@ -30,7 +32,12 @@ func CreateFederatedUser(ctx context.Context, user *User, federatedUser *Federat
 	if err != nil {
 		return err
 	}
-	defer committer.Close()
+	defer func() {
+		err := committer.Close()
+		if err != nil {
+			log.Error("Error closing committer: %v", err)
+		}
+	}()
 
 	if err := CreateUser(ctx, user, &overwrite); err != nil {
 		return err
@@ -50,6 +57,14 @@ func CreateFederatedUser(ctx context.Context, user *User, federatedUser *Federat
 	return committer.Commit()
 }
 
+func (federatedUser *FederatedUser) UpdateFederatedUser(ctx context.Context) error {
+	if _, err := validation.IsValid(federatedUser); err != nil {
+		return err
+	}
+	_, err := db.GetEngine(ctx).ID(federatedUser.ID).Cols("inbox_path").Update(federatedUser)
+	return err
+}
+
 func FindFederatedUser(ctx context.Context, externalID string, federationHostID int64) (*User, *FederatedUser, error) {
 	federatedUser := new(FederatedUser)
 	user := new(User)
@@ -75,6 +90,41 @@ func FindFederatedUser(ctx context.Context, externalID string, federationHostID
 	return user, federatedUser, nil
 }
 
+func GetFederatedUser(ctx context.Context, externalID string, federationHostID int64) (*User, *FederatedUser, error) {
+	user, federatedUser, err := FindFederatedUser(ctx, externalID, federationHostID)
+	if err != nil {
+		return nil, nil, err
+	} else if federatedUser == nil {
+		return nil, nil, fmt.Errorf("FederatedUser for externalId = %v and federationHostId = %v does not exist", externalID, federationHostID)
+	}
+	return user, federatedUser, nil
+}
+
+func GetFederatedUserByUserID(ctx context.Context, userID int64) (*User, *FederatedUser, error) {
+	federatedUser := new(FederatedUser)
+	user := new(User)
+	has, err := db.GetEngine(ctx).Where("user_id=?", userID).Get(federatedUser)
+	if err != nil {
+		return nil, nil, err
+	} else if !has {
+		return nil, nil, fmt.Errorf("Federated user %v does not exist", federatedUser.UserID)
+	}
+	has, err = db.GetEngine(ctx).ID(federatedUser.UserID).Get(user)
+	if err != nil {
+		return nil, nil, err
+	} else if !has {
+		return nil, nil, fmt.Errorf("User %v for federated user is missing", federatedUser.UserID)
+	}
+
+	if res, err := validation.IsValid(*user); !res {
+		return nil, nil, err
+	}
+	if res, err := validation.IsValid(*federatedUser); !res {
+		return nil, nil, err
+	}
+	return user, federatedUser, nil
+}
+
 func FindFederatedUserByKeyID(ctx context.Context, keyID string) (*User, *FederatedUser, error) {
 	federatedUser := new(FederatedUser)
 	user := new(User)
@@ -101,7 +151,85 @@ func FindFederatedUserByKeyID(ctx context.Context, keyID string) (*User, *Federa
 	return user, federatedUser, nil
 }
 
+func UpdateFederatedUser(ctx context.Context, federatedUser *FederatedUser) error {
+	if res, err := validation.IsValid(federatedUser); !res {
+		return err
+	}
+	_, err := db.GetEngine(ctx).ID(federatedUser.ID).Update(federatedUser)
+	return err
+}
+
 func DeleteFederatedUser(ctx context.Context, userID int64) error {
 	_, err := db.GetEngine(ctx).Delete(&FederatedUser{UserID: userID})
 	return err
 }
+
+func GetFollowersForUser(ctx context.Context, user *User) ([]*FederatedUserFollower, error) {
+	if res, err := validation.IsValid(user); !res {
+		return nil, err
+	}
+	followers := make([]*FederatedUserFollower, 0, 8)
+
+	err := db.GetEngine(ctx).
+		Where("followed_user_id = ?", user.ID).
+		Find(&followers)
+	if err != nil {
+		return nil, err
+	}
+	for _, element := range followers {
+		if res, err := validation.IsValid(*element); !res {
+			return nil, err
+		}
+	}
+	return followers, nil
+}
+
+func AddFollower(ctx context.Context, followedUser *User, followingUser *FederatedUser) (*FederatedUserFollower, error) {
+	if res, err := validation.IsValid(followedUser); !res {
+		return nil, err
+	}
+	if res, err := validation.IsValid(followingUser); !res {
+		return nil, err
+	}
+
+	federatedUserFollower, err := NewFederatedUserFollower(followedUser.ID, followingUser.UserID)
+	if err != nil {
+		return nil, err
+	}
+	_, err = db.GetEngine(ctx).Insert(&federatedUserFollower)
+	if err != nil {
+		return nil, err
+	}
+
+	return &federatedUserFollower, err
+}
+
+func RemoveFollower(ctx context.Context, followedUser *User, followingUser *FederatedUser) error {
+	if res, err := validation.IsValid(followedUser); !res {
+		return err
+	}
+	if res, err := validation.IsValid(followingUser); !res {
+		return err
+	}
+
+	_, err := db.GetEngine(ctx).Delete(&FederatedUserFollower{
+		FollowedUserID:  followedUser.ID,
+		FollowingUserID: followingUser.UserID,
+	})
+	return err
+}
+
+// TODO: We should unify Activity-pub-following and classical following (see models/user/follow.go)
+func IsFollowingAp(ctx context.Context, followedUser *User, followingUser *FederatedUser) (bool, error) {
+	if res, err := validation.IsValid(followedUser); !res {
+		return false, err
+	}
+	if res, err := validation.IsValid(followingUser); !res {
+		return false, err
+	}
+
+	return db.GetEngine(ctx).Get(&FederatedUserFollower{
+		FollowedUserID:  followedUser.ID,
+		FollowingUserID: followingUser.UserID,
+	})
+}
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 2a9e652a35..fd9d05653f 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -148,7 +148,7 @@ func TestAPActorID_APActorID(t *testing.T) {
 	assert.Equal(t, expected, url)
 }
 
-func TestAPActorKeyID(t *testing.T) {
+func TestKeyID(t *testing.T) {
 	user := user_model.User{ID: 1}
 	url := user.APActorKeyID()
 	expected := "https://try.gitea.io/api/v1/activitypub/user-id/1#main-key"
diff --git a/services/federation/federation_service.go b/services/federation/federation_service.go
index 174c175f86..a3b719d1a7 100644
--- a/services/federation/federation_service.go
+++ b/services/federation/federation_service.go
@@ -211,6 +211,11 @@ func CreateUserFromAP(ctx context.Context, personID fm.PersonID, federationHostI
 		return nil, nil, err
 	}
 
+	inbox, err := url.ParseRequestURI(person.Inbox.GetLink().String())
+	if err != nil {
+		return nil, nil, err
+	}
+
 	newUser := user.User{
 		LowerName:                    strings.ToLower(name),
 		Name:                         name,
@@ -227,6 +232,7 @@ func CreateUserFromAP(ctx context.Context, personID fm.PersonID, federationHostI
 	federatedUser := user.FederatedUser{
 		ExternalID:            personID.ID,
 		FederationHostID:      federationHostID,
+		InboxPath:             inbox.Path,
 		NormalizedOriginalURL: personID.AsURI(),
 	}
 
diff --git a/services/feed/action.go b/services/feed/action.go
index a2cd0551a3..7d179bd1c8 100644
--- a/services/feed/action.go
+++ b/services/feed/action.go
@@ -39,6 +39,24 @@ func NewNotifier() notify_service.Notifier {
 	return &actionNotifier{}
 }
 
+func notifyAll(ctx context.Context, action *activities_model.Action) error {
+	_, err := activities_model.NotifyWatchers(ctx, action)
+	if err != nil {
+		return err
+	}
+	return err
+	// return federation_service.NotifyActivityPubFollowers(ctx, out)
+}
+
+func notifyAllActions(ctx context.Context, acts []*activities_model.Action) error {
+	_, err := activities_model.NotifyWatchersActions(ctx, acts)
+	if err != nil {
+		return err
+	}
+	return nil
+	// return federation_service.NotifyActivityPubFollowers(ctx, out)
+}
+
 func (a *actionNotifier) NewIssue(ctx context.Context, issue *issues_model.Issue, mentions []*user_model.User) {
 	if err := issue.LoadPoster(ctx); err != nil {
 		log.Error("issue.LoadPoster: %v", err)
@@ -50,7 +68,7 @@ func (a *actionNotifier) NewIssue(ctx context.Context, issue *issues_model.Issue
 	}
 	repo := issue.Repo
 
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: issue.Poster.ID,
 		ActUser:   issue.Poster,
 		OpType:    activities_model.ActionCreateIssue,
@@ -91,7 +109,7 @@ func (a *actionNotifier) IssueChangeStatus(ctx context.Context, doer *user_model
 	}
 
 	// Notify watchers for whatever action comes in, ignore if no action type.
-	if err := activities_model.NotifyWatchers(ctx, act); err != nil {
+	if err := notifyAll(ctx, act); err != nil {
 		log.Error("NotifyWatchers: %v", err)
 	}
 }
@@ -127,7 +145,7 @@ func (a *actionNotifier) CreateIssueComment(ctx context.Context, doer *user_mode
 	}
 
 	// Notify watchers for whatever action comes in, ignore if no action type.
-	if err := activities_model.NotifyWatchers(ctx, act); err != nil {
+	if err := notifyAll(ctx, act); err != nil {
 		log.Error("NotifyWatchers: %v", err)
 	}
 }
@@ -146,7 +164,7 @@ func (a *actionNotifier) NewPullRequest(ctx context.Context, pull *issues_model.
 		return
 	}
 
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: pull.Issue.Poster.ID,
 		ActUser:   pull.Issue.Poster,
 		OpType:    activities_model.ActionCreatePullRequest,
@@ -160,7 +178,7 @@ func (a *actionNotifier) NewPullRequest(ctx context.Context, pull *issues_model.
 }
 
 func (a *actionNotifier) RenameRepository(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, oldRepoName string) {
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    activities_model.ActionRenameRepo,
@@ -174,7 +192,7 @@ func (a *actionNotifier) RenameRepository(ctx context.Context, doer *user_model.
 }
 
 func (a *actionNotifier) TransferRepository(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, oldOwnerName string) {
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    activities_model.ActionTransferRepo,
@@ -188,7 +206,7 @@ func (a *actionNotifier) TransferRepository(ctx context.Context, doer *user_mode
 }
 
 func (a *actionNotifier) CreateRepository(ctx context.Context, doer, u *user_model.User, repo *repo_model.Repository) {
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    activities_model.ActionCreateRepo,
@@ -201,7 +219,7 @@ func (a *actionNotifier) CreateRepository(ctx context.Context, doer, u *user_mod
 }
 
 func (a *actionNotifier) ForkRepository(ctx context.Context, doer *user_model.User, oldRepo, repo *repo_model.Repository) {
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    activities_model.ActionCreateRepo,
@@ -266,13 +284,13 @@ func (a *actionNotifier) PullRequestReview(ctx context.Context, pr *issues_model
 		actions = append(actions, action)
 	}
 
-	if err := activities_model.NotifyWatchersActions(ctx, actions); err != nil {
+	if err := notifyAllActions(ctx, actions); err != nil {
 		log.Error("notify watchers '%d/%d': %v", review.Reviewer.ID, review.Issue.RepoID, err)
 	}
 }
 
 func (*actionNotifier) MergePullRequest(ctx context.Context, doer *user_model.User, pr *issues_model.PullRequest) {
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    activities_model.ActionMergePullRequest,
@@ -286,7 +304,7 @@ func (*actionNotifier) MergePullRequest(ctx context.Context, doer *user_model.Us
 }
 
 func (*actionNotifier) AutoMergePullRequest(ctx context.Context, doer *user_model.User, pr *issues_model.PullRequest) {
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    activities_model.ActionAutoMergePullRequest,
@@ -304,7 +322,7 @@ func (*actionNotifier) NotifyPullRevieweDismiss(ctx context.Context, doer *user_
 	if len(review.OriginalAuthor) > 0 {
 		reviewerName = review.OriginalAuthor
 	}
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    activities_model.ActionPullReviewDismissed,
@@ -342,7 +360,7 @@ func (a *actionNotifier) PushCommits(ctx context.Context, pusher *user_model.Use
 		opType = activities_model.ActionDeleteBranch
 	}
 
-	if err = activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err = notifyAll(ctx, &activities_model.Action{
 		ActUserID: pusher.ID,
 		ActUser:   pusher,
 		OpType:    opType,
@@ -362,7 +380,7 @@ func (a *actionNotifier) CreateRef(ctx context.Context, doer *user_model.User, r
 		// has sent same action in `PushCommits`, so skip it.
 		return
 	}
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    opType,
@@ -381,7 +399,7 @@ func (a *actionNotifier) DeleteRef(ctx context.Context, doer *user_model.User, r
 		// has sent same action in `PushCommits`, so skip it.
 		return
 	}
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: doer.ID,
 		ActUser:   doer,
 		OpType:    opType,
@@ -405,7 +423,7 @@ func (a *actionNotifier) SyncPushCommits(ctx context.Context, pusher *user_model
 		return
 	}
 
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: repo.OwnerID,
 		ActUser:   repo.MustOwner(ctx),
 		OpType:    activities_model.ActionMirrorSyncPush,
@@ -420,7 +438,7 @@ func (a *actionNotifier) SyncPushCommits(ctx context.Context, pusher *user_model
 }
 
 func (a *actionNotifier) SyncCreateRef(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, refFullName git.RefName, refID string) {
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: repo.OwnerID,
 		ActUser:   repo.MustOwner(ctx),
 		OpType:    activities_model.ActionMirrorSyncCreate,
@@ -434,7 +452,7 @@ func (a *actionNotifier) SyncCreateRef(ctx context.Context, doer *user_model.Use
 }
 
 func (a *actionNotifier) SyncDeleteRef(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, refFullName git.RefName) {
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: repo.OwnerID,
 		ActUser:   repo.MustOwner(ctx),
 		OpType:    activities_model.ActionMirrorSyncDelete,
@@ -452,7 +470,7 @@ func (a *actionNotifier) NewRelease(ctx context.Context, rel *repo_model.Release
 		log.Error("LoadAttributes: %v", err)
 		return
 	}
-	if err := activities_model.NotifyWatchers(ctx, &activities_model.Action{
+	if err := notifyAll(ctx, &activities_model.Action{
 		ActUserID: rel.PublisherID,
 		ActUser:   rel.Publisher,
 		OpType:    activities_model.ActionPublishRelease,

From 9e6f722f94aec81bc41549aa485a255d31268796 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 21 Jun 2025 12:15:38 +0200
Subject: [PATCH 31/39] fix: only send Forgejo Actions notifications to one
 user (#8227)

- If the run was attributed to a system user (which is the case for scheduled runs for instance), ignore it and fallback to the mail of the owner. System users may have email addresses, but they are not to be used.
- If the owner is a system user or an organization with no email associated with it, do nothing.
- If a user with an email exists, check if they did not disable notifications and send the email.

Refs: https://codeberg.org/forgejo/forgejo/issues/8187
Refs: https://codeberg.org/forgejo/forgejo/issues/8233

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8227
Reviewed-by: Christopher Besch <mail@chris-besch.com>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 models/user/user_system.go                    |   7 +
 routers/web/repo/issue.go                     |   2 +-
 services/mailer/mail_actions.go               |  19 +-
 services/mailer/mail_actions_now_done_test.go | 270 ++++++++++++------
 services/mailer/main_test.go                  |   8 +-
 5 files changed, 201 insertions(+), 105 deletions(-)

diff --git a/models/user/user_system.go b/models/user/user_system.go
index 82805cc8ee..11f54591b7 100644
--- a/models/user/user_system.go
+++ b/models/user/user_system.go
@@ -12,6 +12,13 @@ import (
 	"forgejo.org/modules/structs"
 )
 
+// IsSystem returns true if the user has a fixed
+// negative ID, is never stored in the database and
+// is generated on the fly when needed.
+func (u *User) IsSystem() bool {
+	return u.IsGhost() || u.IsActions()
+}
+
 const (
 	GhostUserID        = -1
 	GhostUserName      = "Ghost"
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index d8f3bd8d9f..3f17e30cec 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -1308,7 +1308,7 @@ func roleDescriptor(ctx stdCtx.Context, repo *repo_model.Repository, poster *use
 	}
 
 	// Special user that can't have associated contributions and permissions in the repo.
-	if poster.IsGhost() || poster.IsActions() || poster.IsAPServerActor() {
+	if poster.IsSystem() || poster.IsAPServerActor() {
 		return roleDescriptor, nil
 	}
 
diff --git a/services/mailer/mail_actions.go b/services/mailer/mail_actions.go
index 7c63603a98..ad2bd7dfab 100644
--- a/services/mailer/mail_actions.go
+++ b/services/mailer/mail_actions.go
@@ -23,19 +23,20 @@ func MailActionRun(run *actions_model.ActionRun, priorStatus actions_model.Statu
 		return nil
 	}
 
-	if run.TriggerUser.Email != "" && run.TriggerUser.EmailNotificationsPreference != user_model.EmailNotificationsDisabled {
-		if err := sendMailActionRun(run.TriggerUser, run, priorStatus, lastRun); err != nil {
-			return err
-		}
+	user := run.TriggerUser
+	// this happens e.g. when this is a scheduled run
+	if user.IsSystem() {
+		user = run.Repo.Owner
+	}
+	if user.IsSystem() || user.Email == "" {
+		return nil
 	}
 
-	if run.Repo.Owner.Email != "" && run.Repo.Owner.Email != run.TriggerUser.Email && run.Repo.Owner.EmailNotificationsPreference != user_model.EmailNotificationsDisabled {
-		if err := sendMailActionRun(run.Repo.Owner, run, priorStatus, lastRun); err != nil {
-			return err
-		}
+	if user.EmailNotificationsPreference == user_model.EmailNotificationsDisabled {
+		return nil
 	}
 
-	return nil
+	return sendMailActionRun(user, run, priorStatus, lastRun)
 }
 
 func sendMailActionRun(to *user_model.User, run *actions_model.ActionRun, priorStatus actions_model.Status, lastRun *actions_model.ActionRun) error {
diff --git a/services/mailer/mail_actions_now_done_test.go b/services/mailer/mail_actions_now_done_test.go
index 0d832f2b36..19c6d9670b 100644
--- a/services/mailer/mail_actions_now_done_test.go
+++ b/services/mailer/mail_actions_now_done_test.go
@@ -4,42 +4,53 @@
 package mailer
 
 import (
+	"slices"
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
+	organization_model "forgejo.org/models/organization"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 	notify_service "forgejo.org/services/notify"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-func getActionsNowDoneTestUsers(t *testing.T) []*user_model.User {
+func getActionsNowDoneTestUser(t *testing.T, name, email, notifications string) *user_model.User {
 	t.Helper()
-	newTriggerUser := new(user_model.User)
-	newTriggerUser.Name = "new_trigger_user"
-	newTriggerUser.Language = "en_US"
-	newTriggerUser.IsAdmin = false
-	newTriggerUser.Email = "new_trigger_user@example.com"
-	newTriggerUser.LastLoginUnix = 1693648327
-	newTriggerUser.CreatedUnix = 1693648027
-	newTriggerUser.EmailNotificationsPreference = user_model.EmailNotificationsEnabled
-	require.NoError(t, user_model.CreateUser(db.DefaultContext, newTriggerUser))
+	user := new(user_model.User)
+	user.Name = name
+	user.Language = "en_US"
+	user.IsAdmin = false
+	user.Email = email
+	user.LastLoginUnix = 1693648327
+	user.CreatedUnix = 1693648027
+	opts := user_model.CreateUserOverwriteOptions{
+		AllowCreateOrganization:      optional.Some(true),
+		EmailNotificationsPreference: &notifications,
+	}
+	require.NoError(t, user_model.AdminCreateUser(db.DefaultContext, user, &opts))
+	return user
+}
 
-	newOwner := new(user_model.User)
-	newOwner.Name = "new_owner"
-	newOwner.Language = "en_US"
-	newOwner.IsAdmin = false
-	newOwner.Email = "new_owner@example.com"
-	newOwner.LastLoginUnix = 1693648329
-	newOwner.CreatedUnix = 1693648029
-	newOwner.EmailNotificationsPreference = user_model.EmailNotificationsEnabled
-	require.NoError(t, user_model.CreateUser(db.DefaultContext, newOwner))
-
-	return []*user_model.User{newTriggerUser, newOwner}
+func getActionsNowDoneTestOrg(t *testing.T, name, email string, owner *user_model.User) *user_model.User {
+	t.Helper()
+	org := new(organization_model.Organization)
+	org.Name = name
+	org.Language = "en_US"
+	org.IsAdmin = false
+	// contact email for the organization, for display purposes but otherwise not used as of v12
+	org.Email = email
+	org.LastLoginUnix = 1693648327
+	org.CreatedUnix = 1693648027
+	org.Email = email
+	require.NoError(t, organization_model.CreateOrganization(db.DefaultContext, org, owner))
+	return (*user_model.User)(org)
 }
 
 func assertTranslatedLocaleMailActionsNowDone(t *testing.T, msgBody string) {
@@ -49,98 +60,169 @@ func assertTranslatedLocaleMailActionsNowDone(t *testing.T, msgBody string) {
 func TestActionRunNowDoneNotificationMail(t *testing.T) {
 	ctx := t.Context()
 
-	users := getActionsNowDoneTestUsers(t)
-	defer CleanUpUsers(ctx, users)
-	triggerUser := users[0]
-	ownerUser := users[1]
+	defer test.MockVariableValue(&setting.Admin.DisableRegularOrgCreation, false)()
+
+	actionsUser := user_model.NewActionsUser()
+	require.NotEmpty(t, actionsUser.Email)
 
 	repo := repo_model.Repository{
 		Name:        "some repo",
 		Description: "rockets are cool",
-		Owner:       ownerUser,
-		OwnerID:     ownerUser.ID,
 	}
 
 	// Do some funky stuff with the action run's ids:
 	// The run with the larger ID finished first.
 	// This is odd but something that must work.
-	run1 := &actions_model.ActionRun{ID: 2, Repo: &repo, RepoID: repo.ID, Title: "some workflow", TriggerUser: triggerUser, TriggerUserID: triggerUser.ID, Status: actions_model.StatusFailure, Stopped: 1745821796, TriggerEvent: "workflow_dispatch"}
-	run2 := &actions_model.ActionRun{ID: 1, Repo: &repo, RepoID: repo.ID, Title: "some workflow", TriggerUser: triggerUser, TriggerUserID: triggerUser.ID, Status: actions_model.StatusSuccess, Stopped: 1745822796, TriggerEvent: "push"}
+	run1 := &actions_model.ActionRun{ID: 2, Repo: &repo, RepoID: repo.ID, Title: "some workflow", Status: actions_model.StatusFailure, Stopped: 1745821796, TriggerEvent: "workflow_dispatch"}
+	run2 := &actions_model.ActionRun{ID: 1, Repo: &repo, RepoID: repo.ID, Title: "some workflow", Status: actions_model.StatusSuccess, Stopped: 1745822796, TriggerEvent: "push"}
+
+	assignUsers := func(triggerUser, owner *user_model.User) {
+		for _, run := range []*actions_model.ActionRun{run1, run2} {
+			run.TriggerUser = triggerUser
+			run.TriggerUserID = triggerUser.ID
+		}
+		repo.Owner = owner
+		repo.OwnerID = owner.ID
+	}
 
 	notify_service.RegisterNotifier(NewNotifier())
 
+	orgOwner := getActionsNowDoneTestUser(t, "org_owner", "org_owner@example.com", "disabled")
+	defer CleanUpUsers(ctx, []*user_model.User{orgOwner})
+
 	t.Run("DontSendNotificationEmailOnFirstActionSuccess", func(t *testing.T) {
+		user := getActionsNowDoneTestUser(t, "new_user", "new_user@example.com", "enabled")
+		defer CleanUpUsers(ctx, []*user_model.User{user})
+		assignUsers(user, user)
 		defer MockMailSettings(func(msgs ...*Message) {
 			assert.Fail(t, "no mail should be sent")
 		})()
 		notify_service.ActionRunNowDone(ctx, run2, actions_model.StatusRunning, nil)
 	})
 
-	t.Run("SendNotificationEmailOnActionRunFailed", func(t *testing.T) {
-		mailSentToOwner := false
-		mailSentToTriggerUser := false
-		defer MockMailSettings(func(msgs ...*Message) {
-			assert.LessOrEqual(t, len(msgs), 2)
-			for _, msg := range msgs {
-				switch msg.To {
-				case triggerUser.EmailTo():
-					assert.False(t, mailSentToTriggerUser, "sent mail twice")
-					mailSentToTriggerUser = true
-				case ownerUser.EmailTo():
-					assert.False(t, mailSentToOwner, "sent mail twice")
-					mailSentToOwner = true
-				default:
-					assert.Fail(t, "sent mail to unknown sender", msg.To)
-				}
-				assert.Contains(t, msg.Body, triggerUser.HTMLURL())
-				assert.Contains(t, msg.Body, triggerUser.Name)
-				// what happened
-				assert.Contains(t, msg.Body, "failed")
-				// new status of run
-				assert.Contains(t, msg.Body, "failure")
-				// prior status of this run
-				assert.Contains(t, msg.Body, "waiting")
-				assertTranslatedLocaleMailActionsNowDone(t, msg.Body)
-			}
-		})()
-		notify_service.ActionRunNowDone(ctx, run1, actions_model.StatusWaiting, nil)
-		assert.True(t, mailSentToOwner)
-		assert.True(t, mailSentToTriggerUser)
-	})
+	for _, testCase := range []struct {
+		name        string
+		triggerUser *user_model.User
+		owner       *user_model.User
+		expected    string
+		expectMail  bool
+	}{
+		{
+			// if the action is assigned a trigger user in a repository
+			// owned by a regular user, the mail is sent to the trigger user
+			name:        "RegularTriggerUser",
+			triggerUser: getActionsNowDoneTestUser(t, "new_trigger_user0", "new_trigger_user0@example.com", user_model.EmailNotificationsEnabled),
+			owner:       getActionsNowDoneTestUser(t, "new_owner0", "new_owner0@example.com", user_model.EmailNotificationsEnabled),
+			expected:    "trigger",
+			expectMail:  true,
+		},
+		{
+			// if the action is assigned to a system user (e.g. ActionsUser)
+			// in a repository owned by a regular user, the mail is sent to
+			// the user that owns the repository
+			name:        "SystemTriggerUserAndRegularOwner",
+			triggerUser: actionsUser,
+			owner:       getActionsNowDoneTestUser(t, "new_owner1", "new_owner1@example.com", user_model.EmailNotificationsEnabled),
+			expected:    "owner",
+			expectMail:  true,
+		},
+		{
+			// if the action is assigned a trigger user with disabled notifications in a repository
+			// owned by a regular user, no mail is sent
+			name:        "RegularTriggerUserNotificationsDisabled",
+			triggerUser: getActionsNowDoneTestUser(t, "new_trigger_user2", "new_trigger_user2@example.com", user_model.EmailNotificationsDisabled),
+			owner:       getActionsNowDoneTestUser(t, "new_owner2", "new_owner2@example.com", user_model.EmailNotificationsEnabled),
+			expectMail:  false,
+		},
+		{
+			// if the action is assigned to a system user (e.g. ActionsUser)
+			// owned by a regular user with disabled notifications, no mail is sent
+			name:        "SystemTriggerUserAndRegularOwnerNotificationsDisabled",
+			triggerUser: actionsUser,
+			owner:       getActionsNowDoneTestUser(t, "new_owner3", "new_owner3@example.com", user_model.EmailNotificationsDisabled),
+			expectMail:  false,
+		},
+		{
+			// if the action is assigned to a system user (e.g. ActionsUser)
+			// in a repository owned by an organization with an email contact, the mail is sent to
+			// this email contact
+			name:        "SystemTriggerUserAndOrgOwner",
+			triggerUser: actionsUser,
+			owner:       getActionsNowDoneTestOrg(t, "new_org1", "new_org_owner0@example.com", orgOwner),
+			expected:    "owner",
+			expectMail:  true,
+		},
+		{
+			// if the action is assigned to a system user (e.g. ActionsUser)
+			// in a repository owned by an organization without an email contact, no mail is sent
+			name:        "SystemTriggerUserAndNoMailOrgOwner",
+			triggerUser: actionsUser,
+			owner:       getActionsNowDoneTestOrg(t, "new_org2", "", orgOwner),
+			expectMail:  false,
+		},
+	} {
+		t.Run(testCase.name, func(t *testing.T) {
+			assignUsers(testCase.triggerUser, testCase.owner)
+			defer CleanUpUsers(ctx, slices.DeleteFunc([]*user_model.User{testCase.triggerUser, testCase.owner}, func(user *user_model.User) bool {
+				return user.IsSystem()
+			}))
 
-	t.Run("SendNotificationEmailOnActionRunRecovered", func(t *testing.T) {
-		mailSentToOwner := false
-		mailSentToTriggerUser := false
-		defer MockMailSettings(func(msgs ...*Message) {
-			assert.LessOrEqual(t, len(msgs), 2)
-			for _, msg := range msgs {
-				switch msg.To {
-				case triggerUser.EmailTo():
-					assert.False(t, mailSentToTriggerUser, "sent mail twice")
-					mailSentToTriggerUser = true
-				case ownerUser.EmailTo():
-					assert.False(t, mailSentToOwner, "sent mail twice")
-					mailSentToOwner = true
-				default:
-					assert.Fail(t, "sent mail to unknown sender", msg.To)
-				}
-				assert.Contains(t, msg.Body, triggerUser.HTMLURL())
-				assert.Contains(t, msg.Body, triggerUser.Name)
-				// what happened
-				assert.Contains(t, msg.Body, "recovered")
-				// old status of run
-				assert.Contains(t, msg.Body, "failure")
-				// new status of run
-				assert.Contains(t, msg.Body, "success")
-				// prior status of this run
-				assert.Contains(t, msg.Body, "running")
-				assertTranslatedLocaleMailActionsNowDone(t, msg.Body)
-			}
-		})()
-		assert.NotNil(t, setting.MailService)
+			t.Run("SendNotificationEmailOnActionRunFailed", func(t *testing.T) {
+				mailSent := false
+				defer MockMailSettings(func(msgs ...*Message) {
+					assert.Len(t, msgs, 1)
+					msg := msgs[0]
+					assert.False(t, mailSent, "sent mail twice")
+					expectedEmail := testCase.triggerUser.Email
+					if testCase.expected == "owner" { // otherwise "trigger"
+						expectedEmail = testCase.owner.Email
+					}
+					require.Contains(t, msg.To, expectedEmail, "sent mail to unknown sender")
+					mailSent = true
+					assert.Contains(t, msg.Body, testCase.triggerUser.HTMLURL())
+					assert.Contains(t, msg.Body, testCase.triggerUser.Name)
+					// what happened
+					assert.Contains(t, msg.Body, "failed")
+					// new status of run
+					assert.Contains(t, msg.Body, "failure")
+					// prior status of this run
+					assert.Contains(t, msg.Body, "waiting")
+					assertTranslatedLocaleMailActionsNowDone(t, msg.Body)
+				})()
+				require.NotNil(t, setting.MailService)
 
-		notify_service.ActionRunNowDone(ctx, run2, actions_model.StatusRunning, run1)
-		assert.True(t, mailSentToOwner)
-		assert.True(t, mailSentToTriggerUser)
-	})
+				notify_service.ActionRunNowDone(ctx, run1, actions_model.StatusWaiting, nil)
+				assert.Equal(t, testCase.expectMail, mailSent)
+			})
+
+			t.Run("SendNotificationEmailOnActionRunRecovered", func(t *testing.T) {
+				mailSent := false
+				defer MockMailSettings(func(msgs ...*Message) {
+					assert.Len(t, msgs, 1)
+					msg := msgs[0]
+					assert.False(t, mailSent, "sent mail twice")
+					expectedEmail := testCase.triggerUser.Email
+					if testCase.expected == "owner" { // otherwise "trigger"
+						expectedEmail = testCase.owner.Email
+					}
+					require.Contains(t, msg.To, expectedEmail, "sent mail to unknown sender")
+					mailSent = true
+					assert.Contains(t, msg.Body, testCase.triggerUser.HTMLURL())
+					assert.Contains(t, msg.Body, testCase.triggerUser.Name)
+					// what happened
+					assert.Contains(t, msg.Body, "recovered")
+					// old status of run
+					assert.Contains(t, msg.Body, "failure")
+					// new status of run
+					assert.Contains(t, msg.Body, "success")
+					// prior status of this run
+					assert.Contains(t, msg.Body, "running")
+				})()
+				require.NotNil(t, setting.MailService)
+
+				notify_service.ActionRunNowDone(ctx, run2, actions_model.StatusRunning, run1)
+				assert.Equal(t, testCase.expectMail, mailSent)
+			})
+		})
+	}
 }
diff --git a/services/mailer/main_test.go b/services/mailer/main_test.go
index 47e5d5d175..5e9cbe3e99 100644
--- a/services/mailer/main_test.go
+++ b/services/mailer/main_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"forgejo.org/models/db"
+	organization_model "forgejo.org/models/organization"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/setting"
@@ -51,6 +52,11 @@ func MockMailSettings(send func(msgs ...*Message)) func() {
 
 func CleanUpUsers(ctx context.Context, users []*user_model.User) {
 	for _, u := range users {
-		db.DeleteByID[user_model.User](ctx, u.ID)
+		if u.IsOrganization() {
+			organization_model.DeleteOrganization(ctx, (*organization_model.Organization)(u))
+		} else {
+			db.DeleteByID[user_model.User](ctx, u.ID)
+			db.DeleteByBean(ctx, &user_model.EmailAddress{UID: u.ID})
+		}
 	}
 }

From b2c4fc9f94e3ba2a5b5259dca4cf38b04701e574 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 21 Jun 2025 13:11:01 +0200
Subject: [PATCH 32/39] bug: Forgejo Actions email notifications are opt-in
 (#8242)

* Add the `notify-email` column / NotifyEmail to ActionRun and set it:
  * services/actions/workflows.go `Dispatch`
  * services/actions/schedule_tasks.go `CreateScheduleTask`
  * services/actions/notifier_helper.go `handleWorkflows`
* Only send an email if the workflow has `enable-email-notifications: true` by having `MailActionRun` return immediately if `NotifyEmail` is false.
* Ignore or silently fail on `enable-email-notifications: true` parsing errors. Reporting such errors  belongs in workflow validation, not when it is evaluated for the notifications.
* Add unit and integration tests.

Refs: https://codeberg.org/forgejo/forgejo/issues/8187

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8242
Reviewed-by: Christopher Besch <mail@chris-besch.com>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 models/actions/run.go                         |   1 +
 models/forgejo_migrations/migrate.go          |   2 +
 models/forgejo_migrations/v34.go              |  14 ++
 services/actions/notifier_helper.go           |   8 ++
 services/actions/schedule_tasks.go            |  12 ++
 services/actions/schedule_tasks_test.go       | 121 ++++++++++++++++++
 services/actions/workflows.go                 |   6 +
 services/mailer/mail_actions.go               |   4 +
 services/mailer/mail_actions_now_done_test.go |  12 ++
 .../integration/actions_notifications_test.go |  88 +++++++++++++
 .../actions_run_now_done_notification_test.go |   6 +
 11 files changed, 274 insertions(+)
 create mode 100644 models/forgejo_migrations/v34.go
 create mode 100644 services/actions/schedule_tasks_test.go
 create mode 100644 tests/integration/actions_notifications_test.go

diff --git a/models/actions/run.go b/models/actions/run.go
index 48756b7a08..55def805ed 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -55,6 +55,7 @@ type ActionRun struct {
 	PreviousDuration time.Duration
 	Created          timeutil.TimeStamp `xorm:"created"`
 	Updated          timeutil.TimeStamp `xorm:"updated"`
+	NotifyEmail      bool
 }
 
 func init() {
diff --git a/models/forgejo_migrations/migrate.go b/models/forgejo_migrations/migrate.go
index 684ef2ed0e..6a6922ec4e 100644
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@@ -105,6 +105,8 @@ var migrations = []*Migration{
 	NewMigration("Migrate maven package name concatenation", ChangeMavenArtifactConcatenation),
 	// v32 -> v33
 	NewMigration("Add federated user activity tables, update the `federated_user` table & add indexes", FederatedUserActivityMigration),
+	// v33 -> v34
+	NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun),
 }
 
 // GetCurrentDBVersion returns the current Forgejo database version.
diff --git a/models/forgejo_migrations/v34.go b/models/forgejo_migrations/v34.go
new file mode 100644
index 0000000000..9e958b934f
--- /dev/null
+++ b/models/forgejo_migrations/v34.go
@@ -0,0 +1,14 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations //nolint:revive
+
+import "xorm.io/xorm"
+
+func AddNotifyEmailToActionRun(x *xorm.Engine) error {
+	type ActionRun struct {
+		ID          int64
+		NotifyEmail bool
+	}
+	return x.Sync(new(ActionRun))
+}
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 9654186fbb..e240c996b5 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -345,6 +345,14 @@ func handleWorkflows(
 			Status:            actions_model.StatusWaiting,
 		}
 
+		if workflow, err := model.ReadWorkflow(bytes.NewReader(dwf.Content)); err == nil {
+			notifications, err := workflow.Notifications()
+			if err != nil {
+				log.Error("Notifications: %w", err)
+			}
+			run.NotifyEmail = notifications
+		}
+
 		need, err := ifNeedApproval(ctx, run, input.Repo, input.Doer)
 		if err != nil {
 			log.Error("check if need approval for repo %d with user %d: %v", input.Repo.ID, input.Doer.ID, err)
diff --git a/services/actions/schedule_tasks.go b/services/actions/schedule_tasks.go
index 3ec0807d5f..cf8b29ead7 100644
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@@ -4,6 +4,7 @@
 package actions
 
 import (
+	"bytes"
 	"context"
 	"errors"
 	"fmt"
@@ -18,6 +19,7 @@ import (
 	webhook_module "forgejo.org/modules/webhook"
 
 	"github.com/nektos/act/pkg/jobparser"
+	act_model "github.com/nektos/act/pkg/model"
 	"xorm.io/builder"
 )
 
@@ -140,6 +142,16 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 		return err
 	}
 
+	workflow, err := act_model.ReadWorkflow(bytes.NewReader(cron.Content))
+	if err != nil {
+		return err
+	}
+	notifications, err := workflow.Notifications()
+	if err != nil {
+		return err
+	}
+	run.NotifyEmail = notifications
+
 	// Parse the workflow specification from the cron schedule
 	workflows, err := jobparser.Parse(cron.Content, jobparser.WithVars(vars))
 	if err != nil {
diff --git a/services/actions/schedule_tasks_test.go b/services/actions/schedule_tasks_test.go
new file mode 100644
index 0000000000..7073985252
--- /dev/null
+++ b/services/actions/schedule_tasks_test.go
@@ -0,0 +1,121 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	webhook_module "forgejo.org/modules/webhook"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCreateScheduleTask(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2, OwnerID: 2})
+
+	assertConstant := func(t *testing.T, cron *actions_model.ActionSchedule, run *actions_model.ActionRun) {
+		t.Helper()
+		assert.Equal(t, cron.Title, run.Title)
+		assert.Equal(t, cron.RepoID, run.RepoID)
+		assert.Equal(t, cron.OwnerID, run.OwnerID)
+		assert.Equal(t, cron.WorkflowID, run.WorkflowID)
+		assert.Equal(t, cron.TriggerUserID, run.TriggerUserID)
+		assert.Equal(t, cron.Ref, run.Ref)
+		assert.Equal(t, cron.CommitSHA, run.CommitSHA)
+		assert.Equal(t, cron.Event, run.Event)
+		assert.Equal(t, cron.EventPayload, run.EventPayload)
+		assert.Equal(t, cron.ID, run.ScheduleID)
+		assert.Equal(t, actions_model.StatusWaiting, run.Status)
+	}
+
+	assertMutable := func(t *testing.T, expected, run *actions_model.ActionRun) {
+		t.Helper()
+		assert.Equal(t, expected.NotifyEmail, run.NotifyEmail)
+	}
+
+	testCases := []struct {
+		name string
+		cron actions_model.ActionSchedule
+		want []actions_model.ActionRun
+	}{
+		{
+			name: "simple",
+			cron: actions_model.ActionSchedule{
+				Title:         "scheduletitle1",
+				RepoID:        repo.ID,
+				OwnerID:       repo.OwnerID,
+				WorkflowID:    "some.yml",
+				TriggerUserID: repo.OwnerID,
+				Ref:           "branch",
+				CommitSHA:     "fakeSHA",
+				Event:         webhook_module.HookEventSchedule,
+				EventPayload:  "fakepayload",
+				Content: []byte(
+					`
+name: test
+on: push
+jobs:
+  job2:
+    runs-on: ubuntu-latest
+    steps:
+      - run: true
+`),
+			},
+			want: []actions_model.ActionRun{
+				{
+					Title:       "scheduletitle1",
+					NotifyEmail: false,
+				},
+			},
+		},
+		{
+			name: "enable-email-notifications is true",
+			cron: actions_model.ActionSchedule{
+				Title:         "scheduletitle2",
+				RepoID:        repo.ID,
+				OwnerID:       repo.OwnerID,
+				WorkflowID:    "some.yml",
+				TriggerUserID: repo.OwnerID,
+				Ref:           "branch",
+				CommitSHA:     "fakeSHA",
+				Event:         webhook_module.HookEventSchedule,
+				EventPayload:  "fakepayload",
+				Content: []byte(
+					`
+name: test
+enable-email-notifications: true
+on: push
+jobs:
+  job2:
+    runs-on: ubuntu-latest
+    steps:
+      - run: true
+`),
+			},
+			want: []actions_model.ActionRun{
+				{
+					Title:       "scheduletitle2",
+					NotifyEmail: true,
+				},
+			},
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			require.NoError(t, CreateScheduleTask(t.Context(), &testCase.cron))
+			require.Equal(t, len(testCase.want), unittest.GetCount(t, actions_model.ActionRun{RepoID: repo.ID}))
+			for _, expected := range testCase.want {
+				run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{Title: expected.Title})
+				assertConstant(t, &testCase.cron, run)
+				assertMutable(t, &expected, run)
+			}
+			unittest.AssertSuccessfulDelete(t, actions_model.ActionRun{RepoID: repo.ID})
+		})
+	}
+}
diff --git a/services/actions/workflows.go b/services/actions/workflows.go
index 7ec7c3abed..fbba3fd667 100644
--- a/services/actions/workflows.go
+++ b/services/actions/workflows.go
@@ -111,6 +111,11 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 		return nil, nil, err
 	}
 
+	notifications, err := wf.Notifications()
+	if err != nil {
+		return nil, nil, err
+	}
+
 	run := &actions_model.ActionRun{
 		Title:         title,
 		RepoID:        repo.ID,
@@ -125,6 +130,7 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 		EventPayload:  string(p),
 		TriggerEvent:  string(webhook.HookEventWorkflowDispatch),
 		Status:        actions_model.StatusWaiting,
+		NotifyEmail:   notifications,
 	}
 
 	vars, err := actions_model.GetVariablesOfRun(ctx, run)
diff --git a/services/mailer/mail_actions.go b/services/mailer/mail_actions.go
index ad2bd7dfab..09763e164e 100644
--- a/services/mailer/mail_actions.go
+++ b/services/mailer/mail_actions.go
@@ -23,6 +23,10 @@ func MailActionRun(run *actions_model.ActionRun, priorStatus actions_model.Statu
 		return nil
 	}
 
+	if !run.NotifyEmail {
+		return nil
+	}
+
 	user := run.TriggerUser
 	// this happens e.g. when this is a scheduled run
 	if user.IsSystem() {
diff --git a/services/mailer/mail_actions_now_done_test.go b/services/mailer/mail_actions_now_done_test.go
index 19c6d9670b..6a01ea7631 100644
--- a/services/mailer/mail_actions_now_done_test.go
+++ b/services/mailer/mail_actions_now_done_test.go
@@ -80,6 +80,7 @@ func TestActionRunNowDoneNotificationMail(t *testing.T) {
 		for _, run := range []*actions_model.ActionRun{run1, run2} {
 			run.TriggerUser = triggerUser
 			run.TriggerUserID = triggerUser.ID
+			run.NotifyEmail = true
 		}
 		repo.Owner = owner
 		repo.OwnerID = owner.ID
@@ -100,6 +101,17 @@ func TestActionRunNowDoneNotificationMail(t *testing.T) {
 		notify_service.ActionRunNowDone(ctx, run2, actions_model.StatusRunning, nil)
 	})
 
+	t.Run("WorkflowEnableEmailNotificationIsFalse", func(t *testing.T) {
+		user := getActionsNowDoneTestUser(t, "new_user1", "new_user1@example.com", "enabled")
+		defer CleanUpUsers(ctx, []*user_model.User{user})
+		assignUsers(user, user)
+		defer MockMailSettings(func(msgs ...*Message) {
+			assert.Fail(t, "no mail should be sent")
+		})()
+		run2.NotifyEmail = false
+		notify_service.ActionRunNowDone(ctx, run2, actions_model.StatusRunning, nil)
+	})
+
 	for _, testCase := range []struct {
 		name        string
 		triggerUser *user_model.User
diff --git a/tests/integration/actions_notifications_test.go b/tests/integration/actions_notifications_test.go
new file mode 100644
index 0000000000..e47cb64b83
--- /dev/null
+++ b/tests/integration/actions_notifications_test.go
@@ -0,0 +1,88 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"fmt"
+	"net/url"
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/setting"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActionNotifications(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		t.Skip()
+	}
+
+	testCases := []struct {
+		name        string
+		treePath    string
+		fileContent string
+		notifyEmail bool
+	}{
+		{
+			name:     "enabled",
+			treePath: ".forgejo/workflows/enabled.yml",
+			fileContent: `name: enabled
+on:
+  push:
+enable-email-notifications: true
+jobs:
+  job1:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo job1
+`,
+			notifyEmail: true,
+		},
+		{
+			name:     "disabled",
+			treePath: ".forgejo/workflows/disabled.yml",
+			fileContent: `name: disabled
+on:
+  push:
+jobs:
+  job1:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo job1
+`,
+			notifyEmail: false,
+		},
+	}
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		session := loginUser(t, user2.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+
+		for _, testCase := range testCases {
+			t.Run(testCase.name, func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				apiRepo := createActionsTestRepo(t, token, testCase.name, false)
+				runner := newMockRunner()
+				runner.registerAsRepoRunner(t, user2.Name, apiRepo.Name, "mock-runner", []string{"ubuntu-latest"})
+				opts := getWorkflowCreateFileOptions(user2, apiRepo.DefaultBranch, fmt.Sprintf("create %s", testCase.treePath), testCase.fileContent)
+				createWorkflowFile(t, token, user2.Name, apiRepo.Name, testCase.treePath, opts)
+
+				task := runner.fetchTask(t)
+				actionTask := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: task.Id})
+				actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: actionTask.JobID})
+				actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: actionRunJob.RunID})
+				assert.Equal(t, testCase.notifyEmail, actionRun.NotifyEmail)
+
+				httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteRepository)
+				doAPIDeleteRepository(httpContext)(t)
+			})
+		}
+	})
+}
diff --git a/tests/integration/actions_run_now_done_notification_test.go b/tests/integration/actions_run_now_done_notification_test.go
index 9a2e118701..d5142096c5 100644
--- a/tests/integration/actions_run_now_done_notification_test.go
+++ b/tests/integration/actions_run_now_done_notification_test.go
@@ -44,30 +44,35 @@ func (m *mockNotifier) ActionRunNowDone(ctx context.Context, run *actions_model.
 		assert.Equal(m.t, actions_model.StatusSuccess, run.Status)
 		assert.Equal(m.t, actions_model.StatusRunning, priorStatus)
 		assert.Nil(m.t, lastRun)
+		assert.True(m.t, run.NotifyEmail)
 	case 1:
 		assert.Equal(m.t, m.runID, run.ID)
 		assert.Equal(m.t, actions_model.StatusFailure, run.Status)
 		assert.Equal(m.t, actions_model.StatusRunning, priorStatus)
 		assert.Equal(m.t, m.lastRunID, lastRun.ID)
 		assert.Equal(m.t, actions_model.StatusSuccess, lastRun.Status)
+		assert.True(m.t, run.NotifyEmail)
 	case 2:
 		assert.Equal(m.t, m.runID, run.ID)
 		assert.Equal(m.t, actions_model.StatusCancelled, run.Status)
 		assert.Equal(m.t, actions_model.StatusRunning, priorStatus)
 		assert.Equal(m.t, m.lastRunID, lastRun.ID)
 		assert.Equal(m.t, actions_model.StatusFailure, lastRun.Status)
+		assert.True(m.t, run.NotifyEmail)
 	case 3:
 		assert.Equal(m.t, m.runID, run.ID)
 		assert.Equal(m.t, actions_model.StatusSuccess, run.Status)
 		assert.Equal(m.t, actions_model.StatusRunning, priorStatus)
 		assert.Equal(m.t, m.lastRunID, lastRun.ID)
 		assert.Equal(m.t, actions_model.StatusCancelled, lastRun.Status)
+		assert.True(m.t, run.NotifyEmail)
 	case 4:
 		assert.Equal(m.t, m.runID, run.ID)
 		assert.Equal(m.t, actions_model.StatusSuccess, run.Status)
 		assert.Equal(m.t, actions_model.StatusRunning, priorStatus)
 		assert.Equal(m.t, m.lastRunID, lastRun.ID)
 		assert.Equal(m.t, actions_model.StatusSuccess, lastRun.Status)
+		assert.True(m.t, run.NotifyEmail)
 	default:
 		assert.Fail(m.t, "too many notifications")
 	}
@@ -101,6 +106,7 @@ func TestActionNowDoneNotification(t *testing.T) {
 					TreePath:  ".forgejo/workflows/dispatch.yml",
 					ContentReader: strings.NewReader(
 						"name: test\n" +
+							"enable-email-notifications: true\n" +
 							"on: [workflow_dispatch]\n" +
 							"jobs:\n" +
 							"  test:\n" +

From 690532efb8022b8b8445b5a6296896b1b319024f Mon Sep 17 00:00:00 2001
From: Alex Smith <amsmith.pro@pm.me>
Date: Sat, 21 Jun 2025 14:42:35 +0200
Subject: [PATCH 33/39] add model viewer for `.glb` (GLTF) model in file view
 (#8111)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Motivation

The GLTF (`.gltf`, `.glb`) 3D model format is very popular for game development and visual productions.

For an indie game studio, it would be convenient for a team to view textured 3D models directly from the Forgejo interface (otherwise they need to be downloaded and opened). [Perforce](https://www.perforce.com/products/helix-dam), [Diversion](https://www.diversion.dev/), and GitHub all have this capability to differing extents.

Some discussion on 3D file support here: https://codeberg.org/forgejo/forgejo/issues/5188

## Changes

Adds a model viewer similar to [GitHub STL viewer](https://github.com/assimp/assimp/blob/master/test/models/STL/Spider_ascii.stl) for `.glb` model files, and lays some groundwork to support future files. Uses the [model-viewer](https://modelviewer.dev/) library by Google and three.js. The model viewer is interactive and can be rotated and scaled.

![Screen Recording 2025-06-08 at 15.27.15](/attachments/84c63dea-a0ce-45f9-b48b-c80867636639)

## How to Test

1) Create a new repository or use an existing one.
2) Upload a `.glb` file such as `tests/testdata/data/viewer/Unicode❤♻Test.glb` (CC0 1.0 Universal)
3) View the file in the repository.
    - Similar to image files, the 3D model should be rendered in a viewer.
    - Use mouse clicks to turn and zoom.

## Licenses

Libraries used for this change include three.js and @google/model-viewer, which are MIT and Apache-2.0 licenses respectively. Both of these are compatible with Forgejo's GPL3.0 license.

## Future Plans

1) `.gltf` was not attempted because it is a multiple file format, referencing other files in the same directory. Still need to experiment with this to see if it can work. `.glb` is a single file containing a `.gltf` and all of its other file/texture dependencies so was easier to implement.
2) The PR diff still shows the model as an unviewable bin file, but clicking the "View File" button takes you to a view screen where this model viewer is used. It would be nice to view the before and after of the model in two side-by-side model viewers, akin to reviewing a change in an image.
3) Also inserted stubs for adding contexts for GLTF, STL, OBJ, and 3MF. These ultimately don't do anything yet as only `.glb` files can be detected by the type sniffer of all of these.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for checking GLB file content using the first few bytes.
  - [x] in their respective `typesniffer_test.go` for unit tests.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8111): <!--number 8111 --><!--line 0 --><!--description YWRkIG1vZGVsIHZpZXdlciBmb3IgYC5nbGJgIChHTFRGKSBtb2RlbCBpbiBmaWxlIHZpZXc=-->add model viewer for `.glb` (GLTF) model in file view<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8111
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Alex Smith <amsmith.pro@pm.me>
Co-committed-by: Alex Smith <amsmith.pro@pm.me>
---
 modules/public/mime_types.go                 |   5 +
 modules/typesniffer/typesniffer.go           |  49 +++++++-
 modules/typesniffer/typesniffer_test.go      |  20 ++++
 package-lock.json                            | 116 ++++++++++++++++++-
 package.json                                 |   3 +-
 routers/web/repo/setting/lfs.go              |  14 +++
 routers/web/repo/view.go                     |  14 +++
 templates/repo/settings/lfs_file.tmpl        |   6 +
 templates/repo/view_file.tmpl                |   6 +
 tests/testdata/data/viewer/README.md         |  14 +++
 tests/testdata/data/viewer/Unicode❤♻Test.glb | Bin 0 -> 8088 bytes
 web_src/css/repo.css                         |   5 +
 web_src/js/index.js                          |   2 +
 web_src/js/render/gltf.js                    |   6 +
 14 files changed, 256 insertions(+), 4 deletions(-)
 create mode 100644 tests/testdata/data/viewer/README.md
 create mode 100644 tests/testdata/data/viewer/Unicode❤♻Test.glb
 create mode 100644 web_src/js/render/gltf.js

diff --git a/modules/public/mime_types.go b/modules/public/mime_types.go
index 32bdf3bfa2..87ee2854ae 100644
--- a/modules/public/mime_types.go
+++ b/modules/public/mime_types.go
@@ -23,6 +23,11 @@ var wellKnownMimeTypesLower = map[string]string{
 	".wasm": "application/wasm",
 	".webp": "image/webp",
 	".xml":  "text/xml; charset=utf-8",
+	".glb":  "model/gltf-binary",
+	".gltf": "model/gltf+json",
+	".obj":  "model/obj",
+	".stl":  "model/stl",
+	".3mf":  "model/3mf",
 
 	// well, there are some types missing from the builtin list
 	".txt": "text/plain; charset=utf-8",
diff --git a/modules/typesniffer/typesniffer.go b/modules/typesniffer/typesniffer.go
index a8fc70e54c..262feb2b05 100644
--- a/modules/typesniffer/typesniffer.go
+++ b/modules/typesniffer/typesniffer.go
@@ -24,6 +24,16 @@ const (
 	AvifMimeType = "image/avif"
 	// ApplicationOctetStream MIME type of binary files.
 	ApplicationOctetStream = "application/octet-stream"
+	// GLTFMimeType MIME type of GLTF files.
+	GLTFMimeType = "model/gltf+json"
+	// GLBMimeType MIME type of GLB files.
+	GLBMimeType = "model/gltf-binary"
+	// OBJMimeType MIME type of OBJ files.
+	OBJMimeType = "model/obj"
+	// STLMimeType MIME type of STL files.
+	STLMimeType = "model/stl"
+	// 3MFMimeType MIME type of 3MF files.
+	ThreeMFMimeType = "model/3mf"
 )
 
 var (
@@ -67,6 +77,36 @@ func (ct SniffedType) IsAudio() bool {
 	return strings.Contains(ct.contentType, "audio/")
 }
 
+// Is3DModel detects if data is a 3D format
+func (ct SniffedType) Is3DModel() bool {
+	return strings.Contains(ct.contentType, "model/")
+}
+
+// IsGLTFFile detects if data is an SVG image format
+func (ct SniffedType) IsGLTF() bool {
+	return strings.Contains(ct.contentType, GLTFMimeType)
+}
+
+// IsGLBFile detects if data is an GLB image format
+func (ct SniffedType) IsGLB() bool {
+	return strings.Contains(ct.contentType, GLBMimeType)
+}
+
+// IsOBJFile detects if data is an OBJ image format
+func (ct SniffedType) IsOBJ() bool {
+	return strings.Contains(ct.contentType, OBJMimeType)
+}
+
+// IsSTLTextFile detects if data is an STL text format
+func (ct SniffedType) IsSTL() bool {
+	return strings.Contains(ct.contentType, STLMimeType)
+}
+
+// Is3MFFile detects if data is an 3MF image format
+func (ct SniffedType) Is3MF() bool {
+	return strings.Contains(ct.contentType, ThreeMFMimeType)
+}
+
 // IsRepresentableAsText returns true if file content can be represented as
 // plain text or is empty.
 func (ct SniffedType) IsRepresentableAsText() bool {
@@ -75,7 +115,7 @@ func (ct SniffedType) IsRepresentableAsText() bool {
 
 // IsBrowsableBinaryType returns whether a non-text type can be displayed in a browser
 func (ct SniffedType) IsBrowsableBinaryType() bool {
-	return ct.IsImage() || ct.IsSvgImage() || ct.IsPDF() || ct.IsVideo() || ct.IsAudio()
+	return ct.IsImage() || ct.IsSvgImage() || ct.IsPDF() || ct.IsVideo() || ct.IsAudio() || ct.Is3DModel()
 }
 
 // GetMimeType returns the mime type
@@ -135,6 +175,13 @@ func DetectContentType(data []byte) SniffedType {
 			ct = "audio/ogg" // for most cases, it is used as an audio container
 		}
 	}
+
+	// GLTF is unsupported by http.DetectContentType
+	// hexdump -n 4 -C glTF.glb
+	if bytes.HasPrefix(data, []byte("glTF")) {
+		ct = GLBMimeType
+	}
+
 	return SniffedType{ct}
 }
 
diff --git a/modules/typesniffer/typesniffer_test.go b/modules/typesniffer/typesniffer_test.go
index 8d80b4ddb4..176d3658bb 100644
--- a/modules/typesniffer/typesniffer_test.go
+++ b/modules/typesniffer/typesniffer_test.go
@@ -117,6 +117,14 @@ func TestIsAudio(t *testing.T) {
 	assert.True(t, DetectContentType([]byte("ID3Toy\n====\t* hi 🌞, ..."+"🌛"[0:2])).IsText()) // test ID3 tag with incomplete UTF8 char
 }
 
+func TestIsGLB(t *testing.T) {
+	glb, _ := hex.DecodeString("676c5446")
+	assert.True(t, DetectContentType(glb).IsGLB())
+	assert.True(t, DetectContentType(glb).Is3DModel())
+	assert.False(t, DetectContentType([]byte("plain text")).IsGLB())
+	assert.False(t, DetectContentType([]byte("plain text")).Is3DModel())
+}
+
 func TestDetectContentTypeFromReader(t *testing.T) {
 	mp3, _ := base64.StdEncoding.DecodeString("SUQzBAAAAAABAFRYWFgAAAASAAADbWFqb3JfYnJhbmQAbXA0MgBUWFhYAAAAEQAAA21pbm9yX3Zl")
 	st, err := DetectContentTypeFromReader(bytes.NewReader(mp3))
@@ -145,3 +153,15 @@ func TestDetectContentTypeAvif(t *testing.T) {
 
 	assert.True(t, st.IsImage())
 }
+
+func TestDetectContentTypeModelGLB(t *testing.T) {
+	glb, err := hex.DecodeString("676c5446")
+	require.NoError(t, err)
+
+	st, err := DetectContentTypeFromReader(bytes.NewReader(glb))
+	require.NoError(t, err)
+
+	// print st for debugging
+	assert.Equal(t, "model/gltf-binary", st.GetMimeType())
+	assert.True(t, st.IsGLB())
+}
diff --git a/package-lock.json b/package-lock.json
index 1637629a83..9de06a8055 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,6 +12,7 @@
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.8.0",
+        "@google/model-viewer": "4.1.0",
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
@@ -1222,6 +1223,22 @@
         "dom-input-range": "^1.2.0"
       }
     },
+    "node_modules/@google/model-viewer": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/@google/model-viewer/-/model-viewer-4.1.0.tgz",
+      "integrity": "sha512-7WB/jS6wfBfRl/tWhsUUvDMKFE1KlKME97coDLlZQfvJD0nCwjhES1lJ+k7wnmf7T3zMvCfn9mIjM/mgZapuig==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@monogrid/gainmap-js": "^3.1.0",
+        "lit": "^3.2.1"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      },
+      "peerDependencies": {
+        "three": "^0.172.0"
+      }
+    },
     "node_modules/@humanfs/core": {
       "version": "0.19.1",
       "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz",
@@ -2004,6 +2021,21 @@
       "integrity": "sha512-M5UknZPHRu3DEDWoipU6sE8PdkZ6Z/S+v4dD+Ke8IaNlpdSQah50lz1KtcFBa2vsdOnwbbnxJwVM4wty6udA5w==",
       "license": "MIT"
     },
+    "node_modules/@lit-labs/ssr-dom-shim": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.3.0.tgz",
+      "integrity": "sha512-nQIWonJ6eFAvUUrSlwyHDm/aE8PBDu5kRpL0vHMg6K8fK3Diq1xdPjTnsJSwxABhaZ+5eBi1btQB5ShUTKo4nQ==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@lit/reactive-element": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@lit/reactive-element/-/reactive-element-2.1.0.tgz",
+      "integrity": "sha512-L2qyoZSQClcBmq0qajBVbhYEcG6iK0XfLn66ifLe/RfC0/ihpc+pl0Wdn8bJ8o+hj38cG0fGXRgSS20MuXn7qA==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@lit-labs/ssr-dom-shim": "^1.2.0"
+      }
+    },
     "node_modules/@mcaptcha/core-glue": {
       "version": "0.1.0-alpha-5",
       "resolved": "https://registry.npmjs.org/@mcaptcha/core-glue/-/core-glue-0.1.0-alpha-5.tgz",
@@ -2064,6 +2096,18 @@
         "langium": "3.3.1"
       }
     },
+    "node_modules/@monogrid/gainmap-js": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@monogrid/gainmap-js/-/gainmap-js-3.1.0.tgz",
+      "integrity": "sha512-Obb0/gEd/HReTlg8ttaYk+0m62gQJmCblMOjHSMHRrBP2zdfKMHLCRbh/6ex9fSUJMKdjjIEiohwkbGD3wj2Nw==",
+      "license": "MIT",
+      "dependencies": {
+        "promise-worker-transferable": "^1.0.4"
+      },
+      "peerDependencies": {
+        "three": ">= 0.159.0"
+      }
+    },
     "node_modules/@napi-rs/wasm-runtime": {
       "version": "0.2.11",
       "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-0.2.11.tgz",
@@ -3493,8 +3537,7 @@
       "version": "2.0.7",
       "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
       "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
-      "license": "MIT",
-      "optional": true
+      "license": "MIT"
     },
     "node_modules/@types/unist": {
       "version": "2.0.11",
@@ -8768,6 +8811,12 @@
         "node": ">= 4"
       }
     },
+    "node_modules/immediate": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz",
+      "integrity": "sha512-XXOFtyqDjNDAQxVfYxuF7g9Il/IbWmmlQg2MYKOH8ExIT1qg6xc4zyS3HaEEATgs1btfzxq15ciUiY7gjSXRGQ==",
+      "license": "MIT"
+    },
     "node_modules/immer": {
       "version": "9.0.21",
       "resolved": "https://registry.npmjs.org/immer/-/immer-9.0.21.tgz",
@@ -9307,6 +9356,12 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/is-promise": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz",
+      "integrity": "sha512-+lP4/6lKUBfQjZ2pdxThZvLUAafmZb8OAxFb8XXtiQmS35INgr85hdOGoEs124ez1FCnZJt6jau/T+alh58QFQ==",
+      "license": "MIT"
+    },
     "node_modules/is-proto-prop": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/is-proto-prop/-/is-proto-prop-3.0.1.tgz",
@@ -10023,6 +10078,15 @@
         "npm": ">=8"
       }
     },
+    "node_modules/lie": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz",
+      "integrity": "sha512-UaiMJzeWRlEujzAuw5LokY1L5ecNQYZKfmyZ9L7wDHb/p5etKaxXhohBcrw0EYby+G/NA52vRSN4N39dxHAIwQ==",
+      "license": "MIT",
+      "dependencies": {
+        "immediate": "~3.0.5"
+      }
+    },
     "node_modules/lilconfig": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz",
@@ -10051,6 +10115,37 @@
         "uc.micro": "^2.0.0"
       }
     },
+    "node_modules/lit": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/lit/-/lit-3.3.0.tgz",
+      "integrity": "sha512-DGVsqsOIHBww2DqnuZzW7QsuCdahp50ojuDaBPC7jUDRpYoH0z7kHBBYZewRzer75FwtrkmkKk7iOAwSaWdBmw==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@lit/reactive-element": "^2.1.0",
+        "lit-element": "^4.2.0",
+        "lit-html": "^3.3.0"
+      }
+    },
+    "node_modules/lit-element": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/lit-element/-/lit-element-4.2.0.tgz",
+      "integrity": "sha512-MGrXJVAI5x+Bfth/pU9Kst1iWID6GHDLEzFEnyULB/sFiRLgkd8NPK/PeeXxktA3T6EIIaq8U3KcbTU5XFcP2Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@lit-labs/ssr-dom-shim": "^1.2.0",
+        "@lit/reactive-element": "^2.1.0",
+        "lit-html": "^3.3.0"
+      }
+    },
+    "node_modules/lit-html": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/lit-html/-/lit-html-3.3.0.tgz",
+      "integrity": "sha512-RHoswrFAxY2d8Cf2mm4OZ1DgzCoBKUKSPvA1fhtSELxUERq2aQQ2h05pO9j81gS1o7RIRJ+CePLogfyahwmynw==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@types/trusted-types": "^2.0.2"
+      }
+    },
     "node_modules/loader-runner": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.0.tgz",
@@ -12363,6 +12458,16 @@
       "dev": true,
       "license": "Unlicense"
     },
+    "node_modules/promise-worker-transferable": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/promise-worker-transferable/-/promise-worker-transferable-1.0.4.tgz",
+      "integrity": "sha512-bN+0ehEnrXfxV2ZQvU2PetO0n4gqBD4ulq3MI1WOPLgr7/Mg9yRQkX5+0v1vagr74ZTsl7XtzlaYDo2EuCeYJw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "is-promise": "^2.1.0",
+        "lie": "^3.0.2"
+      }
+    },
     "node_modules/proto-list": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz",
@@ -14425,6 +14530,13 @@
         "node": ">=0.8"
       }
     },
+    "node_modules/three": {
+      "version": "0.172.0",
+      "resolved": "https://registry.npmjs.org/three/-/three-0.172.0.tgz",
+      "integrity": "sha512-6HMgMlzU97MsV7D/tY8Va38b83kz8YJX+BefKjspMNAv0Vx6dxMogHOrnRl/sbMIs3BPUKijPqDqJ/+UwJbIow==",
+      "license": "MIT",
+      "peer": true
+    },
     "node_modules/throttle-debounce": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/throttle-debounce/-/throttle-debounce-5.0.0.tgz",
diff --git a/package.json b/package.json
index d7c3a5f79f..f7df1b3f38 100644
--- a/package.json
+++ b/package.json
@@ -11,6 +11,7 @@
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.8.0",
+    "@google/model-viewer": "4.1.0",
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
@@ -78,8 +79,8 @@
     "eslint-plugin-playwright": "2.2.0",
     "eslint-plugin-regexp": "2.9.0",
     "eslint-plugin-sonarjs": "3.0.2",
-    "eslint-plugin-unicorn": "59.0.1",
     "eslint-plugin-toml": "0.12.0",
+    "eslint-plugin-unicorn": "59.0.1",
     "eslint-plugin-vitest-globals": "1.5.0",
     "eslint-plugin-vue": "10.2.0",
     "eslint-plugin-vue-scoped-css": "2.10.0",
diff --git a/routers/web/repo/setting/lfs.go b/routers/web/repo/setting/lfs.go
index 2e9c34e8a7..b9cb86bd08 100644
--- a/routers/web/repo/setting/lfs.go
+++ b/routers/web/repo/setting/lfs.go
@@ -342,6 +342,20 @@ func LFSFileGet(ctx *context.Context) {
 		ctx.Data["IsVideoFile"] = true
 	case st.IsAudio():
 		ctx.Data["IsAudioFile"] = true
+	case st.Is3DModel():
+		ctx.Data["Is3DModelFile"] = true
+		switch {
+		case st.IsGLB():
+			ctx.Data["IsGLBFile"] = true
+		case st.IsSTL():
+			ctx.Data["IsSTLFile"] = true
+		case st.IsGLTF():
+			ctx.Data["IsGLTFFile"] = true
+		case st.IsOBJ():
+			ctx.Data["IsOBJFile"] = true
+		case st.Is3MF():
+			ctx.Data["Is3MFFile"] = true
+		}
 	case st.IsImage() && (setting.UI.SVG.Enabled || !st.IsSvgImage()):
 		ctx.Data["IsImageFile"] = true
 	}
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index d958a11f55..bb3e1388a8 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -624,6 +624,20 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry) {
 		ctx.Data["IsVideoFile"] = true
 	case fInfo.st.IsAudio():
 		ctx.Data["IsAudioFile"] = true
+	case fInfo.st.Is3DModel():
+		ctx.Data["Is3DModelFile"] = true
+		switch {
+		case fInfo.st.IsGLB():
+			ctx.Data["IsGLBFile"] = true
+		case fInfo.st.IsSTL():
+			ctx.Data["IsSTLFile"] = true
+		case fInfo.st.IsGLTF():
+			ctx.Data["IsGLTFFile"] = true
+		case fInfo.st.IsOBJ():
+			ctx.Data["IsOBJFile"] = true
+		case fInfo.st.Is3MF():
+			ctx.Data["Is3MFFile"] = true
+		}
 	case fInfo.st.IsImage() && (setting.UI.SVG.Enabled || !fInfo.st.IsSvgImage()):
 		ctx.Data["IsImageFile"] = true
 		ctx.Data["CanCopyContent"] = true
diff --git a/templates/repo/settings/lfs_file.tmpl b/templates/repo/settings/lfs_file.tmpl
index 3b6b763536..9864ed01d6 100644
--- a/templates/repo/settings/lfs_file.tmpl
+++ b/templates/repo/settings/lfs_file.tmpl
@@ -32,6 +32,12 @@
 								</audio>
 							{{else if .IsPDFFile}}
 								<div class="pdf-content is-loading" data-src="{{$.RawFileLink}}" data-fallback-button-text="{{ctx.Locale.Tr "repo.diff.view_file"}}"></div>
+							{{else if .Is3DModelFile}}
+								{{if .IsGLBFile}}
+									<model-viewer src="{{$.RawFileLink}}" ar shadow-intensity="2" camera-controls touch-action="pan-y"></model-viewer>
+								{{else}}
+									<a href="{{$.RawFileLink}}" rel="nofollow">{{ctx.Locale.Tr "repo.file_view_raw"}}!</a>
+								{{end}}
 							{{else}}
 								<a href="{{$.RawFileLink}}" rel="nofollow">{{ctx.Locale.Tr "repo.file_view_raw"}}</a>
 							{{end}}
diff --git a/templates/repo/view_file.tmpl b/templates/repo/view_file.tmpl
index bf668e1347..2a9d7d02ba 100644
--- a/templates/repo/view_file.tmpl
+++ b/templates/repo/view_file.tmpl
@@ -116,6 +116,12 @@
 						</audio>
 					{{else if .IsPDFFile}}
 						<div class="pdf-content is-loading" data-src="{{$.RawFileLink}}" data-fallback-button-text="{{ctx.Locale.Tr "repo.diff.view_file"}}"></div>
+					{{else if .Is3DModelFile}}
+						{{if .IsGLBFile}}
+							<model-viewer src="{{$.RawFileLink}}" ar shadow-intensity="2" camera-controls touch-action="pan-y"></model-viewer>
+						{{else}}
+							<a href="{{$.RawFileLink}}" rel="nofollow">{{ctx.Locale.Tr "repo.file_view_raw"}}</a>
+						{{end}}
 					{{else}}
 						<a href="{{$.RawFileLink}}" rel="nofollow">{{ctx.Locale.Tr "repo.file_view_raw"}}</a>
 					{{end}}
diff --git a/tests/testdata/data/viewer/README.md b/tests/testdata/data/viewer/README.md
new file mode 100644
index 0000000000..e26d11f3c8
--- /dev/null
+++ b/tests/testdata/data/viewer/README.md
@@ -0,0 +1,14 @@
+# GLTF 3D Model Viewer
+
+⚠️ Currently supports `.glb` files only.
+
+3D models with the `.glb` format are rendered in repository file view.
+
+## 🔨 How to Test
+
+1) Create a new repository or use an existing one.
+2) Upload a `.glb` file such as [Unicode❤♻Test.glb](./Unicode❤♻Test.glb) (CC0 1.0 Universal).
+3) View the file in the repository.
+    - Similar to image files, the 3D model should be rendered in a viewer.
+    - Use mouse clicks to turn and zoom.
+
diff --git a/tests/testdata/data/viewer/Unicode❤♻Test.glb b/tests/testdata/data/viewer/Unicode❤♻Test.glb
new file mode 100644
index 0000000000000000000000000000000000000000..32b0f4a0e8e3f701bf47538436eee8caee863e0e
GIT binary patch
literal 8088
zcmeHscUV)~w(p{aDpjOIXadrEldcpgp;x6Q6a@mI_hvy+sluig5$PZxMUa4iGzA1H
zp-WW|0wRQ#@PgZY_j%`@ciz3<cmKRuU$SNy<2Qa|%rRz?HQhYTwFv<L_=5`oqKN_E
zh8e^tjK|5(59ZIK6vh(>L-={Xy?K;)q{Jk6B1CxnTwvZX9wmw2Ek7P5yD%PaI23l?
zlDHLdOXNR#VLV<iKX<(B`Jk7RKMdjF<oR2{$qNs{W8v-Lf>&M2EndoOHT*5XBf{h3
zj4*`xJ9&C~xR}BN+}yoket5kw9%m;%m=@d<j?i{;@rNVu79~Y~UFQaVEBrNuXNdSq
z_pdQYk-s6#VZr_Z2t1209uIFQEcl!!-anX^ho7HEAnY#{I|&i|g~xaD^l^7G#Iwco
zh8Sy@SX}4%<rm(?U%um`@UNUYj{x2wgol@hKOXi^_nrLx5gyI~{^#8=9%G1^p1B^x
zh(`&}&j?~_sA0gPBqhRQe%)FN0x`YjAi<*~ji-jE>EUv&f_Kg97ZI7i<N7Pi=Y*UC
zTwU>t_G?|7L;PU|FmE@1{3^&PN+|q2Z|MOG`YrQI{uk)EIK<WU*V5x{{G+y%OoRwN
z{{LE53eV#og=G}}jj%l4v;VTNq|`t0ke2#4(2}zMge@m8D|7C%lM6m>e(=Ad^2>|!
z2>dIrUEp3maBrBmzj=rceywFCrDR2TT;KuT_<E2N;qm`9%44RbVW44(FNnW_@+aJR
zg8kn?{LgTBkl%3U%jbcwt^dd|FDHB&{>tg|jQefM^17Dve=_vj(SKO2|Bs=62PXaB
zW&Jmp)UP7&@N#ndo!Wn<$e+>p<)0VK{Lhg65)$|EcKfB`|7ZFAnS*}t0E7!Z*!Z0y
z0t^P9vI2mno)Lam0ssR1`+R>of1TfnezpGbBU<h6-g*0<`+v{=zvup?PV{g2-}h+b
zpGeWjhsH)a7bsXM@cj#Vy4OtqWJv&!of90RRg=Wu2>eWSG=b_N_HXzOv73gW1^~QD
zq&#&Z!S~61bZz_qK!EoAO_1hc!U6y+7`<y6=E3$`bEM%HVe_OrZh?)iL8(cgyYqL=
z4ySe*DGdosy2TD+1uhN6qH}}X6wxBHn`QCG8j6rlW6G^Lj|8pVO}k@5M-!6N!D&A~
z9^_)wlp!gZDAdOxS9#^^^)u|s^I;KgKGYdnsDAhZVr3UXu30Jd>5R9Vj|y;R1p$&5
zh@$_vPoQql1%OMO0NODLAl`!+=$854>Hlt6*h5aurmx+aIfm#-faRLMI_W%C%9lfM
zfub)&iia#}PH#60N%ygQJGpIh&kQUVz6<gy?n$xo;Keur%(OentMIWv+YY9ir&3<)
z3RD15dw8ncC>i~@xz0?B2<aqXPorqAcXhwGC7BpoT>JQ9dW!el!;czj+@g-7v)1~o
zce-D);O+#`yAkyJrE(I*_uNnu5a@V^QQglPH+Nj3AR}j>FHGd)ZF4w62|&OZLq%IT
z&y)$KPGwQGkH61oP;b3REL9Ikr@72)#LH_WP_21fV6Pm-r&dL;26o&{qv46T{|FMb
z;PjJ@H}2>Sf?)BFmD*gWbUw3O0Ml2keve3%5gGAN&a&}JCf!6_LvA(|7x4ArWYm>N
zb2Q$t%apFvsf-kYN5wN^n0JUF^7zr`?=SJ=9X^sE0mFg^po<hKCnfZSRqJvs21h}w
zT5*2#gI|+=I{u(G+#xfpo9aLxy+@7&dN1{(tj0<{$*^-LFeOC|U$&bN*hrM+nAef3
z;+>ICT0-~+rZH2A)Tmx-jMQl}{F%%*&cVkvnKI5r4<Talq5AUir|<INsRMKp(!c@Z
za+A-{K@NkzJR%koKXxBgpkz8^bu|)Q#9VbG7TVCD@k=rxs@=D%TZBN@Y50oV(#uVQ
z;=@lettW_d+^yWObU$#?&d)j&Ql+dPd`IzJE}V4qm33zSA`x;#V1Yrm_36=&(QPQU
z=eOG=!4wuw1C#pJH6*0+r7|1+lDLU#PrZH|r0zZ%?a#dbV}j0grtDJhw@W%v^QNv+
ze(YtbDq|Fkc6}I!BzvvTTAgeAP~2PSLSQI!*N|^q$fn+<6Prr{GB*saUPV|Z?MERb
zv?J>8HYez!xql{Co-8dudubXt#wW1)ggIr_i~f1a5~!9AC6st!;r+CO{<&w-ofE)F
zcDwY0)7l))fs1~p*DCx{#uYn9Cm!^VQ+#=?fhLT?mOJKbhfl-%$(KFCu=GE+*{3a8
z;r*?h_C8ebO^;D#nXJ2gDFtqN9eW-f3}D;2^|JM3O1II#OPzfoXC!=|C#;%=aH|SU
zj*7fS#mma!PX$cHPf(OM`XXw^0;?sb$RyyGPzM}dO%e>-Q5@H6S_TV`Nq2oA8cGUd
zwDX~vqFnb$YQUZsgomx7^CxNREpjTwBc6yHD@PcwnP#7myP*tpnqu0<KYAcFomZQm
zhs<28*t88J5aC8r9)0C%m~MSy?#<hq_~HSIa86Am2KsppNeqgipNj)BdPyewoR{I3
zAf2n-im#ZpSqbJNY_HBd_kSW9mHu3}UfPK2#-7n|C&w#E!EgLxb7|T;jV;wurJkWV
z4Y^+y$J(=kPM`d29&h%5j_x<)GGYuFAB<hfnnUvSXgJmhm<q5F2UBKZlc(Ih`5sj0
zE);&!@r!oSj+W(mzikyFQM1zCwiKM}>%4k-k6#XRpzElkpv#rgAzkcWIF7ZA9OgWh
z20b!3g;r3uBgeT{+cq=u^=uAY-|u9bQx_lX+Tsnp*68RVu^e<JqO9GZs5{`T+fjVQ
zbn?T{^p#C`C*LX)R4GA{uyzx<vft~jOi`jD-V$o>F}B^10$pyVtn|(YS0?6`HXP<Y
z|7zkUM8oSu+JOiM!;cge3w!AWJHNbqSi=?6P7=jaH&tPT>!xQ_Y_Ay_)94CDzbgPk
zBKA2=?F?s<NSR3|#OS2~j+hu0NAaWu{rPPD8PU9eXSpthKXdrexV9zIy+_|-Mi+8m
z638M_4!>lJn`$FO<fk_!$~MCX=jjDjr4FRG8W<lK50k%s(+W(A>UokMxwjuW=ftpp
z0S9r*E$`+@6XG%Y&?M?6RBMmxqK6xch{RV7rJG)Z`5tI(8opNfM>TZ;b*tzR?Th|r
z6AaTepLZ_LJ#$nWcD~{vE+<RccMNf#Nur_!R^J5`jfVtfg~AjqKx-{;Ao_Rq^&J}&
zKNjT}_KIvuQ<gg%g*HYQDB}Z67^iON3W}M_cJE56<A{E8r@!;Y^wTUDBx+wDOcXUF
z9P^&Cnp46hnbV-P)negnh)ZwPa(bJ1AmYp!6LqsL%u37dCk<h$Xo=}{&m8H>>IFea
z$<f6<$>;rnK)a15o5|!1#Z%c{6{h}{%2Sh`HHLwsPNDnI`)_w<-r<<6Z~astGHOx~
zvwTr828v-smks%%dM}S-_3ys<3?euVZ}DzQukux_sXtaVGddn59lg&DlLf{Zm(pc3
zGpSeEZSSK~;h8es;o*=--Q=Tg#AbKr&AfZKOwPAvN^@m{TjlxA*pw;18kWKh+}!2O
zSN(x!DI=EHxDG{E42PT`wyokTl5x6dHgy#3J}psP3342iZ=egPLvc1KiCz{AeG1>q
zZ`M?%BKg_j_;jtRYo*4TlFk?IP*P=EIxSsMagsqi@gP=hBhuu9WL1>_1v&whEW613
z3rf9(&dc<4FYjhy+|*~(Vkp$-@|ea(K5T({x{rOepKIjQsUCiPmPuXa$m%3}t+y?(
z`T@M`2W#99jinxcQ2HDoIN<D@bIUur{?21639ye`9w+nTW4DLMbr}`QD6oAKOIOo?
z6-GA~9%3p<woP^a;C`&y-8i*xoW!<ANMlgP)E-yTIKW<3^rUpY#C+}Ndvj;g%X{&8
zlpjrNMLrpFg*#k#sr~S>CG7PxIR8gI9Z<}O*y=_14xed>^6w<T#J#$NTNH|^xnmI&
z?`kO&V8GQ24awwpR4>-#-ARPMuG#*igwC-4NclwzdH3CkdoR~)(h`_<I@5&`z}xNf
zA3p8R97-F`yof{<IJC=4e{^;|BR`xx+~lm-i`-^}lXEZMDw+C_F%2%T2X-zkNo*?_
zro06NPfjY0dZc2_;I;ag!!^vKpqgNe$L;_m_jL0#pnkJ0KjdDLf-uDv)xC;~F}hx~
zWZ^HU)D;BtvZWfoGupR1`whkDzH?}DILh|wWZY04n^a^aISheHZ?~N`%o&zCCj`^&
zwS{$uMYQAGf7I03Xz%3M(P^Gd;*OCMVHu$obI5K?%K`do%!s(8S%C$5?7j(195AM>
zt9tiZb4sB5)^l?EEslF7?VvgD>UMRT%!7;A+Ssc>@*&$|yN?>@*uKS)`-%-k=DpY<
z4@0q9H62m+9<lBjoP|amMi*fuX(Sm{mwkpugF=jbo?9}37;d@H5ZdI1t_TOpe1FnC
zCoe1m(lvJ3dQbD+^#c|ABf-|;SZY$oEuLL!NyhANPMYao+U}H8L6htK%cRc|<u(Ov
zF^#XbL>dn5OT72kuh*>EKt>}XQAm-Y_}%fS^WtU&Rt>MElQL{&Ju<(u(9nyx4JUGS
z)H4q8HHc{@7Y}$)(Jfp>zm$`My-Ar?Gle>vOAdO`V_s|@VExqlWo0Y2%SlnJC&Tih
z75U(}WkR;b<0};e3LDp^<83+7-qa?AD!%X@){p9PVr`G$4>vX>Rw3nfrw`j#ndh-#
zzQRV|+=fn1Jh#$oylxh0Ebb`gWo>2=Eo|81Vn@8I#wzHEYKZGtqqzm}+uLKH@KAi5
zER2oE!nY~S#%QaH?J`mJJDg~F!mcuNbQV#=CqkveCHcMXA>8#pP@BO7pXTR91RGRL
zgC1ZOOH0<|{crX&9*Q}+mSd8*tVS9;p|SuhVuk6k=Dyly)eBPFShfQO_^cU&YZr7;
zu?A7g>M!zYvyG(i(U0pSj#uP%Bg{g!=@S8j;qWmx=t9(i$9H%Fo%Ptf&~ppWEpj}X
zI!ab`wMwPHR&_v@BzE&k%VEtr8#hr!>^z2OAh|qlPEBxIk4?0A<7a!#8N%-AAEaM{
zM<et#b;P`?Ti&3MQYH^iR)gY4hzEmK*Bs*d0s(CYO=yq`IX!`tI!(hh>QF-ApwvSF
zgZjJ}Mf=r~hEr$6T2Di6o!R9Id-*gORk|mgMF*h{{3nY2)Pz-<tvvfkOeb>HhL*NL
zld0N0DotYT26%=*P>_51<)^^UYS{gnV}?0OB}9QxGa^w^T4E*)`eXy7v0Or@+Ov1X
zi$cG@Vc}CCRqD_jsDC)tImDidopsJU3JHlE*RM-h+hXgU;b$>uBmxSq-F&29y1mbS
zdp)g`Te?<aM8Qfne4kxi+putpS}9T_6GtYrsZV3qaic>{+d*S*l_O#l>u~?Jx2LL9
z6$<l8ft}b=K!vzUW)|!i&E}FB?A%ydooUN?o71IV_z6<W$en^rr!5>w__2jRVqb`s
z6{{KXzOg_kg6)SPT&Y0pZdp^w-kJ~p>Jnvza#ZmHlOxRZ2W$Y7fAbak>E!NWe(pm1
zof?WTdkSLt_gK@l$Ti)!-yt*>DK6S{L9>(&%J~G^fX}q~uGX3lU%16G&hX2%)tPOD
z5s!6k{I9BN@7bF90m(16i0|&xMog;~$Z)ke{Dz>axSU~c{j{zb?%P`Jo7t_bGf)|x
zDEGLNnE)8E!QJNb(%DM9tCSaG^arI^yk%7GMg)<OQg%)Nzt_vb$^3XU<jQhZ@)AgS
z^C5?Qdbb;kv+uBvvbf(5{v~8lyW}T~1N8I<ScQrK05-3#vQHke9CEKbK-XGYV2N~+
z2Db~hWNw&Y#3gBNoSDH{Jbf3w2ikA1=+6+kstny;(df`6@M-P~pm`*HE3*L_&4rp-
zF&guRW^!ragxM-?n~yKJ3AU^eOdCBn+%)HSxmiMuy>=k<Er-MgWHXBlRDP*=B=zJ~
zkE*RAS>-Kg4u)CI6j1koBf1<$^9Y`<8(_!Uc8-Nskebhr6X_RZKV{;w#Znm2quOax
z*u=>>EUEnKh^D80W?U*OABa9~fAd~vG-?l<^?0@)yi839q6FgeV?Mq@2Xc=YfpWfm
z-@&mRKoY8O^IF~Ls|*;enyGT7xa~HRAPko^SM}R|yRcR(rL!(Y<<NUsA<?La=Q9B>
z63{5zBh82h8y1v3K|6B5G6~S#4}6gSoc$q<9tsXOZc(WxiljafhsT%U?Bn{M(70`2
z!D(22|FeVo0L+4+c)XUok5=>A^xAax+b`w1IzuEaaG%y{#O~@=MtgT?EP|Ho0hJUP
zvlIX}0y$2+GK>P<)sBK%6>(hZpJ6_5D6zqgarK+;Pjce_Jr-{XuJ0eWo&`7^-D&E~
z@6r+TI1n{*7EXS65jplMH(b=yO;B923uw?9P)~N|VumjMcwfG?1q1J(#J-S4h}zKd
znsC2XCR=mNcyAeXR6u2^7QclP*g)gf1#C6=jSrsb@5)Jt%82tCeF!Wvlq3tz?mh{D
zWycT!V4^WD%eQoj(8ap<SDpkRQ|WHMjTsIix#WEyKFe<X%Fg}9?zfCM)MU?vlh5M|
ze&CjGpQtRO1PjXP*I(l)zy2~ZVQ!BRwd41erq7ZsNh_QyG=9-;7_6>BR@sLGJAMZM
zNutEk`DIoq9}kytvGLZ09$G>tLauMMvh2;e&yPuy9MsZLm>4sAlOc@ki`oq7*V{<{
z%!F%hhgrP9NZ7JT0VnYWbqYLVG%%f66#%4wx1NPd9L-=NCi(4?7jLPGNh+1Z9#`Qw
zjj{F8cGyK>7$)lVHtde0p<shy5XRxn=l<9J6Pm^+-B}7`r$te;3S-uB(Vg=`sxew&
z{RvUVbHwE@``aXtR%ZtD<`*Z}%w)@vYAr`KEH${Tg;b_9-5C>@@U3g>z+!}1eD|!v
z;GTAopEG|#ZppjG)Z%2@7;Q4nJJ@*6EcTq>V=iiLUQrrNyQFH{r3Sexp#H+WXG~Nd
zbFzCdjB-=TJpzj#1iG|Sp4?f1$4v2EQ>6~RY?r$c=37EuDI-&k3{#U@K9jP?7BmZ>
z4phoA#%nUI6DN05waXPvUDgtUk4W9VoI3R8UVIk5D8necksfyi?M1H^dR=Y6PBk>k
z;0617G$biv$_~f2-i4G}ao}c?2T?)JN`zDpP86Rh)-*@ZSKv}4e%z&>28fwVOK!U<
z1V?)AXY6kkZ)7}vn<H10<v@9Rep)VXCop0dz8e-&jyb*2`d%OnrM%2D-ItO>0Yp=&
zV};PABrFO@Cv<y*D`3fF#(MDHJc<i3xSVT+UHodc(lo^s9=rY;>Y#pa+rfRr<YNzf
zRpX@*ja1i(hOw^^xob+7&Zofi6<Z+skC@(vcDXTotOu4agos+ZI{jQKxNviJxQViH
z@rNA5DbFiT#6wjQ(W$%6?pb##x4BjvfoSW5jXZpPSx}z6=q;OOAUB$*#M$NdY3>t^
zgGWSU&g!umV1&93#^L9Uyb#Ct!i7g$1z<H_TVqY5JoOn=YBm92di_dJp2oh`mSqr_
zh%tFlabI%WVO03exVQ;5VIChSX6Gq1ALT8s^g$;;n<Y5UD&UN1RNHdZ69Ax#jRG#x
z5@k;4&Te_TL?X-4RQ&4QJhiH`#;UUuM_!+iAPc^`c2_uNrS;5vSXrbOx<Z^q@z^%D
z4JX<tGb?(T1EC1052)ukpQ%6{owZiEb6KV+qbk}>Z(*;i^m{>IEyw&WjPi+kSIPKL
zSml>?qP>CI`$WU~1KoL<SQL`4_q=?Y)Lw)NbM|%Iy+6QPe)}n$E4*EM9|M+NXD&J>
zpdyTb#i^%`oQiKzT{{q%!D^XoydiKOxGLT|Yqa@6-<@{`fqyzIC9(HyiYkZEZp?O3
zdiW{!gZErdjYkqb9n7c*cU?8U<SONjmAGMZlL&@|2jKgkg}R;6<Y~6)@eu^2q5G+x
zskFD7M)bTHjrqFnZhi(|W34!jLD0s_kiB}H9gbPJGR8tHpjKW_|NMgFNrwM30O$kE
zs|<bjK~Tq=5wN!#7ZPmEb<WIhVei4TD<dD?rj1wRDz7+!Kl?-#d`S@5zx=-RpvldO
z={)sjcd1?}es#JCbu@^$u4MqC)_&)LFIe+aiuaX~U~0lHcedk`(88mt#&?E=c!)x(
zU>uz>dXCvo$ctHPk^-QW-Vu3qMXWPjYJ_hPFju=;RE>+J-$k=F9`i3(7d#O>0w>wx
zNn=^adi~F|AoSt|(kWt0_{Y)Bdy2aT^#&GvGH=@7F?@^;++Sx(h#FiRr*WkHI@TDX
zU@9EEKv&VoI~OI~7yWa5R5J%#A;!<_b)K?A`#>niwEo)cWqVV>u^Fg+&Vo+GaYEm%
zJw(AVfA&PO6=%`b*Fe~y?`3*Pay<tO*KB&}z#Q_mqL^oEH&27?Qi#plsgcXiT4~=3
z#DIw>u0-|M#^x(NXuR-z69mMwG(WpLy*WC2ePw&LEV92oC}p6kA(voVZHisA=_#c*
z+2nln34QQ|$ytbYj?v8hPmC|ss~pArF?)9*!55xY*lk;=G1pj=7vEa;M50sEQ!@tc
zFq;t%-`g$c^2a~1KYTkJsu4~}XlRV7&l`TbL8^0>7|izG;CArTy4@Am==uPE4{oXX
z?+&BmM1VWUInvZE<}g^y5_v5|Nsxh+^T!dA>a{&bzS1FoVvg<%Xzax#fEZ_7DYMhv
z%rq{=g{`go?CZ~mrpVE|Z?(@<8z;({Ggaz8utPGyEs9o}JC?AC2#$bR=4toqNZY~5
zv?yP946|dYRn+Pq<Ur}XR$dOb+#BtEw|8Hz>`t(~9{*`PR-4+>S`f%cWe{T<fEE}E
zsXb;86k>u0UfgT!rXbQ8(az`?C5uiWUhWvAN$NWJTA0H<yc$HT&kNk3e~kZXoCuCP
zQPt}IZ0Fuu(Lo3FG;O=og)yMsn#{(Ka=mm==R#|q9|tIqX#Vf<!2i^-2s8H?4X-{?
Xal7iqUHrKapm*KqTD7KQECBo;<hl{i

literal 0
HcmV?d00001

diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 144424937c..078ff7b4c4 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -415,6 +415,11 @@ td .commit-summary {
   max-width: 600px !important;
 }
 
+model-viewer {
+  width: 100%;
+  height: 100vh;
+}
+
 .pdf-content {
   width: 100%;
   height: 100vh;
diff --git a/web_src/js/index.js b/web_src/js/index.js
index 7d44b9ff56..f1fed9d2f8 100644
--- a/web_src/js/index.js
+++ b/web_src/js/index.js
@@ -23,6 +23,7 @@ import {initStopwatch} from './features/stopwatch.js';
 import {initFindFileInRepo} from './features/repo-findfile.js';
 import {initCommentContent, initMarkupContent} from './markup/content.js';
 import {initPdfViewer} from './render/pdf.js';
+import {initGltfViewer} from './render/gltf.js';
 
 import {initUserAuthOauth2, initUserAuth} from './features/user-auth.js';
 import {
@@ -187,6 +188,7 @@ onDomReady(() => {
   initUserAuth();
   initRepoDiffView();
   initPdfViewer();
+  initGltfViewer();
   initScopedAccessTokenCategories();
   initColorPickers();
 });
diff --git a/web_src/js/render/gltf.js b/web_src/js/render/gltf.js
new file mode 100644
index 0000000000..2d48e9f8e6
--- /dev/null
+++ b/web_src/js/render/gltf.js
@@ -0,0 +1,6 @@
+export async function initGltfViewer() {
+  const els = document.querySelectorAll('model-viewer');
+  if (!els.length) return;
+
+  await import(/* webpackChunkName: "@google/model-viewer" */'@google/model-viewer');
+}

From b6dd1dd799ab77ebcdee6e7e2781bd9ae48e2319 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 21 Jun 2025 18:42:42 +0200
Subject: [PATCH 34/39] Update renovate to v41 (forgejo) (major) (#8253)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8253
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 98b93b5757..590eab762e 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:40.57.1
+      image: data.forgejo.org/renovate/renovate:41.1.3
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 852c85ccd6..f31c1732be 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.34.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.5.2 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@40.57.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@41.1.3 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From d8ad592d4e8aab8f7c7610549ac342c7d951b368 Mon Sep 17 00:00:00 2001
From: John Veness <john-codeberg@jveness.co.uk>
Date: Sun, 22 Jun 2025 08:51:01 +0200
Subject: [PATCH 35/39] Fix sentence structure mentioning cooldown period
 (#8197)

The text should be two sentences, or at the very least separated by a semicolon rather than a comma.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8197
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: John Veness <john-codeberg@jveness.co.uk>
Co-committed-by: John Veness <john-codeberg@jveness.co.uk>
---
 options/locale/locale_en-US.ini         | 8 ++++----
 tests/integration/user_redirect_test.go | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index ac841db6d5..0bb128f8b3 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -768,8 +768,8 @@ update_profile_success = Your profile has been updated.
 change_username = Your username has been changed.
 change_username_prompt = Note: Changing your username also changes your account URL.
 change_username_redirect_prompt = The old username will redirect until someone claims it.
-change_username_redirect_prompt.with_cooldown.one = The old username will be available to everyone after a cooldown period of %[1]d day, you can still reclaim the old username during the cooldown period.
-change_username_redirect_prompt.with_cooldown.few = The old username will be available to everyone after a cooldown period of %[1]d days, you can still reclaim the old username during the cooldown period.
+change_username_redirect_prompt.with_cooldown.one = The old username will be available to everyone after a cooldown period of %[1]d day. You can still reclaim the old username during the cooldown period.
+change_username_redirect_prompt.with_cooldown.few = The old username will be available to everyone after a cooldown period of %[1]d days. You can still reclaim the old username during the cooldown period.
 continue = Continue
 cancel = Cancel
 language = Language
@@ -2931,8 +2931,8 @@ settings.update_settings = Update settings
 settings.update_setting_success = Organization settings have been updated.
 settings.change_orgname_prompt = Note: Changing the organization name will also change your organization's URL and free the old name.
 settings.change_orgname_redirect_prompt = The old name will redirect until it is claimed.
-settings.change_orgname_redirect_prompt.with_cooldown.one = The old organization name will be available to everyone after a cooldown period of %[1]d day, you can still reclaim the old name during the cooldown period.
-settings.change_orgname_redirect_prompt.with_cooldown.few = The old organization name will be available to everyone after a cooldown period of %[1]d days, you can still reclaim the old name during the cooldown period.
+settings.change_orgname_redirect_prompt.with_cooldown.one = The old organization name will be available to everyone after a cooldown period of %[1]d day. You can still reclaim the old name during the cooldown period.
+settings.change_orgname_redirect_prompt.with_cooldown.few = The old organization name will be available to everyone after a cooldown period of %[1]d days. You can still reclaim the old name during the cooldown period.
 settings.update_avatar_success = The organization's avatar has been updated.
 settings.delete = Delete organization
 settings.delete_account = Delete this organization
diff --git a/tests/integration/user_redirect_test.go b/tests/integration/user_redirect_test.go
index 8e59699d66..ad17b57713 100644
--- a/tests/integration/user_redirect_test.go
+++ b/tests/integration/user_redirect_test.go
@@ -143,7 +143,7 @@ func TestUserRedirect(t *testing.T) {
 			defer test.MockVariableValue(&setting.Service.UsernameCooldownPeriod, 8)()
 			defer tests.PrintCurrentTest(t)()
 
-			assert.Contains(t, getPrompt(t), "The old username will be available to everyone after a cooldown period of 8 days, you can still reclaim the old username during the cooldown period.")
+			assert.Contains(t, getPrompt(t), "The old username will be available to everyone after a cooldown period of 8 days. You can still reclaim the old username during the cooldown period.")
 		})
 	})
 
@@ -167,7 +167,7 @@ func TestUserRedirect(t *testing.T) {
 			defer test.MockVariableValue(&setting.Service.UsernameCooldownPeriod, 8)()
 			defer tests.PrintCurrentTest(t)()
 
-			assert.Contains(t, getPrompt(t), "The old organization name will be available to everyone after a cooldown period of 8 days, you can still reclaim the old name during the cooldown period.")
+			assert.Contains(t, getPrompt(t), "The old organization name will be available to everyone after a cooldown period of 8 days. You can still reclaim the old name during the cooldown period.")
 		})
 	})
 }

From b58cebc2d9c3c4a997d9092e9fba1995e023cd02 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 23 Jun 2025 07:40:04 +0200
Subject: [PATCH 36/39] Update renovate to v41.1.4 (forgejo) (#8256)
 Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
 Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>

---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 590eab762e..5aa6c8cd98 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:41.1.3
+      image: data.forgejo.org/renovate/renovate:41.1.4
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index f31c1732be..e770f2a989 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.34.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.5.2 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@41.1.3 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@41.1.4 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From cf4d0e6c34a8ead79540a9f661901d9c4cb0ed8e Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Mon, 23 Jun 2025 07:54:32 +0200
Subject: [PATCH 37/39] bug: unify RepoActionRun and ActionRun structs (#8250)

Two pull requests were merged at the same time

- https://codeberg.org/forgejo/forgejo/pulls/7699
- https://codeberg.org/forgejo/forgejo/pulls/7508

And added conflicting structs ActionRun modules/structs.  That broke
the forgejo development branch and a quick fix was made to resolve
the name conflict.

- https://codeberg.org/forgejo/forgejo/pulls/8066

However that creates an undesirable duplication of two structures that
serve the same purpose but are different.

- Remove RepoActionRun and replace it with ActionRun
- convert.ToActionRun has one more argument, the doer, because it
  is determined differently in the context of webhooks or API

### Tests

- No need because the two pull requests involved already have good coverage.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8250
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: klausfyhn <klausfyhn@noreply.codeberg.org>
Reviewed-by: Christopher Besch <mail@chris-besch.com>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 modules/structs/action.go                  |   6 +
 modules/structs/repo_actions.go            |  20 --
 routers/api/v1/repo/action.go              |  23 +--
 routers/api/v1/swagger/repo.go             |  16 +-
 services/convert/action.go                 |   9 +-
 services/convert/convert.go                |  23 ---
 services/webhook/notifier.go               |  11 +-
 templates/swagger/v1_json.tmpl             | 209 ++++++++++++++-------
 tests/integration/api_repo_actions_test.go |  10 +-
 9 files changed, 187 insertions(+), 140 deletions(-)

diff --git a/modules/structs/action.go b/modules/structs/action.go
index 2c42365c19..f47b228d75 100644
--- a/modules/structs/action.go
+++ b/modules/structs/action.go
@@ -78,3 +78,9 @@ type ActionRun struct {
 	// the url of this action run
 	HTMLURL string `json:"html_url"`
 }
+
+// ListActionRunResponse return a list of ActionRun
+type ListActionRunResponse struct {
+	Entries    []*ActionRun `json:"workflow_runs"`
+	TotalCount int64        `json:"total_count"`
+}
diff --git a/modules/structs/repo_actions.go b/modules/structs/repo_actions.go
index 505367336c..b13f344738 100644
--- a/modules/structs/repo_actions.go
+++ b/modules/structs/repo_actions.go
@@ -32,23 +32,3 @@ type ActionTaskResponse struct {
 	Entries    []*ActionTask `json:"workflow_runs"`
 	TotalCount int64         `json:"total_count"`
 }
-
-// ActionRun represents an ActionRun
-type RepoActionRun struct {
-	ID              int64  `json:"id"`
-	Name            string `json:"name"`
-	RunNumber       int64  `json:"run_number"`
-	Event           string `json:"event"`
-	Status          string `json:"status"`
-	HeadBranch      string `json:"head_branch"`
-	HeadSHA         string `json:"head_sha"`
-	WorkflowID      string `json:"workflow_id"`
-	URL             string `json:"url"`
-	TriggeringActor *User  `json:"triggering_actor"`
-}
-
-// ListActionRunResponse return a list of ActionRun
-type ListRepoActionRunResponse struct {
-	Entries    []*RepoActionRun `json:"workflow_runs"`
-	TotalCount int64            `json:"total_count"`
-}
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 03089a18d3..dbc4933de6 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -748,7 +748,7 @@ func ListActionRuns(ctx *context.APIContext) {
 	//   type: string
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/RepoActionRunList"
+	//     "$ref": "#/responses/ActionRunList"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "403":
@@ -779,16 +779,16 @@ func ListActionRuns(ctx *context.APIContext) {
 		return
 	}
 
-	res := new(api.ListRepoActionRunResponse)
+	res := new(api.ListActionRunResponse)
 	res.TotalCount = total
 
-	res.Entries = make([]*api.RepoActionRun, len(runs))
+	res.Entries = make([]*api.ActionRun, len(runs))
 	for i, r := range runs {
-		cr, err := convert.ToRepoActionRun(ctx, r)
-		if err != nil {
-			ctx.Error(http.StatusInternalServerError, "ToActionRun", err)
+		if err := r.LoadAttributes(ctx); err != nil {
+			ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 			return
 		}
+		cr := convert.ToActionRun(ctx, r, ctx.Doer)
 		res.Entries[i] = cr
 	}
 
@@ -821,7 +821,7 @@ func GetActionRun(ctx *context.APIContext) {
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/RepoActionRun"
+	//     "$ref": "#/responses/ActionRun"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "403":
@@ -839,16 +839,17 @@ func GetActionRun(ctx *context.APIContext) {
 		return
 	}
 
+	// Action runs lives in its own table, therefore we check that the
+	// run with the requested ID is owned by the repository
 	if ctx.Repo.Repository.ID != run.RepoID {
 		ctx.Error(http.StatusNotFound, "GetRunById", util.ErrNotExist)
 		return
 	}
 
-	res, err := convert.ToRepoActionRun(ctx, run)
-	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "ToRepoActionRun", err)
+	if err := run.LoadAttributes(ctx); err != nil {
+		ctx.Error(http.StatusInternalServerError, "LoadAttributes", err)
 		return
 	}
 
-	ctx.JSON(http.StatusOK, res)
+	ctx.JSON(http.StatusOK, convert.ToActionRun(ctx, run, ctx.Doer))
 }
diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go
index bde0efea4e..cd4832e15f 100644
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -463,16 +463,16 @@ type swaggerSyncForkInfo struct {
 	Body []api.SyncForkInfo `json:"body"`
 }
 
-// RepoActionRunList
-// swagger:response RepoActionRunList
-type swaggerRepoActionRunList struct {
+// ActionRunList
+// swagger:response ActionRunList
+type swaggerActionRunList struct {
 	// in:body
-	Body api.ListRepoActionRunResponse `json:"body"`
+	Body api.ListActionRunResponse `json:"body"`
 }
 
-// RepoActionRun
-// swagger:response RepoActionRun
-type swaggerRepoActionRun struct {
+// ActionRun
+// swagger:response ActionRun
+type swaggerActionRun struct {
 	// in:body
-	Body api.RepoActionRun `json:"body"`
+	Body api.ActionRun `json:"body"`
 }
diff --git a/services/convert/action.go b/services/convert/action.go
index 5e17172b45..703c1f1261 100644
--- a/services/convert/action.go
+++ b/services/convert/action.go
@@ -8,22 +8,17 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	access_model "forgejo.org/models/perm/access"
+	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
 )
 
 // ToActionRun convert actions_model.User to api.ActionRun
 // the run needs all attributes loaded
-func ToActionRun(ctx context.Context, run *actions_model.ActionRun) *api.ActionRun {
+func ToActionRun(ctx context.Context, run *actions_model.ActionRun, doer *user_model.User) *api.ActionRun {
 	if run == nil {
 		return nil
 	}
 
-	// The doer is the one whose perspective is used to view this ActionRun.
-	// In the best case we use the user that created the webhook.
-	// Unfortunately we don't know who that was.
-	// So instead we use the repo owner, who is able to create webhooks and allow others to do so by making them repo admins.
-	// This is pretty close to perfect.
-	doer := run.Repo.Owner
 	permissionInRepo, _ := access_model.GetUserRepoPermission(ctx, run.Repo, doer)
 
 	return &api.ActionRun{
diff --git a/services/convert/convert.go b/services/convert/convert.go
index 48da9d7623..2ea24a1b51 100644
--- a/services/convert/convert.go
+++ b/services/convert/convert.go
@@ -222,29 +222,6 @@ func ToActionTask(ctx context.Context, t *actions_model.ActionTask) (*api.Action
 	}, nil
 }
 
-// ToRepoActionRun convert a actions_model.ActionRun to an api.RepoActionRun
-func ToRepoActionRun(ctx context.Context, r *actions_model.ActionRun) (*api.RepoActionRun, error) {
-	if err := r.LoadAttributes(ctx); err != nil {
-		return nil, err
-	}
-
-	url := strings.TrimSuffix(setting.AppURL, "/") + r.Link()
-	actor := ToUser(ctx, r.TriggerUser, nil)
-
-	return &api.RepoActionRun{
-		ID:              r.ID,
-		Name:            r.Title,
-		HeadBranch:      r.PrettyRef(),
-		HeadSHA:         r.CommitSHA,
-		RunNumber:       r.Index,
-		Event:           r.TriggerEvent,
-		Status:          r.Status.String(),
-		WorkflowID:      r.WorkflowID,
-		URL:             url,
-		TriggeringActor: actor,
-	}, nil
-}
-
 // ToVerification convert a git.Commit.Signature to an api.PayloadCommitVerification
 func ToVerification(ctx context.Context, c *git.Commit) *api.PayloadCommitVerification {
 	verif := asymkey_model.ParseCommitWithSignature(ctx, c)
diff --git a/services/webhook/notifier.go b/services/webhook/notifier.go
index b3201e5d10..009efc994f 100644
--- a/services/webhook/notifier.go
+++ b/services/webhook/notifier.go
@@ -894,9 +894,16 @@ func (m *webhookNotifier) ActionRunNowDone(ctx context.Context, run *actions_mod
 		Owner:      run.TriggerUser,
 	}
 
+	// The doer is the one whose perspective is used to view this ActionRun.
+	// In the best case we use the user that created the webhook.
+	// Unfortunately we don't know who that was.
+	// So instead we use the repo owner, who is able to create webhooks and allow others to do so by making them repo admins.
+	// This is pretty close to perfect.
+	doer := run.Repo.Owner
+
 	payload := &api.ActionPayload{
-		Run:         convert.ToActionRun(ctx, run),
-		LastRun:     convert.ToActionRun(ctx, lastRun),
+		Run:         convert.ToActionRun(ctx, run, doer),
+		LastRun:     convert.ToActionRun(ctx, lastRun, doer),
 		PriorStatus: priorStatus.String(),
 	}
 
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index bba4ac4949..3ef712c464 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -4985,7 +4985,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/RepoActionRunList"
+            "$ref": "#/responses/ActionRunList"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -5032,7 +5032,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/RepoActionRun"
+            "$ref": "#/responses/ActionRun"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -21120,6 +21120,129 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
+    "ActionRun": {
+      "description": "ActionRun represents an action run",
+      "type": "object",
+      "properties": {
+        "ScheduleID": {
+          "description": "the cron id for the schedule trigger",
+          "type": "integer",
+          "format": "int64"
+        },
+        "approved_by": {
+          "description": "who approved this action run",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "ApprovedBy"
+        },
+        "commit_sha": {
+          "description": "the commit sha the action run ran on",
+          "type": "string",
+          "x-go-name": "CommitSHA"
+        },
+        "created": {
+          "description": "when the action run was created",
+          "type": "string",
+          "format": "date-time",
+          "x-go-name": "Created"
+        },
+        "duration": {
+          "$ref": "#/definitions/Duration"
+        },
+        "event": {
+          "description": "the webhook event that causes the workflow to run",
+          "type": "string",
+          "x-go-name": "Event"
+        },
+        "event_payload": {
+          "description": "the payload of the webhook event that causes the workflow to run",
+          "type": "string",
+          "x-go-name": "EventPayload"
+        },
+        "html_url": {
+          "description": "the url of this action run",
+          "type": "string",
+          "x-go-name": "HTMLURL"
+        },
+        "id": {
+          "description": "the action run id",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "ID"
+        },
+        "index_in_repo": {
+          "description": "a unique number for each run of a repository",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "Index"
+        },
+        "is_fork_pull_request": {
+          "description": "If this is triggered by a PR from a forked repository or an untrusted user, we need to check if it is approved and limit permissions when running the workflow.",
+          "type": "boolean",
+          "x-go-name": "IsForkPullRequest"
+        },
+        "is_ref_deleted": {
+          "description": "has the commit/tag/… the action run ran on been deleted",
+          "type": "boolean",
+          "x-go-name": "IsRefDeleted"
+        },
+        "need_approval": {
+          "description": "may need approval if it's a fork pull request",
+          "type": "boolean",
+          "x-go-name": "NeedApproval"
+        },
+        "prettyref": {
+          "description": "the commit/tag/… the action run ran on",
+          "type": "string",
+          "x-go-name": "PrettyRef"
+        },
+        "repository": {
+          "$ref": "#/definitions/Repository"
+        },
+        "started": {
+          "description": "when the action run was started",
+          "type": "string",
+          "format": "date-time",
+          "x-go-name": "Started"
+        },
+        "status": {
+          "description": "the current status of this run",
+          "type": "string",
+          "x-go-name": "Status"
+        },
+        "stopped": {
+          "description": "when the action run was stopped",
+          "type": "string",
+          "format": "date-time",
+          "x-go-name": "Stopped"
+        },
+        "title": {
+          "description": "the action run's title",
+          "type": "string",
+          "x-go-name": "Title"
+        },
+        "trigger_event": {
+          "description": "the trigger event defined in the `on` configuration of the triggered workflow",
+          "type": "string",
+          "x-go-name": "TriggerEvent"
+        },
+        "trigger_user": {
+          "$ref": "#/definitions/User"
+        },
+        "updated": {
+          "description": "when the action run was last updated",
+          "type": "string",
+          "format": "date-time",
+          "x-go-name": "Updated"
+        },
+        "workflow_id": {
+          "description": "the name of workflow file",
+          "type": "string",
+          "x-go-name": "WorkflowID"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
     "ActionRunJob": {
       "description": "ActionRunJob represents a job of a run",
       "type": "object",
@@ -23610,6 +23733,12 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
+    "Duration": {
+      "description": "A Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years.",
+      "type": "integer",
+      "format": "int64",
+      "x-go-package": "time"
+    },
     "EditAttachmentOptions": {
       "description": "EditAttachmentOptions options for editing attachments",
       "type": "object",
@@ -25576,7 +25705,7 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
-    "ListRepoActionRunResponse": {
+    "ListActionRunResponse": {
       "description": "ListActionRunResponse return a list of ActionRun",
       "type": "object",
       "properties": {
@@ -25588,7 +25717,7 @@
         "workflow_runs": {
           "type": "array",
           "items": {
-            "$ref": "#/definitions/RepoActionRun"
+            "$ref": "#/definitions/ActionRun"
           },
           "x-go-name": "Entries"
         }
@@ -27353,54 +27482,6 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
-    "RepoActionRun": {
-      "description": "ActionRun represents an ActionRun",
-      "type": "object",
-      "properties": {
-        "event": {
-          "type": "string",
-          "x-go-name": "Event"
-        },
-        "head_branch": {
-          "type": "string",
-          "x-go-name": "HeadBranch"
-        },
-        "head_sha": {
-          "type": "string",
-          "x-go-name": "HeadSHA"
-        },
-        "id": {
-          "type": "integer",
-          "format": "int64",
-          "x-go-name": "ID"
-        },
-        "name": {
-          "type": "string",
-          "x-go-name": "Name"
-        },
-        "run_number": {
-          "type": "integer",
-          "format": "int64",
-          "x-go-name": "RunNumber"
-        },
-        "status": {
-          "type": "string",
-          "x-go-name": "Status"
-        },
-        "triggering_actor": {
-          "$ref": "#/definitions/User"
-        },
-        "url": {
-          "type": "string",
-          "x-go-name": "URL"
-        },
-        "workflow_id": {
-          "type": "string",
-          "x-go-name": "WorkflowID"
-        }
-      },
-      "x-go-package": "forgejo.org/modules/structs"
-    },
     "RepoCollaboratorPermission": {
       "description": "RepoCollaboratorPermission to get repository permission for a collaborator",
       "type": "object",
@@ -28847,6 +28928,18 @@
         }
       }
     },
+    "ActionRun": {
+      "description": "ActionRun",
+      "schema": {
+        "$ref": "#/definitions/ActionRun"
+      }
+    },
+    "ActionRunList": {
+      "description": "ActionRunList",
+      "schema": {
+        "$ref": "#/definitions/ListActionRunResponse"
+      }
+    },
     "ActionVariable": {
       "description": "ActionVariable",
       "schema": {
@@ -29616,18 +29709,6 @@
         }
       }
     },
-    "RepoActionRun": {
-      "description": "RepoActionRun",
-      "schema": {
-        "$ref": "#/definitions/RepoActionRun"
-      }
-    },
-    "RepoActionRunList": {
-      "description": "RepoActionRunList",
-      "schema": {
-        "$ref": "#/definitions/ListRepoActionRunResponse"
-      }
-    },
     "RepoCollaboratorPermission": {
       "description": "RepoCollaboratorPermission",
       "schema": {
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 34d603487c..af2aa10cfd 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -169,7 +169,7 @@ func TestAPIGetListActionRun(t *testing.T) {
 			req.AddTokenAuth(token)
 
 			res := MakeRequest(t, req, http.StatusOK)
-			apiRuns := new(api.ListRepoActionRunResponse)
+			apiRuns := new(api.ListActionRunResponse)
 			DecodeJSON(t, res, apiRuns)
 
 			assert.Equal(t, int64(len(tt.expectedIDs)), apiRuns.TotalCount)
@@ -231,13 +231,13 @@ func TestAPIGetActionRun(t *testing.T) {
 			}
 
 			dbRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: tt.runID})
-			apiRun := new(api.RepoActionRun)
+			apiRun := new(api.ActionRun)
 			DecodeJSON(t, res, apiRun)
 
-			assert.Equal(t, dbRun.Index, apiRun.RunNumber)
+			assert.Equal(t, dbRun.Index, apiRun.Index)
 			assert.Equal(t, dbRun.Status.String(), apiRun.Status)
-			assert.Equal(t, dbRun.CommitSHA, apiRun.HeadSHA)
-			assert.Equal(t, dbRun.TriggerUserID, apiRun.TriggeringActor.ID)
+			assert.Equal(t, dbRun.CommitSHA, apiRun.CommitSHA)
+			assert.Equal(t, dbRun.TriggerUserID, apiRun.TriggerUser.ID)
 		})
 	}
 }

From debd74e1b688f02293848db89948f5be6b12740a Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Mon, 23 Jun 2025 08:00:18 +0200
Subject: [PATCH 38/39] fix: add an index to the ActionRun.stopped column
 (#8252)

The models/actions/run.go:GetRunBefore function sorts ActionRun rows to get the most recently stopped. Since the ActionRun rows do not expire, the cost will keep increasing over time.

The index is meant to ensure the execution time of the associated query does not grow linearly with the number of rows in the ActionRun table.

Ref https://codeberg.org/forgejo/forgejo/pulls/7491/files#issuecomment-5495441

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8252
Reviewed-by: Christopher Besch <mail@chris-besch.com>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 models/forgejo_migrations/migrate.go |  2 ++
 models/forgejo_migrations/v35.go     | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 models/forgejo_migrations/v35.go

diff --git a/models/forgejo_migrations/migrate.go b/models/forgejo_migrations/migrate.go
index 6a6922ec4e..737350b019 100644
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@@ -107,6 +107,8 @@ var migrations = []*Migration{
 	NewMigration("Add federated user activity tables, update the `federated_user` table & add indexes", FederatedUserActivityMigration),
 	// v33 -> v34
 	NewMigration("Add `notify-email` column to `action_run` table", AddNotifyEmailToActionRun),
+	// v34 -> v35
+	NewMigration("Add index to `stopped` column in `action_run` table", AddIndexToActionRunStopped),
 }
 
 // GetCurrentDBVersion returns the current Forgejo database version.
diff --git a/models/forgejo_migrations/v35.go b/models/forgejo_migrations/v35.go
new file mode 100644
index 0000000000..0fb3b43e2c
--- /dev/null
+++ b/models/forgejo_migrations/v35.go
@@ -0,0 +1,19 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations //nolint:revive
+
+import (
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func AddIndexToActionRunStopped(x *xorm.Engine) error {
+	type ActionRun struct {
+		ID      int64
+		Stopped timeutil.TimeStamp `xorm:"index"`
+	}
+
+	return x.Sync(&ActionRun{})
+}

From 39e6785da00ddd3f1f01f846aab8bf0a5c31f96b Mon Sep 17 00:00:00 2001
From: Danko Aleksejevs <danko@very.lv>
Date: Mon, 23 Jun 2025 15:21:15 +0200
Subject: [PATCH 39/39] fix(ui): erroneous list continuation on Cmd+Enter on
 macOS (#8153) (#8170)

The line continuation code in the Markdown editor ignored Enter presses if Ctrl, Alt or Shift were being held. This now also accounts for Cmd on macOS (which browsers represent as metaKey).

### Tests

- Use Safari (on macOS)
- create a new issue in a repository
- start writing a list (with - one[enter]- two)
- now press Cmd+Enter
- verify that while the form is being submitted, no new line got visually added

***

The visual evidence of this bug is a race condition (form is being edited while also being submitted) and I don't think a reliable cross-browser E2E test is possible.

Bugged and fixed behavior verified manually on an actual Macbook in current Safari. Specifically,

* Before the fix: pressing Cmd+Enter submits the form *and* inserts a newline + list prefix in the markdown editor.  Reporter had the changed content submitted, I only saw it submit the original (but the change was visible during submission).
* After the fix: Cmd+Enter only submits the form. Enter with no modifiers inserts newlines/prefixes as before.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8170
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Danko Aleksejevs <danko@very.lv>
Co-committed-by: Danko Aleksejevs <danko@very.lv>
---
 web_src/js/features/comp/ComboMarkdownEditor.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web_src/js/features/comp/ComboMarkdownEditor.js b/web_src/js/features/comp/ComboMarkdownEditor.js
index 5f452b3802..3c94274175 100644
--- a/web_src/js/features/comp/ComboMarkdownEditor.js
+++ b/web_src/js/features/comp/ComboMarkdownEditor.js
@@ -121,12 +121,12 @@ class ComboMarkdownEditor {
       // Prevent special keyboard handling if currently a text expander popup is open
       if (this.textarea.hasAttribute('aria-expanded')) return;
 
-      const noModifiers = !e.shiftKey && !e.ctrlKey && !e.altKey;
+      const noModifiers = !e.shiftKey && !e.ctrlKey && !e.altKey && !e.metaKey;
       if (e.key === 'Escape') {
         // Explicitly lose focus and reenable tab navigation.
         e.target.blur();
         this.tabEnabled = false;
-      } else if (e.key === 'Tab' && this.tabEnabled && !e.altKey && !e.ctrlKey) {
+      } else if (e.key === 'Tab' && this.tabEnabled && !e.altKey && !e.ctrlKey && !e.metaKey) {
         if (this.indentSelection(e.shiftKey, true)) {
           this.options?.onContentChanged?.(this, e);
           e.preventDefault();