[v10.0/forgejo] fix: avoid Gitea migration warnings (take 2) (#6578 )

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/6577 274bc480b4 introduced a regression in https://codeberg.org/forgejo/forgejo/pulls/6343 Trying to remove fields that have already been removed by dd1523c72e/models/forgejo_migrations/v14.go Is a noop for SQLite and went undetected by the upgrade tests. Fixes: https://codeberg.org/forgejo/forgejo/issues/6575 Co-authored-by: Earl Warren <contact@earl-warren.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6578 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
[v10.0/forgejo] chore(ci): upgrade forgejo-build-publish/build@v5.3.1 (#6574 )
2025-07-15 13:00:03 +02:00 · 2025-01-15 22:48:56 +00:00 · 2025-01-15 21:36:53 +00:00 · 2025-01-14 21:40:06 +00:00 · 2025-01-14 07:48:07 +00:00 · 2025-01-14 11:57:02 +05:00
2881 changed files with 35282 additions and 66393 deletions
--- a/.deadcode-out
+++ b/.deadcode-out
@ -1,7 +1,7 @@
-forgejo.org/cmd
+code.gitea.io/gitea/cmd
 	NoMainListener
-forgejo.org/cmd/forgejo
+code.gitea.io/gitea/cmd/forgejo
 	ContextSetNoInit
 	ContextSetNoExit
 	ContextSetStderr
@ -9,94 +9,128 @@ forgejo.org/cmd/forgejo
 	ContextSetStdout
 	ContextSetStdin
-forgejo.org/models
+code.gitea.io/gitea/models
 	IsErrUpdateTaskNotExist
 	ErrUpdateTaskNotExist.Error
 	ErrUpdateTaskNotExist.Unwrap
 	IsErrSHANotFound
 	IsErrMergeDivergingFastForwardOnly
-forgejo.org/models/auth
+code.gitea.io/gitea/models/actions
 	ScheduleList.GetUserIDs
 	ScheduleList.GetRepoIDs
 	ScheduleList.LoadTriggerUser
 	ScheduleList.LoadRepos
 code.gitea.io/gitea/models/asymkey
 	ErrGPGKeyAccessDenied.Error
 	ErrGPGKeyAccessDenied.Unwrap
 	HasDeployKey
 code.gitea.io/gitea/models/auth
 	GetSourceByName
 	WebAuthnCredentials
-forgejo.org/models/db
+code.gitea.io/gitea/models/db
 	TruncateBeans
 	InTransaction
 	DumpTables
-forgejo.org/models/dbfs
+code.gitea.io/gitea/models/dbfs
 	file.renameTo
 	Create
 	Rename
-forgejo.org/models/forgefed
+code.gitea.io/gitea/models/forgefed
 	GetFederationHost
-forgejo.org/models/forgejo/semver
+code.gitea.io/gitea/models/forgejo/semver
 	GetVersion
 	SetVersionString
 	SetVersion
-forgejo.org/models/git
+code.gitea.io/gitea/models/git
 	RemoveDeletedBranchByID
-forgejo.org/models/issues
+code.gitea.io/gitea/models/issues
 	IsErrUnknownDependencyType
 	ErrNewIssueInsert.Error
 	IsErrIssueWasClosed
 	ChangeMilestoneStatus
-forgejo.org/models/organization
+code.gitea.io/gitea/models/organization
 	GetTeamNamesByID
 	UpdateTeamUnits
 	SearchMembersOptions.ToConds
 	UsersInTeamsCount
-forgejo.org/models/perm/access
+code.gitea.io/gitea/models/perm/access
 	GetRepoWriters
-forgejo.org/models/repo
+code.gitea.io/gitea/models/project
 	UpdateColumnSorting
 	ChangeProjectStatus
 code.gitea.io/gitea/models/repo
 	DeleteAttachmentsByIssue
 	FindReposMapByIDs
 	IsErrTopicNotExist
 	ErrTopicNotExist.Error
 	ErrTopicNotExist.Unwrap
 	GetTopicByName
 	WatchRepoMode
-forgejo.org/models/user
+code.gitea.io/gitea/models/user
 	ErrUserInactive.Error
 	ErrUserInactive.Unwrap
 	IsErrExternalLoginUserAlreadyExist
 	IsErrExternalLoginUserNotExist
 	NewFederatedUser
 	IsErrUserSettingIsNotExist
 	GetUserAllSettings
 	DeleteUserSetting
 	GetUserEmailsByNames
 	GetUserNamesByIDs
-forgejo.org/modules/activitypub
+code.gitea.io/gitea/modules/activitypub
 	NewContext
 	Context.APClientFactory
-forgejo.org/modules/assetfs
+code.gitea.io/gitea/modules/assetfs
 	Bindata
-forgejo.org/modules/auth/password/hash
+code.gitea.io/gitea/modules/auth/password/hash
 	DummyHasher.HashWithSaltBytes
 	NewDummyHasher
-forgejo.org/modules/auth/password/pwn
+code.gitea.io/gitea/modules/auth/password/pwn
 	WithHTTP
-forgejo.org/modules/base
+code.gitea.io/gitea/modules/base
 	SetupGiteaRoot
-forgejo.org/modules/cache
+code.gitea.io/gitea/modules/cache
 	GetInt
 	WithNoCacheContext
 	RemoveContextData
-forgejo.org/modules/emoji
+code.gitea.io/gitea/modules/charset
 	BreakWriter.Write
 code.gitea.io/gitea/modules/emoji
 	ReplaceCodes
-forgejo.org/modules/eventsource
+code.gitea.io/gitea/modules/eventsource
 	Event.String
-forgejo.org/modules/forgefed
+code.gitea.io/gitea/modules/forgefed
 	NewForgeUndoLike
 	ForgeUndoLike.UnmarshalJSON
 	ForgeUndoLike.Validate
 	GetItemByType
 	JSONUnmarshalerFn
 	NotEmpty
 	ToRepository
 	OnRepository
-forgejo.org/modules/git
+code.gitea.io/gitea/modules/git
 	AllowLFSFiltersArgs
 	AddChanges
 	AddChangesWithArgs
@ -104,57 +138,71 @@ forgejo.org/modules/git
 	CommitChangesWithArgs
 	SetUpdateHook
 	openRepositoryWithDefaultContext
 	IsTagExist
 	ToEntryMode
 	LimitedReaderCloser.Read
 	LimitedReaderCloser.Close
-forgejo.org/modules/gitrepo
+code.gitea.io/gitea/modules/gitgraph
 	Parser.Reset
 code.gitea.io/gitea/modules/gitrepo
 	GetBranchCommitID
 	GetWikiDefaultBranch
-forgejo.org/modules/graceful
+code.gitea.io/gitea/modules/graceful
 	Manager.TerminateContext
 	Manager.Err
 	Manager.Value
 	Manager.Deadline
-forgejo.org/modules/hcaptcha
+code.gitea.io/gitea/modules/hcaptcha
 	WithHTTP
-forgejo.org/modules/hostmatcher
+code.gitea.io/gitea/modules/hostmatcher
 	HostMatchList.AppendPattern
-forgejo.org/modules/json
+code.gitea.io/gitea/modules/json
 	StdJSON.Marshal
 	StdJSON.Unmarshal
 	StdJSON.NewEncoder
 	StdJSON.NewDecoder
 	StdJSON.Indent
-forgejo.org/modules/log
+code.gitea.io/gitea/modules/markup
 	NewEventWriterBuffer
 forgejo.org/modules/markup
 	GetRendererByType
 	RenderString
 	IsMarkupFile
-forgejo.org/modules/markup/console
+code.gitea.io/gitea/modules/markup/console
 	Render
 	RenderString
-forgejo.org/modules/markup/markdown
+code.gitea.io/gitea/modules/markup/markdown
 	IsDetails
 	IsSummary
 	IsTaskCheckBoxListItem
 	IsIcon
 	RenderRawString
-forgejo.org/modules/markup/mdstripper
+code.gitea.io/gitea/modules/markup/markdown/math
 	WithInlineDollarParser
 	WithBlockDollarParser
 code.gitea.io/gitea/modules/markup/mdstripper
 	stripRenderer.AddOptions
 	StripMarkdown
-forgejo.org/modules/markup/orgmode
+code.gitea.io/gitea/modules/markup/orgmode
 	RenderString
-forgejo.org/modules/process
+code.gitea.io/gitea/modules/private
 	ActionsRunnerRegister
 code.gitea.io/gitea/modules/process
 	Manager.ExecTimeout
-forgejo.org/modules/queue
+code.gitea.io/gitea/modules/queue
 	newBaseChannelSimple
 	newBaseChannelUnique
 	newBaseRedisSimple
@ -163,73 +211,89 @@ forgejo.org/modules/queue
 	testStateRecorder.Reset
 	newWorkerPoolQueueForTest
-forgejo.org/modules/queue/lqinternal
+code.gitea.io/gitea/modules/queue/lqinternal
 	QueueItemIDBytes
 	QueueItemKeyBytes
 	ListLevelQueueKeys
-forgejo.org/modules/setting
+code.gitea.io/gitea/modules/setting
 	NewConfigProviderFromData
 	GitConfigType.GetOption
 	InitLoggersForTest
-forgejo.org/modules/sync
+code.gitea.io/gitea/modules/storage
 	ErrInvalidConfiguration.Error
 	IsErrInvalidConfiguration
 code.gitea.io/gitea/modules/structs
 	ParseCreateHook
 	ParsePushHook
 code.gitea.io/gitea/modules/sync
 	StatusTable.Start
 	StatusTable.IsRunning
-forgejo.org/modules/timeutil
+code.gitea.io/gitea/modules/timeutil
 	GetExecutableModTime
 	MockSet
 	MockUnset
-forgejo.org/modules/translation
+code.gitea.io/gitea/modules/translation
 	MockLocale.Language
 	MockLocale.TrString
 	MockLocale.Tr
 	MockLocale.TrN
 	MockLocale.TrPluralString
 	MockLocale.TrPluralStringAllForms
 	MockLocale.TrSize
 	MockLocale.HasKey
 	MockLocale.PrettyNumber
-forgejo.org/modules/translation/localeiter
+code.gitea.io/gitea/modules/util
 	IterateMessagesContent
 forgejo.org/modules/util
 	OptionalArg
-forgejo.org/modules/util/filebuffer
+code.gitea.io/gitea/modules/util/filebuffer
 	CreateFromReader
-forgejo.org/modules/validation
+code.gitea.io/gitea/modules/validation
 	IsErrNotValid
 	ValidateIDExists
-forgejo.org/modules/web
+code.gitea.io/gitea/modules/web
 	RouteMock
 	RouteMockReset
-forgejo.org/modules/zstd
+code.gitea.io/gitea/modules/web/middleware
 	DeleteLocaleCookie
 code.gitea.io/gitea/modules/zstd
 	NewWriter
 	Writer.Write
 	Writer.Close
-forgejo.org/routers/web/org
+code.gitea.io/gitea/routers/web
 	NotFound
 code.gitea.io/gitea/routers/web/org
 	MustEnableProjects
-forgejo.org/services/context
+code.gitea.io/gitea/services/context
 	GetPrivateContext
-forgejo.org/services/repository
+code.gitea.io/gitea/services/convert
 	ToSecret
 code.gitea.io/gitea/services/forms
 	DeadlineForm.Validate
 code.gitea.io/gitea/services/pull
 	IsCommitStatusContextSuccess
 code.gitea.io/gitea/services/repository
 	IsErrForkAlreadyExist
-forgejo.org/services/repository/files
+code.gitea.io/gitea/services/repository/files
 	ContentType.String
 	GetFileResponseFromCommit
 	TemporaryUploadRepository.GetLastCommit
 	TemporaryUploadRepository.GetLastCommitByRef
-forgejo.org/services/repository/gitgraph
+code.gitea.io/gitea/services/webhook
 	Parser.Reset
 forgejo.org/services/webhook
 	NewNotifier
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,12 +1,16 @@
 {
  "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.24-bullseye",
+  "image": "mcr.microsoft.com/devcontainers/go:1.23-bullseye",
  "features": {
    // installs nodejs into container
    "ghcr.io/devcontainers/features/node:1": {
-      "version": "22"
+      "version": "20"
    },
    "ghcr.io/devcontainers/features/git-lfs:1.2.3": {},
    "ghcr.io/devcontainers-contrib/features/poetry:2": {},
    "ghcr.io/devcontainers/features/python:1": {
      "version": "3.12"
    },
    "ghcr.io/warrenbuckley/codespace-features/sqlite:1": {}
  },
  "customizations": {
--- a/.dockerignore
+++ b/.dockerignore
@ -34,7 +34,6 @@ _testmain.go
 *coverage.out
 coverage.all
 coverage/
 cpu.out
 /modules/migration/bindata.go
--- a/.editorconfig
+++ b/.editorconfig
@ -12,9 +12,6 @@ insert_final_newline = true
 [{*.{go,tmpl,html},Makefile,go.mod}]
 indent_style = tab
 [go.*]
 indent_style = tab
 [templates/custom/*.tmpl]
 insert_final_newline = false
@ -29,8 +26,3 @@ insert_final_newline = false
 [options/locale/locale_*.ini]
 insert_final_newline = false
 # Weblate JSON output defaults to four spaces
 [options/locale_next/locale_*.json]
 indent_style = space
 indent_size = 4
--- a/.forgejo/testdata/build-release/Dockerfile
+++ b/.forgejo/testdata/build-release/Dockerfile
@ -1,4 +1,4 @@
-FROM data.forgejo.org/oci/alpine:3.21
+FROM data.forgejo.org/oci/alpine:3.20
 ARG RELEASE_VERSION=unkown
 LABEL maintainer="contact@forgejo.org" \
      org.opencontainers.image.version="${RELEASE_VERSION}"
--- a/.forgejo/testdata/build-release/go.mod
+++ b/.forgejo/testdata/build-release/go.mod
@ -1,3 +1,3 @@
-module forgejo.org
+module code.gitea.io/gitea
 go 1.23.3
--- a/.forgejo/workflows-composite/build-backend/action.yaml
+++ b/.forgejo/workflows-composite/build-backend/action.yaml
@ -3,7 +3,7 @@ runs:
  steps:
    - run: |
        su forgejo -c 'make deps-backend'
-    - uses: https://data.forgejo.org/actions/cache@v4
+    - uses: actions/cache@v4
      id: cache-backend
      with:
        path: ${{github.workspace}}/gitea
--- a/.forgejo/workflows-composite/setup-cache-go/action.yaml
+++ b/.forgejo/workflows-composite/setup-cache-go/action.yaml
@ -27,10 +27,8 @@ runs:
    - name: "Get go environment information"
      id: go-environment
      run: |
-        chmod 755 $HOME # ensure ${RUN_AS_USER} has permission when go is located in $HOME
+        echo "modcache=$(su ${RUN_AS_USER} -c '/opt/hostedtoolcache/go/${GO_VERSION}/x64/bin/go env GOMODCACHE')" >> "$GITHUB_OUTPUT"
-        export GOROOT="$(go env GOROOT)"
+        echo "cache=$(su ${RUN_AS_USER} -c '/opt/hostedtoolcache/go/${GO_VERSION}/x64/bin/go env GOCACHE')" >> "$GITHUB_OUTPUT"
        echo "modcache=$(su ${RUN_AS_USER} -c '${GOROOT}/bin/go env GOMODCACHE')" >> "$GITHUB_OUTPUT"
        echo "cache=$(su ${RUN_AS_USER} -c '${GOROOT}/bin/go env GOCACHE')" >> "$GITHUB_OUTPUT"
      env:
        RUN_AS_USER: ${{ inputs.username }}
        GO_VERSION: ${{ steps.go-version.outputs.go-version }}
@ -50,7 +48,7 @@ runs:
    - name: "Restore Go dependencies from cache or mark for later caching"
      id: cache-deps
-      uses: https://data.forgejo.org/actions/cache@v4
+      uses: actions/cache@v4
      with:
        key: setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}-${{ hashFiles('go.sum', 'go.mod') }}
        restore-keys: |
--- a/.forgejo/workflows-composite/setup-env/action.yaml
+++ b/.forgejo/workflows-composite/setup-env/action.yaml
@ -19,7 +19,7 @@ runs:
        set -ex
        toolchain=$(grep -oP '(?<=toolchain ).+' go.mod)
        version=$(go version | cut -d' ' -f3)
-        if dpkg --compare-versions ${version#go} lt ${toolchain#go}; then
+        if [ "$toolchain" != "$version" ]; then
-          echo "go version too low: $toolchain >= $version"
+          echo "go version mismatch: $toolchain <> $version"
          exit 1
        fi
--- a/.forgejo/workflows/backport.yml
+++ b/.forgejo/workflows/backport.yml
@ -40,14 +40,14 @@ jobs:
      )
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
    steps:
      - name: event info
        run: |
          cat <<'EOF'
          ${{ toJSON(github) }}
          EOF
-      - uses: https://data.forgejo.org/actions/git-backporting@v4.8.5
+      - uses: https://data.forgejo.org/actions/git-backporting@v4.8.4
        with:
          target-branch-pattern: "^backport/(?<target>(v.*))$"
          strategy: ort
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@ -25,7 +25,7 @@ jobs:
    if: vars.ROLE == 'forgejo-coding'
    runs-on: lxc-bookworm
    steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: actions/checkout@v4
      - id: forgejo
        uses: https://data.forgejo.org/actions/setup-forgejo@v2.0.4
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@ -33,7 +33,7 @@ jobs:
    # root is used for testing, allow it
    if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
    steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
@ -45,7 +45,7 @@ jobs:
      - uses: https://data.forgejo.org/actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 20
      - uses: https://data.forgejo.org/actions/setup-go@v5
        with:
@ -164,7 +164,7 @@ jobs:
      - name: build container & release
        if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.3.4
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.3.1
        with:
          forgejo: "${{ env.GITHUB_SERVER_URL }}"
          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
@ -183,7 +183,7 @@ jobs:
      - name: build rootless container
        if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.3.4
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.3.1
        with:
          forgejo: "${{ env.GITHUB_SERVER_URL }}"
          owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
--- a/.forgejo/workflows/cascade-setup-end-to-end.yml
+++ b/.forgejo/workflows/cascade-setup-end-to-end.yml
@ -35,13 +35,13 @@ jobs:
      )
    runs-on: docker
    container:
-      image: data.forgejo.org/oci/node:22-bookworm
+      image: data.forgejo.org/oci/node:20-bookworm
    steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: actions/checkout@v4
        with:
          fetch-depth: '0'
          show-progress: 'false'
-      - uses: https://data.forgejo.org/actions/cascading-pr@v2.2.0
+      - uses: https://code.forgejo.org/actions/cascading-pr@v2.2.0
        with:
          origin-url: ${{ env.GITHUB_SERVER_URL }}
          origin-repo: ${{ github.repository }}
--- a/.forgejo/workflows/forgejo-integration-cleanup.yml
+++ b/.forgejo/workflows/forgejo-integration-cleanup.yml
@ -9,7 +9,7 @@ jobs:
    if: vars.ROLE == 'forgejo-integration'
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
    steps:
      - name: apt install curl jq
--- a/.forgejo/workflows/merge-requirements.yml
+++ b/.forgejo/workflows/merge-requirements.yml
@ -16,7 +16,7 @@ jobs:
    if: vars.ROLE == 'forgejo-coding'
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
    steps:
      - name: Debug output
        run: |
@ -31,7 +31,7 @@ jobs:
            || contains(toJSON(github.event.pull_request.labels), 'test/manual')
          )
        run: |
-          echo "A team member must set the label to either 'present', 'not-needed' or 'manual'."
+          echo "Test label must be set to either 'present', 'not-needed' or 'manual'."
          exit 1
      - name: Missing manual test instructions
        if: >
--- a/.forgejo/workflows/mirror.yml
+++ b/.forgejo/workflows/mirror.yml
@ -11,7 +11,7 @@ jobs:
    if: ${{ secrets.MIRROR_TOKEN != '' }}
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
    steps:
      - name: git push {v*/,}forgejo
        run: |
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@ -2,8 +2,6 @@
 #
 # See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
 #
 # TOKEN_NEXT_DIGEST is a token with write repository access to https://invisible.forgejo.org/infrastructure/next-digest issued by https://invisible.forgejo.org/forgejo-next-digest
 #
 # https://codeberg.org/forgejo-experimental/forgejo
 #
 #  Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
@ -16,7 +14,7 @@
 #  vars.DOER: forgejo-experimental-ci
 #  secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
 #
-# http://invisible.forgejo.org/forgejo/forgejo
+# http://private.forgejo.org/forgejo/forgejo
 #
 #  Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
 #
@ -41,10 +39,10 @@ jobs:
    runs-on: lxc-bookworm
    if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
    steps:
-      - uses: https://data.forgejo.org/actions/checkout@v4
+      - uses: actions/checkout@v4
      - name: copy & sign
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.3.4
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.3.1
        with:
          from-forgejo: ${{ vars.FORGEJO }}
          to-forgejo: ${{ vars.FORGEJO }}
@ -63,14 +61,14 @@ jobs:
      - name: get trigger mirror issue
        id: mirror
-        uses: https://data.forgejo.org/infrastructure/issue-action/get@v1.3.0
+        uses: https://data.forgejo.org/infrastructure/issue-action/get@v1.1.0
        with:
          forgejo: https://code.forgejo.org
          repository: forgejo/forgejo
          labels: mirror-trigger
      - name: trigger the mirror
-        uses: https://data.forgejo.org/infrastructure/issue-action/set@v1.3.0
+        uses: https://data.forgejo.org/infrastructure/issue-action/set@v1.1.0
        with:
          forgejo: https://code.forgejo.org
          repository: forgejo/forgejo
@ -82,7 +80,7 @@ jobs:
      - name: upgrade v*.next.forgejo.org
        uses: https://data.forgejo.org/infrastructure/next-digest@v1.1.0
        with:
-          url: https://placeholder:${{ secrets.TOKEN_NEXT_DIGEST }}@invisible.forgejo.org/infrastructure/next-digest
+          url: https://placeholder:${{ secrets.TOKEN_NEXT_DIGEST }}@code.forgejo.org/infrastructure/next-digest
          ref_name: '${{ github.ref_name }}'
          image: 'codeberg.org/forgejo-experimental/forgejo'
          tag_suffix: '-rootless'
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@ -4,15 +4,12 @@ on:
  schedule:
    - cron: '@daily'
 env:
  RNA_VERSION: v1.2.5 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 jobs:
  release-notes:
    if: vars.ROLE == 'forgejo-coding'
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4
@ -32,5 +29,5 @@ jobs:
          set -x
          curl -sS $GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/milestones?state=open | jq -r '.[] | .title' | while read forgejo version ; do
            milestone="$forgejo $version"
-            go run code.forgejo.org/forgejo/release-notes-assistant@$RNA_VERSION --config .release-notes-assistant.yaml --storage milestone --storage-location "$milestone"  --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} release $version
+            go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage milestone --storage-location "$milestone"  --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} release $version
          done
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@ -7,15 +7,12 @@ on:
      - synchronize
      - labeled
 env:
  RNA_VERSION: v1.2.5 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 jobs:
  release-notes:
    if: ( vars.ROLE == 'forgejo-coding' ) && contains(github.event.pull_request.labels.*.name, 'worth a release-note')
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4
@ -41,4 +38,4 @@ jobs:
      - name: release-notes-assistant preview
        run: |
-          go run code.forgejo.org/forgejo/release-notes-assistant@$RNA_VERSION --config .release-notes-assistant.yaml --storage pr --storage-location ${{ github.event.pull_request.number }}  --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} preview ${{ github.event.pull_request.number }}
+          go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage pr --storage-location ${{ github.event.pull_request.number }}  --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} preview ${{ github.event.pull_request.number }}
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@ -18,9 +18,6 @@ on:
 env:
  RENOVATE_DRY_RUN: ${{ (github.event_name != 'schedule' && github.ref_name != github.event.repository.default_branch) && 'full' || '' }}
  RENOVATE_REPOSITORIES: ${{ github.repository }}
  # fix because 10.0.0-58-7e1df53+gitea-1.22.0 < 10.0.0 for semver
  # and codeberg api returns such versions from `git describe --tags`
  # RENOVATE_X_PLATFORM_VERSION: 10.0.0+gitea-1.22.0 currently not needed
 jobs:
  renovate:
@ -28,7 +25,7 @@ jobs:
    runs-on: docker
    container:
-      image: data.forgejo.org/renovate/renovate:40.31.0
+      image: data.forgejo.org/forgejo-contrib/renovate:39.69.2
    steps:
      - name: Load renovate repo cache
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@ -13,7 +13,7 @@ jobs:
    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
      options: --tmpfs /tmp:exec,noatime
    steps:
      - name: event info
@ -24,13 +24,13 @@ jobs:
      - uses: https://data.forgejo.org/actions/checkout@v4
      - uses: ./.forgejo/workflows-composite/setup-env
      - run: su forgejo -c 'make deps-backend deps-tools'
-      - run: su forgejo -c 'make --always-make -j$(nproc) lint-backend tidy-check swagger-check lint-swagger fmt-check swagger-validate' # ensure the "go-licenses" make target runs
+      - run: su forgejo -c 'make --always-make -j$(nproc) lint-backend tidy-check swagger-check fmt-check swagger-validate' # ensure the "go-licenses" make target runs
      - uses: ./.forgejo/workflows-composite/build-backend
  frontend-checks:
    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
    runs-on: docker
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
      options: --tmpfs /tmp:exec,noatime
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4
@ -46,7 +46,7 @@ jobs:
          apt-get update -qq
          apt-get -q install -qq -y zstd
      - name: "Cache frontend build for playwright testing"
-        uses: https://data.forgejo.org/actions/cache/save@v4
+        uses: actions/cache/save@v4
        with:
          path: ${{github.workspace}}/public/assets
          key: frontend-build-${{ github.sha }}
@ -55,7 +55,7 @@ jobs:
    runs-on: docker
    needs: [backend-checks, frontend-checks]
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
      options: --tmpfs /tmp:exec,noatime
    services:
      elasticsearch:
@ -104,7 +104,7 @@ jobs:
          fetch-depth: 20
      - uses: ./.forgejo/workflows-composite/setup-env
      - name: "Restore frontend build"
-        uses: https://data.forgejo.org/actions/cache/restore@v4
+        uses: actions/cache/restore@v4
        id: cache-frontend
        with:
          path: ${{github.workspace}}/public/assets
@ -116,7 +116,7 @@ jobs:
      - uses: ./.forgejo/workflows-composite/build-backend
      - name: Get changed files
        id: changed-files
-        uses: https://data.forgejo.org/tj-actions/changed-files@v46
+        uses: https://data.forgejo.org/tj-actions/changed-files@v45
        with:
          separator: '\n'
      - run: |
@ -138,7 +138,7 @@ jobs:
    runs-on: docker
    needs: [backend-checks, frontend-checks, test-unit]
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
      options: --tmpfs /tmp:exec,noatime
    name: ${{ format('test-remote-cacher ({0})', matrix.cacher.name) }}
    strategy:
@ -180,7 +180,7 @@ jobs:
    runs-on: docker
    needs: [backend-checks, frontend-checks]
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
      options: --tmpfs /tmp:exec,noatime
    services:
      mysql:
@ -211,7 +211,7 @@ jobs:
    runs-on: docker
    needs: [backend-checks, frontend-checks]
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
      options: --tmpfs /tmp:exec,noatime
    services:
      minio:
@ -223,7 +223,7 @@ jobs:
      ldap:
        image: data.forgejo.org/oci/test-openldap:latest
      pgsql:
-        image: data.forgejo.org/oci/bitnami/postgresql:16
+        image: data.forgejo.org/oci/bitnami/postgresql:15
        env:
          POSTGRESQL_DATABASE: test
          POSTGRESQL_PASSWORD: postgres
@ -250,7 +250,7 @@ jobs:
    runs-on: docker
    needs: [backend-checks, frontend-checks]
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
      options: --tmpfs /tmp:exec,noatime
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4
@ -278,7 +278,7 @@ jobs:
      - test-remote-cacher
      - test-unit
    container:
-      image: 'data.forgejo.org/oci/node:22-bookworm'
+      image: 'data.forgejo.org/oci/node:20-bookworm'
      options: --tmpfs /tmp:exec,noatime
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4
--- a/.gitignore
+++ b/.gitignore
@ -37,7 +37,6 @@ _testmain.go
 *coverage.out
 coverage.all
 coverage/
 cpu.out
 /modules/migration/bindata.go
@ -57,7 +56,6 @@ cpu.out
 /gitea-vet
 /debug
 /integrations.test
 /forgejo
 /bin
 /dist
@ -74,7 +72,6 @@ cpu.out
 /tests/e2e/reports
 /tests/e2e/test-artifacts
 /tests/e2e/test-snapshots
 /tests/e2e/.auth
 /tests/*.ini
 /tests/**/*.git/**/*.sample
 /node_modules
--- a/.golangci.yml
+++ b/.golangci.yml
@ -1,9 +1,7 @@
 version: "2"
 output:
  sort-order:
    - file
 linters:
-  default: none
+  enable-all: false
  disable-all: true
  fast: false
  enable:
    - bidichk
    - depguard
@ -11,37 +9,37 @@ linters:
    - errcheck
    - forbidigo
    - gocritic
    - gofmt
    - gofumpt
    - gosimple
    - govet
    - ineffassign
    - nakedret
    - nolintlint
    - revive
    - staticcheck
    - stylecheck
    - tenv
    - testifylint
    - typecheck
    - unconvert
    - unparam
    - unused
-    - usetesting
+    - unparam
    - wastedassign
-  settings:
+
-    depguard:
+run:
-      rules:
+  timeout: 10m
-        main:
+
-          deny:
+output:
-            - pkg: encoding/json
+  sort-results: true
-              desc: use gitea's modules/json instead of encoding/json
+  sort-order: [file]
-            - pkg: github.com/unknwon/com
+  show-stats: true
-              desc: use gitea's util and replacements
+
-            - pkg: io/ioutil
+linters-settings:
-              desc: use os or io instead
+  stylecheck:
-            - pkg: golang.org/x/exp
+    checks: ["all", "-ST1005", "-ST1003"]
-              desc: it's experimental and unreliable
+  nakedret:
-            - pkg: forgejo.org/modules/git/internal
+    max-func-lines: 0
              desc: do not use the internal package, use AddXxx function instead
            - pkg: gopkg.in/ini.v1
              desc: do not use the ini package, use gitea's config system instead
            - pkg: github.com/minio/sha256-simd
              desc: use crypto/sha256 instead, see https://codeberg.org/forgejo/forgejo/pulls/1528
  gocritic:
    disabled-checks:
      - ifElseChain
@ -81,85 +79,72 @@ linters:
      - name: var-naming
      - name: redefines-builtin-id
        disabled: true
-    staticcheck:
+  gofumpt:
-      checks:
+    extra-rules: true
-        - all
+  depguard:
    rules:
      main:
        deny:
          - pkg: encoding/json
            desc: use gitea's modules/json instead of encoding/json
          - pkg: github.com/unknwon/com
            desc: use gitea's util and replacements
          - pkg: io/ioutil
            desc: use os or io instead
          - pkg: golang.org/x/exp
            desc: it's experimental and unreliable
          - pkg: code.gitea.io/gitea/modules/git/internal
            desc: do not use the internal package, use AddXxx function instead
          - pkg: gopkg.in/ini.v1
            desc: do not use the ini package, use gitea's config system instead
          - pkg: github.com/minio/sha256-simd
            desc: use crypto/sha256 instead, see https://codeberg.org/forgejo/forgejo/pulls/1528
  testifylint:
    disable:
      - go-require
-  exclusions:
+
    generated: lax
    presets:
      - comments
      - common-false-positives
      - legacy
      - std-error-handling
    rules:
      - linters:
          - nolintlint
        path: models/db/sql_postgres_with_schema.go
      - linters:
          - dupl
          - errcheck
          - gocyclo
          - gosec
          - staticcheck
          - unparam
        path: _test\.go
      - linters:
          - dupl
          - errcheck
          - gocyclo
          - gosec
        path: models/migrations/v
      - linters:
          - forbidigo
        path: cmd
      - linters:
          - dupl
        text: (?i)webhook
      - linters:
          - gocritic
        text: (?i)`ID' should not be capitalized
      - linters:
          - deadcode
          - unused
        text: (?i)swagger
      - linters:
          - staticcheck
        text: (?i)argument x is overwritten before first use
      - linters:
          - gocritic
        text: '(?i)commentFormatting: put a space between `//` and comment text'
      - linters:
          - gocritic
        text: '(?i)exitAfterDefer:'
      - linters:
          - staticcheck
        text: "(ST1005|ST1003|QF1001):"
    paths:
      - node_modules
      - public
      - web_src
      - third_party$
      - builtin$
      - examples$
 issues:
  max-issues-per-linter: 0
  max-same-issues: 0
-formatters:
+  exclude-dirs: [node_modules, public, web_src]
-  enable:
+  exclude-case-sensitive: true
-    - gofmt
+  exclude-rules:
-    - gofumpt
+    - path: models/db/sql_postgres_with_schema.go
-  settings:
+      linters:
-    gofumpt:
+        - nolintlint
-      extra-rules: true
+    - path: _test\.go
-  exclusions:
+      linters:
-    generated: lax
+        - gocyclo
-    paths:
+        - errcheck
-      - node_modules
+        - dupl
-      - public
+        - gosec
-      - web_src
+        - unparam
-      - third_party$
+        - staticcheck
-      - builtin$
+    - path: models/migrations/v
-      - examples$
+      linters:
        - gocyclo
        - errcheck
        - dupl
        - gosec
    - path: cmd
      linters:
        - forbidigo
    - text: "webhook"
      linters:
        - dupl
    - text: "`ID' should not be capitalized"
      linters:
        - gocritic
    - text: "swagger"
      linters:
        - unused
        - deadcode
    - text: "argument x is overwritten before first use"
      linters:
        - staticcheck
    - text: "commentFormatting: put a space between `//` and comment text"
      linters:
        - gocritic
    - text: "exitAfterDefer:"
      linters:
        - gocritic
--- a/17
+++ b/17
@ -36,6 +36,10 @@ GARGS = "--no-print-directory"
    JARG = -j$(.MAKE.JOBS)
 .endif
 # bmake prefers out-of-source builds and tries to cd into ./obj (among others)
 # where possible. GNU Make doesn't, so override that value.
 .OBJDIR: ./
 # The GNU convention is to use the lowercased `prefix` variable/macro to
 # specify the installation directory. Humor them.
 GPREFIX =
@ -44,12 +48,11 @@ GPREFIX =
 .endif
 .BEGIN: .SILENT
-	which $(GMAKE) >/dev/null || (printf "Error: GNU Make is required!\n\n" 1>&2 && false)
+	which $(GMAKE) || (printf "Error: GNU Make is required!\n\n" 1>&2 && false)
-.PHONY: EMPTY
+.PHONY: FRC
-EMPTY: .SILENT
+$(.TARGETS): FRC
-	$(GMAKE) $(GPREFIX) $(GARGS) $(JARG)
+	$(GMAKE) $(GPREFIX) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
-.PHONY: $(.TARGETS)
+.DONE .DEFAULT: .SILENT
-$(.TARGETS): .SILENT
+	$(GMAKE) $(GPREFIX) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
 	$(GMAKE) $(GPREFIX) $(GARGS) $(JARG) $@
--- a/9
+++ b/9
@ -9,10 +9,10 @@
 # Files related to frontend development.
 # Javascript and CSS code.
-web_src/.* @beowulf @gusted
+web_src/.* @caesar @crystal @gusted
 # HTML templates used by the backend.
-templates/.* @beowulf @gusted
+templates/.* @caesar @crystal @gusted
 ## the issue sidebar was touched by fnetx
 templates/repo/issue/view_content/sidebar.* @fnetx
@ -33,9 +33,8 @@ models/.* @gusted
 # for code that lives in here.
 routers/.* @gusted
-# Let locale changes be checked by the translation team.
+# Let new strings be checked by the translation team.
-options/locale/.* @0ko
+options/locale/locale_en-US.ini @0ko
 options/locale_next/.* @0ko
 # Personal interest
 .*/webhook.* @oliverpool
--- a/26
+++ b/26
@ -1,9 +1,9 @@
-FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/xx AS xx
+FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/xx AS xx
-FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.24-alpine3.21 AS build-env
+FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 as build-env
 ARG GOPROXY
-ENV GOPROXY=${GOPROXY:-https://proxy.golang.org,direct}
+ENV GOPROXY=${GOPROXY:-direct}
 ARG RELEASE_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
@ -30,8 +30,8 @@ RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true
 RUN apk --no-cache add build-base git nodejs npm
-COPY . ${GOPATH}/src/forgejo.org
+COPY . ${GOPATH}/src/code.gitea.io/gitea
-WORKDIR ${GOPATH}/src/forgejo.org
+WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN make clean
 RUN make frontend
@ -47,11 +47,11 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
              /tmp/local/etc/s6/gitea/* \
              /tmp/local/etc/s6/openssh/* \
              /tmp/local/etc/s6/.s6-svscan/* \
-              /go/src/forgejo.org/gitea \
+              /go/src/code.gitea.io/gitea/gitea \
-              /go/src/forgejo.org/environment-to-ini
+              /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/forgejo.org/contrib/autocompletion/bash_autocomplete
+RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-FROM data.forgejo.org/oci/alpine:3.21
+FROM code.forgejo.org/oci/alpine:3.20
 ARG RELEASE_VERSION
 LABEL maintainer="contact@forgejo.org" \
      org.opencontainers.image.authors="Forgejo" \
@ -98,11 +98,11 @@ ENV GITEA_CUSTOM=/data/gitea
 VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
-CMD ["/usr/bin/s6-svscan", "/etc/s6"]
+CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY --from=build-env /tmp/local /
 RUN cd /usr/local/bin ; ln -s gitea forgejo
-COPY --from=build-env /go/src/forgejo.org/gitea /app/gitea/gitea
+COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 RUN ln -s /app/gitea/gitea /app/gitea/forgejo-cli
-COPY --from=build-env /go/src/forgejo.org/environment-to-ini /usr/local/bin/environment-to-ini
+COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/forgejo.org/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
+COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -1,9 +1,9 @@
-FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/xx AS xx
+FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/xx AS xx
-FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.24-alpine3.21 AS build-env
+FROM --platform=$BUILDPLATFORM code.forgejo.org/oci/golang:1.23-alpine3.20 as build-env
 ARG GOPROXY
-ENV GOPROXY=${GOPROXY:-https://proxy.golang.org,direct}
+ENV GOPROXY=${GOPROXY:-direct}
 ARG RELEASE_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
@ -30,8 +30,8 @@ RUN cp /*-alpine-linux-musl*/lib/ld-musl-*.so.1 /lib || true
 RUN apk --no-cache add build-base git nodejs npm
-COPY . ${GOPATH}/src/forgejo.org
+COPY . ${GOPATH}/src/code.gitea.io/gitea
-WORKDIR ${GOPATH}/src/forgejo.org
+WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN make clean
 RUN make frontend
@ -45,12 +45,11 @@ COPY docker/rootless /tmp/local
 RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
              /tmp/local/usr/local/bin/docker-setup.sh \
              /tmp/local/usr/local/bin/gitea \
-              /go/src/forgejo.org/gitea \
+              /go/src/code.gitea.io/gitea/gitea \
-              /go/src/forgejo.org/environment-to-ini
+              /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/forgejo.org/contrib/autocompletion/bash_autocomplete
+RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-FROM data.forgejo.org/oci/alpine:3.21
+FROM code.forgejo.org/oci/alpine:3.20
 ARG RELEASE_VERSION
 LABEL maintainer="contact@forgejo.org" \
      org.opencontainers.image.authors="Forgejo" \
      org.opencontainers.image.url="https://forgejo.org" \
@ -72,7 +71,6 @@ RUN apk --no-cache add \
    git \
    curl \
    gnupg \
    openssh-client \
    && rm -rf /var/cache/apk/*
 RUN addgroup \
@ -91,10 +89,10 @@ RUN chown git:git /var/lib/gitea /etc/gitea
 COPY --from=build-env /tmp/local /
 RUN cd /usr/local/bin ; ln -s gitea forgejo
-COPY --from=build-env --chown=root:root /go/src/forgejo.org/gitea /app/gitea/gitea
+COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 RUN ln -s /app/gitea/gitea /app/gitea/forgejo-cli
-COPY --from=build-env --chown=root:root /go/src/forgejo.org/environment-to-ini /usr/local/bin/environment-to-ini
+COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/forgejo.org/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
+COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 #git:git
 USER 1000:1000
--- a/216
+++ b/216
@ -16,7 +16,7 @@ else
 DIST := dist
 DIST_DIRS := $(DIST)/binaries $(DIST)/release
-IMPORT := forgejo.org
+IMPORT := code.gitea.io/gitea
 GO ?= $(shell go env GOROOT)/bin/go
 SHASUM ?= shasum -a 256
@ -37,19 +37,19 @@ endif
 XGO_VERSION := go-1.21.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.2.1 # renovate: datasource=go
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.0.3 # renovate: datasource=go
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.8.0 # renovate: datasource=go
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.7.0 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.6 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.2 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11 # renovate: datasource=go
 MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.6.0 # renovate: datasource=go
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.32.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.28.0 # renovate: datasource=go
-GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.5.1 # renovate: datasource=go
+GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.4.0 # renovate: datasource=go
-GOPLS_PACKAGE ?= golang.org/x/tools/gopls@v0.18.1 # renovate: datasource=go
+GOPLS_PACKAGE ?= golang.org/x/tools/gopls@v0.17.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@40.31.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@39.82.1 # renovate: datasource=docker packageName=code.forgejo.org/forgejo-contrib/renovate
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...
@ -59,8 +59,20 @@ ifeq ($(HAS_GO), yes)
 	CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS)
 endif
-GOFLAGS := -v
+ifeq ($(GOOS),windows)
-EXECUTABLE ?= gitea
+	IS_WINDOWS := yes
 else ifeq ($(patsubst Windows%,Windows,$(OS)),Windows)
 	ifeq ($(GOOS),)
 		IS_WINDOWS := yes
 	endif
 endif
 ifeq ($(IS_WINDOWS),yes)
 	GOFLAGS := -v -buildmode=exe
 	EXECUTABLE ?= gitea.exe
 else
 	GOFLAGS := -v
 	EXECUTABLE ?= gitea
 endif
 ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu)
 	SED_INPLACE := sed -i
@ -92,36 +104,38 @@ else
    FORGEJO_VERSION_API ?= $(GITEA_VERSION)+${GITEA_COMPATIBILITY}
  else
    # drop the "g" prefix prepended by git describe to the commit hash
-    FORGEJO_VERSION ?= $(shell git describe --exclude '*-test' --tags --always 2>/dev/null | sed 's/^v//' | sed 's/\-g/-/')
+    FORGEJO_VERSION ?= $(shell git describe --exclude '*-test' --tags --always | sed 's/^v//' | sed 's/\-g/-/')+${GITEA_COMPATIBILITY}
    ifneq ($(FORGEJO_VERSION),)
      ifeq ($(findstring $(GITEA_COMPATIBILITY),$(FORGEJO_VERSION)),)
        FORGEJO_VERSION := $(FORGEJO_VERSION)+$(GITEA_COMPATIBILITY)
      endif
    endif
  endif
 endif
 FORGEJO_VERSION_MAJOR=$(shell echo $(FORGEJO_VERSION) | sed -e 's/\..*//')
 FORGEJO_VERSION_MINOR=$(shell echo $(FORGEJO_VERSION) | sed -E -e 's/^([0-9]+\.[0-9]+).*/\1/')
 show-version-full:
 	@echo ${FORGEJO_VERSION}
 show-version-major:
 	@echo ${FORGEJO_VERSION_MAJOR}
 show-version-minor:
 	@echo ${FORGEJO_VERSION_MINOR}
 RELEASE_VERSION ?= ${FORGEJO_VERSION}
 VERSION ?= ${RELEASE_VERSION}
 FORGEJO_VERSION_API ?= ${FORGEJO_VERSION}
-# Strip binaries by default to reduce size, allow overriding for debugging
+show-version-api:
-STRIP ?= 1
+	@echo ${FORGEJO_VERSION_API}
-ifeq ($(STRIP),1)
+
 	LDFLAGS := $(LDFLAGS) -s -w
 endif
 LDFLAGS := $(LDFLAGS) -X "main.ReleaseVersion=$(RELEASE_VERSION)" -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(FORGEJO_VERSION)" -X "main.Tags=$(TAGS)" -X "main.ForgejoVersion=$(FORGEJO_VERSION_API)"
 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64
 ifeq ($(HAS_GO), yes)
-	GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list forgejo.org/models/migrations/...) $(shell $(GO) list forgejo.org/models/forgejo_migrations/...) forgejo.org/tests/integration/migration-test forgejo.org/tests forgejo.org/tests/integration forgejo.org/tests/e2e,$(shell $(GO) list ./...))
+	GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) $(shell $(GO) list code.gitea.io/gitea/models/forgejo_migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./...))
 endif
 REMOTE_CACHER_MODULES ?= cache nosql session queue
-GO_TEST_REMOTE_CACHER_PACKAGES ?= $(addprefix forgejo.org/modules/,$(REMOTE_CACHER_MODULES))
+GO_TEST_REMOTE_CACHER_PACKAGES ?= $(addprefix code.gitea.io/gitea/modules/,$(REMOTE_CACHER_MODULES))
 FOMANTIC_WORK_DIR := web_src/fomantic
@ -154,7 +168,7 @@ GO_DIRS := build cmd models modules routers services tests
 WEB_DIRS := web_src/js web_src/css
 STYLELINT_FILES := web_src/css web_src/js/components/*.vue
-SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github $(wildcard *.go *.js *.ts *.vue *.md *.yml *.yaml)
+SPELLCHECK_FILES := $(GO_DIRS) $(WEB_DIRS) docs/content templates options/locale/locale_en-US.ini .github $(wildcard *.go *.js *.ts *.vue *.md *.yml *.yaml *.toml)
 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go)
@ -162,7 +176,7 @@ GO_SOURCES += $(GENERATED_GO_DEST)
 GO_SOURCES_NO_BINDATA := $(GO_SOURCES)
 ifeq ($(HAS_GO), yes)
-	MIGRATION_PACKAGES := $(shell $(GO) list forgejo.org/models/migrations/... forgejo.org/models/forgejo_migrations/...)
+	MIGRATION_PACKAGES := $(shell $(GO) list code.gitea.io/gitea/models/migrations/... code.gitea.io/gitea/models/forgejo_migrations/...)
 endif
 ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
@ -214,12 +228,16 @@ help:
 	@echo " - deps-frontend                    install frontend dependencies"
 	@echo " - deps-backend                     install backend dependencies"
 	@echo " - deps-tools                       install tool dependencies"
 	@echo " - deps-py                          install python dependencies"
 	@echo " - lint                             lint everything"
 	@echo " - lint-fix                         lint everything and fix issues"
 	@echo " - lint-frontend                    lint frontend files"
 	@echo " - lint-frontend-fix                lint frontend files and fix issues"
 	@echo " - lint-backend                     lint backend files"
 	@echo " - lint-backend-fix                 lint backend files and fix issues"
 	@echo " - lint-codespell                   lint typos"
 	@echo " - lint-codespell-fix               lint typos and fix them automatically"
 	@echo " - lint-codespell-fix-i             lint typos and fix them interactively"
 	@echo " - lint-go                          lint go files"
 	@echo " - lint-go-fix                      lint go files and fix issues"
 	@echo " - lint-go-vet                      lint go files with vet"
@ -230,7 +248,11 @@ help:
 	@echo " - lint-css-fix                     lint css files and fix issues"
 	@echo " - lint-md                          lint markdown files"
 	@echo " - lint-swagger                     lint swagger files"
 	@echo " - lint-templates                   lint template files"
 	@echo " - lint-renovate                    lint renovate files"
 	@echo " - lint-yaml                        lint yaml files"
 	@echo " - lint-spell                       lint spelling"
 	@echo " - lint-spell-fix                   lint spelling and fix issues"
 	@echo " - checks                           run various consistency checks"
 	@echo " - checks-frontend                  check frontend files"
 	@echo " - checks-backend                   check backend files"
@ -261,30 +283,6 @@ help:
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
 	@echo " - reproduce-build\#version         build a reproducible binary for the specified release version"
 .PHONY: verify-version
 verify-version:
 ifeq ($(FORGEJO_VERSION),)
 	@echo "Error: Could not determine FORGEJO_VERSION; version file $(STORED_VERSION_FILE) not present and no suitable git tag found"
 	@echo 'In most cases this likely means you forgot to fetch git tags, you can fix this by executing `git fetch --tags`. If this is not possible and this is part of a custom build process, then you can set a specific version by writing it to $(STORED_VERSION_FILE) (This must be a semver compatible version).'
 	@false
 endif
 .PHONY: show-version-full
 show-version-full: verify-version
 	@echo ${FORGEJO_VERSION}
 .PHONY: show-version-major
 show-version-major: verify-version
 	@echo ${FORGEJO_VERSION_MAJOR}
 .PHONY: show-version-minor
 show-version-minor: verify-version
 	@echo ${FORGEJO_VERSION_MINOR}
 .PHONY: show-version-api
 show-version-api: verify-version
 	@echo ${FORGEJO_VERSION_API}
 ###
 # Check system and environment requirements
 ###
@ -410,10 +408,10 @@ checks-frontend: lockfile-check svg-check
 checks-backend: tidy-check swagger-check fmt-check swagger-validate security-check
 .PHONY: lint
-lint: lint-frontend lint-backend
+lint: lint-frontend lint-backend lint-spell
 .PHONY: lint-fix
-lint-fix: lint-frontend-fix lint-backend-fix
+lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix
 .PHONY: lint-frontend
 lint-frontend: lint-js lint-css
@ -422,11 +420,23 @@ lint-frontend: lint-js lint-css
 lint-frontend-fix: lint-js-fix lint-css-fix
 .PHONY: lint-backend
-lint-backend: lint-go lint-go-vet lint-editorconfig lint-renovate lint-locale lint-locale-usage lint-disposable-emails
+lint-backend: lint-go lint-go-vet lint-editorconfig lint-renovate lint-locale lint-disposable-emails
 .PHONY: lint-backend-fix
 lint-backend-fix: lint-go-fix lint-go-vet lint-editorconfig lint-disposable-emails-fix
 .PHONY: lint-codespell
 lint-codespell:
 	codespell
 .PHONY: lint-codespell-fix
 lint-codespell-fix:
 	codespell -w
 .PHONY: lint-codespell-fix-i
 lint-codespell-fix-i:
 	codespell -w -i 3 -C 2
 .PHONY: lint-js
 lint-js: node_modules
 	npx eslint --color --max-warnings=0
@ -449,23 +459,27 @@ lint-swagger: node_modules
 .PHONY: lint-renovate
 lint-renovate: node_modules
-	npx --yes --package $(RENOVATE_NPM_PACKAGE) -- renovate-config-validator > .lint-renovate 2>&1 || true
+	npx --yes --package $(RENOVATE_NPM_PACKAGE) -- renovate-config-validator --strict > .lint-renovate 2>&1 || true
-	@if grep --quiet --extended-regexp -e '^( ERROR:)' .lint-renovate ; then cat .lint-renovate ; rm .lint-renovate ; exit 1 ; fi
+	@if grep --quiet --extended-regexp -e '^( WARN:|ERROR:)' .lint-renovate ; then cat .lint-renovate ; rm .lint-renovate ; exit 1 ; fi
 	@rm .lint-renovate
 .PHONY: lint-locale
 lint-locale:
-	$(GO) run build/lint-locale/lint-locale.go
+	$(GO) run build/lint-locale.go
 .PHONY: lint-locale-usage
 lint-locale-usage:
 	$(GO) run build/lint-locale-usage/lint-locale-usage.go
 .PHONY: lint-md
 lint-md: node_modules
 	npx markdownlint docs *.md
-RUN_DEADCODE = $(GO) run $(DEADCODE_PACKAGE) -generated=false -f='{{println .Path}}{{range .Funcs}}{{printf "\t%s\n" .Name}}{{end}}{{println}}' -test forgejo.org
+.PHONY: lint-spell
 lint-spell: lint-codespell
 	@go run $(MISSPELL_PACKAGE) -error $(SPELLCHECK_FILES)
 .PHONY: lint-spell-fix
 lint-spell-fix: lint-codespell-fix
 	@go run $(MISSPELL_PACKAGE) -w $(SPELLCHECK_FILES)
 RUN_DEADCODE = $(GO) run $(DEADCODE_PACKAGE) -generated=false -f='{{println .Path}}{{range .Funcs}}{{printf "\t%s\n" .Name}}{{end}}{{println}}' -test code.gitea.io/gitea
 .PHONY: lint-go
 lint-go:
@ -479,6 +493,13 @@ lint-go-fix:
 	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS) --fix
 	$(RUN_DEADCODE) > .deadcode-out
 # workaround step for the lint-go-windows CI task because 'go run' can not
 # have distinct GOOS/GOARCH for its build and run steps
 .PHONY: lint-go-windows
 lint-go-windows:
 	@GOOS= GOARCH= $(GO) install $(GOLANGCI_LINT_PACKAGE)
 	golangci-lint run
 .PHONY: lint-go-vet
 lint-go-vet:
 	@echo "Running go vet..."
@ -501,9 +522,18 @@ lint-disposable-emails:
 lint-disposable-emails-fix:
 	$(GO) run build/generate-disposable-email.go -r $(DISPOSABLE_EMAILS_SHA)
 .PHONY: lint-templates
 lint-templates: .venv node_modules
 	@node tools/lint-templates-svg.js
 	@poetry run djlint $(shell find templates -type f -iname '*.tmpl')
 .PHONY: lint-yaml
 lint-yaml: .venv
 	@poetry run yamllint .
 .PHONY: security-check
 security-check:
-	go run $(GOVULNCHECK_PACKAGE) -show color ./...
+	go run $(GOVULNCHECK_PACKAGE) ./...
 ###
 # Development and testing targets
@ -557,7 +587,7 @@ test-check:
 .PHONY: test\#%
 test\#%:
-	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
+	@echo "Running go test with -tags '$(TEST_TAGS)'..."
 	@$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
 .PHONY: coverage
@ -590,7 +620,7 @@ tidy-check: tidy
 go-licenses: $(GO_LICENSE_FILE)
 $(GO_LICENSE_FILE): go.mod go.sum
-	-$(GO) run $(GO_LICENSES_PACKAGE) save . --force --ignore forgejo.org --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null
+	-$(GO) run $(GO_LICENSES_PACKAGE) save . --force --ignore code.gitea.io/gitea --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null
 	$(GO) run build/generate-go-licenses.go $(GO_LICENSE_TMP_DIR) $(GO_LICENSE_FILE)
 	@rm -rf $(GO_LICENSE_TMP_DIR)
@ -720,33 +750,33 @@ integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sq
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
 integrations.mysql.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -o integrations.mysql.test
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test
 integrations.pgsql.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -o integrations.pgsql.test
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test
 integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'
 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
 integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
 .PHONY: migrations.mysql.test
 migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration/migration-test -o migrations.mysql.test
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.mysql.test $(GOTESTCOMPILEDRUNSUFFIX)
 .PHONY: migrations.pgsql.test
 migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration/migration-test -o migrations.pgsql.test
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.pgsql.test $(GOTESTCOMPILEDRUNSUFFIX)
 .PHONY: migrations.sqlite.test
 migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTESTCOMPILEDRUNPREFIX) ./migrations.sqlite.test $(GOTESTCOMPILEDRUNSUFFIX)
 .PHONY: migrations.individual.mysql.test
@ -757,7 +787,7 @@ migrations.individual.mysql.test: $(GO_SOURCES)
 .PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 .PHONY: migrations.individual.pgsql.test
 migrations.individual.pgsql.test: $(GO_SOURCES)
@ -767,7 +797,7 @@ migrations.individual.pgsql.test: $(GO_SOURCES)
 .PHONY: migrations.individual.pgsql.test\#%
 migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 .PHONY: migrations.individual.sqlite.test
 migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
@ -777,16 +807,16 @@ migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
 .PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' forgejo.org/models/migrations/$*
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GOTEST) $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 e2e.mysql.test: $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/e2e -o e2e.mysql.test
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
 e2e.pgsql.test: $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/e2e -o e2e.pgsql.test
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test
 e2e.sqlite.test: $(GO_SOURCES)
-	$(GOTEST) $(GOTESTFLAGS) -c forgejo.org/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'
+	$(GOTEST) $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'
 .PHONY: check
 check: test
@ -796,8 +826,8 @@ check: test
 ###
 .PHONY: install $(TAGS_PREREQ)
-install: $(wildcard *.go) | verify-version
+install: $(wildcard *.go)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) install -v -tags '$(TAGS)' -ldflags '$(LDFLAGS)'
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) install -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)'
 .PHONY: build
 build: frontend backend
@ -824,14 +854,14 @@ generate-go: $(TAGS_PREREQ)
 merge-locales:
 	@echo "NOT NEEDED: THIS IS A NOOP AS OF Forgejo 7.0 BUT KEPT FOR BACKWARD COMPATIBILITY"
-$(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ) | verify-version
+$(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '$(LDFLAGS)' -o $@
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
 forgejo: $(EXECUTABLE)
 	ln -f $(EXECUTABLE) forgejo
-static-executable: $(GO_SOURCES) $(TAGS_PREREQ) | verify-version
+static-executable: $(GO_SOURCES) $(TAGS_PREREQ)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -o $(EXECUTABLE)
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags 'netgo osusergo $(TAGS)' -ldflags '-s -w -linkmode external -extldflags "-static" $(LDFLAGS)' -o $(EXECUTABLE)
 .PHONY: release
 release: frontend generate release-linux release-copy release-compress vendor release-sources release-check
@ -842,19 +872,23 @@ sources-tarbal: frontend generate vendor release-sources release-check
 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)
 .PHONY: release-windows
 release-windows: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 .PHONY: release-linux
-release-linux: | $(DIST_DIRS) verify-version
+release-linux: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out forgejo-$(VERSION) .
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-darwin
-release-darwin: | $(DIST_DIRS) verify-version
+release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
 .PHONY: release-freebsd
-release-freebsd: | $(DIST_DIRS) verify-version
+release-freebsd: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
 .PHONY: release-copy
@ -908,7 +942,10 @@ reproduce-build\#%:
 ###
 .PHONY: deps
-deps: deps-frontend deps-backend deps-tools
+deps: deps-frontend deps-backend deps-tools deps-py
 .PHONY: deps-py
 deps-py: .venv
 .PHONY: deps-frontend
 deps-frontend: node_modules
@ -990,11 +1027,12 @@ generate-gitignore:
 .PHONY: generate-gomock
 generate-gomock:
-	$(GO) run $(GOMOCK_PACKAGE) -package mock -destination ./modules/queue/mock/redisuniversalclient.go forgejo.org/modules/nosql RedisClient
+	$(GO) run $(GOMOCK_PACKAGE) -package mock -destination ./modules/queue/mock/redisuniversalclient.go code.gitea.io/gitea/modules/nosql RedisClient
 .PHONY: generate-images
 generate-images: | node_modules
-	node tools/generate-images.js
+	npm install --no-save fabric@6 imagemin-zopfli@7
 	node tools/generate-images.js $(TAGS)
 .PHONY: generate-manpage
 generate-manpage:
--- a/README.md
+++ b/README.md
@ -15,6 +15,11 @@ Our promise: **Independent Free/Libre Software forever!**
 ## What does Forgejo offer?
 <!-- If you want to know what Forgejo is like,
 you can check out public instances,
 e.g. [Codeberg.org](https://codeberg.org).
 -->
 If you like any of the following, Forgejo is literally meant for you:
 - Lightweight: Forgejo can easily be hosted on nearly **every machine**.
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@ -1590,7 +1590,7 @@ this situation, [follow the instructions in the companion blog post](https://for
  The most prominent ones are described here, others can be found in the list of commits included in the release as described above.
-  * [Fix links to pull request reviews sent via mail](https://codeberg.org/forgejo/forgejo/commit/88e179d5ef8ee41f71d068195685ff098b38ca31). The pull request link was correct but it did not go the review and stayed at the beginning of the page
+  * [Fix links to pull request reviews sent via mail](https://codeberg.org/forgejo/forgejo/commit/88e179d5ef8ee41f71d068195685ff098b38ca31). The pull request link was correct but it did not go the the review and stayed at the beginning of the page
  * [Recognize OGG as an audio format](https://codeberg.org/forgejo/forgejo/commit/622ec5c79f299c32ac2667a1aa7b4bf5d7c2d6cf)
  * [Consistently show the last time a cron job was run in the admin panel](https://codeberg.org/forgejo/forgejo/commit/5f769ef20)
  * [Fix NuGet registry v2 & v3 API search endpoints](https://codeberg.org/forgejo/forgejo/commit/471138829b0c24fe8c621dbb866ae8bb45ebc674)
@ -1609,7 +1609,7 @@ this situation, [follow the instructions in the companion blog post](https://for
  * [Fix pull request check list when there are more than 30](https://codeberg.org/forgejo/forgejo/commit/e226b9646)
  * [Fix attachment clipboard copy on insecure origin](https://codeberg.org/forgejo/forgejo/commit/12ac84c26)
  * [Fix the profile README rendering](https://codeberg.org/forgejo/forgejo/commit/84c3b60a4) that [was inconsistent with other markdown files renderings](https://codeberg.org/forgejo/forgejo/issues/833)
-  * [Fix API leaking the user email when the caller is not authenticated](https://codeberg.org/forgejo/forgejo/commit/d89003cc1)
+  * [Fix API leaking the user email when the caller is not authentified](https://codeberg.org/forgejo/forgejo/commit/d89003cc1)
 ## 1.20.2-0
@ -1667,7 +1667,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/fo
  The semantic version was updated to `5.0.0+0-gitea-1.20.1` because it contains breaking changes.
 - **Breaking:**
  - [Scoped access tokens](https://codeberg.org/forgejo/forgejo/commit/18de83b2a3fc120922096b7348d6375094ae1532) or (Personal Access Tokens), were refactored and although existing tokens are still valid, they may have a different scope than before. To ensure that no tokens have a larger scope than expected they must be removed and recreated.
-  - If your `app.ini` has one of the following `[indexer].ISSUE_INDEXER_QUEUE_TYPE`, `[indexer].ISSUE_INDEXER_QUEUE_BATCH_NUMBER`, `[indexer].`, `[indexer].ISSUE_INDEXER_QUEUE_DIR`, `[indexer].ISSUE_INDEXER_QUEUE_CONN_STR`, `[indexer].UPDATE_BUFFER_LEN`, `[mailer].SEND_BUFFER_LEN`, `[repository].PULL_REQUEST_QUEUE_LENGTH` or `[repository].MIRROR_QUEUE_LENGTH`, Forgejo will abort immediately. Unless you know exactly what you're doing, you must comment them out so the default values are used.
+  - If your `app.ini` has one of the the following `[indexer].ISSUE_INDEXER_QUEUE_TYPE`, `[indexer].ISSUE_INDEXER_QUEUE_BATCH_NUMBER`, `[indexer].`, `[indexer].ISSUE_INDEXER_QUEUE_DIR`, `[indexer].ISSUE_INDEXER_QUEUE_CONN_STR`, `[indexer].UPDATE_BUFFER_LEN`, `[mailer].SEND_BUFFER_LEN`, `[repository].PULL_REQUEST_QUEUE_LENGTH` or `[repository].MIRROR_QUEUE_LENGTH`, Forgejo will abort immediately. Unless you know exactly what you're doing, you must comment them out so the default values are used.
  - The `-p` option of `environment-to-ini` is [no longer supported](https://codeberg.org/forgejo/forgejo/commit/fa0b5b14c2faa6a5f76bb2e7bc9241a5e4354189)
  - The ".png" suffix for [user and organizations is now reserved](https://codeberg.org/forgejo/forgejo/commit/2b91841cd3e1213ff3e4ed4209d6a4be89c2fa79)
  - The section `[git.reflog]` is [now obsolete and its keys have been moved](https://codeberg.org/forgejo/forgejo/commit/2f149c5c9db97f20fbbc65e32d1f3133048b11a2) to the following replacements:
@ -1761,7 +1761,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/fo
  - [The repository migration can be canceled](https://codeberg.org/forgejo/forgejo/commit/f6e029e6c7849d4361abf7f1d749b5d528364ac4)
  - [Add button on the diff header to copy the file name](https://codeberg.org/forgejo/forgejo/commit/c5ede35124c8d5280219c24049bb0ad7da9f02ed)
  - [Add --quiet option to the dump CLI](https://codeberg.org/forgejo/forgejo/commit/cb1536471bcef4d78a3fe5cbd738b9f60fabbcc2)
-  - [Support searching for an issue with its number in the list of issues](https://codeberg.org/forgejo/forgejo/commit/1144b1d129de530b2c07dfdfaf55de383cd82212)
+  - [Support searching for an issue with its number in the the list of issues](https://codeberg.org/forgejo/forgejo/commit/1144b1d129de530b2c07dfdfaf55de383cd82212)
  - [Improve the list of notifications](https://codeberg.org/forgejo/forgejo/commit/f7ede92f82f7f3ec7bb31a1249f9524e5b728f34)
  - [When editing a file in the web UI, allow for a preview whenever possible](https://codeberg.org/forgejo/forgejo/commit/ac64c8297444ade63a2a364c4afb7e6c1de5a75f)
  - [Make release download URLs human readable](https://codeberg.org/forgejo/forgejo/commit/42919ccb7cd32ab67d0878baf2bac6cd007899a8)
@ -1798,7 +1798,7 @@ $ git -C forgejo log --oneline --no-merges origin/v1.19/forgejo..origin/v1.20/fo
  - [Add API for gitignore templates](https://codeberg.org/forgejo/forgejo/commit/36a5d4c2f3b5670e5e921034cd5d25817534a6d4)
  - [Add API to upuload a file to an empty repository](https://codeberg.org/forgejo/forgejo/commit/cf465b472166ccf6d3e001e3043e4bf43e16e6b3)
  - [Allow for --not when listing the commits of a repo](https://codeberg.org/forgejo/forgejo/commit/f766b002938b5c81e343c81fda3c0669fa09809f)
-  - [Add `files` and `verification` parameters to improve performances when listing the commits of a repo](https://codeberg.org/forgejo/forgejo/commit/1dd83dbb917d55bd253001646d6743f247a4d98b)
+  - [Add `files` and `verification` parameters to improve performances when listing the commits of a a repo](https://codeberg.org/forgejo/forgejo/commit/1dd83dbb917d55bd253001646d6743f247a4d98b)
  - [Allow for listing a single commit in a repository](https://codeberg.org/forgejo/forgejo/commit/5930ab5fdf7a970fcca3cd50b44cf1cacb615a54)
  - [Create a branch directly from commit on the create branch API](https://codeberg.org/forgejo/forgejo/commit/cd9a13ebb47d32f46b38439a524e3b2e0c619490)
  - [Add API for Label templates](https://codeberg.org/forgejo/forgejo/commit/25dc1556cd70b567a4920beb002a0addfbfd6ef2)
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build/backport-locales.go
+++ b/build/backport-locales.go
@ -12,8 +12,8 @@ import (
 	"path/filepath"
 	"strings"
-	"forgejo.org/modules/container"
+	"code.gitea.io/gitea/modules/container"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
 )
 func main() {
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@ -15,7 +15,7 @@ import (
 	"strconv"
 	"strings"
-	"forgejo.org/build/codeformat"
+	"code.gitea.io/gitea/build/codeformat"
 )
 // Windows has a limitation for command line arguments, the size can not exceed 32KB.
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@ -14,7 +14,7 @@ import (
 var importPackageGroupOrders = map[string]int{
 	"":                     1, // internal
-	"forgejo.org/": 2,
+	"code.gitea.io/gitea/": 2,
 }
 var errInvalidCommentBetweenImports = errors.New("comments between imported packages are invalid, please move comments to the end of the package line")
--- a/build/codeformat/formatimports_test.go
+++ b/build/codeformat/formatimports_test.go
@ -58,8 +58,8 @@ import (
 	"code.gitea.io/other/package"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
  "xorm.io/the/package"
@ -82,8 +82,8 @@ import (
 	_ "image/jpeg" // for processing jpeg images
 	_ "image/png"  // for processing png images
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/other/package"
 	"github.com/issue9/identicon"
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@ -20,7 +20,7 @@ import (
 	"strings"
 	"unicode/utf8"
-	"forgejo.org/modules/json"
+	"code.gitea.io/gitea/modules/json"
 )
 const (
--- a/build/generate-gitignores.go
+++ b/build/generate-gitignores.go
@ -15,7 +15,7 @@ import (
 	"path/filepath"
 	"strings"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
 )
 func main() {
--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@ -16,7 +16,7 @@ import (
 	"sort"
 	"strings"
-	"forgejo.org/modules/container"
+	"code.gitea.io/gitea/modules/container"
 )
 // regexp is based on go-license, excluding README and NOTICE
@ -102,9 +102,9 @@ func main() {
 		pkgName := path.Dir(pkgPath)
 		// There might be a bug somewhere in go-licenses that sometimes interprets the
-		// root package as "." and sometimes as "forgejo.org". Workaround by
+		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by
 		// removing both of them for the sake of stable output.
-		if pkgName == "." || pkgName == "forgejo.org" {
+		if pkgName == "." || pkgName == "code.gitea.io/gitea" {
 			continue
 		}
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@ -15,7 +15,7 @@ import (
 	"path/filepath"
 	"strings"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
 )
 func main() {
--- a/build/lint-locale-usage/lint-locale-usage.go
+++ b/build/lint-locale-usage/lint-locale-usage.go
@ -1,383 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package main
 import (
 	"fmt"
 	"go/ast"
 	goParser "go/parser"
 	"go/token"
 	"io/fs"
 	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"text/template"
 	tmplParser "text/template/parse"
 	"forgejo.org/modules/container"
 	fjTemplates "forgejo.org/modules/templates"
 	"forgejo.org/modules/translation/localeiter"
 	"forgejo.org/modules/util"
 )
 // this works by first gathering all valid source string IDs from `en-US` reference files
 // and then checking if all used source strings are actually defined
 type LocatedError struct {
 	Location string
 	Kind     string
 	Err      error
 }
 func (e LocatedError) Error() string {
 	var sb strings.Builder
 	sb.WriteString(e.Location)
 	sb.WriteString(":\t")
 	if e.Kind != "" {
 		sb.WriteString(e.Kind)
 		sb.WriteString(": ")
 	}
 	sb.WriteString("ERROR: ")
 	sb.WriteString(e.Err.Error())
 	return sb.String()
 }
 func InitLocaleTrFunctions() map[string][]uint {
 	ret := make(map[string][]uint)
 	f0 := []uint{0}
 	ret["Tr"] = f0
 	ret["TrString"] = f0
 	ret["TrHTML"] = f0
 	ret["TrPluralString"] = []uint{1}
 	ret["TrN"] = []uint{1, 2}
 	return ret
 }
 type Handler struct {
 	OnMsgid            func(fset *token.FileSet, pos token.Pos, msgid string)
 	OnUnexpectedInvoke func(fset *token.FileSet, pos token.Pos, funcname string, argc int)
 	LocaleTrFunctions  map[string][]uint
 }
 // the `Handle*File` functions follow the following calling convention:
 // * `fname` is the name of the input file
 // * `src` is either `nil` (then the function invokes `ReadFile` to read the file)
 //   or the contents of the file as {`[]byte`, or a `string`}
 func (handler Handler) HandleGoFile(fname string, src any) error {
 	fset := token.NewFileSet()
 	node, err := goParser.ParseFile(fset, fname, src, goParser.SkipObjectResolution)
 	if err != nil {
 		return LocatedError{
 			Location: fname,
 			Kind:     "Go parser",
 			Err:      err,
 		}
 	}
 	ast.Inspect(node, func(n ast.Node) bool {
 		// search for function calls of the form `anything.Tr(any-string-lit, ...)`
 		call, ok := n.(*ast.CallExpr)
 		if !ok || len(call.Args) < 1 {
 			return true
 		}
 		funSel, ok := call.Fun.(*ast.SelectorExpr)
 		if !ok {
 			return true
 		}
 		ltf, ok := handler.LocaleTrFunctions[funSel.Sel.Name]
 		if !ok {
 			return true
 		}
 		var gotUnexpectedInvoke *int
 		for _, argNum := range ltf {
 			if len(call.Args) >= int(argNum+1) {
 				argLit, ok := call.Args[int(argNum)].(*ast.BasicLit)
 				if !ok || argLit.Kind != token.STRING {
 					continue
 				}
 				// extract string content
 				arg, err := strconv.Unquote(argLit.Value)
 				if err == nil {
 					// found interesting strings
 					handler.OnMsgid(fset, argLit.ValuePos, arg)
 				}
 			} else {
 				argc := len(call.Args)
 				gotUnexpectedInvoke = &argc
 			}
 		}
 		if gotUnexpectedInvoke != nil {
 			handler.OnUnexpectedInvoke(fset, funSel.Sel.NamePos, funSel.Sel.Name, *gotUnexpectedInvoke)
 		}
 		return true
 	})
 	return nil
 }
 // derived from source: modules/templates/scopedtmpl/scopedtmpl.go, L169-L213
 func (handler Handler) handleTemplateNode(fset *token.FileSet, node tmplParser.Node) {
 	switch node.Type() {
 	case tmplParser.NodeAction:
 		handler.handleTemplatePipeNode(fset, node.(*tmplParser.ActionNode).Pipe)
 	case tmplParser.NodeList:
 		nodeList := node.(*tmplParser.ListNode)
 		handler.handleTemplateFileNodes(fset, nodeList.Nodes)
 	case tmplParser.NodePipe:
 		handler.handleTemplatePipeNode(fset, node.(*tmplParser.PipeNode))
 	case tmplParser.NodeTemplate:
 		handler.handleTemplatePipeNode(fset, node.(*tmplParser.TemplateNode).Pipe)
 	case tmplParser.NodeIf:
 		nodeIf := node.(*tmplParser.IfNode)
 		handler.handleTemplateBranchNode(fset, nodeIf.BranchNode)
 	case tmplParser.NodeRange:
 		nodeRange := node.(*tmplParser.RangeNode)
 		handler.handleTemplateBranchNode(fset, nodeRange.BranchNode)
 	case tmplParser.NodeWith:
 		nodeWith := node.(*tmplParser.WithNode)
 		handler.handleTemplateBranchNode(fset, nodeWith.BranchNode)
 	case tmplParser.NodeCommand:
 		nodeCommand := node.(*tmplParser.CommandNode)
 		handler.handleTemplateFileNodes(fset, nodeCommand.Args)
 		if len(nodeCommand.Args) < 2 {
 			return
 		}
 		nodeChain, ok := nodeCommand.Args[0].(*tmplParser.ChainNode)
 		if !ok {
 			return
 		}
 		nodeIdent, ok := nodeChain.Node.(*tmplParser.IdentifierNode)
 		if !ok || nodeIdent.Ident != "ctx" || len(nodeChain.Field) != 2 || nodeChain.Field[0] != "Locale" {
 			return
 		}
 		ltf, ok := handler.LocaleTrFunctions[nodeChain.Field[1]]
 		if !ok {
 			return
 		}
 		var gotUnexpectedInvoke *int
 		for _, argNum := range ltf {
 			if len(nodeCommand.Args) >= int(argNum+2) {
 				nodeString, ok := nodeCommand.Args[int(argNum+1)].(*tmplParser.StringNode)
 				if ok {
 					// found interesting strings
 					// the column numbers are a bit "off", but much better than nothing
 					handler.OnMsgid(fset, token.Pos(nodeString.Pos), nodeString.Text)
 				}
 			} else {
 				argc := len(nodeCommand.Args) - 1
 				gotUnexpectedInvoke = &argc
 			}
 		}
 		if gotUnexpectedInvoke != nil {
 			handler.OnUnexpectedInvoke(fset, token.Pos(nodeChain.Pos), nodeChain.Field[1], *gotUnexpectedInvoke)
 		}
 	default:
 	}
 }
 func (handler Handler) handleTemplatePipeNode(fset *token.FileSet, pipeNode *tmplParser.PipeNode) {
 	if pipeNode == nil {
 		return
 	}
 	// NOTE: we can't pass `pipeNode.Cmds` to handleTemplateFileNodes due to incompatible argument types
 	for _, node := range pipeNode.Cmds {
 		handler.handleTemplateNode(fset, node)
 	}
 }
 func (handler Handler) handleTemplateBranchNode(fset *token.FileSet, branchNode tmplParser.BranchNode) {
 	handler.handleTemplatePipeNode(fset, branchNode.Pipe)
 	handler.handleTemplateFileNodes(fset, branchNode.List.Nodes)
 	if branchNode.ElseList != nil {
 		handler.handleTemplateFileNodes(fset, branchNode.ElseList.Nodes)
 	}
 }
 func (handler Handler) handleTemplateFileNodes(fset *token.FileSet, nodes []tmplParser.Node) {
 	for _, node := range nodes {
 		handler.handleTemplateNode(fset, node)
 	}
 }
 func (handler Handler) HandleTemplateFile(fname string, src any) error {
 	var tmplContent []byte
 	switch src2 := src.(type) {
 	case nil:
 		var err error
 		tmplContent, err = os.ReadFile(fname)
 		if err != nil {
 			return LocatedError{
 				Location: fname,
 				Kind:     "ReadFile",
 				Err:      err,
 			}
 		}
 	case []byte:
 		tmplContent = src2
 	case string:
 		// SAFETY: we do not modify tmplContent below
 		tmplContent = util.UnsafeStringToBytes(src2)
 	default:
 		panic("invalid type for 'src'")
 	}
 	fset := token.NewFileSet()
 	fset.AddFile(fname, 1, len(tmplContent)).SetLinesForContent(tmplContent)
 	// SAFETY: we do not modify tmplContent2 below
 	tmplContent2 := util.UnsafeBytesToString(tmplContent)
 	tmpl := template.New(fname)
 	tmpl.Funcs(fjTemplates.NewFuncMap())
 	tmplParsed, err := tmpl.Parse(tmplContent2)
 	if err != nil {
 		return LocatedError{
 			Location: fname,
 			Kind:     "Template parser",
 			Err:      err,
 		}
 	}
 	handler.handleTemplateFileNodes(fset, tmplParsed.Root.Nodes)
 	return nil
 }
 // This command assumes that we get started from the project root directory
 //
 // Possible command line flags:
 //
 //	--allow-missing-msgids        don't return an error code if missing message IDs are found
 //
 // EXIT CODES:
 //
 //	0  success, no issues found
 //	1  unable to walk directory tree
 //	2  unable to parse locale ini/json files
 //	3  unable to parse go or text/template files
 //	4  found missing message IDs
 //
 //nolint:forbidigo
 func main() {
 	allowMissingMsgids := false
 	for _, arg := range os.Args[1:] {
 		if arg == "--allow-missing-msgids" {
 			allowMissingMsgids = true
 		}
 	}
 	onError := func(err error) {
 		if err == nil {
 			return
 		}
 		fmt.Println(err.Error())
 		os.Exit(3)
 	}
 	msgids := make(container.Set[string])
 	localeFile := filepath.Join(filepath.Join("options", "locale"), "locale_en-US.ini")
 	localeContent, err := os.ReadFile(localeFile)
 	if err != nil {
 		fmt.Printf("%s:\tERROR: %s\n", localeFile, err.Error())
 		os.Exit(2)
 	}
 	if err = localeiter.IterateMessagesContent(localeContent, func(trKey, trValue string) error {
 		msgids[trKey] = struct{}{}
 		return nil
 	}); err != nil {
 		fmt.Printf("%s:\tERROR: %s\n", localeFile, err.Error())
 		os.Exit(2)
 	}
 	localeFile = filepath.Join(filepath.Join("options", "locale_next"), "locale_en-US.json")
 	localeContent, err = os.ReadFile(localeFile)
 	if err != nil {
 		fmt.Printf("%s:\tERROR: %s\n", localeFile, err.Error())
 		os.Exit(2)
 	}
 	if err := localeiter.IterateMessagesNextContent(localeContent, func(trKey, pluralForm, trValue string) error {
 		// ignore plural form
 		msgids[trKey] = struct{}{}
 		return nil
 	}); err != nil {
 		fmt.Printf("%s:\tERROR: %s\n", localeFile, err.Error())
 		os.Exit(2)
 	}
 	gotAnyMsgidError := false
 	handler := Handler{
 		OnMsgid: func(fset *token.FileSet, pos token.Pos, msgid string) {
 			if !msgids.Contains(msgid) {
 				gotAnyMsgidError = true
 				fmt.Printf("%s:\tmissing msgid: %s\n", fset.Position(pos).String(), msgid)
 			}
 		},
 		OnUnexpectedInvoke: func(fset *token.FileSet, pos token.Pos, funcname string, argc int) {
 			gotAnyMsgidError = true
 			fmt.Printf("%s:\tunexpected invocation of %s with %d arguments\n", fset.Position(pos).String(), funcname, argc)
 		},
 		LocaleTrFunctions: InitLocaleTrFunctions(),
 	}
 	if err := filepath.WalkDir(".", func(fpath string, d fs.DirEntry, err error) error {
 		if err != nil {
 			if os.IsNotExist(err) {
 				return nil
 			}
 			return err
 		}
 		name := d.Name()
 		if d.IsDir() {
 			if name == "docker" || name == ".git" || name == "node_modules" {
 				return fs.SkipDir
 			}
 		} else if name == "bindata.go" || fpath == "modules/translation/i18n/i18n_test.go" {
 			// skip false positives
 		} else if strings.HasSuffix(name, ".go") {
 			onError(handler.HandleGoFile(fpath, nil))
 		} else if strings.HasSuffix(name, ".tmpl") {
 			if strings.HasPrefix(fpath, "tests") && strings.HasSuffix(name, ".ini.tmpl") {
 				// skip false positives
 			} else {
 				onError(handler.HandleTemplateFile(fpath, nil))
 			}
 		}
 		return nil
 	}); err != nil {
 		fmt.Printf("walkdir ERROR: %s\n", err.Error())
 		os.Exit(1)
 	}
 	if !allowMissingMsgids && gotAnyMsgidError {
 		os.Exit(4)
 	}
 }
--- a/build/lint-locale-usage/lint-locale-usage_test.go
+++ b/build/lint-locale-usage/lint-locale-usage_test.go
@ -1,50 +0,0 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package main
 import (
 	"go/token"
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 func buildHandler(ret *[]string) Handler {
 	return Handler{
 		OnMsgid: func(fset *token.FileSet, pos token.Pos, msgid string) {
 			*ret = append(*ret, msgid)
 		},
 		OnUnexpectedInvoke: func(fset *token.FileSet, pos token.Pos, funcname string, argc int) {},
 		LocaleTrFunctions:  InitLocaleTrFunctions(),
 	}
 }
 func HandleGoFileWrapped(t *testing.T, fname, src string) []string {
 	var ret []string
 	handler := buildHandler(&ret)
 	require.NoError(t, handler.HandleGoFile(fname, src))
 	return ret
 }
 func HandleTemplateFileWrapped(t *testing.T, fname, src string) []string {
 	var ret []string
 	handler := buildHandler(&ret)
 	require.NoError(t, handler.HandleTemplateFile(fname, src))
 	return ret
 }
 func TestUsagesParser(t *testing.T) {
 	t.Run("go, simple", func(t *testing.T) {
 		assert.Equal(t,
 			[]string{"what.an.example"},
 			HandleGoFileWrapped(t, "<g1>", "package main\nfunc Render(ctx *context.Context) string { return ctx.Tr(\"what.an.example\"); }\n"))
 	})
 	t.Run("template, simple", func(t *testing.T) {
 		assert.Equal(t,
 			[]string{"what.an.example"},
 			HandleTemplateFileWrapped(t, "<t1>", "{{ ctx.Locale.Tr \"what.an.example\" }}\n"))
 	})
 }
--- a/build/lint-locale/lint-locale.go
+++ b/build/lint-locale/lint-locale.go
@ -14,10 +14,9 @@ import (
 	"slices"
 	"strings"
 	"forgejo.org/modules/translation/localeiter"
 	"github.com/microcosm-cc/bluemonday"
 	"github.com/sergi/go-diff/diffmatchpatch"
 	"gopkg.in/ini.v1" //nolint:depguard
 )
 var (
@ -27,8 +26,6 @@ var (
 	// Matches href="", href="#", href="%s", href="#%s", href="%[1]s" and href="#%[1]s".
 	placeHolderRegex = regexp.MustCompile(`href="#?(%s|%\[\d\]s)?"`)
 	dmp = diffmatchpatch.New()
 )
 func initBlueMondayPolicy() {
@ -52,7 +49,7 @@ func initBlueMondayPolicy() {
 	policy.AllowAttrs("id").Matching(positionalPlaceholderRe).OnElements("code")
 	// Allowed elements with no attributes. Must be a recognized tagname.
-	policy.AllowElements("strong", "br", "b", "strike", "code", "i", "kbd")
+	policy.AllowElements("strong", "br", "b", "strike", "code", "i")
 	// TODO: Remove <c> in `actions.workflow.dispatch.trigger_found`.
 	policy.AllowNoAttrs().OnElements("c")
@ -62,9 +59,9 @@ func initRemoveTags() {
 	oldnew := []string{}
 	for _, el := range []string{
 		"email@example.com", "correu@example.com", "epasts@domens.lv", "email@exemplo.com", "eposta@ornek.com", "email@példa.hu", "email@esempio.it",
-		"user", "utente", "lietotājs", "gebruiker", "usuário", "Benutzer", "Bruker", "bruger", "użytkownik",
+		"user", "utente", "lietotājs", "gebruiker", "usuário", "Benutzer", "Bruker", "bruger",
 		"server", "servidor", "kiszolgáló", "serveris",
-		"label", "etichetta", "etiķete", "rótulo", "Label", "utilizador", "etiket", "iezīme", "etykieta",
+		"label", "etichetta", "etiķete", "rótulo", "Label", "utilizador", "etiket", "iezīme",
 	} {
 		oldnew = append(oldnew, "<"+el+">", "REPLACED-TAG")
 	}
@ -82,48 +79,41 @@ func preprocessTranslationValue(value string) string {
 	return value
 }
-func checkValue(trKey, value string) []string {
+func checkLocaleContent(localeContent []byte) []string {
-	keyValue := preprocessTranslationValue(value)
+	// Same configuration as Forgejo uses.
 	cfg := ini.Empty(ini.LoadOptions{
 		IgnoreContinuation: true,
 	})
 	cfg.NameMapper = ini.SnackCase
-	if html.UnescapeString(policy.Sanitize(keyValue)) == keyValue {
+	if err := cfg.Append(localeContent); err != nil {
-		return nil
+		panic(err)
 	}
 	dmp := diffmatchpatch.New()
 	errors := []string{}
 	for _, section := range cfg.Sections() {
 		for _, key := range section.Keys() {
 			var trKey string
 			if section.Name() == "" || section.Name() == "DEFAULT" || section.Name() == "common" {
 				trKey = key.Name()
 			} else {
 				trKey = section.Name() + "." + key.Name()
 			}
 			keyValue := preprocessTranslationValue(key.Value())
 			if html.UnescapeString(policy.Sanitize(keyValue)) != keyValue {
 				// Create a nice diff of the difference.
 				diffs := dmp.DiffMain(keyValue, html.UnescapeString(policy.Sanitize(keyValue)), false)
 				diffs = dmp.DiffCleanupSemantic(diffs)
 				diffs = dmp.DiffCleanupEfficiency(diffs)
-	return []string{trKey + ": " + dmp.DiffPrettyText(diffs)}
+				errors = append(errors, trKey+": "+dmp.DiffPrettyText(diffs))
 }
 func checkLocaleContent(localeContent []byte) []string {
 	errors := []string{}
 	if err := localeiter.IterateMessagesContent(localeContent, func(trKey, trValue string) error {
 		errors = append(errors, checkValue(trKey, trValue)...)
 		return nil
 	}); err != nil {
 		panic(err)
 			}
 	return errors
 }
 func checkLocaleNextContent(localeContent []byte) []string {
 	errors := []string{}
 	if err := localeiter.IterateMessagesNextContent(localeContent, func(trKey, pluralForm, trValue string) error {
 		fullKey := trKey
 		if pluralForm != "" {
 			fullKey = trKey + "." + pluralForm
 		}
 		errors = append(errors, checkValue(fullKey, trValue)...)
 		return nil
 	}); err != nil {
 		panic(err)
 	}
 	return errors
 }
@ -137,7 +127,6 @@ func main() {
 		panic(err)
 	}
 	// Safety check that we are not reading the wrong directory.
 	if !slices.ContainsFunc(localeFiles, func(e fs.DirEntry) bool { return strings.HasSuffix(e.Name(), ".ini") }) {
 		fmt.Println("No locale files found")
 		os.Exit(1)
@ -151,7 +140,6 @@ func main() {
 		localeContent, err := os.ReadFile(filepath.Join(localeDir, localeFile.Name()))
 		if err != nil {
 			fmt.Println(localeFile.Name())
 			panic(err)
 		}
@ -163,33 +151,5 @@ func main() {
 		}
 	}
 	// Check the locale next.
 	localeDir = filepath.Join("options", "locale_next")
 	localeFiles, err = os.ReadDir(localeDir)
 	if err != nil {
 		panic(err)
 	}
 	// Safety check that we are not reading the wrong directory.
 	if !slices.ContainsFunc(localeFiles, func(e fs.DirEntry) bool { return strings.HasSuffix(e.Name(), ".json") }) {
 		fmt.Println("No locale_next files found")
 		os.Exit(1)
 	}
 	for _, localeFile := range localeFiles {
 		localeContent, err := os.ReadFile(filepath.Join(localeDir, localeFile.Name()))
 		if err != nil {
 			fmt.Println(localeFile.Name())
 			panic(err)
 		}
 		if err := checkLocaleNextContent(localeContent); len(err) > 0 {
 			fmt.Println(localeFile.Name())
 			fmt.Println(strings.Join(err, "\n"))
 			fmt.Println()
 			exitCode = 1
 		}
 	}
 	os.Exit(exitCode)
 }
--- a/build/lint-locale/lint-locale_test.go
+++ b/build/lint-locale/lint-locale_test.go
@ -1,106 +0,0 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package main
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestLocalizationPolicy(t *testing.T) {
 	initBlueMondayPolicy()
 	initRemoveTags()
 	t.Run("Remove tags", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte(`hidden_comment_types_description = Comment types checked here will not be shown inside issue pages. Checking "Label" for example removes all "<user> added/removed <label>" comments.`)))
 		assert.Equal(t, []string{"key: \x1b[31m<not-an-allowed-key>\x1b[0m REPLACED-TAG"}, checkLocaleContent([]byte(`key = "<not-an-allowed-key> <label>"`)))
 		assert.Equal(t, []string{"key: \x1b[31m<user@example.com>\x1b[0m REPLACED-TAG"}, checkLocaleContent([]byte(`key = "<user@example.com> <email@example.com>"`)))
 		assert.Equal(t, []string{"key: \x1b[31m<tag>\x1b[0m REPLACED-TAG \x1b[31m</tag>\x1b[0m"}, checkLocaleContent([]byte(`key = "<tag> <email@example.com> </tag>"`)))
 	})
 	t.Run("Specific exception", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte(`workflow.dispatch.trigger_found = This workflow has a <c>workflow_dispatch</c> event trigger.`)))
 		assert.Empty(t, checkLocaleContent([]byte(`pulls.title_desc_one = wants to merge %[1]d commit from <code>%[2]s</code> into <code id="%[4]s">%[3]s</code>`)))
 		assert.Empty(t, checkLocaleContent([]byte(`editor.commit_directly_to_this_branch = Commit directly to the <strong class="%[2]s">%[1]s</strong> branch.`)))
 		assert.Equal(t, []string{"workflow.dispatch.trigger_found: This workflow has a \x1b[31m<d>\x1b[0mworkflow_dispatch\x1b[31m</d>\x1b[0m event trigger."}, checkLocaleContent([]byte(`workflow.dispatch.trigger_found = This workflow has a <d>workflow_dispatch</d> event trigger.`)))
 		assert.Equal(t, []string{"key: <code\x1b[31m id=\"branch_targe\"\x1b[0m>%[3]s</code>"}, checkLocaleContent([]byte(`key = <code id="branch_targe">%[3]s</code>`)))
 		assert.Equal(t, []string{"key: <a\x1b[31m class=\"ui sh\"\x1b[0m href=\"https://TO-BE-REPLACED.COM\">"}, checkLocaleContent([]byte(`key = <a class="ui sh" href="%[3]s">`)))
 		assert.Equal(t, []string{"key: <a\x1b[31m class=\"js-click-me\"\x1b[0m href=\"https://TO-BE-REPLACED.COM\">"}, checkLocaleContent([]byte(`key = <a class="js-click-me" href="%[3]s">`)))
 		assert.Equal(t, []string{"key: <strong\x1b[31m class=\"branch-target\"\x1b[0m>%[1]s</strong>"}, checkLocaleContent([]byte(`key = <strong class="branch-target">%[1]s</strong>`)))
 	})
 	t.Run("General safe tags", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte("error404 = The page you are trying to reach either <strong>does not exist</strong> or <strong>you are not authorized</strong> to view it.")))
 		assert.Empty(t, checkLocaleContent([]byte("teams.specific_repositories_helper = Members will only have access to repositories explicitly added to the team. Selecting this <strong>will not</strong> automatically remove repositories already added with <i>All repositories</i>.")))
 		assert.Empty(t, checkLocaleContent([]byte("sqlite_helper = File path for the SQLite3 database.<br>Enter an absolute path if you run Forgejo as a service.")))
 		assert.Empty(t, checkLocaleContent([]byte("hi_user_x = Hi <b>%s</b>,")))
 		assert.Equal(t, []string{"error404: The page you are trying to reach either <strong\x1b[31m title='aaa'\x1b[0m>does not exist</strong> or <strong>you are not authorized</strong> to view it."}, checkLocaleContent([]byte("error404 = The page you are trying to reach either <strong title='aaa'>does not exist</strong> or <strong>you are not authorized</strong> to view it.")))
 	})
 	t.Run("<a>", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte(`admin.new_user.text = Please <a href="%s">click here</a> to manage this user from the admin panel.`)))
 		assert.Empty(t, checkLocaleContent([]byte(`access_token_desc = Selected token permissions limit authorization only to the corresponding <a href="%[1]s" target="_blank">API</a> routes. Read the <a href="%[2]s" target="_blank">documentation</a> for more information.`)))
 		assert.Empty(t, checkLocaleContent([]byte(`webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a> standard.`)))
 		assert.Empty(t, checkLocaleContent([]byte("issues.closed_at = `closed this issue <a id=\"%[1]s\" href=\"#%[1]s\">%[2]s</a>`")))
 		assert.Equal(t, []string{"key: \x1b[31m<a href=\"https://example.com\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com">`)))
 		assert.Equal(t, []string{"key: \x1b[31m<a href=\"javascript:alert('1')\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="javascript:alert('1')">`)))
 		assert.Equal(t, []string{"key: <a href=\"https://TO-BE-REPLACED.COM\"\x1b[31m download\x1b[0m>"}, checkLocaleContent([]byte(`key = <a href="%s" download>`)))
 		assert.Equal(t, []string{"key: <a href=\"https://TO-BE-REPLACED.COM\"\x1b[31m target=\"_self\"\x1b[0m>"}, checkLocaleContent([]byte(`key = <a href="%s" target="_self">`)))
 		assert.Equal(t, []string{"key: \x1b[31m<a href=\"https://example.com/%s\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com/%s">`)))
 		assert.Equal(t, []string{"key: \x1b[31m<a href=\"https://example.com/?q=%s\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com/?q=%s">`)))
 		assert.Equal(t, []string{"key: \x1b[31m<a href=\"%s/open-redirect\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="%s/open-redirect">`)))
 		assert.Equal(t, []string{"key: \x1b[31m<a href=\"%s?q=open-redirect\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="%s?q=open-redirect">`)))
 	})
 	t.Run("Escaped HTML characters", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte("activity.git_stats_push_to_branch = `إلى %s و\"`")))
 		assert.Equal(t, []string{"key: و\x1b[31m&nbsp;\x1b[0m\x1b[32m\u00a0\x1b[0m"}, checkLocaleContent([]byte(`key = و&nbsp;`)))
 	})
 }
 func TestNextLocalizationPolicy(t *testing.T) {
 	initBlueMondayPolicy()
 	initRemoveTags()
 	t.Run("Nested locales", func(t *testing.T) {
 		assert.Empty(t, checkLocaleNextContent([]byte(`{
 			"settings": {
 				"hidden_comment_types_description": "Comment types checked here will not be shown inside issue pages. Checking \"Label\" for example removes all \"<user> added/removed <label>\" comments."
 			}
 		}`)))
 		assert.Equal(t, []string{"settings.hidden_comment_types_description: \"\x1b[31m<not-an-allowed-key>\x1b[0m REPLACED-TAG\""}, checkLocaleNextContent([]byte(`{
 			"settings": {
 				"hidden_comment_types_description": "\"<not-an-allowed-key> <label>\""
 			}
 		}`)))
 	})
 	t.Run("Flat locales", func(t *testing.T) {
 		assert.Empty(t, checkLocaleNextContent([]byte(`{
 			"settings.hidden_comment_types_description": "Comment types checked here will not be shown inside issue pages. Checking \"Label\" for example removes all \"<user> added/removed <label>\" comments."
 		}`)))
 		assert.Equal(t, []string{"settings.hidden_comment_types_description: \"\x1b[31m<not-an-allowed-key>\x1b[0m REPLACED-TAG\""}, checkLocaleNextContent([]byte(`{
 			"settings.hidden_comment_types_description": "\"<not-an-allowed-key> <label>\""
 		}`)))
 	})
 	t.Run("Plural form", func(t *testing.T) {
 		assert.Equal(t, []string{"repo.pulls.title_desc: key = \x1b[31m<a href=\"https://example.com\">\x1b[0m"}, checkLocaleNextContent([]byte(`{"repo.pulls.title_desc": {
                       "few": "key = <a href=\"%s\">",
                       "other": "key = <a href=\"https://example.com\">"
    }}`)))
 		assert.Equal(t, []string{"repo.pulls.title_desc.few: key = \x1b[31m<a href=\"https://example.com\">\x1b[0m"}, checkLocaleNextContent([]byte(`{"repo.pulls.title_desc": {
                       "few": "key = <a href=\"https://example.com\">",
                       "other": "key = <a href=\"%s\">"
    }}`)))
 	})
 }
--- a/build/lint-locale_test.go
+++ b/build/lint-locale_test.go
@ -0,0 +1,65 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package main
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestLocalizationPolicy(t *testing.T) {
 	initBlueMondayPolicy()
 	initRemoveTags()
 	t.Run("Remove tags", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte(`hidden_comment_types_description = Comment types checked here will not be shown inside issue pages. Checking "Label" for example removes all "<user> added/removed <label>" comments.`)))
 		assert.EqualValues(t, []string{"key: \x1b[31m<not-an-allowed-key>\x1b[0m REPLACED-TAG"}, checkLocaleContent([]byte(`key = "<not-an-allowed-key> <label>"`)))
 		assert.EqualValues(t, []string{"key: \x1b[31m<user@example.com>\x1b[0m REPLACED-TAG"}, checkLocaleContent([]byte(`key = "<user@example.com> <email@example.com>"`)))
 		assert.EqualValues(t, []string{"key: \x1b[31m<tag>\x1b[0m REPLACED-TAG \x1b[31m</tag>\x1b[0m"}, checkLocaleContent([]byte(`key = "<tag> <email@example.com> </tag>"`)))
 	})
 	t.Run("Specific exception", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte(`workflow.dispatch.trigger_found = This workflow has a <c>workflow_dispatch</c> event trigger.`)))
 		assert.Empty(t, checkLocaleContent([]byte(`pulls.title_desc_one = wants to merge %[1]d commit from <code>%[2]s</code> into <code id="%[4]s">%[3]s</code>`)))
 		assert.Empty(t, checkLocaleContent([]byte(`editor.commit_directly_to_this_branch = Commit directly to the <strong class="%[2]s">%[1]s</strong> branch.`)))
 		assert.EqualValues(t, []string{"workflow.dispatch.trigger_found: This workflow has a \x1b[31m<d>\x1b[0mworkflow_dispatch\x1b[31m</d>\x1b[0m event trigger."}, checkLocaleContent([]byte(`workflow.dispatch.trigger_found = This workflow has a <d>workflow_dispatch</d> event trigger.`)))
 		assert.EqualValues(t, []string{"key: <code\x1b[31m id=\"branch_targe\"\x1b[0m>%[3]s</code>"}, checkLocaleContent([]byte(`key = <code id="branch_targe">%[3]s</code>`)))
 		assert.EqualValues(t, []string{"key: <a\x1b[31m class=\"ui sh\"\x1b[0m href=\"https://TO-BE-REPLACED.COM\">"}, checkLocaleContent([]byte(`key = <a class="ui sh" href="%[3]s">`)))
 		assert.EqualValues(t, []string{"key: <a\x1b[31m class=\"js-click-me\"\x1b[0m href=\"https://TO-BE-REPLACED.COM\">"}, checkLocaleContent([]byte(`key = <a class="js-click-me" href="%[3]s">`)))
 		assert.EqualValues(t, []string{"key: <strong\x1b[31m class=\"branch-target\"\x1b[0m>%[1]s</strong>"}, checkLocaleContent([]byte(`key = <strong class="branch-target">%[1]s</strong>`)))
 	})
 	t.Run("General safe tags", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte("error404 = The page you are trying to reach either <strong>does not exist</strong> or <strong>you are not authorized</strong> to view it.")))
 		assert.Empty(t, checkLocaleContent([]byte("teams.specific_repositories_helper = Members will only have access to repositories explicitly added to the team. Selecting this <strong>will not</strong> automatically remove repositories already added with <i>All repositories</i>.")))
 		assert.Empty(t, checkLocaleContent([]byte("sqlite_helper = File path for the SQLite3 database.<br>Enter an absolute path if you run Forgejo as a service.")))
 		assert.Empty(t, checkLocaleContent([]byte("hi_user_x = Hi <b>%s</b>,")))
 		assert.EqualValues(t, []string{"error404: The page you are trying to reach either <strong\x1b[31m title='aaa'\x1b[0m>does not exist</strong> or <strong>you are not authorized</strong> to view it."}, checkLocaleContent([]byte("error404 = The page you are trying to reach either <strong title='aaa'>does not exist</strong> or <strong>you are not authorized</strong> to view it.")))
 	})
 	t.Run("<a>", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte(`admin.new_user.text = Please <a href="%s">click here</a> to manage this user from the admin panel.`)))
 		assert.Empty(t, checkLocaleContent([]byte(`access_token_desc = Selected token permissions limit authorization only to the corresponding <a href="%[1]s" target="_blank">API</a> routes. Read the <a href="%[2]s" target="_blank">documentation</a> for more information.`)))
 		assert.Empty(t, checkLocaleContent([]byte(`webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a> standard.`)))
 		assert.Empty(t, checkLocaleContent([]byte("issues.closed_at = `closed this issue <a id=\"%[1]s\" href=\"#%[1]s\">%[2]s</a>`")))
 		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"https://example.com\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com">`)))
 		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"javascript:alert('1')\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="javascript:alert('1')">`)))
 		assert.EqualValues(t, []string{"key: <a href=\"https://TO-BE-REPLACED.COM\"\x1b[31m download\x1b[0m>"}, checkLocaleContent([]byte(`key = <a href="%s" download>`)))
 		assert.EqualValues(t, []string{"key: <a href=\"https://TO-BE-REPLACED.COM\"\x1b[31m target=\"_self\"\x1b[0m>"}, checkLocaleContent([]byte(`key = <a href="%s" target="_self">`)))
 		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"https://example.com/%s\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com/%s">`)))
 		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"https://example.com/?q=%s\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="https://example.com/?q=%s">`)))
 		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"%s/open-redirect\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="%s/open-redirect">`)))
 		assert.EqualValues(t, []string{"key: \x1b[31m<a href=\"%s?q=open-redirect\">\x1b[0m"}, checkLocaleContent([]byte(`key = <a href="%s?q=open-redirect">`)))
 	})
 	t.Run("Escaped HTML characters", func(t *testing.T) {
 		assert.Empty(t, checkLocaleContent([]byte("activity.git_stats_push_to_branch = `إلى %s و\"`")))
 		assert.EqualValues(t, []string{"key: و\x1b[31m&nbsp\x1b[0m\x1b[32m\u00a0\x1b[0m"}, checkLocaleContent([]byte(`key = و&nbsp;`)))
 	})
 }
--- a/build/update-locales.sh
+++ b/build/update-locales.sh
@ -0,0 +1,52 @@
 #!/bin/sh
 # this script runs in alpine image which only has `sh` shell
 set +e
 if sed --version 2>/dev/null | grep -q GNU; then
  SED_INPLACE="sed -i"
 else
  SED_INPLACE="sed -i ''"
 fi
 set -e
 if [ ! -f ./options/locale/locale_en-US.ini ]; then
  echo "please run this script in the root directory of the project"
  exit 1
 fi
 mv ./options/locale/locale_en-US.ini ./options/
 # the "ini" library for locale has many quirks, its behavior is different from Crowdin.
 # see i18n_test.go for more details
 # this script helps to unquote the Crowdin outputs for the quirky ini library
 # * find all `key="...\"..."` lines
 # * remove the leading quote
 # * remove the trailing quote
 # * unescape the quotes
 # * eg: key="...\"..." => key=..."...
 $SED_INPLACE -r -e '/^[-.A-Za-z0-9_]+[ ]*=[ ]*".*"$/ {
 	s/^([-.A-Za-z0-9_]+)[ ]*=[ ]*"/\1=/
 	s/"$//
 	s/\\"/"/g
 	}' ./options/locale/*.ini
 # * if the escaped line is incomplete like `key="...` or `key=..."`, quote it with backticks
 # * eg: key="... => key=`"...`
 # * eg: key=..." => key=`..."`
 $SED_INPLACE -r -e 's/^([-.A-Za-z0-9_]+)[ ]*=[ ]*(".*[^"])$/\1=`\2`/' ./options/locale/*.ini
 $SED_INPLACE -r -e 's/^([-.A-Za-z0-9_]+)[ ]*=[ ]*([^"].*")$/\1=`\2`/' ./options/locale/*.ini
 # Remove translation under 25% of en_us
 baselines=$(wc -l "./options/locale_en-US.ini" | cut -d" " -f1)
 baselines=$((baselines / 4))
 for filename in ./options/locale/*.ini; do
  lines=$(wc -l "$filename" | cut -d" " -f1)
  if [ $lines -lt $baselines ]; then
    echo "Removing $filename: $lines/$baselines"
    rm "$filename"
  fi
 done
 mv ./options/locale_en-US.ini ./options/locale/
--- a/cmd/actions.go
+++ b/cmd/actions.go
@ -4,28 +4,25 @@
 package cmd
 import (
 	"context"
 	"fmt"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-// CmdActions represents the available actions sub-commands.
+var (
-func cmdActions() *cli.Command {
+	// CmdActions represents the available actions sub-commands.
-	return &cli.Command{
+	CmdActions = &cli.Command{
 		Name:  "actions",
 		Usage: "Manage Forgejo Actions",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
-			subcmdActionsGenRunnerToken(),
+			subcmdActionsGenRunnerToken,
 		},
 	}
 }
-func subcmdActionsGenRunnerToken() *cli.Command {
+	subcmdActionsGenRunnerToken = &cli.Command{
 	return &cli.Command{
 		Name:    "generate-runner-token",
 		Usage:   "Generate a new token for a runner to use to register with the server",
 		Action:  runGenerateActionsRunnerToken,
@ -39,10 +36,10 @@ func subcmdActionsGenRunnerToken() *cli.Command {
 			},
 		},
 	}
-}
+)
-func runGenerateActionsRunnerToken(ctx context.Context, c *cli.Command) error {
+func runGenerateActionsRunnerToken(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	setting.MustInstalled()
--- a/cmd/admin.go
+++ b/cmd/admin.go
@ -8,71 +8,63 @@ import (
 	"context"
 	"fmt"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	repo_model "forgejo.org/models/repo"
+	repo_model "code.gitea.io/gitea/models/repo"
-	"forgejo.org/modules/git"
+	"code.gitea.io/gitea/modules/git"
-	"forgejo.org/modules/gitrepo"
+	"code.gitea.io/gitea/modules/gitrepo"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	repo_module "forgejo.org/modules/repository"
+	repo_module "code.gitea.io/gitea/modules/repository"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-// CmdAdmin represents the available admin sub-command.
+var (
-func cmdAdmin() *cli.Command {
+	// CmdAdmin represents the available admin sub-command.
-	return &cli.Command{
+	CmdAdmin = &cli.Command{
 		Name:  "admin",
 		Usage: "Perform common administrative operations",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
-			subcmdUser(),
+			subcmdUser,
-			subcmdRepoSyncReleases(),
+			subcmdRepoSyncReleases,
-			subcmdRegenerate(),
+			subcmdRegenerate,
-			subcmdAuth(),
+			subcmdAuth,
-			subcmdSendMail(),
+			subcmdSendMail,
 		},
 	}
 }
-func subcmdRepoSyncReleases() *cli.Command {
+	subcmdRepoSyncReleases = &cli.Command{
 	return &cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
 		Action: runRepoSyncReleases,
 	}
 }
-func subcmdRegenerate() *cli.Command {
+	subcmdRegenerate = &cli.Command{
 	return &cli.Command{
 		Name:  "regenerate",
 		Usage: "Regenerate specific files",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
 			microcmdRegenHooks,
 			microcmdRegenKeys,
 		},
 	}
 }
-func subcmdAuth() *cli.Command {
+	subcmdAuth = &cli.Command{
 	return &cli.Command{
 		Name:  "auth",
 		Usage: "Modify external auth providers",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
-			microcmdAuthAddOauth(),
+			microcmdAuthAddOauth,
-			microcmdAuthUpdateOauth(),
+			microcmdAuthUpdateOauth,
-			microcmdAuthAddLdapBindDn(),
+			microcmdAuthAddLdapBindDn,
-			microcmdAuthUpdateLdapBindDn(),
+			microcmdAuthUpdateLdapBindDn,
-			microcmdAuthAddLdapSimpleAuth(),
+			microcmdAuthAddLdapSimpleAuth,
-			microcmdAuthUpdateLdapSimpleAuth(),
+			microcmdAuthUpdateLdapSimpleAuth,
-			microcmdAuthAddSMTP(),
+			microcmdAuthAddSMTP,
-			microcmdAuthUpdateSMTP(),
+			microcmdAuthUpdateSMTP,
-			microcmdAuthList(),
+			microcmdAuthList,
-			microcmdAuthDelete(),
+			microcmdAuthDelete,
 		},
 	}
 }
-func subcmdSendMail() *cli.Command {
+	subcmdSendMail = &cli.Command{
 	return &cli.Command{
 		Name:   "sendmail",
 		Usage:  "Send a message to all users",
 		Action: runSendMail,
@ -94,17 +86,15 @@ func subcmdSendMail() *cli.Command {
 			},
 		},
 	}
 }
-func idFlag() *cli.Int64Flag {
+	idFlag = &cli.Int64Flag{
 	return &cli.Int64Flag{
 		Name:  "id",
 		Usage: "ID of authentication source",
 	}
-}
+)
-func runRepoSyncReleases(ctx context.Context, _ *cli.Command) error {
+func runRepoSyncReleases(_ *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
--- a/cmd/admin_auth.go
+++ b/cmd/admin_auth.go
@ -4,30 +4,26 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"os"
 	"text/tabwriter"
-	auth_model "forgejo.org/models/auth"
+	auth_model "code.gitea.io/gitea/models/auth"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	auth_service "forgejo.org/services/auth"
+	auth_service "code.gitea.io/gitea/services/auth"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func microcmdAuthDelete() *cli.Command {
+var (
-	return &cli.Command{
+	microcmdAuthDelete = &cli.Command{
 		Name:   "delete",
 		Usage:  "Delete specific auth source",
-		Flags:  []cli.Flag{idFlag()},
+		Flags:  []cli.Flag{idFlag},
 		Action: runDeleteAuth,
 	}
-}
+	microcmdAuthList = &cli.Command{
 func microcmdAuthList() *cli.Command {
 	return &cli.Command{
 		Name:   "list",
 		Usage:  "List auth sources",
 		Action: runListAuth,
@ -58,10 +54,10 @@ func microcmdAuthList() *cli.Command {
 			},
 		},
 	}
-}
+)
-func runListAuth(ctx context.Context, c *cli.Command) error {
+func runListAuth(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
@ -85,7 +81,7 @@ func runListAuth(ctx context.Context, c *cli.Command) error {
 	// loop through each source and print
 	w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)
-	fmt.Fprint(w, "ID\tName\tType\tEnabled\n")
+	fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")
 	for _, source := range authSources {
 		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, source.Type.String(), source.IsActive)
 	}
@ -94,12 +90,12 @@ func runListAuth(ctx context.Context, c *cli.Command) error {
 	return nil
 }
-func runDeleteAuth(ctx context.Context, c *cli.Command) error {
+func runDeleteAuth(c *cli.Context) error {
 	if !c.IsSet("id") {
 		return errors.New("--id flag is missing")
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@ -8,10 +8,10 @@ import (
 	"fmt"
 	"strings"
-	"forgejo.org/models/auth"
+	"code.gitea.io/gitea/models/auth"
-	"forgejo.org/services/auth/source/ldap"
+	"code.gitea.io/gitea/services/auth/source/ldap"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 type (
@ -23,8 +23,8 @@ type (
 	}
 )
-func commonLdapCLIFlags() []cli.Flag {
+var (
-	return []cli.Flag{
+	commonLdapCLIFlags = []cli.Flag{
 		&cli.StringFlag{
 			Name:  "name",
 			Usage: "Authentication name.",
@ -102,10 +102,8 @@ func commonLdapCLIFlags() []cli.Flag {
 			Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
 		},
 	}
 }
-func ldapBindDnCLIFlags() []cli.Flag {
+	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
 	return append(commonLdapCLIFlags(),
 		&cli.StringFlag{
 			Name:  "bind-dn",
 			Usage: "The DN to bind to the LDAP server with when searching for the user.",
@ -130,59 +128,49 @@ func ldapBindDnCLIFlags() []cli.Flag {
 			Name:  "page-size",
 			Usage: "Search page size.",
 		})
 }
-func ldapSimpleAuthCLIFlags() []cli.Flag {
+	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
 	return append(commonLdapCLIFlags(),
 		&cli.StringFlag{
 			Name:  "user-dn",
 			Usage: "The user's DN.",
 		})
 }
-func microcmdAuthAddLdapBindDn() *cli.Command {
+	microcmdAuthAddLdapBindDn = &cli.Command{
 	return &cli.Command{
 		Name:  "add-ldap",
 		Usage: "Add new LDAP (via Bind DN) authentication source",
-		Action: func(ctx context.Context, cli *cli.Command) error {
+		Action: func(c *cli.Context) error {
-			return newAuthService().addLdapBindDn(ctx, cli)
+			return newAuthService().addLdapBindDn(c)
 		},
-		Flags: ldapBindDnCLIFlags(),
+		Flags: ldapBindDnCLIFlags,
 	}
 }
-func microcmdAuthUpdateLdapBindDn() *cli.Command {
+	microcmdAuthUpdateLdapBindDn = &cli.Command{
 	return &cli.Command{
 		Name:  "update-ldap",
 		Usage: "Update existing LDAP (via Bind DN) authentication source",
-		Action: func(ctx context.Context, cli *cli.Command) error {
+		Action: func(c *cli.Context) error {
-			return newAuthService().updateLdapBindDn(ctx, cli)
+			return newAuthService().updateLdapBindDn(c)
 		},
-		Flags: append([]cli.Flag{idFlag()}, ldapBindDnCLIFlags()...),
+		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
 	}
 }
-func microcmdAuthAddLdapSimpleAuth() *cli.Command {
+	microcmdAuthAddLdapSimpleAuth = &cli.Command{
 	return &cli.Command{
 		Name:  "add-ldap-simple",
 		Usage: "Add new LDAP (simple auth) authentication source",
-		Action: func(ctx context.Context, cli *cli.Command) error {
+		Action: func(c *cli.Context) error {
-			return newAuthService().addLdapSimpleAuth(ctx, cli)
+			return newAuthService().addLdapSimpleAuth(c)
 		},
-		Flags: ldapSimpleAuthCLIFlags(),
+		Flags: ldapSimpleAuthCLIFlags,
 	}
 }
-func microcmdAuthUpdateLdapSimpleAuth() *cli.Command {
+	microcmdAuthUpdateLdapSimpleAuth = &cli.Command{
 	return &cli.Command{
 		Name:  "update-ldap-simple",
 		Usage: "Update existing LDAP (simple auth) authentication source",
-		Action: func(ctx context.Context, cli *cli.Command) error {
+		Action: func(c *cli.Context) error {
-			return newAuthService().updateLdapSimpleAuth(ctx, cli)
+			return newAuthService().updateLdapSimpleAuth(c)
 		},
-		Flags: append([]cli.Flag{idFlag()}, ldapSimpleAuthCLIFlags()...),
+		Flags: append([]cli.Flag{idFlag}, ldapSimpleAuthCLIFlags...),
 	}
-}
+)
 // newAuthService creates a service with default functions.
 func newAuthService() *authService {
@ -195,7 +183,7 @@ func newAuthService() *authService {
 }
 // parseAuthSource assigns values on authSource according to command line flags.
-func parseAuthSource(c *cli.Command, authSource *auth.Source) {
+func parseAuthSource(c *cli.Context, authSource *auth.Source) {
 	if c.IsSet("name") {
 		authSource.Name = c.String("name")
 	}
@ -214,7 +202,7 @@ func parseAuthSource(c *cli.Command, authSource *auth.Source) {
 }
 // parseLdapConfig assigns values on config according to command line flags.
-func parseLdapConfig(c *cli.Command, config *ldap.Source) error {
+func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
 	if c.IsSet("name") {
 		config.Name = c.String("name")
 	}
@ -301,7 +289,7 @@ func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
 // getAuthSource gets the login source by its id defined in the command line flags.
 // It returns an error if the id is not set, does not match any source or if the source is not of expected type.
-func (a *authService) getAuthSource(ctx context.Context, c *cli.Command, authType auth.Type) (*auth.Source, error) {
+func (a *authService) getAuthSource(ctx context.Context, c *cli.Context, authType auth.Type) (*auth.Source, error) {
 	if err := argsSet(c, "id"); err != nil {
 		return nil, err
 	}
@ -319,12 +307,12 @@ func (a *authService) getAuthSource(ctx context.Context, c *cli.Command, authTyp
 }
 // addLdapBindDn adds a new LDAP via Bind DN authentication source.
-func (a *authService) addLdapBindDn(ctx context.Context, c *cli.Command) error {
+func (a *authService) addLdapBindDn(c *cli.Context) error {
 	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
 		return err
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := a.initDB(ctx); err != nil {
@ -348,8 +336,8 @@ func (a *authService) addLdapBindDn(ctx context.Context, c *cli.Command) error {
 }
 // updateLdapBindDn updates a new LDAP via Bind DN authentication source.
-func (a *authService) updateLdapBindDn(ctx context.Context, c *cli.Command) error {
+func (a *authService) updateLdapBindDn(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := a.initDB(ctx); err != nil {
@ -370,12 +358,12 @@ func (a *authService) updateLdapBindDn(ctx context.Context, c *cli.Command) erro
 }
 // addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
-func (a *authService) addLdapSimpleAuth(ctx context.Context, c *cli.Command) error {
+func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
 	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
 		return err
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := a.initDB(ctx); err != nil {
@ -399,8 +387,8 @@ func (a *authService) addLdapSimpleAuth(ctx context.Context, c *cli.Command) err
 }
 // updateLdapSimpleAuth updates a new LDAP (simple auth) authentication source.
-func (a *authService) updateLdapSimpleAuth(ctx context.Context, c *cli.Command) error {
+func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := a.initDB(ctx); err != nil {
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@ -7,18 +7,19 @@ import (
 	"context"
 	"testing"
-	"forgejo.org/models/auth"
+	"code.gitea.io/gitea/models/auth"
-	"forgejo.org/modules/test"
+	"code.gitea.io/gitea/services/auth/source/ldap"
 	"forgejo.org/services/auth/source/ldap"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 func TestAddLdapBindDn(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
+	osExiter := cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}
 	// Test cases
 	cases := []struct {
@ -215,22 +216,22 @@ func TestAddLdapBindDn(t *testing.T) {
 				return nil
 			},
 			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				assert.FailNow(t, "should not call updateAuthSource", "case: %d", n)
+				assert.FailNow(t, "case %d: should not call updateAuthSource", n)
 				return nil
 			},
 			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
-				assert.FailNow(t, "should not call getAuthSourceByID", "case: %d", n)
+				assert.FailNow(t, "case %d: should not call getAuthSourceByID", n)
 				return nil, nil
 			},
 		}
 		// Create a copy of command to test
-		app := cli.Command{}
+		app := cli.NewApp()
-		app.Flags = microcmdAuthAddLdapBindDn().Flags
+		app.Flags = microcmdAuthAddLdapBindDn.Flags
 		app.Action = service.addLdapBindDn
 		// Run it
-		err := app.Run(t.Context(), c.args)
+		err := app.Run(c.args)
 		if c.errMsg != "" {
 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
 		} else {
@ -242,7 +243,9 @@ func TestAddLdapBindDn(t *testing.T) {
 func TestAddLdapSimpleAuth(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
+	osExiter := cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}
 	// Test cases
 	cases := []struct {
@ -444,22 +447,22 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				return nil
 			},
 			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				assert.FailNow(t, "should not call updateAuthSource", "case: %d", n)
+				assert.FailNow(t, "case %d: should not call updateAuthSource", n)
 				return nil
 			},
 			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
-				assert.FailNow(t, "should not call getAuthSourceByID", "case: %d", n)
+				assert.FailNow(t, "case %d: should not call getAuthSourceByID", n)
 				return nil, nil
 			},
 		}
 		// Create a copy of command to test
-		app := cli.Command{}
+		app := cli.NewApp()
-		app.Flags = microcmdAuthAddLdapSimpleAuth().Flags
+		app.Flags = microcmdAuthAddLdapSimpleAuth.Flags
 		app.Action = service.addLdapSimpleAuth
 		// Run it
-		err := app.Run(t.Context(), c.args)
+		err := app.Run(c.args)
 		if c.errMsg != "" {
 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
 		} else {
@ -471,7 +474,9 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 func TestUpdateLdapBindDn(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
+	osExiter := cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}
 	// Test cases
 	cases := []struct {
@ -893,7 +898,7 @@ func TestUpdateLdapBindDn(t *testing.T) {
 				return nil
 			},
 			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				assert.FailNow(t, "should not call createAuthSource", "case: %d", n)
+				assert.FailNow(t, "case %d: should not call createAuthSource", n)
 				return nil
 			},
 			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
@ -915,12 +920,12 @@ func TestUpdateLdapBindDn(t *testing.T) {
 		}
 		// Create a copy of command to test
-		app := cli.Command{}
+		app := cli.NewApp()
-		app.Flags = microcmdAuthUpdateLdapBindDn().Flags
+		app.Flags = microcmdAuthUpdateLdapBindDn.Flags
 		app.Action = service.updateLdapBindDn
 		// Run it
-		err := app.Run(t.Context(), c.args)
+		err := app.Run(c.args)
 		if c.errMsg != "" {
 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
 		} else {
@ -932,7 +937,9 @@ func TestUpdateLdapBindDn(t *testing.T) {
 func TestUpdateLdapSimpleAuth(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
+	osExiter := cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}
 	// Test cases
 	cases := []struct {
@ -1281,7 +1288,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 				return nil
 			},
 			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
-				assert.FailNow(t, "should not call createAuthSource", "case: %d", n)
+				assert.FailNow(t, "case %d: should not call createAuthSource", n)
 				return nil
 			},
 			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
@ -1303,12 +1310,12 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 		}
 		// Create a copy of command to test
-		app := cli.Command{}
+		app := cli.NewApp()
-		app.Flags = microcmdAuthUpdateLdapSimpleAuth().Flags
+		app.Flags = microcmdAuthUpdateLdapSimpleAuth.Flags
 		app.Action = service.updateLdapSimpleAuth
 		// Run it
-		err := app.Run(t.Context(), c.args)
+		err := app.Run(c.args)
 		if c.errMsg != "" {
 			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
 		} else {
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@ -4,19 +4,18 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"net/url"
-	auth_model "forgejo.org/models/auth"
+	auth_model "code.gitea.io/gitea/models/auth"
-	"forgejo.org/services/auth/source/oauth2"
+	"code.gitea.io/gitea/services/auth/source/oauth2"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func oauthCLIFlags() []cli.Flag {
+var (
-	return []cli.Flag{
+	oauthCLIFlags = []cli.Flag{
 		&cli.StringFlag{
 			Name:  "name",
 			Value: "",
@ -121,27 +120,23 @@ func oauthCLIFlags() []cli.Flag {
 			Usage: "Activate automatic team membership removal depending on groups",
 		},
 	}
 }
-func microcmdAuthAddOauth() *cli.Command {
+	microcmdAuthAddOauth = &cli.Command{
 	return &cli.Command{
 		Name:   "add-oauth",
 		Usage:  "Add new Oauth authentication source",
 		Action: runAddOauth,
-		Flags:  oauthCLIFlags(),
+		Flags:  oauthCLIFlags,
 	}
 }
-func microcmdAuthUpdateOauth() *cli.Command {
+	microcmdAuthUpdateOauth = &cli.Command{
 	return &cli.Command{
 		Name:   "update-oauth",
 		Usage:  "Update existing Oauth authentication source",
 		Action: runUpdateOauth,
-		Flags:  append(oauthCLIFlags()[:1], append([]cli.Flag{idFlag()}, oauthCLIFlags()[1:]...)...),
+		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
 	}
-}
+)
-func parseOAuth2Config(_ context.Context, c *cli.Command) *oauth2.Source {
+func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 	var customURLMapping *oauth2.CustomURLMapping
 	if c.IsSet("use-custom-urls") {
 		customURLMapping = &oauth2.CustomURLMapping{
@ -173,15 +168,15 @@ func parseOAuth2Config(_ context.Context, c *cli.Command) *oauth2.Source {
 	}
 }
-func runAddOauth(ctx context.Context, c *cli.Command) error {
+func runAddOauth(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
-	config := parseOAuth2Config(ctx, c)
+	config := parseOAuth2Config(c)
 	if config.Provider == "openidConnect" {
 		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
 		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
@ -197,12 +192,12 @@ func runAddOauth(ctx context.Context, c *cli.Command) error {
 	})
 }
-func runUpdateOauth(ctx context.Context, c *cli.Command) error {
+func runUpdateOauth(c *cli.Context) error {
 	if !c.IsSet("id") {
 		return errors.New("--id flag is missing")
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
--- a/cmd/admin_auth_stmp.go
+++ b/cmd/admin_auth_stmp.go
@ -4,19 +4,18 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"strings"
-	auth_model "forgejo.org/models/auth"
+	auth_model "code.gitea.io/gitea/models/auth"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
-	"forgejo.org/services/auth/source/smtp"
+	"code.gitea.io/gitea/services/auth/source/smtp"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func smtpCLIFlags() []cli.Flag {
+var (
-	return []cli.Flag{
+	smtpCLIFlags = []cli.Flag{
 		&cli.StringFlag{
 			Name:  "name",
 			Value: "",
@ -72,27 +71,23 @@ func smtpCLIFlags() []cli.Flag {
 			Value: true,
 		},
 	}
 }
-func microcmdAuthAddSMTP() *cli.Command {
+	microcmdAuthAddSMTP = &cli.Command{
 	return &cli.Command{
 		Name:   "add-smtp",
 		Usage:  "Add new SMTP authentication source",
 		Action: runAddSMTP,
-		Flags:  smtpCLIFlags(),
+		Flags:  smtpCLIFlags,
 	}
 }
-func microcmdAuthUpdateSMTP() *cli.Command {
+	microcmdAuthUpdateSMTP = &cli.Command{
 	return &cli.Command{
 		Name:   "update-smtp",
 		Usage:  "Update existing SMTP authentication source",
 		Action: runUpdateSMTP,
-		Flags:  append(smtpCLIFlags()[:1], append([]cli.Flag{idFlag()}, smtpCLIFlags()[1:]...)...),
+		Flags:  append(smtpCLIFlags[:1], append([]cli.Flag{idFlag}, smtpCLIFlags[1:]...)...),
 	}
-}
+)
-func parseSMTPConfig(c *cli.Command, conf *smtp.Source) error {
+func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 	if c.IsSet("auth-type") {
 		conf.Auth = c.String("auth-type")
 		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
@ -128,8 +123,8 @@ func parseSMTPConfig(c *cli.Command, conf *smtp.Source) error {
 	return nil
 }
-func runAddSMTP(ctx context.Context, c *cli.Command) error {
+func runAddSMTP(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
@ -168,12 +163,12 @@ func runAddSMTP(ctx context.Context, c *cli.Command) error {
 	})
 }
-func runUpdateSMTP(ctx context.Context, c *cli.Command) error {
+func runUpdateSMTP(c *cli.Context) error {
 	if !c.IsSet("id") {
 		return errors.New("--id flag is missing")
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
--- a/cmd/admin_regenerate.go
+++ b/cmd/admin_regenerate.go
@ -4,13 +4,11 @@
 package cmd
 import (
-	"context"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/modules/graceful"
 	repo_service "code.gitea.io/gitea/services/repository"
-	asymkey_model "forgejo.org/models/asymkey"
+	"github.com/urfave/cli/v2"
 	"forgejo.org/modules/graceful"
 	repo_service "forgejo.org/services/repository"
 	"github.com/urfave/cli/v3"
 )
 var (
@ -27,8 +25,8 @@ var (
 	}
 )
-func runRegenerateHooks(ctx context.Context, _ *cli.Command) error {
+func runRegenerateHooks(_ *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
@ -37,8 +35,8 @@ func runRegenerateHooks(ctx context.Context, _ *cli.Command) error {
 	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
 }
-func runRegenerateKeys(ctx context.Context, _ *cli.Command) error {
+func runRegenerateKeys(_ *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
--- a/cmd/admin_user.go
+++ b/cmd/admin_user.go
@ -4,20 +4,18 @@
 package cmd
 import (
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func subcmdUser() *cli.Command {
+var subcmdUser = &cli.Command{
 	return &cli.Command{
 	Name:  "user",
 	Usage: "Modify users",
-		Commands: []*cli.Command{
+	Subcommands: []*cli.Command{
-			microcmdUserCreate(),
+		microcmdUserCreate,
-			microcmdUserList(),
+		microcmdUserList,
-			microcmdUserChangePassword(),
+		microcmdUserChangePassword,
-			microcmdUserDelete(),
+		microcmdUserDelete,
-			microcmdUserGenerateAccessToken(),
+		microcmdUserGenerateAccessToken,
-			microcmdUserMustChangePassword(),
+		microcmdUserMustChangePassword,
 	},
 	}
 }
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@ -4,21 +4,19 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
-	user_model "forgejo.org/models/user"
+	user_model "code.gitea.io/gitea/models/user"
-	"forgejo.org/modules/auth/password"
+	"code.gitea.io/gitea/modules/auth/password"
-	"forgejo.org/modules/optional"
+	"code.gitea.io/gitea/modules/optional"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	user_service "forgejo.org/services/user"
+	user_service "code.gitea.io/gitea/services/user"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func microcmdUserChangePassword() *cli.Command {
+var microcmdUserChangePassword = &cli.Command{
 	return &cli.Command{
 	Name:   "change-password",
 	Usage:  "Change a user's password",
 	Action: runChangePassword,
@ -41,15 +39,14 @@ func microcmdUserChangePassword() *cli.Command {
 			Value: true,
 		},
 	},
 	}
 }
-func runChangePassword(ctx context.Context, c *cli.Command) error {
+func runChangePassword(c *cli.Context) error {
 	if err := argsSet(c, "username", "password"); err != nil {
 		return err
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@ -4,23 +4,20 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
-	auth_model "forgejo.org/models/auth"
+	auth_model "code.gitea.io/gitea/models/auth"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	user_model "forgejo.org/models/user"
+	user_model "code.gitea.io/gitea/models/user"
-	pwd "forgejo.org/modules/auth/password"
+	pwd "code.gitea.io/gitea/modules/auth/password"
-	"forgejo.org/modules/optional"
+	"code.gitea.io/gitea/modules/optional"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func microcmdUserCreate() *cli.Command {
+var microcmdUserCreate = &cli.Command{
 	return &cli.Command{
 	Name:   "create",
 	Usage:  "Create a new user in database",
 	Action: runCreateUser,
@ -53,6 +50,7 @@ func microcmdUserCreate() *cli.Command {
 			Name:               "must-change-password",
 			Usage:              "Set this option to false to prevent forcing the user to change their password after initial login",
 			Value:              true,
 			DisableDefaultText: true,
 		},
 		&cli.IntFlag{
 			Name:  "random-password-length",
@ -63,33 +61,14 @@ func microcmdUserCreate() *cli.Command {
 			Name:  "access-token",
 			Usage: "Generate access token for the user",
 		},
 			&cli.StringFlag{
 				Name:  "access-token-name",
 				Usage: `Name of the generated access token`,
 				Value: "gitea-admin",
 			},
 			&cli.StringFlag{
 				Name:  "access-token-scopes",
 				Usage: `Scopes of the generated access token, comma separated. Examples: "all", "public-only,read:issue", "write:repository,write:user"`,
 				Value: "all",
 			},
 		&cli.BoolFlag{
 			Name:  "restricted",
 			Usage: "Make a restricted user account",
 		},
 			&cli.StringFlag{
 				Name:  "fullname",
 				Usage: `The full, human-readable name of the user`,
 	},
 		},
 	}
 }
-func runCreateUser(ctx context.Context, c *cli.Command) error {
+func runCreateUser(c *cli.Context) error {
 	// this command highly depends on the many setting options (create org, visibility, etc.), so it must have a full setting load first
 	// duplicate setting loading should be safe at the moment, but it should be refactored & improved in the future.
 	setting.LoadSettings()
 	if err := argsSet(c, "email"); err != nil {
 		return err
 	}
@ -110,10 +89,10 @@ func runCreateUser(ctx context.Context, c *cli.Command) error {
 		username = c.String("username")
 	} else {
 		username = c.String("name")
-		_, _ = fmt.Fprint(c.Root().ErrWriter, "--name flag is deprecated. Use --username instead.\n")
+		_, _ = fmt.Fprintf(c.App.ErrWriter, "--name flag is deprecated. Use --username instead.\n")
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
@ -167,7 +146,6 @@ func runCreateUser(ctx context.Context, c *cli.Command) error {
 		IsAdmin:            isAdmin,
 		MustChangePassword: mustChangePassword,
 		Visibility:         visibility,
 		FullName:           c.String("fullname"),
 	}
 	overwriteDefault := &user_model.CreateUserOverwriteOptions{
@ -175,40 +153,23 @@ func runCreateUser(ctx context.Context, c *cli.Command) error {
 		IsRestricted: restricted,
 	}
 	var accessTokenName string
 	var accessTokenScope auth_model.AccessTokenScope
 	if c.IsSet("access-token") {
 		accessTokenName = strings.TrimSpace(c.String("access-token-name"))
 		if accessTokenName == "" {
 			return errors.New("access-token-name cannot be empty")
 		}
 		var err error
 		accessTokenScope, err = auth_model.AccessTokenScope(c.String("access-token-scopes")).Normalize()
 		if err != nil {
 			return fmt.Errorf("invalid access token scope provided: %w", err)
 		}
 		if !accessTokenScope.HasPermissionScope() {
 			return errors.New("access token does not have any permission")
 		}
 	} else if c.IsSet("access-token-name") || c.IsSet("access-token-scopes") {
 		return errors.New("access-token-name and access-token-scopes flags are only valid when access-token flag is set")
 	}
 	// arguments should be prepared before creating the user & access token, in case there is anything wrong
 	// create the user
 	if err := user_model.CreateUser(ctx, u, overwriteDefault); err != nil {
 		return fmt.Errorf("CreateUser: %w", err)
 	}
 	fmt.Printf("New user '%s' has been successfully created!\n", username)
-	// create the access token
+	if c.Bool("access-token") {
-	if accessTokenScope != "" {
+		t := &auth_model.AccessToken{
-		t := &auth_model.AccessToken{Name: accessTokenName, UID: u.ID, Scope: accessTokenScope}
+			Name: "gitea-admin",
 			UID:  u.ID,
 		}
 		if err := auth_model.NewAccessToken(ctx, t); err != nil {
 			return err
 		}
 		fmt.Printf("Access token was successfully created... %s\n", t.Token)
 	}
 	fmt.Printf("New user '%s' has been successfully created!\n", username)
 	return nil
 }
--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@ -4,20 +4,18 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
-	user_model "forgejo.org/models/user"
+	user_model "code.gitea.io/gitea/models/user"
-	"forgejo.org/modules/storage"
+	"code.gitea.io/gitea/modules/storage"
-	user_service "forgejo.org/services/user"
+	user_service "code.gitea.io/gitea/services/user"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func microcmdUserDelete() *cli.Command {
+var microcmdUserDelete = &cli.Command{
 	return &cli.Command{
 	Name:  "delete",
 	Usage: "Delete specific user by id, name or email",
 	Flags: []cli.Flag{
@ -41,15 +39,14 @@ func microcmdUserDelete() *cli.Command {
 		},
 	},
 	Action: runDeleteUser,
 	}
 }
-func runDeleteUser(ctx context.Context, c *cli.Command) error {
+func runDeleteUser(c *cli.Context) error {
 	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
 		return errors.New("You must provide the id, username or email of a user to delete")
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@ -4,18 +4,16 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
-	auth_model "forgejo.org/models/auth"
+	auth_model "code.gitea.io/gitea/models/auth"
-	user_model "forgejo.org/models/user"
+	user_model "code.gitea.io/gitea/models/user"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func microcmdUserGenerateAccessToken() *cli.Command {
+var microcmdUserGenerateAccessToken = &cli.Command{
 	return &cli.Command{
 	Name:  "generate-access-token",
 	Usage: "Generate an access token for a specific user",
 	Flags: []cli.Flag{
@ -36,20 +34,19 @@ func microcmdUserGenerateAccessToken() *cli.Command {
 		},
 		&cli.StringFlag{
 			Name:  "scopes",
-				Value: "all",
+			Value: "",
-				Usage: `Comma separated list of scopes to apply to access token, examples: "all", "public-only,read:issue", "write:repository,write:user"`,
+			Usage: "Comma separated list of scopes to apply to access token",
 		},
 	},
 	Action: runGenerateAccessToken,
 	}
 }
-func runGenerateAccessToken(ctx context.Context, c *cli.Command) error {
+func runGenerateAccessToken(c *cli.Context) error {
 	if !c.IsSet("username") {
-		return errors.New("you must provide a username to generate a token for")
+		return errors.New("You must provide a username to generate a token for")
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
@ -80,9 +77,6 @@ func runGenerateAccessToken(ctx context.Context, c *cli.Command) error {
 	if err != nil {
 		return fmt.Errorf("invalid access token scope provided: %w", err)
 	}
 	if !accessTokenScope.HasPermissionScope() {
 		return errors.New("access token does not have any permission")
 	}
 	t.Scope = accessTokenScope
 	// create the token
--- a/cmd/admin_user_list.go
+++ b/cmd/admin_user_list.go
@ -4,18 +4,16 @@
 package cmd
 import (
 	"context"
 	"fmt"
 	"os"
 	"text/tabwriter"
-	user_model "forgejo.org/models/user"
+	user_model "code.gitea.io/gitea/models/user"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func microcmdUserList() *cli.Command {
+var microcmdUserList = &cli.Command{
 	return &cli.Command{
 	Name:   "list",
 	Usage:  "List users",
 	Action: runListUsers,
@ -25,11 +23,10 @@ func microcmdUserList() *cli.Command {
 			Usage: "List only admin users",
 		},
 	},
 	}
 }
-func runListUsers(ctx context.Context, c *cli.Command) error {
+func runListUsers(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
@ -44,7 +41,7 @@ func runListUsers(ctx context.Context, c *cli.Command) error {
 	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
 	if c.IsSet("admin") {
-		fmt.Fprint(w, "ID\tUsername\tEmail\tIsActive\n")
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
 		for _, u := range users {
 			if u.IsAdmin {
 				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
@ -52,7 +49,7 @@ func runListUsers(ctx context.Context, c *cli.Command) error {
 		}
 	} else {
 		twofa := user_model.UserList(users).GetTwoFaStatus(ctx)
-		fmt.Fprint(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
 		for _, u := range users {
 			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
 		}
--- a/cmd/admin_user_must_change_password.go
+++ b/cmd/admin_user_must_change_password.go
@ -4,17 +4,15 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
-	user_model "forgejo.org/models/user"
+	user_model "code.gitea.io/gitea/models/user"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func microcmdUserMustChangePassword() *cli.Command {
+var microcmdUserMustChangePassword = &cli.Command{
 	return &cli.Command{
 	Name:   "must-change-password",
 	Usage:  "Set the must change password flag for the provided users or all users",
 	Action: runMustChangePassword,
@ -34,11 +32,10 @@ func microcmdUserMustChangePassword() *cli.Command {
 			Usage: "Instead of setting the must-change-password flag, unset it",
 		},
 	},
 	}
 }
-func runMustChangePassword(ctx context.Context, c *cli.Command) error {
+func runMustChangePassword(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if c.NArg() == 0 && !c.IsSet("all") {
--- a/cmd/cert.go
+++ b/cmd/cert.go
@ -6,7 +6,6 @@
 package cmd
 import (
 	"context"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
@ -21,12 +20,11 @@ import (
 	"strings"
 	"time"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // CmdCert represents the available cert sub-command.
-func cmdCert() *cli.Command {
+var CmdCert = &cli.Command{
 	return &cli.Command{
 	Name:  "cert",
 	Usage: "Generate self-signed certificate",
 	Description: `Generate a self-signed X.509 certificate for a TLS server.
@ -63,7 +61,6 @@ Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
 			Usage: "whether this cert should be its own Certificate Authority",
 		},
 	},
 	}
 }
 func publicKey(priv any) any {
@ -92,7 +89,7 @@ func pemBlockForKey(priv any) *pem.Block {
 	}
 }
-func runCert(ctx context.Context, c *cli.Command) error {
+func runCert(c *cli.Context) error {
 	if err := argsSet(c, "host"); err != nil {
 		return err
 	}
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@ -15,28 +15,26 @@ import (
 	"strings"
 	"syscall"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // argsSet checks that all the required arguments are set. args is a list of
 // arguments that must be set in the passed Context.
-func argsSet(c *cli.Command, args ...string) error {
+func argsSet(c *cli.Context, args ...string) error {
 	for _, a := range args {
 		if !c.IsSet(a) {
 			return errors.New(a + " is not set")
 		}
-		if s, ok := c.Value(a).(string); ok {
+		if util.IsEmptyString(c.String(a)) {
 			if util.IsEmptyString(s) {
 			return errors.New(a + " is required")
 		}
 	}
 	}
 	return nil
 }
@ -75,8 +73,8 @@ If this is the intended configuration file complete the [database] section.`, se
 	return nil
 }
-func installSignals(ctx context.Context) (context.Context, context.CancelFunc) {
+func installSignals() (context.Context, context.CancelFunc) {
-	ctx, cancel := context.WithCancel(ctx)
+	ctx, cancel := context.WithCancel(context.Background())
 	go func() {
 		// install notify
 		signalChannel := make(chan os.Signal, 1)
@ -111,7 +109,7 @@ func setupConsoleLogger(level log.Level, colorize bool, out io.Writer) {
 	log.GetManager().GetLogger(log.DEFAULT).ReplaceAllWriters(writer)
 }
-func globalBool(c *cli.Command, name string) bool {
+func globalBool(c *cli.Context, name string) bool {
 	for _, ctx := range c.Lineage() {
 		if ctx.Bool(name) {
 			return true
@ -122,16 +120,16 @@ func globalBool(c *cli.Command, name string) bool {
 // PrepareConsoleLoggerLevel by default, use INFO level for console logger, but some sub-commands (for git/ssh protocol) shouldn't output any log to stdout.
 // Any log appears in git stdout pipe will break the git protocol, eg: client can't push and hangs forever.
-func PrepareConsoleLoggerLevel(defaultLevel log.Level) func(ctx context.Context, cli *cli.Command) (context.Context, error) {
+func PrepareConsoleLoggerLevel(defaultLevel log.Level) func(*cli.Context) error {
-	return func(ctx context.Context, cli *cli.Command) (context.Context, error) {
+	return func(c *cli.Context) error {
 		level := defaultLevel
-		if globalBool(cli, "quiet") {
+		if globalBool(c, "quiet") {
 			level = log.FATAL
 		}
-		if globalBool(cli, "debug") || globalBool(cli, "verbose") {
+		if globalBool(c, "debug") || globalBool(c, "verbose") {
 			level = log.TRACE
 		}
 		log.SetConsoleLogger(log.DEFAULT, "console-default", level)
-		return ctx, nil
+		return nil
 	}
 }
--- a/cmd/docs.go
+++ b/cmd/docs.go
@ -0,0 +1,65 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package cmd
 import (
 	"fmt"
 	"os"
 	"strings"
 	"github.com/urfave/cli/v2"
 )
 // CmdDocs represents the available docs sub-command.
 var CmdDocs = &cli.Command{
 	Name:        "docs",
 	Usage:       "Output CLI documentation",
 	Description: "A command to output Forgejo's CLI documentation, optionally to a file.",
 	Action:      runDocs,
 	Flags: []cli.Flag{
 		&cli.BoolFlag{
 			Name:  "man",
 			Usage: "Output man pages instead",
 		},
 		&cli.StringFlag{
 			Name:    "output",
 			Aliases: []string{"o"},
 			Usage:   "Path to output to instead of stdout (will overwrite if exists)",
 		},
 	},
 }
 func runDocs(ctx *cli.Context) error {
 	docs, err := ctx.App.ToMarkdown()
 	if ctx.Bool("man") {
 		docs, err = ctx.App.ToMan()
 	}
 	if err != nil {
 		return err
 	}
 	if !ctx.Bool("man") {
 		// Clean up markdown. The following bug was fixed in v2, but is present in v1.
 		// It affects markdown output (even though the issue is referring to man pages)
 		// https://github.com/urfave/cli/issues/1040
 		firstHashtagIndex := strings.Index(docs, "#")
 		if firstHashtagIndex > 0 {
 			docs = docs[firstHashtagIndex:]
 		}
 	}
 	out := os.Stdout
 	if ctx.String("output") != "" {
 		fi, err := os.Create(ctx.String("output"))
 		if err != nil {
 			return err
 		}
 		defer fi.Close()
 		out = fi
 	}
 	_, err = fmt.Fprintln(out, docs)
 	return err
 }
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@ -4,7 +4,6 @@
 package cmd
 import (
 	"context"
 	"fmt"
 	golog "log"
 	"os"
@ -12,34 +11,32 @@ import (
 	"strings"
 	"text/tabwriter"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	"forgejo.org/models/migrations"
+	"code.gitea.io/gitea/models/migrations"
-	migrate_base "forgejo.org/models/migrations/base"
+	migrate_base "code.gitea.io/gitea/models/migrations/base"
-	"forgejo.org/modules/container"
+	"code.gitea.io/gitea/modules/container"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/services/doctor"
+	"code.gitea.io/gitea/services/doctor"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 	"xorm.io/xorm"
 )
 // CmdDoctor represents the available doctor sub-command.
-func cmdDoctor() *cli.Command {
+var CmdDoctor = &cli.Command{
 	return &cli.Command{
 	Name:        "doctor",
 	Usage:       "Diagnose and optionally fix problems, convert or re-create database tables",
 	Description: "A command to diagnose problems with the current Forgejo instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
-		Commands: []*cli.Command{
+	Subcommands: []*cli.Command{
-			cmdDoctorCheck(),
+		cmdDoctorCheck,
-			cmdRecreateTable(),
+		cmdRecreateTable,
-			cmdDoctorConvert(),
+		cmdDoctorConvert,
 	},
 	}
 }
-func cmdDoctorCheck() *cli.Command {
+var cmdDoctorCheck = &cli.Command{
 	return &cli.Command{
 	Name:        "check",
 	Usage:       "Diagnose and optionally fix problems",
 	Description: "A command to diagnose problems with the current Forgejo instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
@ -75,11 +72,9 @@ func cmdDoctorCheck() *cli.Command {
 			Usage:   "Use color for outputted information",
 		},
 	},
 	}
 }
-func cmdRecreateTable() *cli.Command {
+var cmdRecreateTable = &cli.Command{
 	return &cli.Command{
 	Name:      "recreate-table",
 	Usage:     "Recreate tables from XORM definitions and copy the data.",
 	ArgsUsage: "[TABLE]... : (TABLEs to recreate - leave blank for all)",
@ -95,11 +90,10 @@ This command will cause Xorm to recreate tables, copying over the data and delet
 You should back-up your database before doing this and ensure that your database is up-to-date first.`,
 	Action: runRecreateTable,
 	}
 }
-func runRecreateTable(stdCtx context.Context, ctx *cli.Command) error {
+func runRecreateTable(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals(stdCtx)
+	stdCtx, cancel := installSignals()
 	defer cancel()
 	// Redirect the default golog to here
@ -126,7 +120,7 @@ func runRecreateTable(stdCtx context.Context, ctx *cli.Command) error {
 	args := ctx.Args()
 	names := make([]string, 0, ctx.NArg())
-	for i := range ctx.NArg() {
+	for i := 0; i < ctx.NArg(); i++ {
 		names = append(names, args.Get(i))
 	}
@ -136,31 +130,24 @@ func runRecreateTable(stdCtx context.Context, ctx *cli.Command) error {
 	}
 	recreateTables := migrate_base.RecreateTables(beans...)
-	return db.InitEngineWithMigration(stdCtx, func(x db.Engine) error {
+	return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
-		engine, err := db.GetMasterEngine(x)
+		if err := migrations.EnsureUpToDate(x); err != nil {
 		if err != nil {
 			return err
 		}
-
+		return recreateTables(x)
 		if err := migrations.EnsureUpToDate(engine); err != nil {
 			return err
 		}
 		return recreateTables(engine)
 	})
 }
-func setupDoctorDefaultLogger(ctx *cli.Command, colorize bool) {
+func setupDoctorDefaultLogger(ctx *cli.Context, colorize bool) {
 	// Silence the default loggers
 	setupConsoleLogger(log.FATAL, log.CanColorStderr, os.Stderr)
 	logFile := ctx.String("log-file")
-	switch logFile {
+	if logFile == "" {
 	case "":
 		return // if no doctor log-file is set, do not show any log from default logger
-	case "-":
+	} else if logFile == "-" {
 		setupConsoleLogger(log.TRACE, colorize, os.Stdout)
-	default:
+	} else {
 		logFile, _ = filepath.Abs(logFile)
 		writeMode := log.WriterMode{Level: log.TRACE, WriterOption: log.WriterFileOption{FileName: logFile}}
 		writer, err := log.NewEventWriter("console-to-file", "file", writeMode)
@ -172,8 +159,8 @@ func setupDoctorDefaultLogger(ctx *cli.Command, colorize bool) {
 	}
 }
-func runDoctorCheck(stdCtx context.Context, ctx *cli.Command) error {
+func runDoctorCheck(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals(stdCtx)
+	stdCtx, cancel := installSignals()
 	defer cancel()
 	colorize := log.CanColorStdout
--- a/cmd/doctor_convert.go
+++ b/cmd/doctor_convert.go
@ -4,28 +4,25 @@
 package cmd
 import (
 	"context"
 	"fmt"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // cmdDoctorConvert represents the available convert sub-command.
-func cmdDoctorConvert() *cli.Command {
+var cmdDoctorConvert = &cli.Command{
 	return &cli.Command{
 	Name:        "convert",
 	Usage:       "Convert the database",
 	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
 	Action:      runDoctorConvert,
 	}
 }
-func runDoctorConvert(stdCtx context.Context, ctx *cli.Command) error {
+func runDoctorConvert(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals(stdCtx)
+	stdCtx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(stdCtx); err != nil {
--- a/cmd/doctor_test.go
+++ b/cmd/doctor_test.go
@ -7,11 +7,11 @@ import (
 	"context"
 	"testing"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/services/doctor"
+	"code.gitea.io/gitea/services/doctor"
 	"github.com/stretchr/testify/require"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 func TestDoctorRun(t *testing.T) {
@ -22,12 +22,12 @@ func TestDoctorRun(t *testing.T) {
 		SkipDatabaseInitialization: true,
 	})
-	app := cli.Command{}
+	app := cli.NewApp()
-	app.Commands = []*cli.Command{cmdDoctorCheck()}
+	app.Commands = []*cli.Command{cmdDoctorCheck}
-	err := app.Run(t.Context(), []string{"./gitea", "check", "--run", "test-check"})
+	err := app.Run([]string{"./gitea", "check", "--run", "test-check"})
 	require.NoError(t, err)
-	err = app.Run(t.Context(), []string{"./gitea", "check", "--run", "no-such"})
+	err = app.Run([]string{"./gitea", "check", "--run", "no-such"})
 	require.ErrorContains(t, err, `unknown checks: "no-such"`)
-	err = app.Run(t.Context(), []string{"./gitea", "check", "--run", "test-check,no-such"})
+	err = app.Run([]string{"./gitea", "check", "--run", "test-check,no-such"})
 	require.ErrorContains(t, err, `unknown checks: "no-such"`)
 }
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -5,8 +5,6 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"io"
 	"os"
@ -15,16 +13,16 @@ import (
 	"strings"
 	"time"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	"forgejo.org/modules/json"
+	"code.gitea.io/gitea/modules/json"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/storage"
+	"code.gitea.io/gitea/modules/storage"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
 	"code.forgejo.org/go-chi/session"
 	"github.com/mholt/archiver/v3"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 func addReader(w archiver.Writer, r io.ReadCloser, info os.FileInfo, customName string, verbose bool) error {
@ -85,10 +83,6 @@ func (o *outputType) Set(value string) error {
 	return fmt.Errorf("allowed values are %s", o.Join())
 }
 func (o *outputType) Get() any {
 	return o.String()
 }
 func (o outputType) String() string {
 	if o.selected == "" {
 		return o.Default
@ -102,8 +96,7 @@ var outputTypeEnum = &outputType{
 }
 // CmdDump represents the available dump sub-command.
-func cmdDump() *cli.Command {
+var CmdDump = &cli.Command{
 	return &cli.Command{
 	Name:  "dump",
 	Usage: "Dump Forgejo files and database",
 	Description: `Dump compresses all related files and database into zip file.
@ -129,6 +122,7 @@ It can be used for backup and capture Forgejo server image to send to maintainer
 		&cli.StringFlag{
 			Name:    "tempdir",
 			Aliases: []string{"t"},
 			Value:   os.TempDir(),
 			Usage:   "Temporary dir path",
 		},
 		&cli.StringFlag{
@ -139,12 +133,12 @@ It can be used for backup and capture Forgejo server image to send to maintainer
 		&cli.BoolFlag{
 			Name:    "skip-repository",
 			Aliases: []string{"R"},
-				Usage:   "Skip repositories",
+			Usage:   "Skip the repository dumping",
 		},
 		&cli.BoolFlag{
 			Name:    "skip-log",
 			Aliases: []string{"L"},
-				Usage:   "Skip logs",
+			Usage:   "Skip the log dumping",
 		},
 		&cli.BoolFlag{
 			Name:  "skip-custom-dir",
@ -166,17 +160,12 @@ It can be used for backup and capture Forgejo server image to send to maintainer
 			Name:  "skip-index",
 			Usage: "Skip bleve index data",
 		},
 			&cli.BoolFlag{
 				Name:  "skip-repo-archives",
 				Usage: "Skip repository archives",
 			},
 		&cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
 			Usage: fmt.Sprintf("Dump output format: %s", outputTypeEnum.Join()),
 		},
 	},
 	}
 }
 func fatal(format string, args ...any) {
@ -184,7 +173,7 @@ func fatal(format string, args ...any) {
 	log.Fatal(format, args...)
 }
-func runDump(stdCtx context.Context, ctx *cli.Command) error {
+func runDump(ctx *cli.Context) error {
 	var file *os.File
 	fileName := ctx.String("file")
 	outType := ctx.String("type")
@ -220,16 +209,16 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	if !setting.InstallLock {
 		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
-		return errors.New("forgejo is not initialized")
+		return fmt.Errorf("forgejo is not initialized")
 	}
 	setting.LoadSettings() // cannot access session settings otherwise
 	verbose := ctx.Bool("verbose")
 	if verbose && ctx.Bool("quiet") {
-		return errors.New("--quiet and --verbose cannot both be set")
+		return fmt.Errorf("--quiet and --verbose cannot both be set")
 	}
-	stdCtx, cancel := installSignals(stdCtx)
+	stdCtx, cancel := installSignals()
 	defer cancel()
 	err := db.InitEngine(stdCtx)
@ -244,7 +233,7 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	if file == nil {
 		file, err = os.Create(fileName)
 		if err != nil {
-			fatal("Failed to open %s: %v", fileName, err)
+			fatal("Unable to open %s: %v", fileName, err)
 		}
 	}
 	defer file.Close()
@ -261,7 +250,7 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 		iface, err = archiver.ByExtension(fileName)
 	}
 	if err != nil {
-		fatal("Failed to get archiver for extension: %v", err)
+		fatal("Unable to get archiver for extension: %v", err)
 	}
 	w, _ := iface.(archiver.Writer)
@ -271,7 +260,7 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	defer w.Close()
 	if ctx.IsSet("skip-repository") && ctx.Bool("skip-repository") {
-		log.Info("Skipping local repositories")
+		log.Info("Skip dumping local repositories")
 	} else {
 		log.Info("Dumping local repositories... %s", setting.RepoRootPath)
 		if err := addRecursiveExclude(w, "repos", setting.RepoRootPath, []string{absFileName}, verbose); err != nil {
@ -279,9 +268,9 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 		}
 		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
-			log.Info("Skipping LFS data")
+			log.Info("Skip dumping LFS data")
 		} else if !setting.LFS.StartServer {
-			log.Info("LFS not enabled - skipping")
+			log.Info("LFS isn't enabled. Skip dumping LFS data")
 		} else if err := storage.LFS.IterateObjects("", func(objPath string, object storage.Object) error {
 			info, err := object.Stat()
 			if err != nil {
@ -295,31 +284,18 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	}
 	tmpDir := ctx.String("tempdir")
 	if tmpDir == "" {
 		tmpDir, err = os.MkdirTemp("", "forgejo-dump-*")
 		if err != nil {
 			fatal("Failed to create temporary directory: %v", err)
 		}
 		defer func() {
 			if err := util.Remove(tmpDir); err != nil {
 				log.Warn("Failed to remove temporary directory: %s: Error: %v", tmpDir, err)
 			}
 		}()
 	}
 	if _, err := os.Stat(tmpDir); os.IsNotExist(err) {
 		fatal("Path does not exist: %s", tmpDir)
 	}
 	dbDump, err := os.CreateTemp(tmpDir, "forgejo-db.sql")
 	if err != nil {
-		fatal("Failed to create temporary file: %v", err)
+		fatal("Failed to create tmp file: %v", err)
 	}
 	defer func() {
 		_ = dbDump.Close()
 		if err := util.Remove(dbDump.Name()); err != nil {
-			log.Warn("Failed to remove temporary database file: %s: Error: %v", dbDump.Name(), err)
+			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
 		}
 	}()
@ -355,16 +331,16 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 					fatal("Failed to include custom: %v", err)
 				}
 			} else {
-				log.Info("Custom dir %s is inside data dir %s, skipping", setting.CustomPath, setting.AppDataPath)
+				log.Info("Custom dir %s is inside data dir %s, skipped", setting.CustomPath, setting.AppDataPath)
 			}
 		} else {
-			log.Info("Custom dir %s does not exist, skipping", setting.CustomPath)
+			log.Info("Custom dir %s doesn't exist, skipped", setting.CustomPath)
 		}
 	}
 	isExist, err := util.IsExist(setting.AppDataPath)
 	if err != nil {
-		log.Error("Failed to check if %s exists: %v", setting.AppDataPath, err)
+		log.Error("Unable to check if %s exists. Error: %v", setting.AppDataPath, err)
 	}
 	if isExist {
 		log.Info("Packing data directory...%s", setting.AppDataPath)
@ -379,16 +355,10 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 		}
 		if ctx.IsSet("skip-index") && ctx.Bool("skip-index") {
 			log.Info("Skipping bleve index data")
 			excludes = append(excludes, setting.Indexer.RepoPath)
 			excludes = append(excludes, setting.Indexer.IssuePath)
 		}
 		if ctx.IsSet("skip-repo-archives") && ctx.Bool("skip-repo-archives") {
 			log.Info("Skipping repository archives data")
 			excludes = append(excludes, setting.RepoArchive.Storage.Path)
 		}
 		excludes = append(excludes, setting.RepoRootPath)
 		excludes = append(excludes, setting.LFS.Storage.Path)
 		excludes = append(excludes, setting.Attachment.Storage.Path)
@ -401,7 +371,7 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	}
 	if ctx.IsSet("skip-attachment-data") && ctx.Bool("skip-attachment-data") {
-		log.Info("Skipping attachment data")
+		log.Info("Skip dumping attachment data")
 	} else if err := storage.Attachments.IterateObjects("", func(objPath string, object storage.Object) error {
 		info, err := object.Stat()
 		if err != nil {
@ -414,9 +384,9 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	}
 	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
-		log.Info("Skipping package data")
+		log.Info("Skip dumping package data")
 	} else if !setting.Packages.Enabled {
-		log.Info("Package registry not enabled - skipping")
+		log.Info("Packages isn't enabled. Skip dumping package data")
 	} else if err := storage.Packages.IterateObjects("", func(objPath string, object storage.Object) error {
 		info, err := object.Stat()
 		if err != nil {
@ -432,11 +402,11 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	// ensuring that it's clear the dump is skipped whether the directory's initialized
 	// yet or not.
 	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
-		log.Info("Skipping log files")
+		log.Info("Skip dumping log files")
 	} else {
 		isExist, err := util.IsExist(setting.Log.RootPath)
 		if err != nil {
-			log.Error("Failed to check if %s exists: %v", setting.Log.RootPath, err)
+			log.Error("Unable to check if %s exists. Error: %v", setting.Log.RootPath, err)
 		}
 		if isExist {
 			if err := addRecursiveExclude(w, "log", setting.Log.RootPath, []string{absFileName}, verbose); err != nil {
@ -486,7 +456,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 		currentInsidePath := path.Join(insidePath, file.Name())
 		if util.SliceContainsString(excludeAbsPath, currentAbsPath) {
-			log.Debug("Skipping %q (matched an excluded path)", currentAbsPath)
+			log.Debug("Skipping %q because matched an excluded path.", currentAbsPath)
 			continue
 		}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@ -10,21 +10,20 @@ import (
 	"os"
 	"strings"
-	"forgejo.org/modules/git"
+	"code.gitea.io/gitea/modules/git"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	base "forgejo.org/modules/migration"
+	base "code.gitea.io/gitea/modules/migration"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/structs"
+	"code.gitea.io/gitea/modules/structs"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
-	"forgejo.org/services/convert"
+	"code.gitea.io/gitea/services/convert"
-	"forgejo.org/services/migrations"
+	"code.gitea.io/gitea/services/migrations"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // CmdDumpRepository represents the available dump repository sub-command.
-func cmdDumpRepository() *cli.Command {
+var CmdDumpRepository = &cli.Command{
 	return &cli.Command{
 	Name:        "dump-repo",
 	Usage:       "Dump the repository from git/github/gitea/gitlab",
 	Description: "This is a command for dumping the repository data.",
@ -78,11 +77,10 @@ func cmdDumpRepository() *cli.Command {
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
 	},
 	}
 }
-func runDumpRepository(stdCtx context.Context, ctx *cli.Command) error {
+func runDumpRepository(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals(stdCtx)
+	stdCtx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(stdCtx); err != nil {
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@ -4,41 +4,38 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
-	"forgejo.org/modules/assetfs"
+	"code.gitea.io/gitea/modules/assetfs"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/options"
+	"code.gitea.io/gitea/modules/options"
-	"forgejo.org/modules/public"
+	"code.gitea.io/gitea/modules/public"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/templates"
+	"code.gitea.io/gitea/modules/templates"
-	"forgejo.org/modules/util"
+	"code.gitea.io/gitea/modules/util"
 	"github.com/gobwas/glob"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // CmdEmbedded represents the available extract sub-command.
-func cmdEmbedded() *cli.Command {
+var (
-	return &cli.Command{
+	CmdEmbedded = &cli.Command{
 		Name:        "embedded",
 		Usage:       "Extract embedded resources",
 		Description: "A command for extracting embedded resources, like templates and images",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
-			subcmdList(),
+			subcmdList,
-			subcmdView(),
+			subcmdView,
-			subcmdExtract(),
+			subcmdExtract,
 		},
 	}
 }
-func subcmdList() *cli.Command {
+	subcmdList = &cli.Command{
 	return &cli.Command{
 		Name:   "list",
 		Usage:  "List files matching the given pattern",
 		Action: runList,
@ -50,10 +47,8 @@ func subcmdList() *cli.Command {
 			},
 		},
 	}
 }
-func subcmdView() *cli.Command {
+	subcmdView = &cli.Command{
 	return &cli.Command{
 		Name:   "view",
 		Usage:  "View a file matching the given pattern",
 		Action: runView,
@ -65,10 +60,8 @@ func subcmdView() *cli.Command {
 			},
 		},
 	}
 }
-func subcmdExtract() *cli.Command {
+	subcmdExtract = &cli.Command{
 	return &cli.Command{
 		Name:   "extract",
 		Usage:  "Extract resources",
 		Action: runExtract,
@ -97,9 +90,9 @@ func subcmdExtract() *cli.Command {
 			},
 		},
 	}
 }
-var matchedAssetFiles []assetFile
+	matchedAssetFiles []assetFile
 )
 type assetFile struct {
 	fs   *assetfs.LayeredFS
@ -107,7 +100,7 @@ type assetFile struct {
 	path string
 }
-func initEmbeddedExtractor(_ context.Context, c *cli.Command) error {
+func initEmbeddedExtractor(c *cli.Context) error {
 	setupConsoleLogger(log.ERROR, log.CanColorStderr, os.Stderr)
 	patterns, err := compileCollectPatterns(c.Args().Slice())
@ -122,32 +115,32 @@ func initEmbeddedExtractor(_ context.Context, c *cli.Command) error {
 	return nil
 }
-func runList(ctx context.Context, c *cli.Command) error {
+func runList(c *cli.Context) error {
-	if err := runListDo(ctx, c); err != nil {
+	if err := runListDo(c); err != nil {
 		fmt.Fprintf(os.Stderr, "%v\n", err)
 		return err
 	}
 	return nil
 }
-func runView(ctx context.Context, c *cli.Command) error {
+func runView(c *cli.Context) error {
-	if err := runViewDo(ctx, c); err != nil {
+	if err := runViewDo(c); err != nil {
 		fmt.Fprintf(os.Stderr, "%v\n", err)
 		return err
 	}
 	return nil
 }
-func runExtract(ctx context.Context, c *cli.Command) error {
+func runExtract(c *cli.Context) error {
-	if err := runExtractDo(ctx, c); err != nil {
+	if err := runExtractDo(c); err != nil {
 		fmt.Fprintf(os.Stderr, "%v\n", err)
 		return err
 	}
 	return nil
 }
-func runListDo(ctx context.Context, c *cli.Command) error {
+func runListDo(c *cli.Context) error {
-	if err := initEmbeddedExtractor(ctx, c); err != nil {
+	if err := initEmbeddedExtractor(c); err != nil {
 		return err
 	}
@ -158,8 +151,8 @@ func runListDo(ctx context.Context, c *cli.Command) error {
 	return nil
 }
-func runViewDo(ctx context.Context, c *cli.Command) error {
+func runViewDo(c *cli.Context) error {
-	if err := initEmbeddedExtractor(ctx, c); err != nil {
+	if err := initEmbeddedExtractor(c); err != nil {
 		return err
 	}
@ -181,8 +174,8 @@ func runViewDo(ctx context.Context, c *cli.Command) error {
 	return nil
 }
-func runExtractDo(ctx context.Context, c *cli.Command) error {
+func runExtractDo(c *cli.Context) error {
-	if err := initEmbeddedExtractor(ctx, c); err != nil {
+	if err := initEmbeddedExtractor(c); err != nil {
 		return err
 	}
@ -278,7 +271,7 @@ func extractAsset(d string, a assetFile, overwrite, rename bool) error {
 	return nil
 }
-func collectAssetFilesByPattern(c *cli.Command, globs []glob.Glob, path string, layer *assetfs.Layer) {
+func collectAssetFilesByPattern(c *cli.Context, globs []glob.Glob, path string, layer *assetfs.Layer) {
 	fs := assetfs.Layered(layer)
 	files, err := fs.ListAllFiles(".", true)
 	if err != nil {
--- a/cmd/forgejo/actions.go
+++ b/cmd/forgejo/actions.go
@ -6,25 +6,24 @@ package forgejo
 import (
 	"context"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
 	"os"
 	"strings"
-	actions_model "forgejo.org/models/actions"
+	actions_model "code.gitea.io/gitea/models/actions"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	private_routers "forgejo.org/routers/private"
+	private_routers "code.gitea.io/gitea/routers/private"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 func CmdActions(ctx context.Context) *cli.Command {
 	return &cli.Command{
 		Name:  "actions",
 		Usage: "Commands for managing Forgejo Actions",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
 			SubcmdActionsGenerateRunnerToken(ctx),
 			SubcmdActionsGenerateRunnerSecret(ctx),
 			SubcmdActionsRegister(ctx),
@ -37,7 +36,7 @@ func SubcmdActionsGenerateRunnerToken(ctx context.Context) *cli.Command {
 		Name:   "generate-runner-token",
 		Usage:  "Generate a new token for a runner to use to register with the server",
 		Before: prepareWorkPathAndCustomConf(ctx),
-		Action: RunGenerateActionsRunnerToken,
+		Action: func(cliCtx *cli.Context) error { return RunGenerateActionsRunnerToken(ctx, cliCtx) },
 		Flags: []cli.Flag{
 			&cli.StringFlag{
 				Name:    "scope",
@ -53,7 +52,7 @@ func SubcmdActionsGenerateRunnerSecret(ctx context.Context) *cli.Command {
 	return &cli.Command{
 		Name:   "generate-secret",
 		Usage:  "Generate a secret suitable for input to the register subcommand",
-		Action: RunGenerateSecret,
+		Action: func(cliCtx *cli.Context) error { return RunGenerateSecret(ctx, cliCtx) },
 	}
 }
@ -62,7 +61,7 @@ func SubcmdActionsRegister(ctx context.Context) *cli.Command {
 		Name:   "register",
 		Usage:  "Idempotent registration of a runner using a shared secret",
 		Before: prepareWorkPathAndCustomConf(ctx),
-		Action: RunRegister,
+		Action: func(cliCtx *cli.Context) error { return RunRegister(ctx, cliCtx) },
 		Flags: []cli.Flag{
 			&cli.StringFlag{
 				Name:  "secret",
@ -106,26 +105,26 @@ func SubcmdActionsRegister(ctx context.Context) *cli.Command {
 	}
 }
-func readSecret(ctx context.Context, cli *cli.Command) (string, error) {
+func readSecret(ctx context.Context, cliCtx *cli.Context) (string, error) {
-	if cli.IsSet("secret") {
+	if cliCtx.IsSet("secret") {
-		return cli.String("secret"), nil
+		return cliCtx.String("secret"), nil
 	}
-	if cli.IsSet("secret-stdin") {
+	if cliCtx.IsSet("secret-stdin") {
 		buf, err := io.ReadAll(ContextGetStdin(ctx))
 		if err != nil {
 			return "", err
 		}
 		return string(buf), nil
 	}
-	if cli.IsSet("secret-file") {
+	if cliCtx.IsSet("secret-file") {
-		path := cli.String("secret-file")
+		path := cliCtx.String("secret-file")
 		buf, err := os.ReadFile(path)
 		if err != nil {
 			return "", err
 		}
 		return string(buf), nil
 	}
-	return "", errors.New("at least one of the --secret, --secret-stdin, --secret-file options is required")
+	return "", fmt.Errorf("at least one of the --secret, --secret-stdin, --secret-file options is required")
 }
 func validateSecret(secret string) error {
@ -139,18 +138,18 @@ func validateSecret(secret string) error {
 	return nil
 }
-func getLabels(cli *cli.Command) (*[]string, error) {
+func getLabels(cliCtx *cli.Context) (*[]string, error) {
-	if !cli.Bool("keep-labels") {
+	if !cliCtx.Bool("keep-labels") {
-		lblValue := strings.Split(cli.String("labels"), ",")
+		lblValue := strings.Split(cliCtx.String("labels"), ",")
 		return &lblValue, nil
 	}
-	if cli.String("labels") != "" {
+	if cliCtx.String("labels") != "" {
-		return nil, errors.New("--labels and --keep-labels should not be used together")
+		return nil, fmt.Errorf("--labels and --keep-labels should not be used together")
 	}
 	return nil, nil
 }
-func RunRegister(ctx context.Context, cli *cli.Command) error {
+func RunRegister(ctx context.Context, cliCtx *cli.Context) error {
 	var cancel context.CancelFunc
 	if !ContextGetNoInit(ctx) {
 		ctx, cancel = installSignals(ctx)
@ -162,17 +161,17 @@ func RunRegister(ctx context.Context, cli *cli.Command) error {
 	}
 	setting.MustInstalled()
-	secret, err := readSecret(ctx, cli)
+	secret, err := readSecret(ctx, cliCtx)
 	if err != nil {
 		return err
 	}
 	if err := validateSecret(secret); err != nil {
 		return err
 	}
-	scope := cli.String("scope")
+	scope := cliCtx.String("scope")
-	name := cli.String("name")
+	name := cliCtx.String("name")
-	version := cli.String("version")
+	version := cliCtx.String("version")
-	labels, err := getLabels(cli)
+	labels, err := getLabels(cliCtx)
 	if err != nil {
 		return err
 	}
@ -210,7 +209,7 @@ func RunRegister(ctx context.Context, cli *cli.Command) error {
 	return nil
 }
-func RunGenerateSecret(ctx context.Context, cli *cli.Command) error {
+func RunGenerateSecret(ctx context.Context, cliCtx *cli.Context) error {
 	runner := actions_model.ActionRunner{}
 	if err := runner.GenerateToken(); err != nil {
 		return err
@ -221,7 +220,7 @@ func RunGenerateSecret(ctx context.Context, cli *cli.Command) error {
 	return nil
 }
-func RunGenerateActionsRunnerToken(ctx context.Context, cli *cli.Command) error {
+func RunGenerateActionsRunnerToken(ctx context.Context, cliCtx *cli.Context) error {
 	if !ContextGetNoInit(ctx) {
 		var cancel context.CancelFunc
 		ctx, cancel = installSignals(ctx)
@ -230,7 +229,7 @@ func RunGenerateActionsRunnerToken(ctx context.Context, cli *cli.Command) error
 	setting.MustInstalled()
-	scope := cli.String("scope")
+	scope := cliCtx.String("scope")
 	respText, extra := private.GenerateActionsRunnerToken(ctx, scope)
 	if extra.HasError() {
--- a/cmd/forgejo/actions_test.go
+++ b/cmd/forgejo/actions_test.go
@ -4,13 +4,14 @@
 package forgejo
 import (
 	"context"
 	"fmt"
 	"testing"
 	"code.gitea.io/gitea/services/context"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 func TestActions_getLabels(t *testing.T) {
@ -53,21 +54,21 @@ func TestActions_getLabels(t *testing.T) {
 		},
 	}
-	flags := SubcmdActionsRegister(t.Context()).Flags
+	flags := SubcmdActionsRegister(context.Context{}).Flags
 	for _, c := range cases {
 		t.Run(fmt.Sprintf("args: %v", c.args), func(t *testing.T) {
 			// Create a copy of command to test
 			var result *resultType
-			app := cli.Command{}
+			app := cli.NewApp()
 			app.Flags = flags
-			app.Action = func(_ context.Context, ctx *cli.Command) error {
+			app.Action = func(ctx *cli.Context) error {
 				labels, err := getLabels(ctx)
 				result = &resultType{labels, err}
 				return nil
 			}
 			// Run it
-			_ = app.Run(t.Context(), c.args)
+			_ = app.Run(c.args)
 			// Test the results
 			require.NotNil(t, result)
--- a/cmd/forgejo/f3.go
+++ b/cmd/forgejo/f3.go
@ -8,19 +8,19 @@ import (
 	"context"
 	"errors"
-	"forgejo.org/models"
+	"code.gitea.io/gitea/models"
-	"forgejo.org/modules/git"
+	"code.gitea.io/gitea/modules/git"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/storage"
+	"code.gitea.io/gitea/modules/storage"
-	"forgejo.org/services/f3/util"
+	"code.gitea.io/gitea/services/f3/util"
-	_ "forgejo.org/services/f3/driver" // register the driver
+	_ "code.gitea.io/gitea/services/f3/driver" // register the driver
 	f3_cmd "code.forgejo.org/f3/gof3/v3/cmd"
 	f3_logger "code.forgejo.org/f3/gof3/v3/logger"
 	f3_util "code.forgejo.org/f3/gof3/v3/util"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 func CmdF3(ctx context.Context) *cli.Command {
@ -28,21 +28,21 @@ func CmdF3(ctx context.Context) *cli.Command {
 	return &cli.Command{
 		Name:  "f3",
 		Usage: "F3",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
 			SubcmdF3Mirror(ctx),
 		},
 	}
 }
 func SubcmdF3Mirror(ctx context.Context) *cli.Command {
-	mirrorCmd := f3_cmd.CreateCmdMirror()
+	mirrorCmd := f3_cmd.CreateCmdMirror(ctx)
 	mirrorCmd.Before = prepareWorkPathAndCustomConf(ctx)
 	f3Action := mirrorCmd.Action
-	mirrorCmd.Action = func(ctx context.Context, cli *cli.Command) error { return runMirror(ctx, cli, f3Action) }
+	mirrorCmd.Action = func(c *cli.Context) error { return runMirror(ctx, c, f3Action) }
 	return mirrorCmd
 }
-func runMirror(ctx context.Context, c *cli.Command, action cli.ActionFunc) error {
+func runMirror(ctx context.Context, c *cli.Context, action cli.ActionFunc) error {
 	setting.LoadF3Setting()
 	if !setting.F3.Enabled {
 		return errors.New("F3 is disabled, it is not ready to be used and is only present for development purposes")
@ -69,7 +69,7 @@ func runMirror(ctx context.Context, c *cli.Command, action cli.ActionFunc) error
 		}
 	}
-	err := action(ctx, c)
+	err := action(c)
 	if panicError, ok := err.(f3_util.PanicError); ok {
 		log.Debug("F3 Stack trace\n%s", panicError.Stack())
 	}
--- a/cmd/forgejo/forgejo.go
+++ b/cmd/forgejo/forgejo.go
@ -11,12 +11,12 @@ import (
 	"os/signal"
 	"syscall"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 type key int
@ -34,7 +34,7 @@ func CmdForgejo(ctx context.Context) *cli.Command {
 		Name:  "forgejo-cli",
 		Usage: "Forgejo CLI",
 		Flags: []cli.Flag{},
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
 			CmdActions(ctx),
 			CmdF3(ctx),
 		},
@ -147,12 +147,12 @@ func handleCliResponseExtra(ctx context.Context, extra private.ResponseExtra) er
 	return cli.Exit(extra.Error, 1)
 }
-func prepareWorkPathAndCustomConf(ctx context.Context) func(ctx context.Context, cli *cli.Command) (context.Context, error) {
+func prepareWorkPathAndCustomConf(ctx context.Context) func(c *cli.Context) error {
-	return func(ctx context.Context, cli *cli.Command) (context.Context, error) {
+	return func(c *cli.Context) error {
 		if !ContextGetNoInit(ctx) {
 			var args setting.ArgWorkPathAndCustomConf
 			// from children to parent, check the global flags
-			for _, curCtx := range cli.Lineage() {
+			for _, curCtx := range c.Lineage() {
 				if curCtx.IsSet("work-path") && args.WorkPath == "" {
 					args.WorkPath = curCtx.String("work-path")
 				}
@ -165,6 +165,6 @@ func prepareWorkPathAndCustomConf(ctx context.Context) func(ctx context.Context,
 			}
 			setting.InitWorkPathAndCommonConfig(os.Getenv, args)
 		}
-		return ctx, nil
+		return nil
 	}
 }
--- a/cmd/generate.go
+++ b/cmd/generate.go
@ -5,65 +5,56 @@
 package cmd
 import (
 	"context"
 	"fmt"
 	"os"
-	"forgejo.org/modules/generate"
+	"code.gitea.io/gitea/modules/generate"
 	"github.com/mattn/go-isatty"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-// CmdGenerate represents the available generate sub-command.
+var (
-func cmdGenerate() *cli.Command {
+	// CmdGenerate represents the available generate sub-command.
-	return &cli.Command{
+	CmdGenerate = &cli.Command{
 		Name:  "generate",
 		Usage: "Generate Gitea's secrets/keys/tokens",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
-			subcmdSecret(),
+			subcmdSecret,
 		},
 	}
 }
-func subcmdSecret() *cli.Command {
+	subcmdSecret = &cli.Command{
 	return &cli.Command{
 		Name:  "secret",
 		Usage: "Generate a secret token",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
-			microcmdGenerateInternalToken(),
+			microcmdGenerateInternalToken,
-			microcmdGenerateLfsJwtSecret(),
+			microcmdGenerateLfsJwtSecret,
-			microcmdGenerateSecretKey(),
+			microcmdGenerateSecretKey,
 		},
 	}
 }
-func microcmdGenerateInternalToken() *cli.Command {
+	microcmdGenerateInternalToken = &cli.Command{
 	return &cli.Command{
 		Name:   "INTERNAL_TOKEN",
 		Usage:  "Generate a new INTERNAL_TOKEN",
 		Action: runGenerateInternalToken,
 	}
 }
-func microcmdGenerateLfsJwtSecret() *cli.Command {
+	microcmdGenerateLfsJwtSecret = &cli.Command{
 	return &cli.Command{
 		Name:    "JWT_SECRET",
 		Aliases: []string{"LFS_JWT_SECRET"},
 		Usage:   "Generate a new JWT_SECRET",
 		Action:  runGenerateLfsJwtSecret,
 	}
 }
-func microcmdGenerateSecretKey() *cli.Command {
+	microcmdGenerateSecretKey = &cli.Command{
 	return &cli.Command{
 		Name:   "SECRET_KEY",
 		Usage:  "Generate a new SECRET_KEY",
 		Action: runGenerateSecretKey,
 	}
-}
+)
-func runGenerateInternalToken(ctx context.Context, c *cli.Command) error {
+func runGenerateInternalToken(c *cli.Context) error {
 	internalToken, err := generate.NewInternalToken()
 	if err != nil {
 		return err
@ -72,25 +63,28 @@ func runGenerateInternalToken(ctx context.Context, c *cli.Command) error {
 	fmt.Printf("%s", internalToken)
 	if isatty.IsTerminal(os.Stdout.Fd()) {
-		fmt.Println()
+		fmt.Printf("\n")
 	}
 	return nil
 }
-func runGenerateLfsJwtSecret(ctx context.Context, c *cli.Command) error {
+func runGenerateLfsJwtSecret(c *cli.Context) error {
-	_, jwtSecretBase64 := generate.NewJwtSecret()
+	_, jwtSecretBase64, err := generate.NewJwtSecret()
 	if err != nil {
 		return err
 	}
 	fmt.Printf("%s", jwtSecretBase64)
 	if isatty.IsTerminal(os.Stdout.Fd()) {
-		fmt.Print("\n")
+		fmt.Printf("\n")
 	}
 	return nil
 }
-func runGenerateSecretKey(ctx context.Context, c *cli.Command) error {
+func runGenerateSecretKey(c *cli.Context) error {
 	secretKey, err := generate.NewSecretKey()
 	if err != nil {
 		return err
@ -99,7 +93,7 @@ func runGenerateSecretKey(ctx context.Context, c *cli.Command) error {
 	fmt.Printf("%s", secretKey)
 	if isatty.IsTerminal(os.Stdout.Fd()) {
-		fmt.Print("\n")
+		fmt.Printf("\n")
 	}
 	return nil
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -14,38 +14,36 @@ import (
 	"strings"
 	"time"
-	"forgejo.org/modules/git"
+	"code.gitea.io/gitea/modules/git"
-	"forgejo.org/modules/git/pushoptions"
+	"code.gitea.io/gitea/modules/git/pushoptions"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	repo_module "forgejo.org/modules/repository"
+	repo_module "code.gitea.io/gitea/modules/repository"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 const (
 	hookBatchSize = 30
 )
-// CmdHook represents the available hooks sub-command.
+var (
-func cmdHook() *cli.Command {
+	// CmdHook represents the available hooks sub-command.
-	return &cli.Command{
+	CmdHook = &cli.Command{
 		Name:        "hook",
 		Usage:       "(internal) Should only be called by Git",
 		Description: "Delegate commands to corresponding Git hooks",
 		Before:      PrepareConsoleLoggerLevel(log.FATAL),
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
-			subcmdHookPreReceive(),
+			subcmdHookPreReceive,
-			subcmdHookUpdate(),
+			subcmdHookUpdate,
-			subcmdHookPostReceive(),
+			subcmdHookPostReceive,
-			subcmdHookProcReceive(),
+			subcmdHookProcReceive,
 		},
 	}
 }
-func subcmdHookPreReceive() *cli.Command {
+	subcmdHookPreReceive = &cli.Command{
 	return &cli.Command{
 		Name:        "pre-receive",
 		Usage:       "Delegate pre-receive Git hook",
 		Description: "This command should only be called by Git",
@ -56,10 +54,7 @@ func subcmdHookPreReceive() *cli.Command {
 			},
 		},
 	}
-}
+	subcmdHookUpdate = &cli.Command{
 func subcmdHookUpdate() *cli.Command {
 	return &cli.Command{
 		Name:        "update",
 		Usage:       "Delegate update Git hook",
 		Description: "This command should only be called by Git",
@ -70,10 +65,7 @@ func subcmdHookUpdate() *cli.Command {
 			},
 		},
 	}
-}
+	subcmdHookPostReceive = &cli.Command{
 func subcmdHookPostReceive() *cli.Command {
 	return &cli.Command{
 		Name:        "post-receive",
 		Usage:       "Delegate post-receive Git hook",
 		Description: "This command should only be called by Git",
@ -84,11 +76,8 @@ func subcmdHookPostReceive() *cli.Command {
 			},
 		},
 	}
-}
+	// Note: new hook since git 2.29
-
+	subcmdHookProcReceive = &cli.Command{
 // Note: new hook since git 2.29
 func subcmdHookProcReceive() *cli.Command {
 	return &cli.Command{
 		Name:        "proc-receive",
 		Usage:       "Delegate proc-receive Git hook",
 		Description: "This command should only be called by Git",
@ -99,7 +88,7 @@ func subcmdHookProcReceive() *cli.Command {
 			},
 		},
 	}
-}
+)
 type delayWriter struct {
 	internal io.Writer
@ -172,14 +161,14 @@ func (n *nilWriter) WriteString(s string) (int, error) {
 	return len(s), nil
 }
-func runHookPreReceive(ctx context.Context, c *cli.Command) error {
+func runHookPreReceive(c *cli.Context) error {
 	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
 		return nil
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), true)
+	setup(ctx, c.Bool("debug"))
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
@ -231,7 +220,10 @@ Forgejo or set your environment appropriately.`, "")
 		}
 	}
-	supportProcReceive := git.CheckGitVersionAtLeast("2.29") == nil
+	supportProcReceive := false
 	if git.CheckGitVersionAtLeast("2.29") == nil {
 		supportProcReceive = true
 	}
 	for scanner.Scan() {
 		// TODO: support news feeds for wiki
@ -258,7 +250,7 @@ Forgejo or set your environment appropriately.`, "")
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
 			count++
-			fmt.Fprint(out, "*")
+			fmt.Fprintf(out, "*")
 			if count >= hookBatchSize {
 				fmt.Fprintf(out, " Checking %d references\n", count)
@ -274,10 +266,10 @@ Forgejo or set your environment appropriately.`, "")
 				lastline = 0
 			}
 		} else {
-			fmt.Fprint(out, ".")
+			fmt.Fprintf(out, ".")
 		}
 		if lastline >= hookBatchSize {
-			fmt.Fprint(out, "\n")
+			fmt.Fprintf(out, "\n")
 			lastline = 0
 		}
 	}
@ -294,7 +286,7 @@ Forgejo or set your environment appropriately.`, "")
 			return fail(ctx, extra.UserMsg, "HookPreReceive(last) failed: %v", extra.Error)
 		}
 	} else if lastline > 0 {
-		fmt.Fprint(out, "\n")
+		fmt.Fprintf(out, "\n")
 	}
 	fmt.Fprintf(out, "Checked %d references in total\n", total)
@ -302,13 +294,13 @@ Forgejo or set your environment appropriately.`, "")
 }
 // runHookUpdate process the update hook: https://git-scm.com/docs/githooks#update
-func runHookUpdate(ctx context.Context, c *cli.Command) error {
+func runHookUpdate(c *cli.Context) error {
 	// Now if we're an internal don't do anything else
 	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
 		return nil
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	if c.NArg() != 3 {
@ -334,11 +326,11 @@ func runHookUpdate(ctx context.Context, c *cli.Command) error {
 	return fail(ctx, fmt.Sprintf("The modification of %s is skipped as it's an internal reference.", refFullName), "")
 }
-func runHookPostReceive(ctx context.Context, c *cli.Command) error {
+func runHookPostReceive(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), true)
+	setup(ctx, c.Bool("debug"))
 	// First of all run update-server-info no matter what
 	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
@ -410,7 +402,7 @@ Forgejo or set your environment appropriately.`, "")
 			continue
 		}
-		fmt.Fprint(out, ".")
+		fmt.Fprintf(out, ".")
 		oldCommitIDs[count] = string(fields[0])
 		newCommitIDs[count] = string(fields[1])
 		refFullNames[count] = git.RefName(fields[2])
@ -498,11 +490,11 @@ func hookPrintResults(results []private.HookPostReceiveBranchResult) {
 	}
 }
-func runHookProcReceive(ctx context.Context, c *cli.Command) error {
+func runHookProcReceive(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), true)
+	setup(ctx, c.Bool("debug"))
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@ -6,6 +6,7 @@ package cmd
 import (
 	"bufio"
 	"bytes"
 	"context"
 	"io"
 	"net/http"
 	"net/http/httptest"
@ -14,12 +15,12 @@ import (
 	"testing"
 	"time"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/test"
+	"code.gitea.io/gitea/modules/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // Capture what's being written into a standard file descriptor.
@ -41,7 +42,7 @@ func captureOutput(t *testing.T, stdFD *os.File) (finish func() (output string))
 }
 func TestPktLine(t *testing.T) {
-	ctx := t.Context()
+	ctx := context.Background()
 	t.Run("Read", func(t *testing.T) {
 		s := strings.NewReader("0000")
@ -134,14 +135,14 @@ func TestDelayWriter(t *testing.T) {
 	defer ts.Close()
 	defer test.MockVariableValue(&setting.LocalURL, ts.URL+"/")()
-	app := cli.Command{}
+	app := cli.NewApp()
-	app.Commands = []*cli.Command{subcmdHookPreReceive()}
+	app.Commands = []*cli.Command{subcmdHookPreReceive}
 	t.Run("Should delay", func(t *testing.T) {
 		defer test.MockVariableValue(&setting.Git.VerbosePushDelay, time.Millisecond*500)()
 		finish := captureOutput(t, os.Stdout)
-		err = app.Run(t.Context(), []string{"./forgejo", "pre-receive"})
+		err = app.Run([]string{"./forgejo", "pre-receive"})
 		require.NoError(t, err)
 		out := finish()
@ -153,7 +154,7 @@ func TestDelayWriter(t *testing.T) {
 		defer test.MockVariableValue(&setting.Git.VerbosePushDelay, time.Second*5)()
 		finish := captureOutput(t, os.Stdout)
-		err = app.Run(t.Context(), []string{"./forgejo", "pre-receive"})
+		err = app.Run([]string{"./forgejo", "pre-receive"})
 		require.NoError(t, err)
 		out := finish()
@ -163,15 +164,15 @@ func TestDelayWriter(t *testing.T) {
 }
 func TestRunHookUpdate(t *testing.T) {
-	app := cli.Command{}
+	app := cli.NewApp()
-	app.Commands = []*cli.Command{subcmdHookUpdate()}
+	app.Commands = []*cli.Command{subcmdHookUpdate}
 	t.Run("Removal of internal reference", func(t *testing.T) {
 		defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
 		defer test.MockVariableValue(&setting.IsProd, false)()
 		finish := captureOutput(t, os.Stderr)
-		err := app.Run(t.Context(), []string{"./forgejo", "update", "refs/pull/1/head", "0a51ae26bc73c47e2f754560c40904cf14ed51a9", "0000000000000000000000000000000000000000"})
+		err := app.Run([]string{"./forgejo", "update", "refs/pull/1/head", "0a51ae26bc73c47e2f754560c40904cf14ed51a9", "0000000000000000000000000000000000000000"})
 		out := finish()
 		require.Error(t, err)
@ -183,7 +184,7 @@ func TestRunHookUpdate(t *testing.T) {
 		defer test.MockVariableValue(&setting.IsProd, false)()
 		finish := captureOutput(t, os.Stderr)
-		err := app.Run(t.Context(), []string{"./forgejo", "update", "refs/pull/1/head", "0a51ae26bc73c47e2f754560c40904cf14ed51a9", "0000000000000000000000000000000000000001"})
+		err := app.Run([]string{"./forgejo", "update", "refs/pull/1/head", "0a51ae26bc73c47e2f754560c40904cf14ed51a9", "0000000000000000000000000000000000000001"})
 		out := finish()
 		require.Error(t, err)
@ -191,12 +192,12 @@ func TestRunHookUpdate(t *testing.T) {
 	})
 	t.Run("Removal of branch", func(t *testing.T) {
-		err := app.Run(t.Context(), []string{"./forgejo", "update", "refs/head/main", "0a51ae26bc73c47e2f754560c40904cf14ed51a9", "0000000000000000000000000000000000000000"})
+		err := app.Run([]string{"./forgejo", "update", "refs/head/main", "0a51ae26bc73c47e2f754560c40904cf14ed51a9", "0000000000000000000000000000000000000000"})
 		require.NoError(t, err)
 	})
 	t.Run("Not enough arguments", func(t *testing.T) {
-		err := app.Run(t.Context(), []string{"./forgejo", "update"})
+		err := app.Run([]string{"./forgejo", "update"})
 		require.NoError(t, err)
 	})
 }
--- a/cmd/keys.go
+++ b/cmd/keys.go
@ -4,20 +4,18 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strings"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // CmdKeys represents the available keys sub-command
-func cmdKeys() *cli.Command {
+var CmdKeys = &cli.Command{
 	return &cli.Command{
 	Name:        "keys",
 	Usage:       "(internal) Should only be called by SSH server",
 	Description: "Queries the Forgejo database to get the authorized command for a given ssh key fingerprint",
@ -49,10 +47,9 @@ func cmdKeys() *cli.Command {
 			Usage:   "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
 		},
 	},
 	}
 }
-func runKeys(ctx context.Context, c *cli.Command) error {
+func runKeys(c *cli.Context) error {
 	if !c.IsSet("username") {
 		return errors.New("No username provided")
 	}
@ -71,16 +68,16 @@ func runKeys(ctx context.Context, c *cli.Command) error {
 		return errors.New("No key type and content provided")
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), true)
+	setup(ctx, c.Bool("debug"))
 	authorizedString, extra := private.AuthorizedPublicKeyByContent(ctx, content)
 	// do not use handleCliResponseExtra or cli.NewExitError, if it exists immediately, it breaks some tests like Test_CmdKeys
 	if extra.Error != nil {
 		return extra.Error
 	}
-	_, _ = fmt.Fprintln(c.Root().Writer, strings.TrimSpace(authorizedString.Text))
+	_, _ = fmt.Fprintln(c.App.Writer, strings.TrimSpace(authorizedString.Text))
 	return nil
 }
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@ -4,17 +4,16 @@
 package cmd
 import (
 	"context"
 	"fmt"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func runSendMail(ctx context.Context, c *cli.Command) error {
+func runSendMail(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	setting.MustInstalled()
--- a/cmd/main.go
+++ b/cmd/main.go
@ -10,11 +10,11 @@ import (
 	"path/filepath"
 	"strings"
-	"forgejo.org/cmd/forgejo"
+	"code.gitea.io/gitea/cmd/forgejo"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // cmdHelp is our own help subcommand with more information
@ -25,18 +25,18 @@ func cmdHelp() *cli.Command {
 		Aliases:   []string{"h"},
 		Usage:     "Shows a list of commands or help for one command",
 		ArgsUsage: "[command]",
-		Action: func(ctx context.Context, c *cli.Command) (err error) {
+		Action: func(c *cli.Context) (err error) {
-			lineage := c.Lineage() // The order is from child to parent: help, doctor, Forgejo
+			lineage := c.Lineage() // The order is from child to parent: help, doctor, Gitea, {Command:nil}
 			targetCmdIdx := 0
-			if c.Name == "help" {
+			if c.Command.Name == "help" {
 				targetCmdIdx = 1
 			}
-			if targetCmdIdx+1 < len(lineage) {
+			if lineage[targetCmdIdx+1].Command != nil {
-				err = cli.ShowCommandHelp(ctx, lineage[targetCmdIdx+1], lineage[targetCmdIdx].Name)
+				err = cli.ShowCommandHelp(lineage[targetCmdIdx+1], lineage[targetCmdIdx].Command.Name)
 			} else {
 				err = cli.ShowAppHelp(c)
 			}
-			_, _ = fmt.Fprintf(c.Root().Writer, `
+			_, _ = fmt.Fprintf(c.App.Writer, `
 DEFAULT CONFIGURATION:
   AppPath:    %s
   WorkPath:   %s
@ -77,25 +77,25 @@ func appGlobalFlags() []cli.Flag {
 	}
 }
-func prepareSubcommandWithConfig(command *cli.Command, globalFlags func() []cli.Flag) {
+func prepareSubcommandWithConfig(command *cli.Command, globalFlags []cli.Flag) {
-	command.Flags = append(globalFlags(), command.Flags...)
+	command.Flags = append(append([]cli.Flag{}, globalFlags...), command.Flags...)
 	command.Action = prepareWorkPathAndCustomConf(command.Action)
 	command.HideHelp = true
 	if command.Name != "help" {
-		command.Commands = append(command.Commands, cmdHelp())
+		command.Subcommands = append(command.Subcommands, cmdHelp())
 	}
-	for i := range command.Commands {
+	for i := range command.Subcommands {
-		prepareSubcommandWithConfig(command.Commands[i], globalFlags)
+		prepareSubcommandWithConfig(command.Subcommands[i], globalFlags)
 	}
 }
 // prepareWorkPathAndCustomConf wraps the Action to prepare the work path and custom config
 // It can't use "Before", because each level's sub-command's Before will be called one by one, so the "init" would be done multiple times
-func prepareWorkPathAndCustomConf(action cli.ActionFunc) func(_ context.Context, _ *cli.Command) error {
+func prepareWorkPathAndCustomConf(action cli.ActionFunc) func(ctx *cli.Context) error {
-	return func(ctx context.Context, cli *cli.Command) error {
+	return func(ctx *cli.Context) error {
 		var args setting.ArgWorkPathAndCustomConf
 		// from children to parent, check the global flags
-		for _, curCtx := range cli.Lineage() {
+		for _, curCtx := range ctx.Lineage() {
 			if curCtx.IsSet("work-path") && args.WorkPath == "" {
 				args.WorkPath = curCtx.String("work-path")
 			}
@ -107,24 +107,24 @@ func prepareWorkPathAndCustomConf(action cli.ActionFunc) func(_ context.Context,
 			}
 		}
 		setting.InitWorkPathAndCommonConfig(os.Getenv, args)
-		if cli.Bool("help") || action == nil {
+		if ctx.Bool("help") || action == nil {
 			// the default behavior of "urfave/cli": "nil action" means "show help"
-			return cmdHelp().Action(ctx, cli)
+			return cmdHelp().Action(ctx)
 		}
-		return action(ctx, cli)
+		return action(ctx)
 	}
 }
-func NewMainApp(version, versionExtra string) *cli.Command {
+func NewMainApp(version, versionExtra string) *cli.App {
 	path, err := os.Executable()
 	if err != nil {
 		panic(err)
 	}
 	executable := filepath.Base(path)
-	subCmdsStandalone := make([]*cli.Command, 0, 10)
+	var subCmdsStandalone []*cli.Command = make([]*cli.Command, 0, 10)
-	subCmdWithConfig := make([]*cli.Command, 0, 10)
+	var subCmdWithConfig []*cli.Command = make([]*cli.Command, 0, 10)
-	globalFlags := func() []cli.Flag { return []cli.Flag{} }
+	var globalFlags []cli.Flag = make([]cli.Flag, 0, 10)
 	//
 	// If the executable is forgejo-cli, provide a Forgejo specific CLI
@ -133,16 +133,14 @@ func NewMainApp(version, versionExtra string) *cli.Command {
 	if executable == "forgejo-cli" {
 		subCmdsStandalone = append(subCmdsStandalone, forgejo.CmdActions(context.Background()))
 		subCmdWithConfig = append(subCmdWithConfig, forgejo.CmdF3(context.Background()))
-		globalFlags = func() []cli.Flag {
+		globalFlags = append(globalFlags, []cli.Flag{
 			return []cli.Flag{
 			&cli.BoolFlag{
 				Name: "quiet",
 			},
 			&cli.BoolFlag{
 				Name: "verbose",
 			},
-			}
+		}...)
 		}
 	} else {
 		//
 		// Otherwise provide a Gitea compatible CLI which includes Forgejo
@ -151,54 +149,55 @@ func NewMainApp(version, versionExtra string) *cli.Command {
 		// binary and rename it to forgejo if they want.
 		//
 		subCmdsStandalone = append(subCmdsStandalone, forgejo.CmdForgejo(context.Background()))
-		subCmdWithConfig = append(subCmdWithConfig, cmdActions())
+		subCmdWithConfig = append(subCmdWithConfig, CmdActions)
 	}
 	return innerNewMainApp(version, versionExtra, subCmdsStandalone, subCmdWithConfig, globalFlags)
 }
-func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmdWithConfigArgs []*cli.Command, globalFlagsArgs func() []cli.Flag) *cli.Command {
+func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmdWithConfigArgs []*cli.Command, globalFlagsArgs []cli.Flag) *cli.App {
-	app := &cli.Command{}
+	app := cli.NewApp()
 	app.HelpName = "forgejo"
 	app.Name = "Forgejo"
 	app.Usage = "Beyond coding. We forge."
 	app.Description = `By default, forgejo will start serving using the web-server with no argument, which can alternatively be run by running the subcommand "web".`
 	app.Version = version + versionExtra
-	app.EnableShellCompletion = true
+	app.EnableBashCompletion = true
 	// these sub-commands need to use config file
 	subCmdWithConfig := []*cli.Command{
 		cmdHelp(), // the "help" sub-command was used to show the more information for "work path" and "custom config"
-		cmdWeb(),
+		CmdWeb,
-		cmdServ(),
+		CmdServ,
-		cmdHook(),
+		CmdHook,
-		cmdKeys(),
+		CmdKeys,
-		cmdDump(),
+		CmdDump,
-		cmdAdmin(),
+		CmdAdmin,
-		cmdMigrate(),
+		CmdMigrate,
-		cmdDoctor(),
+		CmdDoctor,
-		cmdManager(),
+		CmdManager,
-		cmdEmbedded(),
+		CmdEmbedded,
-		cmdMigrateStorage(),
+		CmdMigrateStorage,
-		cmdDumpRepository(),
+		CmdDumpRepository,
-		cmdRestoreRepository(),
+		CmdRestoreRepository,
 	}
 	subCmdWithConfig = append(subCmdWithConfig, subCmdWithConfigArgs...)
 	// these sub-commands do not need the config file, and they do not depend on any path or environment variable.
 	subCmdStandalone := []*cli.Command{
-		cmdCert(),
+		CmdCert,
-		cmdGenerate(),
+		CmdGenerate,
 		CmdDocs,
 	}
 	subCmdStandalone = append(subCmdStandalone, subCmdsStandaloneArgs...)
-	app.DefaultCommand = cmdWeb().Name
+	app.DefaultCommand = CmdWeb.Name
-	globalFlags := func() []cli.Flag {
+	globalFlags := appGlobalFlags()
-		return append(appGlobalFlags(), globalFlagsArgs()...)
+	globalFlags = append(globalFlags, globalFlagsArgs...)
 	}
 	app.Flags = append(app.Flags, cli.VersionFlag)
-	app.Flags = append(app.Flags, globalFlags()...)
+	app.Flags = append(app.Flags, globalFlags...)
 	app.HideHelp = true // use our own help action to show helps (with more information like default config)
 	app.Before = PrepareConsoleLoggerLevel(log.INFO)
 	for i := range subCmdWithConfig {
@ -207,12 +206,11 @@ func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmd
 	app.Commands = append(app.Commands, subCmdWithConfig...)
 	app.Commands = append(app.Commands, subCmdStandalone...)
 	setting.InitGiteaEnvVars()
 	return app
 }
-func RunMainApp(app *cli.Command, args ...string) error {
+func RunMainApp(app *cli.App, args ...string) error {
-	err := app.Run(context.Background(), args)
+	err := app.Run(args)
 	if err == nil {
 		return nil
 	}
@ -221,7 +219,7 @@ func RunMainApp(app *cli.Command, args ...string) error {
 		cli.OsExiter(1)
 		return err
 	}
-	_, _ = fmt.Fprintf(app.Root().ErrWriter, "Command error: %v\n", err)
+	_, _ = fmt.Fprintf(app.ErrWriter, "Command error: %v\n", err)
 	cli.OsExiter(1)
 	return err
 }
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@ -4,21 +4,20 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
-	"forgejo.org/models/unittest"
+	"code.gitea.io/gitea/models/unittest"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/test"
+	"code.gitea.io/gitea/modules/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 func TestMain(m *testing.M) {
@ -29,10 +28,10 @@ func makePathOutput(workPath, customPath, customConf string) string {
 	return fmt.Sprintf("WorkPath=%s\nCustomPath=%s\nCustomConf=%s", workPath, customPath, customConf)
 }
-func newTestApp(testCmdAction func(_ context.Context, ctx *cli.Command) error) *cli.Command {
+func newTestApp(testCmdAction func(ctx *cli.Context) error) *cli.App {
 	app := NewMainApp("version", "version-extra")
 	testCmd := &cli.Command{Name: "test-cmd", Action: testCmdAction}
-	prepareSubcommandWithConfig(testCmd, appGlobalFlags)
+	prepareSubcommandWithConfig(testCmd, appGlobalFlags())
 	app.Commands = append(app.Commands, testCmd)
 	app.DefaultCommand = testCmd.Name
 	return app
@ -44,7 +43,7 @@ type runResult struct {
 	ExitCode int
 }
-func runTestApp(app *cli.Command, args ...string) (runResult, error) {
+func runTestApp(app *cli.App, args ...string) (runResult, error) {
 	outBuf := new(strings.Builder)
 	errBuf := new(strings.Builder)
 	app.Writer = outBuf
@ -67,6 +66,7 @@ func TestCliCmd(t *testing.T) {
 	defaultCustomConf := filepath.Join(defaultCustomPath, "conf/app.ini")
 	cli.CommandHelpTemplate = "(command help template)"
 	cli.AppHelpTemplate = "(app help template)"
 	cli.SubcommandHelpTemplate = "(subcommand help template)"
 	cases := []struct {
@ -110,55 +110,70 @@ func TestCliCmd(t *testing.T) {
 		},
 	}
-	for _, c := range cases {
+	app := newTestApp(func(ctx *cli.Context) error {
-		t.Run(c.cmd, func(t *testing.T) {
+		_, _ = fmt.Fprint(ctx.App.Writer, makePathOutput(setting.AppWorkPath, setting.CustomPath, setting.CustomConf))
 			defer test.MockProtect(&setting.AppWorkPath)()
 			defer test.MockProtect(&setting.CustomPath)()
 			defer test.MockProtect(&setting.CustomConf)()
 			app := newTestApp(func(_ context.Context, ctx *cli.Command) error {
 				_, _ = fmt.Fprint(ctx.Root().Writer, makePathOutput(setting.AppWorkPath, setting.CustomPath, setting.CustomConf))
 		return nil
 	})
 	var envBackup []string
 	for _, s := range os.Environ() {
 		if strings.HasPrefix(s, "GITEA_") && strings.Contains(s, "=") {
 			envBackup = append(envBackup, s)
 		}
 	}
 	clearGiteaEnv := func() {
 		for _, s := range os.Environ() {
 			if strings.HasPrefix(s, "GITEA_") {
 				_ = os.Unsetenv(s)
 			}
 		}
 	}
 	defer func() {
 		clearGiteaEnv()
 		for _, s := range envBackup {
 			k, v, _ := strings.Cut(s, "=")
 			_ = os.Setenv(k, v)
 		}
 	}()
 	for _, c := range cases {
 		clearGiteaEnv()
 		for k, v := range c.env {
-				t.Setenv(k, v)
+			_ = os.Setenv(k, v)
 		}
 		args := strings.Split(c.cmd, " ") // for test only, "split" is good enough
 		r, err := runTestApp(app, args...)
 		require.NoError(t, err, c.cmd)
 		assert.NotEmpty(t, c.exp, c.cmd)
-			assert.Contains(t, r.Stdout, c.exp, c.cmd+"\n"+r.Stdout)
+		assert.Contains(t, r.Stdout, c.exp, c.cmd)
 		})
 	}
 }
 func TestCliCmdError(t *testing.T) {
-	app := newTestApp(func(_ context.Context, ctx *cli.Command) error { return errors.New("normal error") })
+	app := newTestApp(func(ctx *cli.Context) error { return fmt.Errorf("normal error") })
 	r, err := runTestApp(app, "./gitea", "test-cmd")
 	require.Error(t, err)
 	assert.Equal(t, 1, r.ExitCode)
-	assert.Empty(t, r.Stdout)
+	assert.Equal(t, "", r.Stdout)
 	assert.Equal(t, "Command error: normal error\n", r.Stderr)
-	app = newTestApp(func(_ context.Context, ctx *cli.Command) error { return cli.Exit("exit error", 2) })
+	app = newTestApp(func(ctx *cli.Context) error { return cli.Exit("exit error", 2) })
 	r, err = runTestApp(app, "./gitea", "test-cmd")
 	require.Error(t, err)
 	assert.Equal(t, 2, r.ExitCode)
-	assert.Empty(t, r.Stdout)
+	assert.Equal(t, "", r.Stdout)
 	assert.Equal(t, "exit error\n", r.Stderr)
-	app = newTestApp(func(_ context.Context, ctx *cli.Command) error { return nil })
+	app = newTestApp(func(ctx *cli.Context) error { return nil })
 	r, err = runTestApp(app, "./gitea", "test-cmd", "--no-such")
 	require.Error(t, err)
 	assert.Equal(t, 1, r.ExitCode)
-	assert.Equal(t, "Incorrect Usage: flag provided but not defined: -no-such\n\n", r.Stderr)
+	assert.Equal(t, "Incorrect Usage: flag provided but not defined: -no-such\n\n", r.Stdout)
-	assert.Empty(t, r.Stdout)
+	assert.Equal(t, "", r.Stderr) // the cli package's strange behavior, the error message is not in stderr ....
-	app = newTestApp(func(_ context.Context, ctx *cli.Command) error { return nil })
+	app = newTestApp(func(ctx *cli.Context) error { return nil })
 	r, err = runTestApp(app, "./gitea", "test-cmd")
 	require.NoError(t, err)
 	assert.Equal(t, -1, r.ExitCode) // the cli.OsExiter is not called
-	assert.Empty(t, r.Stdout)
+	assert.Equal(t, "", r.Stdout)
-	assert.Empty(t, r.Stderr)
+	assert.Equal(t, "", r.Stderr)
 }
--- a/cmd/manager.go
+++ b/cmd/manager.go
@ -4,34 +4,30 @@
 package cmd
 import (
 	"context"
 	"os"
 	"time"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-// CmdManager represents the manager command
+var (
-func cmdManager() *cli.Command {
+	// CmdManager represents the manager command
-	return &cli.Command{
+	CmdManager = &cli.Command{
 		Name:        "manager",
 		Usage:       "Manage the running forgejo process",
 		Description: "This is a command for managing the running forgejo process",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
-			subcmdShutdown(),
+			subcmdShutdown,
-			subcmdRestart(),
+			subcmdRestart,
-			subcmdReloadTemplates(),
+			subcmdReloadTemplates,
-			subcmdFlushQueues(),
+			subcmdFlushQueues,
-			subcmdLogging(),
+			subcmdLogging,
-			subCmdProcesses(),
+			subCmdProcesses,
 		},
 	}
-}
+	subcmdShutdown = &cli.Command{
 func subcmdShutdown() *cli.Command {
 	return &cli.Command{
 		Name:  "shutdown",
 		Usage: "Gracefully shutdown the running process",
 		Flags: []cli.Flag{
@ -41,10 +37,7 @@ func subcmdShutdown() *cli.Command {
 		},
 		Action: runShutdown,
 	}
-}
+	subcmdRestart = &cli.Command{
 func subcmdRestart() *cli.Command {
 	return &cli.Command{
 		Name:  "restart",
 		Usage: "Gracefully restart the running process - (not implemented for windows servers)",
 		Flags: []cli.Flag{
@ -54,10 +47,7 @@ func subcmdRestart() *cli.Command {
 		},
 		Action: runRestart,
 	}
-}
+	subcmdReloadTemplates = &cli.Command{
 func subcmdReloadTemplates() *cli.Command {
 	return &cli.Command{
 		Name:  "reload-templates",
 		Usage: "Reload template files in the running process",
 		Flags: []cli.Flag{
@ -67,10 +57,7 @@ func subcmdReloadTemplates() *cli.Command {
 		},
 		Action: runReloadTemplates,
 	}
-}
+	subcmdFlushQueues = &cli.Command{
 func subcmdFlushQueues() *cli.Command {
 	return &cli.Command{
 		Name:   "flush-queues",
 		Usage:  "Flush queues in the running process",
 		Action: runFlushQueues,
@ -89,10 +76,7 @@ func subcmdFlushQueues() *cli.Command {
 			},
 		},
 	}
-}
+	subCmdProcesses = &cli.Command{
 func subCmdProcesses() *cli.Command {
 	return &cli.Command{
 		Name:   "processes",
 		Usage:  "Display running processes within the current process",
 		Action: runProcesses,
@ -122,49 +106,49 @@ func subCmdProcesses() *cli.Command {
 			},
 		},
 	}
-}
+)
-func runShutdown(ctx context.Context, c *cli.Command) error {
+func runShutdown(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	extra := private.Shutdown(ctx)
 	return handleCliResponseExtra(extra)
 }
-func runRestart(ctx context.Context, c *cli.Command) error {
+func runRestart(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	extra := private.Restart(ctx)
 	return handleCliResponseExtra(extra)
 }
-func runReloadTemplates(ctx context.Context, c *cli.Command) error {
+func runReloadTemplates(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	extra := private.ReloadTemplates(ctx)
 	return handleCliResponseExtra(extra)
 }
-func runFlushQueues(ctx context.Context, c *cli.Command) error {
+func runFlushQueues(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	extra := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking"))
 	return handleCliResponseExtra(extra)
 }
-func runProcesses(ctx context.Context, c *cli.Command) error {
+func runProcesses(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	extra := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel"))
 	return handleCliResponseExtra(extra)
 }
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@ -4,19 +4,18 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"os"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
-func defaultLoggingFlags() []cli.Flag {
+var (
-	return []cli.Flag{
+	defaultLoggingFlags = []cli.Flag{
 		&cli.StringFlag{
 			Name:  "logger",
 			Usage: `Logger name - will default to "default"`,
@ -57,13 +56,11 @@ func defaultLoggingFlags() []cli.Flag {
 			Name: "debug",
 		},
 	}
 }
-func subcmdLogging() *cli.Command {
+	subcmdLogging = &cli.Command{
 	return &cli.Command{
 		Name:  "logging",
 		Usage: "Adjust logging commands",
-		Commands: []*cli.Command{
+		Subcommands: []*cli.Command{
 			{
 				Name:  "pause",
 				Usage: "Pause logging (Forgejo will buffer logs up to a certain point and will drop them after that point)",
@ -107,11 +104,11 @@ func subcmdLogging() *cli.Command {
 			}, {
 				Name:  "add",
 				Usage: "Add a logger",
-				Commands: []*cli.Command{
+				Subcommands: []*cli.Command{
 					{
 						Name:  "file",
 						Usage: "Add a file logger",
-						Flags: append(defaultLoggingFlags(), []cli.Flag{
+						Flags: append(defaultLoggingFlags, []cli.Flag{
 							&cli.StringFlag{
 								Name:    "filename",
 								Aliases: []string{"f"},
@ -155,7 +152,7 @@ func subcmdLogging() *cli.Command {
 					}, {
 						Name:  "conn",
 						Usage: "Add a net conn logger",
-						Flags: append(defaultLoggingFlags(), []cli.Flag{
+						Flags: append(defaultLoggingFlags, []cli.Flag{
 							&cli.BoolFlag{
 								Name:    "reconnect-on-message",
 								Aliases: []string{"R"},
@ -196,13 +193,13 @@ func subcmdLogging() *cli.Command {
 			},
 		},
 	}
-}
+)
-func runRemoveLogger(ctx context.Context, c *cli.Command) error {
+func runRemoveLogger(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	logger := c.String("logger")
 	if len(logger) == 0 {
 		logger = log.DEFAULT
@ -213,11 +210,11 @@ func runRemoveLogger(ctx context.Context, c *cli.Command) error {
 	return handleCliResponseExtra(extra)
 }
-func runAddConnLogger(ctx context.Context, c *cli.Command) error {
+func runAddConnLogger(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	vals := map[string]any{}
 	mode := "conn"
 	vals["net"] = "tcp"
@ -240,14 +237,14 @@ func runAddConnLogger(ctx context.Context, c *cli.Command) error {
 	if c.IsSet("reconnect-on-message") {
 		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
 	}
-	return commonAddLogger(ctx, c, mode, vals)
+	return commonAddLogger(c, mode, vals)
 }
-func runAddFileLogger(ctx context.Context, c *cli.Command) error {
+func runAddFileLogger(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	vals := map[string]any{}
 	mode := "file"
 	if c.IsSet("filename") {
@ -273,10 +270,10 @@ func runAddFileLogger(ctx context.Context, c *cli.Command) error {
 	if c.IsSet("compression-level") {
 		vals["compressionLevel"] = c.Int("compression-level")
 	}
-	return commonAddLogger(ctx, c, mode, vals)
+	return commonAddLogger(c, mode, vals)
 }
-func commonAddLogger(ctx context.Context, c *cli.Command, mode string, vals map[string]any) error {
+func commonAddLogger(c *cli.Context, mode string, vals map[string]any) error {
 	if len(c.String("level")) > 0 {
 		vals["level"] = log.LevelFromString(c.String("level")).String()
 	}
@ -303,47 +300,47 @@ func commonAddLogger(ctx context.Context, c *cli.Command, mode string, vals map[
 	if c.IsSet("writer") {
 		writer = c.String("writer")
 	}
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	extra := private.AddLogger(ctx, logger, writer, mode, vals)
 	return handleCliResponseExtra(extra)
 }
-func runPauseLogging(ctx context.Context, c *cli.Command) error {
+func runPauseLogging(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	userMsg := private.PauseLogging(ctx)
 	_, _ = fmt.Fprintln(os.Stdout, userMsg)
 	return nil
 }
-func runResumeLogging(ctx context.Context, c *cli.Command) error {
+func runResumeLogging(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	userMsg := private.ResumeLogging(ctx)
 	_, _ = fmt.Fprintln(os.Stdout, userMsg)
 	return nil
 }
-func runReleaseReopenLogging(ctx context.Context, c *cli.Command) error {
+func runReleaseReopenLogging(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	userMsg := private.ReleaseReopenLogging(ctx)
 	_, _ = fmt.Fprintln(os.Stdout, userMsg)
 	return nil
 }
-func runSetLogSQL(ctx context.Context, c *cli.Command) error {
+func runSetLogSQL(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"), false)
+	setup(ctx, c.Bool("debug"))
 	extra := private.SetLogSQL(ctx, !c.Bool("off"))
 	return handleCliResponseExtra(extra)
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@ -6,26 +6,24 @@ package cmd
 import (
 	"context"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	"forgejo.org/models/migrations"
+	"code.gitea.io/gitea/models/migrations"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // CmdMigrate represents the available migrate sub-command.
-func cmdMigrate() *cli.Command {
+var CmdMigrate = &cli.Command{
 	return &cli.Command{
 	Name:        "migrate",
 	Usage:       "Migrate the database",
 	Description: "This is a command for migrating the database, so that you can run 'forgejo admin user create' before starting the server.",
 	Action:      runMigrate,
 	}
 }
-func runMigrate(stdCtx context.Context, ctx *cli.Command) error {
+func runMigrate(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals(stdCtx)
+	stdCtx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(stdCtx); err != nil {
@ -38,13 +36,7 @@ func runMigrate(stdCtx context.Context, ctx *cli.Command) error {
 	log.Info("Log path: %s", setting.Log.RootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
-	if err := db.InitEngineWithMigration(context.Background(), func(dbEngine db.Engine) error {
+	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
 		masterEngine, err := db.GetMasterEngine(dbEngine)
 		if err != nil {
 			return err
 		}
 		return migrations.Migrate(masterEngine)
 	}); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
 	}
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@ -10,25 +10,23 @@ import (
 	"io/fs"
 	"strings"
-	actions_model "forgejo.org/models/actions"
+	actions_model "code.gitea.io/gitea/models/actions"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	git_model "forgejo.org/models/git"
+	git_model "code.gitea.io/gitea/models/git"
-	"forgejo.org/models/migrations"
+	"code.gitea.io/gitea/models/migrations"
-	packages_model "forgejo.org/models/packages"
+	packages_model "code.gitea.io/gitea/models/packages"
-	repo_model "forgejo.org/models/repo"
+	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "forgejo.org/models/user"
+	user_model "code.gitea.io/gitea/models/user"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	packages_module "forgejo.org/modules/packages"
+	packages_module "code.gitea.io/gitea/modules/packages"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/storage"
+	"code.gitea.io/gitea/modules/storage"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 	"xorm.io/xorm"
 )
 // CmdMigrateStorage represents the available migrate storage sub-command.
-func cmdMigrateStorage() *cli.Command {
+var CmdMigrateStorage = &cli.Command{
 	return &cli.Command{
 	Name:        "migrate-storage",
 	Usage:       "Migrate the storage",
 	Description: "Copies stored files from storage configured in app.ini to parameter-configured storage",
@ -96,7 +94,6 @@ func cmdMigrateStorage() *cli.Command {
 			Usage: "Minio checksum algorithm (default/md5)",
 		},
 	},
 	}
 }
 func migrateAttachments(ctx context.Context, dstStorage storage.ObjectStorage) error {
@ -184,8 +181,8 @@ func migrateActionsArtifacts(ctx context.Context, dstStorage storage.ObjectStora
 	})
 }
-func runMigrateStorage(stdCtx context.Context, ctx *cli.Command) error {
+func runMigrateStorage(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals(stdCtx)
+	stdCtx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(stdCtx); err != nil {
@ -198,9 +195,7 @@ func runMigrateStorage(stdCtx context.Context, ctx *cli.Command) error {
 	log.Info("Log path: %s", setting.Log.RootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
-	if err := db.InitEngineWithMigration(context.Background(), func(e db.Engine) error {
+	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
 		return migrations.Migrate(e.(*xorm.Engine))
 	}); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
 	}
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@ -4,21 +4,22 @@
 package cmd
 import (
 	"context"
 	"io"
 	"os"
 	"strings"
 	"testing"
-	"forgejo.org/models/actions"
+	"code.gitea.io/gitea/models/actions"
-	"forgejo.org/models/db"
+	"code.gitea.io/gitea/models/db"
-	"forgejo.org/models/packages"
+	"code.gitea.io/gitea/models/packages"
-	"forgejo.org/models/unittest"
+	"code.gitea.io/gitea/models/unittest"
-	user_model "forgejo.org/models/user"
+	user_model "code.gitea.io/gitea/models/user"
-	packages_module "forgejo.org/modules/packages"
+	packages_module "code.gitea.io/gitea/modules/packages"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/modules/storage"
+	"code.gitea.io/gitea/modules/storage"
-	"forgejo.org/modules/test"
+	"code.gitea.io/gitea/modules/test"
-	packages_service "forgejo.org/services/packages"
+	packages_service "code.gitea.io/gitea/services/packages"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@ -30,7 +31,7 @@ func createLocalStorage(t *testing.T) (storage.ObjectStorage, string) {
 	p := t.TempDir()
 	storage, err := storage.NewLocalStorage(
-		t.Context(),
+		context.Background(),
 		&setting.Storage{
 			Path: p,
 		})
@ -71,7 +72,7 @@ func TestMigratePackages(t *testing.T) {
 	assert.NotNil(t, v)
 	assert.NotNil(t, f)
-	ctx := t.Context()
+	ctx := context.Background()
 	dstStorage, p := createLocalStorage(t)
@ -81,8 +82,8 @@ func TestMigratePackages(t *testing.T) {
 	entries, err := os.ReadDir(p)
 	require.NoError(t, err)
 	assert.Len(t, entries, 2)
-	assert.Equal(t, "01", entries[0].Name())
+	assert.EqualValues(t, "01", entries[0].Name())
-	assert.Equal(t, "tmp", entries[1].Name())
+	assert.EqualValues(t, "tmp", entries[1].Name())
 }
 func TestMigrateActionsArtifacts(t *testing.T) {
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@ -4,18 +4,16 @@
 package cmd
 import (
 	"context"
 	"strings"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // CmdRestoreRepository represents the available restore a repository sub-command.
-func cmdRestoreRepository() *cli.Command {
+var CmdRestoreRepository = &cli.Command{
 	return &cli.Command{
 	Name:        "restore-repo",
 	Usage:       "Restore the repository from disk",
 	Description: "This is a command for restoring the repository data.",
@ -48,11 +46,10 @@ wiki, issues, labels, releases, release_assets, milestones, pull_requests, comme
 			Usage: "Sanity check the content of the files before trying to load them",
 		},
 	},
 	}
 }
-func runRestoreRepository(ctx context.Context, c *cli.Command) error {
+func runRestoreRepository(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	setting.MustInstalled()
--- a/cmd/serv.go
+++ b/cmd/serv.go
@ -18,22 +18,22 @@ import (
 	"time"
 	"unicode"
-	asymkey_model "forgejo.org/models/asymkey"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	git_model "forgejo.org/models/git"
+	git_model "code.gitea.io/gitea/models/git"
-	"forgejo.org/models/perm"
+	"code.gitea.io/gitea/models/perm"
-	"forgejo.org/modules/git"
+	"code.gitea.io/gitea/modules/git"
-	"forgejo.org/modules/json"
+	"code.gitea.io/gitea/modules/json"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/pprof"
+	"code.gitea.io/gitea/modules/pprof"
-	"forgejo.org/modules/private"
+	"code.gitea.io/gitea/modules/private"
-	"forgejo.org/modules/process"
+	"code.gitea.io/gitea/modules/process"
-	repo_module "forgejo.org/modules/repository"
+	repo_module "code.gitea.io/gitea/modules/repository"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/services/lfs"
+	"code.gitea.io/gitea/services/lfs"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/kballard/go-shellquote"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 const (
@ -41,8 +41,7 @@ const (
 )
 // CmdServ represents the available serv sub-command.
-func cmdServ() *cli.Command {
+var CmdServ = &cli.Command{
 	return &cli.Command{
 	Name:        "serv",
 	Usage:       "(internal) Should only be called by SSH shell",
 	Description: "Serv provides access auth for repositories",
@ -56,26 +55,22 @@ func cmdServ() *cli.Command {
 			Name: "debug",
 		},
 	},
 	}
 }
-func setup(ctx context.Context, debug, gitNeeded bool) {
+func setup(ctx context.Context, debug bool) {
 	if debug {
 		setupConsoleLogger(log.TRACE, false, os.Stderr)
 	} else {
 		setupConsoleLogger(log.FATAL, false, os.Stderr)
 	}
 	setting.MustInstalled()
 	// Sanity check to ensure path is not relative, see: https://github.com/go-gitea/gitea/pull/19317
 	if _, err := os.Stat(setting.RepoRootPath); err != nil {
 		_ = fail(ctx, "Unable to access repository path", "Unable to access repository path %q, err: %v", setting.RepoRootPath, err)
 		return
 	}
 	if gitNeeded {
 	if err := git.InitSimple(context.Background()); err != nil {
 		_ = fail(ctx, "Failed to init git", "Failed to init git, err: %v", err)
 	}
 	}
 }
 var (
@ -133,12 +128,12 @@ func handleCliResponseExtra(extra private.ResponseExtra) error {
 	return nil
 }
-func runServ(ctx context.Context, c *cli.Command) error {
+func runServ(c *cli.Context) error {
-	ctx, cancel := installSignals(ctx)
+	ctx, cancel := installSignals()
 	defer cancel()
 	// FIXME: This needs to internationalised
-	setup(ctx, c.Bool("debug"), true)
+	setup(ctx, c.Bool("debug"))
 	if setting.SSH.Disabled {
 		fmt.Println("Forgejo: SSH has been disabled")
@ -196,7 +191,7 @@ func runServ(ctx context.Context, c *cli.Command) error {
 		if git.CheckGitVersionAtLeast("2.29") == nil {
 			// for AGit Flow
 			if cmd == "ssh_info" {
-				fmt.Print(`{"type":"agit","version":1}`)
+				fmt.Print(`{"type":"gitea","version":1}`)
 				return nil
 			}
 		}
@ -258,12 +253,11 @@ func runServ(ctx context.Context, c *cli.Command) error {
 	}
 	if verb == lfsAuthenticateVerb {
-		switch lfsVerb {
+		if lfsVerb == "upload" {
 		case "upload":
 			requestedMode = perm.AccessModeWrite
-		case "download":
+		} else if lfsVerb == "download" {
 			requestedMode = perm.AccessModeRead
-		default:
+		} else {
 			return fail(ctx, "Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
 		}
 	}
--- a/cmd/web.go
+++ b/cmd/web.go
@ -12,29 +12,27 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
 	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
-	"forgejo.org/modules/container"
+	"code.gitea.io/gitea/modules/container"
-	"forgejo.org/modules/graceful"
+	"code.gitea.io/gitea/modules/graceful"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/process"
+	"code.gitea.io/gitea/modules/process"
-	"forgejo.org/modules/public"
+	"code.gitea.io/gitea/modules/public"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"forgejo.org/routers"
+	"code.gitea.io/gitea/routers"
-	"forgejo.org/routers/install"
+	"code.gitea.io/gitea/routers/install"
 	"github.com/felixge/fgprof"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 // PIDFile could be set from build tag
 var PIDFile = "/run/gitea.pid"
 // CmdWeb represents the available web sub-command.
-func cmdWeb() *cli.Command {
+var CmdWeb = &cli.Command{
 	return &cli.Command{
 	Name:  "web",
 	Usage: "Start the Forgejo web server",
 	Description: `The Forgejo web server is the only thing you need to run,
@ -69,7 +67,6 @@ and it takes care of all the other things for you`,
 			Usage: "Set initial logging to TRACE level until logging is properly set-up",
 		},
 	},
 	}
 }
 func runHTTPRedirector() {
@ -118,19 +115,9 @@ func showWebStartupMessage(msg string) {
 	log.Info("* CustomPath: %s", setting.CustomPath)
 	log.Info("* ConfigFile: %s", setting.CustomConf)
 	log.Info("%s", msg) // show startup message
 	if setting.CORSConfig.Enabled {
 		log.Info("CORS Service Enabled")
 	}
 	if setting.DefaultUILocation != time.Local {
 		log.Info("Default UI Location is %v", setting.DefaultUILocation.String())
 	}
 	if setting.MailService != nil {
 		log.Info("Mail Service Enabled: RegisterEmailConfirm=%v, Service.EnableNotifyMail=%v", setting.Service.RegisterEmailConfirm, setting.Service.EnableNotifyMail)
 	}
 }
-func serveInstall(_ context.Context, ctx *cli.Command) error {
+func serveInstall(ctx *cli.Context) error {
 	showWebStartupMessage("Prepare to run install page")
 	routers.InitWebInstallPage(graceful.GetManager().HammerContext())
@ -163,7 +150,7 @@ func serveInstall(_ context.Context, ctx *cli.Command) error {
 	return nil
 }
-func serveInstalled(_ context.Context, ctx *cli.Command) error {
+func serveInstalled(ctx *cli.Context) error {
 	setting.InitCfgProvider(setting.CustomConf)
 	setting.LoadCommonSettings()
 	setting.MustInstalled()
@ -197,9 +184,12 @@ func serveInstalled(_ context.Context, ctx *cli.Command) error {
 	publicFilesSet.Remove(".well-known")
 	publicFilesSet.Remove("assets")
 	publicFilesSet.Remove("robots.txt")
-	for fn := range publicFilesSet.Seq() {
+	for _, fn := range publicFilesSet.Values() {
 		log.Error("Found legacy public asset %q in CustomPath. Please move it to %s/public/assets/%s", fn, setting.CustomPath, fn)
 	}
 	if _, err := os.Stat(filepath.Join(setting.CustomPath, "robots.txt")); err == nil {
 		log.Error(`Found legacy public asset "robots.txt" in CustomPath. Please move it to %s/public/robots.txt`, setting.CustomPath)
 	}
 	routers.InitWebInstalled(graceful.GetManager().HammerContext())
@ -235,7 +225,7 @@ func servePprof() {
 	finished()
 }
-func runWeb(ctx context.Context, cli *cli.Command) error {
+func runWeb(ctx *cli.Context) error {
 	defer func() {
 		if panicked := recover(); panicked != nil {
 			log.Fatal("PANIC: %v\n%s", panicked, log.Stack(2))
@ -253,12 +243,12 @@ func runWeb(ctx context.Context, cli *cli.Command) error {
 	}
 	// Set pid file setting
-	if cli.IsSet("pid") {
+	if ctx.IsSet("pid") {
-		createPIDFile(cli.String("pid"))
+		createPIDFile(ctx.String("pid"))
 	}
 	if !setting.InstallLock {
-		if err := serveInstall(ctx, cli); err != nil {
+		if err := serveInstall(ctx); err != nil {
 			return err
 		}
 	} else {
@ -269,7 +259,7 @@ func runWeb(ctx context.Context, cli *cli.Command) error {
 		go servePprof()
 	}
-	return serveInstalled(ctx, cli)
+	return serveInstalled(ctx)
 }
 func setPort(port string) error {
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@ -12,10 +12,10 @@ import (
 	"strconv"
 	"strings"
-	"forgejo.org/modules/graceful"
+	"code.gitea.io/gitea/modules/graceful"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/process"
+	"code.gitea.io/gitea/modules/process"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
 	"github.com/caddyserver/certmagic"
 )
@ -54,8 +54,8 @@ func runACME(listenAddr string, m http.Handler) error {
 		altTLSALPNPort = p
 	}
-	certmagic.Default.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
+	magic := certmagic.NewDefault()
-
+	magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
 	// Try to use private CA root if provided, otherwise defaults to system's trust
 	var certPool *x509.CertPool
 	if setting.AcmeCARoot != "" {
@ -65,8 +65,7 @@ func runACME(listenAddr string, m http.Handler) error {
 			log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err)
 		}
 	}
-
+	myACME := certmagic.NewACMEIssuer(magic, certmagic.ACMEIssuer{
 	certmagic.DefaultACME = certmagic.ACMEIssuer{
 		CA:                      setting.AcmeURL,
 		TrustedRoots:            certPool,
 		Email:                   setting.AcmeEmail,
@ -76,11 +75,7 @@ func runACME(listenAddr string, m http.Handler) error {
 		ListenHost:              setting.HTTPAddr,
 		AltTLSALPNPort:          altTLSALPNPort,
 		AltHTTPPort:             altHTTPPort,
-	}
+	})
 	magic := certmagic.NewDefault()
 	myACME := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME)
 	magic.Issuers = []certmagic.Issuer{myACME}
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@ -9,9 +9,9 @@ import (
 	"net/http/fcgi"
 	"strings"
-	"forgejo.org/modules/graceful"
+	"code.gitea.io/gitea/modules/graceful"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
 )
 func runHTTP(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@ -9,9 +9,9 @@ import (
 	"os"
 	"strings"
-	"forgejo.org/modules/graceful"
+	"code.gitea.io/gitea/modules/graceful"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
 	"github.com/klauspost/cpuid/v2"
 )
--- a/contrib/backport/README
+++ b/contrib/backport/README
@ -0,0 +1,41 @@
 `backport`
 ==========
 `backport` is a command to help create backports of PRs. It backports a
 provided PR from main on to a released version.
 It will create a backport branch, cherry-pick the PR's merge commit, adjust
 the commit message and then push this back up to your fork's remote.
 The default version will read from `docs/config.yml`. You can override this
 using the option `--version`.
 The upstream branches will be fetched, using the remote `origin`. This can
 be overridden using `--upstream`, and fetching can be avoided using
 `--no-fetch`.
 By default the branch created will be called `backport-$PR-$VERSION`. You
 can override this using the option `--backport-branch`. This branch will
 be created from `--release-branch` which is `release/$(VERSION)`
 by default and will be pulled from `$(UPSTREAM)`.
 The merge-commit as determined by the github API will be used as the SHA to
 cherry-pick. You can override this using `--cherry-pick`.
 The commit message will be amended to add the `Backport` header.
 `--no-amend-message` can be set to stop this from happening.
 If cherry-pick is successful the backported branch will be pushed up to your
 fork using your remote. These will be determined using `git remote -v`. You
 can set your fork name using `--fork-user` and your remote name using
 `--remote`. You can avoid pushing using `--no-push`.
 If the push is successful, `xdg-open` will be called to open a backport url.
 You can stop this using `--no-xdg-open`.
 Installation
 ============
 ```bash
 go install contrib/backport/backport.go
 ```
--- a/contrib/backport/backport.go
+++ b/contrib/backport/backport.go
@ -0,0 +1,474 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 //nolint:forbidigo
 package main
 import (
 	"context"
 	"fmt"
 	"log"
 	"net/http"
 	"os"
 	"os/exec"
 	"os/signal"
 	"path"
 	"strconv"
 	"strings"
 	"syscall"
 	"github.com/google/go-github/v64/github"
 	"github.com/urfave/cli/v2"
 	"gopkg.in/yaml.v3"
 )
 const defaultVersion = "v1.18" // to backport to
 func main() {
 	app := cli.NewApp()
 	app.Name = "backport"
 	app.Usage = "Backport provided PR-number on to the current or previous released version"
 	app.Description = `Backport will look-up the PR in Gitea's git log and attempt to cherry-pick it on the current version`
 	app.ArgsUsage = "<PR-to-backport>"
 	app.Flags = []cli.Flag{
 		&cli.StringFlag{
 			Name:  "version",
 			Usage: "Version branch to backport on to",
 		},
 		&cli.StringFlag{
 			Name:  "upstream",
 			Value: "origin",
 			Usage: "Upstream remote for the Gitea upstream",
 		},
 		&cli.StringFlag{
 			Name:  "release-branch",
 			Value: "",
 			Usage: "Release branch to backport on. Will default to release/<version>",
 		},
 		&cli.StringFlag{
 			Name:  "cherry-pick",
 			Usage: "SHA to cherry-pick as backport",
 		},
 		&cli.StringFlag{
 			Name:  "backport-branch",
 			Usage: "Backport branch to backport on to (default: backport-<pr>-<version>",
 		},
 		&cli.StringFlag{
 			Name:  "remote",
 			Value: "",
 			Usage: "Remote for your fork of the Gitea upstream",
 		},
 		&cli.StringFlag{
 			Name:  "fork-user",
 			Value: "",
 			Usage: "Forked user name on Github",
 		},
 		&cli.BoolFlag{
 			Name:  "no-fetch",
 			Usage: "Set this flag to prevent fetch of remote branches",
 		},
 		&cli.BoolFlag{
 			Name:  "no-amend-message",
 			Usage: "Set this flag to prevent automatic amendment of the commit message",
 		},
 		&cli.BoolFlag{
 			Name:  "no-push",
 			Usage: "Set this flag to prevent pushing the backport up to your fork",
 		},
 		&cli.BoolFlag{
 			Name:  "no-xdg-open",
 			Usage: "Set this flag to not use xdg-open to open the PR URL",
 		},
 		&cli.BoolFlag{
 			Name:  "continue",
 			Usage: "Set this flag to continue from a git cherry-pick that has broken",
 		},
 	}
 	cli.AppHelpTemplate = `NAME:
 	{{.Name}} - {{.Usage}}
 USAGE:
 	{{.HelpName}} {{if .VisibleFlags}}[options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}
 	{{if len .Authors}}
 AUTHOR:
 	{{range .Authors}}{{ . }}{{end}}
 	{{end}}{{if .Commands}}
 OPTIONS:
 	{{range .VisibleFlags}}{{.}}
 	{{end}}{{end}}
 `
 	app.Action = runBackport
 	if err := app.Run(os.Args); err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to backport: %v\n", err)
 	}
 }
 func runBackport(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	continuing := c.Bool("continue")
 	var pr string
 	version := c.String("version")
 	if version == "" && continuing {
 		// determine version from current branch name
 		var err error
 		pr, version, err = readCurrentBranch(ctx)
 		if err != nil {
 			return err
 		}
 	}
 	if version == "" {
 		version = readVersion()
 	}
 	if version == "" {
 		version = defaultVersion
 	}
 	upstream := c.String("upstream")
 	if upstream == "" {
 		upstream = "origin"
 	}
 	forkUser := c.String("fork-user")
 	remote := c.String("remote")
 	if remote == "" && !c.Bool("--no-push") {
 		var err error
 		remote, forkUser, err = determineRemote(ctx, forkUser)
 		if err != nil {
 			return err
 		}
 	}
 	upstreamReleaseBranch := c.String("release-branch")
 	if upstreamReleaseBranch == "" {
 		upstreamReleaseBranch = path.Join("release", version)
 	}
 	localReleaseBranch := path.Join(upstream, upstreamReleaseBranch)
 	args := c.Args().Slice()
 	if len(args) == 0 && pr == "" {
 		return fmt.Errorf("no PR number provided\nProvide a PR number to backport")
 	} else if len(args) != 1 && pr == "" {
 		return fmt.Errorf("multiple PRs provided %v\nOnly a single PR can be backported at a time", args)
 	}
 	if pr == "" {
 		pr = args[0]
 	}
 	backportBranch := c.String("backport-branch")
 	if backportBranch == "" {
 		backportBranch = "backport-" + pr + "-" + version
 	}
 	fmt.Printf("* Backporting %s to %s as %s\n", pr, localReleaseBranch, backportBranch)
 	sha := c.String("cherry-pick")
 	if sha == "" {
 		var err error
 		sha, err = determineSHAforPR(ctx, pr)
 		if err != nil {
 			return err
 		}
 	}
 	if sha == "" {
 		return fmt.Errorf("unable to determine sha for cherry-pick of %s", pr)
 	}
 	if !c.Bool("no-fetch") {
 		if err := fetchRemoteAndMain(ctx, upstream, upstreamReleaseBranch); err != nil {
 			return err
 		}
 	}
 	if !continuing {
 		if err := checkoutBackportBranch(ctx, backportBranch, localReleaseBranch); err != nil {
 			return err
 		}
 	}
 	if err := cherrypick(ctx, sha); err != nil {
 		return err
 	}
 	if !c.Bool("no-amend-message") {
 		if err := amendCommit(ctx, pr); err != nil {
 			return err
 		}
 	}
 	if !c.Bool("no-push") {
 		url := "https://github.com/go-gitea/gitea/compare/" + upstreamReleaseBranch + "..." + forkUser + ":" + backportBranch
 		if err := gitPushUp(ctx, remote, backportBranch); err != nil {
 			return err
 		}
 		if !c.Bool("no-xdg-open") {
 			if err := xdgOpen(ctx, url); err != nil {
 				return err
 			}
 		} else {
 			fmt.Printf("* Navigate to %s to open PR\n", url)
 		}
 	}
 	return nil
 }
 func xdgOpen(ctx context.Context, url string) error {
 	fmt.Printf("* `xdg-open %s`\n", url)
 	out, err := exec.CommandContext(ctx, "xdg-open", url).Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s", string(out))
 		return fmt.Errorf("unable to xdg-open to %s: %w", url, err)
 	}
 	return nil
 }
 func gitPushUp(ctx context.Context, remote, backportBranch string) error {
 	fmt.Printf("* `git push -u %s %s`\n", remote, backportBranch)
 	out, err := exec.CommandContext(ctx, "git", "push", "-u", remote, backportBranch).Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s", string(out))
 		return fmt.Errorf("unable to push up to %s: %w", remote, err)
 	}
 	return nil
 }
 func amendCommit(ctx context.Context, pr string) error {
 	fmt.Printf("* Amending commit to prepend `Backport #%s` to body\n", pr)
 	out, err := exec.CommandContext(ctx, "git", "log", "-1", "--pretty=format:%B").Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s", string(out))
 		return fmt.Errorf("unable to get last log message: %w", err)
 	}
 	parts := strings.SplitN(string(out), "\n", 2)
 	if len(parts) != 2 {
 		return fmt.Errorf("unable to interpret log message:\n%s", string(out))
 	}
 	subject, body := parts[0], parts[1]
 	if !strings.HasSuffix(subject, " (#"+pr+")") {
 		subject = subject + " (#" + pr + ")"
 	}
 	out, err = exec.CommandContext(ctx, "git", "commit", "--amend", "-m", subject+"\n\nBackport #"+pr+"\n"+body).Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s", string(out))
 		return fmt.Errorf("unable to amend last log message: %w", err)
 	}
 	return nil
 }
 func cherrypick(ctx context.Context, sha string) error {
 	// Check if a CHERRY_PICK_HEAD exists
 	if _, err := os.Stat(".git/CHERRY_PICK_HEAD"); err == nil {
 		// Assume that we are in the middle of cherry-pick - continue it
 		fmt.Println("* Attempting git cherry-pick --continue")
 		out, err := exec.CommandContext(ctx, "git", "cherry-pick", "--continue").Output()
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "git cherry-pick --continue failed:\n%s\n", string(out))
 			return fmt.Errorf("unable to continue cherry-pick: %w", err)
 		}
 		return nil
 	}
 	fmt.Printf("* Attempting git cherry-pick %s\n", sha)
 	out, err := exec.CommandContext(ctx, "git", "cherry-pick", sha).Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "git cherry-pick %s failed:\n%s\n", sha, string(out))
 		return fmt.Errorf("git cherry-pick %s failed: %w", sha, err)
 	}
 	return nil
 }
 func checkoutBackportBranch(ctx context.Context, backportBranch, releaseBranch string) error {
 	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
 	if err != nil {
 		return fmt.Errorf("unable to check current branch %w", err)
 	}
 	currentBranch := strings.TrimSpace(string(out))
 	fmt.Printf("* Current branch is %s\n", currentBranch)
 	if currentBranch == backportBranch {
 		fmt.Printf("* Current branch is %s - not checking out\n", currentBranch)
 		return nil
 	}
 	if _, err := exec.CommandContext(ctx, "git", "rev-list", "-1", backportBranch).Output(); err == nil {
 		fmt.Printf("* Branch %s already exists. Checking it out...\n", backportBranch)
 		return exec.CommandContext(ctx, "git", "checkout", "-f", backportBranch).Run()
 	}
 	fmt.Printf("* `git checkout -b %s %s`\n", backportBranch, releaseBranch)
 	return exec.CommandContext(ctx, "git", "checkout", "-b", backportBranch, releaseBranch).Run()
 }
 func fetchRemoteAndMain(ctx context.Context, remote, releaseBranch string) error {
 	fmt.Printf("* `git fetch %s main`\n", remote)
 	out, err := exec.CommandContext(ctx, "git", "fetch", remote, "main").Output()
 	if err != nil {
 		fmt.Println(string(out))
 		return fmt.Errorf("unable to fetch %s from %s: %w", "main", remote, err)
 	}
 	fmt.Println(string(out))
 	fmt.Printf("* `git fetch %s %s`\n", remote, releaseBranch)
 	out, err = exec.CommandContext(ctx, "git", "fetch", remote, releaseBranch).Output()
 	if err != nil {
 		fmt.Println(string(out))
 		return fmt.Errorf("unable to fetch %s from %s: %w", releaseBranch, remote, err)
 	}
 	fmt.Println(string(out))
 	return nil
 }
 func determineRemote(ctx context.Context, forkUser string) (string, string, error) {
 	out, err := exec.CommandContext(ctx, "git", "remote", "-v").Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to list git remotes:\n%s\n", string(out))
 		return "", "", fmt.Errorf("unable to determine forked remote: %w", err)
 	}
 	lines := strings.Split(string(out), "\n")
 	for _, line := range lines {
 		fields := strings.Split(line, "\t")
 		name, remote := fields[0], fields[1]
 		// only look at pushers
 		if !strings.HasSuffix(remote, " (push)") {
 			continue
 		}
 		// only look at github.com pushes
 		if !strings.Contains(remote, "github.com") {
 			continue
 		}
 		// ignore go-gitea/gitea
 		if strings.Contains(remote, "go-gitea/gitea") {
 			continue
 		}
 		if !strings.Contains(remote, forkUser) {
 			continue
 		}
 		if strings.HasPrefix(remote, "git@github.com:") {
 			forkUser = strings.TrimPrefix(remote, "git@github.com:")
 		} else if strings.HasPrefix(remote, "https://github.com/") {
 			forkUser = strings.TrimPrefix(remote, "https://github.com/")
 		} else if strings.HasPrefix(remote, "https://www.github.com/") {
 			forkUser = strings.TrimPrefix(remote, "https://www.github.com/")
 		} else if forkUser == "" {
 			return "", "", fmt.Errorf("unable to extract forkUser from remote %s: %s", name, remote)
 		}
 		idx := strings.Index(forkUser, "/")
 		if idx >= 0 {
 			forkUser = forkUser[:idx]
 		}
 		return name, forkUser, nil
 	}
 	return "", "", fmt.Errorf("unable to find appropriate remote in:\n%s", string(out))
 }
 func readCurrentBranch(ctx context.Context) (pr, version string, err error) {
 	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to read current git branch:\n%s\n", string(out))
 		return "", "", fmt.Errorf("unable to read current git branch: %w", err)
 	}
 	parts := strings.Split(strings.TrimSpace(string(out)), "-")
 	if len(parts) != 3 || parts[0] != "backport" {
 		fmt.Fprintf(os.Stderr, "Unable to continue from git branch:\n%s\n", string(out))
 		return "", "", fmt.Errorf("unable to continue from git branch:\n%s", string(out))
 	}
 	return parts[1], parts[2], nil
 }
 func readVersion() string {
 	bs, err := os.ReadFile("docs/config.yaml")
 	if err != nil {
 		if err == os.ErrNotExist {
 			log.Println("`docs/config.yaml` not present")
 			return ""
 		}
 		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
 		return ""
 	}
 	type params struct {
 		Version string
 	}
 	type docConfig struct {
 		Params params
 	}
 	dc := &docConfig{}
 	if err := yaml.Unmarshal(bs, dc); err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
 		return ""
 	}
 	if dc.Params.Version == "" {
 		fmt.Fprintf(os.Stderr, "No version in `docs/config.yaml`")
 		return ""
 	}
 	version := dc.Params.Version
 	if version[0] != 'v' {
 		version = "v" + version
 	}
 	split := strings.SplitN(version, ".", 3)
 	return strings.Join(split[:2], ".")
 }
 func determineSHAforPR(ctx context.Context, prStr string) (string, error) {
 	prNum, err := strconv.Atoi(prStr)
 	if err != nil {
 		return "", err
 	}
 	client := github.NewClient(http.DefaultClient)
 	pr, _, err := client.PullRequests.Get(ctx, "go-gitea", "gitea", prNum)
 	if err != nil {
 		return "", err
 	}
 	if pr.Merged == nil || !*pr.Merged {
 		return "", fmt.Errorf("PR #%d is not yet merged - cannot determine sha to backport", prNum)
 	}
 	if pr.MergeCommitSHA != nil {
 		return *pr.MergeCommitSHA, nil
 	}
 	return "", nil
 }
 func installSignals() (context.Context, context.CancelFunc) {
 	ctx, cancel := context.WithCancel(context.Background())
 	go func() {
 		// install notify
 		signalChannel := make(chan os.Signal, 1)
 		signal.Notify(
 			signalChannel,
 			syscall.SIGINT,
 			syscall.SIGTERM,
 		)
 		select {
 		case <-signalChannel:
 		case <-ctx.Done():
 		}
 		cancel()
 		signal.Reset()
 	}()
 	return ctx, cancel
 }
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@ -4,17 +4,16 @@
 package main
 import (
 	"context"
 	"os"
-	"forgejo.org/modules/log"
+	"code.gitea.io/gitea/modules/log"
-	"forgejo.org/modules/setting"
+	"code.gitea.io/gitea/modules/setting"
-	"github.com/urfave/cli/v3"
+	"github.com/urfave/cli/v2"
 )
 func main() {
-	app := cli.Command{}
+	app := cli.NewApp()
 	app.Name = "environment-to-ini"
 	app.Usage = "Use provided environment to update configuration ini"
 	app.Description = `As a helper to allow docker users to update the forgejo configuration
@ -73,13 +72,13 @@ func main() {
 		},
 	}
 	app.Action = runEnvironmentToIni
-	err := app.Run(context.Background(), os.Args)
+	err := app.Run(os.Args)
 	if err != nil {
 		log.Fatal("Failed to run app with %s: %v", os.Args, err)
 	}
 }
-func runEnvironmentToIni(ctx context.Context, c *cli.Command) error {
+func runEnvironmentToIni(c *cli.Context) error {
 	// the config system may change the environment variables, so get a copy first, to be used later
 	env := append([]string{}, os.Environ()...)
 	setting.InitWorkPathAndCfgProvider(os.Getenv, setting.ArgWorkPathAndCustomConf{
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@ -1131,6 +1131,9 @@ LEVEL = Info
 ;; Add co-authored-by and co-committed-by trailers if committer does not match author
 ;ADD_CO_COMMITTER_TRAILERS = true
 ;;
 ;; In addition to testing patches using the three-way merge method, re-test conflicting patches with git apply
 ;TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY = false
 ;;
 ;; Retarget child pull requests to the parent pull request branch target on merge of parent pull request. It only works on merged PRs where the head and base branch target the same repo.
 ;RETARGET_CHILDREN_ON_MERGE = true
@ -1160,13 +1163,9 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Signing format that Forgejo should use, openpgp uses GPG and ssh uses OpenSSH.
 ;FORMAT = openpgp
 ;;
 ;; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
 ;; run in the context of the RUN_USER
-;; Switch to none to stop signing completely.
+;; Switch to none to stop signing completely
 ;; If `FORMAT` is set to **ssh** this should be set to an absolute path to an public OpenSSH key.
 ;SIGNING_KEY = default
 ;;
 ;; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
@ -1572,15 +1571,6 @@ LEVEL = Info
 ;; - manage_gpg_keys: a user cannot configure gpg keys
 ;;EXTERNAL_USER_DISABLE_FEATURES =
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[moderation]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; When true enables moderation capabilities; default is false.
 ;; If enabled it will be possible for users to report abusive content (new actions are added in the UI and /report_abuse route will be enabled) and a new Moderation section will be added to Admin settings where the reports can be reviewed.
 ;ENABLED = false
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[openid]
@ -1951,7 +1941,7 @@ LEVEL = Info
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.webp,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 2048MB
 ;MAX_SIZE = 2048
@ -2417,8 +2407,8 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
-;LANGS = en-US,zh-CN,zh-HK,zh-TW,da,de-DE,nds,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg,it-IT,fi-FI,fil,eo,tr-TR,cs-CZ,sl,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID
+;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,nds,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg,it-IT,fi-FI,fil,eo,tr-TR,cs-CZ,sl,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID
-;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Dansk,Deutsch,Plattdüütsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Filipino,Esperanto,Türkçe,Čeština,Slovenščina,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia
+;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Plattdüütsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Filipino,Esperanto,Türkçe,Čeština,Slovenščina,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -2450,7 +2440,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits)
-;MERMAID_MAX_SOURCE_CHARACTERS = 50000
+;MERMAID_MAX_SOURCE_CHARACTERS = 5000
 ;; Set the maximum number of lines allowed for a filepreview. (Set to -1 to disable limits; set to 0 to disable the feature)
 ;FILEPREVIEW_MAX_LINES = 50
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@ -31,21 +31,6 @@ if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
 fi
 # In case someone wants to sign the `{keyname}.pub` key by `ssh-keygen -s ca -I identity ...` to
 # make use of the ssh-key certificate authority feature (see ssh-keygen CERTIFICATES section),
 # the generated key file name is `{keyname}-cert.pub`
 if [ -e /data/ssh/ssh_host_ed25519_key-cert.pub ]; then
  SSH_ED25519_CERT=${SSH_ED25519_CERT:-"/data/ssh/ssh_host_ed25519_key-cert.pub"}
 fi
 if [ -e /data/ssh/ssh_host_rsa_key-cert.pub ]; then
  SSH_RSA_CERT=${SSH_RSA_CERT:-"/data/ssh/ssh_host_rsa_key-cert.pub"}
 fi
 if [ -e /data/ssh/ssh_host_ecdsa_key-cert.pub ]; then
  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_key-cert.pub"}
 fi
 if [ -d /etc/ssh ]; then
    SSH_PORT=${SSH_PORT:-"22"} \
    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@ -37,5 +37,5 @@ done
 if [ $# -gt 0 ]; then
    exec "$@"
 else
-    exec /usr/bin/s6-svscan /etc/s6
+    exec /bin/s6-svscan /etc/s6
 fi
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@ -14,7 +14,6 @@ import wc from 'eslint-plugin-wc';
 import globals from 'globals';
 import vue from 'eslint-plugin-vue';
 import vueScopedCss from 'eslint-plugin-vue-scoped-css';
 import toml from 'eslint-plugin-toml';
 import tseslint from 'typescript-eslint';
 export default tseslint.config(
@ -29,13 +28,13 @@ export default tseslint.config(
      '@stylistic/js': stylisticEslintPluginJs,
      '@vitest': vitest,
      'array-func': arrayFunc,
      'import-x': eslintPluginImportX,
      'no-jquery': noJquery,
      'no-use-extend-native': noUseExtendNative,
      regexp,
      sonarjs,
      unicorn,
      playwright,
      toml,
      'vitest-globals': vitestGlobals,
      vue,
      'vue-scoped-css': vueScopedCss,
@ -318,9 +317,8 @@ export default tseslint.config(
      'no-jquery/no-data': [0],
      'no-jquery/no-deferred': [2],
      'no-jquery/no-delegate': [2],
      'no-jquery/no-done-fail': [2],
      'no-jquery/no-each-collection': [0],
-      'no-jquery/no-each-util': [2],
+      'no-jquery/no-each-util': [0],
      'no-jquery/no-each': [0],
      'no-jquery/no-error-shorthand': [2],
      'no-jquery/no-error': [2],
@ -332,7 +330,6 @@ export default tseslint.config(
      'no-jquery/no-find-collection': [0],
      'no-jquery/no-find-util': [2],
      'no-jquery/no-find': [0],
      'no-jquery/no-fx': [2],
      'no-jquery/no-fx-interval': [2],
      'no-jquery/no-global-eval': [2],
      'no-jquery/no-global-selector': [0],
@ -352,7 +349,7 @@ export default tseslint.config(
      'no-jquery/no-live': [2],
      'no-jquery/no-load-shorthand': [2],
      'no-jquery/no-load': [2],
-      'no-jquery/no-map-collection': [2],
+      'no-jquery/no-map-collection': [0],
      'no-jquery/no-map-util': [2],
      'no-jquery/no-map': [2],
      'no-jquery/no-merge': [2],
@ -376,12 +373,12 @@ export default tseslint.config(
      'no-jquery/no-selector-prop': [2],
      'no-jquery/no-serialize': [2],
      'no-jquery/no-size': [2],
-      'no-jquery/no-sizzle': [2],
+      'no-jquery/no-sizzle': [0],
      'no-jquery/no-slide': [2],
      'no-jquery/no-sub': [2],
      'no-jquery/no-support': [2],
      'no-jquery/no-text': [0],
-      'no-jquery/no-trigger': [2],
+      'no-jquery/no-trigger': [0],
      'no-jquery/no-trim': [2],
      'no-jquery/no-type': [2],
      'no-jquery/no-unique': [2],
@ -724,8 +721,6 @@ export default tseslint.config(
      'unicode-bom': [2, 'never'],
      'unicorn/better-regex': [0],
      'unicorn/catch-error-name': [0],
      'unicorn/consistent-assert': [0],
      'unicorn/consistent-date-clone': [2],
      'unicorn/consistent-destructuring': [2],
      'unicorn/consistent-empty-array-spread': [2],
      'unicorn/consistent-existence-index-check': [2],
@ -740,12 +735,12 @@ export default tseslint.config(
      'unicorn/import-index': [0],
      'unicorn/import-style': [0],
      'unicorn/new-for-builtins': [2],
      'unicorn/no-accessor-recursion': [2],
      'unicorn/no-abusive-eslint-disable': [0],
      'unicorn/no-anonymous-default-export': [0],
      'unicorn/no-array-callback-reference': [0],
      'unicorn/no-array-for-each': [2],
      'unicorn/no-array-method-this-argument': [2],
      'unicorn/no-array-push-push': [2],
      'unicorn/no-array-reduce': [2],
      'unicorn/no-await-expression-member': [0],
      'unicorn/no-await-in-promise-methods': [2],
@ -754,13 +749,13 @@ export default tseslint.config(
      'unicorn/no-empty-file': [2],
      'unicorn/no-for-loop': [0],
      'unicorn/no-hex-escape': [0],
-      'unicorn/no-instanceof-builtins': [0],
+      'unicorn/no-instanceof-array': [0],
      'unicorn/no-invalid-fetch-options': [2],
      'unicorn/no-invalid-remove-event-listener': [2],
      'unicorn/no-keyword-prefix': [0],
      'unicorn/no-length-as-slice-end': [2],
      'unicorn/no-lonely-if': [2],
      'unicorn/no-magic-array-flat-depth': [0],
      'unicorn/no-named-default': [2],
      'unicorn/no-negated-condition': [0],
      'unicorn/no-negation-in-equality-check': [2],
      'unicorn/no-nested-ternary': [0],
@ -774,11 +769,8 @@ export default tseslint.config(
      'unicorn/no-thenable': [2],
      'unicorn/no-this-assignment': [2],
      'unicorn/no-typeof-undefined': [2],
      'unicorn/no-unnecessary-array-flat-depth': [2],
      'unicorn/no-unnecessary-array-splice-count': [2],
      'unicorn/no-unnecessary-await': [2],
      'unicorn/no-unnecessary-polyfills': [2],
      'unicorn/no-unnecessary-slice-end': [2],
      'unicorn/no-unreadable-array-destructuring': [0],
      'unicorn/no-unreadable-iife': [2],
      'unicorn/no-unused-properties': [2],
@ -809,7 +801,6 @@ export default tseslint.config(
      'unicorn/prefer-event-target': [2],
      'unicorn/prefer-export-from': [0],
      'unicorn/prefer-global-this': [0],
      'unicorn/prefer-import-meta-properties': [2],
      'unicorn/prefer-includes': [2],
      'unicorn/prefer-json-parse-buffer': [0],
      'unicorn/prefer-keyboard-event-key': [2],
@ -832,7 +823,6 @@ export default tseslint.config(
      'unicorn/prefer-regexp-test': [2],
      'unicorn/prefer-set-has': [0],
      'unicorn/prefer-set-size': [2],
      'unicorn/prefer-single-call': [2],
      'unicorn/prefer-spread': [0],
      'unicorn/prefer-string-raw': [0],
      'unicorn/prefer-string-replace-all': [0],
@ -842,6 +832,7 @@ export default tseslint.config(
      'unicorn/prefer-structured-clone': [2],
      'unicorn/prefer-switch': [0],
      'unicorn/prefer-ternary': [0],
      'unicorn/prefer-text-content': [2],
      'unicorn/prefer-top-level-await': [0],
      'unicorn/prefer-type-error': [0],
      'unicorn/prevent-abbreviations': [0],
@ -1175,5 +1166,5 @@ export default tseslint.config(
      'vue-scoped-css/enforce-style-type': [0],
    },
  },
-  ...toml.configs['flat/recommended'],
+
 );
--- a/flake.nix
+++ b/flake.nix
@ -25,6 +25,10 @@
            # frontend
            nodejs_20
            # linting
            python312
            poetry
            # backend
            gofumpt
            sqlite
--- a/go.mod
+++ b/go.mod
@ -1,114 +1,115 @@
-module forgejo.org
+module code.gitea.io/gitea
-go 1.24
+go 1.23
-toolchain go1.24.3
+toolchain go1.23.4
 require (
-	code.forgejo.org/f3/gof3/v3 v3.10.8
+	code.forgejo.org/f3/gof3/v3 v3.10.2
 	code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/go-chi/binding v1.0.1
+	code.forgejo.org/go-chi/binding v1.0.0
-	code.forgejo.org/go-chi/cache v1.0.1
+	code.forgejo.org/go-chi/cache v1.0.0
-	code.forgejo.org/go-chi/captcha v1.0.2
+	code.forgejo.org/go-chi/captcha v1.0.1
-	code.forgejo.org/go-chi/session v1.0.2
+	code.forgejo.org/go-chi/session v1.0.1
 	code.gitea.io/actions-proto-go v0.4.0
-	code.gitea.io/sdk/gitea v0.21.0
+	code.gitea.io/sdk/gitea v0.17.1
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
 	connectrpc.com/connect v1.17.0
-	github.com/42wim/httpsig v1.2.3
+	gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
-	github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920
+	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/ProtonMail/go-crypto v1.3.0
+	github.com/ProtonMail/go-crypto v1.1.3
-	github.com/PuerkitoBio/goquery v1.10.3
+	github.com/PuerkitoBio/goquery v1.10.0
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
-	github.com/alecthomas/chroma/v2 v2.18.0
+	github.com/alecthomas/chroma/v2 v2.15.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
-	github.com/blevesearch/bleve/v2 v2.5.1
+	github.com/blevesearch/bleve/v2 v2.4.4
-	github.com/buildkite/terminal-to-html/v3 v3.16.8
+	github.com/buildkite/terminal-to-html/v3 v3.16.4
-	github.com/caddyserver/certmagic v0.23.0
+	github.com/caddyserver/certmagic v0.21.4
 	github.com/chi-middleware/proxy v1.1.1
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
 	github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707
 	github.com/dustin/go-humanize v1.0.1
-	github.com/editorconfig/editorconfig-core-go/v2 v2.6.3
+	github.com/editorconfig/editorconfig-core-go/v2 v2.6.2
 	github.com/emersion/go-imap v1.2.1
 	github.com/felixge/fgprof v0.9.5
-	github.com/fsnotify/fsnotify v1.9.0
+	github.com/fsnotify/fsnotify v1.8.0
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
 	github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73
-	github.com/go-chi/chi/v5 v5.2.1
+	github.com/go-chi/chi/v5 v5.2.0
 	github.com/go-chi/cors v1.2.1
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.9.2
+	github.com/go-enry/go-enry/v2 v2.9.1
-	github.com/go-git/go-git/v5 v5.13.2
+	github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
 	github.com/go-git/go-git/v5 v5.13.1
 	github.com/go-ldap/ldap/v3 v3.4.6
-	github.com/go-openapi/spec v0.21.0
+	github.com/go-openapi/spec v0.20.14
-	github.com/go-sql-driver/mysql v1.9.2
+	github.com/go-sql-driver/mysql v1.8.1
-	github.com/go-webauthn/webauthn v0.13.0
+	github.com/go-testfixtures/testfixtures/v3 v3.14.0
 	github.com/go-webauthn/webauthn v0.11.2
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
-	github.com/golang-jwt/jwt/v5 v5.2.2
+	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/google/go-github/v64 v64.0.0
-	github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e
+	github.com/google/pprof v0.0.0-20241017200806-017d972448fc
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
 	github.com/gorilla/sessions v1.4.0
-	github.com/hashicorp/go-version v1.7.0
+	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/huandu/xstrings v1.5.0
 	github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056
-	github.com/jhillyerd/enmime/v2 v2.1.0
+	github.com/jhillyerd/enmime/v2 v2.0.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/klauspost/compress v1.18.0
+	github.com/klauspost/compress v1.17.11
-	github.com/klauspost/cpuid/v2 v2.2.10
+	github.com/klauspost/cpuid/v2 v2.2.8
 	github.com/lib/pq v1.10.9
 	github.com/markbates/goth v1.80.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.28
+	github.com/mattn/go-sqlite3 v1.14.24
-	github.com/meilisearch/meilisearch-go v0.31.0
+	github.com/meilisearch/meilisearch-go v0.29.0
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.91
+	github.com/minio/minio-go/v7 v7.0.78
-	github.com/msteinert/pam/v2 v2.1.0
+	github.com/msteinert/pam v1.2.0
 	github.com/nektos/act v0.2.52
-	github.com/niklasfasching/go-org v1.8.0
+	github.com/niklasfasching/go-org v1.7.0
 	github.com/olivere/elastic/v7 v7.0.32
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.1.1
+	github.com/opencontainers/image-spec v1.1.0
 	github.com/pquerna/otp v1.4.0
-	github.com/prometheus/client_golang v1.21.1
+	github.com/prometheus/client_golang v1.20.5
-	github.com/redis/go-redis/v9 v9.8.0
+	github.com/redis/go-redis/v9 v9.7.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.1
 	github.com/sassoftware/go-rpmutils v0.4.0
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92
 	github.com/stretchr/testify v1.10.0
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/ulikunitz/xz v0.5.12
-	github.com/urfave/cli/v2 v2.27.6
+	github.com/urfave/cli/v2 v2.27.5
 	github.com/urfave/cli/v3 v3.3.3
 	github.com/valyala/fastjson v1.6.4
 	github.com/xanzy/go-gitlab v0.109.0
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.12
+	github.com/yuin/goldmark v1.7.8
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
-	gitlab.com/gitlab-org/api/client-go v0.129.0
+	go.uber.org/mock v0.4.0
-	go.uber.org/mock v0.5.2
+	golang.org/x/crypto v0.31.0
-	golang.org/x/crypto v0.38.0
+	golang.org/x/image v0.23.0
-	golang.org/x/image v0.27.0
+	golang.org/x/net v0.33.0
-	golang.org/x/net v0.40.0
+	golang.org/x/oauth2 v0.23.0
-	golang.org/x/oauth2 v0.30.0
+	golang.org/x/sync v0.10.0
-	golang.org/x/sync v0.14.0
+	golang.org/x/sys v0.28.0
-	golang.org/x/sys v0.33.0
+	golang.org/x/text v0.21.0
-	golang.org/x/text v0.25.0
+	google.golang.org/grpc v1.69.2
-	google.golang.org/protobuf v1.36.4
+	google.golang.org/protobuf v1.36.1
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/yaml.v3 v3.0.1
@ -118,71 +119,94 @@ require (
 )
 require (
-	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cel.dev/expr v0.16.2 // indirect
 	cloud.google.com/go v0.116.0 // indirect
 	cloud.google.com/go/auth v0.9.9 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	cloud.google.com/go/iam v1.2.1 // indirect
 	cloud.google.com/go/longrunning v0.6.1 // indirect
 	cloud.google.com/go/monitoring v1.21.1 // indirect
 	cloud.google.com/go/spanner v1.73.0 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
 	github.com/42wim/httpsig v1.2.2 // indirect
 	github.com/DataDog/zstd v1.5.5 // indirect
 	github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.2 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/RoaringBitmap/roaring/v2 v2.4.5 // indirect
+	github.com/RoaringBitmap/roaring v1.9.3 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
-	github.com/andybalholm/cascadia v1.3.3 // indirect
+	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bits-and-blooms/bitset v1.22.0 // indirect
+	github.com/bits-and-blooms/bitset v1.13.0 // indirect
-	github.com/blevesearch/bleve_index_api v1.2.8 // indirect
+	github.com/blevesearch/bleve_index_api v1.1.12 // indirect
-	github.com/blevesearch/geo v0.2.3 // indirect
+	github.com/blevesearch/geo v0.1.20 // indirect
-	github.com/blevesearch/go-faiss v1.0.25 // indirect
+	github.com/blevesearch/go-faiss v1.0.24 // indirect
 	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
 	github.com/blevesearch/gtreap v0.1.1 // indirect
 	github.com/blevesearch/mmap-go v1.0.4 // indirect
-	github.com/blevesearch/scorch_segment_api/v2 v2.3.10 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.2.16 // indirect
 	github.com/blevesearch/segment v0.9.1 // indirect
 	github.com/blevesearch/snowballstem v0.9.0 // indirect
 	github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
-	github.com/blevesearch/vellum v1.1.0 // indirect
+	github.com/blevesearch/vellum v1.0.10 // indirect
-	github.com/blevesearch/zapx/v11 v11.4.2 // indirect
+	github.com/blevesearch/zapx/v11 v11.3.10 // indirect
-	github.com/blevesearch/zapx/v12 v12.4.2 // indirect
+	github.com/blevesearch/zapx/v12 v12.3.10 // indirect
-	github.com/blevesearch/zapx/v13 v13.4.2 // indirect
+	github.com/blevesearch/zapx/v13 v13.3.10 // indirect
-	github.com/blevesearch/zapx/v14 v14.4.2 // indirect
+	github.com/blevesearch/zapx/v14 v14.3.10 // indirect
-	github.com/blevesearch/zapx/v15 v15.4.2 // indirect
+	github.com/blevesearch/zapx/v15 v15.3.16 // indirect
-	github.com/blevesearch/zapx/v16 v16.2.3 // indirect
+	github.com/blevesearch/zapx/v16 v16.1.9-0.20241217210638-a0519e7caf3b // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
-	github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf // indirect
+	github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cloudflare/circl v1.6.1 // indirect
+	github.com/cloudflare/circl v1.3.8 // indirect
 	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/dlclark/regexp2 v1.11.5 // indirect
+	github.com/dlclark/regexp2 v1.11.4 // indirect
 	github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/envoyproxy/go-control-plane v0.13.1 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
 	github.com/fatih/color v1.16.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.2 // indirect
+	github.com/go-git/go-billy/v5 v5.6.1 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-openapi/jsonpointer v0.21.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/swag v0.23.1 // indirect
+	github.com/go-openapi/jsonpointer v0.20.2 // indirect
-	github.com/go-webauthn/x v0.1.21 // indirect
+	github.com/go-openapi/jsonreference v0.20.4 // indirect
-	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/go-openapi/swag v0.22.7 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
+	github.com/go-webauthn/x v0.1.14 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/geo v0.0.0-20230421003525-6adc56603217 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
-	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/go-tpm v0.9.5 // indirect
+	github.com/google/go-tpm v0.9.1 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
 	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
 	github.com/googleapis/go-sql-spanner v1.7.4 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
@ -192,14 +216,13 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
-	github.com/libdns/libdns v1.0.0-beta.1 // indirect
+	github.com/libdns/libdns v0.2.2 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/markbates/going v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
-	github.com/mholt/acmez/v3 v3.1.2 // indirect
+	github.com/mholt/acmez/v2 v2.0.3 // indirect
-	github.com/miekg/dns v1.1.63 // indirect
+	github.com/miekg/dns v1.1.62 // indirect
 	github.com/minio/crc64nvme v1.0.1 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@ -211,15 +234,15 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
-	github.com/pjbgf/sha1cd v0.3.2 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rhysd/actionlint v1.6.27 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
@ -230,16 +253,28 @@ require (
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	github.com/zeebo/assert v1.3.0 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
-	go.etcd.io/bbolt v1.4.0 // indirect
+	gitlab.com/gitlab-org/api/client-go v0.116.0 // indirect
 	go.etcd.io/bbolt v1.3.9 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/detectors/gcp v1.31.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
 	go.opentelemetry.io/otel v1.31.0 // indirect
 	go.opentelemetry.io/otel/metric v1.31.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.31.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.31.0 // indirect
 	go.opentelemetry.io/otel/trace v1.31.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	go.uber.org/zap/exp v0.3.0 // indirect
+	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
-	golang.org/x/time v0.11.0 // indirect
+	golang.org/x/tools v0.28.0 // indirect
-	golang.org/x/tools v0.31.0 // indirect
+	google.golang.org/api v0.203.0 // indirect
 	google.golang.org/genproto v0.0.0-20241015192408-796eee8c2d53 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
@ -248,10 +283,10 @@ replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
 replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0
-replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.26.0
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.22.0
 replace github.com/mholt/archiver/v3 => code.forgejo.org/forgejo/archiver/v3 v3.5.1
-replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616
+replace github.com/goccy/go-json => github.com/grafana/go-json v0.0.0-20241210211703-a119ee5a0a3b
-replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
+replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616
--- a/Show more
+++ b/Show more
`@ -1,3 +1,3 @@`
	`module forgejo.org`	`module code.gitea.io/gitea`

	`go 1.23.3`	`go 1.23.3`