From 377a0a20f01a62f15a1504a3bba6cf6cc0c98bea Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 4 May 2023 11:55:35 +0800
Subject: [PATCH 01/13] Merge setting.InitXXX into one function with options
 (#24389)

This PR will merge 3 Init functions on setting packages as 1 and
introduce an options struct.
---
 cmd/actions.go                                |  3 +-
 cmd/cmd.go                                    |  3 +-
 cmd/doctor.go                                 |  3 +-
 cmd/dump.go                                   |  3 +-
 cmd/embedded.go                               |  5 ++-
 cmd/mailer.go                                 |  3 +-
 cmd/main_test.go                              |  6 ---
 cmd/restore_repo.go                           |  3 +-
 cmd/serv.go                                   |  3 +-
 cmd/web.go                                    |  3 +-
 models/asymkey/main_test.go                   |  6 ---
 models/dbfs/main_test.go                      |  6 ---
 models/issues/main_test.go                    |  6 ---
 models/main_test.go                           |  6 ---
 models/migrations/base/tests.go               |  2 +-
 models/unittest/testdb.go                     | 22 +++++++++
 modules/doctor/doctor.go                      |  3 +-
 modules/doctor/paths.go                       |  3 +-
 modules/markup/html_test.go                   |  5 ++-
 modules/markup/markdown/markdown_test.go      |  5 ++-
 modules/setting/config_provider.go            | 45 ++++++++++---------
 modules/setting/setting.go                    | 41 +++--------------
 routers/api/v1/repo/main_test.go              |  7 +--
 routers/install/setting.go                    |  8 ++--
 routers/web/user/setting/account_test.go      | 27 ++++++-----
 services/webhook/main_test.go                 |  8 ++--
 .../migration-test/migration_test.go          |  2 +-
 tests/test_utils.go                           |  2 +-
 28 files changed, 103 insertions(+), 136 deletions(-)

diff --git a/cmd/actions.go b/cmd/actions.go
index 66ad336da508..346de5b21a6f 100644
--- a/cmd/actions.go
+++ b/cmd/actions.go
@@ -42,8 +42,7 @@ func runGenerateActionsRunnerToken(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 
 	scope := c.String("scope")
 
diff --git a/cmd/cmd.go b/cmd/cmd.go
index 18d5db3987bd..cf2d9ef89e83 100644
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -57,8 +57,7 @@ func confirm() (bool, error) {
 }
 
 func initDB(ctx context.Context) error {
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 	setting.LoadDBSetting()
 	setting.InitSQLLog(false)
 
diff --git a/cmd/doctor.go b/cmd/doctor.go
index e7baad60c1f9..65c028c5ed19 100644
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -87,8 +87,7 @@ func runRecreateTable(ctx *cli.Context) error {
 	golog.SetPrefix("")
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
 
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 	setting.LoadDBSetting()
 
 	setting.Log.EnableXORMLog = ctx.Bool("debug")
diff --git a/cmd/dump.go b/cmd/dump.go
index 309bd01f6645..32ccc5566c8a 100644
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -185,8 +185,7 @@ func runDump(ctx *cli.Context) error {
 		}
 		fileName += "." + outType
 	}
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 
 	// make sure we are logging to the console no matter what the configuration tells us do to
 	// FIXME: don't use CfgProvider directly
diff --git a/cmd/embedded.go b/cmd/embedded.go
index cee8928ce08d..3f849bea0a26 100644
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -106,8 +106,9 @@ func initEmbeddedExtractor(c *cli.Context) error {
 	log.DelNamedLogger(log.DEFAULT)
 
 	// Read configuration file
-	setting.InitProviderAllowEmpty()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{
+		AllowEmpty: true,
+	})
 
 	patterns, err := compileCollectPatterns(c.Args())
 	if err != nil {
diff --git a/cmd/mailer.go b/cmd/mailer.go
index 50ba4b474110..74bae1ab68c7 100644
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -16,8 +16,7 @@ func runSendMail(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 
 	if err := argsSet(c, "title"); err != nil {
 		return err
diff --git a/cmd/main_test.go b/cmd/main_test.go
index ba323af47217..6e20be69451c 100644
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -7,14 +7,8 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
 )
 
-func init() {
-	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
-}
-
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: "..",
diff --git a/cmd/restore_repo.go b/cmd/restore_repo.go
index 887b59bba9e1..5a7ede493975 100644
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -51,8 +51,7 @@ func runRestoreRepository(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 	var units []string
 	if s := c.String("units"); s != "" {
 		units = strings.Split(s, ",")
diff --git a/cmd/serv.go b/cmd/serv.go
index 72eb6370711e..a79f314d00b6 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -62,8 +62,7 @@ func setup(ctx context.Context, debug bool) {
 	} else {
 		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
 	}
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 	if debug {
 		setting.RunMode = "dev"
 	}
diff --git a/cmd/web.go b/cmd/web.go
index e451cf7dfa4f..3a01d07b05f5 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -177,8 +177,7 @@ func runWeb(ctx *cli.Context) error {
 
 	log.Info("Global init")
 	// Perform global initialization
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 	routers.GlobalInitInstalled(graceful.GetManager().HammerContext())
 
 	// We check that AppDataPath exists here (it should have been created during installation)
diff --git a/models/asymkey/main_test.go b/models/asymkey/main_test.go
index 7f8657189fd1..701722be12ec 100644
--- a/models/asymkey/main_test.go
+++ b/models/asymkey/main_test.go
@@ -8,14 +8,8 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
 )
 
-func init() {
-	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
-}
-
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", ".."),
diff --git a/models/dbfs/main_test.go b/models/dbfs/main_test.go
index 9dce663eeab9..62db3592bed2 100644
--- a/models/dbfs/main_test.go
+++ b/models/dbfs/main_test.go
@@ -8,14 +8,8 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
 )
 
-func init() {
-	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
-}
-
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", ".."),
diff --git a/models/issues/main_test.go b/models/issues/main_test.go
index de84da30ecc0..9fbe294f7067 100644
--- a/models/issues/main_test.go
+++ b/models/issues/main_test.go
@@ -9,7 +9,6 @@ import (
 
 	issues_model "code.gitea.io/gitea/models/issues"
 	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
 
 	_ "code.gitea.io/gitea/models"
 	_ "code.gitea.io/gitea/models/repo"
@@ -18,11 +17,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func init() {
-	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
-}
-
 func TestFixturesAreConsistent(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	unittest.CheckConsistencyFor(t,
diff --git a/models/main_test.go b/models/main_test.go
index b5919bb28615..d490507649a3 100644
--- a/models/main_test.go
+++ b/models/main_test.go
@@ -11,18 +11,12 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/setting"
 
 	_ "code.gitea.io/gitea/models/system"
 
 	"github.com/stretchr/testify/assert"
 )
 
-func init() {
-	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
-}
-
 // TestFixturesAreConsistent assert that test fixtures are consistent
 func TestFixturesAreConsistent(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
diff --git a/models/migrations/base/tests.go b/models/migrations/base/tests.go
index 14f374f1a7c3..124111f51fb2 100644
--- a/models/migrations/base/tests.go
+++ b/models/migrations/base/tests.go
@@ -150,7 +150,7 @@ func MainTest(m *testing.M) {
 	setting.AppDataPath = tmpDataPath
 
 	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
+	unittest.InitSettings()
 	if err = git.InitFull(context.Background()); err != nil {
 		fmt.Printf("Unable to InitFull: %v\n", err)
 		os.Exit(1)
diff --git a/models/unittest/testdb.go b/models/unittest/testdb.go
index cff1489a7c7b..a5b126350d8e 100644
--- a/models/unittest/testdb.go
+++ b/models/unittest/testdb.go
@@ -6,12 +6,15 @@ package unittest
 import (
 	"context"
 	"fmt"
+	"log"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
 	system_model "code.gitea.io/gitea/models/system"
+	"code.gitea.io/gitea/modules/auth/password/hash"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/setting"
@@ -39,6 +42,22 @@ func fatalTestError(fmtStr string, args ...interface{}) {
 	os.Exit(1)
 }
 
+// InitSettings initializes config provider and load common setttings for tests
+func InitSettings(extraConfigs ...string) {
+	setting.Init(&setting.Options{
+		AllowEmpty:  true,
+		ExtraConfig: strings.Join(extraConfigs, "\n"),
+	})
+
+	if err := setting.PrepareAppDataPath(); err != nil {
+		log.Fatalf("Can not prepare APP_DATA_PATH: %v", err)
+	}
+	// register the dummy hash algorithm function used in the test fixtures
+	_ = hash.Register("dummy", hash.NewDummyHasher)
+
+	setting.PasswordHashAlgo, _ = hash.SetDefaultPasswordHashAlgorithm("dummy")
+}
+
 // TestOptions represents test options
 type TestOptions struct {
 	GiteaRootPath string
@@ -50,6 +69,9 @@ type TestOptions struct {
 // MainTest a reusable TestMain(..) function for unit tests that need to use a
 // test database. Creates the test database, and sets necessary settings.
 func MainTest(m *testing.M, testOpts *TestOptions) {
+	setting.SetCustomPathAndConf("", "", "")
+	InitSettings()
+
 	var err error
 
 	giteaRoot = testOpts.GiteaRootPath
diff --git a/modules/doctor/doctor.go b/modules/doctor/doctor.go
index b23805bc4c96..32eb5938c307 100644
--- a/modules/doctor/doctor.go
+++ b/modules/doctor/doctor.go
@@ -44,8 +44,7 @@ func (w *wrappedLevelLogger) Log(skip int, level log.Level, format string, v ...
 }
 
 func initDBDisableConsole(ctx context.Context, disableConsole bool) error {
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 	setting.LoadDBSetting()
 	setting.InitSQLLog(disableConsole)
 	if err := db.InitEngine(ctx); err != nil {
diff --git a/modules/doctor/paths.go b/modules/doctor/paths.go
index 1558efc25b90..957152349c25 100644
--- a/modules/doctor/paths.go
+++ b/modules/doctor/paths.go
@@ -66,8 +66,7 @@ func checkConfigurationFiles(ctx context.Context, logger log.Logger, autofix boo
 		return err
 	}
 
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 
 	configurationFiles := []configurationFile{
 		{"Configuration File Path", setting.CustomConf, false, true, false},
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index cb1216ec946e..5e5e4fecbbb7 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -28,8 +28,9 @@ var localMetas = map[string]string{
 }
 
 func TestMain(m *testing.M) {
-	setting.InitProviderAllowEmpty()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{
+		AllowEmpty: true,
+	})
 	if err := git.InitSimple(context.Background()); err != nil {
 		log.Fatal("git init failed, err: %v", err)
 	}
diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index 0c7650a5ffab..e81869d7a443 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -33,8 +33,9 @@ var localMetas = map[string]string{
 }
 
 func TestMain(m *testing.M) {
-	setting.InitProviderAllowEmpty()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{
+		AllowEmpty: true,
+	})
 	if err := git.InitSimple(context.Background()); err != nil {
 		log.Fatal("git init failed, err: %v", err)
 	}
diff --git a/modules/setting/config_provider.go b/modules/setting/config_provider.go
index 92c8c97fe952..168595829863 100644
--- a/modules/setting/config_provider.go
+++ b/modules/setting/config_provider.go
@@ -35,10 +35,9 @@ type ConfigProvider interface {
 }
 
 type iniFileConfigProvider struct {
+	opts *Options
 	*ini.File
-	filepath   string // the ini file path
-	newFile    bool   // whether the file has not existed previously
-	allowEmpty bool   // whether not finding configuration files is allowed (only true for the tests)
+	newFile bool // whether the file has not existed previously
 }
 
 // NewEmptyConfigProvider create a new empty config provider
@@ -66,41 +65,47 @@ func newConfigProviderFromData(configContent string) (ConfigProvider, error) {
 	}, nil
 }
 
+type Options struct {
+	CustomConf                string // the ini file path
+	AllowEmpty                bool   // whether not finding configuration files is allowed (only true for the tests)
+	ExtraConfig               string
+	DisableLoadCommonSettings bool
+}
+
 // newConfigProviderFromFile load configuration from file.
 // NOTE: do not print any log except error.
-func newConfigProviderFromFile(customConf string, allowEmpty bool, extraConfig string) (*iniFileConfigProvider, error) {
+func newConfigProviderFromFile(opts *Options) (*iniFileConfigProvider, error) {
 	cfg := ini.Empty()
 	newFile := true
 
-	if customConf != "" {
-		isFile, err := util.IsFile(customConf)
+	if opts.CustomConf != "" {
+		isFile, err := util.IsFile(opts.CustomConf)
 		if err != nil {
-			return nil, fmt.Errorf("unable to check if %s is a file. Error: %v", customConf, err)
+			return nil, fmt.Errorf("unable to check if %s is a file. Error: %v", opts.CustomConf, err)
 		}
 		if isFile {
-			if err := cfg.Append(customConf); err != nil {
-				return nil, fmt.Errorf("failed to load custom conf '%s': %v", customConf, err)
+			if err := cfg.Append(opts.CustomConf); err != nil {
+				return nil, fmt.Errorf("failed to load custom conf '%s': %v", opts.CustomConf, err)
 			}
 			newFile = false
 		}
 	}
 
-	if newFile && !allowEmpty {
+	if newFile && !opts.AllowEmpty {
 		return nil, fmt.Errorf("unable to find configuration file: %q, please ensure you are running in the correct environment or set the correct configuration file with -c", CustomConf)
 	}
 
-	if extraConfig != "" {
-		if err := cfg.Append([]byte(extraConfig)); err != nil {
+	if opts.ExtraConfig != "" {
+		if err := cfg.Append([]byte(opts.ExtraConfig)); err != nil {
 			return nil, fmt.Errorf("unable to append more config: %v", err)
 		}
 	}
 
 	cfg.NameMapper = ini.SnackCase
 	return &iniFileConfigProvider{
-		File:       cfg,
-		filepath:   customConf,
-		newFile:    newFile,
-		allowEmpty: allowEmpty,
+		opts:    opts,
+		File:    cfg,
+		newFile: newFile,
 	}, nil
 }
 
@@ -123,8 +128,8 @@ func (p *iniFileConfigProvider) DeleteSection(name string) error {
 
 // Save save the content into file
 func (p *iniFileConfigProvider) Save() error {
-	if p.filepath == "" {
-		if !p.allowEmpty {
+	if p.opts.CustomConf == "" {
+		if !p.opts.AllowEmpty {
 			return fmt.Errorf("custom config path must not be empty")
 		}
 		return nil
@@ -135,8 +140,8 @@ func (p *iniFileConfigProvider) Save() error {
 			return fmt.Errorf("failed to create '%s': %v", CustomConf, err)
 		}
 	}
-	if err := p.SaveTo(p.filepath); err != nil {
-		return fmt.Errorf("failed to save '%s': %v", p.filepath, err)
+	if err := p.SaveTo(p.opts.CustomConf); err != nil {
+		return fmt.Errorf("failed to save '%s': %v", p.opts.CustomConf, err)
 	}
 
 	// Change permissions to be more restrictive
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 9ab55e91c531..b085a7b32149 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -15,7 +15,6 @@ import (
 	"strings"
 	"time"
 
-	"code.gitea.io/gitea/modules/auth/password/hash"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/user"
 )
@@ -203,44 +202,18 @@ func PrepareAppDataPath() error {
 	return nil
 }
 
-// InitProviderFromExistingFile initializes config provider from an existing config file (app.ini)
-func InitProviderFromExistingFile() {
-	var err error
-	CfgProvider, err = newConfigProviderFromFile(CustomConf, false, "")
-	if err != nil {
-		log.Fatal("InitProviderFromExistingFile: %v", err)
-	}
-}
-
-// InitProviderAllowEmpty initializes config provider from file, it's also fine that if the config file (app.ini) doesn't exist
-func InitProviderAllowEmpty() {
-	var err error
-	CfgProvider, err = newConfigProviderFromFile(CustomConf, true, "")
-	if err != nil {
-		log.Fatal("InitProviderAllowEmpty: %v", err)
+func Init(opts *Options) {
+	if opts.CustomConf == "" {
+		opts.CustomConf = CustomConf
 	}
-}
-
-// InitProviderAndLoadCommonSettingsForTest initializes config provider and load common setttings for tests
-func InitProviderAndLoadCommonSettingsForTest(extraConfigs ...string) {
 	var err error
-	CfgProvider, err = newConfigProviderFromFile(CustomConf, true, strings.Join(extraConfigs, "\n"))
+	CfgProvider, err = newConfigProviderFromFile(opts)
 	if err != nil {
-		log.Fatal("InitProviderAndLoadCommonSettingsForTest: %v", err)
+		log.Fatal("Init[%v]: %v", opts, err)
 	}
-	loadCommonSettingsFrom(CfgProvider)
-	if err := PrepareAppDataPath(); err != nil {
-		log.Fatal("Can not prepare APP_DATA_PATH: %v", err)
+	if !opts.DisableLoadCommonSettings {
+		loadCommonSettingsFrom(CfgProvider)
 	}
-	// register the dummy hash algorithm function used in the test fixtures
-	_ = hash.Register("dummy", hash.NewDummyHasher)
-
-	PasswordHashAlgo, _ = hash.SetDefaultPasswordHashAlgorithm("dummy")
-}
-
-// LoadCommonSettings loads common configurations from a configuration provider.
-func LoadCommonSettings() {
-	loadCommonSettingsFrom(CfgProvider)
 }
 
 // loadCommonSettingsFrom loads common configurations from a configuration provider.
diff --git a/routers/api/v1/repo/main_test.go b/routers/api/v1/repo/main_test.go
index c7466c493f01..bc048505f472 100644
--- a/routers/api/v1/repo/main_test.go
+++ b/routers/api/v1/repo/main_test.go
@@ -13,10 +13,11 @@ import (
 )
 
 func TestMain(m *testing.M) {
-	setting.InitProviderAndLoadCommonSettingsForTest()
-	setting.LoadQueueSettings()
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", "..", "..", ".."),
-		SetUp:         webhook_service.Init,
+		SetUp: func() error {
+			setting.LoadQueueSettings()
+			return webhook_service.Init()
+		},
 	})
 }
diff --git a/routers/install/setting.go b/routers/install/setting.go
index dadefa26a293..c14843d8ee4d 100644
--- a/routers/install/setting.go
+++ b/routers/install/setting.go
@@ -15,8 +15,9 @@ import (
 
 // PreloadSettings preloads the configuration to check if we need to run install
 func PreloadSettings(ctx context.Context) bool {
-	setting.InitProviderAllowEmpty()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{
+		AllowEmpty: true,
+	})
 	if !setting.InstallLock {
 		log.Info("AppPath: %s", setting.AppPath)
 		log.Info("AppWorkPath: %s", setting.AppWorkPath)
@@ -38,8 +39,7 @@ func PreloadSettings(ctx context.Context) bool {
 
 // reloadSettings reloads the existing settings and starts up the database
 func reloadSettings(ctx context.Context) {
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.Init(&setting.Options{})
 	setting.LoadDBSetting()
 	if setting.InstallLock {
 		if err := common.InitDBEngine(ctx); err == nil {
diff --git a/routers/web/user/setting/account_test.go b/routers/web/user/setting/account_test.go
index 5fce41f065ba..569d597722ee 100644
--- a/routers/web/user/setting/account_test.go
+++ b/routers/web/user/setting/account_test.go
@@ -80,19 +80,22 @@ func TestChangePassword(t *testing.T) {
 			PasswordComplexity: pcLU,
 		},
 	} {
-		unittest.PrepareTestEnv(t)
-		ctx := test.MockContext(t, "user/settings/security")
-		test.LoadUser(t, ctx, 2)
-		test.LoadRepo(t, ctx, 1)
+		t.Run(req.OldPassword+"__"+req.NewPassword, func(t *testing.T) {
+			unittest.PrepareTestEnv(t)
+			setting.PasswordComplexity = req.PasswordComplexity
+			ctx := test.MockContext(t, "user/settings/security")
+			test.LoadUser(t, ctx, 2)
+			test.LoadRepo(t, ctx, 1)
 
-		web.SetForm(ctx, &forms.ChangePasswordForm{
-			OldPassword: req.OldPassword,
-			Password:    req.NewPassword,
-			Retype:      req.Retype,
-		})
-		AccountPost(ctx)
+			web.SetForm(ctx, &forms.ChangePasswordForm{
+				OldPassword: req.OldPassword,
+				Password:    req.NewPassword,
+				Retype:      req.Retype,
+			})
+			AccountPost(ctx)
 
-		assert.Contains(t, ctx.Flash.ErrorMsg, req.Message)
-		assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status())
+			assert.Contains(t, ctx.Flash.ErrorMsg, req.Message)
+			assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status())
+		})
 	}
 }
diff --git a/services/webhook/main_test.go b/services/webhook/main_test.go
index 210221b12041..0189e1784016 100644
--- a/services/webhook/main_test.go
+++ b/services/webhook/main_test.go
@@ -15,13 +15,13 @@ import (
 )
 
 func TestMain(m *testing.M) {
-	setting.InitProviderAndLoadCommonSettingsForTest()
-	setting.LoadQueueSettings()
-
 	// for tests, allow only loopback IPs
 	setting.Webhook.AllowedHostList = hostmatcher.MatchBuiltinLoopback
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: filepath.Join("..", ".."),
-		SetUp:         Init,
+		SetUp: func() error {
+			setting.LoadQueueSettings()
+			return Init()
+		},
 	})
 }
diff --git a/tests/integration/migration-test/migration_test.go b/tests/integration/migration-test/migration_test.go
index 4152379a9b80..a68d458a0b1e 100644
--- a/tests/integration/migration-test/migration_test.go
+++ b/tests/integration/migration-test/migration_test.go
@@ -57,7 +57,7 @@ func initMigrationTest(t *testing.T) func() {
 		setting.CustomConf = giteaConf
 	}
 
-	setting.InitProviderAndLoadCommonSettingsForTest()
+	unittest.InitSettings()
 
 	assert.True(t, len(setting.RepoRootPath) != 0)
 	assert.NoError(t, util.RemoveAll(setting.RepoRootPath))
diff --git a/tests/test_utils.go b/tests/test_utils.go
index 0f4aa26a6074..c22b2c356c65 100644
--- a/tests/test_utils.go
+++ b/tests/test_utils.go
@@ -74,7 +74,7 @@ func InitTest(requireGitea bool) {
 	}
 
 	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
+	unittest.InitSettings()
 	setting.Repository.DefaultBranch = "master" // many test code still assume that default branch is called "master"
 	_ = util.RemoveAll(repo_module.LocalCopyPath())
 

From 75ea0d5dba5dbf2f84cef2d12460fdd566d43e62 Mon Sep 17 00:00:00 2001
From: oliverpool <3864879+oliverpool@users.noreply.github.com>
Date: Thu, 4 May 2023 07:08:41 +0200
Subject: [PATCH 02/13] Faster git.GetDivergingCommits (#24482)

Using `git rev-list --left-right` is almost 2x faster than calling `git
rev-list` twice.

Co-authored-by: silverwind <me@silverwind.io>
---
 modules/git/repo.go      | 37 +++++++++++++++----------------------
 modules/git/repo_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 22 deletions(-)

diff --git a/modules/git/repo.go b/modules/git/repo.go
index 3637aa47c458..61930ab31db9 100644
--- a/modules/git/repo.go
+++ b/modules/git/repo.go
@@ -244,35 +244,28 @@ type DivergeObject struct {
 	Behind int
 }
 
-func checkDivergence(ctx context.Context, repoPath, baseBranch, targetBranch string) (int, error) {
-	branches := fmt.Sprintf("%s..%s", baseBranch, targetBranch)
-	cmd := NewCommand(ctx, "rev-list", "--count").AddDynamicArguments(branches)
+// GetDivergingCommits returns the number of commits a targetBranch is ahead or behind a baseBranch
+func GetDivergingCommits(ctx context.Context, repoPath, baseBranch, targetBranch string) (do DivergeObject, err error) {
+	cmd := NewCommand(ctx, "rev-list", "--count", "--left-right").
+		AddDynamicArguments(baseBranch + "..." + targetBranch)
 	stdout, _, err := cmd.RunStdString(&RunOpts{Dir: repoPath})
 	if err != nil {
-		return -1, err
+		return do, err
 	}
-	outInteger, errInteger := strconv.Atoi(strings.Trim(stdout, "\n"))
-	if errInteger != nil {
-		return -1, errInteger
+	left, right, found := strings.Cut(strings.Trim(stdout, "\n"), "\t")
+	if !found {
+		return do, fmt.Errorf("git rev-list output is missing a tab: %q", stdout)
 	}
-	return outInteger, nil
-}
 
-// GetDivergingCommits returns the number of commits a targetBranch is ahead or behind a baseBranch
-func GetDivergingCommits(ctx context.Context, repoPath, baseBranch, targetBranch string) (DivergeObject, error) {
-	// $(git rev-list --count master..feature) commits ahead of master
-	ahead, errorAhead := checkDivergence(ctx, repoPath, baseBranch, targetBranch)
-	if errorAhead != nil {
-		return DivergeObject{}, errorAhead
+	do.Behind, err = strconv.Atoi(left)
+	if err != nil {
+		return do, err
 	}
-
-	// $(git rev-list --count feature..master) commits behind master
-	behind, errorBehind := checkDivergence(ctx, repoPath, targetBranch, baseBranch)
-	if errorBehind != nil {
-		return DivergeObject{}, errorBehind
+	do.Ahead, err = strconv.Atoi(right)
+	if err != nil {
+		return do, err
 	}
-
-	return DivergeObject{ahead, behind}, nil
+	return do, nil
 }
 
 // CreateBundle create bundle content to the target path
diff --git a/modules/git/repo_test.go b/modules/git/repo_test.go
index 044b9d406502..9db78153a102 100644
--- a/modules/git/repo_test.go
+++ b/modules/git/repo_test.go
@@ -4,6 +4,7 @@
 package git
 
 import (
+	"context"
 	"path/filepath"
 	"testing"
 
@@ -29,3 +30,27 @@ func TestRepoIsEmpty(t *testing.T) {
 	assert.NoError(t, err)
 	assert.True(t, isEmpty)
 }
+
+func TestRepoGetDivergingCommits(t *testing.T) {
+	bareRepo1Path := filepath.Join(testReposDir, "repo1_bare")
+	do, err := GetDivergingCommits(context.Background(), bareRepo1Path, "master", "branch2")
+	assert.NoError(t, err)
+	assert.Equal(t, DivergeObject{
+		Ahead:  1,
+		Behind: 5,
+	}, do)
+
+	do, err = GetDivergingCommits(context.Background(), bareRepo1Path, "master", "master")
+	assert.NoError(t, err)
+	assert.Equal(t, DivergeObject{
+		Ahead:  0,
+		Behind: 0,
+	}, do)
+
+	do, err = GetDivergingCommits(context.Background(), bareRepo1Path, "master", "test")
+	assert.NoError(t, err)
+	assert.Equal(t, DivergeObject{
+		Ahead:  0,
+		Behind: 2,
+	}, do)
+}

From 5d77691d428d5302ee4df6c2a936b8e2ea9dca7e Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Thu, 4 May 2023 14:36:34 +0800
Subject: [PATCH 03/13] Improve template system and panic recovery (#24461)

Partially for #24457

Major changes:

1. The old `signedUserNameStringPointerKey` is quite hacky, use
`ctx.Data[SignedUser]` instead
2. Move duplicate code from `Contexter` to `CommonTemplateContextData`
3. Remove incorrect copying&pasting code `ctx.Data["Err_Password"] =
true` in API handlers
4. Use one unique `RenderPanicErrorPage` for panic error page rendering
5. Move `stripSlashesMiddleware` to be the first middleware
6. Install global panic recovery handler, it works for both `install`
and `web`
7. Make `500.tmpl` only depend minimal template functions/variables,
avoid triggering new panics

Screenshot:

<details>

![image](https://user-images.githubusercontent.com/2114189/235444895-cecbabb8-e7dc-4360-a31c-b982d11946a7.png)

</details>
---
 modules/context/access_log.go      | 14 +++--
 modules/context/api.go             | 13 +----
 modules/context/context.go         | 73 +++++++++--------------
 modules/context/package.go         |  3 +-
 modules/context/private.go         |  3 +-
 modules/templates/base.go          | 31 ----------
 modules/test/context_tests.go      |  2 +-
 modules/web/middleware/data.go     | 62 +++++++++++++++++++-
 modules/web/middleware/flash.go    |  4 +-
 modules/web/middleware/request.go  |  5 --
 modules/web/route.go               |  4 +-
 routers/api/v1/admin/user.go       |  2 -
 routers/api/v1/misc/markup_test.go |  3 +-
 routers/common/errpage.go          | 57 ++++++++++++++++++
 routers/common/middleware.go       | 54 +++++++----------
 routers/install/install.go         | 30 +++++-----
 routers/install/routes.go          | 66 +--------------------
 routers/web/base.go                | 66 ---------------------
 routers/web/web.go                 | 30 +++++-----
 services/auth/interface.go         |  2 +-
 services/auth/middleware.go        |  4 +-
 templates/base/head_script.tmpl    |  1 -
 templates/status/500.tmpl          | 93 +++++++++++++++++++-----------
 templates/user/profile.tmpl        |  6 +-
 web_src/js/bootstrap.js            | 11 ----
 25 files changed, 276 insertions(+), 363 deletions(-)
 create mode 100644 routers/common/errpage.go

diff --git a/modules/context/access_log.go b/modules/context/access_log.go
index 64d204733b8a..b6468d139bf9 100644
--- a/modules/context/access_log.go
+++ b/modules/context/access_log.go
@@ -5,7 +5,6 @@ package context
 
 import (
 	"bytes"
-	"context"
 	"fmt"
 	"net"
 	"net/http"
@@ -13,8 +12,10 @@ import (
 	"text/template"
 	"time"
 
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web/middleware"
 )
 
 type routerLoggerOptions struct {
@@ -26,8 +27,6 @@ type routerLoggerOptions struct {
 	RequestID      *string
 }
 
-var signedUserNameStringPointerKey interface{} = "signedUserNameStringPointerKey"
-
 const keyOfRequestIDInTemplate = ".RequestID"
 
 // According to:
@@ -60,8 +59,6 @@ func AccessLogger() func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 			start := time.Now()
-			identity := "-"
-			r := req.WithContext(context.WithValue(req.Context(), signedUserNameStringPointerKey, &identity))
 
 			var requestID string
 			if needRequestID {
@@ -73,9 +70,14 @@ func AccessLogger() func(http.Handler) http.Handler {
 				reqHost = req.RemoteAddr
 			}
 
-			next.ServeHTTP(w, r)
+			next.ServeHTTP(w, req)
 			rw := w.(ResponseWriter)
 
+			identity := "-"
+			data := middleware.GetContextData(req.Context())
+			if signedUser, ok := data[middleware.ContextDataKeySignedUser].(*user_model.User); ok {
+				identity = signedUser.Name
+			}
 			buf := bytes.NewBuffer([]byte{})
 			err = logTemplate.Execute(buf, routerLoggerOptions{
 				req:            req,
diff --git a/modules/context/api.go b/modules/context/api.go
index ae245ec1cb62..e263dcbe8dea 100644
--- a/modules/context/api.go
+++ b/modules/context/api.go
@@ -222,7 +222,7 @@ func APIContexter() func(http.Handler) http.Handler {
 			ctx := APIContext{
 				Context: &Context{
 					Resp:   NewResponse(w),
-					Data:   map[string]interface{}{},
+					Data:   middleware.GetContextData(req.Context()),
 					Locale: locale,
 					Cache:  cache.GetCache(),
 					Repo: &Repository{
@@ -250,17 +250,6 @@ func APIContexter() func(http.Handler) http.Handler {
 			ctx.Data["Context"] = &ctx
 
 			next.ServeHTTP(ctx.Resp, ctx.Req)
-
-			// Handle adding signedUserName to the context for the AccessLogger
-			usernameInterface := ctx.Data["SignedUserName"]
-			identityPtrInterface := ctx.Req.Context().Value(signedUserNameStringPointerKey)
-			if usernameInterface != nil && identityPtrInterface != nil {
-				username := usernameInterface.(string)
-				identityPtr := identityPtrInterface.(*string)
-				if identityPtr != nil && username != "" {
-					*identityPtr = username
-				}
-			}
 		})
 	}
 }
diff --git a/modules/context/context.go b/modules/context/context.go
index cd7fcebe55da..d73a26e5b6f3 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -55,7 +55,7 @@ type Render interface {
 type Context struct {
 	Resp     ResponseWriter
 	Req      *http.Request
-	Data     map[string]interface{} // data used by MVC templates
+	Data     middleware.ContextData // data used by MVC templates
 	PageData map[string]interface{} // data used by JavaScript modules in one page, it's `window.config.pageData`
 	Render   Render
 	translation.Locale
@@ -97,7 +97,7 @@ func (ctx *Context) TrHTMLEscapeArgs(msg string, args ...string) string {
 }
 
 // GetData returns the data
-func (ctx *Context) GetData() map[string]interface{} {
+func (ctx *Context) GetData() middleware.ContextData {
 	return ctx.Data
 }
 
@@ -219,6 +219,7 @@ const tplStatus500 base.TplName = "status/500"
 // HTML calls Context.HTML and renders the template to HTTP response
 func (ctx *Context) HTML(status int, name base.TplName) {
 	log.Debug("Template: %s", name)
+
 	tmplStartTime := time.Now()
 	if !setting.IsProd {
 		ctx.Data["TemplateName"] = name
@@ -226,13 +227,19 @@ func (ctx *Context) HTML(status int, name base.TplName) {
 	ctx.Data["TemplateLoadTimes"] = func() string {
 		return strconv.FormatInt(time.Since(tmplStartTime).Nanoseconds()/1e6, 10) + "ms"
 	}
-	if err := ctx.Render.HTML(ctx.Resp, status, string(name), templates.BaseVars().Merge(ctx.Data)); err != nil {
-		if status == http.StatusInternalServerError && name == tplStatus500 {
-			ctx.PlainText(http.StatusInternalServerError, "Unable to find HTML templates, the template system is not initialized, or Gitea can't find your template files.")
-			return
-		}
+
+	err := ctx.Render.HTML(ctx.Resp, status, string(name), ctx.Data)
+	if err == nil {
+		return
+	}
+
+	// if rendering fails, show error page
+	if name != tplStatus500 {
 		err = fmt.Errorf("failed to render template: %s, error: %s", name, templates.HandleTemplateRenderingError(err))
-		ctx.ServerError("Render failed", err)
+		ctx.ServerError("Render failed", err) // show the 500 error page
+	} else {
+		ctx.PlainText(http.StatusInternalServerError, "Unable to render status/500 page, the template system is broken, or Gitea can't find your template files.")
+		return
 	}
 }
 
@@ -676,7 +683,7 @@ func getCsrfOpts() CsrfOptions {
 }
 
 // Contexter initializes a classic context for a request.
-func Contexter(ctx context.Context) func(next http.Handler) http.Handler {
+func Contexter() func(next http.Handler) http.Handler {
 	rnd := templates.HTMLRenderer()
 	csrfOpts := getCsrfOpts()
 	if !setting.IsProd {
@@ -684,34 +691,30 @@ func Contexter(ctx context.Context) func(next http.Handler) http.Handler {
 	}
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
-			locale := middleware.Locale(resp, req)
-			startTime := time.Now()
-			link := setting.AppSubURL + strings.TrimSuffix(req.URL.EscapedPath(), "/")
-
 			ctx := Context{
 				Resp:    NewResponse(resp),
 				Cache:   mc.GetCache(),
-				Locale:  locale,
-				Link:    link,
+				Locale:  middleware.Locale(resp, req),
+				Link:    setting.AppSubURL + strings.TrimSuffix(req.URL.EscapedPath(), "/"),
 				Render:  rnd,
 				Session: session.GetSession(req),
 				Repo: &Repository{
 					PullRequest: &PullRequest{},
 				},
-				Org: &Organization{},
-				Data: map[string]interface{}{
-					"CurrentURL":    setting.AppSubURL + req.URL.RequestURI(),
-					"PageStartTime": startTime,
-					"Link":          link,
-					"RunModeIsProd": setting.IsProd,
-				},
+				Org:  &Organization{},
+				Data: middleware.GetContextData(req.Context()),
 			}
 			defer ctx.Close()
 
+			ctx.Data.MergeFrom(middleware.CommonTemplateContextData())
+			ctx.Data["Context"] = &ctx
+			ctx.Data["CurrentURL"] = setting.AppSubURL + req.URL.RequestURI()
+			ctx.Data["Link"] = ctx.Link
+			ctx.Data["locale"] = ctx.Locale
+
 			// PageData is passed by reference, and it will be rendered to `window.config.pageData` in `head.tmpl` for JavaScript modules
-			ctx.PageData = map[string]interface{}{}
+			ctx.PageData = map[string]any{}
 			ctx.Data["PageData"] = ctx.PageData
-			ctx.Data["Context"] = &ctx
 
 			ctx.Req = WithContext(req, &ctx)
 			ctx.Csrf = PrepareCSRFProtector(csrfOpts, &ctx)
@@ -755,16 +758,6 @@ func Contexter(ctx context.Context) func(next http.Handler) http.Handler {
 			ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.Data["CsrfToken"].(string) + `">`)
 
 			// FIXME: do we really always need these setting? There should be someway to have to avoid having to always set these
-			ctx.Data["IsLandingPageHome"] = setting.LandingPageURL == setting.LandingPageHome
-			ctx.Data["IsLandingPageExplore"] = setting.LandingPageURL == setting.LandingPageExplore
-			ctx.Data["IsLandingPageOrganizations"] = setting.LandingPageURL == setting.LandingPageOrganizations
-
-			ctx.Data["ShowRegistrationButton"] = setting.Service.ShowRegistrationButton
-			ctx.Data["ShowMilestonesDashboardPage"] = setting.Service.ShowMilestonesDashboardPage
-			ctx.Data["ShowFooterVersion"] = setting.Other.ShowFooterVersion
-
-			ctx.Data["EnableSwagger"] = setting.API.EnableSwagger
-			ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn
 			ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
 			ctx.Data["DisableStars"] = setting.Repository.DisableStars
 			ctx.Data["EnableActions"] = setting.Actions.Enabled
@@ -777,21 +770,9 @@ func Contexter(ctx context.Context) func(next http.Handler) http.Handler {
 			ctx.Data["UnitProjectsGlobalDisabled"] = unit.TypeProjects.UnitGlobalDisabled()
 			ctx.Data["UnitActionsGlobalDisabled"] = unit.TypeActions.UnitGlobalDisabled()
 
-			ctx.Data["locale"] = locale
 			ctx.Data["AllLangs"] = translation.AllLangs()
 
 			next.ServeHTTP(ctx.Resp, ctx.Req)
-
-			// Handle adding signedUserName to the context for the AccessLogger
-			usernameInterface := ctx.Data["SignedUserName"]
-			identityPtrInterface := ctx.Req.Context().Value(signedUserNameStringPointerKey)
-			if usernameInterface != nil && identityPtrInterface != nil {
-				username := usernameInterface.(string)
-				identityPtr := identityPtrInterface.(*string)
-				if identityPtr != nil && username != "" {
-					*identityPtr = username
-				}
-			}
 		})
 	}
 }
diff --git a/modules/context/package.go b/modules/context/package.go
index 6c418b316466..fe5bdac19d67 100644
--- a/modules/context/package.go
+++ b/modules/context/package.go
@@ -16,6 +16,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/templates"
+	"code.gitea.io/gitea/modules/web/middleware"
 )
 
 // Package contains owner, access mode and optional the package descriptor
@@ -136,7 +137,7 @@ func PackageContexter(ctx gocontext.Context) func(next http.Handler) http.Handle
 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
 			ctx := Context{
 				Resp:   NewResponse(resp),
-				Data:   map[string]interface{}{},
+				Data:   middleware.GetContextData(req.Context()),
 				Render: rnd,
 			}
 			defer ctx.Close()
diff --git a/modules/context/private.go b/modules/context/private.go
index 24f50fa4713e..f621dd68390f 100644
--- a/modules/context/private.go
+++ b/modules/context/private.go
@@ -11,6 +11,7 @@ import (
 
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/process"
+	"code.gitea.io/gitea/modules/web/middleware"
 )
 
 // PrivateContext represents a context for private routes
@@ -62,7 +63,7 @@ func PrivateContexter() func(http.Handler) http.Handler {
 			ctx := &PrivateContext{
 				Context: &Context{
 					Resp: NewResponse(w),
-					Data: map[string]interface{}{},
+					Data: middleware.GetContextData(req.Context()),
 				},
 			}
 			defer ctx.Close()
diff --git a/modules/templates/base.go b/modules/templates/base.go
index 4254a569764e..ef28cc03f45d 100644
--- a/modules/templates/base.go
+++ b/modules/templates/base.go
@@ -5,43 +5,12 @@ package templates
 
 import (
 	"strings"
-	"time"
 
 	"code.gitea.io/gitea/modules/assetfs"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 )
 
-// Vars represents variables to be render in golang templates
-type Vars map[string]interface{}
-
-// Merge merges another vars to the current, another Vars will override the current
-func (vars Vars) Merge(another map[string]interface{}) Vars {
-	for k, v := range another {
-		vars[k] = v
-	}
-	return vars
-}
-
-// BaseVars returns all basic vars
-func BaseVars() Vars {
-	startTime := time.Now()
-	return map[string]interface{}{
-		"IsLandingPageHome":          setting.LandingPageURL == setting.LandingPageHome,
-		"IsLandingPageExplore":       setting.LandingPageURL == setting.LandingPageExplore,
-		"IsLandingPageOrganizations": setting.LandingPageURL == setting.LandingPageOrganizations,
-
-		"ShowRegistrationButton":        setting.Service.ShowRegistrationButton,
-		"ShowMilestonesDashboardPage":   setting.Service.ShowMilestonesDashboardPage,
-		"ShowFooterVersion":             setting.Other.ShowFooterVersion,
-		"DisableDownloadSourceArchives": setting.Repository.DisableDownloadSourceArchives,
-
-		"EnableSwagger":      setting.API.EnableSwagger,
-		"EnableOpenIDSignIn": setting.Service.EnableOpenIDSignIn,
-		"PageStartTime":      startTime,
-	}
-}
-
 func AssetFS() *assetfs.LayeredFS {
 	return assetfs.Layered(CustomAssets(), BuiltinAssets())
 }
diff --git a/modules/test/context_tests.go b/modules/test/context_tests.go
index 4af76512505c..35dd920bb92a 100644
--- a/modules/test/context_tests.go
+++ b/modules/test/context_tests.go
@@ -30,7 +30,7 @@ func MockContext(t *testing.T, path string) *context.Context {
 	resp := &mockResponseWriter{}
 	ctx := context.Context{
 		Render: &mockRender{},
-		Data:   make(map[string]interface{}),
+		Data:   make(middleware.ContextData),
 		Flash: &middleware.Flash{
 			Values: make(url.Values),
 		},
diff --git a/modules/web/middleware/data.go b/modules/web/middleware/data.go
index 43189940ee20..c1f0516d7d2f 100644
--- a/modules/web/middleware/data.go
+++ b/modules/web/middleware/data.go
@@ -3,7 +3,63 @@
 
 package middleware
 
-// DataStore represents a data store
-type DataStore interface {
-	GetData() map[string]interface{}
+import (
+	"context"
+	"time"
+
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// ContextDataStore represents a data store
+type ContextDataStore interface {
+	GetData() ContextData
+}
+
+type ContextData map[string]any
+
+func (ds ContextData) GetData() map[string]any {
+	return ds
+}
+
+func (ds ContextData) MergeFrom(other ContextData) ContextData {
+	for k, v := range other {
+		ds[k] = v
+	}
+	return ds
+}
+
+const ContextDataKeySignedUser = "SignedUser"
+
+type contextDataKeyType struct{}
+
+var contextDataKey contextDataKeyType
+
+func WithContextData(c context.Context) context.Context {
+	return context.WithValue(c, contextDataKey, make(ContextData, 10))
+}
+
+func GetContextData(c context.Context) ContextData {
+	if ds, ok := c.Value(contextDataKey).(ContextData); ok {
+		return ds
+	}
+	return nil
+}
+
+func CommonTemplateContextData() ContextData {
+	return ContextData{
+		"IsLandingPageHome":          setting.LandingPageURL == setting.LandingPageHome,
+		"IsLandingPageExplore":       setting.LandingPageURL == setting.LandingPageExplore,
+		"IsLandingPageOrganizations": setting.LandingPageURL == setting.LandingPageOrganizations,
+
+		"ShowRegistrationButton":        setting.Service.ShowRegistrationButton,
+		"ShowMilestonesDashboardPage":   setting.Service.ShowMilestonesDashboardPage,
+		"ShowFooterVersion":             setting.Other.ShowFooterVersion,
+		"DisableDownloadSourceArchives": setting.Repository.DisableDownloadSourceArchives,
+
+		"EnableSwagger":      setting.API.EnableSwagger,
+		"EnableOpenIDSignIn": setting.Service.EnableOpenIDSignIn,
+		"PageStartTime":      time.Now(),
+
+		"RunModeIsProd": setting.IsProd,
+	}
 }
diff --git a/modules/web/middleware/flash.go b/modules/web/middleware/flash.go
index f2d7cc692d28..fa29ddeffc79 100644
--- a/modules/web/middleware/flash.go
+++ b/modules/web/middleware/flash.go
@@ -18,7 +18,7 @@ var FlashNow bool
 
 // Flash represents a one time data transfer between two requests.
 type Flash struct {
-	DataStore
+	DataStore ContextDataStore
 	url.Values
 	ErrorMsg, WarningMsg, InfoMsg, SuccessMsg string
 }
@@ -34,7 +34,7 @@ func (f *Flash) set(name, msg string, current ...bool) {
 	}
 
 	if isShow {
-		f.GetData()["Flash"] = f
+		f.DataStore.GetData()["Flash"] = f
 	} else {
 		f.Set(name, msg)
 	}
diff --git a/modules/web/middleware/request.go b/modules/web/middleware/request.go
index 34add27214b8..0bb155df7034 100644
--- a/modules/web/middleware/request.go
+++ b/modules/web/middleware/request.go
@@ -12,8 +12,3 @@ import (
 func IsAPIPath(req *http.Request) bool {
 	return strings.HasPrefix(req.URL.Path, "/api/")
 }
-
-// IsInternalPath returns true if the specified URL is an internal API path
-func IsInternalPath(req *http.Request) bool {
-	return strings.HasPrefix(req.URL.Path, "/api/internal/")
-}
diff --git a/modules/web/route.go b/modules/web/route.go
index 6fd60f4ca739..d801f1025c94 100644
--- a/modules/web/route.go
+++ b/modules/web/route.go
@@ -25,12 +25,12 @@ func Bind[T any](_ T) any {
 }
 
 // SetForm set the form object
-func SetForm(data middleware.DataStore, obj interface{}) {
+func SetForm(data middleware.ContextDataStore, obj interface{}) {
 	data.GetData()["__form"] = obj
 }
 
 // GetForm returns the validate form information
-func GetForm(data middleware.DataStore) interface{} {
+func GetForm(data middleware.ContextDataStore) interface{} {
 	return data.GetData()["__form"]
 }
 
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 8649a982b08e..8afa83aa94fe 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -103,7 +103,6 @@ func CreateUser(ctx *context.APIContext) {
 		if err != nil {
 			log.Error(err.Error())
 		}
-		ctx.Data["Err_Password"] = true
 		ctx.Error(http.StatusBadRequest, "PasswordPwned", errors.New("PasswordPwned"))
 		return
 	}
@@ -201,7 +200,6 @@ func EditUser(ctx *context.APIContext) {
 			if err != nil {
 				log.Error(err.Error())
 			}
-			ctx.Data["Err_Password"] = true
 			ctx.Error(http.StatusBadRequest, "PasswordPwned", errors.New("PasswordPwned"))
 			return
 		}
diff --git a/routers/api/v1/misc/markup_test.go b/routers/api/v1/misc/markup_test.go
index 32de2956b792..68776613b272 100644
--- a/routers/api/v1/misc/markup_test.go
+++ b/routers/api/v1/misc/markup_test.go
@@ -19,6 +19,7 @@ import (
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/modules/web/middleware"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -36,7 +37,7 @@ func createContext(req *http.Request) (*context.Context, *httptest.ResponseRecor
 		Req:    req,
 		Resp:   context.NewResponse(resp),
 		Render: rnd,
-		Data:   make(map[string]interface{}),
+		Data:   make(middleware.ContextData),
 	}
 	defer c.Close()
 
diff --git a/routers/common/errpage.go b/routers/common/errpage.go
new file mode 100644
index 000000000000..4cf3bf83578a
--- /dev/null
+++ b/routers/common/errpage.go
@@ -0,0 +1,57 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package common
+
+import (
+	"fmt"
+	"net/http"
+
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/httpcache"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/templates"
+	"code.gitea.io/gitea/modules/web/middleware"
+	"code.gitea.io/gitea/modules/web/routing"
+)
+
+const tplStatus500 base.TplName = "status/500"
+
+// RenderPanicErrorPage renders a 500 page, and it never panics
+func RenderPanicErrorPage(w http.ResponseWriter, req *http.Request, err any) {
+	combinedErr := fmt.Sprintf("%v\n%s", err, log.Stack(2))
+	log.Error("PANIC: %s", combinedErr)
+
+	defer func() {
+		if err := recover(); err != nil {
+			log.Error("Panic occurs again when rendering error page: %v", err)
+		}
+	}()
+
+	routing.UpdatePanicError(req.Context(), err)
+
+	httpcache.SetCacheControlInHeader(w.Header(), 0, "no-transform")
+	w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
+
+	data := middleware.GetContextData(req.Context())
+	if data["locale"] == nil {
+		data = middleware.CommonTemplateContextData()
+		data["locale"] = middleware.Locale(w, req)
+	}
+
+	// This recovery handler could be called without Gitea's web context, so we shouldn't touch that context too much.
+	// Otherwise, the 500-page may cause new panics, eg: cache.GetContextWithData, it makes the developer&users couldn't find the original panic.
+	user, _ := data[middleware.ContextDataKeySignedUser].(*user_model.User)
+	if !setting.IsProd || (user != nil && user.IsAdmin) {
+		data["ErrorMsg"] = "PANIC: " + combinedErr
+	}
+
+	err = templates.HTMLRenderer().HTML(w, http.StatusInternalServerError, string(tplStatus500), data)
+	if err != nil {
+		log.Error("Error occurs again when rendering error page: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		_, _ = w.Write([]byte("Internal server error, please collect error logs and report to Gitea issue tracker"))
+	}
+}
diff --git a/routers/common/middleware.go b/routers/common/middleware.go
index 28ecf934e1cc..c1ee9dd765af 100644
--- a/routers/common/middleware.go
+++ b/routers/common/middleware.go
@@ -10,9 +10,9 @@ import (
 
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/context"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web/middleware"
 	"code.gitea.io/gitea/modules/web/routing"
 
 	"gitea.com/go-chi/session"
@@ -20,13 +20,26 @@ import (
 	chi "github.com/go-chi/chi/v5"
 )
 
-// ProtocolMiddlewares returns HTTP protocol related middlewares
+// ProtocolMiddlewares returns HTTP protocol related middlewares, and it provides a global panic recovery
 func ProtocolMiddlewares() (handlers []any) {
+	// first, normalize the URL path
+	handlers = append(handlers, stripSlashesMiddleware)
+
+	// prepare the ContextData and panic recovery
 	handlers = append(handlers, func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
-			// First of all escape the URL RawPath to ensure that all routing is done using a correctly escaped URL
-			req.URL.RawPath = req.URL.EscapedPath()
+			defer func() {
+				if err := recover(); err != nil {
+					RenderPanicErrorPage(resp, req, err) // it should never panic
+				}
+			}()
+			req = req.WithContext(middleware.WithContextData(req.Context()))
+			next.ServeHTTP(resp, req)
+		})
+	})
 
+	handlers = append(handlers, func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
 			ctx, _, finished := process.GetManager().AddTypedContext(req.Context(), fmt.Sprintf("%s: %s", req.Method, req.RequestURI), process.RequestProcessType, true)
 			defer finished()
 			next.ServeHTTP(context.NewResponse(resp), req.WithContext(cache.WithCacheContext(ctx)))
@@ -47,9 +60,6 @@ func ProtocolMiddlewares() (handlers []any) {
 		handlers = append(handlers, proxy.ForwardedHeaders(opt))
 	}
 
-	// Strip slashes.
-	handlers = append(handlers, stripSlashesMiddleware)
-
 	if !setting.Log.DisableRouterLog {
 		handlers = append(handlers, routing.NewLoggerHandler())
 	}
@@ -58,40 +68,18 @@ func ProtocolMiddlewares() (handlers []any) {
 		handlers = append(handlers, context.AccessLogger())
 	}
 
-	handlers = append(handlers, func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
-			// Why we need this? The Recovery() will try to render a beautiful
-			// error page for user, but the process can still panic again, and other
-			// middleware like session also may panic then we have to recover twice
-			// and send a simple error page that should not panic anymore.
-			defer func() {
-				if err := recover(); err != nil {
-					routing.UpdatePanicError(req.Context(), err)
-					combinedErr := fmt.Sprintf("PANIC: %v\n%s", err, log.Stack(2))
-					log.Error("%v", combinedErr)
-					if setting.IsProd {
-						http.Error(resp, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-					} else {
-						http.Error(resp, combinedErr, http.StatusInternalServerError)
-					}
-				}
-			}()
-			next.ServeHTTP(resp, req)
-		})
-	})
 	return handlers
 }
 
 func stripSlashesMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
-		var urlPath string
+		// First of all escape the URL RawPath to ensure that all routing is done using a correctly escaped URL
+		req.URL.RawPath = req.URL.EscapedPath()
+
+		urlPath := req.URL.RawPath
 		rctx := chi.RouteContext(req.Context())
 		if rctx != nil && rctx.RoutePath != "" {
 			urlPath = rctx.RoutePath
-		} else if req.URL.RawPath != "" {
-			urlPath = req.URL.RawPath
-		} else {
-			urlPath = req.URL.Path
 		}
 
 		sanitizedPath := &strings.Builder{}
diff --git a/routers/install/install.go b/routers/install/install.go
index c838db65822c..714ddd554845 100644
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -5,7 +5,6 @@
 package install
 
 import (
-	goctx "context"
 	"fmt"
 	"net/http"
 	"os"
@@ -53,33 +52,32 @@ func getSupportedDbTypeNames() (dbTypeNames []map[string]string) {
 	return dbTypeNames
 }
 
-// Init prepare for rendering installation page
-func Init(ctx goctx.Context) func(next http.Handler) http.Handler {
+// Contexter prepare for rendering installation page
+func Contexter() func(next http.Handler) http.Handler {
 	rnd := templates.HTMLRenderer()
 	dbTypeNames := getSupportedDbTypeNames()
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
-			locale := middleware.Locale(resp, req)
-			startTime := time.Now()
 			ctx := context.Context{
 				Resp:    context.NewResponse(resp),
 				Flash:   &middleware.Flash{},
-				Locale:  locale,
+				Locale:  middleware.Locale(resp, req),
 				Render:  rnd,
+				Data:    middleware.GetContextData(req.Context()),
 				Session: session.GetSession(req),
-				Data: map[string]interface{}{
-					"locale":        locale,
-					"Title":         locale.Tr("install.install"),
-					"PageIsInstall": true,
-					"DbTypeNames":   dbTypeNames,
-					"AllLangs":      translation.AllLangs(),
-					"PageStartTime": startTime,
-
-					"PasswordHashAlgorithms": hash.RecommendedHashAlgorithms,
-				},
 			}
 			defer ctx.Close()
 
+			ctx.Data.MergeFrom(middleware.CommonTemplateContextData())
+			ctx.Data.MergeFrom(middleware.ContextData{
+				"locale":        ctx.Locale,
+				"Title":         ctx.Locale.Tr("install.install"),
+				"PageIsInstall": true,
+				"DbTypeNames":   dbTypeNames,
+				"AllLangs":      translation.AllLangs(),
+
+				"PasswordHashAlgorithms": hash.RecommendedHashAlgorithms,
+			})
 			ctx.Req = context.WithContext(req, &ctx)
 			next.ServeHTTP(resp, ctx.Req)
 		})
diff --git a/routers/install/routes.go b/routers/install/routes.go
index 88c7e996952f..52c07cfa26e6 100644
--- a/routers/install/routes.go
+++ b/routers/install/routes.go
@@ -9,76 +9,14 @@ import (
 	"html"
 	"net/http"
 
-	"code.gitea.io/gitea/modules/httpcache"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/public"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/web"
-	"code.gitea.io/gitea/modules/web/middleware"
 	"code.gitea.io/gitea/routers/common"
 	"code.gitea.io/gitea/routers/web/healthcheck"
 	"code.gitea.io/gitea/services/forms"
 )
 
-type dataStore map[string]interface{}
-
-func (d *dataStore) GetData() map[string]interface{} {
-	return *d
-}
-
-func installRecovery(ctx goctx.Context) func(next http.Handler) http.Handler {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-			defer func() {
-				// Why we need this? The first recover will try to render a beautiful
-				// error page for user, but the process can still panic again, then
-				// we have to just recover twice and send a simple error page that
-				// should not panic anymore.
-				defer func() {
-					if err := recover(); err != nil {
-						combinedErr := fmt.Sprintf("PANIC: %v\n%s", err, log.Stack(2))
-						log.Error("%s", combinedErr)
-						if setting.IsProd {
-							http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-						} else {
-							http.Error(w, combinedErr, http.StatusInternalServerError)
-						}
-					}
-				}()
-
-				if err := recover(); err != nil {
-					combinedErr := fmt.Sprintf("PANIC: %v\n%s", err, log.Stack(2))
-					log.Error("%s", combinedErr)
-
-					lc := middleware.Locale(w, req)
-					store := dataStore{
-						"Language":       lc.Language(),
-						"CurrentURL":     setting.AppSubURL + req.URL.RequestURI(),
-						"locale":         lc,
-						"SignedUserID":   int64(0),
-						"SignedUserName": "",
-					}
-
-					httpcache.SetCacheControlInHeader(w.Header(), 0, "no-transform")
-					w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
-
-					if !setting.IsProd {
-						store["ErrorMsg"] = combinedErr
-					}
-					rnd := templates.HTMLRenderer()
-					err = rnd.HTML(w, http.StatusInternalServerError, "status/500", templates.BaseVars().Merge(store))
-					if err != nil {
-						log.Error("%v", err)
-					}
-				}
-			}()
-
-			next.ServeHTTP(w, req)
-		})
-	}
-}
-
 // Routes registers the installation routes
 func Routes(ctx goctx.Context) *web.Route {
 	base := web.NewRoute()
@@ -86,9 +24,7 @@ func Routes(ctx goctx.Context) *web.Route {
 	base.RouteMethods("/assets/*", "GET, HEAD", public.AssetsHandlerFunc("/assets/"))
 
 	r := web.NewRoute()
-	r.Use(common.Sessioner())
-	r.Use(installRecovery(ctx))
-	r.Use(Init(ctx))
+	r.Use(common.Sessioner(), Contexter())
 	r.Get("/", Install) // it must be on the root, because the "install.js" use the window.location to replace the "localhost" AppURL
 	r.Post("/", web.Bind(forms.InstallForm{}), SubmitInstall)
 	r.Get("/post-install", InstallDone)
diff --git a/routers/web/base.go b/routers/web/base.go
index 73607cad0650..b9b59583896f 100644
--- a/routers/web/base.go
+++ b/routers/web/base.go
@@ -4,7 +4,6 @@
 package web
 
 import (
-	goctx "context"
 	"errors"
 	"fmt"
 	"io"
@@ -13,18 +12,12 @@ import (
 	"path"
 	"strings"
 
-	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/httpcache"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
-	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/modules/web/middleware"
 	"code.gitea.io/gitea/modules/web/routing"
-	"code.gitea.io/gitea/services/auth"
-
-	"gitea.com/go-chi/session"
 )
 
 func storageHandler(storageSetting setting.Storage, prefix string, objStore storage.ObjectStorage) func(next http.Handler) http.Handler {
@@ -110,62 +103,3 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor
 		})
 	}
 }
-
-type dataStore map[string]interface{}
-
-func (d *dataStore) GetData() map[string]interface{} {
-	return *d
-}
-
-// RecoveryWith500Page returns a middleware that recovers from any panics and writes a 500 and a log if so.
-// This error will be created with the gitea 500 page.
-func RecoveryWith500Page(ctx goctx.Context) func(next http.Handler) http.Handler {
-	rnd := templates.HTMLRenderer()
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-			defer func() {
-				if err := recover(); err != nil {
-					routing.UpdatePanicError(req.Context(), err)
-					combinedErr := fmt.Sprintf("PANIC: %v\n%s", err, log.Stack(2))
-					log.Error("%s", combinedErr)
-
-					sessionStore := session.GetSession(req)
-
-					lc := middleware.Locale(w, req)
-					store := dataStore{
-						"Language":   lc.Language(),
-						"CurrentURL": setting.AppSubURL + req.URL.RequestURI(),
-						"locale":     lc,
-					}
-
-					// TODO: this recovery handler is usually called without Gitea's web context, so we shouldn't touch that context too much
-					// Otherwise, the 500 page may cause new panics, eg: cache.GetContextWithData, it makes the developer&users couldn't find the original panic
-					user := context.GetContextUser(req) // almost always nil
-					if user == nil {
-						// Get user from session if logged in - do not attempt to sign-in
-						user = auth.SessionUser(sessionStore)
-					}
-
-					httpcache.SetCacheControlInHeader(w.Header(), 0, "no-transform")
-					w.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
-
-					if !setting.IsProd || (user != nil && user.IsAdmin) {
-						store["ErrorMsg"] = combinedErr
-					}
-
-					defer func() {
-						if err := recover(); err != nil {
-							log.Error("HTML render in Recovery handler panics again: %v", err)
-						}
-					}()
-					err = rnd.HTML(w, http.StatusInternalServerError, "status/500", templates.BaseVars().Merge(store))
-					if err != nil {
-						log.Error("HTML render in Recovery handler fails again: %v", err)
-					}
-				}
-			}()
-
-			next.ServeHTTP(w, req)
-		})
-	}
-}
diff --git a/routers/web/web.go b/routers/web/web.go
index 5357c55500fc..8cdc10935efb 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -116,38 +116,34 @@ func Routes(ctx gocontext.Context) *web.Route {
 
 	_ = templates.HTMLRenderer()
 
-	common := []any{
-		common.Sessioner(),
-		RecoveryWith500Page(ctx),
-	}
+	var mid []any
 
 	if setting.EnableGzip {
 		h, err := gziphandler.GzipHandlerWithOpts(gziphandler.MinSize(GzipMinSize))
 		if err != nil {
 			log.Fatal("GzipHandlerWithOpts failed: %v", err)
 		}
-		common = append(common, h)
+		mid = append(mid, h)
 	}
 
 	if setting.Service.EnableCaptcha {
 		// The captcha http.Handler should only fire on /captcha/* so we can just mount this on that url
-		routes.RouteMethods("/captcha/*", "GET,HEAD", append(common, captcha.Captchaer(context.GetImageCaptcha()))...)
+		routes.RouteMethods("/captcha/*", "GET,HEAD", append(mid, captcha.Captchaer(context.GetImageCaptcha()))...)
 	}
 
 	if setting.HasRobotsTxt {
-		routes.Get("/robots.txt", append(common, misc.RobotsTxt)...)
+		routes.Get("/robots.txt", append(mid, misc.RobotsTxt)...)
 	}
 
-	// prometheus metrics endpoint - do not need to go through contexter
 	if setting.Metrics.Enabled {
 		prometheus.MustRegister(metrics.NewCollector())
-		routes.Get("/metrics", append(common, Metrics)...)
+		routes.Get("/metrics", append(mid, Metrics)...)
 	}
 
 	routes.Get("/ssh_info", misc.SSHInfo)
 	routes.Get("/api/healthz", healthcheck.Check)
 
-	common = append(common, context.Contexter(ctx))
+	mid = append(mid, common.Sessioner(), context.Contexter())
 
 	group := buildAuthGroup()
 	if err := group.Init(ctx); err != nil {
@@ -155,23 +151,23 @@ func Routes(ctx gocontext.Context) *web.Route {
 	}
 
 	// Get user from session if logged in.
-	common = append(common, auth_service.Auth(group))
+	mid = append(mid, auth_service.Auth(group))
 
 	// GetHead allows a HEAD request redirect to GET if HEAD method is not defined for that route
-	common = append(common, middleware.GetHead)
+	mid = append(mid, middleware.GetHead)
 
 	if setting.API.EnableSwagger {
 		// Note: The route is here but no in API routes because it renders a web page
-		routes.Get("/api/swagger", append(common, misc.Swagger)...) // Render V1 by default
+		routes.Get("/api/swagger", append(mid, misc.Swagger)...) // Render V1 by default
 	}
 
 	// TODO: These really seem like things that could be folded into Contexter or as helper functions
-	common = append(common, user.GetNotificationCount)
-	common = append(common, repo.GetActiveStopwatch)
-	common = append(common, goGet)
+	mid = append(mid, user.GetNotificationCount)
+	mid = append(mid, repo.GetActiveStopwatch)
+	mid = append(mid, goGet)
 
 	others := web.NewRoute()
-	others.Use(common...)
+	others.Use(mid...)
 	registerRoutes(others)
 	routes.Mount("", others)
 	return routes
diff --git a/services/auth/interface.go b/services/auth/interface.go
index f2f1aaf39cb0..c4a8a20d0103 100644
--- a/services/auth/interface.go
+++ b/services/auth/interface.go
@@ -13,7 +13,7 @@ import (
 )
 
 // DataStore represents a data store
-type DataStore middleware.DataStore
+type DataStore middleware.ContextDataStore
 
 // SessionStore represents a session store
 type SessionStore session.Store
diff --git a/services/auth/middleware.go b/services/auth/middleware.go
index abeafed9cb46..3b2f883d009c 100644
--- a/services/auth/middleware.go
+++ b/services/auth/middleware.go
@@ -51,13 +51,11 @@ func authShared(ctx *context.Context, authMethod Method) error {
 		ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == BasicMethodName
 		ctx.IsSigned = true
 		ctx.Data["IsSigned"] = ctx.IsSigned
-		ctx.Data["SignedUser"] = ctx.Doer
+		ctx.Data[middleware.ContextDataKeySignedUser] = ctx.Doer
 		ctx.Data["SignedUserID"] = ctx.Doer.ID
-		ctx.Data["SignedUserName"] = ctx.Doer.Name
 		ctx.Data["IsAdmin"] = ctx.Doer.IsAdmin
 	} else {
 		ctx.Data["SignedUserID"] = int64(0)
-		ctx.Data["SignedUserName"] = ""
 	}
 	return nil
 }
diff --git a/templates/base/head_script.tmpl b/templates/base/head_script.tmpl
index d19fae629bd9..670d146b56a0 100644
--- a/templates/base/head_script.tmpl
+++ b/templates/base/head_script.tmpl
@@ -6,7 +6,6 @@ If you introduce mistakes in it, Gitea JavaScript code wouldn't run correctly.
 <script>
 	window.addEventListener('error', function(e) {window._globalHandlerErrors=window._globalHandlerErrors||[]; window._globalHandlerErrors.push(e);});
 	window.config = {
-		initCount: (window.config?.initCount ?? 0) + 1,
 		appUrl: '{{AppUrl}}',
 		appSubUrl: '{{AppSubUrl}}',
 		assetVersionEncoded: encodeURIComponent('{{AssetVersion}}'), // will be used in URL construction directly
diff --git a/templates/status/500.tmpl b/templates/status/500.tmpl
index bca03877561e..469fce593a81 100644
--- a/templates/status/500.tmpl
+++ b/templates/status/500.tmpl
@@ -1,36 +1,61 @@
-{{template "base/head" .}}
-<div role="main" aria-label="{{.Title}}" class="page-content status-page-500">
-	<p class="gt-mt-5 center"><img src="{{AssetUrlPrefix}}/img/500.png" alt="Internal Server Error"></p>
-	<div class="ui divider"></div>
-
-	<div class="ui container gt-mt-5">
-		{{if .ErrorMsg}}
-			<p>{{.locale.Tr "error.occurred"}}:</p>
-			<pre class="gt-whitespace-pre-wrap gt-break-all">{{.ErrorMsg}}</pre>
-		{{end}}
-
-		<div class="center gt-mt-5">
-			{{if .ShowFooterVersion}}<p>{{.locale.Tr "admin.config.app_ver"}}: {{AppVer}}</p>{{end}}
-			{{if .IsAdmin}}<p>{{.locale.Tr "error.report_message"  | Safe}}</p>{{end}}
+{{/* This page should only depend the minimal template functions/variables, to avoid triggering new panics.
+* base template functions: AppName, AssetUrlPrefix, AssetVersion, AppSubUrl, DefaultTheme, Str2html
+* locale
+* ErrorMsg
+* SignedUser (optional)
+*/}}
+<!DOCTYPE html>
+<html lang="{{.locale.Lang}}" class="theme-{{if .SignedUser.Theme}}{{.SignedUser.Theme}}{{else}}{{DefaultTheme}}{{end}}">
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>Internal Server Error - {{AppName}}</title>
+	<link rel="icon" href="{{AssetUrlPrefix}}/img/favicon.svg" type="image/svg+xml">
+	<link rel="alternate icon" href="{{AssetUrlPrefix}}/img/favicon.png" type="image/png">
+	<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/index.css?v={{AssetVersion}}">
+</head>
+<body>
+	<div class="full height">
+		<nav class="ui secondary menu following bar light">
+			<div class="ui container gt-df">
+				<div class="item brand gt-f1">
+					<a href="{{AppSubUrl}}/" aria-label="{{.locale.Tr "home"}}">
+						<img width="30" height="30" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{.locale.Tr "logo"}}" aria-hidden="true">
+					</a>
+				</div>
+				<button class="item ui icon button">{{svg "octicon-three-bars"}}</button>{{/* a fake button to make the UI looks better*/}}
+			</div>
+		</nav>
+		<div role="main" class="page-content status-page-500">
+			<p class="gt-mt-5 center"><img src="{{AssetUrlPrefix}}/img/500.png" alt="Internal Server Error"></p>
+			<div class="ui divider"></div>
+			<div class="ui container gt-mt-5">
+				{{if .ErrorMsg}}
+					<p>{{.locale.Tr "error.occurred"}}:</p>
+					<pre class="gt-whitespace-pre-wrap gt-break-all">{{.ErrorMsg}}</pre>
+				{{end}}
+				<div class="center gt-mt-5">
+					{{if or .SignedUser.IsAdmin .ShowFooterVersion}}<p>{{.locale.Tr "admin.config.app_ver"}}: {{AppVer}}</p>{{end}}
+					{{if .SignedUser.IsAdmin}}<p>{{.locale.Tr "error.report_message"  | Str2html}}</p>{{end}}
+				</div>
+			</div>
 		</div>
 	</div>
-</div>
-{{/* when a sub-template triggers an 500 error, its parent template has been partially rendered,
-then the 500 page will be rendered after that partially rendered page, the HTML/JS are totally broken.
-so use this inline script to try to move it to main viewport */}}
-<script type="module">
-const embedded = document.querySelector('.page-content .page-content.status-page-500');
-if (embedded) {
-	// move footer to main view
-	const footer = document.querySelector('footer');
-	if (footer) document.querySelector('body').append(footer);
-	// move the 500 error page content to main view
-	const embeddedParent = embedded.parentNode;
-	let main = document.querySelector('.page-content');
-	main = main ?? document.querySelector('body');
-	main.prepend(document.createElement('hr'));
-	main.prepend(embedded);
-	embeddedParent.remove(); // remove the unrelated 500-page elements (eg: the duplicate nav bar)
-}
-</script>
-{{template "base/footer" .}}
+
+	{{/* When a sub-template triggers an 500 error, its parent template has been partially rendered, then the 500 page
+		will be rendered after that partially rendered page, the HTML/JS are totally broken. Use this inline script to try to move it to main viewport.
+		And this page shouldn't include any other JS file, avoid duplicate JS execution (still due to the partial rendering).*/}}
+	<script type="module">
+		const embedded = document.querySelector('.page-content .page-content.status-page-500');
+		if (embedded) {
+			// move the 500 error page content to main view
+			const embeddedParent = embedded.parentNode;
+			let main = document.querySelector('.page-content');
+			main = main ?? document.querySelector('body');
+			main.prepend(document.createElement('hr'));
+			main.prepend(embedded);
+			embeddedParent.remove(); // remove the unrelated 500-page elements (eg: the duplicate nav bar)
+		}
+	</script>
+</body>
+</html>
diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl
index 9f454a82f19f..5463270854e7 100644
--- a/templates/user/profile.tmpl
+++ b/templates/user/profile.tmpl
@@ -5,7 +5,7 @@
 			<div class="ui five wide column">
 				<div class="ui card">
 					<div id="profile-avatar" class="content gt-df">
-					{{if eq .SignedUserName .ContextUser.Name}}
+					{{if eq .SignedUserID .ContextUser.ID}}
 						<a class="image" href="{{AppSubUrl}}/user/settings" data-tooltip-content="{{.locale.Tr "user.change_avatar"}}">
 							{{avatar $.Context .ContextUser 290}}
 						</a>
@@ -30,7 +30,7 @@
 							{{if .ContextUser.Location}}
 								<li>{{svg "octicon-location"}} {{.ContextUser.Location}}</li>
 							{{end}}
-							{{if (eq .SignedUserName .ContextUser.Name)}}
+							{{if (eq .SignedUserID .ContextUser.ID)}}
 								<li>
 									{{svg "octicon-mail"}}
 									<a href="mailto:{{.ContextUser.Email}}" rel="nofollow">{{.ContextUser.Email}}</a>
@@ -100,7 +100,7 @@
 								</ul>
 							</li>
 							{{end}}
-							{{if and .IsSigned (ne .SignedUserName .ContextUser.Name)}}
+							{{if and .IsSigned (ne .SignedUserID .ContextUser.ID)}}
 							<li class="follow">
 								{{if $.IsFollowing}}
 									<form method="post" action="{{.Link}}?action=unfollow&redirect_to={{$.Link}}">
diff --git a/web_src/js/bootstrap.js b/web_src/js/bootstrap.js
index 4f88c600f555..f0b020ce1cf6 100644
--- a/web_src/js/bootstrap.js
+++ b/web_src/js/bootstrap.js
@@ -20,10 +20,6 @@ export function showGlobalErrorMessage(msg) {
  * @param {ErrorEvent} e
  */
 function processWindowErrorEvent(e) {
-  if (window.config.initCount > 1) {
-    // the page content has been loaded many times, the HTML/JS are totally broken, don't need to show error message
-    return;
-  }
   if (!e.error && e.lineno === 0 && e.colno === 0 && e.filename === '' && window.navigator.userAgent.includes('FxiOS/')) {
     // At the moment, Firefox (iOS) (10x) has an engine bug. See https://github.com/go-gitea/gitea/issues/20240
     // If a script inserts a newly created (and content changed) element into DOM, there will be a nonsense error event reporting: Script error: line 0, col 0.
@@ -37,13 +33,6 @@ function initGlobalErrorHandler() {
   if (!window.config) {
     showGlobalErrorMessage(`Gitea JavaScript code couldn't run correctly, please check your custom templates`);
   }
-  if (window.config.initCount > 1) {
-    // when a sub-templates triggers an 500 error, its parent template has been partially rendered,
-    // then the 500 page will be rendered after that partially rendered page, which will cause the initCount > 1
-    // in this case, the page is totally broken, so do not do any further error handling
-    console.error('initGlobalErrorHandler: Gitea global config system has already been initialized, there must be something else wrong');
-    return;
-  }
   // we added an event handler for window error at the very beginning of <script> of page head
   // the handler calls `_globalHandlerErrors.push` (array method) to record all errors occur before this init
   // then in this init, we can collect all error events and show them

From b1cee3fa3bbe9e54c3ced95fa9a38caa5b3494b9 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 4 May 2023 15:27:15 +0800
Subject: [PATCH 04/13] Don't display creating page button in a mirror wiki
 repository (#24395)

A mirror repository with wiki is also a mirror. So creating page from UI
should be disabled. This PR hides the button like other places.
---
 options/locale/locale_en-US.ini      | 1 +
 templates/repo/settings/options.tmpl | 2 +-
 templates/repo/wiki/pages.tmpl       | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 180fd1c18d0e..83b978bee516 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1904,6 +1904,7 @@ settings.sync_mirror = Synchronize Now
 settings.mirror_sync_in_progress = Mirror synchronization is in progress. Check back in a minute.
 settings.site = Website
 settings.update_settings = Update Settings
+settings.update_mirror_settings = Update Mirror Settings
 settings.branches.switch_default_branch = Switch Default Branch
 settings.branches.update_default_branch = Update Default Branch
 settings.branches.add_new_rule = Add New Rule
diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index 688d00bd72bc..cd2854c0622a 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -153,7 +153,7 @@
 									</div>
 									{{end}}
 									<div class="field">
-										<button class="ui green button">{{$.locale.Tr "repo.settings.update_settings"}}</button>
+										<button class="ui green button">{{$.locale.Tr "repo.settings.update_mirror_settings"}}</button>
 									</div>
 								</form>
 							</td>
diff --git a/templates/repo/wiki/pages.tmpl b/templates/repo/wiki/pages.tmpl
index 97abf9b5436f..6169109ce921 100644
--- a/templates/repo/wiki/pages.tmpl
+++ b/templates/repo/wiki/pages.tmpl
@@ -5,7 +5,7 @@
 		<h2 class="ui header gt-df gt-ac gt-sb">
 			<span>{{.locale.Tr "repo.wiki.pages"}}</span>
 			<span>
-				{{if and .CanWriteWiki (not .IsRepositoryMirror)}}
+				{{if and .CanWriteWiki (not .Repository.IsMirror)}}
 					<a class="ui green small button" href="{{.RepoLink}}/wiki?action=_new">{{.locale.Tr "repo.wiki.new_page_button"}}</a>
 				{{end}}
 			</span>

From 55a57177600028ba8e4a480a08f1ee4d69d219d6 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 4 May 2023 18:37:39 +0800
Subject: [PATCH 05/13] Remove unused zapx replace statement on go.mod (#24515)

Fix #23617

Co-authored-by: Giteabot <teabot@gitea.io>
---
 go.mod | 2 --
 1 file changed, 2 deletions(-)

diff --git a/go.mod b/go.mod
index 58e90cc0fd3d..64266dd1ed92 100644
--- a/go.mod
+++ b/go.mod
@@ -290,8 +290,6 @@ replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
 
 replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0
 
-replace github.com/blevesearch/zapx/v15 v15.3.6 => github.com/zeripath/zapx/v15 v15.3.6-alignment-fix
-
 replace github.com/nektos/act => gitea.com/gitea/act v0.243.4
 
 exclude github.com/gofrs/uuid v3.2.0+incompatible

From 03fab6a8bba349e9916b580f6cbe5e3f9c325e60 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Thu, 4 May 2023 20:07:15 +0800
Subject: [PATCH 06/13] Fix some mistakes when using `ignSignIn` (#24415)

Some old code doesn't respect the definition of `RequireSignInView` (the
`ignSignIn` is forgotten).

After #24413, this PR will do more fixes, ~~and rename the strange
`ignSignIn` to `optSignIn`.~~

This PR is ready for review, I think we can postpone the "ignSignIn"
renaming to another, to make this PR simple and clear.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
---
 routers/web/web.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/routers/web/web.go b/routers/web/web.go
index 8cdc10935efb..e904db321d81 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -176,10 +176,11 @@ func Routes(ctx gocontext.Context) *web.Route {
 // registerRoutes register routes
 func registerRoutes(m *web.Route) {
 	reqSignIn := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignInRequired: true})
+	reqSignOut := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignOutRequired: true})
+	// TODO: rename them to "optSignIn", which means that the "sign-in" could be optional, depends on the VerifyOptions (RequireSignInView)
 	ignSignIn := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignInRequired: setting.Service.RequireSignInView})
 	ignExploreSignIn := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignInRequired: setting.Service.RequireSignInView || setting.Service.Explore.RequireSigninView})
 	ignSignInAndCsrf := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{DisableCSRF: true})
-	reqSignOut := auth_service.VerifyAuthWithOptions(&auth_service.VerifyOptions{SignOutRequired: true})
 	validation.AddBindingRules()
 
 	linkAccountEnabled := func(ctx *context.Context) {
@@ -489,7 +490,6 @@ func registerRoutes(m *web.Route) {
 	}, reqSignIn, ctxDataSet("PageIsUserSettings", true, "AllThemes", setting.UI.Themes, "EnablePackages", setting.Packages.Enabled))
 
 	m.Group("/user", func() {
-		// r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
 		m.Get("/activate", auth.Activate)
 		m.Post("/activate", auth.ActivatePost)
 		m.Any("/activate_email", auth.ActivateEmail)
@@ -809,7 +809,7 @@ func registerRoutes(m *web.Route) {
 						}, reqPackageAccess(perm.AccessModeWrite))
 					})
 				})
-			}, ignSignIn, context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))
+			}, context.PackageAssignment(), reqPackageAccess(perm.AccessModeRead))
 		}
 
 		m.Group("/projects", func() {
@@ -848,7 +848,7 @@ func registerRoutes(m *web.Route) {
 		m.Group("", func() {
 			m.Get("/code", user.CodeSearch)
 		}, reqUnitAccess(unit.TypeCode, perm.AccessModeRead))
-	}, context_service.UserAssignmentWeb(), context.OrgAssignment())
+	}, ignSignIn, context_service.UserAssignmentWeb(), context.OrgAssignment()) // for "/{username}/-" (packages, projects, code)
 
 	// ***** Release Attachment Download without Signin
 	m.Get("/{username}/{reponame}/releases/download/{vTag}/{fileName}", ignSignIn, context.RepoAssignment, repo.MustBeNotEmpty, repo.RedirectDownload)
@@ -940,7 +940,7 @@ func registerRoutes(m *web.Route) {
 
 	m.Post("/{username}/{reponame}/action/{action}", reqSignIn, context.RepoAssignment, context.UnitTypes(), repo.Action)
 
-	// Grouping for those endpoints not requiring authentication
+	// Grouping for those endpoints not requiring authentication (but should respect ignSignIn)
 	m.Group("/{username}/{reponame}", func() {
 		m.Group("/milestone", func() {
 			m.Get("/{id}", repo.MilestoneIssuesAndPulls)
@@ -953,14 +953,14 @@ func registerRoutes(m *web.Route) {
 		})
 		m.Get("/compare", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists, ignSignIn, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.CompareDiff)
 		m.Combo("/compare/*", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists).
-			Get(ignSignIn, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.CompareDiff).
+			Get(repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.CompareDiff).
 			Post(reqSignIn, context.RepoMustNotBeArchived(), reqRepoPullsReader, repo.MustAllowPulls, web.Bind(forms.CreateIssueForm{}), repo.SetWhitespaceBehavior, repo.CompareAndPullRequestPost)
 		m.Group("/{type:issues|pulls}", func() {
 			m.Group("/{index}", func() {
 				m.Get("/info", repo.GetIssueInfo)
 			})
 		})
-	}, context.RepoAssignment, context.UnitTypes())
+	}, ignSignIn, context.RepoAssignment, context.UnitTypes()) // for "/{username}/{reponame}" which doesn't require authentication
 
 	// Grouping for those endpoints that do require authentication
 	m.Group("/{username}/{reponame}", func() {

From 7abe958f5b507efa676fb3b2e27d30517f6d1908 Mon Sep 17 00:00:00 2001
From: Hester Gong <hestergong@gmail.com>
Date: Thu, 4 May 2023 21:21:30 +0800
Subject: [PATCH 07/13] Fix color for transfer related buttons when having no
 permission to act (#24510)

Before:

<img width="1410" alt="Screen Shot 2023-05-04 at 09 28 23"
src="https://user-images.githubusercontent.com/17645053/236100146-2b64d274-2d79-4b4c-827c-3906a2a9dbb7.png">
<img width="1413" alt="Screen Shot 2023-05-04 at 09 28 30"
src="https://user-images.githubusercontent.com/17645053/236100157-15c12e83-a4f5-4b4e-b26b-73a8ce8bc0db.png">

After:

With no permission:

<img width="1409" alt="Screen Shot 2023-05-04 at 12 17 12"
src="https://user-images.githubusercontent.com/17645053/236144666-c2bb6ca2-59e1-45ae-93cd-d43545500d06.png">
<img width="1402" alt="Screen Shot 2023-05-04 at 12 17 17"
src="https://user-images.githubusercontent.com/17645053/236144677-c51a65cf-8aef-4566-b265-14b2ebb46d0b.png">


With permission:

<img width="1412" alt="Screen Shot 2023-05-04 at 12 16 45"
src="https://user-images.githubusercontent.com/17645053/236144565-9c5aa9a6-1424-49e3-a2b2-a129fecb856c.png">
<img width="1420" alt="Screen Shot 2023-05-04 at 12 16 51"
src="https://user-images.githubusercontent.com/17645053/236144573-a4064136-80d9-4c41-8f98-f51b4352bdf7.png">

---------

Co-authored-by: Giteabot <teabot@gitea.io>
---
 templates/repo/header.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/repo/header.tmpl b/templates/repo/header.tmpl
index ab50dd175afd..b36d1d8f6ac3 100644
--- a/templates/repo/header.tmpl
+++ b/templates/repo/header.tmpl
@@ -52,7 +52,7 @@
 						<form method="post" action="{{$.RepoLink}}/action/accept_transfer?redirect_to={{$.RepoLink}}">
 							{{$.CsrfTokenHtml}}
 							<div data-tooltip-content="{{if $.CanUserAcceptTransfer}}{{$.locale.Tr "repo.transfer.accept_desc" $.RepoTransfer.Recipient.DisplayName}}{{else}}{{$.locale.Tr "repo.transfer.no_permission_to_accept"}}{{end}}">
-								<button type="submit" class="ui button {{if $.CanUserAcceptTransfer}}green {{end}} ok inverted small"{{if not $.CanUserAcceptTransfer}} disabled{{end}}>
+								<button type="submit" class="ui basic button {{if $.CanUserAcceptTransfer}}green {{end}} ok small"{{if not $.CanUserAcceptTransfer}} disabled{{end}}>
 									{{$.locale.Tr "repo.transfer.accept"}}
 								</button>
 							</div>
@@ -60,7 +60,7 @@
 						<form method="post" action="{{$.RepoLink}}/action/reject_transfer?redirect_to={{$.RepoLink}}">
 							{{$.CsrfTokenHtml}}
 							<div data-tooltip-content="{{if $.CanUserAcceptTransfer}}{{$.locale.Tr "repo.transfer.reject_desc" $.RepoTransfer.Recipient.DisplayName}}{{else}}{{$.locale.Tr "repo.transfer.no_permission_to_reject"}}{{end}}">
-								<button type="submit" class="ui button {{if $.CanUserAcceptTransfer}}red {{end}}ok inverted small"{{if not $.CanUserAcceptTransfer}} disabled{{end}}>
+								<button type="submit" class="ui basic button {{if $.CanUserAcceptTransfer}}red {{end}}ok small"{{if not $.CanUserAcceptTransfer}} disabled{{end}}>
 									{{$.locale.Tr "repo.transfer.reject"}}
 								</button>
 							</div>

From 747e9f735cfe654a1cb7cd4babf0689f5a978cb7 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Fri, 5 May 2023 02:46:47 +0800
Subject: [PATCH 08/13] Fix incorrectly quoted translation (#24514)

Looks like crowdin cannot recognize a value starting with a double quote but
not end with a double quote.
---
 options/locale/locale_en-US.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 83b978bee516..a90c2369447d 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1181,7 +1181,7 @@ editor.filename_is_invalid = The filename is invalid: "%s".
 editor.branch_does_not_exist = Branch "%s" does not exist in this repository.
 editor.branch_already_exists = Branch "%s" already exists in this repository.
 editor.directory_is_a_file = Directory name "%s" is already used as a filename in this repository.
-editor.file_is_a_symlink = "%s" is a symbolic link. Symbolic links cannot be edited in the web editor
+editor.file_is_a_symlink = `"%s" is a symbolic link. Symbolic links cannot be edited in the web editor`
 editor.filename_is_a_directory = Filename "%s" is already used as a directory name in this repository.
 editor.file_editing_no_longer_exists = The file being edited, "%s", no longer exists in this repository.
 editor.file_deleting_no_longer_exists = The file being deleted, "%s", no longer exists in this repository.

From 0ca1958e1ab8198c40ad952dac27ef0b9825385a Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Fri, 5 May 2023 00:21:48 +0200
Subject: [PATCH 09/13] Upgrade to Node 20 on CI, enable actions cancellation
 (#24524)

- Upgrade node, the
[snap](https://github.com/go-gitea/gitea/blob/7abe958f5b507efa676fb3b2e27d30517f6d1908/snap/snapcraft.yaml#L47)
is excluded from this because [there is no Node 20 snap
yet](https://snapcraft.io/node).
- Add actions build cancellation based on
[this](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-a-fallback-value).

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
---
 .drone.yml                                 | 8 ++++----
 .github/workflows/pull-compliance.yml      | 8 ++++++--
 .github/workflows/pull-compliance_docs.yml | 8 ++++++--
 .github/workflows/pull-db_test.yml         | 4 ++++
 .github/workflows/pull-docker_dryrun.yml   | 4 ++++
 .github/workflows/pull-e2e.yml             | 6 +++++-
 6 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 7810d3d10444..4e7789ef9233 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -33,7 +33,7 @@ steps:
       - git fetch --tags --force
 
   - name: deps-frontend
-    image: node:18
+    image: node:20
     pull: always
     commands:
       - make deps-frontend
@@ -51,7 +51,7 @@ steps:
     image: techknowlogick/xgo:go-1.20.x
     pull: always
     commands:
-      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      # Upgrade to node 20 once https://github.com/techknowlogick/xgo/issues/163 is resolved
       - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
       - export PATH=$PATH:$GOPATH/bin
       - make release
@@ -161,7 +161,7 @@ steps:
       - git fetch --tags --force
 
   - name: deps-frontend
-    image: node:18
+    image: node:20
     pull: always
     commands:
       - make deps-frontend
@@ -179,7 +179,7 @@ steps:
     image: techknowlogick/xgo:go-1.20.x
     pull: always
     commands:
-      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      # Upgrade to node 20 once https://github.com/techknowlogick/xgo/issues/163 is resolved
       - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
       - export PATH=$PATH:$GOPATH/bin
       - make release
diff --git a/.github/workflows/pull-compliance.yml b/.github/workflows/pull-compliance.yml
index 1239b9caa7bf..94ca850e80eb 100644
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@@ -2,6 +2,10 @@ name: "Pull: Compliance Tests"
 
 on: [pull_request]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   lint_basic:
     runs-on: ubuntu-latest
@@ -79,7 +83,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
       - name: deps-frontend
         run: make deps-frontend
       - name: lint frontend
@@ -100,7 +104,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
       - name: deps-backend
         run: make deps-backend deps-tools
       - name: deps-frontend
diff --git a/.github/workflows/pull-compliance_docs.yml b/.github/workflows/pull-compliance_docs.yml
index 679e925515e2..c033b62711df 100644
--- a/.github/workflows/pull-compliance_docs.yml
+++ b/.github/workflows/pull-compliance_docs.yml
@@ -6,6 +6,10 @@ on:
       - "docs/**"
       - "*.md"
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   compliance-docs:
     runs-on: ubuntu-latest
@@ -13,9 +17,9 @@ jobs:
       - name: checkout
         uses: actions/checkout@v3
       - name: setup node
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
       - name: install dependencies
         run: make deps-frontend
       - name: lint markdown
diff --git a/.github/workflows/pull-db_test.yml b/.github/workflows/pull-db_test.yml
index 3cae4df03962..ce97bfcb2c0f 100644
--- a/.github/workflows/pull-db_test.yml
+++ b/.github/workflows/pull-db_test.yml
@@ -2,6 +2,10 @@ name: "Pull: Database Tests"
 
 on: [pull_request]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   # PostgreSQL Tests
   db_pgsql_test:
diff --git a/.github/workflows/pull-docker_dryrun.yml b/.github/workflows/pull-docker_dryrun.yml
index 8e5acb3cee1b..f17d6014b606 100644
--- a/.github/workflows/pull-docker_dryrun.yml
+++ b/.github/workflows/pull-docker_dryrun.yml
@@ -2,6 +2,10 @@ name: "Pull: Docker Dry Run"
 
 on: [pull_request]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   docker_dryrun:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pull-e2e.yml b/.github/workflows/pull-e2e.yml
index 2cd6bd0d6ac6..37fc94fd96ce 100644
--- a/.github/workflows/pull-e2e.yml
+++ b/.github/workflows/pull-e2e.yml
@@ -2,6 +2,10 @@ name: "Pull: E2E Tests"
 
 on: [pull_request]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
   e2e_tests:
     runs-on: ubuntu-latest
@@ -15,7 +19,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
       - name: build
         run: make deps-frontend frontend deps-backend
       - name: Install playwright browsers

From 0c657112a3ca513f0907e74cbccb72165b3f6286 Mon Sep 17 00:00:00 2001
From: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
Date: Fri, 5 May 2023 06:54:38 +0800
Subject: [PATCH 10/13] Display warning when user try to rename default branch
 (#24512)

Follow #24380

It's better to warn users when they try to rename the default branch.


![image](https://user-images.githubusercontent.com/33891828/236107929-c8ac2854-dd0f-4500-a0a7-800c8fe48861.png)

---------

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
---
 options/locale/locale_en-US.ini    | 1 +
 templates/repo/branch/list.tmpl    | 5 +++++
 web_src/js/features/repo-branch.js | 5 +++++
 3 files changed, 11 insertions(+)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index a90c2369447d..ee8ec1a3adca 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2412,6 +2412,7 @@ branch.included_desc = This branch is part of the default branch
 branch.included = Included
 branch.create_new_branch = Create branch from branch:
 branch.confirm_create_branch = Create branch
+branch.warning_rename_default_branch = You are renaming the default branch.
 branch.rename_branch_to = Rename "%s" to:
 branch.confirm_rename_branch = Rename branch
 branch.create_branch_operation = Create branch
diff --git a/templates/repo/branch/list.tmpl b/templates/repo/branch/list.tmpl
index 53ca2b9b09e1..cad4a9581824 100644
--- a/templates/repo/branch/list.tmpl
+++ b/templates/repo/branch/list.tmpl
@@ -52,6 +52,7 @@
 								{{end}}
 								{{if and $.IsWriter (not $.Repository.IsArchived) (not .IsDeleted) (not $.IsMirror)}}
 									<button class="ui tertiary button show-modal show-rename-branch-modal gt-mx-3"
+										data-is-default-branch="true"
 										data-modal="#rename-branch-modal"
 										data-old-branch-name="{{$.DefaultBranch}}"
 										data-tooltip-content="{{$.locale.Tr "repo.branch.rename" ($.DefaultBranch)}}"
@@ -158,6 +159,7 @@
 										{{end}}
 										{{if and $.IsWriter (not $.Repository.IsArchived) (not .IsDeleted) (not $.IsMirror)}}
 											<button class="ui tertiary button show-modal show-rename-branch-modal gt-mx-3"
+												data-is-default-branch="false"
 												data-old-branch-name="{{.Name}}"
 												data-modal="#rename-branch-modal"
 												data-tooltip-content="{{$.locale.Tr "repo.branch.rename" (.Name)}}"
@@ -229,6 +231,9 @@
 	<form class="ui form" action="{{$.Repository.Link}}/settings/rename_branch" method="post">
 		<div class="content">
 			{{.CsrfTokenHtml}}
+			<div class="field default-branch-warning">
+				<span class="text red">{{.locale.Tr "repo.branch.warning_raname_default_branch"}}</span>
+			</div>
 			<div class="field">
 				<span class="text" data-rename-branch-to="{{.locale.Tr "repo.branch.rename_branch_to"}}"></span>
 			</div>
diff --git a/web_src/js/features/repo-branch.js b/web_src/js/features/repo-branch.js
index e7c2645dcd8a..e6da9661b6d8 100644
--- a/web_src/js/features/repo-branch.js
+++ b/web_src/js/features/repo-branch.js
@@ -1,4 +1,5 @@
 import $ from 'jquery';
+import {toggleElem} from '../utils/dom.js';
 
 export function initRepoBranchButton() {
   initRepoCreateBranchButton();
@@ -31,6 +32,10 @@ function initRepoRenameBranchButton() {
     const oldBranchName = $(this).attr('data-old-branch-name');
     $modal.find('input[name=from]').val(oldBranchName);
 
+    // display the warning that the branch which is chosen is the default branch
+    const $warn = $modal.find('.default-branch-warning');
+    toggleElem($warn, $(this).attr('data-is-default-branch') === 'true');
+
     const $text = $modal.find('[data-rename-branch-to]');
     $text.text($text.attr('data-rename-branch-to').replace('%s', oldBranchName));
   });

From 8f17237b8250e6ab68920e8cd28562eb5c3d1cc6 Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Fri, 5 May 2023 00:22:45 +0000
Subject: [PATCH 11/13] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_zh-CN.ini | 123 ++++++++++++++++++++++++++++++++
 1 file changed, 123 insertions(+)

diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index f1921828349c..d4360fe49a2e 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -119,8 +119,26 @@ footer.software=关于软件
 footer.links=链接
 
 [heatmap]
+number_of_contributions_in_the_last_12_months=一年内 %s 次贡献
+no_contributions=目前还没有贡献。
+less=更少的
+more=更多的
 
 [editor]
+buttons.heading.tooltip=添加标题
+buttons.bold.tooltip=添加粗体文本
+buttons.italic.tooltip=添加斜体文本
+buttons.quote.tooltip=引用文本
+buttons.code.tooltip=添加代码
+buttons.link.tooltip=添加链接
+buttons.list.unordered.tooltip=添加待办清单
+buttons.list.ordered.tooltip=添加编号列表
+buttons.list.task.tooltip=添加任务列表
+buttons.mention.tooltip=提及用户或团队
+buttons.ref.tooltip=引用一个问题或拉取请求
+buttons.switch_to_legacy.tooltip=使用旧版编辑器
+buttons.enable_monospace_font=启用等宽字体
+buttons.disable_monospace_font=禁用等宽字体
 
 [filter]
 string.asc=A - Z
@@ -234,6 +252,7 @@ install_btn_confirm=立即安装
 test_git_failed=无法识别 'git' 命令：%v
 sqlite3_not_available=您所使用的发行版不支持 SQLite3，请从 %s 下载官方构建版，而不是 gobuild 版本。
 invalid_db_setting=数据库设置无效: %v
+invalid_db_table=数据库表 '%s' 无效： %v
 invalid_repo_path=仓库根目录设置无效：%v
 invalid_app_data_path=应用数据路径无效： %v
 run_user_not_match=运行用户名不是当前的用户名：%s -> %s
@@ -299,6 +318,7 @@ repo_no_results=未找到匹配的仓库。
 user_no_results=未找到匹配的用户。
 org_no_results=未找到匹配的组织。
 code_no_results=未找到与搜索字词匹配的源代码。
+code_search_results=“%s” 的搜索结果是
 code_last_indexed_at=最后索引于 %s
 relevant_repositories_tooltip=派生的仓库，以及缺少主题、图标和描述的仓库将被隐藏。
 relevant_repositories=只显示相关的仓库， <a href="%s">显示未过滤结果</a>。
@@ -442,6 +462,7 @@ team_invite.text_3=注意：这是发送给 %[1]s 的邀请。如果您未曾收
 [modal]
 yes=确认操作
 no=取消操作
+confirm=确认
 cancel=取消
 modify=更新
 
@@ -476,6 +497,8 @@ size_error=长度必须为 %s。
 min_size_error=长度最小为 %s 个字符。
 max_size_error=长度最大为 %s 个字符。
 email_error=不是一个有效的邮箱地址。
+url_error=`'%s' 不是一个有效的 URL。`
+include_error=`必须包含子字符串 "%s"。`
 glob_pattern_error=`匹配模式无效：%s.`
 regex_pattern_error=`正则表达式无效：%s.`
 username_error=` 只能包含字母数字字符('0-9','a-z','A-Z'), 破折号 ('-'), 下划线 ('_') 和点 ('.'). 不能以非字母数字字符开头或结尾，并且不允许连续的非字母数字字符。`
@@ -500,6 +523,7 @@ team_name_been_taken=团队名称已被使用。
 team_no_units_error=至少选择一项仓库单元。
 email_been_used=该电子邮件地址已在使用中。
 email_invalid=此邮箱地址无效。
+openid_been_used=OpenID 地址 "%s" 已被使用。
 username_password_incorrect=用户名或密码不正确。
 password_complexity=密码未达到复杂程度要求:
 password_lowercase_one=至少一个小写字符
@@ -548,7 +572,12 @@ unfollow=取消关注
 heatmap.loading=正在加载热图...
 user_bio=简历
 disabled_public_activity=该用户已隐藏活动记录。
+email_visibility.limited=所有已认证用户均可看到您的电子邮件地址
+email_visibility.private=只有你本人和管理员可以看到你的电子邮件地址
 
+form.name_reserved=用户名 "%s" 被保留。
+form.name_pattern_not_allowed=用户名中不允许使用 "%s" 格式。
+form.name_chars_not_allowed=用户名 "%s" 包含无效字符。
 
 [settings]
 profile=个人信息
@@ -579,6 +608,7 @@ location=所在地区
 update_theme=更新主题
 update_profile=更新信息
 update_language=更新语言
+update_language_not_found=语言 %s 不可用。
 update_language_success=语言已更新。
 update_profile_success=您的资料信息已经更新
 change_username=您的用户名已更改。
@@ -589,6 +619,9 @@ cancel=取消操作
 language=界面语言
 ui=主题
 hidden_comment_types=隐藏的评论类型
+hidden_comment_types_description=此处选中的注释类型不会显示在问题页面中。比如，勾选”标签“删除所有 "<user> 添加/删除的 <label>" 注释。
+hidden_comment_types.ref_tooltip=注释此问题在何处被提及过，如另一个问题、代码提交等
+hidden_comment_types.issue_ref_tooltip=注释用户在何处更改了与此问题相关联的分支/标签
 comment_type_group_reference=引用
 comment_type_group_label=标签
 comment_type_group_milestone=里程碑
@@ -652,10 +685,12 @@ add_new_email=添加新的邮箱地址
 add_new_openid=添加新的 OpenID URI
 add_email=增加电子邮件地址
 add_openid=添加 OpenID URI
+add_email_confirmation_sent=一封确认邮件已经被发送至 %s，请检查您的收件箱并在 %s 内完成确认注册操作。
 add_email_success=新的电子邮件地址已添加。
 email_preference_set_success=电子邮件首选项已成功设置。
 add_openid_success=新的 OpenID 地址已添加。
 keep_email_private=隐藏电子邮件地址
+keep_email_private_popup=只有你本人和管理员将可以看到你的电子邮件地址
 openid_desc=OpenID 让你可以将认证转发到外部服务。
 
 manage_ssh_keys=管理 SSH 密钥
@@ -689,6 +724,7 @@ gpg_token_help=您可以使用以下方式生成签名：
 gpg_token_code=echo "%s" | gpg -a --default-key %s --detach-sig
 gpg_token_signature=GPG 增强签名
 key_signature_gpg_placeholder=以 '-----BEGIN PGP PUBLIC KEY BLOCK-----' 开头
+verify_gpg_key_success=GPG 密钥 %s 已被验证。
 ssh_key_verified=已验证的密钥
 ssh_key_verified_long=密钥已经用令牌进行了验证，并且可以用来验证匹配此用户任何已激活电子邮件地址的提交。
 ssh_key_verify=验证
@@ -698,11 +734,15 @@ ssh_token=令牌
 ssh_token_help=您可以使用以下方式生成签名：
 ssh_token_signature=增强 SSH 签名
 key_signature_ssh_placeholder=以 '-----BEGIN SSH SIGNATURE -----' 开头
+verify_ssh_key_success=SSH 密钥 %s 已被验证。
 subkeys=子项
 key_id=键ID
 key_name=密钥名称
 key_content=密钥内容
 principal_content=内容
+add_key_success=SSH 密钥 %s 添加成功。
+add_gpg_key_success=GPG 密钥 %s 添加成功。
+add_principal_success=SSH证书规则 %s 添加成功。
 delete_key=删除
 ssh_key_deletion=删除 SSH 密钥
 gpg_key_deletion=删除 GPG 密钥
@@ -726,6 +766,7 @@ principal_state_desc=7 天内使用过该规则
 show_openid=在个人信息上显示
 hide_openid=在个人信息上隐藏
 ssh_disabled=SSH 被禁用
+ssh_signonly=SSH 目前已禁用，因此这些密钥仅用于提交签名验证。
 ssh_externally_managed=此 SSH 密钥是由外部管理的
 manage_social=管理关联社交帐户
 social_desc=这些外部账号已经绑定到你的Gitea账号。请确认这些账号，因为这些账号可以用来登录系统。
@@ -831,7 +872,9 @@ email_notifications.andyourown=和您自己的通知
 
 visibility=用户可见性
 visibility.public=公开
+visibility.public_tooltip=对所有人可见
 visibility.limited=受限
+visibility.limited_tooltip=仅对已认证用户可见
 visibility.private=私有
 visibility.private_tooltip=仅对组织成员可见
 
@@ -920,6 +963,7 @@ delete_preexisting=删除已存在的文件
 delete_preexisting_content=删除 %s 中的文件
 delete_preexisting_success=删除 %s 中未收录的文件
 blame_prior=查看此更改前的 blame
+author_search_tooltip=最多显示30个用户
 
 transfer.accept=接受转移
 transfer.accept_desc=`转移到 "%s"`
@@ -953,6 +997,8 @@ archive.pull.nocomment=此仓库已存档，您不能在此合并请求添加评
 
 form.reach_limit_of_creation_1=你已经达到了 %d 仓库的上限。
 form.reach_limit_of_creation_n=你已经达到了 %d 个仓库的上限。
+form.name_reserved=仓库名称 %s 是被保留的。
+form.name_pattern_not_allowed=仓库名称中不允许使用 %s 格式。
 
 need_auth=授权
 migrate_options=迁移选项
@@ -1104,6 +1150,7 @@ editor.must_be_on_a_branch=您必须在某个分支上才能对此文件进行
 editor.fork_before_edit=您必须在派生这个仓库才能对此文件进行修改操作
 editor.delete_this_file=删除文件
 editor.must_have_write_access=您必须具有写权限才能对此文件进行修改操作。
+editor.file_delete_success=文件 %s 已被删除。
 editor.name_your_file=命名文件...
 editor.filename_help=通过键入名称后跟斜线 ("/") 来添加目录。通过在输入框的开头键入 "退格" 来删除目录。
 editor.or=或
@@ -1111,8 +1158,12 @@ editor.cancel_lower=取消
 editor.commit_signed_changes=提交已签名的更改
 editor.commit_changes=提交变更
 editor.add_tmpl=添加 '<filename>'
+editor.add=添加 %s
+editor.update=更新 %s
+editor.delete=删除 %s
 editor.patch=应用补丁
 editor.patching=打补丁：
+editor.fail_to_apply_patch=无法应用补丁 %s
 editor.new_patch=新补丁
 editor.commit_message_desc=添加一个可选的扩展描述...
 editor.signoff_desc=在提交日志消息末尾添加签署人信息。
@@ -1124,15 +1175,27 @@ editor.new_branch_name=为这次提交的新分支命名
 editor.new_branch_name_desc=新的分支名称...
 editor.cancel=取消
 editor.filename_cannot_be_empty=文件名不能为空。
+editor.filename_is_invalid=文件名 %s 无效
+editor.branch_does_not_exist=此仓库中不存在名为 %s 的分支。
+editor.branch_already_exists=此仓库已存在名为 %s 的分支。
+editor.directory_is_a_file=%s 已经作为文件名在此仓库中存在。
+editor.file_editing_no_longer_exists=正在编辑的文件 %s 已不存在。
+editor.file_deleting_no_longer_exists=正在删除的文件 %s 已不存在。
 editor.file_changed_while_editing=文件内容在您进行编辑时已经发生变动。<a target="_blank" rel="noopener noreferrer" href="%s">单击此处</a> 查看变动的具体内容，或者 <strong>再次提交</strong> 覆盖已发生的变动。
+editor.file_already_exists=此仓库已经存在名为 %s 的文件。
 editor.commit_empty_file_header=提交一个空文件
 editor.commit_empty_file_text=您要提交的文件是空的，继续吗？
 editor.no_changes_to_show=没有可以显示的变更。
+editor.fail_to_update_file=更新/创建文件 %s 失败。
 editor.fail_to_update_file_summary=错误信息：
 editor.push_rejected_no_message=此修改被服务器拒绝并且没有反馈消息。请检查 Git Hook。
 editor.push_rejected=此修改被服务器拒绝。请检查 Git Hook。
 editor.push_rejected_summary=详细拒绝信息：
 editor.add_subdir=添加目录
+editor.unable_to_upload_files=上传文件至 %s 时发生错误：%v
+editor.upload_file_is_locked=文件 %s 被 %s 锁定。
+editor.upload_files_to_dir=上传文件至 %s
+editor.cannot_commit_to_protected_branch=不可以提交到受保护的分支 %s。
 editor.no_commit_to_branch=无法直接提交分支，因为：
 editor.user_no_push_to_branch=用户不能推送到分支
 editor.require_signed_commit=分支需要签名提交
@@ -1141,6 +1204,7 @@ editor.revert=将 %s 还原到：
 
 commits.desc=浏览代码修改历史
 commits.commits=次代码提交
+commits.no_commits=没有共同的提交。%s 和 %s 的历史完全不同。
 commits.nothing_to_compare=这些分支是相同的。
 commits.search=搜索提交历史
 commits.search.tooltip=`您可以在关键词前加上前缀，如"author:", "committer:", "after:", 或"before:", 例如 "retrin author:Alice before:2019-01-13"`
@@ -1176,12 +1240,14 @@ projects.create=创建项目
 projects.title=标题
 projects.new=创建项目
 projects.new_subheader=在一个地方协调、跟踪和更新您的工作，让项目保持透明并按计划进行。
+projects.create_success=项目 %s 创建成功。
 projects.deletion=删除项目
 projects.deletion_desc=删除项目会从所有相关的工单中移除它。是否继续？
 projects.deletion_success=该项目已被删除。
 projects.edit=编辑项目
 projects.edit_subheader=项目用于组织工单和跟踪进展情况。
 projects.modify=更新项目
+projects.edit_success=项目 %s 更新成功。
 projects.type.none=无
 projects.type.basic_kanban=基础看板
 projects.type.bug_triage=Bug分类看板
@@ -1195,6 +1261,8 @@ projects.column.new_submit=创建列
 projects.column.new=创建列
 projects.column.set_default=设为默认
 projects.column.set_default_desc=设置此列为未分类问题和合并请求的默认值
+projects.column.unset_default=取消设为默认
+projects.column.unset_default_desc=取消此列为默认值
 projects.column.delete=删除列
 projects.column.deletion_desc=删除项目列会将所有相关问题移到“未分类”。是否继续？
 projects.column.color=彩色
@@ -1253,6 +1321,7 @@ issues.label_templates.title=加载预定义的标签模板
 issues.label_templates.info=还没有任何标签。您可以使用'创建标签'按钮或者加载预定义的标签集创建标签
 issues.label_templates.helper=选择标签模板
 issues.label_templates.use=使用标签集
+issues.label_templates.fail_to_load_file=加载标签模板文件 %s 时发生错误：%v
 issues.add_label=于 %[2]s 添加了标签 %[1]s
 issues.add_labels=于 %s 添加 %s 标签
 issues.remove_label=于 %[2]s 删除了标签 %[1]s
@@ -1496,6 +1565,7 @@ issues.review.add_review_request=于 %[2]s 请求 %[1]s 评审
 issues.review.remove_review_request=取消对 %s 的评审请求 %s
 issues.review.remove_review_request_self=拒绝审核 %s
 issues.review.pending=待定
+issues.review.pending.tooltip=此评论目前对其他用户不可见。 若要提交您的待定评论，请在页面顶部选择 %s -> %s/%s/%s。
 issues.review.review=评审
 issues.review.reviewers=评审人
 issues.review.outdated=已过期
@@ -1530,6 +1600,8 @@ pulls.compare_changes_desc=选择合并的目标分支和源分支。
 pulls.has_viewed_file=已查看
 pulls.has_changed_since_last_review=自您上次审核以来已更改
 pulls.viewed_files_label=%[1]d / %[2]d 文件已查看
+pulls.expand_files=展开所有文件
+pulls.collapse_files=折叠所有文件
 pulls.compare_base=合并到
 pulls.compare_compare=拉取从
 pulls.switch_comparison_type=切换比较类型
@@ -1549,7 +1621,10 @@ pulls.tab_files=文件变动
 pulls.reopen_to_merge=请重新创建此合并请求。
 pulls.cant_reopen_deleted_branch=无法重新打开此合并请求，因为分支已删除。
 pulls.merged=已合并
+pulls.merged_success=合并请求已成功合并和关闭
+pulls.closed=合并请求已关闭
 pulls.manually_merged=已手动合并
+pulls.merged_info_text=分支 %s 现在可以被删除了。
 pulls.is_closed=合并请求已经关闭。
 pulls.title_wip_desc=`<a href="#">标题以 <strong>%s</strong> 开头</a>以免合并请求意外合并。`
 pulls.cannot_merge_work_in_progress=此合并请求被标记为正在进行的工作。
@@ -1646,6 +1721,7 @@ pulls.delete.text=你真的要删除这个拉取请求吗？ (这将永久删除
 
 milestones.new=新的里程碑
 milestones.closed=于 %s关闭
+milestones.update_ago=已更新 %s
 milestones.no_due_date=暂无截止日期
 milestones.open=开启中
 milestones.close=关闭
@@ -1657,10 +1733,12 @@ milestones.desc=描述
 milestones.due_date=截止日期（可选）
 milestones.clear=清除
 milestones.invalid_due_date_format=到期时间的格式必须是 'yyyy-mm-dd' 的形式。
+milestones.create_success=里程碑 %s 创建成功。
 milestones.edit=编辑里程碑
 milestones.edit_subheader=里程碑组织工单，合并请求和跟踪进度。
 milestones.cancel=取消
 milestones.modify=更新里程碑
+milestones.edit_success=里程碑 %s 已经更新。
 milestones.deletion=删除里程碑
 milestones.deletion_desc=删除该里程碑将会移除所有工单中相关的信息。是否继续？
 milestones.deletion_success=里程碑已被删除。
@@ -1671,6 +1749,7 @@ milestones.filter_sort.most_complete=完成度从高到低
 milestones.filter_sort.most_issues=工单从多到少
 milestones.filter_sort.least_issues=工单从少到多
 
+signing.will_sign=这个提交将用密钥 %s 签名。
 signing.wont_sign.error=检查提交是否可以签名时出错
 signing.wont_sign.nokey=没有可用的密钥来签署这个提交
 signing.wont_sign.never=提交从未签名
@@ -1695,6 +1774,8 @@ wiki.create_first_page=创建第一个页面
 wiki.page=页面
 wiki.filter_page=过滤页面
 wiki.new_page=页面
+wiki.page_title=页面标题
+wiki.page_content=页面内容
 wiki.default_commit_message=关于此次修改的说明（可选）。
 wiki.save_page=保存页面
 wiki.last_commit_info=%s 于 %s 修改了此页面
@@ -1704,10 +1785,13 @@ wiki.file_revision=页面历史
 wiki.wiki_page_revisions=页面历史
 wiki.back_to_wiki=返回百科
 wiki.delete_page_button=删除页面
+wiki.delete_page_notice_1=百科页面 %s 删除后无法恢复，是否继续？
 wiki.page_already_exists=相同名称的 Wiki 页面已经存在。
+wiki.reserved_page=百科页面名称 %s 是被保留的。
 wiki.pages=所有页面
 wiki.last_updated=最后更新于 %s
 wiki.page_name_desc=输入此 Wiki 页面的名称。特殊名称有：'Home', '_Sidebar' 和 '_Footer'。
+wiki.original_git_entry_tooltip=查看原始的 Git 文件而不是使用友好链接。
 
 activity=动态
 activity.period.filter_label=周期：
@@ -2051,6 +2135,7 @@ settings.title=标题
 settings.deploy_key_content=密钥文本
 settings.key_been_used=具有相同内容的部署密钥已在使用中。
 settings.key_name_used=使用相同名称的部署密钥已经存在！
+settings.add_key_success=部署密钥 %s 添加成功。
 settings.deploy_key_deletion=删除部署密钥
 settings.deploy_key_deletion_desc=删除部署密钥将取消此密钥对此仓库的访问权限。继续？
 settings.deploy_key_deletion_success=部署密钥已删除。
@@ -2099,6 +2184,9 @@ settings.protect_unprotected_file_patterns=不受保护的文件模式(使用分
 settings.protect_unprotected_file_patterns_desc=如果用户有写权限，则允许直接更改的不受保护的文件，以绕过推送限制。可以使用分号分隔多个模式 (';')。 见 <a href='https://pkg.go.dev/github.com/gobwas/glob#Compile'>github.com/gobwas/glob</a> 文档了解模式语法。例如： <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.add_protected_branch=启用保护
 settings.delete_protected_branch=禁用保护
+settings.update_protect_branch_success=分支保护规则 %s 更新成功。
+settings.remove_protected_branch_success=移除分支保护规则"%s"成功。
+settings.remove_protected_branch_failed=移除分支保护规则"%s"失败。
 settings.protected_branch_deletion=禁用分支保护
 settings.protected_branch_deletion_desc=禁用分支保护允许具有写入权限的用户推送提交到此分支。继续？
 settings.block_rejected_reviews=拒绝审核阻止了此合并
@@ -2254,6 +2342,9 @@ release.target=目标分支
 release.tag_helper=选择一个存在的标签或者创建新标签。
 release.tag_helper_new=新标签。此标签将从目标创建。
 release.tag_helper_existing=现有标签。
+release.title=发布标题
+release.title_empty=标题不能为空。
+release.message=描述这个版本
 release.prerelease_desc=标记为预发行
 release.prerelease_helper=标记此版本不适合生产使用。
 release.cancel=取消
@@ -2280,23 +2371,42 @@ release.tags_for=%s 的标签
 
 branch.name=分支名称
 branch.search=搜索分支
+branch.already_exists=名为 %s 的分支已存在。
 branch.delete_head=刪除
+branch.delete=删除分支 %s
 branch.delete_html=删除分支
 branch.delete_desc=删除分支是永久的。此操作 <strong>无法</strong> 撤销，继续？
+branch.deletion_success=分支 %s 已被删除。
+branch.deletion_failed=删除分支 %s 失败。
+branch.delete_branch_has_new_commits=因为合并之后有新的提交，分支 %s 无法被删除。
 branch.create_branch=创建分支 <strong>%s</strong>
+branch.create_from=从 %s
+branch.create_success=分支 '%s' 已创建。
+branch.branch_already_exists=此仓库已存在名为 %s 的分支。
+branch.branch_name_conflict=分支名称"%s"与已存在的分支"%s"冲突。
+branch.tag_collision=分支 %s 不能被创建因为同名的标签已经存在。
 branch.deleted_by=删除人：%s
+branch.restore_success=分支 "%s"已还原。
+branch.restore_failed=还原分支 "%s"失败。
+branch.protected_deletion_failed=不能删除受保护的分支 "%s"。
+branch.default_deletion_failed=不能删除默认分支"%s"。
+branch.restore=`还原分支 "%s"`
+branch.download=`下载分支 "%s"`
 branch.included_desc=此分支是默认分支的一部分
 branch.included=已包含
 branch.create_new_branch=从下列分支创建分支：
 branch.confirm_create_branch=创建分支
 branch.create_branch_operation=创建分支
 branch.new_branch=创建新分支
+branch.new_branch_from=基于"%s"创建新分支
 branch.renamed=分支 %s 被重命名为 %s。
 
 tag.create_tag=创建标签 <strong>%s</strong>
 tag.create_tag_operation=创建标签
 tag.confirm_create_tag=创建标签
+tag.create_tag_from=基于"%s"创建新标签
 
+tag.create_success=标签"%s"已存在
 
 topic.manage_topics=管理主题
 topic.done=保存
@@ -2333,6 +2443,8 @@ team_permission_desc=权限
 team_unit_desc=允许访问仓库单元
 team_unit_disabled=(已禁用)
 
+form.name_reserved=组织名称 '%s' 是被保留的。
+form.name_pattern_not_allowed=仓库名称中不允许使用 "%s"。
 form.create_org_not_allowed=此账号禁止创建组织
 
 settings=组织设置
@@ -2344,6 +2456,7 @@ settings.permission=权限
 settings.repoadminchangeteam=仓库管理员可以添加或移除团队的访问权限
 settings.visibility=可见性
 settings.visibility.public=公开
+settings.visibility.limited=受限 (仅对认证用户可见)
 settings.visibility.limited_shortname=受限
 settings.visibility.private=私有 (仅对组织成员可见)
 settings.visibility.private_shortname=私有
@@ -2540,6 +2653,7 @@ users.created=创建时间
 users.last_login=上次登录
 users.never_login=从未登录
 users.send_register_notify=发送注册通知
+users.new_success=用户账户 '%s' 已被创建。
 users.edit=修改
 users.auth_source=认证源
 users.local=本地
@@ -2739,6 +2853,7 @@ auths.tip.yandex=在 https://oauth.yandex.com/client/new 上创建一个新的
 auths.tip.mastodon=输入您想要认证的 mastodon 实例的自定义 URL (或使用默认值)
 auths.edit=修改认证源
 auths.activated=该认证源已经启用
+auths.new_success=已添加身份验证 '%s'。
 auths.update_success=认证源已经更新。
 auths.update=更新认证源
 auths.delete=删除认证源
@@ -2746,6 +2861,7 @@ auths.delete_auth_title=删除身份验证源
 auths.delete_auth_desc=删除一个认证源将阻止使用它进行登录。确认？
 auths.still_in_used=认证源仍在使用。请先解除或者删除使用此认证源的用户。
 auths.deletion_success=认证源已经更新。
+auths.login_source_exist=认证源 '%s' 已经存在。
 auths.login_source_of_type_exist=此类型的认证源已存在。
 auths.unable_to_initialize_openid=无法初始化 OpenID Connect 提供商： %s
 auths.invalid_openIdConnectAutoDiscoveryURL=无效的 Auto Discovery URL (这必须是一个以 http:// 或 https://开头的有效的 URL)
@@ -2838,6 +2954,8 @@ config.mailer_sendmail_timeout=Sendmail 超时
 config.mailer_use_dummy=Dummy
 config.test_email_placeholder=电子邮址 (例如，test@example.com)
 config.send_test_mail=发送测试邮件
+config.test_mail_failed=发送测试邮件至 '%s' 时失败：%v
+config.test_mail_sent=测试邮件已经发送至 '%s'。
 
 config.oauth_config=OAuth 配置
 config.oauth_enabled=启用
@@ -3228,6 +3346,7 @@ name=名称
 creation=添加密钥
 creation.name_placeholder=不区分大小写，字母数字或下划线不能以GITEA_ 或 GITHUB_ 开头。
 creation.value_placeholder=输入任何内容，开头和结尾的空白都会被省略
+creation.success=您的密钥 '%s' 添加成功。
 creation.failed=添加密钥失败。
 deletion=删除密钥
 deletion.description=删除密钥是永久性的，无法撤消。继续吗？
@@ -3292,8 +3411,12 @@ runs.closed_tab=%d 已关闭
 runs.commit=提交
 runs.pushed_by=推送者
 runs.invalid_workflow_helper=工作流配置文件无效。请检查您的配置文件： %s
+runs.no_matching_runner_helper=没有匹配的runner：%s
 
 need_approval_desc=该工作流由派生仓库的合并请求所触发，需要批准方可运行。
 
 [projects]
+type-1.display_name=个人项目
+type-2.display_name=仓库项目
+type-3.display_name=组织项目
 

From c1e9c7b7b90932064edf09570692a3a856922dc0 Mon Sep 17 00:00:00 2001
From: techknowlogick <techknowlogick@gitea.io>
Date: Thu, 4 May 2023 22:17:29 -0400
Subject: [PATCH 12/13] automate locking closed threads (#24525)

With comments happening on closed issues/prs this locks issues that have
been closed for >45days. This allows for comments on recently closed
issues/prs to still happen.

---------

Co-authored-by: silverwind <me@silverwind.io>
---
 .github/lock.yml           | 23 -----------------------
 .github/workflows/lock.yml | 21 +++++++++++++++++++++
 2 files changed, 21 insertions(+), 23 deletions(-)
 delete mode 100644 .github/lock.yml
 create mode 100644 .github/workflows/lock.yml

diff --git a/.github/lock.yml b/.github/lock.yml
deleted file mode 100644
index 6beadcaf1109..000000000000
--- a/.github/lock.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
-
-# Number of days of inactivity before a closed issue or pull request is locked
-daysUntilLock: 60
-
-# Skip issues and pull requests created before a given timestamp. Timestamp must
-# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
-skipCreatedBefore: false
-
-# Issues and pull requests with these labels will be ignored.
-exemptLabels: []
-
-# Label to add before locking, such as `outdated`. `false` is disabled
-lockLabel: false
-
-# Comment to post before locking.
-lockComment: >
-  This thread has been automatically locked since there has not been
-  any recent activity after it was closed. Please open a new issue for
-  related bugs and link to relevant comments in this thread.
-
-# Assign `resolved` as the reason for locking. Set to `false` to disable
-setLockReason: true
diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
new file mode 100644
index 000000000000..2e132b95fed8
--- /dev/null
+++ b/.github/workflows/lock.yml
@@ -0,0 +1,21 @@
+name: 'Lock Threads'
+
+on:
+  schedule:
+    - cron: '0 0 * * *' # Run once a day
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+concurrency:
+  group: lock
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v4
+        with:
+          issue-inactive-days: 45

From 78fdbaf186ce629ff9252dd457f00ae1e0d485cf Mon Sep 17 00:00:00 2001
From: Benjamin Loison <benjamin.loison@orange.fr>
Date: Fri, 5 May 2023 05:11:54 +0200
Subject: [PATCH 13/13] Harmonize title formatting in
 `docs/content/doc/development/api-usage.en-us.md` (#24529)

---
 docs/content/doc/development/api-usage.en-us.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/doc/development/api-usage.en-us.md b/docs/content/doc/development/api-usage.en-us.md
index fe334827c3ff..4f5304ac0e9d 100644
--- a/docs/content/doc/development/api-usage.en-us.md
+++ b/docs/content/doc/development/api-usage.en-us.md
@@ -119,7 +119,7 @@ curl -v "http://localhost/api/v1/repos/search?limit=1"
 < x-total-count: 5252
 ```
 
-## API Guide:
+## API Guide
 
 API Reference guide is auto-generated by swagger and available on:
 `https://gitea.your.host/api/swagger`