diff --git a/contrib/fixtures/fixture_generation.go b/contrib/fixtures/fixture_generation.go
index 06c0354efa..31797cc800 100644
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -5,6 +5,7 @@
 package main
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -18,7 +19,7 @@ import (
 
 var (
 	generators = []struct {
-		gen  func() (string, error)
+		gen  func(ctx context.Context) (string, error)
 		name string
 	}{
 		{
@@ -41,16 +42,17 @@ func main() {
 		fmt.Printf("PrepareTestDatabase: %+v\n", err)
 		os.Exit(1)
 	}
+	ctx := context.Background()
 	if len(os.Args) == 0 {
 		for _, r := range os.Args {
-			if err := generate(r); err != nil {
+			if err := generate(ctx, r); err != nil {
 				fmt.Printf("generate '%s': %+v\n", r, err)
 				os.Exit(1)
 			}
 		}
 	} else {
 		for _, g := range generators {
-			if err := generate(g.name); err != nil {
+			if err := generate(ctx, g.name); err != nil {
 				fmt.Printf("generate '%s': %+v\n", g.name, err)
 				os.Exit(1)
 			}
@@ -58,10 +60,10 @@ func main() {
 	}
 }
 
-func generate(name string) error {
+func generate(ctx context.Context, name string) error {
 	for _, g := range generators {
 		if g.name == name {
-			data, err := g.gen()
+			data, err := g.gen(ctx)
 			if err != nil {
 				return err
 			}
diff --git a/models/asymkey/ssh_key_authorized_keys.go b/models/asymkey/ssh_key_authorized_keys.go
index f0a3a77eaf..267ab252c8 100644
--- a/models/asymkey/ssh_key_authorized_keys.go
+++ b/models/asymkey/ssh_key_authorized_keys.go
@@ -115,7 +115,7 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
 }
 
 // RewriteAllPublicKeys removes any authorized key and rewrite all keys from database again.
-// Note: db.GetEngine(db.DefaultContext).Iterate does not get latest data after insert/delete, so we have to call this function
+// Note: db.GetEngine(ctx).Iterate does not get latest data after insert/delete, so we have to call this function
 // outside any session scope independently.
 func RewriteAllPublicKeys(ctx context.Context) error {
 	// Don't rewrite key if internal server
diff --git a/models/asymkey/ssh_key_authorized_principals.go b/models/asymkey/ssh_key_authorized_principals.go
index 592196c255..107d70c766 100644
--- a/models/asymkey/ssh_key_authorized_principals.go
+++ b/models/asymkey/ssh_key_authorized_principals.go
@@ -40,7 +40,7 @@ import (
 const authorizedPrincipalsFile = "authorized_principals"
 
 // RewriteAllPrincipalKeys removes any authorized principal and rewrite all keys from database again.
-// Note: db.GetEngine(db.DefaultContext).Iterate does not get latest data after insert/delete, so we have to call this function
+// Note: db.GetEngine(ctx).Iterate does not get latest data after insert/delete, so we have to call this function
 // outside any session scope independently.
 func RewriteAllPrincipalKeys(ctx context.Context) error {
 	// Don't rewrite key if internal server
diff --git a/models/fixture_generation.go b/models/fixture_generation.go
index d342919895..6234caefad 100644
--- a/models/fixture_generation.go
+++ b/models/fixture_generation.go
@@ -4,6 +4,7 @@
 package models
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
@@ -14,15 +15,15 @@ import (
 
 // GetYamlFixturesAccess returns a string containing the contents
 // for the access table, as recalculated using repo.RecalculateAccesses()
-func GetYamlFixturesAccess() (string, error) {
+func GetYamlFixturesAccess(ctx context.Context) (string, error) {
 	repos := make([]*repo_model.Repository, 0, 50)
-	if err := db.GetEngine(db.DefaultContext).Find(&repos); err != nil {
+	if err := db.GetEngine(ctx).Find(&repos); err != nil {
 		return "", err
 	}
 
 	for _, repo := range repos {
-		repo.MustOwner(db.DefaultContext)
-		if err := access_model.RecalculateAccesses(db.DefaultContext, repo); err != nil {
+		repo.MustOwner(ctx)
+		if err := access_model.RecalculateAccesses(ctx, repo); err != nil {
 			return "", err
 		}
 	}
@@ -30,7 +31,7 @@ func GetYamlFixturesAccess() (string, error) {
 	var b strings.Builder
 
 	accesses := make([]*access_model.Access, 0, 200)
-	if err := db.GetEngine(db.DefaultContext).OrderBy("user_id, repo_id").Find(&accesses); err != nil {
+	if err := db.GetEngine(ctx).OrderBy("user_id, repo_id").Find(&accesses); err != nil {
 		return "", err
 	}
 
diff --git a/models/fixture_test.go b/models/fixture_test.go
index b70fdb536d..de5f412388 100644
--- a/models/fixture_test.go
+++ b/models/fixture_test.go
@@ -4,10 +4,12 @@
 package models
 
 import (
+	"context"
 	"os"
 	"path/filepath"
 	"testing"
 
+	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	"code.gitea.io/gitea/modules/util"
 
@@ -17,8 +19,8 @@ import (
 func TestFixtureGeneration(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
-	test := func(gen func() (string, error), name string) {
-		expected, err := gen()
+	test := func(ctx context.Context, gen func(ctx context.Context) (string, error), name string) {
+		expected, err := gen(ctx)
 		if !assert.NoError(t, err) {
 			return
 		}
@@ -31,5 +33,5 @@ func TestFixtureGeneration(t *testing.T) {
 		assert.EqualValues(t, expected, data, "Differences detected for %s", p)
 	}
 
-	test(GetYamlFixturesAccess, "access")
+	test(db.DefaultContext, GetYamlFixturesAccess, "access")
 }
diff --git a/models/org.go b/models/org.go
index 5f0e678ab4..119465b962 100644
--- a/models/org.go
+++ b/models/org.go
@@ -97,8 +97,8 @@ func removeOrgUser(ctx context.Context, orgID, userID int64) error {
 }
 
 // RemoveOrgUser removes user from given organization.
-func RemoveOrgUser(orgID, userID int64) error {
-	ctx, committer, err := db.TxContext(db.DefaultContext)
+func RemoveOrgUser(ctx context.Context, orgID, userID int64) error {
+	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return err
 	}
diff --git a/models/org_test.go b/models/org_test.go
index 54e8f08465..d10a1dc218 100644
--- a/models/org_test.go
+++ b/models/org_test.go
@@ -6,6 +6,7 @@ package models
 import (
 	"testing"
 
+	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@@ -20,7 +21,7 @@ func TestUser_RemoveMember(t *testing.T) {
 	// remove a user that is a member
 	unittest.AssertExistsAndLoadBean(t, &organization.OrgUser{UID: 4, OrgID: 3})
 	prevNumMembers := org.NumMembers
-	assert.NoError(t, RemoveOrgUser(org.ID, 4))
+	assert.NoError(t, RemoveOrgUser(db.DefaultContext, org.ID, 4))
 	unittest.AssertNotExistsBean(t, &organization.OrgUser{UID: 4, OrgID: 3})
 	org = unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
 	assert.Equal(t, prevNumMembers-1, org.NumMembers)
@@ -28,7 +29,7 @@ func TestUser_RemoveMember(t *testing.T) {
 	// remove a user that is not a member
 	unittest.AssertNotExistsBean(t, &organization.OrgUser{UID: 5, OrgID: 3})
 	prevNumMembers = org.NumMembers
-	assert.NoError(t, RemoveOrgUser(org.ID, 5))
+	assert.NoError(t, RemoveOrgUser(db.DefaultContext, org.ID, 5))
 	unittest.AssertNotExistsBean(t, &organization.OrgUser{UID: 5, OrgID: 3})
 	org = unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
 	assert.Equal(t, prevNumMembers, org.NumMembers)
@@ -44,7 +45,7 @@ func TestRemoveOrgUser(t *testing.T) {
 		if unittest.BeanExists(t, &organization.OrgUser{OrgID: orgID, UID: userID}) {
 			expectedNumMembers--
 		}
-		assert.NoError(t, RemoveOrgUser(orgID, userID))
+		assert.NoError(t, RemoveOrgUser(db.DefaultContext, orgID, userID))
 		unittest.AssertNotExistsBean(t, &organization.OrgUser{OrgID: orgID, UID: userID})
 		org = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: orgID})
 		assert.EqualValues(t, expectedNumMembers, org.NumMembers)
@@ -52,7 +53,7 @@ func TestRemoveOrgUser(t *testing.T) {
 	testSuccess(3, 4)
 	testSuccess(3, 4)
 
-	err := RemoveOrgUser(7, 5)
+	err := RemoveOrgUser(db.DefaultContext, 7, 5)
 	assert.Error(t, err)
 	assert.True(t, organization.IsErrLastOrgOwner(err))
 	unittest.AssertExistsAndLoadBean(t, &organization.OrgUser{OrgID: 7, UID: 5})
diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index 4a703dc584..1668c23c77 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -716,7 +716,7 @@ func FindUserCodeAccessibleOwnerRepoIDs(ctx context.Context, ownerID int64, user
 }
 
 // GetUserRepositories returns a list of repositories of given user.
-func GetUserRepositories(opts *SearchRepoOptions) (RepositoryList, int64, error) {
+func GetUserRepositories(ctx context.Context, opts *SearchRepoOptions) (RepositoryList, int64, error) {
 	if len(opts.OrderBy) == 0 {
 		opts.OrderBy = "updated_unix DESC"
 	}
@@ -734,7 +734,7 @@ func GetUserRepositories(opts *SearchRepoOptions) (RepositoryList, int64, error)
 		cond = cond.And(builder.In("lower_name", opts.LowerNames))
 	}
 
-	sess := db.GetEngine(db.DefaultContext)
+	sess := db.GetEngine(ctx)
 
 	count, err := sess.Where(cond).Count(new(Repository))
 	if err != nil {
diff --git a/models/repo/watch.go b/models/repo/watch.go
index 02a94ecac0..fba66d6dcb 100644
--- a/models/repo/watch.go
+++ b/models/repo/watch.go
@@ -107,12 +107,12 @@ func watchRepoMode(ctx context.Context, watch Watch, mode WatchMode) (err error)
 }
 
 // WatchRepoMode watch repository in specific mode.
-func WatchRepoMode(userID, repoID int64, mode WatchMode) (err error) {
+func WatchRepoMode(ctx context.Context, userID, repoID int64, mode WatchMode) (err error) {
 	var watch Watch
-	if watch, err = GetWatch(db.DefaultContext, userID, repoID); err != nil {
+	if watch, err = GetWatch(ctx, userID, repoID); err != nil {
 		return err
 	}
-	return watchRepoMode(db.DefaultContext, watch, mode)
+	return watchRepoMode(ctx, watch, mode)
 }
 
 // WatchRepo watch or unwatch repository.
diff --git a/models/repo/watch_test.go b/models/repo/watch_test.go
index 1384d1e157..7aa899291c 100644
--- a/models/repo/watch_test.go
+++ b/models/repo/watch_test.go
@@ -122,18 +122,18 @@ func TestWatchRepoMode(t *testing.T) {
 
 	unittest.AssertCount(t, &repo_model.Watch{UserID: 12, RepoID: 1}, 0)
 
-	assert.NoError(t, repo_model.WatchRepoMode(12, 1, repo_model.WatchModeAuto))
+	assert.NoError(t, repo_model.WatchRepoMode(db.DefaultContext, 12, 1, repo_model.WatchModeAuto))
 	unittest.AssertCount(t, &repo_model.Watch{UserID: 12, RepoID: 1}, 1)
 	unittest.AssertCount(t, &repo_model.Watch{UserID: 12, RepoID: 1, Mode: repo_model.WatchModeAuto}, 1)
 
-	assert.NoError(t, repo_model.WatchRepoMode(12, 1, repo_model.WatchModeNormal))
+	assert.NoError(t, repo_model.WatchRepoMode(db.DefaultContext, 12, 1, repo_model.WatchModeNormal))
 	unittest.AssertCount(t, &repo_model.Watch{UserID: 12, RepoID: 1}, 1)
 	unittest.AssertCount(t, &repo_model.Watch{UserID: 12, RepoID: 1, Mode: repo_model.WatchModeNormal}, 1)
 
-	assert.NoError(t, repo_model.WatchRepoMode(12, 1, repo_model.WatchModeDont))
+	assert.NoError(t, repo_model.WatchRepoMode(db.DefaultContext, 12, 1, repo_model.WatchModeDont))
 	unittest.AssertCount(t, &repo_model.Watch{UserID: 12, RepoID: 1}, 1)
 	unittest.AssertCount(t, &repo_model.Watch{UserID: 12, RepoID: 1, Mode: repo_model.WatchModeDont}, 1)
 
-	assert.NoError(t, repo_model.WatchRepoMode(12, 1, repo_model.WatchModeNone))
+	assert.NoError(t, repo_model.WatchRepoMode(db.DefaultContext, 12, 1, repo_model.WatchModeNone))
 	unittest.AssertCount(t, &repo_model.Watch{UserID: 12, RepoID: 1}, 0)
 }
diff --git a/models/system/appstate.go b/models/system/appstate.go
index 7378537678..01faa1a5be 100644
--- a/models/system/appstate.go
+++ b/models/system/appstate.go
@@ -23,8 +23,8 @@ func init() {
 }
 
 // SaveAppStateContent saves the app state item to database
-func SaveAppStateContent(key, content string) error {
-	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
+func SaveAppStateContent(ctx context.Context, key, content string) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
 		eng := db.GetEngine(ctx)
 		// try to update existing row
 		res, err := eng.Exec("UPDATE app_state SET revision=revision+1, content=? WHERE id=?", content, key)
@@ -43,8 +43,8 @@ func SaveAppStateContent(key, content string) error {
 }
 
 // GetAppStateContent gets an app state from database
-func GetAppStateContent(key string) (content string, err error) {
-	e := db.GetEngine(db.DefaultContext)
+func GetAppStateContent(ctx context.Context, key string) (content string, err error) {
+	e := db.GetEngine(ctx)
 	appState := &AppState{ID: key}
 	has, err := e.Get(appState)
 	if err != nil {
diff --git a/modules/system/appstate.go b/modules/system/appstate.go
index 765501d432..e065688a4f 100644
--- a/modules/system/appstate.go
+++ b/modules/system/appstate.go
@@ -3,10 +3,12 @@
 
 package system
 
+import "context"
+
 // StateStore is the interface to get/set app state items
 type StateStore interface {
-	Get(item StateItem) error
-	Set(item StateItem) error
+	Get(ctx context.Context, item StateItem) error
+	Set(ctx context.Context, item StateItem) error
 }
 
 // StateItem provides the name for a state item. the name will be used to generate filenames, etc
diff --git a/modules/system/appstate_test.go b/modules/system/appstate_test.go
index 232362cf0c..d4b9e167c2 100644
--- a/modules/system/appstate_test.go
+++ b/modules/system/appstate_test.go
@@ -6,6 +6,7 @@ package system
 import (
 	"testing"
 
+	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 
 	"github.com/stretchr/testify/assert"
@@ -40,25 +41,25 @@ func TestAppStateDB(t *testing.T) {
 	as := &DBStore{}
 
 	item1 := new(testItem1)
-	assert.NoError(t, as.Get(item1))
+	assert.NoError(t, as.Get(db.DefaultContext, item1))
 	assert.Equal(t, "", item1.Val1)
 	assert.EqualValues(t, 0, item1.Val2)
 
 	item1 = new(testItem1)
 	item1.Val1 = "a"
 	item1.Val2 = 2
-	assert.NoError(t, as.Set(item1))
+	assert.NoError(t, as.Set(db.DefaultContext, item1))
 
 	item2 := new(testItem2)
 	item2.K = "V"
-	assert.NoError(t, as.Set(item2))
+	assert.NoError(t, as.Set(db.DefaultContext, item2))
 
 	item1 = new(testItem1)
-	assert.NoError(t, as.Get(item1))
+	assert.NoError(t, as.Get(db.DefaultContext, item1))
 	assert.Equal(t, "a", item1.Val1)
 	assert.EqualValues(t, 2, item1.Val2)
 
 	item2 = new(testItem2)
-	assert.NoError(t, as.Get(item2))
+	assert.NoError(t, as.Get(db.DefaultContext, item2))
 	assert.Equal(t, "V", item2.K)
 }
diff --git a/modules/system/db.go b/modules/system/db.go
index 3f2e4c59bb..05e9de0ae8 100644
--- a/modules/system/db.go
+++ b/modules/system/db.go
@@ -4,6 +4,8 @@
 package system
 
 import (
+	"context"
+
 	"code.gitea.io/gitea/models/system"
 	"code.gitea.io/gitea/modules/json"
 
@@ -14,8 +16,8 @@ import (
 type DBStore struct{}
 
 // Get reads the state item
-func (f *DBStore) Get(item StateItem) error {
-	content, err := system.GetAppStateContent(item.Name())
+func (f *DBStore) Get(ctx context.Context, item StateItem) error {
+	content, err := system.GetAppStateContent(ctx, item.Name())
 	if err != nil {
 		return err
 	}
@@ -26,10 +28,10 @@ func (f *DBStore) Get(item StateItem) error {
 }
 
 // Set saves the state item
-func (f *DBStore) Set(item StateItem) error {
+func (f *DBStore) Set(ctx context.Context, item StateItem) error {
 	b, err := json.Marshal(item)
 	if err != nil {
 		return err
 	}
-	return system.SaveAppStateContent(item.Name(), util.BytesToReadOnlyString(b))
+	return system.SaveAppStateContent(ctx, item.Name(), util.BytesToReadOnlyString(b))
 }
diff --git a/modules/updatechecker/update_checker.go b/modules/updatechecker/update_checker.go
index bc3f93aad7..3c1e05d060 100644
--- a/modules/updatechecker/update_checker.go
+++ b/modules/updatechecker/update_checker.go
@@ -4,6 +4,7 @@
 package updatechecker
 
 import (
+	"context"
 	"io"
 	"net/http"
 
@@ -58,31 +59,31 @@ func GiteaUpdateChecker(httpEndpoint string) error {
 		return err
 	}
 
-	return UpdateRemoteVersion(respData.Latest.Version)
+	return UpdateRemoteVersion(req.Context(), respData.Latest.Version)
 }
 
 // UpdateRemoteVersion updates the latest available version of Gitea
-func UpdateRemoteVersion(version string) (err error) {
-	return system.AppState.Set(&CheckerState{LatestVersion: version})
+func UpdateRemoteVersion(ctx context.Context, version string) (err error) {
+	return system.AppState.Set(ctx, &CheckerState{LatestVersion: version})
 }
 
 // GetRemoteVersion returns the current remote version (or currently installed version if fail to fetch from DB)
-func GetRemoteVersion() string {
+func GetRemoteVersion(ctx context.Context) string {
 	item := new(CheckerState)
-	if err := system.AppState.Get(item); err != nil {
+	if err := system.AppState.Get(ctx, item); err != nil {
 		return ""
 	}
 	return item.LatestVersion
 }
 
 // GetNeedUpdate returns true whether a newer version of Gitea is available
-func GetNeedUpdate() bool {
+func GetNeedUpdate(ctx context.Context) bool {
 	curVer, err := version.NewVersion(setting.AppVer)
 	if err != nil {
 		// return false to fail silently
 		return false
 	}
-	remoteVerStr := GetRemoteVersion()
+	remoteVerStr := GetRemoteVersion(ctx)
 	if remoteVerStr == "" {
 		// no remote version is known
 		return false
diff --git a/routers/api/v1/org/member.go b/routers/api/v1/org/member.go
index 139e01e1f9..422b7cecfe 100644
--- a/routers/api/v1/org/member.go
+++ b/routers/api/v1/org/member.go
@@ -318,7 +318,7 @@ func DeleteMember(ctx *context.APIContext) {
 	if ctx.Written() {
 		return
 	}
-	if err := models.RemoveOrgUser(ctx.Org.Organization.ID, member.ID); err != nil {
+	if err := models.RemoveOrgUser(ctx, ctx.Org.Organization.ID, member.ID); err != nil {
 		ctx.Error(http.StatusInternalServerError, "RemoveOrgUser", err)
 	}
 	ctx.Status(http.StatusNoContent)
diff --git a/routers/api/v1/org/org.go b/routers/api/v1/org/org.go
index 2594e4afbb..4579f3b085 100644
--- a/routers/api/v1/org/org.go
+++ b/routers/api/v1/org/org.go
@@ -385,7 +385,7 @@ func Delete(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	if err := org.DeleteOrganization(ctx.Org.Organization); err != nil {
+	if err := org.DeleteOrganization(ctx, ctx.Org.Organization); err != nil {
 		ctx.Error(http.StatusInternalServerError, "DeleteOrganization", err)
 		return
 	}
diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
index 26ebf89746..b8b2d265bf 100644
--- a/routers/api/v1/user/repo.go
+++ b/routers/api/v1/user/repo.go
@@ -21,7 +21,7 @@ import (
 func listUserRepos(ctx *context.APIContext, u *user_model.User, private bool) {
 	opts := utils.GetListOptions(ctx)
 
-	repos, count, err := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{
+	repos, count, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
 		Actor:       u,
 		Private:     private,
 		ListOptions: opts,
diff --git a/routers/init.go b/routers/init.go
index 015b61a08e..c1cfe26bc4 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -72,7 +72,7 @@ func mustInitCtx(ctx context.Context, fn func(ctx context.Context) error) {
 
 func syncAppConfForGit(ctx context.Context) error {
 	runtimeState := new(system.RuntimeState)
-	if err := system.AppState.Get(runtimeState); err != nil {
+	if err := system.AppState.Get(ctx, runtimeState); err != nil {
 		return err
 	}
 
@@ -95,7 +95,7 @@ func syncAppConfForGit(ctx context.Context) error {
 		log.Info("re-write ssh public keys ...")
 		mustInitCtx(ctx, asymkey_model.RewriteAllPublicKeys)
 
-		return system.AppState.Set(runtimeState)
+		return system.AppState.Set(ctx, runtimeState)
 	}
 	return nil
 }
diff --git a/routers/web/admin/admin.go b/routers/web/admin/admin.go
index e34124049e..1838fe190c 100644
--- a/routers/web/admin/admin.go
+++ b/routers/web/admin/admin.go
@@ -127,8 +127,8 @@ func prepareDeprecatedWarningsAlert(ctx *context.Context) {
 func Dashboard(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("admin.dashboard")
 	ctx.Data["PageIsAdminDashboard"] = true
-	ctx.Data["NeedUpdate"] = updatechecker.GetNeedUpdate()
-	ctx.Data["RemoteVersion"] = updatechecker.GetRemoteVersion()
+	ctx.Data["NeedUpdate"] = updatechecker.GetNeedUpdate(ctx)
+	ctx.Data["RemoteVersion"] = updatechecker.GetRemoteVersion(ctx)
 	// FIXME: update periodically
 	updateSystemStatus()
 	ctx.Data["SysStatus"] = sysStatus
diff --git a/routers/web/org/members.go b/routers/web/org/members.go
index 247025a7cb..15a615c706 100644
--- a/routers/web/org/members.go
+++ b/routers/web/org/members.go
@@ -104,14 +104,14 @@ func MembersAction(ctx *context.Context) {
 			ctx.Error(http.StatusNotFound)
 			return
 		}
-		err = models.RemoveOrgUser(org.ID, uid)
+		err = models.RemoveOrgUser(ctx, org.ID, uid)
 		if organization.IsErrLastOrgOwner(err) {
 			ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
 			ctx.JSONRedirect(ctx.Org.OrgLink + "/members")
 			return
 		}
 	case "leave":
-		err = models.RemoveOrgUser(org.ID, ctx.Doer.ID)
+		err = models.RemoveOrgUser(ctx, org.ID, ctx.Doer.ID)
 		if err == nil {
 			ctx.Flash.Success(ctx.Tr("form.organization_leave_success", org.DisplayName()))
 			ctx.JSON(http.StatusOK, map[string]any{
diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go
index c3eb7ff551..2f2f7c14bd 100644
--- a/routers/web/org/setting.go
+++ b/routers/web/org/setting.go
@@ -124,7 +124,7 @@ func SettingsPost(ctx *context.Context) {
 
 	// update forks visibility
 	if visibilityChanged {
-		repos, _, err := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{
+		repos, _, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
 			Actor: org.AsUser(), Private: true, ListOptions: db.ListOptions{Page: 1, PageSize: org.NumRepos},
 		})
 		if err != nil {
@@ -180,7 +180,7 @@ func SettingsDelete(ctx *context.Context) {
 			return
 		}
 
-		if err := org_service.DeleteOrganization(ctx.Org.Organization); err != nil {
+		if err := org_service.DeleteOrganization(ctx, ctx.Org.Organization); err != nil {
 			if models.IsErrUserOwnRepos(err) {
 				ctx.Flash.Error(ctx.Tr("form.org_still_own_repo"))
 				ctx.Redirect(ctx.Org.OrgLink + "/settings/delete")
diff --git a/routers/web/user/home_test.go b/routers/web/user/home_test.go
index 0be9790548..1eb1fad057 100644
--- a/routers/web/user/home_test.go
+++ b/routers/web/user/home_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"
 
+	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	"code.gitea.io/gitea/modules/contexttest"
@@ -25,7 +26,7 @@ func TestArchivedIssues(t *testing.T) {
 	ctx.Req.Form.Set("state", "open")
 
 	// Assume: User 30 has access to two Repos with Issues, one of the Repos being archived.
-	repos, _, _ := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{Actor: ctx.Doer})
+	repos, _, _ := repo_model.GetUserRepositories(db.DefaultContext, &repo_model.SearchRepoOptions{Actor: ctx.Doer})
 	assert.Len(t, repos, 3)
 	IsArchived := make(map[int64]bool)
 	NumIssues := make(map[int64]int)
diff --git a/routers/web/user/package.go b/routers/web/user/package.go
index cc200cc4d7..d8da6a192e 100644
--- a/routers/web/user/package.go
+++ b/routers/web/user/package.go
@@ -383,7 +383,7 @@ func PackageSettings(ctx *context.Context) {
 	ctx.Data["IsPackagesPage"] = true
 	ctx.Data["PackageDescriptor"] = pd
 
-	repos, _, _ := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{
+	repos, _, _ := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
 		Actor:   pd.Owner,
 		Private: true,
 	})
diff --git a/routers/web/user/setting/profile.go b/routers/web/user/setting/profile.go
index c97e66574e..2390b0746c 100644
--- a/routers/web/user/setting/profile.go
+++ b/routers/web/user/setting/profile.go
@@ -287,7 +287,7 @@ func Repos(ctx *context.Context) {
 			return
 		}
 
-		userRepos, _, err := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{
+		userRepos, _, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
 			Actor:   ctxUser,
 			Private: true,
 			ListOptions: db.ListOptions{
@@ -312,7 +312,7 @@ func Repos(ctx *context.Context) {
 		ctx.Data["Dirs"] = repoNames
 		ctx.Data["ReposMap"] = repos
 	} else {
-		repos, count64, err := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{Actor: ctxUser, Private: true, ListOptions: opts})
+		repos, count64, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{Actor: ctxUser, Private: true, ListOptions: opts})
 		if err != nil {
 			ctx.ServerError("GetUserRepositories", err)
 			return
diff --git a/services/auth/session.go b/services/auth/session.go
index 52cfb8ac21..d13813dcbe 100644
--- a/services/auth/session.go
+++ b/services/auth/session.go
@@ -4,9 +4,9 @@
 package auth
 
 import (
+	"context"
 	"net/http"
 
-	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 )
@@ -29,7 +29,7 @@ func (s *Session) Name() string {
 // object for that uid.
 // Returns nil if there is no user uid stored in the session.
 func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
-	user := SessionUser(sess)
+	user := SessionUser(req.Context(), sess)
 	if user != nil {
 		return user, nil
 	}
@@ -37,7 +37,7 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto
 }
 
 // SessionUser returns the user object corresponding to the "uid" session variable.
-func SessionUser(sess SessionStore) *user_model.User {
+func SessionUser(ctx context.Context, sess SessionStore) *user_model.User {
 	if sess == nil {
 		return nil
 	}
@@ -55,7 +55,7 @@ func SessionUser(sess SessionStore) *user_model.User {
 	}
 
 	// Get user object
-	user, err := user_model.GetUserByID(db.DefaultContext, id)
+	user, err := user_model.GetUserByID(ctx, id)
 	if err != nil {
 		if !user_model.IsErrUserNotExist(err) {
 			log.Error("GetUserById: %v", err)
diff --git a/services/org/org.go b/services/org/org.go
index a62e5b6fc8..4ecafc93a6 100644
--- a/services/org/org.go
+++ b/services/org/org.go
@@ -19,8 +19,8 @@ import (
 )
 
 // DeleteOrganization completely and permanently deletes everything of organization.
-func DeleteOrganization(org *org_model.Organization) error {
-	ctx, commiter, err := db.TxContext(db.DefaultContext)
+func DeleteOrganization(ctx context.Context, org *org_model.Organization) error {
+	ctx, commiter, err := db.TxContext(ctx)
 	if err != nil {
 		return err
 	}
diff --git a/services/org/org_test.go b/services/org/org_test.go
index 339646795d..763c708c14 100644
--- a/services/org/org_test.go
+++ b/services/org/org_test.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@@ -21,17 +22,17 @@ func TestMain(m *testing.M) {
 func TestDeleteOrganization(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 6})
-	assert.NoError(t, DeleteOrganization(org))
+	assert.NoError(t, DeleteOrganization(db.DefaultContext, org))
 	unittest.AssertNotExistsBean(t, &organization.Organization{ID: 6})
 	unittest.AssertNotExistsBean(t, &organization.OrgUser{OrgID: 6})
 	unittest.AssertNotExistsBean(t, &organization.Team{OrgID: 6})
 
 	org = unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
-	err := DeleteOrganization(org)
+	err := DeleteOrganization(db.DefaultContext, org)
 	assert.Error(t, err)
 	assert.True(t, models.IsErrUserOwnRepos(err))
 
 	user := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 5})
-	assert.Error(t, DeleteOrganization(user))
+	assert.Error(t, DeleteOrganization(db.DefaultContext, user))
 	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
 }
diff --git a/services/repository/adopt.go b/services/repository/adopt.go
index b7e8866beb..2e9b0c822f 100644
--- a/services/repository/adopt.go
+++ b/services/repository/adopt.go
@@ -259,7 +259,7 @@ func checkUnadoptedRepositories(ctx context.Context, userName string, repoNamesT
 		}
 		return err
 	}
-	repos, _, err := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{
+	repos, _, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
 		Actor:   ctxUser,
 		Private: true,
 		ListOptions: db.ListOptions{
diff --git a/services/task/migrate.go b/services/task/migrate.go
index b74e024ba6..475fa7a61b 100644
--- a/services/task/migrate.go
+++ b/services/task/migrate.go
@@ -48,10 +48,11 @@ func runMigrateTask(ctx context.Context, t *admin_model.Task) (err error) {
 			log.Critical("PANIC during runMigrateTask[%d] by DoerID[%d] to RepoID[%d] for OwnerID[%d]: %v\nStacktrace: %v", t.ID, t.DoerID, t.RepoID, t.OwnerID, e, log.Stack(2))
 		}
 		// fixme: Because ctx is canceled here, so the db.DefaultContext is needed.
+		ctx := db.DefaultContext
 		if err == nil {
-			err = admin_model.FinishMigrateTask(db.DefaultContext, t)
+			err = admin_model.FinishMigrateTask(ctx, t)
 			if err == nil {
-				notify_service.MigrateRepository(db.DefaultContext, t.Doer, t.Owner, t.Repo)
+				notify_service.MigrateRepository(ctx, t.Doer, t.Owner, t.Repo)
 				return
 			}
 
@@ -63,8 +64,7 @@ func runMigrateTask(ctx context.Context, t *admin_model.Task) (err error) {
 		t.EndTime = timeutil.TimeStampNow()
 		t.Status = structs.TaskStatusFailed
 		t.Message = err.Error()
-		// fixme: Because ctx is canceled here, so the db.DefaultContext is needed.
-		if err := t.UpdateCols(db.DefaultContext, "status", "message", "end_time"); err != nil {
+		if err := t.UpdateCols(ctx, "status", "message", "end_time"); err != nil {
 			log.Error("Task UpdateCols failed: %v", err)
 		}
 
diff --git a/services/user/user.go b/services/user/user.go
index b95a7e0639..b754b0aacc 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -159,7 +159,7 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 		// An alternative option here would be write a DeleteAllRepositoriesForUserID function which would delete all of the repos
 		// but such a function would likely get out of date
 		for {
-			repos, _, err := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{
+			repos, _, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
 				ListOptions: db.ListOptions{
 					PageSize: repo_model.RepositoryListDefaultPageSize,
 					Page:     1,
@@ -204,7 +204,7 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 				break
 			}
 			for _, org := range orgs {
-				if err := models.RemoveOrgUser(org.ID, u.ID); err != nil {
+				if err := models.RemoveOrgUser(ctx, org.ID, u.ID); err != nil {
 					if organization.IsErrLastOrgOwner(err) {
 						err = organization.DeleteOrganization(ctx, org)
 					}
diff --git a/services/user/user_test.go b/services/user/user_test.go
index 550dafd9c5..73f1491c12 100644
--- a/services/user/user_test.go
+++ b/services/user/user_test.go
@@ -41,7 +41,7 @@ func TestDeleteUser(t *testing.T) {
 		orgUsers := make([]*organization.OrgUser, 0, 10)
 		assert.NoError(t, db.GetEngine(db.DefaultContext).Find(&orgUsers, &organization.OrgUser{UID: userID}))
 		for _, orgUser := range orgUsers {
-			if err := models.RemoveOrgUser(orgUser.OrgID, orgUser.UID); err != nil {
+			if err := models.RemoveOrgUser(db.DefaultContext, orgUser.OrgID, orgUser.UID); err != nil {
 				assert.True(t, organization.IsErrLastOrgOwner(err))
 				return
 			}
diff --git a/tests/integration/auth_ldap_test.go b/tests/integration/auth_ldap_test.go
index dbd3bc9346..9bb9e7b3c7 100644
--- a/tests/integration/auth_ldap_test.go
+++ b/tests/integration/auth_ldap_test.go
@@ -430,7 +430,7 @@ func TestLDAPGroupTeamSyncAddMember(t *testing.T) {
 			assert.True(t, isMember, "Membership should be added to the right team")
 			err = models.RemoveTeamMember(db.DefaultContext, team, user.ID)
 			assert.NoError(t, err)
-			err = models.RemoveOrgUser(usersOrgs[0].ID, user.ID)
+			err = models.RemoveOrgUser(db.DefaultContext, usersOrgs[0].ID, user.ID)
 			assert.NoError(t, err)
 		} else {
 			// assert members of LDAP group "cn=admin_staff" keep initial team membership since mapped team does not exist