From 0fbda3386fbffc3a4b44cbd82d84b77ecda7b5e3 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Thu, 8 Jun 2023 13:50:38 +0200
Subject: [PATCH 01/62] [GITEA] silently ignore obsolete sudo scope

Fixes: https://codeberg.org/forgejo/forgejo/issues/820
(cherry picked from commit 6a7022ebbb83bda162974028cff01ebcc7c574ec)
(cherry picked from commit 764eac47b50688d76fe90aad4819a426444ddb4a)
(cherry picked from commit 1141eb7b6f2deeeca0acf1714058823d32097cfd)
(cherry picked from commit 826b6509b6405ac0a0731ee0e1477ad2cbac585a)
(cherry picked from commit 9990d932b8b72f9a27b6529b350eb09d44b7ef88)
(cherry picked from commit 7eca57074385f296427d06c059d331d3704ccf15)
(cherry picked from commit 66e1d3f082a99bb0006daf0f337850f251c235dc)
(cherry picked from commit 188226a8e6b2926f1f276462741f7cc4d7a050b0)
(cherry picked from commit 4cd1bff25c6cafa33464594c99b39326a6dd5740)
(cherry picked from commit fad6b6d2c49492297d9d8512afc0369e544a6e75)
(cherry picked from commit 5b25c3d8512466fd5fceea86b550bdb35c3aa04b)
(cherry picked from commit 4746ece4dd018af781181744fb8743e83b64c6df)
(cherry picked from commit 2a6f85afb33a1a0b7424c30de3cdff030f483294)
(cherry picked from commit c027d724ee0b694e48d2b7ee1915ba55222a03e0)
(cherry picked from commit be2f1eeaeb92e552b5defcf8b374ceb4c3a6b1ee)
(cherry picked from commit 3058a54fe99c7cf0a015166b8b3f56f9ef9e45d9)
(cherry picked from commit 53936d38a0cb1649748f02cf86ec684fa76825b6)
(cherry picked from commit 311983cc978cc0a3128cdd8a9c12ac9605be62b9)
(cherry picked from commit 1651ae757b31c31023d5e780a4446da5be8951bf)
(cherry picked from commit d3dd8ea24dfd6fcf737eb16dcd0871a835b90477)
(cherry picked from commit 9a80326ff3a504d3d6b62e37532aa60ebfdb400b)
(cherry picked from commit 66eb33235ecaa93fd9834077bc88c9d330dd0e87)
(cherry picked from commit 769e24d5a839dd017e08cb6304f9ef7dc242a918)
(cherry picked from commit 436cc2121746648dd6551c4e0a9e72bf588ba12e)
(cherry picked from commit 817faca7f0833ce372c5ea573979a1381f5233e7)
(cherry picked from commit 80ee08aef1bcccaa023463b39ea929ce01dd752a)
(cherry picked from commit 15f8885d0ce307d79ba181de0e2676ad1653c002)
(cherry picked from commit 0944a4442cd1a42fa4dd8e8d106d08eb40f49c92)
(cherry picked from commit 91631d41b0c1ec52772f0d03728482420f0e1b24)
---
 models/auth/access_token_scope.go      | 2 +-
 models/auth/access_token_scope_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/models/auth/access_token_scope.go b/models/auth/access_token_scope.go
index fe57276700..003ca5c9ab 100644
--- a/models/auth/access_token_scope.go
+++ b/models/auth/access_token_scope.go
@@ -250,7 +250,7 @@ func (s AccessTokenScope) parse() (accessTokenScopeBitmap, error) {
 			remainingScopes = remainingScopes[i+1:]
 		}
 		singleScope := AccessTokenScope(v)
-		if singleScope == "" {
+		if singleScope == "" || singleScope == "sudo" {
 			continue
 		}
 		if singleScope == AccessTokenScopeAll {
diff --git a/models/auth/access_token_scope_test.go b/models/auth/access_token_scope_test.go
index a6097e45d7..d11c5e6a3d 100644
--- a/models/auth/access_token_scope_test.go
+++ b/models/auth/access_token_scope_test.go
@@ -20,7 +20,7 @@ func TestAccessTokenScope_Normalize(t *testing.T) {
 	tests := []scopeTestNormalize{
 		{"", "", nil},
 		{"write:misc,write:notification,read:package,write:notification,public-only", "public-only,write:misc,write:notification,read:package", nil},
-		{"all", "all", nil},
+		{"all,sudo", "all", nil},
 		{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user", "all", nil},
 		{"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user,public-only", "public-only,all", nil},
 	}

From 24d57152e0ab7ab25d5e526785984a7e412ac4eb Mon Sep 17 00:00:00 2001
From: "Panagiotis \"Ivory\" Vasilopoulos" <git@n0toose.net>
Date: Mon, 12 Jun 2023 13:57:01 +0200
Subject: [PATCH 02/62] [GITEA] add option for banning dots in usernames

Refs: https://codeberg.org/forgejo/forgejo/pulls/676

Author:    Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Date:      Mon Jun 12 13:57:01 2023 +0200

Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit fabdda5c6e84017bf75ab5f9ab6cc0e583b70d09)
(cherry picked from commit d2c7f45621028d37944659db096bc92c031dd8e7)
(cherry picked from commit dfdbaba3d6b7abf1c542b0ea41b7812b729cc217)
(cherry picked from commit a3cda092b8897e4d669cfcf2cb8b16236e3c9b32)
(cherry picked from commit f0fdb5905c3b22bec043530da15d2c52f6bc41c9)
(cherry picked from commit 9697e48c1f8b23d3dd1da246b525b63c3756353d)
(cherry picked from commit 46e31009a86db18a9b5bd8e2f535b198df90c437)
(cherry picked from commit 5bb2c54b6f55499937396339bcacd3b4d8fb6b5e)
(cherry picked from commit 682f9d24e13b83d89bd6b86324960f1b4fc72eeb)
(cherry picked from commit 18634810057ef88fd01b54cec33bd4bd04c53221)
(cherry picked from commit 4f1b7c4ddbc4099aa9b6fda1e0145d37f638e567)
(cherry picked from commit 6afe70bbf1290e604fc476ee27901d1722ac1272)
(cherry picked from commit 5cec1d9c2d2a731fa44f761e6c90f0d20ab3ccc4)

Conflicts:
	templates/admin/config.tmpl
	https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit de2d172473217e3437238fd9c691edc8d8524e1a)
(cherry picked from commit 37a3172dd9e2646157ec49ca46f94b9b0012b061)
(cherry picked from commit 92dfca0c5a8a8d4fd8a93b5468ba593283fc9452)
(cherry picked from commit a713d59b0cbeaf2fe023be1daa42165cd0df3b1d)
(cherry picked from commit e7bd71a6188ed4abbabf8b64b439e588c1c1f5f7)
(cherry picked from commit 69f3e952c495ecf8af5e7fc8cca6f3ba31fd3da2)
(cherry picked from commit 83fbb7b566f68f84f56d371bcfbba89bba602e2f)
(cherry picked from commit 3196605fa99679d28c51c7faccb8402155d31c49)
(cherry picked from commit e37eb8de9c8e9975fd2f33e0ea92d45da4c3835c)
(cherry picked from commit 8c99f59e48098b0058c5692f17aa66352ad3ad01)
(cherry picked from commit 74aa1ac66f659478b9e6994967a6207d7843b9ae)
(cherry picked from commit 622440b3bd32ce4db6305187c854e1f9a8820305)
(cherry picked from commit 2c1ec90984a82f34b14c0f7db25f1941ec129261)
---
 custom/conf/app.example.ini        |  5 +++++
 modules/setting/service.go         |  2 ++
 modules/validation/helpers.go      | 13 ++++++++++---
 modules/validation/helpers_test.go | 31 +++++++++++++++++++++++++++++-
 modules/web/middleware/binding.go  |  7 ++++++-
 options/locale/locale_en-US.ini    |  2 ++
 templates/admin/config.tmpl        |  2 ++
 7 files changed, 57 insertions(+), 5 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 5b09a22248..93b3682151 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -815,6 +815,11 @@ LEVEL = Info
 ;; Every new user will have restricted permissions depending on this setting
 ;DEFAULT_USER_IS_RESTRICTED = false
 ;;
+;; Users will be able to use dots when choosing their username. Disabling this is
+;; helpful if your usersare having issues with e.g. RSS feeds or advanced third-party
+;; extensions that use strange regex patterns.
+; ALLOW_DOTS_IN_USERNAMES = true
+;;
 ;; Either "public", "limited" or "private", default is "public"
 ;; Limited is for users visible only to signed users
 ;; Private is for users visible only to members of their organizations
diff --git a/modules/setting/service.go b/modules/setting/service.go
index befb94b61b..afaee18101 100644
--- a/modules/setting/service.go
+++ b/modules/setting/service.go
@@ -68,6 +68,7 @@ var Service = struct {
 	DefaultKeepEmailPrivate                 bool
 	DefaultAllowCreateOrganization          bool
 	DefaultUserIsRestricted                 bool
+	AllowDotsInUsernames                    bool
 	EnableTimetracking                      bool
 	DefaultEnableTimetracking               bool
 	DefaultEnableDependencies               bool
@@ -180,6 +181,7 @@ func loadServiceFrom(rootCfg ConfigProvider) {
 	Service.DefaultKeepEmailPrivate = sec.Key("DEFAULT_KEEP_EMAIL_PRIVATE").MustBool()
 	Service.DefaultAllowCreateOrganization = sec.Key("DEFAULT_ALLOW_CREATE_ORGANIZATION").MustBool(true)
 	Service.DefaultUserIsRestricted = sec.Key("DEFAULT_USER_IS_RESTRICTED").MustBool(false)
+	Service.AllowDotsInUsernames = sec.Key("ALLOW_DOTS_IN_USERNAMES").MustBool(true)
 	Service.EnableTimetracking = sec.Key("ENABLE_TIMETRACKING").MustBool(true)
 	if Service.EnableTimetracking {
 		Service.DefaultEnableTimetracking = sec.Key("DEFAULT_ENABLE_TIMETRACKING").MustBool(true)
diff --git a/modules/validation/helpers.go b/modules/validation/helpers.go
index f6e00f3887..567ad867fe 100644
--- a/modules/validation/helpers.go
+++ b/modules/validation/helpers.go
@@ -117,13 +117,20 @@ func IsValidExternalTrackerURLFormat(uri string) bool {
 }
 
 var (
-	validUsernamePattern   = regexp.MustCompile(`^[\da-zA-Z][-.\w]*$`)
-	invalidUsernamePattern = regexp.MustCompile(`[-._]{2,}|[-._]$`) // No consecutive or trailing non-alphanumeric chars
+	validUsernamePatternWithDots    = regexp.MustCompile(`^[\da-zA-Z][-.\w]*$`)
+	validUsernamePatternWithoutDots = regexp.MustCompile(`^[\da-zA-Z][-\w]*$`)
+
+	// No consecutive or trailing non-alphanumeric chars, catches both cases
+	invalidUsernamePattern = regexp.MustCompile(`[-._]{2,}|[-._]$`)
 )
 
 // IsValidUsername checks if username is valid
 func IsValidUsername(name string) bool {
 	// It is difficult to find a single pattern that is both readable and effective,
 	// but it's easier to use positive and negative checks.
-	return validUsernamePattern.MatchString(name) && !invalidUsernamePattern.MatchString(name)
+	if setting.Service.AllowDotsInUsernames {
+		return validUsernamePatternWithDots.MatchString(name) && !invalidUsernamePattern.MatchString(name)
+	}
+
+	return validUsernamePatternWithoutDots.MatchString(name) && !invalidUsernamePattern.MatchString(name)
 }
diff --git a/modules/validation/helpers_test.go b/modules/validation/helpers_test.go
index 52f383f698..a1bdf2a29c 100644
--- a/modules/validation/helpers_test.go
+++ b/modules/validation/helpers_test.go
@@ -155,7 +155,8 @@ func Test_IsValidExternalTrackerURLFormat(t *testing.T) {
 	}
 }
 
-func TestIsValidUsername(t *testing.T) {
+func TestIsValidUsernameAllowDots(t *testing.T) {
+	setting.Service.AllowDotsInUsernames = true
 	tests := []struct {
 		arg  string
 		want bool
@@ -185,3 +186,31 @@ func TestIsValidUsername(t *testing.T) {
 		})
 	}
 }
+
+func TestIsValidUsernameBanDots(t *testing.T) {
+	setting.Service.AllowDotsInUsernames = false
+	defer func() {
+		setting.Service.AllowDotsInUsernames = true
+	}()
+
+	tests := []struct {
+		arg  string
+		want bool
+	}{
+		{arg: "a", want: true},
+		{arg: "abc", want: true},
+		{arg: "0.b-c", want: false},
+		{arg: "a.b-c_d", want: false},
+		{arg: ".abc", want: false},
+		{arg: "abc.", want: false},
+		{arg: "a..bc", want: false},
+		{arg: "a...bc", want: false},
+		{arg: "a.-bc", want: false},
+		{arg: "a._bc", want: false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.arg, func(t *testing.T) {
+			assert.Equalf(t, tt.want, IsValidUsername(tt.arg), "IsValidUsername[AllowDotsInUsernames=false](%v)", tt.arg)
+		})
+	}
+}
diff --git a/modules/web/middleware/binding.go b/modules/web/middleware/binding.go
index d9bcdf3b2a..4e7fca80e2 100644
--- a/modules/web/middleware/binding.go
+++ b/modules/web/middleware/binding.go
@@ -8,6 +8,7 @@ import (
 	"reflect"
 	"strings"
 
+	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/validation"
@@ -135,7 +136,11 @@ func Validate(errs binding.Errors, data map[string]any, f Form, l translation.Lo
 			case validation.ErrRegexPattern:
 				data["ErrorMsg"] = trName + l.Tr("form.regex_pattern_error", errs[0].Message)
 			case validation.ErrUsername:
-				data["ErrorMsg"] = trName + l.Tr("form.username_error")
+				if setting.Service.AllowDotsInUsernames {
+					data["ErrorMsg"] = trName + l.Tr("form.username_error")
+				} else {
+					data["ErrorMsg"] = trName + l.Tr("form.username_error_no_dots")
+				}
 			case validation.ErrInvalidGroupTeamMap:
 				data["ErrorMsg"] = trName + l.Tr("form.invalid_group_team_map_error", errs[0].Message)
 			default:
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 53f0402e2d..947a7dd3c9 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -294,6 +294,7 @@ default_allow_create_organization = Allow Creation of Organizations by Default
 default_allow_create_organization_popup = Allow new user accounts to create organizations by default.
 default_enable_timetracking = Enable Time Tracking by Default
 default_enable_timetracking_popup = Enable time tracking for new repositories by default.
+allow_dots_in_usernames = Allow users to use dots in their usernames. Doesn't affect existing accounts.
 no_reply_address = Hidden Email Domain
 no_reply_address_helper = Domain name for users with a hidden email address. For example, the username 'joe' will be logged in Git as 'joe@noreply.example.org' if the hidden email domain is set to 'noreply.example.org'.
 password_algorithm = Password Hash Algorithm
@@ -533,6 +534,7 @@ include_error = ` must contain substring "%s".`
 glob_pattern_error = ` glob pattern is invalid: %s.`
 regex_pattern_error = ` regex pattern is invalid: %s.`
 username_error = ` can only contain alphanumeric chars ('0-9','a-z','A-Z'), dash ('-'), underscore ('_') and dot ('.'). It cannot begin or end with non-alphanumeric chars, and consecutive non-alphanumeric chars are also forbidden.`
+username_error_no_dots = ` can only contain alphanumeric chars ('0-9','a-z','A-Z'), dash ('-') and underscore ('_'). It cannot begin or end with non-alphanumeric chars, and consecutive non-alphanumeric chars are also forbidden.`
 invalid_group_team_map_error = ` mapping is invalid: %s`
 unknown_error = Unknown error:
 captcha_incorrect = The CAPTCHA code is incorrect.
diff --git a/templates/admin/config.tmpl b/templates/admin/config.tmpl
index 1cc4b7bb09..ce6edf8a97 100644
--- a/templates/admin/config.tmpl
+++ b/templates/admin/config.tmpl
@@ -157,6 +157,8 @@
 				<dd>{{if .Service.DefaultKeepEmailPrivate}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
 				<dt>{{ctx.Locale.Tr "admin.config.default_allow_create_organization"}}</dt>
 				<dd>{{if .Service.DefaultAllowCreateOrganization}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.config.allow_dots_in_usernames"}}</dt>
+				<dd>{{if .Service.AllowDotsInUsernames}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
 				<dt>{{ctx.Locale.Tr "admin.config.enable_timetracking"}}</dt>
 				<dd>{{if .Service.EnableTimetracking}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
 				{{if .Service.EnableTimetracking}}

From d3fa04aa699883df9b227382190f57726c591cb8 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 24 Jun 2023 13:08:52 +0200
Subject: [PATCH 03/62] [GITEA] Add password length check on install page

- Resolves #271
- Ensure that the adminstrator password is at least `MIN_PASSWORD_LENGTH`.

(cherry picked from commit 28cb04c3f5040980e716ce66cd5906f324257e02)
(cherry picked from commit 95371ebd92cd005e2d50a4754e60525cf6135b86)
(cherry picked from commit a134288ab6b0291082d913c4e22456b31af58af9)
(cherry picked from commit 4202f052cb32aec71a61dd2afd814035a9d85eea)
(cherry picked from commit 510b7467d3ee0bf346ad1843775affe1df0675ae)
(cherry picked from commit f3a6e1f121e89aaf608fd9890eaf06ed939d1006)
(cherry picked from commit f340508819866f355feec6d01b349fa7df29ace9)
(cherry picked from commit b891bb176d48c3855cc5b6e4573e7a337af9d382)
(cherry picked from commit 1a1bfc38cc7863f5cb3022560cacb2006d08f113)
(cherry picked from commit 083d5aefed10e54814c4438eabcd01973d305502)
(cherry picked from commit 4586096be9b6214058245da3227541866ea4312f)
(cherry picked from commit 039fa20cc8a5b50d5cc37de4503e8a9a80042bcc)
(cherry picked from commit 3ec9cb5f5915cd0bd46ca0d20d0ab798dc7bd135)
(cherry picked from commit 00be0eee3727130966c34a3b95b10f2af06ea2ec)
(cherry picked from commit a1566030025df8cc83d20cbe2b6fb0f87304a1a5)
(cherry picked from commit 4d305e77742c181f68cd24724dfc685723a41b31)
(cherry picked from commit 51e8f21202ea766d69a4b3c26f44c6db07f47844)
(cherry picked from commit 58e354c98e6b361f6d651ffdca3d5cb459adbf2f)
(cherry picked from commit 20405564f56775ba0f29a54c9a6eca8136d8ac99)
(cherry picked from commit 1d7f49568319cfa49e9c8338f2375432f4917739)
(cherry picked from commit d457b9c9111c04ffcd26ff859e2ad804697c2621)
(cherry picked from commit 72b54bc4cce030540310e50acc41ea789a1e5221)
(cherry picked from commit d7ce723e350d21ef42eba7b7013543e2ba6e0e17)
(cherry picked from commit ce5f863d5d3eff77b9736db453f0f9a65241c9bb)
(cherry picked from commit 324b9318acbf5e12be922ee7f8fc0f0fece1743a)
(cherry picked from commit fff11fc535c1a1122914170363bfc23aeb52e02c)
---
 routers/install/install.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/routers/install/install.go b/routers/install/install.go
index 1dbfafcd14..cb7818bd33 100644
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -358,6 +358,12 @@ func SubmitInstall(ctx *context.Context) {
 			ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplInstall, form)
 			return
 		}
+		if len(form.AdminPasswd) < setting.MinPasswordLength {
+			ctx.Data["Err_Admin"] = true
+			ctx.Data["Err_AdminPasswd"] = true
+			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplInstall, form)
+			return
+		}
 	}
 
 	// Init the engine with migration

From 553d4872f883b8ac5cd6e9e585c599201b06067a Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 5 Aug 2023 14:47:09 +0200
Subject: [PATCH 04/62] [GITEA] Allow release creation on commit

- The code and tests are already there to allow releases to be created
on commits.
- This patch modifies the web code to take into account that an commitID
could've been passed as target.
- Added unit test.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1196

(cherry picked from commit 90863e0ab51d1b243f67de266bbeeb7a9031c525)
(cherry picked from commit c805aa23b5c6c9a8ab79e2e66786a4ef798e827a)
(cherry picked from commit cf45567ca60b2a9411694c8e9b649fd77c64bdae)
(cherry picked from commit 672a2b91e5612f438bd7951d173f42c223629fd1)
(cherry picked from commit 82c930152cd693f8451e9553504365c724e1fced)
(cherry picked from commit 95ac2508b3e8dd9fc2b0168600d989dbce0744ec)
(cherry picked from commit b13a81ab98a02e30d1b508bb89cdd67a05eae782)
(cherry picked from commit 9f463a7c1fa74ce17ab6ff8df49e2bcea3c1bc89)
(cherry picked from commit 758ce84dc58e0c689e0fcc34386c7a8ed50f3df9)

Conflicts:
	tests/integration/release_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit edf0531aeead2f68bbb283e437494ace33a8d3b8)
(cherry picked from commit 44b29f3a1df81c072737b139cad34435313f086c)
(cherry picked from commit b851b674195ecf3020aba55c5f46704fa3405289)
(cherry picked from commit 37b408f5aac53bf72cd530722c774d7ace8356e1)
(cherry picked from commit e81dbedb88a8601cf5a071176ecdbf29a0018cc1)
(cherry picked from commit d5fa6be6ecc789448a45d4968ead4f958c33040b)
(cherry picked from commit b8c4be25297401bc570dbff41bf312545ade4b54)
(cherry picked from commit f23ce2843c59e442f63a240862d0d2e009a6eff2)
(cherry picked from commit 8b7bcabae27bc5f66c72c44693e1d051231d2a79)
(cherry picked from commit 2d6e52dda9b7f5fd29d7700f9a7835627aeada90)
(cherry picked from commit 42e4f3ffdd211d3bb45e505a0cf632172bcbf6b2)
(cherry picked from commit 39a1f689d8cb7a741cb10c35d4748fb54ecec34a)
---
 routers/web/repo/release.go       |  4 +++-
 tests/integration/release_test.go | 15 ++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/routers/web/repo/release.go b/routers/web/repo/release.go
index 595d599fe1..9dee7c7d4f 100644
--- a/routers/web/repo/release.go
+++ b/routers/web/repo/release.go
@@ -391,7 +391,9 @@ func NewReleasePost(ctx *context.Context) {
 		return
 	}
 
-	if !ctx.Repo.GitRepo.IsBranchExist(form.Target) {
+	// form.Target can be a branch name or a full commitID.
+	if !ctx.Repo.GitRepo.IsBranchExist(form.Target) &&
+		len(form.Target) == git.SHAFullLength && !ctx.Repo.GitRepo.IsCommitExist(form.Target) {
 		ctx.RenderWithErr(ctx.Tr("form.target_branch_not_exist"), tplReleaseNew, &form)
 		return
 	}
diff --git a/tests/integration/release_test.go b/tests/integration/release_test.go
index 42d0d00e78..439e315347 100644
--- a/tests/integration/release_test.go
+++ b/tests/integration/release_test.go
@@ -21,6 +21,10 @@ import (
 )
 
 func createNewRelease(t *testing.T, session *TestSession, repoURL, tag, title string, preRelease, draft bool) {
+	createNewReleaseTarget(t, session, repoURL, tag, title, "master", preRelease, draft)
+}
+
+func createNewReleaseTarget(t *testing.T, session *TestSession, repoURL, tag, title, target string, preRelease, draft bool) {
 	req := NewRequest(t, "GET", repoURL+"/releases/new")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc := NewHTMLParser(t, resp.Body)
@@ -31,7 +35,7 @@ func createNewRelease(t *testing.T, session *TestSession, repoURL, tag, title st
 	postData := map[string]string{
 		"_csrf":      htmlDoc.GetCSRF(),
 		"tag_name":   tag,
-		"tag_target": "master",
+		"tag_target": target,
 		"title":      title,
 		"content":    "",
 	}
@@ -217,6 +221,15 @@ func TestViewReleaseListLogin(t *testing.T) {
 	}, links)
 }
 
+func TestReleaseOnCommit(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+	createNewReleaseTarget(t, session, "/user2/repo1", "v0.0.1", "v0.0.1", "65f1bf27bc3bf70f64657658635e66094edbcb4d", false, false)
+
+	checkLatestReleaseAndCount(t, session, "/user2/repo1", "v0.0.1", translation.NewLocale("en-US").Tr("repo.release.stable"), 4)
+}
+
 func TestViewTagsList(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 5462493a77dc6f2bf8a0e07e6fbfbe9cce157bcd Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 18 Aug 2023 11:21:24 +0200
Subject: [PATCH 05/62] [GITEA] Improve HTML title on repositories

- The `<title>` element that lives inside the `<head>` element is an important element that gives browsers and search engine crawlers the title of the webpage, hence the element name. It's therefor important that this title is accurate.
- Currently there are three issues with titles on repositories. It doesn't use the `FullName` and instead only uses the repository name, this doesn't distinguish which user or organisation the repository is on. It doesn't show the full treepath in the title when visiting an file inside a directory and instead only uses the latest path in treepath. It can show the repository name twice if the `.Title` variable also included the repository name such as on the repository homepage.
- Use the repository's fullname (which include which user the repository is on) instead of just their name.
- Display the repository's fullname if it isn't already in `.Title`.
- Use the full treepath in the repository code view instead of just the
last path.
- Adds integration tests.
- Adds a new repository (`repo59`) that has 3 depths for folders, which
wasn't in any other fixture repository yet, so the full treepath for
could be properly tested.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1276

(cherry picked from commit ff9a6a2cda34cf2b2e392cc47125ed0f619b287b)
(cherry picked from commit 76dffc862103eb23d51445ef9d611296308c8413)
(cherry picked from commit ff0615b9d0f3ea4bd86a28c4ac5b0c4740230c81)
(cherry picked from commit 8712eaa394053a8c8f1f4cb17307e094c65c7059)
(cherry picked from commit 0c11587582b8837778ee85f4e3b04241e5d71760)
(cherry picked from commit 3cbd9fb7922177106b309f010dd34a68751873dc)

Conflicts:
	tests/integration/repo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit fbfdba8ae9e7cb9811452b30d5424fca41231a1f)

Conflicts:
	models/fixtures/release.yml
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 8b2bf0534ca6a2241c2a10cbecd7c96fb96558a6)
(cherry picked from commit d706d9e222469c689eb069ec609968296657dfdc)
(cherry picked from commit 6d46261a3f81d3642b313e76ad93c5f72fbd6bf8)
(cherry picked from commit f864d18ad30760bd1e2fb1925b87b19e3208ad97)
(cherry picked from commit 80f8620d0d746c7ce5e88eeef3ec62431c399ec8)

[GITEA] Improve HTML title on repositories (squash) do not double escape

(cherry picked from commit 22882fe25cde57837a31738a10c71c9478e16662)
(cherry picked from commit 63e99df3d1ecb50da3b723848ca85d56b831a8d7)
(cherry picked from commit b65d777bc78fabf7e3d1bf8c50aff4eb5395d783)
(cherry picked from commit 2961f4f6320b4b38c33f33e7133e7f3d3f86bd0f)
(cherry picked from commit f7f723628c76c5c2a0678139fbc4264feea352ea)
(cherry picked from commit 9ed79158268160f62dc1b32183c9a487cd521ef7)
(cherry picked from commit 8b9ead46085b8a7f1a9c63f561bce4795ccca31d)
(cherry picked from commit 50eeaf1fbcf01d8616d8ea792a3b3cd736137f89)
(cherry picked from commit ee6f32820e5e0e4ea2ae61fc6a72c475e805b5ac)
(cherry picked from commit bf337bed3507a6554bbdd738e6ca1aa80d00df20)
(cherry picked from commit 6be9501ec0c6eceda8faa48a4d1dc875da702880)
(cherry picked from commit b39860570df95a860c151122a259becb6a221c0e)
(cherry picked from commit 3f30f486d516cac043dbdcd780b2277b6a3278d7)
(cherry picked from commit 5680ecdbe9b668ce69e5a55b2dd7fb7c0eb7087b)
(cherry picked from commit da6a19ad16bd9014ac37e02f10095880baeac65c)
---
 models/fixtures/release.yml                   |  14 +++
 models/fixtures/repo_unit.yml                 |  32 ++++++
 models/fixtures/repository.yml                |  14 +++
 models/fixtures/user.yml                      |   2 +-
 models/repo/repo_list_test.go                 |   6 +-
 routers/web/repo/view.go                      |   4 +-
 templates/base/head.tmpl                      |   3 +-
 .../user2/repo59.git/HEAD                     |   1 +
 .../user2/repo59.git/config                   |   4 +
 .../user2/repo59.git/description              |   1 +
 .../user2/repo59.git/info/exclude             |   6 +
 .../40/8bbd3bd1f96950f8cf2f98c479557f6b18817a | Bin 0 -> 63 bytes
 .../5d/5c87a90af64cc67f22d60a942d5efaef8bc96b | Bin 0 -> 50 bytes
 .../88/3e2970ed6937cbb63311e941adb97df0ae3a52 | Bin 0 -> 49 bytes
 .../8c/ac7a8f434451410cc91ab9c04d07baff974ad8 | Bin 0 -> 120 bytes
 .../a0/ccafed39086ef520be6886d9395eb2100d317e | Bin 0 -> 102 bytes
 .../ab/e2a9ddfd7f542ff89bc13960a929dc8ca86c99 | Bin 0 -> 36 bytes
 .../cd/879fb6cf5b7bbe0fbc3a0ef44c8695fde89a56 | Bin 0 -> 108 bytes
 .../d8/f53dfb33f6ccf4169c34970b5e747511c18beb | Bin 0 -> 784 bytes
 .../f3/c1ec36c0e7605be54e71f24035caa675b7ba41 | Bin 0 -> 48 bytes
 .../user2/repo59.git/packed-refs              |   3 +
 .../user2/repo59.git/refs/heads/cake-recipe   |   1 +
 tests/integration/api_repo_test.go            |   6 +-
 tests/integration/integration_test.go         |  15 +++
 tests/integration/repo_test.go                | 104 ++++++++++++++++++
 25 files changed, 206 insertions(+), 10 deletions(-)
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/HEAD
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/config
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/description
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/info/exclude
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/40/8bbd3bd1f96950f8cf2f98c479557f6b18817a
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/5d/5c87a90af64cc67f22d60a942d5efaef8bc96b
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/88/3e2970ed6937cbb63311e941adb97df0ae3a52
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/8c/ac7a8f434451410cc91ab9c04d07baff974ad8
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/a0/ccafed39086ef520be6886d9395eb2100d317e
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/ab/e2a9ddfd7f542ff89bc13960a929dc8ca86c99
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/cd/879fb6cf5b7bbe0fbc3a0ef44c8695fde89a56
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/d8/f53dfb33f6ccf4169c34970b5e747511c18beb
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/f3/c1ec36c0e7605be54e71f24035caa675b7ba41
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/packed-refs
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/refs/heads/cake-recipe

diff --git a/models/fixtures/release.yml b/models/fixtures/release.yml
index 372a79509f..938f2cd7b7 100644
--- a/models/fixtures/release.yml
+++ b/models/fixtures/release.yml
@@ -150,3 +150,17 @@
   is_prerelease: false
   is_tag: false
   created_unix: 946684803
+
+- id: 12
+  repo_id: 59
+  publisher_id: 2
+  tag_name: "v1.0"
+  lower_tag_name: "v1.0"
+  target: "main"
+  title: "v1.0"
+  sha1: "d8f53dfb33f6ccf4169c34970b5e747511c18beb"
+  num_commits: 1
+  is_draft: false
+  is_prerelease: false
+  is_tag: false
+  created_unix: 946684803
diff --git a/models/fixtures/repo_unit.yml b/models/fixtures/repo_unit.yml
index 0104419550..b359f547b6 100644
--- a/models/fixtures/repo_unit.yml
+++ b/models/fixtures/repo_unit.yml
@@ -608,6 +608,38 @@
   type: 1
   created_unix: 946684810
 
+# BEGIN Forgejo [GITEA] Improve HTML title on repositories
+-
+  id: 1093
+  repo_id: 59
+  type: 1
+  created_unix: 946684810
+
+-
+  id: 1094
+  repo_id: 59
+  type: 2
+  created_unix: 946684810
+
+-
+  id: 1095
+  repo_id: 59
+  type: 3
+  created_unix: 946684810
+
+-
+  id: 1096
+  repo_id: 59
+  type: 4
+  created_unix: 946684810
+
+-
+  id: 1097
+  repo_id: 59
+  type: 5
+  created_unix: 946684810
+# END Forgejo [GITEA] Improve HTML title on repositories
+
 -
   id: 91
   repo_id: 58
diff --git a/models/fixtures/repository.yml b/models/fixtures/repository.yml
index 373c1caa62..7fce1d1b28 100644
--- a/models/fixtures/repository.yml
+++ b/models/fixtures/repository.yml
@@ -1467,6 +1467,7 @@
   owner_name: user27
   lower_name: repo49
   name: repo49
+  description: A wonderful repository with more than just a README.md
   default_branch: master
   num_watches: 0
   num_stars: 0
@@ -1693,3 +1694,16 @@
   size: 0
   is_fsck_enabled: true
   close_issues_via_commit_in_any_branch: false
+
+-
+  id: 59
+  owner_id: 2
+  owner_name: user2
+  lower_name: repo59
+  name: repo59
+  default_branch: master
+  is_empty: false
+  is_archived: false
+  is_private: false
+  status: 0
+  num_issues: 0
diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml
index fd51379816..79fbb981f6 100644
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@@ -66,7 +66,7 @@
   num_followers: 2
   num_following: 1
   num_stars: 2
-  num_repos: 14
+  num_repos: 15
   num_teams: 0
   num_members: 0
   visibility: 0
diff --git a/models/repo/repo_list_test.go b/models/repo/repo_list_test.go
index 8a1799aac0..a8b958109c 100644
--- a/models/repo/repo_list_test.go
+++ b/models/repo/repo_list_test.go
@@ -138,12 +138,12 @@ func getTestCases() []struct {
 		{
 			name:  "AllPublic/PublicRepositoriesOfUserIncludingCollaborative",
 			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerID: 15, AllPublic: true, Template: util.OptionalBoolFalse},
-			count: 31,
+			count: 32,
 		},
 		{
 			name:  "AllPublic/PublicAndPrivateRepositoriesOfUserIncludingCollaborative",
 			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerID: 15, Private: true, AllPublic: true, AllLimited: true, Template: util.OptionalBoolFalse},
-			count: 36,
+			count: 37,
 		},
 		{
 			name:  "AllPublic/PublicAndPrivateRepositoriesOfUserIncludingCollaborativeByName",
@@ -158,7 +158,7 @@ func getTestCases() []struct {
 		{
 			name:  "AllPublic/PublicRepositoriesOfOrganization",
 			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerID: 17, AllPublic: true, Collaborate: util.OptionalBoolFalse, Template: util.OptionalBoolFalse},
-			count: 31,
+			count: 32,
 		},
 		{
 			name:  "AllTemplates",
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 9cf0dff5d8..c6ceca5021 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -166,7 +166,7 @@ func renderDirectory(ctx *context.Context, treeLink string) {
 
 	if ctx.Repo.TreePath != "" {
 		ctx.Data["HideRepoInfo"] = true
-		ctx.Data["Title"] = ctx.Tr("repo.file.title", ctx.Repo.Repository.Name+"/"+path.Base(ctx.Repo.TreePath), ctx.Repo.RefName)
+		ctx.Data["Title"] = ctx.Tr("repo.file.title", ctx.Repo.Repository.Name+"/"+ctx.Repo.TreePath, ctx.Repo.RefName)
 	}
 
 	subfolder, readmeFile, err := findReadmeFileInEntries(ctx, entries, true)
@@ -348,7 +348,7 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink st
 	}
 	defer dataRc.Close()
 
-	ctx.Data["Title"] = ctx.Tr("repo.file.title", ctx.Repo.Repository.Name+"/"+path.Base(ctx.Repo.TreePath), ctx.Repo.RefName)
+	ctx.Data["Title"] = ctx.Tr("repo.file.title", ctx.Repo.Repository.Name+"/"+ctx.Repo.TreePath, ctx.Repo.RefName)
 	ctx.Data["FileIsSymlink"] = entry.IsLink()
 	ctx.Data["FileName"] = blob.Name()
 	ctx.Data["RawFileLink"] = rawLink + "/" + util.PathEscapeSegments(ctx.Repo.TreePath)
diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl
index 876b42d512..18964f374d 100644
--- a/templates/base/head.tmpl
+++ b/templates/base/head.tmpl
@@ -2,7 +2,8 @@
 <html lang="{{ctx.Locale.Lang}}" data-theme="{{ThemeName .SignedUser}}">
 <head>
 	<meta name="viewport" content="width=device-width, initial-scale=1">
-	<title>{{if .Title}}{{.Title | RenderEmojiPlain}} - {{end}}{{if .Repository.Name}}{{.Repository.Name}} - {{end}}{{AppName}}</title>
+	{{/* Display `- .Repsository.FullName` only if `.Title` does not already start with that. */}}
+	<title>{{if .Title}}{{.Title | RenderEmojiPlain}} - {{end}}{{if and (.Repository.Name) (not (StringUtils.HasPrefix .Title .Repository.FullName))}}{{.Repository.FullName}} - {{end}}{{AppName}}</title>
 	{{if .ManifestData}}<link rel="manifest" href="data:{{.ManifestData}}">{{end}}
 	<meta name="author" content="{{if .Repository}}{{.Owner.Name}}{{else}}{{MetaAuthor}}{{end}}">
 	<meta name="description" content="{{if .Repository}}{{.Repository.Name}}{{if .Repository.Description}} - {{.Repository.Description}}{{end}}{{else}}{{MetaDescription}}{{end}}">
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/HEAD b/tests/gitea-repositories-meta/user2/repo59.git/HEAD
new file mode 100644
index 0000000000..cb089cd89a
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo59.git/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/master
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/config b/tests/gitea-repositories-meta/user2/repo59.git/config
new file mode 100644
index 0000000000..07d359d07c
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo59.git/config
@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/description b/tests/gitea-repositories-meta/user2/repo59.git/description
new file mode 100644
index 0000000000..498b267a8c
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo59.git/description
@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/info/exclude b/tests/gitea-repositories-meta/user2/repo59.git/info/exclude
new file mode 100644
index 0000000000..a5196d1be8
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo59.git/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/40/8bbd3bd1f96950f8cf2f98c479557f6b18817a b/tests/gitea-repositories-meta/user2/repo59.git/objects/40/8bbd3bd1f96950f8cf2f98c479557f6b18817a
new file mode 100644
index 0000000000000000000000000000000000000000..567284ef1c21f472841f3d729cbfe024d78c448c
GIT binary patch
literal 63
zcmV-F0Korv0ZYosPf{>3XHZrMN-fAQ&Me6<s#GY?EXhzvR7lB8OG_<E%_~vJ&df_G
VR>)6NNXyJgE!N}W0ssfX5``$?8bAO5

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/5d/5c87a90af64cc67f22d60a942d5efaef8bc96b b/tests/gitea-repositories-meta/user2/repo59.git/objects/5d/5c87a90af64cc67f22d60a942d5efaef8bc96b
new file mode 100644
index 0000000000000000000000000000000000000000..f23960f4cc8c09af29fc4765f683b697a4547d74
GIT binary patch
literal 50
zcmV-20L}k+0V^p=O;s>9VK6ZO0)@QP;*!j~bcW9d-<TbEo)G=iuke$D>8WL<+jltv
I07;Az9utceGXMYp

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/88/3e2970ed6937cbb63311e941adb97df0ae3a52 b/tests/gitea-repositories-meta/user2/repo59.git/objects/88/3e2970ed6937cbb63311e941adb97df0ae3a52
new file mode 100644
index 0000000000000000000000000000000000000000..46cc9e3e5ec14999b5424f35c1c548db9e9e33c1
GIT binary patch
literal 49
zcmb<m^geacKghr=?SqG|SEzoN#<}ypp&s78I+{SPho`Qe-YFf8lV{Ffe$2!mca2X0
E0Le2FOaK4?

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/8c/ac7a8f434451410cc91ab9c04d07baff974ad8 b/tests/gitea-repositories-meta/user2/repo59.git/objects/8c/ac7a8f434451410cc91ab9c04d07baff974ad8
new file mode 100644
index 0000000000000000000000000000000000000000..5a1e79326f2c2ee1a4c451167389f5096eabdf72
GIT binary patch
literal 120
zcmV-;0Ehp00V^p=O;s>7FlR6{FfcPQQ3!H%bn$i7%S~Z$=-z96@n>ehkMsI7j#P%$
zXG=6znHT_pLP~0C0Yhv|`%12FKF8{nu5nG#jr;Y!`(!rMjI`9mlG377y^@L&h7LQ;
ag14FGr?(jkzI0r>v-ZO}s~`Z9QY~(zy*Y~j

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/a0/ccafed39086ef520be6886d9395eb2100d317e b/tests/gitea-repositories-meta/user2/repo59.git/objects/a0/ccafed39086ef520be6886d9395eb2100d317e
new file mode 100644
index 0000000000000000000000000000000000000000..3b71228a7ec7b91f1066cda387ef6efa28c2ae68
GIT binary patch
literal 102
zcmV-s0Ga=I0V^p=O;xb4U@$Z=Ff%bx2y%6F@paY9O<`F5Xyx6%^&$E{W*@XnSgCoZ
zXGP9TsG{Q3<f7D)_~OLU<ka}0)a1;9RK1dl5{9$w^S7OkuHMJL$BOTZPutYLFJ^@S
I0N_g~9D6=E761SM

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/ab/e2a9ddfd7f542ff89bc13960a929dc8ca86c99 b/tests/gitea-repositories-meta/user2/repo59.git/objects/ab/e2a9ddfd7f542ff89bc13960a929dc8ca86c99
new file mode 100644
index 0000000000000000000000000000000000000000..dcbd3b3eb9f03f5d60d082bd174cf3e8d07c6e8a
GIT binary patch
literal 36
rcmb<m^geacKghr+As~$7q(`WRpRb;mZlH#rj;~+n6DEer296E@-c1XM

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/cd/879fb6cf5b7bbe0fbc3a0ef44c8695fde89a56 b/tests/gitea-repositories-meta/user2/repo59.git/objects/cd/879fb6cf5b7bbe0fbc3a0ef44c8695fde89a56
new file mode 100644
index 0000000000000000000000000000000000000000..cd9cea6797da4bacfae03d6da3b053b81d969db2
GIT binary patch
literal 108
zcmV-y0F(cC0VRwv4udcd1XKGJ+abA#LWg(<d4O#eumBtRE|K_sPD(jDtBFUA=wHKQ
z+6ZB4R5Yf1adggmyi14&p%t^q`_d8rXPMbLvGto1u?0b?YK5Zs2-IpjZ^2TVK^B}8
O2`iuQ-u(dQ948US(J)2;

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/d8/f53dfb33f6ccf4169c34970b5e747511c18beb b/tests/gitea-repositories-meta/user2/repo59.git/objects/d8/f53dfb33f6ccf4169c34970b5e747511c18beb
new file mode 100644
index 0000000000000000000000000000000000000000..bea28c9f69b13925696567043b55ee3a544ce94c
GIT binary patch
literal 784
zcmV+r1MmEJ0hN=<uB%1>M6>2AdT%A&7_dRgi_+j`HiK;pmmM?MU`7Mx>)%bH?6OHM
zk5sBnouqA=Y63LcbH7YOmH|GAl4Hc@EW@%K&C)1I1Uia^1hFYP#!;RNM>a}%Dtb?4
zJAn6?4K(;YO4A`5NBYlfjhe2`eoNZs4?rJ;J;Mr|fWQvz5u(27_uQ2I-(JxbV^x4(
z|B6Ty%>s_%fUBlh_~u>6-<$#zs9bFmF%~6^Q@J9f=}|(LabtH3q_<N6zqB~{6bz|(
z88^4w(!a1&Jl%ge1xO9gmJ0>NxV$YbR02+h-W<i4Z3HuNB`n?WDPMf^Mf~0>y>8SN
zL-n>NnOHxD1_ktBKMTFMF~Oeo44c$Nx1zjPg-n1^s{~0y49o8@?{IqT_1l9F<ml+Q
z9C}RBeGn<|zST=%w;6q?N4)b-XXc8BYB)(@zga5$><Ig{cl7%sA$kIRHm~J}{?`20
z`NP{m$x&d*S7)08xz__Sb<D?XcDfv)v6OGKxlD#%XJSAuT`t5cYAfG8x2j*Vewi12
zTJ2^Ea1neQx#)5*l>DBH+t<aF%ENli#a$-YU1bW@izqP7T$`cw$TekB##S1PNpyTh
z+k*mF^zUgl%VLdhnmP+=@!?Ac>z~X}{gyB7!qm$KrCW*^)AW)NzRtpG4}}%%=|SNs
z@Nz?3mnX@zAyYKZV*tH#nR{bxS}d9i?M(85HRz`|j6_MUVShjg2W|Ppe8h&<LkhU9
z`dWpstae%^_i+Gs#s*K5<(k3j78iSEG>7*MdL7JHfOBCJr|RNl?>o$nk$Jg%Kk7Ay
z>ilZ^!I!SZjq{9}32tH%t5<moRy?*E(a}TN4~8WWew8kHGc1@^G5^rQS*HLDtNP<q
zH4^z!KGR{%CV7@+SIOuqcS&zzJ_#CxU$9z^2UsDM%&P1dVXr;XOwv;d$eaD_+~sl9
z`_bldN7Pg|IhDS5$9pE_7Ok3Zva>4`QEQTUns*)fL4hA0LId@WGsHUmmoZfJs-`Nc
O!MB&yMEwL3??r>^yMtc<

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/f3/c1ec36c0e7605be54e71f24035caa675b7ba41 b/tests/gitea-repositories-meta/user2/repo59.git/objects/f3/c1ec36c0e7605be54e71f24035caa675b7ba41
new file mode 100644
index 0000000000000000000000000000000000000000..b6803eb5a271b9d33c981d1ba24fa4126ae409db
GIT binary patch
literal 48
zcmV-00MGw;0V^p=O;s>9W-u`T0)@2voRrieh6QKVzqRDZ`>L=nqwS_;+$I5D!#V&X
Gkq<4~#T1zU

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/packed-refs b/tests/gitea-repositories-meta/user2/repo59.git/packed-refs
new file mode 100644
index 0000000000..114c84d2aa
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo59.git/packed-refs
@@ -0,0 +1,3 @@
+# pack-refs with: peeled fully-peeled sorted 
+d8f53dfb33f6ccf4169c34970b5e747511c18beb refs/heads/master
+d8f53dfb33f6ccf4169c34970b5e747511c18beb refs/tags/v1.0
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/refs/heads/cake-recipe b/tests/gitea-repositories-meta/user2/repo59.git/refs/heads/cake-recipe
new file mode 100644
index 0000000000..63bbea6692
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo59.git/refs/heads/cake-recipe
@@ -0,0 +1 @@
+d8f53dfb33f6ccf4169c34970b5e747511c18beb
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 90f84c794e..04c1f29649 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -93,9 +93,9 @@ func TestAPISearchRepo(t *testing.T) {
 	}{
 		{
 			name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50&private=false", expectedResults: expectedResults{
-				nil:   {count: 33},
-				user:  {count: 33},
-				user2: {count: 33},
+				nil:   {count: 34},
+				user:  {count: 34},
+				user2: {count: 34},
 			},
 		},
 		{
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index b505c9d857..60a85ee5d4 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -563,3 +563,18 @@ func GetCSRF(t testing.TB, session *TestSession, urlStr string) string {
 	doc := NewHTMLParser(t, resp.Body)
 	return doc.GetCSRF()
 }
+
+func GetHTMLTitle(t testing.TB, session *TestSession, urlStr string) string {
+	t.Helper()
+
+	req := NewRequest(t, "GET", urlStr)
+	var resp *httptest.ResponseRecorder
+	if session == nil {
+		resp = MakeRequest(t, req, http.StatusOK)
+	} else {
+		resp = session.MakeRequest(t, req, http.StatusOK)
+	}
+
+	doc := NewHTMLParser(t, resp.Body)
+	return doc.Find("head title").Text()
+}
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index f5417b100c..d50262ef84 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -200,6 +200,110 @@ func TestViewAsRepoAdmin(t *testing.T) {
 	}
 }
 
+func TestRepoHTMLTitle(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Repository homepage", func(t *testing.T) {
+		t.Run("Without description", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			htmlTitle := GetHTMLTitle(t, nil, "/user2/repo1")
+			assert.EqualValues(t, "user2/repo1 - Gitea: Git with a cup of tea", htmlTitle)
+		})
+		t.Run("With description", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			htmlTitle := GetHTMLTitle(t, nil, "/user27/repo49")
+			assert.EqualValues(t, "user27/repo49: A wonderful repository with more than just a README.md - Gitea: Git with a cup of tea", htmlTitle)
+		})
+	})
+
+	t.Run("Code view", func(t *testing.T) {
+		t.Run("Directory", func(t *testing.T) {
+			t.Run("Default branch", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				htmlTitle := GetHTMLTitle(t, nil, "/user2/repo59/src/branch/master/deep/nesting")
+				assert.EqualValues(t, "repo59/deep/nesting at master - user2/repo59 - Gitea: Git with a cup of tea", htmlTitle)
+			})
+			t.Run("Non-default branch", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				htmlTitle := GetHTMLTitle(t, nil, "/user2/repo59/src/branch/cake-recipe/deep/nesting")
+				assert.EqualValues(t, "repo59/deep/nesting at cake-recipe - user2/repo59 - Gitea: Git with a cup of tea", htmlTitle)
+			})
+			t.Run("Commit", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				htmlTitle := GetHTMLTitle(t, nil, "/user2/repo59/src/commit/d8f53dfb33f6ccf4169c34970b5e747511c18beb/deep/nesting/")
+				assert.EqualValues(t, "repo59/deep/nesting at d8f53dfb33f6ccf4169c34970b5e747511c18beb - user2/repo59 - Gitea: Git with a cup of tea", htmlTitle)
+			})
+			t.Run("Tag", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				htmlTitle := GetHTMLTitle(t, nil, "/user2/repo59/src/tag/v1.0/deep/nesting/")
+				assert.EqualValues(t, "repo59/deep/nesting at v1.0 - user2/repo59 - Gitea: Git with a cup of tea", htmlTitle)
+			})
+		})
+		t.Run("File", func(t *testing.T) {
+			t.Run("Default branch", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				htmlTitle := GetHTMLTitle(t, nil, "/user2/repo59/src/branch/master/deep/nesting/folder/secret_sauce_recipe.txt")
+				assert.EqualValues(t, "repo59/deep/nesting/folder/secret_sauce_recipe.txt at master - user2/repo59 - Gitea: Git with a cup of tea", htmlTitle)
+			})
+			t.Run("Non-default branch", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				htmlTitle := GetHTMLTitle(t, nil, "/user2/repo59/src/branch/cake-recipe/deep/nesting/folder/secret_sauce_recipe.txt")
+				assert.EqualValues(t, "repo59/deep/nesting/folder/secret_sauce_recipe.txt at cake-recipe - user2/repo59 - Gitea: Git with a cup of tea", htmlTitle)
+			})
+			t.Run("Commit", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				htmlTitle := GetHTMLTitle(t, nil, "/user2/repo59/src/commit/d8f53dfb33f6ccf4169c34970b5e747511c18beb/deep/nesting/folder/secret_sauce_recipe.txt")
+				assert.EqualValues(t, "repo59/deep/nesting/folder/secret_sauce_recipe.txt at d8f53dfb33f6ccf4169c34970b5e747511c18beb - user2/repo59 - Gitea: Git with a cup of tea", htmlTitle)
+			})
+			t.Run("Tag", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				htmlTitle := GetHTMLTitle(t, nil, "/user2/repo59/src/tag/v1.0/deep/nesting/folder/secret_sauce_recipe.txt")
+				assert.EqualValues(t, "repo59/deep/nesting/folder/secret_sauce_recipe.txt at v1.0 - user2/repo59 - Gitea: Git with a cup of tea", htmlTitle)
+			})
+		})
+	})
+
+	t.Run("Issues view", func(t *testing.T) {
+		t.Run("Overview page", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			htmlTitle := GetHTMLTitle(t, nil, "/user2/repo1/issues")
+			assert.EqualValues(t, "Issues - user2/repo1 - Gitea: Git with a cup of tea", htmlTitle)
+		})
+		t.Run("View issue page", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			htmlTitle := GetHTMLTitle(t, nil, "/user2/repo1/issues/1")
+			assert.EqualValues(t, "#1 - issue1 - user2/repo1 - Gitea: Git with a cup of tea", htmlTitle)
+		})
+	})
+
+	t.Run("Pull requests view", func(t *testing.T) {
+		t.Run("Overview page", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			htmlTitle := GetHTMLTitle(t, nil, "/user2/repo1/pulls")
+			assert.EqualValues(t, "Pull Requests - user2/repo1 - Gitea: Git with a cup of tea", htmlTitle)
+		})
+		t.Run("View pull request", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			htmlTitle := GetHTMLTitle(t, nil, "/user2/repo1/pulls/2")
+			assert.EqualValues(t, "#2 - issue2 - user2/repo1 - Gitea: Git with a cup of tea", htmlTitle)
+		})
+	})
+}
+
 // TestViewFileInRepo repo description, topics and summary should not be displayed when viewing a file
 func TestViewFileInRepo(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()

From bf04ae86037f5cb5a81d02750aead2742b040367 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 18 Aug 2023 04:39:23 +0200
Subject: [PATCH 06/62] [GITEA] Add slow SQL query warning

- Databases are one of the most important parts of Forgejo, every
interaction with Forgejo uses the database in one way or another.
Therefore, it is important to maintain the database and recognize when
Forgejo is not doing well with the database. Forgejo already has the
option to log *every* SQL query along with its execution time, but
monitoring becomes impractical for larger instances and takes up
unnecessary storage in the logs.
- Add a QoL enhancement that allows instance administrators to specify a
threshold value beyond which query execution time is logged as a warning
in the xorm logger. The default value is a conservative five seconds to
avoid this becoming a source of spam in the logs.
- The use case for this patch is that with an instance the size of Codeberg, monitoring SQL logs is not very fruitful and most of them are uninteresting. Recently, in the context of persistent deadlock issues (https://codeberg.org/forgejo/forgejo/issues/220), I have noticed that certain queries hold locks on tables like comment and issue for several seconds. This patch helps to identify which queries these are and when they happen.
- Added unit test.

(cherry picked from commit 24bbe7886fb4cb9a38c8dab8c44f4c9cbfa25481)
(cherry picked from commit 6e29145b3c1455498531593d38e6a914941a12cb)
(cherry picked from commit 63731e30712872bd2395eb3cf36d9996e5793645)
(cherry picked from commit 3ce1a097369c132654de70df707b867e47bd1c40)
(cherry picked from commit a64426907de788cc0937a7a2b16af4d2f26f7fe6)
(cherry picked from commit 4b1921569156445c58d9889602733da5934c7b95)
(cherry picked from commit e6356744359fa947c049827d60c2ea0e277e03dc)
(cherry picked from commit 9cf501f1af4cd870221cef6af489618785b71186)
(cherry picked from commit 0d6b934eba1c0e9b27b364791113aae816b6b366)
(cherry picked from commit 4b6c2738795002887844a106f2fed2ef1673eed1)
(cherry picked from commit 89b1315338b0c7a726a36a84e9844013a13560b8)
(cherry picked from commit edd8e66ce991c395bb0af7720631c3cd26caaa51)

[GITEA] Add slow SQL query warning (squash) document the setting

(cherry picked from commit ce38599c5141c7fc6bc054819f5ff1c1b45bda1f)
(cherry picked from commit 794aa67c68c8e24ac7301eb7ef767c6e2499a78d)
(cherry picked from commit a4c2c6b004c21488e90f637ca7920f49108ed75d)
(cherry picked from commit 97912752bc802db79bb26a6591aec885aea30ee4)
(cherry picked from commit 00b5327c9750215a290238516e7b6fb1e6601e14)
(cherry picked from commit 1069c860e78c11225b4d74ff3044df7786562821)
(cherry picked from commit 84241f42c83852918b57c8bd25364697037fe42f)
(cherry picked from commit e4bda0e8457d00c01b83f153ed5a4a8ea4cf85c8)
(cherry picked from commit 7357fb91bff87045b133c3a7ac9fc70eea781bc4)
(cherry picked from commit a8dd7f6da278ae112200b5efa5bf27e3961f5996)
(cherry picked from commit e636e9f4beca7273dd8622baedb2f0c01db30449)
---
 custom/conf/app.example.ini                   |  4 ++
 .../config-cheat-sheet.en-us.md               |  1 +
 models/db/engine.go                           | 28 ++++++++++++++
 models/db/engine_test.go                      | 38 +++++++++++++++++++
 modules/setting/database.go                   |  2 +
 5 files changed, 73 insertions(+)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 93b3682151..e3eb87bcca 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -410,6 +410,10 @@ USER = root
 ;;
 ;; Whether execute database models migrations automatically
 ;AUTO_MIGRATION = true
+;;
+;; Threshold value (in seconds) beyond which query execution time is logged as a warning in the xorm logger
+;;
+;SLOW_QUERY_TRESHOLD = 5s
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md
index beaa8cfb30..7e5a37d02a 100644
--- a/docs/content/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/administration/config-cheat-sheet.en-us.md
@@ -455,6 +455,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `MAX_IDLE_CONNS` **2**: Max idle database connections on connection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
 - `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
 - `AUTO_MIGRATION` **true**: Whether execute database models migrations automatically.
+- `SLOW_QUERY_TRESHOLD` **5s**: Threshold value in seconds beyond which query execution time is logged as a warning in the xorm logger.
 
 [^1]: It may be necessary to specify a hostport even when listening on a unix socket, as the port is part of the socket name. see [#24552](https://github.com/go-gitea/gitea/issues/24552#issuecomment-1681649367) for additional details.
 
diff --git a/models/db/engine.go b/models/db/engine.go
index 8c84a2688c..6591b496d6 100755
--- a/models/db/engine.go
+++ b/models/db/engine.go
@@ -11,10 +11,13 @@ import (
 	"io"
 	"reflect"
 	"strings"
+	"time"
 
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 
 	"xorm.io/xorm"
+	"xorm.io/xorm/contexts"
 	"xorm.io/xorm/names"
 	"xorm.io/xorm/schemas"
 
@@ -144,6 +147,13 @@ func InitEngine(ctx context.Context) error {
 	xormEngine.SetConnMaxLifetime(setting.Database.ConnMaxLifetime)
 	xormEngine.SetDefaultContext(ctx)
 
+	if setting.Database.SlowQueryTreshold > 0 {
+		xormEngine.AddHook(&SlowQueryHook{
+			Treshold: setting.Database.SlowQueryTreshold,
+			Logger:   log.GetLogger("xorm"),
+		})
+	}
+
 	SetDefaultEngine(ctx, xormEngine)
 	return nil
 }
@@ -297,3 +307,21 @@ func SetLogSQL(ctx context.Context, on bool) {
 		sess.Engine().ShowSQL(on)
 	}
 }
+
+type SlowQueryHook struct {
+	Treshold time.Duration
+	Logger   log.Logger
+}
+
+var _ contexts.Hook = &SlowQueryHook{}
+
+func (SlowQueryHook) BeforeProcess(c *contexts.ContextHook) (context.Context, error) {
+	return c.Ctx, nil
+}
+
+func (h *SlowQueryHook) AfterProcess(c *contexts.ContextHook) error {
+	if c.ExecuteTime >= h.Treshold {
+		h.Logger.Log(8, log.WARN, "[Slow SQL Query] %s %v - %v", c.SQL, c.Args, c.ExecuteTime)
+	}
+	return nil
+}
diff --git a/models/db/engine_test.go b/models/db/engine_test.go
index c9ae5f1542..ba922821b0 100644
--- a/models/db/engine_test.go
+++ b/models/db/engine_test.go
@@ -6,15 +6,19 @@ package db_test
 import (
 	"path/filepath"
 	"testing"
+	"time"
 
 	"code.gitea.io/gitea/models/db"
 	issues_model "code.gitea.io/gitea/models/issues"
 	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
 
 	_ "code.gitea.io/gitea/cmd" // for TestPrimaryKeys
 
 	"github.com/stretchr/testify/assert"
+	"xorm.io/xorm"
 )
 
 func TestDumpDatabase(t *testing.T) {
@@ -85,3 +89,37 @@ func TestPrimaryKeys(t *testing.T) {
 		}
 	}
 }
+
+func TestSlowQuery(t *testing.T) {
+	lc, cleanup := test.NewLogChecker("slow-query")
+	lc.StopMark("[Slow SQL Query]")
+	defer cleanup()
+
+	e := db.GetEngine(db.DefaultContext)
+	engine, ok := e.(*xorm.Engine)
+	assert.True(t, ok)
+
+	// It's not possible to clean this up with XORM, but it's luckily not harmful
+	// to leave around.
+	engine.AddHook(&db.SlowQueryHook{
+		Treshold: time.Second * 10,
+		Logger:   log.GetLogger("slow-query"),
+	})
+
+	// NOOP query.
+	e.Exec("SELECT 1 WHERE false;")
+
+	_, stopped := lc.Check(100 * time.Millisecond)
+	assert.False(t, stopped)
+
+	engine.AddHook(&db.SlowQueryHook{
+		Treshold: 0, // Every query should be logged.
+		Logger:   log.GetLogger("slow-query"),
+	})
+
+	// NOOP query.
+	e.Exec("SELECT 1 WHERE false;")
+
+	_, stopped = lc.Check(100 * time.Millisecond)
+	assert.True(t, stopped)
+}
diff --git a/modules/setting/database.go b/modules/setting/database.go
index b68f250f78..b789611319 100644
--- a/modules/setting/database.go
+++ b/modules/setting/database.go
@@ -44,6 +44,7 @@ var (
 		ConnMaxLifetime   time.Duration
 		IterateBufferSize int
 		AutoMigration     bool
+		SlowQueryTreshold time.Duration
 	}{
 		Timeout:           500,
 		IterateBufferSize: 50,
@@ -86,6 +87,7 @@ func loadDBSetting(rootCfg ConfigProvider) {
 	Database.DBConnectRetries = sec.Key("DB_RETRIES").MustInt(10)
 	Database.DBConnectBackoff = sec.Key("DB_RETRY_BACKOFF").MustDuration(3 * time.Second)
 	Database.AutoMigration = sec.Key("AUTO_MIGRATION").MustBool(true)
+	Database.SlowQueryTreshold = sec.Key("SLOW_QUERY_TRESHOLD").MustDuration(5 * time.Second)
 }
 
 // DBConnStr returns database connection string

From ffef2231fb4abbee684a4ff7a51988d4977c3fe3 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 18 Aug 2023 15:18:23 +0200
Subject: [PATCH 07/62] [GITEA] Use vertical tabs on issue filters

- This is actually https://github.com/go-gitea/gitea/pull/19978 &
https://github.com/go-gitea/gitea/pull/19486 but was removed in one of
the UI refactors of v1.20
- This is a very technical fix and is best explained in the CSS
comments. But the short version: When there's an overflow being set, but
you want an element to 'break out' of that overflow with `position:
absolute`, it sometimes doesn't work! You need to set some CSS to let
the browser know that the element needs to use an element outside of
that overflow as 'clip parent'.
- Resolves my internal frustration with the mobile UI constantly getting broken.

(cherry picked from commit 879f842bed999190506e1d60508e7aede1a4be21)
(cherry picked from commit 6099c9b41b9a135fb14b41304459056050abbbe2)
(cherry picked from commit 0749d00b160033de0457e17baa1e000e68810d94)
(cherry picked from commit ec6a5428a7f05d8e6d2e8a6c476b2b9d35656b0f)
(cherry picked from commit 9d0bee784d387fac026d3dcc09f10e496a99a7c5)
(cherry picked from commit 61d6ae48828cb83ca3668a28ba8ddcb7fcb471d5)
(cherry picked from commit 8b3f3639b60ac6f3de8f9fcd83ac7a48bbd659f0)
(cherry picked from commit 2c600ddb2c3e76598b9bdbd58026ab76d7590470)
(cherry picked from commit 960a9786ef62eb8664bca129e9d4fae22e98f378)
(cherry picked from commit b194354c3b489879b10774174cc91a6915b43abc)
(cherry picked from commit 8e7915ee8c7061474b821f2275d11344b06bb9df)
(cherry picked from commit ba82b0c6fe217c44140b75f0afb0c92186460b23)
(cherry picked from commit b2dfb233a8f9c6d1ea82cd11891de20e02aed22b)
(cherry picked from commit ff3ec7f612c5c1cc743862e03a59c5fadd369401)
(cherry picked from commit ef01240cc7344d309a13d19a5e5d6a723c5c4557)
(cherry picked from commit 7778b5bb1019619cd0ed25ef6a0aad37ae978185)
(cherry picked from commit 5f949b1b07ff57a4fc17438ea44523e2f3a489f8)
(cherry picked from commit b3872096907177ee0226011ff181b80003be9c96)
(cherry picked from commit 5d7e3a542effdfe04ed906868eeebfbff8270ee4)
---
 web_src/css/repo/issue-list.css | 35 +++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/web_src/css/repo/issue-list.css b/web_src/css/repo/issue-list.css
index d2f8e429f5..15ea70bbc9 100644
--- a/web_src/css/repo/issue-list.css
+++ b/web_src/css/repo/issue-list.css
@@ -17,10 +17,6 @@
 }
 
 @media (max-width: 767.98px) {
-  .issue-list-toolbar-right .dropdown .menu {
-    left: auto !important;
-    right: auto !important;
-  }
   .issue-list-navbar {
     order: 0;
   }
@@ -31,6 +27,37 @@
   .issue-list-search {
     order: 2 !important;
   }
+  /* Don't use flex wrap on mobile as it takes too much vertical space.
+   * Only set overflow properties on mobile screens, because while the
+   * CSS trick to pop out from overflowing works on desktop screen, it
+   * has a massive flaw that it cannot inherited any max width from it's 'real'
+   * parent and therefor ends up taking more vertical space than is desired.
+   **/
+  .issue-list-toolbar-right .filter.menu {
+    flex-wrap: nowrap;
+    overflow-x: auto;
+    overflow-y: hidden;
+  }
+
+  /* The following few CSS was created with care and built with the information
+   * from CSS-Tricks: https://css-tricks.com/popping-hidden-overflow/
+  */
+
+  /* It's important that every element up to .issue-list-toolbar-right doesn't
+   * have a position set, such that element that wants to pop out will use
+   * .issue-list-toolbar-right as 'clip parent' and thereby avoids the
+   * overflow-y: hidden.
+  */
+  .issue-list-toolbar-right .filter.menu > .dropdown.item {
+    position: initial;
+  }
+  /* It's important that this element and not an child has `position` set.
+   * Set width so that overflow-x knows where to stop overflowing.
+  */
+  .issue-list-toolbar-right {
+    position: relative;
+    width: 100%;
+  }
 }
 
 #issue-list .flex-item-title .labels-list {

From f81cfdc9357da67715ab369a3041fbb42028125f Mon Sep 17 00:00:00 2001
From: zareck <cassiomilczareck@gmail.com>
Date: Sun, 20 Aug 2023 11:16:30 -0300
Subject: [PATCH 08/62] [GITEA] add GitHub repo migration test

Signed-off-by: zareck <cassiomilczareck@gmail.com>
(cherry picked from commit f48e3ff0db027c6420446c0bab3089d9a46194a8)

Removing comments and make command

(cherry picked from commit 7664a423a5abf051383374b4156857e83faee7c0)
(cherry picked from commit b2fb43536424f90373fdc177bd2c79c374efd2be)
(cherry picked from commit 0a24a819a9561c8355adb00b7b202438c5c1bc1a)
(cherry picked from commit 155cc19f75662998fcb2a1a08e345e0724437a58)
(cherry picked from commit 223537f71a05107d69eb5edb8d62d40e5fac5fee)
(cherry picked from commit ffbe2970cc7a778bfbcd9a93cc03bbc4bce38897)
(cherry picked from commit 836836bd73a5635ee13b032d1600e7da842db42c)
(cherry picked from commit 6b66fe449d5ee409ae5590ad08cdf46b7dfe8aa9)
(cherry picked from commit a3933d9c3abd14e74d4c8c41ad5824ba34c0424a)
(cherry picked from commit f1a49065f241886a9edc101ae360bf8b691fa400)
(cherry picked from commit 63f4935e7de1901082afec0bec0a7997fd158dbb)
(cherry picked from commit a1acdd76e6c41825ceb18445baacee1e8e627b3e)
(cherry picked from commit 7f902568043e54d7059e031b0d8ccdb504837891)
(cherry picked from commit 73620b0e8e01e7c52c9dff1097932b7bf1426be9)
(cherry picked from commit 587540c818e6a8190c0742e1906e35be94207143)
(cherry picked from commit 434d5366aca58383a12b22ac49797d5a54042b64)
(cherry picked from commit e80e193af4f30726278cad43a627ca268517d584)
(cherry picked from commit eb9be4cee6f53352cb18536dde945e1fb922ef4d)
---
 tests/integration/repo_migrate_test.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/tests/integration/repo_migrate_test.go b/tests/integration/repo_migrate_test.go
index 91e2961d6d..9fb7a73379 100644
--- a/tests/integration/repo_migrate_test.go
+++ b/tests/integration/repo_migrate_test.go
@@ -15,8 +15,8 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func testRepoMigrate(t testing.TB, session *TestSession, cloneAddr, repoName string) *httptest.ResponseRecorder {
-	req := NewRequest(t, "GET", fmt.Sprintf("/repo/migrate?service_type=%d", structs.PlainGitService)) // render plain git migration page
+func testRepoMigrate(t testing.TB, session *TestSession, cloneAddr, repoName string, service structs.GitServiceType) *httptest.ResponseRecorder {
+	req := NewRequest(t, "GET", fmt.Sprintf("/repo/migrate?service_type=%d", service)) // render plain git migration page
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc := NewHTMLParser(t, resp.Body)
 
@@ -31,7 +31,7 @@ func testRepoMigrate(t testing.TB, session *TestSession, cloneAddr, repoName str
 		"clone_addr": cloneAddr,
 		"uid":        uid,
 		"repo_name":  repoName,
-		"service":    fmt.Sprintf("%d", structs.PlainGitService),
+		"service":    fmt.Sprintf("%d", service),
 	})
 	resp = session.MakeRequest(t, req, http.StatusSeeOther)
 
@@ -41,5 +41,17 @@ func testRepoMigrate(t testing.TB, session *TestSession, cloneAddr, repoName str
 func TestRepoMigrate(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	session := loginUser(t, "user2")
-	testRepoMigrate(t, session, "https://github.com/go-gitea/test_repo.git", "git")
+	for _, s := range []struct {
+		testName  string
+		cloneAddr string
+		repoName  string
+		service   structs.GitServiceType
+	}{
+		{"TestMigrateGithub", "https://github.com/go-gitea/test_repo.git", "git", structs.PlainGitService},
+		{"TestMigrateGithub", "https://github.com/go-gitea/test_repo.git", "github", structs.GithubService},
+	} {
+		t.Run(s.testName, func(t *testing.T) {
+			testRepoMigrate(t, session, s.cloneAddr, s.repoName, s.service)
+		})
+	}
 }

From b6a9826552aba33a0b854fa24e672ebba7ddcd84 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Wed, 30 Aug 2023 15:21:18 +0200
Subject: [PATCH 09/62] [GITEA] [picture].*AVATAR_UPLOAD_PATH is legacy

(cherry picked from commit cb4cc01825458752efe01628f705b4f8676e49a2)
(cherry picked from commit bef11d61318a462e34202f78fad7f883b0756a88)
(cherry picked from commit 077b1c52b6e330a66aa55c4e29562278e94026d1)
(cherry picked from commit aff7aa08587855b71495fa52c301d653a42da38f)
(cherry picked from commit d2f8f6eacbc669a3ae800304f0f8b3f5a11e1a11)
(cherry picked from commit 476bd3c4910d15fe7e5f68abc304fd4e3166edaa)
(cherry picked from commit 2b39e973be4e72b20f26a40aed894b67371f563f)
(cherry picked from commit 822f25de53ed9afaba3d6d8a2200a717fde189db)
(cherry picked from commit ed941b0e60a0eede499e71d9024e8240cc3a9cb8)
(cherry picked from commit ac6c5ddb2ae39cece4f676ecc0ef3a39bc0866ba)
(cherry picked from commit 52b8e33612304ebe704c991c787fc5be7439503b)
(cherry picked from commit 1c7d1427d25fec5f8180ebf3b22a707985b040ee)
(cherry picked from commit 1caa855c6de3895aad691e04979e0a78c9d08fcb)
(cherry picked from commit 55a04f5a9a741c5dba5cb1300c95dc24fae19e9c)
(cherry picked from commit 31124e8818acc1ca44ae1cf871356705afd27f19)
(cherry picked from commit 9415f18e70dab101f41f53e736bfa26059da9c6f)
(cherry picked from commit 358222a7d333693caa95f5ad2e064cab5f49e820)
---
 custom/conf/app.example.ini | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index e3eb87bcca..3f3a850f1b 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1779,9 +1779,6 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;AVATAR_UPLOAD_PATH = data/avatars
-;REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
-;;
 ;; How Gitea deals with missing repository avatars
 ;; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
 ;REPOSITORY_AVATAR_FALLBACK = none

From 367374ecc3832bb47d29ff79370103f907d0ca99 Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Thu, 7 Sep 2023 07:11:29 +0000
Subject: [PATCH 10/62] [GITEA] notifies admins on new user registration

Sends email with information on the new user (time of creation and time of last sign-in) and a link to manage the new user from the admin panel

closes: https://codeberg.org/forgejo/forgejo/issues/480

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1371
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit c721aa828ba6aec5ef95459cfc632a0a1f7463e9)
(cherry picked from commit 6487efcb9da61be1f802f1cd8007330153322770)

Conflicts:
	modules/notification/base/notifier.go
	modules/notification/base/null.go
	modules/notification/notification.go
	https://codeberg.org/forgejo/forgejo/pulls/1422
(cherry picked from commit 7ea66ee1c5dd21d9e6a43f961e8adc71ec79b806)

Conflicts:
	services/notify/notifier.go
	services/notify/notify.go
	services/notify/null.go
	https://codeberg.org/forgejo/forgejo/pulls/1469
(cherry picked from commit 7d2d9970115c94954dacb45684f9e3c16117ebfe)
(cherry picked from commit 435a54f14039408b315c99063bdce28c7ef6fe2f)
(cherry picked from commit 8ec7b3e4484383445fa2622a28bb4f5c990dd4f2)

[GITEA] notifies admins on new user registration (squash) performance bottleneck

Refs: https://codeberg.org/forgejo/forgejo/issues/1479
(cherry picked from commit 97ac9147ff3643cca0a059688c6b3c53479e28a7)
(cherry picked from commit 19f295c16bd392aa438477fa3c42038d63d1a06a)
(cherry picked from commit 3367dcb2cf5328e2afc89f7d5a008b64ede1c987)

[GITEA] notifies admins on new user registration (squash) cosmetic changes

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 9f1670e040b469ed4346aa2689a75088e4e71c8b)
(cherry picked from commit de5bb2a224ab2ae9be891de1ee88a7454a07f7e9)
(cherry picked from commit 8f8e52f31a4da080465521747a2c5c0c51ed65e3)
(cherry picked from commit e0d51303129fe8763d87ed5f859eeae8f0cc6188)
(cherry picked from commit f1288d6d9bfc9150596cb2f7ddb7300cf7ab6952)
(cherry picked from commit 1db4736fd7cd75027f3cdf805e0f86c3a5f69c9d)
(cherry picked from commit e8dcbb6cd68064209cdbe054d5886710cbe2925d)
(cherry picked from commit 09625d647629b85397270e14dfe22258df2bcc43)

[GITEA] notifies admins on new user registration (squash) ctx.Locale

(cherry picked from commit dab7212fad44a252a1acf8da71b254b1a6715121)
(cherry picked from commit 9b7bbae8c4cd5dc4d36726f10870462c8985e543)
(cherry picked from commit f750b71d3db9a24dc2722effb8bbc2dded657cbb)
(cherry picked from commit f79af366796a8ab581bbfa1f5609dc721798ae68)
(cherry picked from commit e76eee334e446a45d841caf19a7c18eab89ca457)

[GITEA] notifies admins on new user registration (squash) fix locale

(cherry picked from commit 54cd100d8da37ccb0a545e2545995066f92180f0)
(cherry picked from commit 053dbd3d50d3c7d1afae8d31c25bda92ceb8f8c0)

[GITEA] notifies admins on new user registration (squash) fix URL

1. Use absolute URL in the admin panel link sent on new registrations
2. Include absolute URL of the newly signed-up user's profile.

New email looks like this:

<details><summary>Please click to expand</summary>

```
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

User Information: @realaravinth ( http://localhost:3000/realaravinth )
----------------------------------------------------------------------

* Created: 2023-12-13 19:36:50 +05:30

Please click here ( http://localhost:3000/admin/users/9 ) to manage the use=
r from the admin panel.
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
	<title>New user realaravinth just signed up</title>

	<style>
		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid gre=
y; color: #777}
		.footer { font-size:small; color:#666;}
	</style>

</head>

<body>
	<ul>
		<h3>User Information: <a href=3D"http://localhost:3000/realaravinth">@rea=
laravinth</a></h3>
		<li>Created: <relative-time format=3D"datetime" weekday=3D"" year=3D"nume=
ric" month=3D"short" day=3D"numeric" hour=3D"numeric" minute=3D"numeric" se=
cond=3D"numeric" datetime=3D"2023-12-13T19:36:50+05:30">2023-12-13 19:36:50=
 +05:30</relative-time></li>
	</ul>
	<p> Please <a href=3D"http://localhost:3000/admin/users/9" rel=3D"nofollow=
">click here</a> to manage the user from the admin panel. </p>
</body>
</html>

--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770--
```

</details>

fixes: https://codeberg.org/forgejo/forgejo/issues/1927
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1940
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit b8d764e36a0cd8e60627805f87b84bb04152e9c1)
(cherry picked from commit d48b84f623e369222e5e15965f22e27d74ff4243)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 02d3c125ccc97638849af33c7df315cbcb368127)
---
 custom/conf/app.example.ini                   |  2 +
 .../config-cheat-sheet.en-us.md               |  1 +
 models/user/user.go                           |  6 ++
 models/user/user_test.go                      | 10 ++
 modules/setting/admin.go                      |  5 +-
 options/locale/locale_en-US.ini               |  4 +
 routers/web/auth/auth.go                      |  2 +
 services/mailer/mail_admin_new_user.go        | 81 +++++++++++++++
 services/mailer/mail_admin_new_user_test.go   | 98 +++++++++++++++++++
 services/mailer/notify.go                     |  4 +
 services/notify/notifier.go                   |  2 +
 services/notify/notify.go                     |  7 ++
 services/notify/null.go                       |  3 +
 templates/mail/notify/admin_new_user.tmpl     | 21 ++++
 14 files changed, 244 insertions(+), 2 deletions(-)
 create mode 100644 services/mailer/mail_admin_new_user.go
 create mode 100644 services/mailer/mail_admin_new_user_test.go
 create mode 100644 templates/mail/notify/admin_new_user.tmpl

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 3f3a850f1b..f9ef78be9e 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1470,6 +1470,8 @@ LEVEL = Info
 ;;
 ;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
 ;DEFAULT_EMAIL_NOTIFICATIONS = enabled
+;; Send an email to all admins when a new user signs up to inform the admins about this act. Options: true, false
+;SEND_NOTIFICATION_EMAIL_ON_NEW_USER = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/docs/content/administration/config-cheat-sheet.en-us.md b/docs/content/administration/config-cheat-sheet.en-us.md
index 7e5a37d02a..278335dab0 100644
--- a/docs/content/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/administration/config-cheat-sheet.en-us.md
@@ -515,6 +515,7 @@ And the following unique queues:
 
 - `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
 - `DISABLE_REGULAR_ORG_CREATION`: **false**: Disallow regular (non-admin) users from creating organizations.
+- `SEND_NOTIFICATION_EMAIL_ON_NEW_USER`: **false**: Send an email to all admins when a new user signs up to inform the admins about this act.
 
 ## Security (`security`)
 
diff --git a/models/user/user.go b/models/user/user.go
index b1c46c14c9..1d0d17e886 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -223,6 +223,12 @@ func GetAllUsers(ctx context.Context) ([]*User, error) {
 	return users, db.GetEngine(ctx).OrderBy("id").Where("type = ?", UserTypeIndividual).Find(&users)
 }
 
+// GetAllAdmins returns a slice of all adminusers found in DB.
+func GetAllAdmins(ctx context.Context) ([]*User, error) {
+	users := make([]*User, 0)
+	return users, db.GetEngine(ctx).OrderBy("id").Where("type = ?", UserTypeIndividual).And("is_admin = ?", true).Find(&users)
+}
+
 // IsLocal returns true if user login type is LoginPlain.
 func (u *User) IsLocal() bool {
 	return u.LoginType <= auth.Plain
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 971117482c..fed2cb2c48 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -544,3 +544,13 @@ func Test_ValidateUser(t *testing.T) {
 		assert.EqualValues(t, expected, err == nil, fmt.Sprintf("case: %+v", kase))
 	}
 }
+
+func TestGetAllAdmins(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	admins, err := user_model.GetAllAdmins(db.DefaultContext)
+	assert.NoError(t, err)
+
+	assert.Len(t, admins, 1)
+	assert.Equal(t, int64(1), admins[0].ID)
+}
diff --git a/modules/setting/admin.go b/modules/setting/admin.go
index 2d2dd26de9..d7f0ee827d 100644
--- a/modules/setting/admin.go
+++ b/modules/setting/admin.go
@@ -5,8 +5,9 @@ package setting
 
 // Admin settings
 var Admin struct {
-	DisableRegularOrgCreation bool
-	DefaultEmailNotification  string
+	DisableRegularOrgCreation      bool
+	DefaultEmailNotification       string
+	SendNotificationEmailOnNewUser bool
 }
 
 func loadAdminFrom(rootCfg ConfigProvider) {
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 947a7dd3c9..7720bb6764 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -440,6 +440,10 @@ activate_email = Verify your email address
 activate_email.title = %s, please verify your email address
 activate_email.text = Please click the following link to verify your email address within <b>%s</b>:
 
+admin.new_user.subject = New user %s just signed up
+admin.new_user.user_info = User Information
+admin.new_user.text = Please <a href="%s">click here</a> to manage the user from the admin panel.
+
 register_notify = Welcome to Gitea
 register_notify.title = %[1]s, welcome to %[2]s
 register_notify.text_1 = this is your registration confirmation email for %s!
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index a8f8d1bbe1..536c9b2087 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -32,6 +32,7 @@ import (
 	"code.gitea.io/gitea/services/externalaccount"
 	"code.gitea.io/gitea/services/forms"
 	"code.gitea.io/gitea/services/mailer"
+	notify_service "code.gitea.io/gitea/services/notify"
 
 	"github.com/markbates/goth"
 )
@@ -600,6 +601,7 @@ func handleUserCreated(ctx *context.Context, u *user_model.User, gothUser *goth.
 		}
 	}
 
+	notify_service.NewUserSignUp(ctx, u)
 	// update external user information
 	if gothUser != nil {
 		if err := externalaccount.UpdateExternalUser(ctx, u, *gothUser); err != nil {
diff --git a/services/mailer/mail_admin_new_user.go b/services/mailer/mail_admin_new_user.go
new file mode 100644
index 0000000000..e9610e626a
--- /dev/null
+++ b/services/mailer/mail_admin_new_user.go
@@ -0,0 +1,81 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+package mailer
+
+import (
+	"bytes"
+	"context"
+	"strconv"
+
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/templates"
+	"code.gitea.io/gitea/modules/translation"
+)
+
+const (
+	tplNewUserMail base.TplName = "notify/admin_new_user"
+)
+
+var sa = SendAsync
+
+// MailNewUser sends notification emails on new user registrations to all admins
+func MailNewUser(ctx context.Context, u *user_model.User) {
+	if !setting.Admin.SendNotificationEmailOnNewUser {
+		return
+	}
+
+	if setting.MailService == nil {
+		// No mail service configured
+		return
+	}
+
+	recipients, err := user_model.GetAllAdmins(ctx)
+	if err != nil {
+		log.Error("user_model.GetAllAdmins: %v", err)
+		return
+	}
+
+	langMap := make(map[string][]string)
+	for _, r := range recipients {
+		langMap[r.Language] = append(langMap[r.Language], r.Email)
+	}
+
+	for lang, tos := range langMap {
+		mailNewUser(ctx, u, lang, tos)
+	}
+}
+
+func mailNewUser(ctx context.Context, u *user_model.User, lang string, tos []string) {
+	locale := translation.NewLocale(lang)
+
+	manageUserURL := setting.AppURL + "admin/users/" + strconv.FormatInt(u.ID, 10)
+	subject := locale.Tr("mail.admin.new_user.subject", u.Name)
+	body := locale.Tr("mail.admin.new_user.text", manageUserURL)
+	mailMeta := map[string]any{
+		"NewUser":    u,
+		"NewUserUrl": u.HTMLURL(),
+		"Subject":    subject,
+		"Body":       body,
+		"Language":   locale.Language(),
+		"Locale":     locale,
+		"Str2html":   templates.Str2html,
+	}
+
+	var mailBody bytes.Buffer
+
+	if err := bodyTemplates.ExecuteTemplate(&mailBody, string(tplNewUserMail), mailMeta); err != nil {
+		log.Error("ExecuteTemplate [%s]: %v", string(tplNewUserMail)+"/body", err)
+		return
+	}
+
+	msgs := make([]*Message, 0, len(tos))
+	for _, to := range tos {
+		msg := NewMessage(to, subject, mailBody.String())
+		msg.Info = subject
+		msgs = append(msgs, msg)
+	}
+	sa(msgs...)
+}
diff --git a/services/mailer/mail_admin_new_user_test.go b/services/mailer/mail_admin_new_user_test.go
new file mode 100644
index 0000000000..be6ecd9791
--- /dev/null
+++ b/services/mailer/mail_admin_new_user_test.go
@@ -0,0 +1,98 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package mailer
+
+import (
+	"context"
+	"strconv"
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/translation"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func getTestUsers(t *testing.T) []*user_model.User {
+	t.Helper()
+	admin := new(user_model.User)
+	admin.Name = "testadmin"
+	admin.IsAdmin = true
+	admin.Language = "en_US"
+	admin.Email = "admin@example.com"
+	require.NoError(t, user_model.CreateUser(db.DefaultContext, admin))
+
+	newUser := new(user_model.User)
+	newUser.Name = "new_user"
+	newUser.Language = "en_US"
+	newUser.IsAdmin = false
+	newUser.Email = "new_user@example.com"
+	newUser.LastLoginUnix = 1693648327
+	newUser.CreatedUnix = 1693648027
+	require.NoError(t, user_model.CreateUser(db.DefaultContext, newUser))
+
+	return []*user_model.User{admin, newUser}
+}
+
+func cleanUpUsers(ctx context.Context, users []*user_model.User) {
+	for _, u := range users {
+		db.DeleteByID(ctx, u.ID, new(user_model.User))
+	}
+}
+
+func TestAdminNotificationMail_test(t *testing.T) {
+	translation.InitLocales(context.Background())
+	locale := translation.NewLocale("")
+	key := "mail.admin.new_user.user_info"
+	translatedKey := locale.Tr(key)
+	require.NotEqualValues(t, key, translatedKey)
+
+	mailService := setting.Mailer{
+		From:     "test@example.com",
+		Protocol: "dummy",
+	}
+
+	setting.MailService = &mailService
+
+	// test with SEND_NOTIFICATION_EMAIL_ON_NEW_USER enabled
+	setting.Admin.SendNotificationEmailOnNewUser = true
+
+	ctx := context.Background()
+	NewContext(ctx)
+
+	users := getTestUsers(t)
+	oldSendAsync := sa
+	defer func() {
+		sa = oldSendAsync
+		cleanUpUsers(ctx, users)
+	}()
+
+	called := false
+	sa = func(msgs ...*Message) {
+		assert.Equal(t, len(msgs), 1, "Test provides only one admin user, so only one email must be sent")
+		assert.Equal(t, msgs[0].To, users[0].Email, "checks if the recipient is the admin of the instance")
+		manageUserURL := setting.AppURL + "admin/users/" + strconv.FormatInt(users[1].ID, 10)
+		assert.Contains(t, msgs[0].Body, manageUserURL)
+		assert.Contains(t, msgs[0].Body, users[1].HTMLURL())
+		assert.Contains(t, msgs[0].Body, translatedKey, "the .Locale translates to nothing")
+		assert.Contains(t, msgs[0].Body, users[1].Name, "user name of the newly created user")
+		for _, untranslated := range []string{"mail.admin", "admin.users"} {
+			assert.NotContains(t, msgs[0].Body, untranslated, "this is an untranslated placeholder prefix")
+		}
+		called = true
+	}
+	MailNewUser(ctx, users[1])
+	assert.True(t, called)
+
+	// test with SEND_NOTIFICATION_EMAIL_ON_NEW_USER disabled; emails shouldn't be sent
+	setting.Admin.SendNotificationEmailOnNewUser = false
+	sa = func(msgs ...*Message) {
+		assert.Equal(t, 1, 0, "this shouldn't execute. MailNewUser must exit early since SEND_NOTIFICATION_EMAIL_ON_NEW_USER is disabled")
+	}
+
+	MailNewUser(ctx, users[1])
+}
diff --git a/services/mailer/notify.go b/services/mailer/notify.go
index cc4e6baf0b..5c6e635b7a 100644
--- a/services/mailer/notify.go
+++ b/services/mailer/notify.go
@@ -202,3 +202,7 @@ func (m *mailNotifier) RepoPendingTransfer(ctx context.Context, doer, newOwner *
 		log.Error("SendRepoTransferNotifyMail: %v", err)
 	}
 }
+
+func (m *mailNotifier) NewUserSignUp(ctx context.Context, newUser *user_model.User) {
+	MailNewUser(ctx, newUser)
+}
diff --git a/services/notify/notifier.go b/services/notify/notifier.go
index ed053a812a..3230a5e5f5 100644
--- a/services/notify/notifier.go
+++ b/services/notify/notifier.go
@@ -59,6 +59,8 @@ type Notifier interface {
 	EditWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, page, comment string)
 	DeleteWikiPage(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, page string)
 
+	NewUserSignUp(ctx context.Context, newUser *user_model.User)
+
 	NewRelease(ctx context.Context, rel *repo_model.Release)
 	UpdateRelease(ctx context.Context, doer *user_model.User, rel *repo_model.Release)
 	DeleteRelease(ctx context.Context, doer *user_model.User, rel *repo_model.Release)
diff --git a/services/notify/notify.go b/services/notify/notify.go
index 16fbb6325d..9cb329d302 100644
--- a/services/notify/notify.go
+++ b/services/notify/notify.go
@@ -347,6 +347,13 @@ func RepoPendingTransfer(ctx context.Context, doer, newOwner *user_model.User, r
 	}
 }
 
+// NewUserSignUp notifies about a newly signed up user to notifiers
+func NewUserSignUp(ctx context.Context, newUser *user_model.User) {
+	for _, notifier := range notifiers {
+		notifier.NewUserSignUp(ctx, newUser)
+	}
+}
+
 // PackageCreate notifies creation of a package to notifiers
 func PackageCreate(ctx context.Context, doer *user_model.User, pd *packages_model.PackageDescriptor) {
 	for _, notifier := range notifiers {
diff --git a/services/notify/null.go b/services/notify/null.go
index dddd421bef..894d118eac 100644
--- a/services/notify/null.go
+++ b/services/notify/null.go
@@ -197,6 +197,9 @@ func (*NullNotifier) SyncDeleteRef(ctx context.Context, doer *user_model.User, r
 func (*NullNotifier) RepoPendingTransfer(ctx context.Context, doer, newOwner *user_model.User, repo *repo_model.Repository) {
 }
 
+func (*NullNotifier) NewUserSignUp(ctx context.Context, newUser *user_model.User) {
+}
+
 // PackageCreate places a place holder function
 func (*NullNotifier) PackageCreate(ctx context.Context, doer *user_model.User, pd *packages_model.PackageDescriptor) {
 }
diff --git a/templates/mail/notify/admin_new_user.tmpl b/templates/mail/notify/admin_new_user.tmpl
new file mode 100644
index 0000000000..34d1584f60
--- /dev/null
+++ b/templates/mail/notify/admin_new_user.tmpl
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+	<title>{{.Subject}}</title>
+
+	<style>
+		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid grey; color: #777}
+		.footer { font-size:small; color:#666;}
+	</style>
+
+</head>
+
+<body>
+	<ul>
+		<h3>{{.Locale.Tr "mail.admin.new_user.user_info" | Str2html}}: <a href="{{.NewUserUrl}}">@{{.NewUser.Name}}</a></h3>
+		<li>{{.Locale.Tr "admin.users.created" | Str2html}}: {{DateTime "full" .NewUser.CreatedUnix}}</li>
+	</ul>
+	<p> {{.Body | Str2html}} </p>
+</body>
+</html>

From a9813744d4e1e08a0229a4749e6fca7d9a4d1de6 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Wed, 13 Sep 2023 01:08:37 +0200
Subject: [PATCH 11/62] [GITEA] Tidy up archive modal

- Make it consistent with the other modals of the dangerous actions.

(cherry picked from commit 576d7ec759baefd2382d565212c3168e38bbdd75)
(cherry picked from commit 8b1225f9742cc0d3942824895923cbc8e9d49d04)
(cherry picked from commit c2c47972ee492686842b1623f9fe941a0e599f0a)
(cherry picked from commit eec301806b925388585546edc6407e3f6d644f44)
(cherry picked from commit 6b5e728f0aaa87e2711c1c2d2111446fc412e0ca)
(cherry picked from commit 3681691e65a73ef59205b066320c9ce58d4d80e4)
(cherry picked from commit e39dfa550d691ff73a05a507d4cb2fd073940088)
(cherry picked from commit 0c78c8c5ac6970495cde3e2737ed05b200e02f5a)
(cherry picked from commit 661cf72db07039abde51e03dc43a89e240cebae0)

[GITEA] Tidy up archive modal (squash) ctx.Locale

(cherry picked from commit 4bb6ee71f0f0a45d70fed048444f0b1ae0f4ded0)
(cherry picked from commit ddafd8fbe3fca0469d846aa4b65ed53675f2304e)
(cherry picked from commit 9467a6915fe362057958982e7fb381f1cf5d9c98)
(cherry picked from commit e632b10380bb00ffddd6e917ab150515a5c6d251)
(cherry picked from commit 6609d075914a5d897afa59924f9e16b7a9710501)
(cherry picked from commit c130b8a09a6f5a1fcc71fc0bbbb7738ca70774ec)
(cherry picked from commit 1080de57542b4685d849ebb6bc4d900a770a22a8)
---
 templates/repo/settings/options.tmpl | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index 3bbf4b0d52..80aec2b252 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -976,20 +976,23 @@
 				{{end}}
 			</div>
 			<div class="content">
-				<p>
+				<div class="ui warning message">
 					{{if .Repository.IsArchived}}
 						{{ctx.Locale.Tr "repo.settings.unarchive.text"}}
 					{{else}}
 						{{ctx.Locale.Tr "repo.settings.archive.text"}}
 					{{end}}
-				</p>
-			</div>
-			<form action="{{.Link}}" method="post">
-				{{.CsrfTokenHtml}}
-				<input type="hidden" name="action" value="{{if .Repository.IsArchived}}unarchive{{else}}archive{{end}}">
-				<input type="hidden" name="repo_id" value="{{.Repository.ID}}">
-				{{template "base/modal_actions_confirm" .}}
+				</div>
+				<form action="{{.Link}}" method="post">
+					{{.CsrfTokenHtml}}
+					<input type="hidden" name="action" value="{{if .Repository.IsArchived}}unarchive{{else}}archive{{end}}">
+					<input type="hidden" name="repo_id" value="{{.Repository.ID}}">
+					<div class="text right actions">
+						<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+						<button class="ui red button">{{ctx.Locale.Tr "repo.settings.archive.button"}}</button>
+					</div>
 			</form>
+			</div>
 		</div>
 	{{end}}
 {{end}}

From 144cd9a98666d43aa6aff1bf114b1d5bfa1ed117 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Wed, 13 Sep 2023 21:36:21 +0200
Subject: [PATCH 12/62] [GITEA] Fix issue card links on projects

- Don't expect that rendering is done on a repository, use the given
issue to figure out the repository link.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1321

(cherry picked from commit 63f16652ca21809d2e088c46ddb88b84c08a5ad6)
(cherry picked from commit 821785d0af2fc2a41997675fc2809e1e45c0cdd8)
(cherry picked from commit 345742a0dc2b505a5bdc0747d4e2cda7136e735d)
(cherry picked from commit 2a37b91d7ced112b06d04950a9970cbd2d52f0f2)
(cherry picked from commit 9d40b409d715d336f68ec6306d8a928c171c85fc)
(cherry picked from commit c4c377e73312f36111d5f874195c9aebbb9c8635)
(cherry picked from commit dc149daafefcd4bf8cbb26fee70b78cf35d301d2)
(cherry picked from commit 418b0ff439dfb44ee7e6110cffbabe3426719163)
(cherry picked from commit a98cc429c7fcbf5168390fdb56fe366ceb1c2d54)
(cherry picked from commit 44ae3b1b0c37b5870b9d0ea4bcb9a6193eb4e366)
(cherry picked from commit b8361e84eff9628153d00d8c4a8e31a7922108df)
(cherry picked from commit 18a9a21b12d5465a756fe96f48d5b6ed31abbd2b)
(cherry picked from commit 565827e9ce4fbfda83215f14b4567ffd78b8d549)
(cherry picked from commit 436571671de9245dcb736d7235197a910ae8e9e0)
(cherry picked from commit 6de1a73fc40b4e8b77a6cac30436d6b53386f40e)
---
 templates/repo/issue/card.tmpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/repo/issue/card.tmpl b/templates/repo/issue/card.tmpl
index 3cc853b351..9c11dfc121 100644
--- a/templates/repo/issue/card.tmpl
+++ b/templates/repo/issue/card.tmpl
@@ -33,7 +33,7 @@
 		</div>
 		{{if .MilestoneID}}
 		<div class="meta gt-my-2">
-			<a class="milestone" href="{{$.Page.RepoLink}}/milestone/{{.MilestoneID}}">
+			<a class="milestone" href="{{.Repo.Link}}/milestone/{{.MilestoneID}}">
 				{{svg "octicon-milestone" 16 "gt-mr-2 gt-vm"}}
 				<span class="gt-vm">{{.Milestone.Name}}</span>
 			</a>
@@ -42,7 +42,7 @@
 		{{if $.Page.LinkedPRs}}
 		{{range index $.Page.LinkedPRs .ID}}
 		<div class="meta gt-my-2">
-			<a href="{{$.Page.RepoLink}}/pulls/{{.Index}}">
+			<a href="{{$.Issue.Repo.Link}}/pulls/{{.Index}}">
 				<span class="gt-m-0 text {{if .PullRequest.HasMerged}}purple{{else if .IsClosed}}red{{else}}green{{end}}">{{svg "octicon-git-merge" 16 "gt-mr-2 gt-vm"}}</span>
 				<span class="gt-vm">{{.Title}} <span class="text light grey">#{{.Index}}</span></span>
 			</a>
@@ -61,7 +61,7 @@
 	{{if or .Labels .Assignees}}
 	<div class="extra content labels-list gt-p-0 gt-pt-2">
 		{{range .Labels}}
-			<a target="_blank" href="{{$.Page.RepoLink}}/issues?labels={{.ID}}">{{RenderLabel ctx .}}</a>
+			<a target="_blank" href="{{$.Issue.Repo.Link}}/issues?labels={{.ID}}">{{RenderLabel ctx .}}</a>
 		{{end}}
 		<div class="right floated">
 			{{range .Assignees}}

From bc649733a121503bd2c8855a7bcac5bfce883363 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 17 Sep 2023 20:25:30 +0200
Subject: [PATCH 13/62] [GITEA] Skip unsupported code comment

- If there's a code comment that's received during the migration that
contains no diffhunk, skip it. This either means it was commenting on
old diffhunk or it's just a general codecomment. Forgejo supports
neither of such type of code comment.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1407

(cherry picked from commit ae463c7c559e02975ce5e758d8780def978eebee)
(cherry picked from commit bf48f02a86d6a193417f13a77031b8207a173dca)
(cherry picked from commit 10c3f102fa9135de37e9f73137ae5a9cf7072635)
(cherry picked from commit 828b4cc10cd0fc7e2540fe75e88b6ebf978c5c84)
(cherry picked from commit 6427fa65b641a32ead53779e3e7bda97704567df)
(cherry picked from commit 5b7a43c43fed0eb39e84edd652a699461f14fbbb)
(cherry picked from commit 4eef0fce72894fba2a8a138836421588f96f1087)
(cherry picked from commit a46192a4a6cffa1122ffc0c4781ba93c3067b05d)
(cherry picked from commit 107a9b8233731b3ac2d3a5474795a227c5bb8c0d)
(cherry picked from commit 308251fc48b674e58d27acf1ccf1bc00b5fe2d54)
(cherry picked from commit 017c4a53c5c8e3e2f1a1d8a06b1f975697584973)
(cherry picked from commit 4534a3393b5a6beb500eb36d92ac87dda485b984)
(cherry picked from commit 74e0c1663d27afc98b77c59db9f9a1593f7ea766)
(cherry picked from commit 9b17353f85c4f6273aec64996e70594fc2b8f37e)
(cherry picked from commit 09b6f58304f526c2fc8c9aeecf238b8bfa9ab1c5)
---
 services/migrations/gitea_uploader.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/migrations/gitea_uploader.go b/services/migrations/gitea_uploader.go
index 23d855d615..44782cbd20 100644
--- a/services/migrations/gitea_uploader.go
+++ b/services/migrations/gitea_uploader.go
@@ -859,6 +859,11 @@ func (g *GiteaLocalUploader) CreateReviews(reviews ...*base.Review) error {
 		}
 
 		for _, comment := range review.Comments {
+			// Skip code comment if it doesn't have a diff it is commeting on.
+			if comment.DiffHunk == "" {
+				continue
+			}
+
 			line := comment.Line
 			if line != 0 {
 				comment.Position = 1

From 5d6d5272513629b126917c30f7bfde421fdcbe27 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Thu, 14 Sep 2023 21:53:57 +0200
Subject: [PATCH 14/62] [GITEA] Detect file rename and show in history

- Add a indication to the file history if the file has been renamed,
this indication contains a link to browse the history of the file
further.
- Added unit testing.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1279

(cherry picked from commit 72c297521b1830360aab4b50e37efcc7e67e0d5d)
(cherry picked from commit 283f9648947f8dd2f315ecca19566ccca2b49c18)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 7c30af7fdee08efd02041c01abca47394a69bb8b)
(cherry picked from commit f3be6eb269526a9f4ea7861189f07977f2d4a32f)
(cherry picked from commit 78e1755b94c18c043e0c8f8c2849803cc8069feb)
(cherry picked from commit 73799479e0fb68534dac10f809ee246dbc809b62)
(cherry picked from commit 938359b94120b7ea7bcdfbfda265ada691620da1)
(cherry picked from commit b168a9c081f93c10d40319333fc24d68a4f9763c)

[GITEA] Detect file rename and show in history (squash) ctx.Locale

(cherry picked from commit 40447752ff97aa306295685dcf4ddd3b13f48320)
(cherry picked from commit ea23594cdbb12c32dc28638f65bf40e37d344e5f)
(cherry picked from commit cdc473850c85abcbe38c799c2d2446966978f2b2)
(cherry picked from commit 86e6641c29df213d7db1b85867dafebcafeee1dd)
(cherry picked from commit 2757de586b80834513e61033692ac72d25381431)
(cherry picked from commit def4ae32ddb4b0b83f6bb9c197e00fdcd784928e)
(cherry picked from commit 6dada09329e28840f7ad890bed333ae122838fb2)
---
 modules/git/commit.go                         |  56 ++++++++++++++++++
 modules/git/commit_test.go                    |  27 +++++++++
 options/locale/locale_en-US.ini               |   2 +
 routers/web/repo/commit.go                    |  16 +++++
 templates/repo/commits.tmpl                   |   5 ++
 .../40/8bbd3bd1f96950f8cf2f98c479557f6b18817a | Bin 63 -> 0 bytes
 .../5d/5c87a90af64cc67f22d60a942d5efaef8bc96b | Bin 50 -> 0 bytes
 .../88/3e2970ed6937cbb63311e941adb97df0ae3a52 | Bin 49 -> 0 bytes
 .../8c/ac7a8f434451410cc91ab9c04d07baff974ad8 | Bin 120 -> 0 bytes
 .../a0/ccafed39086ef520be6886d9395eb2100d317e | Bin 102 -> 0 bytes
 .../ab/e2a9ddfd7f542ff89bc13960a929dc8ca86c99 | Bin 36 -> 0 bytes
 .../cd/879fb6cf5b7bbe0fbc3a0ef44c8695fde89a56 | Bin 108 -> 0 bytes
 .../d8/f53dfb33f6ccf4169c34970b5e747511c18beb | Bin 784 -> 0 bytes
 .../f3/c1ec36c0e7605be54e71f24035caa675b7ba41 | Bin 48 -> 0 bytes
 .../repo59.git/objects/info/commit-graph      | Bin 0 -> 1292 bytes
 .../user2/repo59.git/objects/info/packs       |   2 +
 ...d3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.idx | Bin 0 -> 1660 bytes
 ...3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.pack | Bin 0 -> 6316 bytes
 ...d3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.rev | Bin 0 -> 136 bytes
 .../user2/repo59.git/packed-refs              |   3 +-
 .../user2/repo59.git/refs/heads/cake-recipe   |   1 -
 tests/integration/repo_test.go                |  30 ++++++++++
 22 files changed, 140 insertions(+), 2 deletions(-)
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/40/8bbd3bd1f96950f8cf2f98c479557f6b18817a
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/5d/5c87a90af64cc67f22d60a942d5efaef8bc96b
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/88/3e2970ed6937cbb63311e941adb97df0ae3a52
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/8c/ac7a8f434451410cc91ab9c04d07baff974ad8
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/a0/ccafed39086ef520be6886d9395eb2100d317e
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/ab/e2a9ddfd7f542ff89bc13960a929dc8ca86c99
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/cd/879fb6cf5b7bbe0fbc3a0ef44c8695fde89a56
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/d8/f53dfb33f6ccf4169c34970b5e747511c18beb
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/f3/c1ec36c0e7605be54e71f24035caa675b7ba41
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/info/commit-graph
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/info/packs
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.idx
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.pack
 create mode 100644 tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.rev
 delete mode 100644 tests/gitea-repositories-meta/user2/repo59.git/refs/heads/cake-recipe

diff --git a/modules/git/commit.go b/modules/git/commit.go
index 5d960e92f3..012ba975e8 100644
--- a/modules/git/commit.go
+++ b/modules/git/commit.go
@@ -515,6 +515,62 @@ func GetCommitFileStatus(ctx context.Context, repoPath, commitID string) (*Commi
 	return fileStatus, nil
 }
 
+func parseCommitRenames(renames *[][2]string, stdout io.Reader) {
+	rd := bufio.NewReader(stdout)
+	for {
+		// Skip (R || three digits || NULL byte)
+		_, err := rd.Discard(5)
+		if err != nil {
+			if err != io.EOF {
+				log.Error("Unexpected error whilst reading from git log --name-status. Error: %v", err)
+			}
+			return
+		}
+		oldFileName, err := rd.ReadString('\x00')
+		if err != nil {
+			if err != io.EOF {
+				log.Error("Unexpected error whilst reading from git log --name-status. Error: %v", err)
+			}
+			return
+		}
+		newFileName, err := rd.ReadString('\x00')
+		if err != nil {
+			if err != io.EOF {
+				log.Error("Unexpected error whilst reading from git log --name-status. Error: %v", err)
+			}
+			return
+		}
+		oldFileName = strings.TrimSuffix(oldFileName, "\x00")
+		newFileName = strings.TrimSuffix(newFileName, "\x00")
+		*renames = append(*renames, [2]string{oldFileName, newFileName})
+	}
+}
+
+// GetCommitFileRenames returns the renames that the commit contains.
+func GetCommitFileRenames(ctx context.Context, repoPath, commitID string) ([][2]string, error) {
+	renames := [][2]string{}
+	stdout, w := io.Pipe()
+	done := make(chan struct{})
+	go func() {
+		parseCommitRenames(&renames, stdout)
+		close(done)
+	}()
+
+	stderr := new(bytes.Buffer)
+	err := NewCommand(ctx, "show", "--name-status", "--pretty=format:", "-z", "--diff-filter=R").AddDynamicArguments(commitID).Run(&RunOpts{
+		Dir:    repoPath,
+		Stdout: w,
+		Stderr: stderr,
+	})
+	w.Close() // Close writer to exit parsing goroutine
+	if err != nil {
+		return nil, ConcatenateError(err, stderr.String())
+	}
+
+	<-done
+	return renames, nil
+}
+
 // GetFullCommitID returns full length (40) of commit ID by given short SHA in a repository.
 func GetFullCommitID(ctx context.Context, repoPath, shortID string) (string, error) {
 	commitID, _, err := NewCommand(ctx, "rev-parse").AddDynamicArguments(shortID).RunStdString(&RunOpts{Dir: repoPath})
diff --git a/modules/git/commit_test.go b/modules/git/commit_test.go
index e512eecc56..2de6feeb31 100644
--- a/modules/git/commit_test.go
+++ b/modules/git/commit_test.go
@@ -278,3 +278,30 @@ func TestGetCommitFileStatusMerges(t *testing.T) {
 	assert.Equal(t, commitFileStatus.Removed, expected.Removed)
 	assert.Equal(t, commitFileStatus.Modified, expected.Modified)
 }
+
+func TestParseCommitRenames(t *testing.T) {
+	testcases := []struct {
+		output  string
+		renames [][2]string
+	}{
+		{
+			output:  "R090\x00renamed.txt\x00history.txt\x00",
+			renames: [][2]string{{"renamed.txt", "history.txt"}},
+		},
+		{
+			output:  "R090\x00renamed.txt\x00history.txt\x00R000\x00corruptedstdouthere",
+			renames: [][2]string{{"renamed.txt", "history.txt"}},
+		},
+		{
+			output:  "R100\x00renamed.txt\x00history.txt\x00R001\x00readme.md\x00README.md\x00",
+			renames: [][2]string{{"renamed.txt", "history.txt"}, {"readme.md", "README.md"}},
+		},
+	}
+
+	for _, testcase := range testcases {
+		renames := [][2]string{}
+		parseCommitRenames(&renames, strings.NewReader(testcase.output))
+
+		assert.Equal(t, testcase.renames, renames)
+	}
+}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 7720bb6764..c160aa3d49 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1282,6 +1282,8 @@ commits.find = Search
 commits.search_all = All Branches
 commits.author = Author
 commits.message = Message
+commits.browse_further = Browse further
+commits.renamed_from = Renamed from %s
 commits.date = Date
 commits.older = Older
 commits.newer = Newer
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index bd393e7fb7..a23ea39af6 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -239,6 +239,22 @@ func FileHistory(ctx *context.Context) {
 		ctx.ServerError("CommitsByFileAndRange", err)
 		return
 	}
+	oldestCommit := commits[len(commits)-1]
+
+	renamedFiles, err := git.GetCommitFileRenames(ctx, ctx.Repo.GitRepo.Path, oldestCommit.ID.String())
+	if err != nil {
+		ctx.ServerError("GetCommitFileRenames", err)
+		return
+	}
+
+	for _, renames := range renamedFiles {
+		if renames[1] == fileName {
+			ctx.Data["OldFilename"] = renames[0]
+			ctx.Data["OldFilenameHistory"] = fmt.Sprintf("%s/commits/commit/%s/%s", ctx.Repo.RepoLink, oldestCommit.ID.String(), renames[0])
+			break
+		}
+	}
+
 	ctx.Data["Commits"] = git_model.ConvertFromGitCommit(ctx, commits, ctx.Repo.Repository)
 
 	ctx.Data["Username"] = ctx.Repo.Owner.Name
diff --git a/templates/repo/commits.tmpl b/templates/repo/commits.tmpl
index 42004c2610..7b3b27af1d 100644
--- a/templates/repo/commits.tmpl
+++ b/templates/repo/commits.tmpl
@@ -13,6 +13,11 @@
 			</div>
 		</div>
 		{{template "repo/commits_table" .}}
+		{{if .OldFilename}}
+			<div class="ui bottom attached header">
+				<span>{{ctx.Locale.Tr "repo.commits.renamed_from" .OldFilename}} (<a href="{{.OldFilenameHistory}}">{{ctx.Locale.Tr "repo.commits.browse_further"}}</a>)</span>
+			</div>
+		{{end}}
 	</div>
 </div>
 {{template "base/footer" .}}
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/40/8bbd3bd1f96950f8cf2f98c479557f6b18817a b/tests/gitea-repositories-meta/user2/repo59.git/objects/40/8bbd3bd1f96950f8cf2f98c479557f6b18817a
deleted file mode 100644
index 567284ef1c21f472841f3d729cbfe024d78c448c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 63
zcmV-F0Korv0ZYosPf{>3XHZrMN-fAQ&Me6<s#GY?EXhzvR7lB8OG_<E%_~vJ&df_G
VR>)6NNXyJgE!N}W0ssfX5``$?8bAO5

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/5d/5c87a90af64cc67f22d60a942d5efaef8bc96b b/tests/gitea-repositories-meta/user2/repo59.git/objects/5d/5c87a90af64cc67f22d60a942d5efaef8bc96b
deleted file mode 100644
index f23960f4cc8c09af29fc4765f683b697a4547d74..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 50
zcmV-20L}k+0V^p=O;s>9VK6ZO0)@QP;*!j~bcW9d-<TbEo)G=iuke$D>8WL<+jltv
I07;Az9utceGXMYp

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/88/3e2970ed6937cbb63311e941adb97df0ae3a52 b/tests/gitea-repositories-meta/user2/repo59.git/objects/88/3e2970ed6937cbb63311e941adb97df0ae3a52
deleted file mode 100644
index 46cc9e3e5ec14999b5424f35c1c548db9e9e33c1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 49
zcmb<m^geacKghr=?SqG|SEzoN#<}ypp&s78I+{SPho`Qe-YFf8lV{Ffe$2!mca2X0
E0Le2FOaK4?

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/8c/ac7a8f434451410cc91ab9c04d07baff974ad8 b/tests/gitea-repositories-meta/user2/repo59.git/objects/8c/ac7a8f434451410cc91ab9c04d07baff974ad8
deleted file mode 100644
index 5a1e79326f2c2ee1a4c451167389f5096eabdf72..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 120
zcmV-;0Ehp00V^p=O;s>7FlR6{FfcPQQ3!H%bn$i7%S~Z$=-z96@n>ehkMsI7j#P%$
zXG=6znHT_pLP~0C0Yhv|`%12FKF8{nu5nG#jr;Y!`(!rMjI`9mlG377y^@L&h7LQ;
ag14FGr?(jkzI0r>v-ZO}s~`Z9QY~(zy*Y~j

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/a0/ccafed39086ef520be6886d9395eb2100d317e b/tests/gitea-repositories-meta/user2/repo59.git/objects/a0/ccafed39086ef520be6886d9395eb2100d317e
deleted file mode 100644
index 3b71228a7ec7b91f1066cda387ef6efa28c2ae68..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 102
zcmV-s0Ga=I0V^p=O;xb4U@$Z=Ff%bx2y%6F@paY9O<`F5Xyx6%^&$E{W*@XnSgCoZ
zXGP9TsG{Q3<f7D)_~OLU<ka}0)a1;9RK1dl5{9$w^S7OkuHMJL$BOTZPutYLFJ^@S
I0N_g~9D6=E761SM

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/ab/e2a9ddfd7f542ff89bc13960a929dc8ca86c99 b/tests/gitea-repositories-meta/user2/repo59.git/objects/ab/e2a9ddfd7f542ff89bc13960a929dc8ca86c99
deleted file mode 100644
index dcbd3b3eb9f03f5d60d082bd174cf3e8d07c6e8a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 36
rcmb<m^geacKghr+As~$7q(`WRpRb;mZlH#rj;~+n6DEer296E@-c1XM

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/cd/879fb6cf5b7bbe0fbc3a0ef44c8695fde89a56 b/tests/gitea-repositories-meta/user2/repo59.git/objects/cd/879fb6cf5b7bbe0fbc3a0ef44c8695fde89a56
deleted file mode 100644
index cd9cea6797da4bacfae03d6da3b053b81d969db2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 108
zcmV-y0F(cC0VRwv4udcd1XKGJ+abA#LWg(<d4O#eumBtRE|K_sPD(jDtBFUA=wHKQ
z+6ZB4R5Yf1adggmyi14&p%t^q`_d8rXPMbLvGto1u?0b?YK5Zs2-IpjZ^2TVK^B}8
O2`iuQ-u(dQ948US(J)2;

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/d8/f53dfb33f6ccf4169c34970b5e747511c18beb b/tests/gitea-repositories-meta/user2/repo59.git/objects/d8/f53dfb33f6ccf4169c34970b5e747511c18beb
deleted file mode 100644
index bea28c9f69b13925696567043b55ee3a544ce94c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 784
zcmV+r1MmEJ0hN=<uB%1>M6>2AdT%A&7_dRgi_+j`HiK;pmmM?MU`7Mx>)%bH?6OHM
zk5sBnouqA=Y63LcbH7YOmH|GAl4Hc@EW@%K&C)1I1Uia^1hFYP#!;RNM>a}%Dtb?4
zJAn6?4K(;YO4A`5NBYlfjhe2`eoNZs4?rJ;J;Mr|fWQvz5u(27_uQ2I-(JxbV^x4(
z|B6Ty%>s_%fUBlh_~u>6-<$#zs9bFmF%~6^Q@J9f=}|(LabtH3q_<N6zqB~{6bz|(
z88^4w(!a1&Jl%ge1xO9gmJ0>NxV$YbR02+h-W<i4Z3HuNB`n?WDPMf^Mf~0>y>8SN
zL-n>NnOHxD1_ktBKMTFMF~Oeo44c$Nx1zjPg-n1^s{~0y49o8@?{IqT_1l9F<ml+Q
z9C}RBeGn<|zST=%w;6q?N4)b-XXc8BYB)(@zga5$><Ig{cl7%sA$kIRHm~J}{?`20
z`NP{m$x&d*S7)08xz__Sb<D?XcDfv)v6OGKxlD#%XJSAuT`t5cYAfG8x2j*Vewi12
zTJ2^Ea1neQx#)5*l>DBH+t<aF%ENli#a$-YU1bW@izqP7T$`cw$TekB##S1PNpyTh
z+k*mF^zUgl%VLdhnmP+=@!?Ac>z~X}{gyB7!qm$KrCW*^)AW)NzRtpG4}}%%=|SNs
z@Nz?3mnX@zAyYKZV*tH#nR{bxS}d9i?M(85HRz`|j6_MUVShjg2W|Ppe8h&<LkhU9
z`dWpstae%^_i+Gs#s*K5<(k3j78iSEG>7*MdL7JHfOBCJr|RNl?>o$nk$Jg%Kk7Ay
z>ilZ^!I!SZjq{9}32tH%t5<moRy?*E(a}TN4~8WWew8kHGc1@^G5^rQS*HLDtNP<q
zH4^z!KGR{%CV7@+SIOuqcS&zzJ_#CxU$9z^2UsDM%&P1dVXr;XOwv;d$eaD_+~sl9
z`_bldN7Pg|IhDS5$9pE_7Ok3Zva>4`QEQTUns*)fL4hA0LId@WGsHUmmoZfJs-`Nc
O!MB&yMEwL3??r>^yMtc<

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/f3/c1ec36c0e7605be54e71f24035caa675b7ba41 b/tests/gitea-repositories-meta/user2/repo59.git/objects/f3/c1ec36c0e7605be54e71f24035caa675b7ba41
deleted file mode 100644
index b6803eb5a271b9d33c981d1ba24fa4126ae409db..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 48
zcmV-00MGw;0V^p=O;s>9W-u`T0)@2voRrieh6QKVzqRDZ`>L=nqwS_;+$I5D!#V&X
Gkq<4~#T1zU

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/info/commit-graph b/tests/gitea-repositories-meta/user2/repo59.git/objects/info/commit-graph
new file mode 100644
index 0000000000000000000000000000000000000000..d151dc87e63b6d2485029740163c1cd02c7d41d0
GIT binary patch
literal 1292
zcmZ>E5Aa}QWMT04ba7*V02d(J2f}1=advSGfwCLiT^x;|>^Be^M6&!quu)iyK;9@G
z8DYQ#jO$TMyD(q|hVP)otZOq~hxjx+n&edca;Jo0TTt~>qlO(eF-;1GS6Q+>X#B*q
zXnC03iOL&aZGRhoJM%?sj>&ZHxRO%AgWaz~!hS7&%G9F9;IU;%)q2U6wRV$c763g9
z!a%^1%EG==%(L8v{Wo8~;ety&&fTp1sip^yfh3`7IDl#{^{lDtcXkPM<T)v|^MEh=
ouK&}$ZXlbJa^GYcNDmCG@NQ|-c)VSltHilTa{3pUsHl({0FLHS*#H0l

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/info/packs b/tests/gitea-repositories-meta/user2/repo59.git/objects/info/packs
new file mode 100644
index 0000000000..0374746b5e
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo59.git/objects/info/packs
@@ -0,0 +1,2 @@
+P pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.pack
+
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.idx b/tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.idx
new file mode 100644
index 0000000000000000000000000000000000000000..aaa9981cf5982e0cdf26f13d8095020ce465ddef
GIT binary patch
literal 1660
zcmexg;-AdGz`z8=*Z?C?kX#Hh6NH(E2xbAglbV<nXdWTV22?XxFgwsK_%H`ho)Zak
z0onL4H&7lI<^jr~V?Ll52=fzx1%PVkfdzr~;KM>dd1A3JP%SxF1gMWxEDF>^5@ubS
z@jAq(;n5_g;+H!m4BLXLry7Yw@3bh^P7CGT=PJLCyJX2r^^lKZp5->|zxnzN7hLLb
z?q=mrH9dIDp?k0O#h;l0KhEpVI8qr}pDoc?6%zJq@l&Q2H3p9@ORCmOwyd?AG&44)
zeI?g7pJVk(*SMzW#{GKVeKNaYhfPeA!r@hxY!4bgF)dmiW_O~p!%nl{ZKnC@ZN`Ex
z9oO!x{jkm|sPmShlc&wf&DW9@7c-SjT=qEAS+QqLRll=Kpd-&oshtOW*?0Y)?sa3z
z){=*9A_nY|rc-k_tj+IZ`MzT3?9&@1I_wNg%64-KT|0ErZ=PcE;{|8dzqRDZ`>L=n
zqwS_;+$I5D!@31$WhcDQ-+Jo{Z&GE)mY-AX4Z3O;t$QeOsNH3$wQk+RLfb;;fROw<
zs~@er`?o$s|HtfumI*60@ARz5nR%4w?APQj#n<nb)VvFxy_)~#98-m}?en*tkFMUw
zzsHL2i%;9szb|Hm-S}$z+xXj=FJf~{rgO)YlnNf~e*J9jquHA-UUT;D)?8N}b>q;J
zp5Td}556%w@H`><sbAqI2h&r_O1JNF%ohj<_&qgJ@snJp!%>Oj{w5~;Pn@?d+qGzQ
z=#$(<wwVHg0;`sB{XJ3_Y7i>_u|4p16j!cPuI0Wu*(=7fk+Mr)dWTGX;HzJL)F&)0
zuZ%(S$D#N-VDW4Y%!)u-ES-Ttd>RnD0onb)^aISF5`I8j2^4DsCZ~(Qthp2@_Y}x4
z0v22DK>9qeNC*MaZ-Lq1Bv36-pV;o)%gg==_sf<)^wG=i%W-_VPDShf{Yw4SqES8S
R@AzV-R-~x4va}Sh1OP;7B9#CD

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.pack b/tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.pack
new file mode 100644
index 0000000000000000000000000000000000000000..ddb8c16caf1f0600bf22af94b7f41c3799679617
GIT binary patch
literal 6316
zcmZu$RZtvYlUzK&;vRwqcXtWy?yz`Zad!w7++iVPaa|mO2Z!LYkl;>m4-UaE|6ScZ
z-NW}VU-eW?Pu0|P*Jw(~r~m)}#D9+{N7^qZ1EN${B~KV}_k?lF<jyO=zAKJ`Gz7{f
zBk!NYf?M>XAlW|LxZ~U02~_Md>gA>-Ih>#u8Yz9iy<`p*MwOlPzs2TJS4S}$`heU<
zcWE^S!=GCVycD1Q&<Rdc{l@gB0{A9cDD1PC6lp!r)L7bxRDx_?@t?DLr@#mCl)Tc{
z?_eX1sIX@U+a0WG^vr(c>FJ#UV!9BWJ0Fq|pd81!(w**g!N6-!ljzzt#IcSXrq&Uq
zf(El>-5gwa-6T}|l>v4Mlv}EbOQT>hbv2{5QCStD=&=^8SsY|gUkG1tyf5G*`IKxW
z$DX$yl2de(b#cL1G-Y1@&Fr&06S-9hC*hvN8B;6cdFI<Y{4X`8OYgwWUpub3ak0(J
z?o&>fmlGX)Y*%d@kdd}bZG_Ba8{?TVbDcsYs3?X;#Opo|`K7?;xlRTrynb<0*;BCT
zX=z{I+9bzYrW0uY=C7N}zBg?f9c?$1YHu<licn#^N#)I+FcPmK@&!UfCg1wZ<`X}*
zFlV{D<<QjAC;f77)p`hKLn#x-#_gQYN}XJhNh@ZV-a2j=GTG7S4}??(@6@fdw=tC-
ze2d>aj8u!!L^C^*c#+`qDHMw1yHAeCxbwYYJ*%rN$?ku7X!1I-Zv)X-4SeBDL6UQf
zbja_Mo@OL(30U8_I7Fz+%E%p55UqfY*J&dfz`V8ic1KiZ%Y0Bp=?u$WCQ0AP^_RWN
zCDBPRgY~ucI|E^0_olk~<G(iA6M4Di6&b7Dh}4QImC~J(c_+V^-=97b>v7AK9i2YV
zMzi~N;-bwFOeOnrV|HA+X$o-Q0e;L38JfVuJX|vAeh1cF%~_dpu6TJ-%iTp@Tn|7&
zAWGASR{Sk@Rf57PIeNk}kG#t3EqCcfp>MX7ejr4*(7qi(YB9U6%fo^PB?1%$g)A5T
zumxsAcP)c61UoVl4)y8%Q+{QPs_}D2<bD!DZGAnDfo=ac4m~ekhFNcIb3$EVGZH}{
z3Yk3*915ufqsz&Zo|>qwZpj{vRy(EG3;bZsYn-4XjH3<sLCbB`pk}l~;c&BKMGqj4
zS~ENKgI`W0WVp7<5La$L2*q<23+)lN<j(k0j5?_*mnCW@62rdZ@8gwRTXt`(%%;-m
z%H^vVZuI1o@vXn1H2oL~U#!0tr@Y&KPc=-28)=<G`E4YQ7LW6)ihR`O$9w9K0eg`x
zd&Hh?ewT;0uMczlJ*lAtOZ{3Av@+Vjajt=AfkCnD*C`7BBqE$A$+pg^GFrxvdrvw&
z$qglyR>l45jnw0%Bl8?;^aj5iUvwHJd8RoGJ!jNC%+9o-6CA$9j2!H#(S<Kmv&KI)
zw=3|?X@u)2Up>Ng9hW<4vf79H4#EWm5Bc<B&x+eO0$Oo=I~2H0-nMp~Mj8R@$|gC`
zZlP^Q$QB1D$YfdHeosdBeLiYp!q#B53`Wo~CQtIuN}Fy{%{3C283@F4V4t!al1H-H
zmGWD|foP=c_6v>O{=LC(S(rOfAN)o-`ja&*<dak}$PXHv85?hw#Z!qheggVai&+@V
z1Vvx(Ar4P>tNars8&a%btD?Fs)f+kzEMe2$bz0t??pUdya(Ck05p#e!RaW(zdPKw0
zb9*K^nqf-c?%t*4P|I4CvT<w>0|VzY7Uq(<!-k`#uF^-8ojinA(;<`z_@Dwo@@j7f
zN@-sk->;a2rry+)S%z%xM$g-Ymp`tjdCfPj(W=cfCbsL=g0#)`2@{~{@vsI2)_cFj
z0Q!)@JD-G)nu{~rv}faLpcb%;e$@-eX)>Le0~2;iTr;-l&|wQ>ZWic_>_QC@OZdUH
zK$>lsK-`=8NACAVdY`P_=*`mJnAqt+>p<ot=;{SmGUCw^L%kR?!&&$aDwP6p!XW+{
zK``(=8yS7bOJJ{?XU1R|v*(kFF+10Y)>d2_V1s5@<f;af)^o1=eMhFGs2AmDR4Tt?
z+c`J^YW|ghv+Pum<H$&^*6-E)N8PSgUmG0!jMxAzQGw3-U4Q$9DTTSzOS|xz0@q6q
ztlacSwsqc0m?PVRRs<obP8M(P<lS0BKGVjZVEmn_v2nVsv&nMb-JZ8HgwEU~?rOot
z1``8RKX+tA|8E}j0srP<5Lz6uUUFCTa{>j3iiFBr?5TPtV4j~X5T7m%nx<s0@#ert
z`E8`WgJ^dC5z6DQJ?%G{meYI1Y>I)XmO(hl2#TUxF~;Ft{9?t>n@l&gZ)Fs-5$`*l
z=zQTQ;MIc=PNWz|Op1WUq`oC|sV4fpcJTGpE{Pr`?eD%p;v6FD`FK7=SFJUySh#nF
z-{ksp#{-E10I{GdKaEMbfoYGVymBo9ESu}on))L~r{Y^#o^5`dw#f^vPZ&%6XC{Nh
zM^1&%WsE$X_$@=Moq*g;h1CNck(NOJ3)<81`jb1+pR9znr{pu-y3Cr8cfjFD?caX2
z(V^5{(bppFY?hsOZ;3$37kU~d5`isZMVt+IP$eAmtKTTF(*0b^@}IRC!}gDH02Ois
z%DRMn&ZnWCJ@v>=NNz3B_>7baE=KwNVTSlbQdzAoNS8kO)B3_}<7Cw5s$nWP5`seA
zdS+dmU$o)72J9=KHbj^sjwlD+zVuvf>?KBR^mJTi2A;)OX~C<#^g~vaE?^&5Q;qo{
zA<sIfLxG;0Adc`+%|t5KE?S@imUKqg*F3(U2wOZdlqlusk<T)$rppRamH*IIU*(m@
zGUVYBvU>QTA}X^DjP30zP#kZ)<>?scIiA3`iE`8I@Ib2(0QwpWjhqP!<<lFL@gEnn
zPwxnm*D)v-XHh=2EmSj!!7BW<WQ|qjoDxypt<>lk8R^VV!y#7)qYXvJoHRx3u4#Jq
zEc8EODZAy777*7+&l`Zc`V`lBTH|BqWZzTHd>=a9phw3{{m#B2uzz>6bgcT^UYEv_
z5OEJPd|fHg@za2DQ8Zo8@N3?0rd>S)W6LiIp3_`ig8YvhV*v|J$&J|Jh-N!ckOwS$
zmR*<pG5o|mA{M#%(h0YaPGpA?0^r#jeG|u}fDfe0mta`{r8&0Rr<9pfd9}&;pZa#P
z7(Nr?hZ}pc<h}|;WN;>{V*PxaN1|g%ymOti__y~RWOMp2RiwzbZjnlu-Bq7iFVV6M
z<r&gs{-dKt8;a!#W$%LIPSLad%VUDEF|}f(3Gk(nI;=RjHSiCPADcxxuZDd6T|T<-
zOfE8_YkrhdLr=wzB=I)V^*5WBfsVYTsQ`FG2ec98-ax-xD~ThL%3CtMX|Gj@9Z+e2
zMbY4(aO=P44);JL(9-NN2SSHB5BvD&x&Xl`LVqBZxG(Cq+RZkX;91=e1gXdklp<{Y
z-b>mk-i@ZB?XOQ8pm|#)crR7Y<OlK~z@H%$%Jp~pB(DiCn?MVI_-1mwG1>7POAC{<
z-mro+rT(z~Rzxz?9p|0A3PYiGtA0i@aL~M_aqF5B3}9L63-EN)K{pKau`9_w*>soB
zKTUxLPMRf8>9C9pc^CcsoRgTi{N#tqe7O1cOF9CQD>mLWRco!;q>1Ol^)Ml$gAPZ2
zkWOuKi<RlSs;EbNWln^$GyZ6>PW^NG7j>t3;K;q`LXJ-`$7t8oGOj`N6-Xe7UtC$s
z;g4UY=%_yE=XhBvjE~bB-_5b~ER)tvA(^YdKyb`&7Co}PWt>(0*~wQ6ue^UN3Dh-|
zV-shS9OrBuIJMLlNqUC|j6>@P-ko3MwNNeo7~lYw9Wy9x7SccF3X3mY7VxLAWc?;{
z+~L)ZK78V!ufDAGCpLf)@3hX8jScv<V_x<4^EGXsW$8qppGdKVPufuA;_-UYvzMO4
zUPgJ^##A4-aMuAInP5aw%c{~>1lQ3pkPu%ZXs7f5^iW2N2GU%^aq5-Nr7M@kxEMa`
z?-ml<t=88sbnKkEY$oMs+kINz^4YAjca}HRzSfAAaC*O+5x~5W#J!<1PIFmeY{}}T
z?Zx~oN8EA9BL3%8EnfO|2(Z!u6YyLN3aPhtn5LB{6mM`j^XQNhLR)i5dL9=0Q`bUS
zEeIZ59J-y)?qHwo6ty8c-#GxkTUG+Gw)$+I+N5H!cGzS5(Chl^HaD+mf5GfDDq=pj
zM5EIpCd=E=&-k))1Y~lI|I~BN0LQ-X+LQ?hz?{#LbUdImXdkQ?cFA9jYpp^37;+IL
zk<d+gJ{Z|N{^Wy7G4aY1)yGf4%-rY73C)N5YjppQ;}~uz)+hYW+Q_YP`u?$U)f82h
z@E$LZZ#ykwL<v8r%ceu@ICjb{cR8?WL4*Va*KWYg3&Edwno!D3vw$?r(o?oX*yIvL
zDibvJ9)WzO?ZAM#07&!3Kd%fUuD~uyE(Vtx+DHaP_o5-B`zXoDwl@FB_1T%(_RWjp
zRS?G)lozAU85gJcjmE-9bZXWh3~C%<H(JH;UWulvh33CKZ4T96+7Wx6Kcy9sVW0Ei
z1d(OEkJ2i5>gNs(TNcDtBBVDW^la8occJC+Q^*z77808z3g*{rF-V`jtX!0fd*iQF
z`}S2b387T{;u#Y>co>vTql{HUZQyO(^`V2f#g#a*GpG1USis|gM|x?zTWP4d>P&>0
zq)eK0r1jf)x=Ii)lo{qWm6Xmw13m1PWD}d^!_NDvQ_UN79v)F@|Cq=#g|CWr0QZdp
zare&u+3SLf`Ka?Ab-0m5$5t(XmnN)@`TG-2@J-3aHxy0dz~+r!9LjWQMlCMQ3fM^R
zfw$l`hxxZ^t<f0?8#sX)9g&O}Reu)JYMp}^Xtc=ax7V?}*A0J}<Shu^;8ro!bEhO#
zYx8y0oetF6$k;WPi+5Y@{QcVj%I)$Q*0yhy!gH@^#F6cdV3{57q>KID&=ikAm-|UU
zUgAtr17$zjR+c$45E{22zZTQ+?I=;S2=t(=^OaKt1YTu}2x@TGP01xgLP}9rzNQ^P
zUrL?fwMwAkyt4dyG<c%5p1-5e-#AgTd@yc0n{RFkQL-$E5U;q6HM$|S`*q$dh;o+n
zqJ=a4(TnrQzZzjUAE>?<8C~W+<fzh+CU(nqZXJkua~&t>V%89FXP@#*j?b*KN>oGg
z4Qyp;bapH*TFY%6mNb9sgT57A93W^eY-WY-3^5jwq4?5L`u4t&$=Cd&c-uhDB885n
z?cqBvqw`O$b013=bguP_ZfJl<Rb@5jEyx*Njc4i4e*17@;SDa_<Dgw^A#g;pd^ecU
z$VdEIHnvCrjaxLwkAgzMKX_{TZ<9Z**QXaW)Zm!W9E(?xVxfI=vd<Ma<kgQt79j}3
z$Qpu>e{RDWGFn@#5BRrG2G>mN_mqy3-f}_6oEWSFhbL^fNWWWL-T3<}`Bdl~DmF78
zvgv4rMvQpyki<$CjHSaNX*3>5TXIs0P;El8_7ZfOO<p!B6>(Jnd{8z#Unx&xPz=)Z
zPhcgRUc4uNkVF`bC4|RRD~2LT;UVA31%786ME2t2l*0~A>hHWBHOLP(*f<z|Yz*Nf
z%X{yy{N!ttI0s}sAKpmSTl4CZ>j~|hHDyi+y2-W%ApPX^HA?#^m*#<0>F`R+)1dx%
zrMSHlTz%dF{inM0MWrAQiWve5+LiN<$<`lE-3r&-#Q10_Z`%t+4~yv(_S}HX)?l8%
z<sZ{HO(S#ZB5?*r8Cb6Lu|6gABBlnw5hD1=uNkZH-bBwK`i9dheOrB3)h+H%U#&H^
zktI(Tcm`^o7~CW4-ULbU?N63D2K0ZJjo+3_Z}Sm9Q}<IouU`V%NJ+?;;a27yJHqYg
z<J|Z@cyz#QAFXotZ6tC_^uqmO!k}qapje9%zODYYm=r8t%AUQM&QvY24Ocf4zsc_#
zngRjsh2M9;Hlr+E{4#r@)$w6|zNFAoa+N(9cWV^S)lT8;<`bXciX4p^IUS21;yNDo
zBgbo$nb-ylzgWg@NgqjYkP^#zHJ8c;Eg3rkGH3+_d~ycQjjG4FG_}~711G-EFqIpq
zQ1L0xB*W@+)=zF6nh;Ul(7jDR8C#A$lABMOT6eKIJBjTGf!VW}ADh3?Q{c_%7`wWd
zBvnv2-N<)5%fnxekE7uQ>j9Q-Agfeg3Ybd4n=H>(${2z4m00PiBN`J1+S?T4QW_7T
zvLrLplLkxv8!}W-()K$zRth8M0sgF_L@GNJS>aZ<#@2fe^61oCa9ZckTNfDPMKCzD
zxw9cWuHTP})V9E!!D3|OWZdFZ<$v*ZjoDFTOqow_PI3!R+%Nl@q5n?W<uD5Ah>EIB
zoGU>CRRYy+&M0+ku^F7_XuE~lE(AjrgYExy(qD4;?pyUkQp-_+q|HT$(x!*&95diJ
z{CPX!i1Kxc6ezKY2*D15qLZ9(V(Q33|KmXZiLU8Nd4T+#nA}-S2{}S!<*JGOH>iy!
zUa$`kUQnP)dwG2i(e?3#xcXOiuL;k5V8(5vTVb^7^AzL!CKlhIY6a09!_6=LltmcX
zv=0G&Ok2<uM>~Ie*c&dHCPsB2)DSXFZ{HF1k|(~BAG)Swl9Y*z9)`6{I}kL}lE?56
z5@KVJ<c%Ku7|8Prh~}4tHW{_|Tg8p`)eV)a;5Jcj$WWhaaxN>SMS;wuv}VOU#T1AB
ziD&vm$D;&KZ`BNA`00nT|K000kQz%&L?WH<_}U}EFdmr*)iceiJL6=);G0KZ^cKZ3
z4*sn=kyr6W%e6%pBo;@<j=MLZrEzwgmBjhJ*F#Ci2a_ehv<P1{&p5q#z~cvYe4YhN
zs%L#bQSCO5vtXqJga$>ZQ@P?;W3=&w#|Un2j^tiw;-Jz0F;Ixk$J*>^$@A~B8JMsb
zAxRA2HJAS@6f7%PiHzDAKWMVAcnXhErMRnKNvvS7tDYTq>S1JcDu0)%W1x5#p67i)
zl^<YuVX2q?$;{Oj^$mLGY2;2*W7C%L$nnCcLFJkU#|~D;YHdsDgB0IaosC^X-V5gp
z-3o|;^_P>g(Ew|}mwrceu%65L;7_m;r=-=c<&_M(cu-u1$+GQSQ4kytydov=V_3_0
zwa}}GUDS>ii844L`>0@%V`uEPJK4gmI?lq$DO$nP{+*K6C2=55RI1&Q@E>0$f`Tf_
z@5!qTwiAHY3Q1z-+M`6NIf=yIL&lqy9zmkUPnSC!Ih(PCgB+iqW87$JE_L(89@?eb
zHBM#@SIURq9bauP;S_psa7tV7gS=83btS7Dn|@!|;}Wc;pIQjx<B{y@HuaM?iV(ZX
zi)8~t-PeLT+oc)|D-;A={#F;H=Mhy^J^Kcy#w+nqKZV}}_I&1_9<8p*Bf1-6FN=fn
zelT4N-0yJ>Y@{+RJpU+j*C<1TYS6jsvFSW}C3hoG%0TWcpm7CzFG+g-{)3&xi*uAv
zv^i1#Y;r&)1U1OOKx4w3Q&1Ye0Mjprmye5!ms{(Nhqu>-_uROerQ5-}<EIO-ZEy0`
z18<UU)I3;)PajGO2$NQJa6pi8Qhijeb(I)C%BXc$`<3{3)BX6dg=Qe3X?7rOx=6Px
zEe<~lTNEDN3f(JfCBy9Y0(CUr_KQ?emp9~0?96s<=|+J)so?8g7g>$It$Xd4<>b+M
z*T@>OOns$@0J;hlqGN<mV!xb~-o;^|LgkXHFGY|t_!xX4jfjLdLk)B*G-HGZ$nwIp
zDnk5MJvRU`vU7GTZKBgFY6@-RD}`Sk?(=NjIpp(Ug-z*-uP`FuA{A%9@PDyQPdVwc
zv{5MF`JU#Tk;lq!oW-Xwn^gt`vwjf({2X{!j`IKX#PHc}cdh4!=0Vbys!7$b!oLhG
zH>oNUQ?xa^Q#70QcWYpJXZCN=?9N2^|8$`7^r|&CxpsZHXE^RGUSnmphtoC^0f6;|
ze)S9?%=^FTjSCg(($)!O6#oAd``!Ry_Te=D3-#Ipq66^ykfLnD`Tz6xRh)(#fGUSb
z+VhW^j{X~E_7ToWwo%SXU8X6vQB6f%#Zgri6?SDftJcWmgbK6%h=z{h_=FPs{Pq?i
zAY&WXqzU1_6Gs*GnAFucl-aeI)Y;V3^>z>e(tD`jPE@}finwvCP-<M+GhJ>$0&HRn
z3PZqFxhzV5ErS<lKoC_c-Ve=kCg8=EMM5(vBp+LvcaQkE6lpaC1}%ly=99+2F}3HX
zSY5(ez+fV_Holl}2yL(pjw2j%#fYx0{$Jf!itNgIocc_YQ)+sODr#)Z|3XD2c6E+1
zHm1>ushMp=!1xvBqxe7MsH!@gRb6jnLS=j(5kT`BIg86L2kGA_0)XH=1A8GzrtsZV
P<#0@LlG?4MW7+sGiQYRB

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.rev b/tests/gitea-repositories-meta/user2/repo59.git/objects/pack/pack-6dd3a6fe138f1d77e14c2e6b8e6c41e5ae242adf.rev
new file mode 100644
index 0000000000000000000000000000000000000000..81554dba7405b86a5e8db6c52a81b9c6590b0f0e
GIT binary patch
literal 136
zcmWIYbctYKU|@t|HXscGd_XJ!#2|5QAQl2*E+A$CVpbp)0b(8?W&vVeAm#*OW+3JV
zVnHBg2VxE&7S6rA?4NMIZ23bUz3jdm$EWL5wC;O}2sbdA%~jT1wJNl|W?lK0SNV4U
DT$U8_

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/user2/repo59.git/packed-refs b/tests/gitea-repositories-meta/user2/repo59.git/packed-refs
index 114c84d2aa..77fedbf67d 100644
--- a/tests/gitea-repositories-meta/user2/repo59.git/packed-refs
+++ b/tests/gitea-repositories-meta/user2/repo59.git/packed-refs
@@ -1,3 +1,4 @@
 # pack-refs with: peeled fully-peeled sorted 
-d8f53dfb33f6ccf4169c34970b5e747511c18beb refs/heads/master
+d8f53dfb33f6ccf4169c34970b5e747511c18beb refs/heads/cake-recipe
+80b83c5c8220c3aa3906e081f202a2a7563ec879 refs/heads/master
 d8f53dfb33f6ccf4169c34970b5e747511c18beb refs/tags/v1.0
diff --git a/tests/gitea-repositories-meta/user2/repo59.git/refs/heads/cake-recipe b/tests/gitea-repositories-meta/user2/repo59.git/refs/heads/cake-recipe
deleted file mode 100644
index 63bbea6692..0000000000
--- a/tests/gitea-repositories-meta/user2/repo59.git/refs/heads/cake-recipe
+++ /dev/null
@@ -1 +0,0 @@
-d8f53dfb33f6ccf4169c34970b5e747511c18beb
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index d50262ef84..0dbe1a525f 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -552,3 +552,33 @@ func TestGeneratedSourceLink(t *testing.T) {
 		assert.Equal(t, "/user27/repo49/src/commit/aacbdfe9e1c4b47f60abe81849045fa4e96f1d75/test/test.txt", dataURL)
 	})
 }
+
+func TestRenamedFileHistory(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Renamed file", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo59/commits/branch/master/license")
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		renameNotice := htmlDoc.doc.Find(".ui.bottom.attached.header")
+		assert.Equal(t, 1, renameNotice.Length())
+		assert.Contains(t, renameNotice.Text(), "Renamed from licnse (Browse further)")
+
+		oldFileHistoryLink, ok := renameNotice.Find("a").Attr("href")
+		assert.True(t, ok)
+		assert.Equal(t, "/user2/repo59/commits/commit/80b83c5c8220c3aa3906e081f202a2a7563ec879/licnse", oldFileHistoryLink)
+	})
+
+	t.Run("Non renamed file", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/user2/repo59/commits/branch/master/README.md")
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		htmlDoc.AssertElement(t, ".ui.bottom.attached.header", false)
+	})
+}

From 9e7d5b5de9d381360cd3164649990ce4397fff02 Mon Sep 17 00:00:00 2001
From: rome-user <rome-user@noreply.codeberg.org>
Date: Sat, 30 Sep 2023 18:03:22 -0700
Subject: [PATCH 15/62] [GITEA] fix indentation in Maven package install
 instructions

The installation instructions of a Maven package places the `url` child
of the `repository` node in an extra indentation level. This indentation
is unnecesary since both the `id` and `url` nodes are direct children of
the `repository` node.

This commit removes the unnecessary indentation.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1534

(cherry picked from commit 82f0ddad7bfcb40595d0f79220834377b04382d8)
(cherry picked from commit 905e546549bc69460d93f6e30bbe93124e924e57)
(cherry picked from commit 4e58ab82b77a8f4e6f994fc21b42fb70f0629778)
(cherry picked from commit 2f207e7deb692e8b356881017f615cf03c27fc38)
(cherry picked from commit 3b8cc8ad2c5c432510f479e6b366caa61603b05b)
(cherry picked from commit ca8565450c319c073e093b22180ef6c29461e281)
(cherry picked from commit df5ed97ed07815aa16df3b1960a16f542bcb05a8)
(cherry picked from commit fc1e529894f175550f5f88ee39a58c139337c6ee)
(cherry picked from commit ef8810c09db4d2c539655f1ac07da8149fda94c9)
(cherry picked from commit a2d1459c4d1fc6e9995bbdedbcf6a053d7370bc2)
(cherry picked from commit 30e0d7bff00be21eee6d233c0d50c443a3c466a0)
(cherry picked from commit ccb9ed98b9b7cb8a9223b3d787c4d861c82ab0eb)
(cherry picked from commit 3782794fb41e5c205800a558556e961f96ecc55b)
---
 templates/package/content/maven.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/package/content/maven.tmpl b/templates/package/content/maven.tmpl
index b2cd567e16..100c12e180 100644
--- a/templates/package/content/maven.tmpl
+++ b/templates/package/content/maven.tmpl
@@ -7,7 +7,7 @@
 				<div class="markup"><pre class="code-block"><code>&lt;repositories&gt;
 	&lt;repository&gt;
 		&lt;id&gt;gitea&lt;/id&gt;
-			&lt;url&gt;<gitea-origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/maven"></gitea-origin-url>&lt;/url&gt;
+		&lt;url&gt;<gitea-origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/maven"></gitea-origin-url>&lt;/url&gt;
 	&lt;/repository&gt;
 &lt;/repositories&gt;
 

From 43d218127752aa9251c4c3ef71b9c060f109dffc Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 30 Sep 2023 00:45:31 +0200
Subject: [PATCH 16/62] [GITEA] Drop sha256-simd in favor of stdlib
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- In Go 1.21 the crypto/sha256 [got a massive
improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the
SHA instructions for AMD64 CPUs, which sha256-simd already was doing.
The performance is now on par and I think it's preferable to use the
standard library rather than a package when possible.

```
cpu: AMD Ryzen 5 3600X 6-Core Processor
                │  simd.txt   │               go.txt                │
                │   sec/op    │    sec/op     vs base               │
Hash/8Bytes-12    63.25n ± 1%    73.38n ± 1%  +16.02% (p=0.002 n=6)
Hash/64Bytes-12   98.73n ± 1%   105.30n ± 1%   +6.65% (p=0.002 n=6)
Hash/1K-12        567.2n ± 1%    572.8n ± 1%   +0.99% (p=0.002 n=6)
Hash/8K-12        4.062µ ± 1%    4.062µ ± 1%        ~ (p=0.396 n=6)
Hash/1M-12        512.1µ ± 0%    510.6µ ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        2.556m ± 1%    2.564m ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       5.112m ± 0%    5.127m ± 0%        ~ (p=0.093 n=6)
geomean           13.82µ         14.27µ        +3.28%

                │   simd.txt   │               go.txt                │
                │     B/s      │     B/s       vs base               │
Hash/8Bytes-12    120.6Mi ± 1%   104.0Mi ± 1%  -13.81% (p=0.002 n=6)
Hash/64Bytes-12   618.2Mi ± 1%   579.8Mi ± 1%   -6.22% (p=0.002 n=6)
Hash/1K-12        1.682Gi ± 1%   1.665Gi ± 1%   -0.98% (p=0.002 n=6)
Hash/8K-12        1.878Gi ± 1%   1.878Gi ± 1%        ~ (p=0.310 n=6)
Hash/1M-12        1.907Gi ± 0%   1.913Gi ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        1.911Gi ± 1%   1.904Gi ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       1.910Gi ± 0%   1.905Gi ± 0%        ~ (p=0.093 n=6)
geomean           1.066Gi        1.032Gi        -3.18%
```

(cherry picked from commit abd94ff5b59c86e793fd9bf12187ea6cfd1f3fa1)
(cherry picked from commit 15e81637abf70576a564cf9eecaa9640228afb5b)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 325d92917f655c999b81b08832ee623d6b669f0f)

Conflicts:
	modules/context/context_cookie.go
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 358819e8959886faa171ac16541097500d0a703e)
(cherry picked from commit 362fd7aae17832fa922fa017794bc564ca43060d)
(cherry picked from commit 4f64ee294ee05c93042b6ec68f0a179ec249dab9)
(cherry picked from commit 4bde77f7b13c5f961c141c01b6da1f9eda5ec387)
(cherry picked from commit 1311e30a811675eb623692349e4e808a85aabef6)
(cherry picked from commit 57b69e334c2973118488b9b5dbdc8a2c88135756)
(cherry picked from commit 52dc892fadecf39e89c3c351edc9efb42522257b)
(cherry picked from commit 77f54f4187869c6eabcc837742fd3f908093a76c)
(cherry picked from commit 0d0392f3a510ce3683bb649dee1e65b45dd91354)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 92798364e8fe3188a2100b54f3adea943f8309e9)
---
 go.mod                                           | 2 +-
 models/auth/twofactor.go                         | 2 +-
 models/migrations/base/hash.go                   | 2 +-
 models/migrations/v1_14/v166.go                  | 2 +-
 modules/auth/password/hash/pbkdf2.go             | 2 +-
 modules/avatar/hash.go                           | 3 +--
 modules/avatar/identicon/identicon.go            | 3 +--
 modules/base/tool.go                             | 2 +-
 modules/git/last_commit_cache.go                 | 3 +--
 modules/lfs/content_store.go                     | 3 +--
 modules/lfs/pointer.go                           | 3 +--
 modules/secret/secret.go                         | 3 +--
 modules/util/keypair.go                          | 3 +--
 modules/util/keypair_test.go                     | 2 +-
 routers/api/packages/chef/auth.go                | 3 +--
 routers/api/packages/maven/maven.go              | 3 +--
 services/lfs/server.go                           | 2 +-
 services/mailer/token/token.go                   | 3 +--
 services/webhook/deliver.go                      | 2 +-
 tests/integration/api_packages_chef_test.go      | 2 +-
 tests/integration/api_packages_container_test.go | 2 +-
 tests/integration/api_packages_test.go           | 2 +-
 22 files changed, 22 insertions(+), 32 deletions(-)

diff --git a/go.mod b/go.mod
index c08010a916..b373544e7b 100644
--- a/go.mod
+++ b/go.mod
@@ -78,7 +78,6 @@ require (
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/minio/minio-go/v7 v7.0.66
-	github.com/minio/sha256-simd v1.0.1
 	github.com/msteinert/pam v1.2.0
 	github.com/nektos/act v0.2.52
 	github.com/niklasfasching/go-org v1.7.0
@@ -232,6 +231,7 @@ require (
 	github.com/mholt/acmez v1.2.0 // indirect
 	github.com/miekg/dns v1.1.57 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
+	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
diff --git a/models/auth/twofactor.go b/models/auth/twofactor.go
index 51061e5205..d0c341a192 100644
--- a/models/auth/twofactor.go
+++ b/models/auth/twofactor.go
@@ -6,6 +6,7 @@ package auth
 import (
 	"context"
 	"crypto/md5"
+	"crypto/sha256"
 	"crypto/subtle"
 	"encoding/base32"
 	"encoding/base64"
@@ -18,7 +19,6 @@ import (
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 
-	"github.com/minio/sha256-simd"
 	"github.com/pquerna/otp/totp"
 	"golang.org/x/crypto/pbkdf2"
 )
diff --git a/models/migrations/base/hash.go b/models/migrations/base/hash.go
index 0debec272b..00fd1efd4a 100644
--- a/models/migrations/base/hash.go
+++ b/models/migrations/base/hash.go
@@ -4,9 +4,9 @@
 package base
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 
-	"github.com/minio/sha256-simd"
 	"golang.org/x/crypto/pbkdf2"
 )
 
diff --git a/models/migrations/v1_14/v166.go b/models/migrations/v1_14/v166.go
index 78f33e8f9b..e5731582fd 100644
--- a/models/migrations/v1_14/v166.go
+++ b/models/migrations/v1_14/v166.go
@@ -4,9 +4,9 @@
 package v1_14 //nolint
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 
-	"github.com/minio/sha256-simd"
 	"golang.org/x/crypto/argon2"
 	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/crypto/pbkdf2"
diff --git a/modules/auth/password/hash/pbkdf2.go b/modules/auth/password/hash/pbkdf2.go
index 9ff6d162fc..27382fedb8 100644
--- a/modules/auth/password/hash/pbkdf2.go
+++ b/modules/auth/password/hash/pbkdf2.go
@@ -4,12 +4,12 @@
 package hash
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 	"strings"
 
 	"code.gitea.io/gitea/modules/log"
 
-	"github.com/minio/sha256-simd"
 	"golang.org/x/crypto/pbkdf2"
 )
 
diff --git a/modules/avatar/hash.go b/modules/avatar/hash.go
index 4fc28a7739..50db9c1943 100644
--- a/modules/avatar/hash.go
+++ b/modules/avatar/hash.go
@@ -4,10 +4,9 @@
 package avatar
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 	"strconv"
-
-	"github.com/minio/sha256-simd"
 )
 
 // HashAvatar will generate a unique string, which ensures that when there's a
diff --git a/modules/avatar/identicon/identicon.go b/modules/avatar/identicon/identicon.go
index 9b7a2faf05..63926d5f19 100644
--- a/modules/avatar/identicon/identicon.go
+++ b/modules/avatar/identicon/identicon.go
@@ -7,11 +7,10 @@
 package identicon
 
 import (
+	"crypto/sha256"
 	"fmt"
 	"image"
 	"image/color"
-
-	"github.com/minio/sha256-simd"
 )
 
 const minImageSize = 16
diff --git a/modules/base/tool.go b/modules/base/tool.go
index e9f4dfa279..b72f3a1930 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -5,6 +5,7 @@ package base
 
 import (
 	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
@@ -22,7 +23,6 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/dustin/go-humanize"
-	"github.com/minio/sha256-simd"
 )
 
 // EncodeSha1 string to sha1 hex value.
diff --git a/modules/git/last_commit_cache.go b/modules/git/last_commit_cache.go
index 7c7baedd2f..5b62b90b27 100644
--- a/modules/git/last_commit_cache.go
+++ b/modules/git/last_commit_cache.go
@@ -4,12 +4,11 @@
 package git
 
 import (
+	"crypto/sha256"
 	"fmt"
 
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/minio/sha256-simd"
 )
 
 // Cache represents a caching interface
diff --git a/modules/lfs/content_store.go b/modules/lfs/content_store.go
index daf8c6cfdd..0d9c0c98ac 100644
--- a/modules/lfs/content_store.go
+++ b/modules/lfs/content_store.go
@@ -4,6 +4,7 @@
 package lfs
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"hash"
@@ -12,8 +13,6 @@ import (
 
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/storage"
-
-	"github.com/minio/sha256-simd"
 )
 
 var (
diff --git a/modules/lfs/pointer.go b/modules/lfs/pointer.go
index 3e5bb8f91d..ebde20f826 100644
--- a/modules/lfs/pointer.go
+++ b/modules/lfs/pointer.go
@@ -4,6 +4,7 @@
 package lfs
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -12,8 +13,6 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
-
-	"github.com/minio/sha256-simd"
 )
 
 const (
diff --git a/modules/secret/secret.go b/modules/secret/secret.go
index 9c2ecd181d..e70ae1839c 100644
--- a/modules/secret/secret.go
+++ b/modules/secret/secret.go
@@ -7,13 +7,12 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
-
-	"github.com/minio/sha256-simd"
 )
 
 // AesEncrypt encrypts text and given key with AES.
diff --git a/modules/util/keypair.go b/modules/util/keypair.go
index 97f2d9ebca..8b86c142af 100644
--- a/modules/util/keypair.go
+++ b/modules/util/keypair.go
@@ -7,10 +7,9 @@ import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/pem"
-
-	"github.com/minio/sha256-simd"
 )
 
 // GenerateKeyPair generates a public and private keypair
diff --git a/modules/util/keypair_test.go b/modules/util/keypair_test.go
index c9925f7988..c6f68c845a 100644
--- a/modules/util/keypair_test.go
+++ b/modules/util/keypair_test.go
@@ -7,12 +7,12 @@ import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/pem"
 	"regexp"
 	"testing"
 
-	"github.com/minio/sha256-simd"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/routers/api/packages/chef/auth.go b/routers/api/packages/chef/auth.go
index 3aef8281a4..a790e9a363 100644
--- a/routers/api/packages/chef/auth.go
+++ b/routers/api/packages/chef/auth.go
@@ -8,6 +8,7 @@ import (
 	"crypto"
 	"crypto/rsa"
 	"crypto/sha1"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
@@ -26,8 +27,6 @@ import (
 	chef_module "code.gitea.io/gitea/modules/packages/chef"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/auth"
-
-	"github.com/minio/sha256-simd"
 )
 
 const (
diff --git a/routers/api/packages/maven/maven.go b/routers/api/packages/maven/maven.go
index 0b93382b01..5106395eb1 100644
--- a/routers/api/packages/maven/maven.go
+++ b/routers/api/packages/maven/maven.go
@@ -6,6 +6,7 @@ package maven
 import (
 	"crypto/md5"
 	"crypto/sha1"
+	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"
 	"encoding/xml"
@@ -26,8 +27,6 @@ import (
 	maven_module "code.gitea.io/gitea/modules/packages/maven"
 	"code.gitea.io/gitea/routers/api/packages/helper"
 	packages_service "code.gitea.io/gitea/services/packages"
-
-	"github.com/minio/sha256-simd"
 )
 
 const (
diff --git a/services/lfs/server.go b/services/lfs/server.go
index 62134b7d60..56714120ad 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -5,6 +5,7 @@ package lfs
 
 import (
 	stdCtx "context"
+	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
@@ -33,7 +34,6 @@ import (
 	"code.gitea.io/gitea/modules/storage"
 
 	"github.com/golang-jwt/jwt/v5"
-	"github.com/minio/sha256-simd"
 )
 
 // requestContext contain variables from the HTTP request.
diff --git a/services/mailer/token/token.go b/services/mailer/token/token.go
index aa7b567188..8a5a762d6b 100644
--- a/services/mailer/token/token.go
+++ b/services/mailer/token/token.go
@@ -6,14 +6,13 @@ package token
 import (
 	"context"
 	crypto_hmac "crypto/hmac"
+	"crypto/sha256"
 	"encoding/base32"
 	"fmt"
 	"time"
 
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/util"
-
-	"github.com/minio/sha256-simd"
 )
 
 // A token is a verifiable container describing an action.
diff --git a/services/webhook/deliver.go b/services/webhook/deliver.go
index 8f728d3aa6..935981d29c 100644
--- a/services/webhook/deliver.go
+++ b/services/webhook/deliver.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"crypto/hmac"
 	"crypto/sha1"
+	"crypto/sha256"
 	"crypto/tls"
 	"encoding/hex"
 	"fmt"
@@ -29,7 +30,6 @@ import (
 	webhook_module "code.gitea.io/gitea/modules/webhook"
 
 	"github.com/gobwas/glob"
-	"github.com/minio/sha256-simd"
 )
 
 // Deliver deliver hook task
diff --git a/tests/integration/api_packages_chef_test.go b/tests/integration/api_packages_chef_test.go
index 4123c7216c..05545f11a6 100644
--- a/tests/integration/api_packages_chef_test.go
+++ b/tests/integration/api_packages_chef_test.go
@@ -11,6 +11,7 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
@@ -33,7 +34,6 @@ import (
 	chef_router "code.gitea.io/gitea/routers/api/packages/chef"
 	"code.gitea.io/gitea/tests"
 
-	"github.com/minio/sha256-simd"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index f32d33888b..ae943c3dd0 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -5,6 +5,7 @@ package integration
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
 	"net/http"
@@ -23,7 +24,6 @@ import (
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/tests"
 
-	"github.com/minio/sha256-simd"
 	oci "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/stretchr/testify/assert"
 )
diff --git a/tests/integration/api_packages_test.go b/tests/integration/api_packages_test.go
index 8c981566b6..daf32e82f9 100644
--- a/tests/integration/api_packages_test.go
+++ b/tests/integration/api_packages_test.go
@@ -5,6 +5,7 @@ package integration
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"fmt"
 	"net/http"
 	"strings"
@@ -24,7 +25,6 @@ import (
 	packages_cleanup_service "code.gitea.io/gitea/services/packages/cleanup"
 	"code.gitea.io/gitea/tests"
 
-	"github.com/minio/sha256-simd"
 	"github.com/stretchr/testify/assert"
 )
 

From 38c812acfffe4c83099881a8b47489caba64b42a Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 30 Sep 2023 22:16:47 +0200
Subject: [PATCH 17/62] [GITEA] Make atomic ssh keys replacement robust

- After stumbling upon https://github.com/golang/go/issues/22397 and
reading the implementations I realized that Forgejo code doesn't have
`Sync()` and it doesn't properly error handle the `Close` function.
- (likely) Resolves https://codeberg.org/forgejo/forgejo/issues/1446

(cherry picked from commit 0efcb334c2f123d0869a30d684189eb31e8b983f)
(cherry picked from commit 04ef02c0dd98c7437acb39383d311c0901366508)
(cherry picked from commit 85f2065c9bc6ded9c21909ec76a9e8fc2d22f462)
(cherry picked from commit 8d36b5cce66864e190bad3c9b0973e37ca774a22)
(cherry picked from commit 378dc30fb5a88ffe185c54de7e69224289038bff)
(cherry picked from commit 2b28bf826e51b8ccb4a693001c03ffe6132f7842)
(cherry picked from commit d0625a001e5f8fe202865bec7aadcf0c551d556d)
(cherry picked from commit f161a4f60f1cde80a41bece4929836257b9e0423)
(cherry picked from commit 7430ca43e57683ca324fb20269a60e05cb393589)
(cherry picked from commit ab6d38daf7eeb1dc993bfc0ac1a326af65128168)
(cherry picked from commit 0f703fd02e69bdcf2f77e120ff8641f1b8089020)
(cherry picked from commit 6931a8f6bbfa0fe4f68b462f88c4a3db7ea06306)
(cherry picked from commit 5e2065c1c0ac66d90fae23f989077fa8cb0416ef)
---
 models/asymkey/ssh_key_authorized_keys.go       | 7 ++++++-
 models/asymkey/ssh_key_authorized_principals.go | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/models/asymkey/ssh_key_authorized_keys.go b/models/asymkey/ssh_key_authorized_keys.go
index 267ab252c8..2b15450c98 100644
--- a/models/asymkey/ssh_key_authorized_keys.go
+++ b/models/asymkey/ssh_key_authorized_keys.go
@@ -169,7 +169,12 @@ func RewriteAllPublicKeys(ctx context.Context) error {
 		return err
 	}
 
-	t.Close()
+	if err := t.Sync(); err != nil {
+		return err
+	}
+	if err := t.Close(); err != nil {
+		return err
+	}
 	return util.Rename(tmpPath, fPath)
 }
 
diff --git a/models/asymkey/ssh_key_authorized_principals.go b/models/asymkey/ssh_key_authorized_principals.go
index 107d70c766..f3017c3089 100644
--- a/models/asymkey/ssh_key_authorized_principals.go
+++ b/models/asymkey/ssh_key_authorized_principals.go
@@ -92,7 +92,12 @@ func RewriteAllPrincipalKeys(ctx context.Context) error {
 		return err
 	}
 
-	t.Close()
+	if err := t.Sync(); err != nil {
+		return err
+	}
+	if err := t.Close(); err != nil {
+		return err
+	}
 	return util.Rename(tmpPath, fPath)
 }
 

From f53b2d31127ddf17b6593d1bb3ec536ee04c8937 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 1 Oct 2023 12:58:58 +0200
Subject: [PATCH 18/62] [GITEA] Use existing jsonschema library

- Use the 'existing' jsonschema library for the nodeinfo integration test.

(cherry picked from commit 73864840f27274d4cdaef23d47a6a71fc60529c3)
(cherry picked from commit da36df306b7a75434c75ed5f63608e06266ca480)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 2b4ab46d8eacd2e6b2318f26e327ec59b804ea23)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 8064130344eb0d797838f8444a6d5c0e3d425716)
(cherry picked from commit 0ccefc633e5cd206bd51f642c9fe7be56dae51ec)
(cherry picked from commit 19e647b531c5cfaba5beabbd1de2fe65dfd44da0)
(cherry picked from commit 2bcc04889d4d765eba0ebdffe7ba788c91923d35)
(cherry picked from commit 2fd1932699572a666ef616b7fb191ab5f56d75c6)
(cherry picked from commit b9a3e1e5258e1896550cc3750b7f688fdab1bb22)
(cherry picked from commit 92d932d23f2fcab4b38b72bb6b39778026418ecd)
(cherry picked from commit c125217fea154d6eb87ae86735906c90575bbff3)
(cherry picked from commit f9801ba57b58fefe5a4cc8c9da91a3593129f656)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 2558a8a764ff6d35c70beb7510626cdeac38771d)
---
 go.mod                                |  3 ---
 go.sum                                |  7 -------
 tests/integration/integration_test.go | 19 +++++++++----------
 3 files changed, 9 insertions(+), 20 deletions(-)

diff --git a/go.mod b/go.mod
index b373544e7b..809d2d5e10 100644
--- a/go.mod
+++ b/go.mod
@@ -100,7 +100,6 @@ require (
 	github.com/ulikunitz/xz v0.5.11
 	github.com/urfave/cli/v2 v2.26.0
 	github.com/xanzy/go-gitlab v0.95.2
-	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.6.0
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
@@ -277,8 +276,6 @@ require (
 	github.com/valyala/fastjson v1.6.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e // indirect
 	github.com/zeebo/blake3 v0.2.3 // indirect
diff --git a/go.sum b/go.sum
index 69b2556dd3..7ac58aac94 100644
--- a/go.sum
+++ b/go.sum
@@ -968,13 +968,6 @@ github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23n
 github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
 github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 60a85ee5d4..3a3fcc83c2 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -43,8 +43,8 @@ import (
 	"github.com/markbates/goth"
 	"github.com/markbates/goth/gothic"
 	goth_gitlab "github.com/markbates/goth/providers/gitlab"
+	"github.com/santhosh-tekuri/jsonschema/v5"
 	"github.com/stretchr/testify/assert"
-	"github.com/xeipuuv/gojsonschema"
 )
 
 var testWebRoutes *web.Route
@@ -544,16 +544,15 @@ func VerifyJSONSchema(t testing.TB, resp *httptest.ResponseRecorder, schemaFile
 	_, schemaFileErr := os.Stat(schemaFilePath)
 	assert.Nil(t, schemaFileErr)
 
-	schema, schemaFileReadErr := os.ReadFile(schemaFilePath)
-	assert.Nil(t, schemaFileReadErr)
-	assert.True(t, len(schema) > 0)
+	schema, err := jsonschema.Compile(schemaFilePath)
+	assert.NoError(t, err)
 
-	nodeinfoSchema := gojsonschema.NewStringLoader(string(schema))
-	nodeinfoString := gojsonschema.NewStringLoader(resp.Body.String())
-	result, schemaValidationErr := gojsonschema.Validate(nodeinfoSchema, nodeinfoString)
-	assert.Nil(t, schemaValidationErr)
-	assert.Empty(t, result.Errors())
-	assert.True(t, result.Valid())
+	var data interface{}
+	err = json.Unmarshal(resp.Body.Bytes(), &data)
+	assert.NoError(t, err)
+
+	schemaValidation := schema.Validate(data)
+	assert.Nil(t, schemaValidation)
 }
 
 func GetCSRF(t testing.TB, session *TestSession, urlStr string) string {

From defb101281f5a6ba410abc763674bafa7b63dffd Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 1 Oct 2023 00:09:25 +0200
Subject: [PATCH 19/62] [GITEA] Use maintained gziphandler

- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d82001babd8d40c87d03169f21c14cd)
(cherry picked from commit 99ba56a8761dd08e08d9499cab2ded1a6b7b970f)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193daa2311e2ead6249a47dcec47b4e335)
(cherry picked from commit 9c12a37fde6fa84414bf332ff4a066facdb92d38)
(cherry picked from commit d13065345431a499f9e0b7a3c2043d7487b8aa5b)
(cherry picked from commit 45a16f8c3c6f7d5e4aab8fdde6a621cf36e4801c)
(cherry picked from commit a497acb31f76d580c8b0567f9461274bd78080f4)
(cherry picked from commit fe87fd828973945192b98310c5c3b2001c6e0f86)
(cherry picked from commit 6ac12e6693cf45cb12109028dabd868957c4b74c)
(cherry picked from commit 981ec37e1e72ab19c20067ff4d2a7e20a60d3305)
(cherry picked from commit 5d6892ec10086f0ba63f26693faa82d0fd4e3f4a)
(cherry picked from commit 9df7968f4fc72de9788d84ca3f349e4c98ee630e)
(cherry picked from commit 7d588d183329cd760053663ea2e1e82e62958409)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
---
 assets/go-licenses.json                 | 10 +++++-----
 go.mod                                  |  1 -
 go.sum                                  |  2 --
 modules/web/handler.go                  | 10 ++++++++++
 routers/web/web.go                      | 13 ++++---------
 tests/integration/lfs_getobject_test.go |  8 ++++----
 6 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 846cd55276..247d1d1f8f 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -89,11 +89,6 @@
     "path": "github.com/DataDog/zstd/LICENSE",
     "licenseText": "Simplified BSD License\n\nCopyright (c) 2016, Datadog \u003cinfo@datadoghq.com\u003e\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n    * Redistributions of source code must retain the above copyright notice,\n      this list of conditions and the following disclaimer.\n    * Redistributions in binary form must reproduce the above copyright notice,\n      this list of conditions and the following disclaimer in the documentation\n      and/or other materials provided with the distribution.\n    * Neither the name of the copyright holder nor the names of its contributors\n      may be used to endorse or promote products derived from this software\n      without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
-  {
-    "name": "github.com/NYTimes/gziphandler",
-    "path": "github.com/NYTimes/gziphandler/LICENSE",
-    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2016-2017 The New York Times Company\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
-  },
   {
     "name": "github.com/ProtonMail/go-crypto",
     "path": "github.com/ProtonMail/go-crypto/LICENSE",
@@ -669,6 +664,11 @@
     "path": "github.com/klauspost/compress/LICENSE",
     "licenseText": "Copyright (c) 2012 The Go Authors. All rights reserved.\nCopyright (c) 2019 Klaus Post. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n------------------\n\nFiles: gzhttp/*\n\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2016-2017 The New York Times Company\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n\n------------------\n\nFiles: s2/cmd/internal/readahead/*\n\nThe MIT License (MIT)\n\nCopyright (c) 2015 Klaus Post\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n---------------------\nFiles: snappy/*\nFiles: internal/snapref/*\n\nCopyright (c) 2011 The Snappy-Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n-----------------\n\nFiles: s2/cmd/internal/filepathx/*\n\nCopyright 2016 The filepathx Authors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
   },
+  {
+    "name": "github.com/klauspost/compress/gzhttp",
+    "path": "github.com/klauspost/compress/gzhttp/LICENSE",
+    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2016-2017 The New York Times Company\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
+  },
   {
     "name": "github.com/klauspost/compress/internal/snapref",
     "path": "github.com/klauspost/compress/internal/snapref/LICENSE",
diff --git a/go.mod b/go.mod
index 809d2d5e10..b2ca91fb30 100644
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,6 @@ require (
 	gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/NYTimes/gziphandler v1.1.1
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/alecthomas/chroma/v2 v2.12.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
diff --git a/go.sum b/go.sum
index 7ac58aac94..897a96ebd1 100644
--- a/go.sum
+++ b/go.sum
@@ -96,8 +96,6 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
-github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
 github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
diff --git a/modules/web/handler.go b/modules/web/handler.go
index 26b7428016..728cc5a160 100644
--- a/modules/web/handler.go
+++ b/modules/web/handler.go
@@ -147,6 +147,16 @@ func toHandlerProvider(handler any) func(next http.Handler) http.Handler {
 		}
 	}
 
+	if hp, ok := handler.(func(next http.Handler) http.HandlerFunc); ok {
+		return func(next http.Handler) http.Handler {
+			h := hp(next) // this handle could be dynamically generated, so we can't use it for debug info
+			return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+				routing.UpdateFuncInfo(req.Context(), funcInfo)
+				h.ServeHTTP(resp, req)
+			})
+		}
+	}
+
 	provider := func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(respOrig http.ResponseWriter, req *http.Request) {
 			// wrap the response writer to check whether the response has been written
diff --git a/routers/web/web.go b/routers/web/web.go
index b59ed63ca7..63b8aac7dc 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -49,17 +49,12 @@ import (
 	_ "code.gitea.io/gitea/modules/session" // to registers all internal adapters
 
 	"gitea.com/go-chi/captcha"
-	"github.com/NYTimes/gziphandler"
 	chi_middleware "github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/cors"
+	"github.com/klauspost/compress/gzhttp"
 	"github.com/prometheus/client_golang/prometheus"
 )
 
-const (
-	// GzipMinSize represents min size to compress for the body size of response
-	GzipMinSize = 1400
-)
-
 // optionsCorsHandler return a http handler which sets CORS options if enabled by config, it blocks non-CORS OPTIONS requests.
 func optionsCorsHandler() func(next http.Handler) http.Handler {
 	var corsHandler func(next http.Handler) http.Handler
@@ -245,11 +240,11 @@ func Routes() *web.Route {
 	var mid []any
 
 	if setting.EnableGzip {
-		h, err := gziphandler.GzipHandlerWithOpts(gziphandler.MinSize(GzipMinSize))
+		wrapper, err := gzhttp.NewWrapper(gzhttp.RandomJitter(32, 0, false))
 		if err != nil {
-			log.Fatal("GzipHandlerWithOpts failed: %v", err)
+			log.Fatal("gzhttp.NewWrapper failed: %v", err)
 		}
-		mid = append(mid, h)
+		mid = append(mid, wrapper)
 	}
 
 	if setting.Service.EnableCaptcha {
diff --git a/tests/integration/lfs_getobject_test.go b/tests/integration/lfs_getobject_test.go
index a87f38be8a..dad05890a9 100644
--- a/tests/integration/lfs_getobject_test.go
+++ b/tests/integration/lfs_getobject_test.go
@@ -18,9 +18,9 @@ import (
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/lfs"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/routers/web"
 	"code.gitea.io/gitea/tests"
 
+	"github.com/klauspost/compress/gzhttp"
 	gzipp "github.com/klauspost/compress/gzip"
 	"github.com/stretchr/testify/assert"
 )
@@ -132,7 +132,7 @@ func TestGetLFSSmallTokenFail(t *testing.T) {
 
 func TestGetLFSLarge(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
-	content := make([]byte, web.GzipMinSize*10)
+	content := make([]byte, gzhttp.DefaultMinSize*10)
 	for i := range content {
 		content[i] = byte(i % 256)
 	}
@@ -143,7 +143,7 @@ func TestGetLFSLarge(t *testing.T) {
 
 func TestGetLFSGzip(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
-	b := make([]byte, web.GzipMinSize*10)
+	b := make([]byte, gzhttp.DefaultMinSize*10)
 	for i := range b {
 		b[i] = byte(i % 256)
 	}
@@ -159,7 +159,7 @@ func TestGetLFSGzip(t *testing.T) {
 
 func TestGetLFSZip(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
-	b := make([]byte, web.GzipMinSize*10)
+	b := make([]byte, gzhttp.DefaultMinSize*10)
 	for i := range b {
 		b[i] = byte(i % 256)
 	}

From 1813af7391a47b79b4cd44d4feb64e3002032db6 Mon Sep 17 00:00:00 2001
From: Grigory Kirillov <txgk@bk.ru>
Date: Fri, 13 Oct 2023 14:40:41 +0300
Subject: [PATCH 20/62] [GITEA] convert feed items' titles to plain text

Refs: https://codeberg.org/forgejo/forgejo/pulls/1595

(cherry picked from commit 35b962e6313df748e8855b4dfbf748f095ea1003)
(cherry picked from commit 1004e35b84a4a0deae999cb8a4c2924b85b47c8b)
(cherry picked from commit af51dd594db229f7a986325a6070d33782d85d28)
(cherry picked from commit ef10fae29607533db3616a23043cc0f2fc2dc71a)
(cherry picked from commit ff8027ed1b0a1274b7b6e4840e31e2ad4d18b159)
(cherry picked from commit 2540ff52ef2229ad6e17578c30ae617b3771c696)
(cherry picked from commit 57b4d775e1734d2cb6dd78a4e890d3548e2324eb)
(cherry picked from commit c388aba9b50bbdd7eb13518d91f8e00c5d1bce18)
(cherry picked from commit 7a3b605c11d5a9033b7c3db882b606fb009afca3)
(cherry picked from commit cc02354d0a6872e761d8215b6630a1467c6f8e75)
(cherry picked from commit e11c5ce82aeaaa62ced4bead72aa3d37453b792a)
(cherry picked from commit d1e7798bb2b32eb3a8bd1be669191d3e3a9a2510)
---
 routers/web/feed/convert.go                   | 10 ++++-
 .../api_feed_plain_text_titles_test.go        | 40 +++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 tests/integration/api_feed_plain_text_titles_test.go

diff --git a/routers/web/feed/convert.go b/routers/web/feed/convert.go
index 4d4918a8fd..c4fa68fd61 100644
--- a/routers/web/feed/convert.go
+++ b/routers/web/feed/convert.go
@@ -21,6 +21,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 
 	"github.com/gorilla/feeds"
+	"github.com/jaytaylor/html2text"
 )
 
 func toBranchLink(ctx *context.Context, act *activities_model.Action) string {
@@ -239,8 +240,15 @@ func feedActionsToFeedItems(ctx *context.Context, actions activities_model.Actio
 			content = desc
 		}
 
+		// It's a common practice for feed generators to use plain text titles.
+		// See https://codeberg.org/forgejo/forgejo/pulls/1595
+		plainTitle, err := html2text.FromString(title, html2text.Options{OmitLinks: true})
+		if err != nil {
+			return nil, err
+		}
+
 		items = append(items, &feeds.Item{
-			Title:       title,
+			Title:       plainTitle,
 			Link:        link,
 			Description: desc,
 			Author: &feeds.Author{
diff --git a/tests/integration/api_feed_plain_text_titles_test.go b/tests/integration/api_feed_plain_text_titles_test.go
new file mode 100644
index 0000000000..a058b7321c
--- /dev/null
+++ b/tests/integration/api_feed_plain_text_titles_test.go
@@ -0,0 +1,40 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFeedPlainTextTitles(t *testing.T) {
+	// This test verifies that items' titles in feeds are generated as plain text.
+	// See https://codeberg.org/forgejo/forgejo/pulls/1595
+
+	t.Run("Feed plain text titles", func(t *testing.T) {
+		t.Run("Atom", func(t *testing.T) {
+			defer tests.PrepareTestEnv(t)()
+
+			req := NewRequest(t, "GET", "/user2/repo1.atom")
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			data := resp.Body.String()
+			assert.Contains(t, data, "<title>the_1-user.with.all.allowedChars closed issue user2/repo1#4</title>")
+		})
+
+		t.Run("RSS", func(t *testing.T) {
+			defer tests.PrepareTestEnv(t)()
+
+			req := NewRequest(t, "GET", "/user2/repo1.rss")
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			data := resp.Body.String()
+			assert.Contains(t, data, "<title>the_1-user.with.all.allowedChars closed issue user2/repo1#4</title>")
+		})
+	})
+}

From f5b8c8edea5d17ba51327684a6e8127ac0f09503 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 20 Oct 2023 11:40:32 +0200
Subject: [PATCH 21/62] [GITEA] Add repo empty check for branch feed

- If you attempted to get a branch feed on a empty repository, it would
result in a panic as the code expects that the branch exists.
- `context.RepoRefByType` would normally already 404 if the branch
doesn't exist, however if a repository is empty, it would not do this
check.
- Fix bug where `/atom/branch/*` would return a RSS feed.

(cherry picked from commit d27bcd98a41b69e313535e5e91e4272136a4bab1)
(cherry picked from commit c58566403df728c1f71b1dd554a573c011a59d7e)
(cherry picked from commit b8b3f6ab8b576a28ed06cc0e501b14950cf78282)
(cherry picked from commit 195520100b214d6bf7a2740507f0a7ae10e5a7d1)
(cherry picked from commit 6e417087ddf41e79a146366a5db157c7a76af615)
(cherry picked from commit ff91e5957ac728118cddb06bddd95d32cb4df815)
(cherry picked from commit 6626d5cc75681d3b16b4496a4e0e83a257a3f46a)
(cherry picked from commit 62f8ab793b12251e1793bc14ace95cda76121baa)
(cherry picked from commit e5bbf1a2d060b4ef1324afd8ed9b38e294b3dffb)
---
 routers/web/feed/render.go              | 13 +++---
 routers/web/repo/view.go                | 15 +++++--
 routers/web/web.go                      |  4 +-
 tests/integration/api_feed_user_test.go | 55 ++++++++++++++++++++++++-
 4 files changed, 73 insertions(+), 14 deletions(-)

diff --git a/routers/web/feed/render.go b/routers/web/feed/render.go
index 8931dae8cc..41f9af1c8c 100644
--- a/routers/web/feed/render.go
+++ b/routers/web/feed/render.go
@@ -8,11 +8,12 @@ import (
 )
 
 // RenderBranchFeed render format for branch or file
-func RenderBranchFeed(ctx *context.Context) {
-	_, _, showFeedType := GetFeedType(ctx.Params(":reponame"), ctx.Req)
-	if ctx.Repo.TreePath == "" {
-		ShowBranchFeed(ctx, ctx.Repo.Repository, showFeedType)
-	} else {
-		ShowFileFeed(ctx, ctx.Repo.Repository, showFeedType)
+func RenderBranchFeed(feedType string) func(ctx *context.Context) {
+	return func(ctx *context.Context) {
+		if ctx.Repo.TreePath == "" {
+			ShowBranchFeed(ctx, ctx.Repo.Repository, feedType)
+		} else {
+			ShowFileFeed(ctx, ctx.Repo.Repository, feedType)
+		}
 	}
 }
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index c6ceca5021..576e17a4f9 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -728,12 +728,19 @@ func Home(ctx *context.Context) {
 	if setting.Other.EnableFeed {
 		isFeed, _, showFeedType := feed.GetFeedType(ctx.Params(":reponame"), ctx.Req)
 		if isFeed {
-			switch {
-			case ctx.Link == fmt.Sprintf("%s.%s", ctx.Repo.RepoLink, showFeedType):
+			if ctx.Link == fmt.Sprintf("%s.%s", ctx.Repo.RepoLink, showFeedType) {
 				feed.ShowRepoFeed(ctx, ctx.Repo.Repository, showFeedType)
-			case ctx.Repo.TreePath == "":
+				return
+			}
+
+			if ctx.Repo.Repository.IsEmpty {
+				ctx.NotFound("MustBeNotEmpty", nil)
+				return
+			}
+
+			if ctx.Repo.TreePath == "" {
 				feed.ShowBranchFeed(ctx, ctx.Repo.Repository, showFeedType)
-			case ctx.Repo.TreePath != "":
+			} else {
 				feed.ShowFileFeed(ctx, ctx.Repo.Repository, showFeedType)
 			}
 			return
diff --git a/routers/web/web.go b/routers/web/web.go
index 63b8aac7dc..6ca4277faf 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1497,8 +1497,8 @@ func registerRoutes(m *web.Route) {
 			m.Get("/cherry-pick/{sha:([a-f0-9]{7,40})$}", repo.SetEditorconfigIfExists, repo.CherryPick)
 		}, repo.MustBeNotEmpty, context.RepoRef(), reqRepoCodeReader)
 
-		m.Get("/rss/branch/*", context.RepoRefByType(context.RepoRefBranch), feedEnabled, feed.RenderBranchFeed)
-		m.Get("/atom/branch/*", context.RepoRefByType(context.RepoRefBranch), feedEnabled, feed.RenderBranchFeed)
+		m.Get("/rss/branch/*", repo.MustBeNotEmpty, context.RepoRefByType(context.RepoRefBranch), feedEnabled, feed.RenderBranchFeed("rss"))
+		m.Get("/atom/branch/*", repo.MustBeNotEmpty, context.RepoRefByType(context.RepoRefBranch), feedEnabled, feed.RenderBranchFeed("atom"))
 
 		m.Group("/src", func() {
 			m.Get("/branch/*", context.RepoRefByType(context.RepoRefBranch), repo.Home)
diff --git a/tests/integration/api_feed_user_test.go b/tests/integration/api_feed_user_test.go
index c44f9a1951..608f7608ae 100644
--- a/tests/integration/api_feed_user_test.go
+++ b/tests/integration/api_feed_user_test.go
@@ -7,15 +7,19 @@ import (
 	"net/http"
 	"testing"
 
+	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
 )
 
 func TestFeed(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
 	t.Run("User", func(t *testing.T) {
 		t.Run("Atom", func(t *testing.T) {
-			defer tests.PrepareTestEnv(t)()
+			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequest(t, "GET", "/user2.atom")
 			resp := MakeRequest(t, req, http.StatusOK)
@@ -25,7 +29,7 @@ func TestFeed(t *testing.T) {
 		})
 
 		t.Run("RSS", func(t *testing.T) {
-			defer tests.PrepareTestEnv(t)()
+			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequest(t, "GET", "/user2.rss")
 			resp := MakeRequest(t, req, http.StatusOK)
@@ -34,4 +38,51 @@ func TestFeed(t *testing.T) {
 			assert.Contains(t, data, `<rss version="2.0"`)
 		})
 	})
+
+	t.Run("Repo", func(t *testing.T) {
+		t.Run("Normal", func(t *testing.T) {
+			t.Run("Atom", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				req := NewRequest(t, "GET", "/user2/repo1/atom/branch/master")
+				resp := MakeRequest(t, req, http.StatusOK)
+
+				data := resp.Body.String()
+				assert.Contains(t, data, `<feed xmlns="http://www.w3.org/2005/Atom"`)
+			})
+			t.Run("RSS", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				req := NewRequest(t, "GET", "/user2/repo1/rss/branch/master")
+				resp := MakeRequest(t, req, http.StatusOK)
+
+				data := resp.Body.String()
+				assert.Contains(t, data, `<rss version="2.0"`)
+			})
+		})
+		t.Run("Empty", func(t *testing.T) {
+			err := user_model.UpdateUserCols(db.DefaultContext, &user_model.User{ID: 30, ProhibitLogin: false}, "prohibit_login")
+			assert.NoError(t, err)
+
+			session := loginUser(t, "user30")
+			t.Run("Atom", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				req := NewRequest(t, "GET", "/user30/empty/atom/branch/master")
+				session.MakeRequest(t, req, http.StatusNotFound)
+
+				req = NewRequest(t, "GET", "/user30/empty.atom/src/branch/master")
+				session.MakeRequest(t, req, http.StatusNotFound)
+			})
+			t.Run("RSS", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				req := NewRequest(t, "GET", "/user30/empty/rss/branch/master")
+				session.MakeRequest(t, req, http.StatusNotFound)
+
+				req = NewRequest(t, "GET", "/user30/empty.rss/src/branch/master")
+				session.MakeRequest(t, req, http.StatusNotFound)
+			})
+		})
+	})
 }

From 10e890ed8e7205c140677ff74db393fc0052da14 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 4 Nov 2023 22:09:19 +0100
Subject: [PATCH 22/62] [GITEA] Use existing error functionality

- There's no need to use `github.com/pkg/errors` when the standard
library already has the functionality to wrap and create errors.

(cherry picked from commit 40f603a538036ce7e150adf404374d794eb46993)
(cherry picked from commit aa68a2753f204dfe44a037ccc91dacc2a0a53803)
(cherry picked from commit 48e252d73961ae17b56544bae79bc812dac10c44)
(cherry picked from commit cc6f40ccd208a6fd1527ba08e3123e9b01b218ab)
(cherry picked from commit 03c4b9735824bfaed19df14550ef458d52667b40)
(cherry picked from commit f25eeb76958b78fbe00fc6556aec8a37aba0ecdf)
(cherry picked from commit 989d8fa1cb81e0ff017ac575fdd1cf12507eb42b)
---
 go.mod                         |  2 +-
 services/pull/commit_status.go | 19 ++++++++++---------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index b2ca91fb30..c9cf8c22e5 100644
--- a/go.mod
+++ b/go.mod
@@ -83,7 +83,6 @@ require (
 	github.com/olivere/elastic/v7 v7.0.32
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0-rc5
-	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
 	github.com/prometheus/client_golang v1.17.0
 	github.com/quasoft/websspi v1.1.2
@@ -245,6 +244,7 @@ require (
 	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
 	github.com/pierrec/lz4/v4 v4.1.19 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.45.0 // indirect
diff --git a/services/pull/commit_status.go b/services/pull/commit_status.go
index 39d60380ff..94acd504ef 100644
--- a/services/pull/commit_status.go
+++ b/services/pull/commit_status.go
@@ -6,6 +6,8 @@ package pull
 
 import (
 	"context"
+	"errors"
+	"fmt"
 
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
@@ -15,7 +17,6 @@ import (
 	"code.gitea.io/gitea/modules/structs"
 
 	"github.com/gobwas/glob"
-	"github.com/pkg/errors"
 )
 
 // MergeRequiredContextsCommitStatus returns a commit status state for given required contexts
@@ -95,7 +96,7 @@ func IsCommitStatusContextSuccess(commitStatuses []*git_model.CommitStatus, requ
 func IsPullCommitStatusPass(ctx context.Context, pr *issues_model.PullRequest) (bool, error) {
 	pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
 	if err != nil {
-		return false, errors.Wrap(err, "GetLatestCommitStatus")
+		return false, fmt.Errorf("GetFirstMatchProtectedBranchRule: %w", err)
 	}
 	if pb == nil || !pb.EnableStatusCheck {
 		return true, nil
@@ -112,21 +113,21 @@ func IsPullCommitStatusPass(ctx context.Context, pr *issues_model.PullRequest) (
 func GetPullRequestCommitStatusState(ctx context.Context, pr *issues_model.PullRequest) (structs.CommitStatusState, error) {
 	// Ensure HeadRepo is loaded
 	if err := pr.LoadHeadRepo(ctx); err != nil {
-		return "", errors.Wrap(err, "LoadHeadRepo")
+		return "", fmt.Errorf("LoadHeadRepo: %w", err)
 	}
 
 	// check if all required status checks are successful
 	headGitRepo, closer, err := git.RepositoryFromContextOrOpen(ctx, pr.HeadRepo.RepoPath())
 	if err != nil {
-		return "", errors.Wrap(err, "OpenRepository")
+		return "", fmt.Errorf("RepositoryFromContextOrOpen: %w", err)
 	}
 	defer closer.Close()
 
 	if pr.Flow == issues_model.PullRequestFlowGithub && !headGitRepo.IsBranchExist(pr.HeadBranch) {
-		return "", errors.New("Head branch does not exist, can not merge")
+		return "", errors.New("head branch does not exist, can not merge")
 	}
 	if pr.Flow == issues_model.PullRequestFlowAGit && !git.IsReferenceExist(ctx, headGitRepo.Path, pr.GetGitRefName()) {
-		return "", errors.New("Head branch does not exist, can not merge")
+		return "", errors.New("head branch does not exist, can not merge")
 	}
 
 	var sha string
@@ -140,17 +141,17 @@ func GetPullRequestCommitStatusState(ctx context.Context, pr *issues_model.PullR
 	}
 
 	if err := pr.LoadBaseRepo(ctx); err != nil {
-		return "", errors.Wrap(err, "LoadBaseRepo")
+		return "", fmt.Errorf("LoadBaseRepo: %w", err)
 	}
 
 	commitStatuses, _, err := git_model.GetLatestCommitStatus(ctx, pr.BaseRepo.ID, sha, db.ListOptions{ListAll: true})
 	if err != nil {
-		return "", errors.Wrap(err, "GetLatestCommitStatus")
+		return "", fmt.Errorf("GetLatestCommitStatus: %w", err)
 	}
 
 	pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
 	if err != nil {
-		return "", errors.Wrap(err, "LoadProtectedBranch")
+		return "", fmt.Errorf("GetFirstMatchProtectedBranchRule: %w", err)
 	}
 	var requiredContexts []string
 	if pb != nil {

From fef94aff1c8b35d9a10cf735d4c7ba05f82c95b4 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 11 Nov 2023 13:01:24 +0100
Subject: [PATCH 23/62] [GITEA] Add noreply email address as verified for SSH
 signed Git commits

- When someone really wants to avoid sharing their email, they could
configure git to use the noreply email for git commits. However if they
also wanted to use SSH signing, it would not show up as verified as the
noreply email address was technically not an activated email address for
the user.
- Add unit tests for the `ParseCommitWithSSHSignature` function.
- Resolves https://codeberg.org/Codeberg/Community/issues/946

(cherry picked from commit 1685de7eba9343043c1e2cb277482eafb578095a)
(cherry picked from commit b1e8858de9d4f1e2f6bee31d4e399b07a7a69a8e)
(cherry picked from commit 1a6bf24d28522d57a56dcbdcf23ef19508ac39c8)
(cherry picked from commit 01229433456aa0836adbaafa06bcbefcf4111451)
(cherry picked from commit cc836148534ecf6e007eeb913cd94264fda171d3)
(cherry picked from commit 429febe0dc2e49bae6ce747c318e68a99b1da9a8)
(cherry picked from commit 58a9c2ebe9518576a1b399cce9089fd4894a5c38)
---
 models/asymkey/main_test.go                   |   1 +
 models/asymkey/ssh_key_commit_verification.go |   6 +
 .../ssh_key_commit_verification_test.go       | 146 ++++++++++++++++++
 .../public_key.yml                            |  13 ++
 4 files changed, 166 insertions(+)
 create mode 100644 models/asymkey/ssh_key_commit_verification_test.go
 create mode 100644 models/fixtures/TestParseCommitWithSSHSignature/public_key.yml

diff --git a/models/asymkey/main_test.go b/models/asymkey/main_test.go
index be71f848d9..87b5c22c4a 100644
--- a/models/asymkey/main_test.go
+++ b/models/asymkey/main_test.go
@@ -14,6 +14,7 @@ func TestMain(m *testing.M) {
 		FixtureFiles: []string{
 			"gpg_key.yml",
 			"public_key.yml",
+			"TestParseCommitWithSSHSignature/public_key.yml",
 			"deploy_key.yml",
 			"gpg_key_import.yml",
 			"user.yml",
diff --git a/models/asymkey/ssh_key_commit_verification.go b/models/asymkey/ssh_key_commit_verification.go
index 27c6df3578..2b802710a8 100644
--- a/models/asymkey/ssh_key_commit_verification.go
+++ b/models/asymkey/ssh_key_commit_verification.go
@@ -39,6 +39,12 @@ func ParseCommitWithSSHSignature(ctx context.Context, c *git.Commit, committer *
 			log.Error("GetEmailAddresses: %v", err)
 		}
 
+		// Add the noreply email address as verified address.
+		committerEmailAddresses = append(committerEmailAddresses, &user_model.EmailAddress{
+			IsActivated: true,
+			Email:       committer.GetPlaceholderEmail(),
+		})
+
 		activated := false
 		for _, e := range committerEmailAddresses {
 			if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {
diff --git a/models/asymkey/ssh_key_commit_verification_test.go b/models/asymkey/ssh_key_commit_verification_test.go
new file mode 100644
index 0000000000..e1ed409bd7
--- /dev/null
+++ b/models/asymkey/ssh_key_commit_verification_test.go
@@ -0,0 +1,146 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package asymkey
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestParseCommitWithSSHSignature(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	sshKey := unittest.AssertExistsAndLoadBean(t, &PublicKey{ID: 1000, OwnerID: 2})
+
+	t.Run("No commiter", func(t *testing.T) {
+		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, &git.Commit{}, &user_model.User{})
+		assert.False(t, commitVerification.Verified)
+		assert.Equal(t, NoKeyFound, commitVerification.Reason)
+	})
+
+	t.Run("Commiter without keys", func(t *testing.T) {
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+
+		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, &git.Commit{Committer: &git.Signature{Email: user.Email}}, user)
+		assert.False(t, commitVerification.Verified)
+		assert.Equal(t, NoKeyFound, commitVerification.Reason)
+	})
+
+	t.Run("Correct signature with wrong email", func(t *testing.T) {
+		gitCommit := &git.Commit{
+			Committer: &git.Signature{
+				Email: "non-existent",
+			},
+			Signature: &git.CommitGPGSignature{
+				Payload: `tree 2d491b2985a7ff848d5c02748e7ea9f9f7619f9f
+parent 45b03601635a1f463b81963a4022c7f87ce96ef9
+author user2 <non-existent> 1699710556 +0100
+committer user2 <non-existent> 1699710556 +0100
+
+Using email that isn't known to Forgejo
+`,
+				Signature: `-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95
+f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
+AAAAQIMufOuSjZeDUujrkVK4sl7ICa0WwEftas8UAYxx0Thdkiw2qWjR1U1PKfTLm16/w8
+/bS1LX1lZNuzm2LR2qEgw=
+-----END SSH SIGNATURE-----
+`,
+			},
+		}
+		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)
+		assert.False(t, commitVerification.Verified)
+		assert.Equal(t, NoKeyFound, commitVerification.Reason)
+	})
+
+	t.Run("Incorrect signature with correct email", func(t *testing.T) {
+		gitCommit := &git.Commit{
+			Committer: &git.Signature{
+				Email: "user2@example.com",
+			},
+			Signature: &git.CommitGPGSignature{
+				Payload: `tree 853694aae8816094a0d875fee7ea26278dbf5d0f
+parent c2780d5c313da2a947eae22efd7dacf4213f4e7f
+author user2 <user2@example.com> 1699707877 +0100
+committer user2 <user2@example.com> 1699707877 +0100
+
+Add content
+`,
+				Signature: `-----BEGIN SSH SIGNATURE-----`,
+			},
+		}
+
+		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)
+		assert.False(t, commitVerification.Verified)
+		assert.Equal(t, NoKeyFound, commitVerification.Reason)
+	})
+
+	t.Run("Valid signature with correct email", func(t *testing.T) {
+		gitCommit := &git.Commit{
+			Committer: &git.Signature{
+				Email: "user2@example.com",
+			},
+			Signature: &git.CommitGPGSignature{
+				Payload: `tree 853694aae8816094a0d875fee7ea26278dbf5d0f
+parent c2780d5c313da2a947eae22efd7dacf4213f4e7f
+author user2 <user2@example.com> 1699707877 +0100
+committer user2 <user2@example.com> 1699707877 +0100
+
+Add content
+`,
+				Signature: `-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95
+f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
+AAAAQBe2Fwk/FKY3SBCnG6jSYcO6ucyahp2SpQ/0P+otslzIHpWNW8cQ0fGLdhhaFynJXQ
+fs9cMpZVM9BfIKNUSO8QY=
+-----END SSH SIGNATURE-----
+`,
+			},
+		}
+
+		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)
+		assert.True(t, commitVerification.Verified)
+		assert.Equal(t, "user2 / SHA256:TKfwbZMR7e9OnlV2l1prfah1TXH8CmqR0PvFEXVCXA4", commitVerification.Reason)
+		assert.Equal(t, sshKey, commitVerification.SigningSSHKey)
+	})
+
+	t.Run("Valid signature with noreply email", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Service.NoReplyAddress, "noreply.example.com")()
+
+		gitCommit := &git.Commit{
+			Committer: &git.Signature{
+				Email: "user2@noreply.example.com",
+			},
+			Signature: &git.CommitGPGSignature{
+				Payload: `tree 4836c7f639f37388bab4050ef5c97bbbd54272fc
+parent 795be1b0117ea5c65456050bb9fd84744d4fd9c6
+author user2 <user2@noreply.example.com> 1699709594 +0100
+committer user2 <user2@noreply.example.com> 1699709594 +0100
+
+Commit with noreply
+`,
+				Signature: `-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95
+f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
+AAAAQJz83KKxD6Bz/ZvNpqkA3RPOSQ4LQ5FfEItbtoONkbwV9wAWMnmBqgggo/lnXCJ3oq
+muPLbvEduU+Ze/1Ol1pgk=
+-----END SSH SIGNATURE-----
+`,
+			},
+		}
+
+		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)
+		assert.True(t, commitVerification.Verified)
+		assert.Equal(t, "user2 / SHA256:TKfwbZMR7e9OnlV2l1prfah1TXH8CmqR0PvFEXVCXA4", commitVerification.Reason)
+		assert.Equal(t, sshKey, commitVerification.SigningSSHKey)
+	})
+}
diff --git a/models/fixtures/TestParseCommitWithSSHSignature/public_key.yml b/models/fixtures/TestParseCommitWithSSHSignature/public_key.yml
new file mode 100644
index 0000000000..f76dabb1c1
--- /dev/null
+++ b/models/fixtures/TestParseCommitWithSSHSignature/public_key.yml
@@ -0,0 +1,13 @@
+-
+  id: 1000
+  owner_id: 2
+  name: user2@localhost
+  fingerprint: "SHA256:TKfwbZMR7e9OnlV2l1prfah1TXH8CmqR0PvFEXVCXA4"
+  content: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBknvWcuxM/W0iXGkzY4f2O6feX+Q7o46pKcxUbcOgh user2@localhost"
+  # private key (base64-ed) LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDZ1pKNzFuTHNUUDF0SWx4cE0yT0g5anVuM2wva082T09xU25NVkczRG9JUUFBQUpocG43YTZhWisyCnVnQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ2daSjcxbkxzVFAxdElseHBNMk9IOWp1bjNsL2tPNk9PcVNuTVZHM0RvSVEKQUFBRUFxVm12bmo1LzZ5TW12ck9Ub29xa3F5MmUrc21aK0tBcEtKR0crRnY5MlA2QmtudldjdXhNL1cwaVhHa3pZNGYyTwo2ZmVYK1E3bzQ2cEtjeFViY09naEFBQUFFMmQxYzNSbFpFQm5kWE4wWldRdFltVmhjM1FCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0=
+  mode: 2
+  type: 1
+  verified: true
+  created_unix: 1559593109
+  updated_unix: 1565224552
+  login_source_id: 0

From bb6261f8479ee8925ddc7f0079b414ef85f04d73 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 14 Nov 2023 19:24:20 +0100
Subject: [PATCH 24/62] [GITEA] Accept shorter commit IDs in web route

- Be more liberal in what Forgejo accepts, by reducing the minimum
amount of characters for SHA to 4 characters, which is the minimum
amount that  Git needs in order to figure out which commit was meant.
- It's safe to reduce this requirements, as commits are passed to Git
which will error if the given commit ID results in more than one Git
object. Forgejo will catch this error as that the Commit doesn't exist,
which is a error that's already being handled in most places gracefully.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1760

(cherry picked from commit 0d655c7384b081c36aa4c6b7167280f52c1c42d3)
(cherry picked from commit 9b9aca2a02b06f41f6db847a77ea29f6385b46d2)
(cherry picked from commit 0d0ab1af1fb05e26168c112523f1400fef67f9b0)
(cherry picked from commit d3b352c85482e59c9d1da24a8fe0eb68b0f5858e)
(cherry picked from commit d6af2094df4611d590d8c5062743f5e39f2a7bd8)
(cherry picked from commit f96e55a7a9f06ff987a5e9663da492720d162b76)
---
 routers/web/web.go             | 20 ++++++++---------
 tests/integration/repo_test.go | 40 ++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/routers/web/web.go b/routers/web/web.go
index 6ca4277faf..5172d33d03 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1229,7 +1229,7 @@ func registerRoutes(m *web.Route) {
 					Post(web.Bind(forms.UploadRepoFileForm{}), repo.UploadFilePost)
 				m.Combo("/_diffpatch/*").Get(repo.NewDiffPatch).
 					Post(web.Bind(forms.EditRepoFileForm{}), repo.NewDiffPatchPost)
-				m.Combo("/_cherrypick/{sha:([a-f0-9]{7,40})}/*").Get(repo.CherryPick).
+				m.Combo("/_cherrypick/{sha:([a-f0-9]{4,40})}/*").Get(repo.CherryPick).
 					Post(web.Bind(forms.CherryPickForm{}), repo.CherryPickPost)
 			}, repo.MustBeEditable)
 			m.Group("", func() {
@@ -1371,8 +1371,8 @@ func registerRoutes(m *web.Route) {
 			m.Combo("/*").
 				Get(repo.Wiki).
 				Post(context.RepoMustNotBeArchived(), reqSignIn, reqRepoWikiWriter, web.Bind(forms.NewWikiForm{}), repo.WikiPost)
-			m.Get("/commit/{sha:[a-f0-9]{7,40}}", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.Diff)
-			m.Get("/commit/{sha:[a-f0-9]{7,40}}.{ext:patch|diff}", repo.RawDiff)
+			m.Get("/commit/{sha:[a-f0-9]{4,40}}", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.Diff)
+			m.Get("/commit/{sha:[a-f0-9]{4,40}}.{ext:patch|diff}", repo.RawDiff)
 		}, repo.MustEnableWiki, func(ctx *context.Context) {
 			ctx.Data["PageIsWiki"] = true
 			ctx.Data["CloneButtonOriginLink"] = ctx.Repo.Repository.WikiCloneLink()
@@ -1432,7 +1432,7 @@ func registerRoutes(m *web.Route) {
 			m.Group("/commits", func() {
 				m.Get("", context.RepoRef(), repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewPullCommits)
 				m.Get("/list", context.RepoRef(), repo.GetPullCommits)
-				m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
+				m.Get("/{sha:[a-f0-9]{4,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
 			})
 			m.Post("/merge", context.RepoMustNotBeArchived(), web.Bind(forms.MergePullRequestForm{}), repo.MergePullRequest)
 			m.Post("/cancel_auto_merge", context.RepoMustNotBeArchived(), repo.CancelAutoMergePullRequest)
@@ -1441,8 +1441,8 @@ func registerRoutes(m *web.Route) {
 			m.Post("/cleanup", context.RepoMustNotBeArchived(), context.RepoRef(), repo.CleanUpPullRequest)
 			m.Group("/files", func() {
 				m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForAllCommitsOfPr)
-				m.Get("/{sha:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesStartingFromCommit)
-				m.Get("/{shaFrom:[a-f0-9]{7,40}}..{shaTo:[a-f0-9]{7,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForRange)
+				m.Get("/{sha:[a-f0-9]{4,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesStartingFromCommit)
+				m.Get("/{shaFrom:[a-f0-9]{4,40}}..{shaTo:[a-f0-9]{4,40}}", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForRange)
 				m.Group("/reviews", func() {
 					m.Get("/new_comment", repo.RenderNewCodeCommentForm)
 					m.Post("/comments", web.Bind(forms.CodeCommentForm{}), repo.SetShowOutdatedComments, repo.CreateCodeComment)
@@ -1492,9 +1492,9 @@ func registerRoutes(m *web.Route) {
 
 		m.Group("", func() {
 			m.Get("/graph", repo.Graph)
-			m.Get("/commit/{sha:([a-f0-9]{7,40})$}", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.Diff)
-			m.Get("/commit/{sha:([a-f0-9]{7,40})$}/load-branches-and-tags", repo.LoadBranchesAndTags)
-			m.Get("/cherry-pick/{sha:([a-f0-9]{7,40})$}", repo.SetEditorconfigIfExists, repo.CherryPick)
+			m.Get("/commit/{sha:([a-f0-9]{4,40})$}", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.Diff)
+			m.Get("/commit/{sha:([a-f0-9]{4,40})$}/load-branches-and-tags", repo.LoadBranchesAndTags)
+			m.Get("/cherry-pick/{sha:([a-f0-9]{4,40})$}", repo.SetEditorconfigIfExists, repo.CherryPick)
 		}, repo.MustBeNotEmpty, context.RepoRef(), reqRepoCodeReader)
 
 		m.Get("/rss/branch/*", repo.MustBeNotEmpty, context.RepoRefByType(context.RepoRefBranch), feedEnabled, feed.RenderBranchFeed("rss"))
@@ -1511,7 +1511,7 @@ func registerRoutes(m *web.Route) {
 		m.Group("", func() {
 			m.Get("/forks", repo.Forks)
 		}, context.RepoRef(), reqRepoCodeReader)
-		m.Get("/commit/{sha:([a-f0-9]{7,40})}.{ext:patch|diff}", repo.MustBeNotEmpty, reqRepoCodeReader, repo.RawDiff)
+		m.Get("/commit/{sha:([a-f0-9]{4,40})}.{ext:patch|diff}", repo.MustBeNotEmpty, reqRepoCodeReader, repo.RawDiff)
 	}, ignSignIn, context.RepoAssignment, context.UnitTypes())
 
 	m.Post("/{username}/{reponame}/lastcommit/*", ignSignInAndCsrf, context.RepoAssignment, context.UnitTypes(), context.RepoRefByType(context.RepoRefCommit), reqRepoCodeReader, repo.LastCommit)
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 0dbe1a525f..3393f147ea 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -582,3 +582,43 @@ func TestRenamedFileHistory(t *testing.T) {
 		htmlDoc.AssertElement(t, ".ui.bottom.attached.header", false)
 	})
 }
+
+func TestCommitView(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Non-existent commit", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/commit/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("Too short commit ID", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/commit/65f")
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("Short commit ID", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/commit/65f1")
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		doc := NewHTMLParser(t, resp.Body)
+		commitTitle := doc.Find(".commit-summary").Text()
+		assert.Contains(t, commitTitle, "Initial commit")
+	})
+
+	t.Run("Full commit ID", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/commit/65f1bf27bc3bf70f64657658635e66094edbcb4d")
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		doc := NewHTMLParser(t, resp.Body)
+		commitTitle := doc.Find(".commit-summary").Text()
+		assert.Contains(t, commitTitle, "Initial commit")
+	})
+}

From fd98f55204f1cec66c3941d85b45dc84f8ab9ecd Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Sun, 19 Nov 2023 11:50:05 +0000
Subject: [PATCH 25/62] [GITEA] oauth2: use link_account page when
 email/username is missing (#1757)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1757
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
(cherry picked from commit 0f6e0f90359b4b669d297a533de18b41e3293df2)
(cherry picked from commit 779168a572c521507a35ba624dbd032ec28f272e)
(cherry picked from commit 29a2457321e4587f55b333d0c5698925e403f026)
(cherry picked from commit a1edc2314d2687c9320d884f8a584d8b539eec96)
(cherry picked from commit cd015946109d39c6e30091de2fff47eba01eb937)
(cherry picked from commit 74db46b0f50a5b465269688ef83e170b7584e2be)
---
 routers/web/auth/oauth.go       | 20 ++++++++++++--------
 tests/integration/oauth_test.go | 27 +++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 8 deletions(-)

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 9968fbe6a6..60229bc873 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -951,10 +951,16 @@ func SignInOAuthCallback(ctx *context.Context) {
 			return
 		} else if !setting.Service.AllowOnlyInternalRegistration && setting.OAuth2Client.EnableAutoRegistration {
 			// create new user with details from oauth2 provider
-			var missingFields []string
 			if gothUser.UserID == "" {
-				missingFields = append(missingFields, "sub")
+				log.Error("OAuth2 Provider %s returned empty or missing field: UserID", authSource.Name)
+				if authSource.IsOAuth2() && authSource.Cfg.(*oauth2.Source).Provider == "openidConnect" {
+					log.Error("You may need to change the 'OPENID_CONNECT_SCOPES' setting to request all required fields")
+				}
+				err = fmt.Errorf("OAuth2 Provider %s returned empty or missing field: UserID", authSource.Name)
+				ctx.ServerError("CreateUser", err)
+				return
 			}
+			var missingFields []string
 			if gothUser.Email == "" {
 				missingFields = append(missingFields, "email")
 			}
@@ -962,12 +968,10 @@ func SignInOAuthCallback(ctx *context.Context) {
 				missingFields = append(missingFields, "nickname")
 			}
 			if len(missingFields) > 0 {
-				log.Error("OAuth2 Provider %s returned empty or missing fields: %s", authSource.Name, missingFields)
-				if authSource.IsOAuth2() && authSource.Cfg.(*oauth2.Source).Provider == "openidConnect" {
-					log.Error("You may need to change the 'OPENID_CONNECT_SCOPES' setting to request all required fields")
-				}
-				err = fmt.Errorf("OAuth2 Provider %s returned empty or missing fields: %s", authSource.Name, missingFields)
-				ctx.ServerError("CreateUser", err)
+				// we don't have enough information to create an account automatically,
+				// so we prompt the user for the remaining bits
+				log.Trace("OAuth2 Provider %s returned empty or missing fields: %s, prompting the user for them", authSource.Name, missingFields)
+				showLinkingLogin(ctx, gothUser)
 				return
 			}
 			u = &user_model.User{
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index 4a00d73a02..fed73696e3 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -469,3 +469,30 @@ func TestSignInOAuthCallbackSignIn(t *testing.T) {
 	userAfterLogin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userGitLab.ID})
 	assert.Greater(t, userAfterLogin.LastLoginUnix, userGitLab.LastLoginUnix)
 }
+
+func TestSignUpViaOAuthWithMissingFields(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	// enable auto-creation of accounts via OAuth2
+	enableAutoRegistration := setting.OAuth2Client.EnableAutoRegistration
+	setting.OAuth2Client.EnableAutoRegistration = true
+	defer func() {
+		setting.OAuth2Client.EnableAutoRegistration = enableAutoRegistration
+	}()
+
+	// OAuth2 authentication source GitLab
+	gitlabName := "gitlab"
+	addAuthSource(t, authSourcePayloadGitLabCustom(gitlabName))
+	userGitLabUserID := "5678"
+
+	// The Goth User returned by the oauth2 integration is missing
+	// an email address, so we won't be able to automatically create a local account for it.
+	defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
+		return goth.User{
+			Provider: gitlabName,
+			UserID:   userGitLabUserID,
+		}, nil
+	})()
+	req := NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName))
+	resp := MakeRequest(t, req, http.StatusSeeOther)
+	assert.Equal(t, test.RedirectURL(resp), "/user/link_account")
+}

From 77dbdae02cccabfcfa04c5b4f2200e90329abd25 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 20 Nov 2023 11:16:21 +0100
Subject: [PATCH 26/62] [GITEA] Improve display of Webauthn keys' creation time

- Unify how the creation time of webauthn keys are shown with GPG and
SSH keys.
- Instead of using the time since, show the date that the key was
created.

(cherry picked from commit 89fb988fdd700ac10e6358e462f3365b85171e81)
(cherry picked from commit 0a2db6215cb10a6bfcb558f5afabc7fba208e3f8)
(cherry picked from commit a39eac2e12865004667c6abd00300521ff2db771)
(cherry picked from commit fa164c97836bca08d30138c6b74dffe73196cbe5)
(cherry picked from commit e02dcf00654ed8628b323ee4f72549278e46f998)
(cherry picked from commit a515b10137e3923dfeb1c246f21605f3ccb8f969)
---
 templates/user/settings/security/webauthn.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/user/settings/security/webauthn.tmpl b/templates/user/settings/security/webauthn.tmpl
index dd8b8a4e59..aaffe8d4d5 100644
--- a/templates/user/settings/security/webauthn.tmpl
+++ b/templates/user/settings/security/webauthn.tmpl
@@ -11,7 +11,7 @@
 				</div>
 				<div class="flex-item-main">
 					<div class="flex-item-title">{{.Name}}</div>
-					<span class="flex-item-body time">{{TimeSinceUnix .CreatedUnix ctx.Locale}}</span>
+					<i class="flex-item-body">{{ctx.Locale.Tr "settings.added_on" (DateTime "short" .CreatedUnix) | Safe}}</i>
 				</div>
 				<div class="flex-item-trailing">
 					<button class="ui red tiny button delete-button" data-modal-id="delete-registration" data-url="{{$.Link}}/webauthn/delete" data-id="{{.ID}}">

From f0894ae00319e0dff37392af752447f849bbe783 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 20 Nov 2023 09:43:52 +0100
Subject: [PATCH 27/62] [GITEA] Add cancel button to wiki

- Add a cancel button to the Edit and New wiki pages.
- Resolves https://codeberg.org/forgejo/forgejo/issues/705

(cherry picked from commit 3284f690ea6a9a41da05f8229aadfd55e222df1c)
(cherry picked from commit 9f8bf83b0e7845a44ca91bc8497356dbab059374)
(cherry picked from commit bfd03a9f309fbb9413601daa304cea8f16b627ad)
(cherry picked from commit 6b5d5e0cf7547acf38d28e5ec26be82e78357e49)
(cherry picked from commit 3ef3ec0d8205bf168b02e8a91d20a6df685e242a)
(cherry picked from commit 5ae55325ef8213242f3a946d2347499bd5b960bd)
---
 options/locale/locale_en-US.ini | 1 +
 templates/repo/wiki/new.tmpl    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index c160aa3d49..09ee4dfe8e 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1893,6 +1893,7 @@ wiki.page_title = Page title
 wiki.page_content = Page content
 wiki.default_commit_message = Write a note about this page update (optional).
 wiki.save_page = Save Page
+wiki.cancel = Cancel
 wiki.last_commit_info = %s edited this page %s
 wiki.edit_page_button = Edit
 wiki.new_page_button = New Page
diff --git a/templates/repo/wiki/new.tmpl b/templates/repo/wiki/new.tmpl
index ff31df0c32..0d0e78c7ad 100644
--- a/templates/repo/wiki/new.tmpl
+++ b/templates/repo/wiki/new.tmpl
@@ -39,6 +39,7 @@
 				<button class="ui primary button">
 					{{ctx.Locale.Tr "repo.wiki.save_page"}}
 				</button>
+				<a class="ui button red" href="{{.Link}}">{{ctx.Locale.Tr "repo.wiki.cancel"}}</a>
 			</div>
 		</form>
 	</div>

From bfc110ba3303b4d2664638712435cc8d47906da0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= <loic@dachary.org>
Date: Sun, 12 Nov 2023 20:01:24 +0100
Subject: [PATCH 28/62] [GITEA] test POST
 /{username}/{reponame}/{tags,release}/delete

Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 78dcbb62fe87abe044034d880c9e8c22b44c2c98)
(cherry picked from commit 6707c08c1791926060a7735529f1945650030257)
(cherry picked from commit 68da5a9cd82415caedac15a07e38206f7bd6fbde)
(cherry picked from commit c27fb08cb00f130870d6059a0ebb67b505a3c252)
(cherry picked from commit f15a2c558a74aaf954550c71974593bf012004db)
(cherry picked from commit 8eb3ae693922fdb65a185ee63703b866d10fa60a)
(cherry picked from commit d54d5952f25828e84f7024aae6e62d1a18b788ae)
(cherry picked from commit ce22d57485ed718612cd0e40979cc591a5e18126)
---
 tests/integration/release_test.go | 38 +++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/tests/integration/release_test.go b/tests/integration/release_test.go
index 439e315347..96fcff0963 100644
--- a/tests/integration/release_test.go
+++ b/tests/integration/release_test.go
@@ -93,6 +93,44 @@ func TestCreateRelease(t *testing.T) {
 	checkLatestReleaseAndCount(t, session, "/user2/repo1", "v0.0.1", translation.NewLocale("en-US").Tr("repo.release.stable"), 4)
 }
 
+func TestDeleteRelease(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 57, OwnerName: "user2", LowerName: "repo-release"})
+	release := unittest.AssertExistsAndLoadBean(t, &repo_model.Release{TagName: "v2.0"})
+	assert.False(t, release.IsTag)
+
+	// Using the ID of a comment that does not belong to the repository must fail
+	session5 := loginUser(t, "user5")
+	otherRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerName: "user5", LowerName: "repo4"})
+
+	req := NewRequestWithValues(t, "POST", fmt.Sprintf("%s/releases/delete?id=%d", otherRepo.Link(), release.ID), map[string]string{
+		"_csrf": GetCSRF(t, session5, otherRepo.Link()),
+	})
+	session5.MakeRequest(t, req, http.StatusNotFound)
+
+	session := loginUser(t, "user2")
+	req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/releases/delete?id=%d", repo.Link(), release.ID), map[string]string{
+		"_csrf": GetCSRF(t, session, repo.Link()),
+	})
+	session.MakeRequest(t, req, http.StatusOK)
+	release = unittest.AssertExistsAndLoadBean(t, &repo_model.Release{ID: release.ID})
+
+	if assert.True(t, release.IsTag) {
+		req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/tags/delete?id=%d", otherRepo.Link(), release.ID), map[string]string{
+			"_csrf": GetCSRF(t, session5, otherRepo.Link()),
+		})
+		session5.MakeRequest(t, req, http.StatusNotFound)
+
+		req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/tags/delete?id=%d", repo.Link(), release.ID), map[string]string{
+			"_csrf": GetCSRF(t, session, repo.Link()),
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+
+		unittest.AssertNotExistsBean(t, &repo_model.Release{ID: release.ID})
+	}
+}
+
 func TestCreateReleasePreRelease(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 3c7d9769faf4287bfe9d7366fea3bfbce48d911c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= <loic@dachary.org>
Date: Mon, 20 Nov 2023 16:34:04 +0100
Subject: [PATCH 29/62] [GITEA] test POST
 /{username}/{reponame}/{type:issues|pulls}/move_pin

Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 52f50792606a22cbf1e144e1bd480984abf6f53f)
(cherry picked from commit 65b942fa1ee50f9098bebc8948d7924a5a4668fa)
(cherry picked from commit e140c5c983e3413dcfab45f5e522dfdc3feda26e)
(cherry picked from commit 4d108fa1cf07d2ecc7a482010e75f36140657dd4)
(cherry picked from commit 9430badc5c8245b287c6ec2ba9432324c2e95417)
(cherry picked from commit 1e67f4665d6be336c09446c8698830459aad3975)
(cherry picked from commit 992e0d3218bca7f4b0f1471e3d7d64b69c33bad8)
(cherry picked from commit 0e25ca17f39aac88fc20147e54d40ee76bc70cdd)
---
 tests/integration/issue_test.go | 42 +++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index b1080c998a..82eea374b8 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -607,3 +607,45 @@ func TestUpdateIssueDeadline(t *testing.T) {
 
 	assert.EqualValues(t, "2022-04-06", apiIssue.Deadline.Format("2006-01-02"))
 }
+
+func TestIssuePinMove(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	session := loginUser(t, "user2")
+	issueURL, issue := testIssueWithBean(t, "user2", 1, "Title", "Content")
+	assert.EqualValues(t, 0, issue.PinOrder)
+
+	req := NewRequestWithValues(t, "POST", fmt.Sprintf("%s/pin", issueURL), map[string]string{
+		"_csrf": GetCSRF(t, session, issueURL),
+	})
+	session.MakeRequest(t, req, http.StatusOK)
+	issue = unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: issue.ID})
+
+	position := 1
+	assert.EqualValues(t, position, issue.PinOrder)
+
+	newPosition := 2
+
+	// Using the ID of an issue that does not belong to the repository must fail
+	{
+		session5 := loginUser(t, "user5")
+		movePinURL := "/user5/repo4/issues/move_pin?_csrf=" + GetCSRF(t, session5, issueURL)
+		req = NewRequestWithJSON(t, "POST", movePinURL, map[string]any{
+			"id":       issue.ID,
+			"position": newPosition,
+		})
+		session5.MakeRequest(t, req, http.StatusNotFound)
+
+		issue = unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: issue.ID})
+		assert.EqualValues(t, position, issue.PinOrder)
+	}
+
+	movePinURL := issueURL[:strings.LastIndexByte(issueURL, '/')] + "/move_pin?_csrf=" + GetCSRF(t, session, issueURL)
+	req = NewRequestWithJSON(t, "POST", movePinURL, map[string]any{
+		"id":       issue.ID,
+		"position": newPosition,
+	})
+	session.MakeRequest(t, req, http.StatusNoContent)
+
+	issue = unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: issue.ID})
+	assert.EqualValues(t, newPosition, issue.PinOrder)
+}

From 07ebc9761dc2633dbb3fea0b85abd047dcbec9e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= <loic@dachary.org>
Date: Sun, 12 Nov 2023 13:52:48 +0100
Subject: [PATCH 30/62] [GITEA] test GET
 /{owner}/{repo}/comments/{id}/attachments

Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 888dda12cf9bc95f9ef85ba5a518cf40152e07ea)
(cherry picked from commit aceeca55da0c2e94f3e495c4a60148411a27c4ac)
(cherry picked from commit ab7e649668dfcabfb03e2a87c3c4641f8d2fa6ff)
(cherry picked from commit 7fb8598c7df683d701ca04d01d9ff52db1e39298)
(cherry picked from commit fb4961e2a5d6b249b0761cbabb80d68106764835)
(cherry picked from commit 9fe856a29a1e233d8cd15edcfd03847ca9b4c7d8)
(cherry picked from commit 6db21c013dd4003937532587471c2411622dd384)
(cherry picked from commit 72c84eb19c0ee6f7eaf13162991b79249e0d6ed7)
---
 tests/integration/issue_test.go | 50 +++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index 82eea374b8..39eaf3ba1b 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -227,6 +227,56 @@ func TestIssueCommentDelete(t *testing.T) {
 	unittest.AssertNotExistsBean(t, &issues_model.Comment{ID: commentID})
 }
 
+func TestIssueCommentAttachment(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	const repoURL = "user2/repo1"
+	const content = "Test comment 4"
+	const status = ""
+	session := loginUser(t, "user2")
+	issueURL := testNewIssue(t, session, "user2", "repo1", "Title", "Description")
+
+	req := NewRequest(t, "GET", issueURL)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	link, exists := htmlDoc.doc.Find("#comment-form").Attr("action")
+	assert.True(t, exists, "The template has changed")
+
+	uuid := createAttachment(t, session, repoURL, "image.png", generateImg(), http.StatusOK)
+
+	commentCount := htmlDoc.doc.Find(".comment-list .comment .render-content").Length()
+
+	req = NewRequestWithValues(t, "POST", link, map[string]string{
+		"_csrf":   htmlDoc.GetCSRF(),
+		"content": content,
+		"status":  status,
+		"files":   uuid,
+	})
+	resp = session.MakeRequest(t, req, http.StatusOK)
+
+	req = NewRequest(t, "GET", test.RedirectURL(resp))
+	resp = session.MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc = NewHTMLParser(t, resp.Body)
+
+	val := htmlDoc.doc.Find(".comment-list .comment .render-content p").Eq(commentCount).Text()
+	assert.Equal(t, content, val)
+
+	idAttr, has := htmlDoc.doc.Find(".comment-list .comment").Eq(commentCount).Attr("id")
+	idStr := idAttr[strings.LastIndexByte(idAttr, '-')+1:]
+	assert.True(t, has)
+	id, err := strconv.Atoi(idStr)
+	assert.NoError(t, err)
+	assert.NotEqual(t, 0, id)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/comments/%d/attachments", "user2", "repo1", id))
+	session.MakeRequest(t, req, http.StatusOK)
+
+	// Using the ID of a comment that does not belong to the repository must fail
+	req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/comments/%d/attachments", "user5", "repo4", id))
+	session.MakeRequest(t, req, http.StatusNotFound)
+}
+
 func TestIssueCommentUpdate(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	session := loginUser(t, "user2")

From 6e93df3bbb6c589502afc9dc74a7ae1a7c0f7da8 Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Tue, 28 Nov 2023 09:32:26 +0100
Subject: [PATCH 31/62] [GITEA] Enable mocked HTTP responses for GitLab
 migration test

Fix gitlab migration unit test

Closes #1837.

The differences in dates can be explained by commit e19b9653ea, which
changed the order in which "created_date" and "updated_date" are
considered.

(cherry picked from commit b0bba20aa44e30ef0296b89f336d426224d73a16)

Mock HTTP requests in GitLab migration test

This introduces a new utility which can be added to other tests
making HTTP calls to a live service, to cache the responses of this
service in the repository.

(cherry picked from commit 52053b138948bd74c7eb88c0796c2e18f4247f3c)

Enable mocked HTTP responses for GitLab migration test

(cherry picked from commit 19cefc4de24b935a6a5c92be8360301f196f3aa5)

Simplify HTTP mocking utility in unit tests

Follow-up to https://codeberg.org/forgejo/forgejo/pulls/1841

(cherry picked from commit ca517c8bb4bf97f061b8b19fd3303d734f46660c)
(cherry picked from commit b227e0dd6bdf2dc3e8679443fc538fbce4b3bcf5)
(cherry picked from commit 6cc9d06556cda6c952a0542284fbe504114971ce)
(cherry picked from commit f0746e648dc30510d655b8a3b821199b2638800f)
(cherry picked from commit 414193341b8493723c16694789cbc08dc80b9ce5)
---
 .deadcode-out                                 |   2 +
 models/unittest/mock_http.go                  | 113 ++++++++++++++++++
 services/migrations/gitlab_test.go            |  42 ++++---
 .../full_download/_api_v4_projects_15578026   |  22 ++++
 ...ssues?page=1&per_page=2&sort=asc&state=all |  29 +++++
 ...026_issues_1_award_emoji?page=1&per_page=2 |  29 +++++
 ...026_issues_1_award_emoji?page=2&per_page=2 |  31 +++++
 ...026_issues_2_award_emoji?page=1&per_page=2 |  29 +++++
 ...026_issues_2_award_emoji?page=2&per_page=2 |  29 +++++
 ...026_issues_2_award_emoji?page=3&per_page=2 |  29 +++++
 ...026_issues_2_award_emoji?page=4&per_page=2 |  31 +++++
 ...6_issues_2_discussions?page=1&per_page=100 |  29 +++++
 ...ojects_15578026_labels?page=1&per_page=100 |  29 +++++
 ...rge_requests?page=1&per_page=1&view=simple |  29 +++++
 ...ojects_15578026_merge_requests_1_approvals |  22 ++++
 ..._api_v4_projects_15578026_merge_requests_2 |  22 ++++
 ...ojects_15578026_merge_requests_2_approvals |  22 ++++
 ...e_requests_2_award_emoji?page=1&per_page=1 |  29 +++++
 ...e_requests_2_award_emoji?page=2&per_page=1 |  29 +++++
 ...e_requests_2_award_emoji?page=3&per_page=1 |  31 +++++
 ...6_milestones?page=1&per_page=100&state=all |  29 +++++
 ...ects_15578026_releases?page=1&per_page=100 |  29 +++++
 .../_api_v4_projects_gitea%2Ftest_repo        |  22 ++++
 .../gitlab/full_download/_api_v4_version      |  22 ++++
 24 files changed, 708 insertions(+), 22 deletions(-)
 create mode 100644 models/unittest/mock_http.go
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues?page=1&per_page=2&sort=asc&state=all
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_1_award_emoji?page=1&per_page=2
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_1_award_emoji?page=2&per_page=2
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=1&per_page=2
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=2&per_page=2
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=3&per_page=2
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=4&per_page=2
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_discussions?page=1&per_page=100
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_labels?page=1&per_page=100
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests?page=1&per_page=1&view=simple
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_1_approvals
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_approvals
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=1&per_page=1
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=2&per_page=1
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=3&per_page=1
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_milestones?page=1&per_page=100&state=all
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_releases?page=1&per_page=100
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_projects_gitea%2Ftest_repo
 create mode 100644 services/migrations/testdata/gitlab/full_download/_api_v4_version

diff --git a/.deadcode-out b/.deadcode-out
index 026205e883..a552448ac7 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -100,6 +100,8 @@ package "code.gitea.io/gitea/models/unittest"
 	func LoadFixtures
 	func Copy
 	func CopyDir
+	func NewMockWebServer
+	func NormalizedFullPath
 	func FixturesDir
 	func fatalTestError
 	func InitSettings
diff --git a/models/unittest/mock_http.go b/models/unittest/mock_http.go
new file mode 100644
index 0000000000..746f18ee2f
--- /dev/null
+++ b/models/unittest/mock_http.go
@@ -0,0 +1,113 @@
+// Copyright 2017 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package unittest
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"slices"
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/modules/log"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// Mocks HTTP responses of a third-party service (such as GitHub, GitLab…)
+// This has two modes:
+//   - live mode: the requests made to the mock HTTP server are transmitted to the live
+//     service, and responses are saved as test data files
+//   - test mode: the responses to requests to the mock HTTP server are read from the
+//     test data files
+func NewMockWebServer(t *testing.T, liveServerBaseURL, testDataDir string, liveMode bool) *httptest.Server {
+	mockServerBaseURL := ""
+	ignoredHeaders := []string{"cf-ray", "server", "date", "report-to", "nel", "x-request-id"}
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		path := NormalizedFullPath(r.URL)
+		log.Info("Mock HTTP Server: got request for path %s", r.URL.Path)
+		// TODO check request method (support POST?)
+		fixturePath := fmt.Sprintf("%s/%s", testDataDir, strings.ReplaceAll(path, "/", "_"))
+		if liveMode {
+			liveURL := fmt.Sprintf("%s%s", liveServerBaseURL, path)
+
+			request, err := http.NewRequest(r.Method, liveURL, nil)
+			assert.NoError(t, err, "constructing an HTTP request to %s failed", liveURL)
+			for headerName, headerValues := range r.Header {
+				// do not pass on the encoding: let the Transport of the HTTP client handle that for us
+				if strings.ToLower(headerName) != "accept-encoding" {
+					for _, headerValue := range headerValues {
+						request.Header.Add(headerName, headerValue)
+					}
+				}
+			}
+
+			response, err := http.DefaultClient.Do(request)
+			assert.NoError(t, err, "HTTP request to %s failed: %s", liveURL)
+
+			fixture, err := os.Create(fixturePath)
+			assert.NoError(t, err, "failed to open the fixture file %s for writing", fixturePath)
+			defer fixture.Close()
+			fixtureWriter := bufio.NewWriter(fixture)
+
+			for headerName, headerValues := range response.Header {
+				for _, headerValue := range headerValues {
+					if !slices.Contains(ignoredHeaders, strings.ToLower(headerName)) {
+						_, err := fixtureWriter.WriteString(fmt.Sprintf("%s: %s\n", headerName, headerValue))
+						assert.NoError(t, err, "writing the header of the HTTP response to the fixture file failed")
+					}
+				}
+			}
+			_, err = fixtureWriter.WriteString("\n")
+			assert.NoError(t, err, "writing the header of the HTTP response to the fixture file failed")
+			fixtureWriter.Flush()
+
+			log.Info("Mock HTTP Server: writing response to %s", fixturePath)
+			_, err = io.Copy(fixture, response.Body)
+			assert.NoError(t, err, "writing the body of the HTTP response to %s failed", liveURL)
+
+			err = fixture.Sync()
+			assert.NoError(t, err, "writing the body of the HTTP response to the fixture file failed")
+		}
+
+		fixture, err := os.ReadFile(fixturePath)
+		assert.NoError(t, err, "missing mock HTTP response: "+fixturePath)
+
+		w.WriteHeader(http.StatusOK)
+
+		// replace any mention of the live HTTP service by the mocked host
+		stringFixture := strings.ReplaceAll(string(fixture), liveServerBaseURL, mockServerBaseURL)
+		// parse back the fixture file into a series of HTTP headers followed by response body
+		lines := strings.Split(stringFixture, "\n")
+		for idx, line := range lines {
+			colonIndex := strings.Index(line, ": ")
+			if colonIndex != -1 {
+				w.Header().Set(line[0:colonIndex], line[colonIndex+2:])
+			} else {
+				// we reached the end of the headers (empty line), so what follows is the body
+				responseBody := strings.Join(lines[idx+1:], "\n")
+				_, err := w.Write([]byte(responseBody))
+				assert.NoError(t, err, "writing the body of the HTTP response failed")
+				break
+			}
+		}
+	}))
+	mockServerBaseURL = server.URL
+	return server
+}
+
+func NormalizedFullPath(url *url.URL) string {
+	// TODO normalize path (remove trailing slash?)
+	// TODO normalize RawQuery (order query parameters?)
+	if len(url.Query()) == 0 {
+		return url.EscapedPath()
+	}
+	return fmt.Sprintf("%s?%s", url.EscapedPath(), url.RawQuery)
+}
diff --git a/services/migrations/gitlab_test.go b/services/migrations/gitlab_test.go
index 1e0aa2b025..fe56c2f4e6 100644
--- a/services/migrations/gitlab_test.go
+++ b/services/migrations/gitlab_test.go
@@ -13,6 +13,7 @@ import (
 	"testing"
 	"time"
 
+	"code.gitea.io/gitea/models/unittest"
 	"code.gitea.io/gitea/modules/json"
 	base "code.gitea.io/gitea/modules/migration"
 
@@ -21,18 +22,15 @@ import (
 )
 
 func TestGitlabDownloadRepo(t *testing.T) {
-	// Skip tests if Gitlab token is not found
+	// If a GitLab access token is provided, this test will make HTTP requests to the live gitlab.com instance.
+	// When doing so, the responses from gitlab.com will be saved as test data files.
+	// If no access token is available, those cached responses will be used instead.
 	gitlabPersonalAccessToken := os.Getenv("GITLAB_READ_TOKEN")
-	if gitlabPersonalAccessToken == "" {
-		t.Skip("skipped test because GITLAB_READ_TOKEN was not in the environment")
-	}
+	fixturePath := "./testdata/gitlab/full_download"
+	server := unittest.NewMockWebServer(t, "https://gitlab.com", fixturePath, gitlabPersonalAccessToken != "")
+	defer server.Close()
 
-	resp, err := http.Get("https://gitlab.com/gitea/test_repo")
-	if err != nil || resp.StatusCode != http.StatusOK {
-		t.Skipf("Can't access test repo, skipping %s", t.Name())
-	}
-
-	downloader, err := NewGitlabDownloader(context.Background(), "https://gitlab.com", "gitea/test_repo", "", "", gitlabPersonalAccessToken)
+	downloader, err := NewGitlabDownloader(context.Background(), server.URL, "gitea/test_repo", "", "", gitlabPersonalAccessToken)
 	if err != nil {
 		t.Fatalf("NewGitlabDownloader is nil: %v", err)
 	}
@@ -43,8 +41,8 @@ func TestGitlabDownloadRepo(t *testing.T) {
 		Name:          "test_repo",
 		Owner:         "",
 		Description:   "Test repository for testing migration from gitlab to gitea",
-		CloneURL:      "https://gitlab.com/gitea/test_repo.git",
-		OriginalURL:   "https://gitlab.com/gitea/test_repo",
+		CloneURL:      server.URL + "/gitea/test_repo.git",
+		OriginalURL:   server.URL + "/gitea/test_repo",
 		DefaultBranch: "master",
 	}, repo)
 
@@ -281,17 +279,17 @@ func TestGitlabDownloadRepo(t *testing.T) {
 				UserName: "real6543",
 				Content:  "tada",
 			}},
-			PatchURL: "https://gitlab.com/gitea/test_repo/-/merge_requests/2.patch",
+			PatchURL: server.URL + "/gitea/test_repo/-/merge_requests/2.patch",
 			Head: base.PullRequestBranch{
 				Ref:       "feat/test",
-				CloneURL:  "https://gitlab.com/gitea/test_repo/-/merge_requests/2",
+				CloneURL:  server.URL + "/gitea/test_repo/-/merge_requests/2",
 				SHA:       "9f733b96b98a4175276edf6a2e1231489c3bdd23",
 				RepoName:  "test_repo",
 				OwnerName: "lafriks",
 			},
 			Base: base.PullRequestBranch{
 				Ref:       "master",
-				SHA:       "",
+				SHA:       "c59c9b451acca9d106cc19d61d87afe3fbbb8b83",
 				OwnerName: "lafriks",
 				RepoName:  "test_repo",
 			},
@@ -309,16 +307,16 @@ func TestGitlabDownloadRepo(t *testing.T) {
 	assertReviewsEqual(t, []*base.Review{
 		{
 			IssueIndex:   1,
-			ReviewerID:   4102996,
-			ReviewerName: "zeripath",
-			CreatedAt:    time.Date(2019, 11, 28, 16, 2, 8, 377000000, time.UTC),
+			ReviewerID:   527793,
+			ReviewerName: "axifive",
+			CreatedAt:    time.Date(2019, 11, 28, 8, 54, 41, 34000000, time.UTC),
 			State:        "APPROVED",
 		},
 		{
 			IssueIndex:   1,
-			ReviewerID:   527793,
-			ReviewerName: "axifive",
-			CreatedAt:    time.Date(2019, 11, 28, 16, 2, 8, 377000000, time.UTC),
+			ReviewerID:   4102996,
+			ReviewerName: "zeripath",
+			CreatedAt:    time.Date(2019, 11, 28, 8, 54, 41, 34000000, time.UTC),
 			State:        "APPROVED",
 		},
 	}, rvs)
@@ -330,7 +328,7 @@ func TestGitlabDownloadRepo(t *testing.T) {
 			IssueIndex:   2,
 			ReviewerID:   4575606,
 			ReviewerName: "real6543",
-			CreatedAt:    time.Date(2020, 4, 19, 19, 24, 21, 108000000, time.UTC),
+			CreatedAt:    time.Date(2019, 11, 28, 15, 56, 54, 108000000, time.UTC),
 			State:        "APPROVED",
 		},
 	}, rvs)
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026
new file mode 100644
index 0000000000..4ecfe77e65
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026
@@ -0,0 +1,22 @@
+X-Frame-Options: SAMEORIGIN
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:46 GMT
+Cf-Cache-Status: MISS
+Set-Cookie: _cfuvid=TkY5Br2q4C67LJ2jZWlgdQaosj3Z4aI81Qb27PNKXfo-1701333886606-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Etag: W/"3cacfe29f44a69e84a577337eac55d89"
+X-Content-Type-Options: nosniff
+Ratelimit-Remaining: 1996
+Gitlab-Lb: haproxy-main-29-lb-gprd
+Cache-Control: max-age=0, private, must-revalidate
+Referrer-Policy: strict-origin-when-cross-origin
+X-Gitlab-Meta: {"correlation_id":"291f87cd975a51a7b756806ce7b53e2e","version":"1"}
+Ratelimit-Observed: 4
+Vary: Origin, Accept-Encoding
+Gitlab-Sv: localhost
+Content-Security-Policy: default-src 'none'
+Ratelimit-Reset: 1701333946
+Content-Type: application/json
+X-Runtime: 0.101081
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Limit: 2000
+
+{"id":15578026,"description":"Test repository for testing migration from gitlab to gitea","name":"test_repo","name_with_namespace":"gitea / test_repo","path":"test_repo","path_with_namespace":"gitea/test_repo","created_at":"2019-11-28T08:20:33.019Z","default_branch":"master","tag_list":["migration","test"],"topics":["migration","test"],"ssh_url_to_repo":"git@gitlab.com:gitea/test_repo.git","http_url_to_repo":"https://gitlab.com/gitea/test_repo.git","web_url":"https://gitlab.com/gitea/test_repo","readme_url":"https://gitlab.com/gitea/test_repo/-/blob/master/README.md","forks_count":1,"avatar_url":null,"star_count":0,"last_activity_at":"2020-04-19T19:46:04.527Z","namespace":{"id":3181312,"name":"gitea","path":"gitea","kind":"group","full_path":"gitea","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/3181312/gitea.png","web_url":"https://gitlab.com/groups/gitea"},"container_registry_image_prefix":"registry.gitlab.com/gitea/test_repo","_links":{"self":"https://gitlab.com/api/v4/projects/15578026","issues":"https://gitlab.com/api/v4/projects/15578026/issues","merge_requests":"https://gitlab.com/api/v4/projects/15578026/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/15578026/repository/branches","labels":"https://gitlab.com/api/v4/projects/15578026/labels","events":"https://gitlab.com/api/v4/projects/15578026/events","members":"https://gitlab.com/api/v4/projects/15578026/members","cluster_agents":"https://gitlab.com/api/v4/projects/15578026/cluster_agents"},"packages_enabled":true,"empty_repo":false,"archived":false,"visibility":"public","resolve_outdated_diff_discussions":false,"issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":true,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":1241334,"import_status":"none","open_issues_count":0,"description_html":"\u003cp data-sourcepos=\"1:1-1:58\" dir=\"auto\"\u003eTest repository for testing migration from gitlab to gitea\u003c/p\u003e","updated_at":"2022-08-26T19:41:46.691Z","ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"ff","squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"autoclose_referenced_issues":true,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":false,"compliance_frameworks":[],"permissions":{"project_access":null,"group_access":null}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues?page=1&per_page=2&sort=asc&state=all b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues?page=1&per_page=2&sort=asc&state=all
new file mode 100644
index 0000000000..331a82720c
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues?page=1&per_page=2&sort=asc&state=all
@@ -0,0 +1,29 @@
+Cache-Control: max-age=0, private, must-revalidate
+Vary: Origin, Accept-Encoding
+Gitlab-Lb: haproxy-main-24-lb-gprd
+Content-Type: application/json
+X-Per-Page: 2
+X-Prev-Page: 
+Set-Cookie: _cfuvid=N.nfy5eIdFH5lXhsnMyEbeBkoxabcl1SVeyyP0_NrdE-1701333887790-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Content-Security-Policy: default-src 'none'
+X-Content-Type-Options: nosniff
+X-Next-Page: 
+X-Total-Pages: 1
+Etag: W/"4c0531a3595f741f229f5a105e013b95"
+X-Gitlab-Meta: {"correlation_id":"b2eca136986f016d946685fb99287f1c","version":"1"}
+Ratelimit-Observed: 8
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:47 GMT
+X-Frame-Options: SAMEORIGIN
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Remaining: 1992
+Gitlab-Sv: localhost
+Cf-Cache-Status: MISS
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Limit: 2000
+X-Total: 2
+X-Page: 1
+X-Runtime: 0.178587
+Ratelimit-Reset: 1701333947
+Link: <https://gitlab.com/api/v4/projects/15578026/issues?id=15578026&order_by=created_at&page=1&per_page=2&sort=asc&state=all&with_labels_details=false>; rel="first", <https://gitlab.com/api/v4/projects/15578026/issues?id=15578026&order_by=created_at&page=1&per_page=2&sort=asc&state=all&with_labels_details=false>; rel="last"
+
+[{"id":27687675,"iid":1,"project_id":15578026,"title":"Please add an animated gif icon to the merge button","description":"I just want the merge button to hurt my eyes a little. :stuck_out_tongue_closed_eyes:","state":"closed","created_at":"2019-11-28T08:43:35.459Z","updated_at":"2019-11-28T08:46:23.304Z","closed_at":"2019-11-28T08:46:23.275Z","closed_by":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"labels":["bug","discussion"],"milestone":{"id":1082926,"iid":1,"project_id":15578026,"title":"1.0.0","description":"","state":"closed","created_at":"2019-11-28T08:42:30.301Z","updated_at":"2019-11-28T15:57:52.401Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/gitea/test_repo/-/milestones/1"},"assignees":[],"author":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"type":"ISSUE","assignee":null,"user_notes_count":0,"merge_requests_count":0,"upvotes":1,"downvotes":0,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/gitea/test_repo/-/issues/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/15578026/issues/1","notes":"https://gitlab.com/api/v4/projects/15578026/issues/1/notes","award_emoji":"https://gitlab.com/api/v4/projects/15578026/issues/1/award_emoji","project":"https://gitlab.com/api/v4/projects/15578026","closed_as_duplicate_of":null},"references":{"short":"#1","relative":"#1","full":"gitea/test_repo#1"},"severity":"UNKNOWN","moved_to_id":null,"service_desk_reply_to":null},{"id":27687706,"iid":2,"project_id":15578026,"title":"Test issue","description":"This is test issue 2, do not touch!","state":"closed","created_at":"2019-11-28T08:44:46.277Z","updated_at":"2019-11-28T08:45:44.987Z","closed_at":"2019-11-28T08:45:44.959Z","closed_by":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"labels":["duplicate"],"milestone":{"id":1082927,"iid":2,"project_id":15578026,"title":"1.1.0","description":"","state":"active","created_at":"2019-11-28T08:42:44.575Z","updated_at":"2019-11-28T08:42:44.575Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/gitea/test_repo/-/milestones/2"},"assignees":[],"author":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"type":"ISSUE","assignee":null,"user_notes_count":2,"merge_requests_count":0,"upvotes":1,"downvotes":1,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/gitea/test_repo/-/issues/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/15578026/issues/2","notes":"https://gitlab.com/api/v4/projects/15578026/issues/2/notes","award_emoji":"https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji","project":"https://gitlab.com/api/v4/projects/15578026","closed_as_duplicate_of":null},"references":{"short":"#2","relative":"#2","full":"gitea/test_repo#2"},"severity":"UNKNOWN","moved_to_id":null,"service_desk_reply_to":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_1_award_emoji?page=1&per_page=2 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_1_award_emoji?page=1&per_page=2
new file mode 100644
index 0000000000..d8ab294ee1
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_1_award_emoji?page=1&per_page=2
@@ -0,0 +1,29 @@
+X-Total-Pages: 1
+Referrer-Policy: strict-origin-when-cross-origin
+Cache-Control: max-age=0, private, must-revalidate
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.052748
+X-Total: 2
+Gitlab-Sv: localhost
+Link: <https://gitlab.com/api/v4/projects/15578026/issues/1/award_emoji?id=15578026&issue_iid=1&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/15578026/issues/1/award_emoji?id=15578026&issue_iid=1&page=1&per_page=2>; rel="last"
+X-Content-Type-Options: nosniff
+X-Gitlab-Meta: {"correlation_id":"22fc215ac386644c9cb8736b652cf702","version":"1"}
+X-Per-Page: 2
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Reset: 1701333947
+Content-Security-Policy: default-src 'none'
+Ratelimit-Remaining: 1991
+Ratelimit-Observed: 9
+X-Next-Page: 
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:47 GMT
+Ratelimit-Limit: 2000
+Gitlab-Lb: haproxy-main-43-lb-gprd
+Cf-Cache-Status: MISS
+Etag: W/"69c922434ed11248c864d157eb8eabfc"
+Content-Type: application/json
+Vary: Origin, Accept-Encoding
+X-Page: 1
+X-Prev-Page: 
+Set-Cookie: _cfuvid=POpffkskz4lvLcv2Fhjp7lF3MsmIOugWDzFGtb3ZUig-1701333887995-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+
+[{"id":3009580,"name":"thumbsup","user":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:43:40.322Z","updated_at":"2019-11-28T08:43:40.322Z","awardable_id":27687675,"awardable_type":"Issue","url":null},{"id":3009585,"name":"open_mouth","user":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:44:01.902Z","updated_at":"2019-11-28T08:44:01.902Z","awardable_id":27687675,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_1_award_emoji?page=2&per_page=2 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_1_award_emoji?page=2&per_page=2
new file mode 100644
index 0000000000..248afeff8f
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_1_award_emoji?page=2&per_page=2
@@ -0,0 +1,31 @@
+Content-Type: application/json
+Content-Length: 2
+X-Next-Page: 
+X-Gitlab-Meta: {"correlation_id":"6b9bc368e2cdc69a1b8e7d2dff7546c5","version":"1"}
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Reset: 1701333948
+Strict-Transport-Security: max-age=31536000
+X-Per-Page: 2
+X-Total: 2
+Ratelimit-Limit: 2000
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Link: <https://gitlab.com/api/v4/projects/15578026/issues/1/award_emoji?id=15578026&issue_iid=1&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/15578026/issues/1/award_emoji?id=15578026&issue_iid=1&page=1&per_page=2>; rel="last"
+X-Runtime: 0.069944
+Ratelimit-Remaining: 1990
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:48 GMT
+Gitlab-Sv: localhost
+X-Prev-Page: 
+X-Total-Pages: 1
+Ratelimit-Observed: 10
+Gitlab-Lb: haproxy-main-17-lb-gprd
+Content-Security-Policy: default-src 'none'
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+Accept-Ranges: bytes
+Cache-Control: max-age=0, private, must-revalidate
+Vary: Origin, Accept-Encoding
+X-Page: 2
+Cf-Cache-Status: MISS
+Set-Cookie: _cfuvid=vcfsxezcg_2Kdh8xD5coOU_uxQIH1in.6BsRttrSIYg-1701333888217-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+
+[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=1&per_page=2 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=1&per_page=2
new file mode 100644
index 0000000000..70c50c8fed
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=1&per_page=2
@@ -0,0 +1,29 @@
+Cf-Cache-Status: MISS
+Etag: W/"5fdbcbf64f34ba0e74ce9dd8d6e0efe3"
+X-Content-Type-Options: nosniff
+X-Per-Page: 2
+Ratelimit-Limit: 2000
+Set-Cookie: _cfuvid=NLtUZdQlWvWiXr4L8Zfc555FowZOCxJlA0pAOAEkNvg-1701333888445-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Runtime: 0.075612
+Ratelimit-Reset: 1701333948
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:48 GMT
+X-Page: 1
+X-Prev-Page: 
+X-Total-Pages: 3
+X-Frame-Options: SAMEORIGIN
+Referrer-Policy: strict-origin-when-cross-origin
+Content-Security-Policy: default-src 'none'
+Ratelimit-Observed: 11
+Gitlab-Lb: haproxy-main-09-lb-gprd
+Gitlab-Sv: localhost
+Ratelimit-Remaining: 1989
+Cache-Control: max-age=0, private, must-revalidate
+Link: <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=2&per_page=2>; rel="next", <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=3&per_page=2>; rel="last"
+X-Gitlab-Meta: {"correlation_id":"a69709cf552479bc5f5f3e4e1f808790","version":"1"}
+X-Next-Page: 2
+Strict-Transport-Security: max-age=31536000
+Content-Type: application/json
+Vary: Origin, Accept-Encoding
+X-Total: 6
+
+[{"id":3009627,"name":"thumbsup","user":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:46:42.657Z","updated_at":"2019-11-28T08:46:42.657Z","awardable_id":27687706,"awardable_type":"Issue","url":null},{"id":3009628,"name":"thumbsdown","user":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:46:43.471Z","updated_at":"2019-11-28T08:46:43.471Z","awardable_id":27687706,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=2&per_page=2 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=2&per_page=2
new file mode 100644
index 0000000000..1014d9dbc5
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=2&per_page=2
@@ -0,0 +1,29 @@
+Ratelimit-Limit: 2000
+X-Content-Type-Options: nosniff
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:48 GMT
+X-Total: 6
+Set-Cookie: _cfuvid=E5GyZy0rB2zrRH0ewMyrJd1wBrt7A2sGNmOHTiWwbYk-1701333888703-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Next-Page: 3
+X-Page: 2
+Link: <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=1&per_page=2>; rel="prev", <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=3&per_page=2>; rel="next", <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=3&per_page=2>; rel="last"
+X-Gitlab-Meta: {"correlation_id":"41e59fb2e78f5e68518b81bd4ff3bb1b","version":"1"}
+X-Prev-Page: 1
+Cf-Cache-Status: MISS
+Referrer-Policy: strict-origin-when-cross-origin
+Gitlab-Lb: haproxy-main-26-lb-gprd
+Cache-Control: max-age=0, private, must-revalidate
+Etag: W/"d16c513b32212d9286fce6f53340c1cf"
+Vary: Origin, Accept-Encoding
+X-Per-Page: 2
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Reset: 1701333948
+Content-Type: application/json
+X-Runtime: 0.105758
+Ratelimit-Remaining: 1988
+Content-Security-Policy: default-src 'none'
+X-Frame-Options: SAMEORIGIN
+Gitlab-Sv: localhost
+X-Total-Pages: 3
+Ratelimit-Observed: 12
+
+[{"id":3009632,"name":"laughing","user":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:47:14.381Z","updated_at":"2019-11-28T08:47:14.381Z","awardable_id":27687706,"awardable_type":"Issue","url":null},{"id":3009634,"name":"tada","user":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:47:18.254Z","updated_at":"2019-11-28T08:47:18.254Z","awardable_id":27687706,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=3&per_page=2 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=3&per_page=2
new file mode 100644
index 0000000000..9c42bfb9bf
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=3&per_page=2
@@ -0,0 +1,29 @@
+Content-Type: application/json
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+Referrer-Policy: strict-origin-when-cross-origin
+Link: <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=2&per_page=2>; rel="prev", <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=3&per_page=2>; rel="last"
+Cf-Cache-Status: MISS
+Etag: W/"165d37bf09a54bb31f4619cca8722cb4"
+Ratelimit-Observed: 13
+Ratelimit-Limit: 2000
+Set-Cookie: _cfuvid=W6F2uJSFkB3Iyl27_xtklVvP4Z_nSsjPqytClHPW9H8-1701333888913-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Page: 3
+X-Total-Pages: 3
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:48 GMT
+Cache-Control: max-age=0, private, must-revalidate
+Vary: Origin, Accept-Encoding
+X-Gitlab-Meta: {"correlation_id":"b805751aeb6f562dff684cec34dfdc0b","version":"1"}
+X-Per-Page: 2
+X-Prev-Page: 2
+X-Runtime: 0.061943
+Gitlab-Lb: haproxy-main-11-lb-gprd
+Gitlab-Sv: localhost
+X-Total: 6
+Ratelimit-Remaining: 1987
+Content-Security-Policy: default-src 'none'
+X-Next-Page: 
+Ratelimit-Reset: 1701333948
+
+[{"id":3009636,"name":"confused","user":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:47:27.248Z","updated_at":"2019-11-28T08:47:27.248Z","awardable_id":27687706,"awardable_type":"Issue","url":null},{"id":3009640,"name":"hearts","user":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:47:33.059Z","updated_at":"2019-11-28T08:47:33.059Z","awardable_id":27687706,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=4&per_page=2 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=4&per_page=2
new file mode 100644
index 0000000000..e550e4ad19
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_award_emoji?page=4&per_page=2
@@ -0,0 +1,31 @@
+Ratelimit-Remaining: 1986
+Accept-Ranges: bytes
+Set-Cookie: _cfuvid=DZQIMINjFohqKKjkWnojkq2xuUaqb42YEQg3BZXe68w-1701333889148-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Strict-Transport-Security: max-age=31536000
+X-Prev-Page: 
+Ratelimit-Reset: 1701333949
+Ratelimit-Limit: 2000
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Cache-Control: max-age=0, private, must-revalidate
+X-Next-Page: 
+X-Page: 4
+Referrer-Policy: strict-origin-when-cross-origin
+Gitlab-Sv: localhost
+Content-Type: application/json
+X-Content-Type-Options: nosniff
+Link: <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/15578026/issues/2/award_emoji?id=15578026&issue_iid=2&page=3&per_page=2>; rel="last"
+Vary: Origin, Accept-Encoding
+Content-Security-Policy: default-src 'none'
+X-Runtime: 0.081728
+X-Total: 6
+Content-Length: 2
+X-Frame-Options: SAMEORIGIN
+X-Gitlab-Meta: {"correlation_id":"588184d2d9ad2c4a7e7c00a51575091c","version":"1"}
+Cf-Cache-Status: MISS
+X-Total-Pages: 3
+Ratelimit-Observed: 14
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:49 GMT
+Gitlab-Lb: haproxy-main-34-lb-gprd
+X-Per-Page: 2
+
+[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_discussions?page=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_discussions?page=1&per_page=100
new file mode 100644
index 0000000000..d74fc325a3
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_issues_2_discussions?page=1&per_page=100
@@ -0,0 +1,29 @@
+X-Runtime: 0.173849
+Content-Security-Policy: default-src 'none'
+X-Per-Page: 100
+X-Prev-Page: 
+X-Total: 4
+Ratelimit-Observed: 15
+X-Page: 1
+Ratelimit-Remaining: 1985
+Cache-Control: max-age=0, private, must-revalidate
+X-Gitlab-Meta: {"correlation_id":"1d2b49b1b17e0c2d58c800a1b6c7eca3","version":"1"}
+X-Next-Page: 
+Referrer-Policy: strict-origin-when-cross-origin
+Cf-Cache-Status: MISS
+Content-Type: application/json
+Etag: W/"bcc91e8a7b2eac98b4d96ae791e0649d"
+Vary: Origin, Accept-Encoding
+X-Frame-Options: SAMEORIGIN
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Reset: 1701333949
+Gitlab-Lb: haproxy-main-08-lb-gprd
+Gitlab-Sv: localhost
+Link: <https://gitlab.com/api/v4/projects/15578026/issues/2/discussions?id=15578026&noteable_id=2&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/15578026/issues/2/discussions?id=15578026&noteable_id=2&page=1&per_page=100>; rel="last"
+X-Content-Type-Options: nosniff
+X-Total-Pages: 1
+Ratelimit-Limit: 2000
+Set-Cookie: _cfuvid=yj.PGr9ftsz1kNpgtsmQhAcGpdMnklLE.NQ9h71hm5Q-1701333889475-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:49 GMT
+
+[{"id":"617967369d98d8b73b6105a40318fe839f931a24","individual_note":true,"notes":[{"id":251637434,"type":null,"body":"This is a comment","attachment":null,"author":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:44:52.501Z","updated_at":"2019-11-28T08:44:52.501Z","system":false,"noteable_id":27687706,"noteable_type":"Issue","project_id":15578026,"resolvable":false,"confidential":false,"internal":false,"noteable_iid":2,"commands_changes":{}}]},{"id":"b92d74daee411a17d844041bcd3c267ade58f680","individual_note":true,"notes":[{"id":251637528,"type":null,"body":"changed milestone to %2","attachment":null,"author":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:45:02.329Z","updated_at":"2019-11-28T08:45:02.335Z","system":true,"noteable_id":27687706,"noteable_type":"Issue","project_id":15578026,"resolvable":false,"confidential":false,"internal":false,"noteable_iid":2,"commands_changes":{}}]},{"id":"6010f567d2b58758ef618070372c97891ac75349","individual_note":true,"notes":[{"id":251637892,"type":null,"body":"closed","attachment":null,"author":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:45:45.007Z","updated_at":"2019-11-28T08:45:45.010Z","system":true,"noteable_id":27687706,"noteable_type":"Issue","project_id":15578026,"resolvable":false,"confidential":false,"internal":false,"noteable_iid":2,"commands_changes":{}}]},{"id":"632d0cbfd6a1a08f38aaf9ef7715116f4b188ebb","individual_note":true,"notes":[{"id":251637999,"type":null,"body":"A second comment","attachment":null,"author":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"created_at":"2019-11-28T08:45:53.501Z","updated_at":"2019-11-28T08:45:53.501Z","system":false,"noteable_id":27687706,"noteable_type":"Issue","project_id":15578026,"resolvable":false,"confidential":false,"internal":false,"noteable_iid":2,"commands_changes":{}}]}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_labels?page=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_labels?page=1&per_page=100
new file mode 100644
index 0000000000..c79889fbf4
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_labels?page=1&per_page=100
@@ -0,0 +1,29 @@
+Cache-Control: max-age=0, private, must-revalidate
+Strict-Transport-Security: max-age=31536000
+Gitlab-Lb: haproxy-main-28-lb-gprd
+Link: <https://gitlab.com/api/v4/projects/15578026/labels?id=15578026&include_ancestor_groups=true&page=1&per_page=100&with_counts=false>; rel="first", <https://gitlab.com/api/v4/projects/15578026/labels?id=15578026&include_ancestor_groups=true&page=1&per_page=100&with_counts=false>; rel="last"
+X-Per-Page: 100
+X-Runtime: 0.149464
+X-Total: 9
+Ratelimit-Observed: 6
+Gitlab-Sv: localhost
+X-Frame-Options: SAMEORIGIN
+X-Gitlab-Meta: {"correlation_id":"2ccddf20767704a98ed6b582db3b103e","version":"1"}
+X-Next-Page: 
+X-Prev-Page: 
+X-Total-Pages: 1
+Ratelimit-Remaining: 1994
+Etag: W/"5a3fb9bc7b1018070943f4aa1353f8b6"
+Ratelimit-Limit: 2000
+X-Page: 1
+Content-Type: application/json
+Vary: Origin, Accept-Encoding
+Set-Cookie: _cfuvid=geNpLvH8Cv5XeYfUVwtpaazw43v9lCcqHE.vyXGk3kU-1701333887126-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Content-Type-Options: nosniff
+Ratelimit-Reset: 1701333947
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:47 GMT
+Content-Security-Policy: default-src 'none'
+Referrer-Policy: strict-origin-when-cross-origin
+Cf-Cache-Status: MISS
+
+[{"id":12959095,"name":"bug","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","subscribed":false,"priority":null,"is_project_label":true},{"id":12959097,"name":"confirmed","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","subscribed":false,"priority":null,"is_project_label":true},{"id":12959096,"name":"critical","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","subscribed":false,"priority":null,"is_project_label":true},{"id":12959100,"name":"discussion","description":null,"description_html":"","text_color":"#FFFFFF","color":"#428bca","subscribed":false,"priority":null,"is_project_label":true},{"id":12959098,"name":"documentation","description":null,"description_html":"","text_color":"#1F1E24","color":"#f0ad4e","subscribed":false,"priority":null,"is_project_label":true},{"id":12959554,"name":"duplicate","description":null,"description_html":"","text_color":"#FFFFFF","color":"#7F8C8D","subscribed":false,"priority":null,"is_project_label":true},{"id":12959102,"name":"enhancement","description":null,"description_html":"","text_color":"#FFFFFF","color":"#5cb85c","subscribed":false,"priority":null,"is_project_label":true},{"id":12959101,"name":"suggestion","description":null,"description_html":"","text_color":"#FFFFFF","color":"#428bca","subscribed":false,"priority":null,"is_project_label":true},{"id":12959099,"name":"support","description":null,"description_html":"","text_color":"#1F1E24","color":"#f0ad4e","subscribed":false,"priority":null,"is_project_label":true}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests?page=1&per_page=1&view=simple b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests?page=1&per_page=1&view=simple
new file mode 100644
index 0000000000..7eec1ca917
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests?page=1&per_page=1&view=simple
@@ -0,0 +1,29 @@
+Content-Type: application/json
+X-Page: 1
+Link: <https://gitlab.com/api/v4/projects/15578026/merge_requests?id=15578026&order_by=created_at&page=2&per_page=1&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="next", <https://gitlab.com/api/v4/projects/15578026/merge_requests?id=15578026&order_by=created_at&page=1&per_page=1&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="first", <https://gitlab.com/api/v4/projects/15578026/merge_requests?id=15578026&order_by=created_at&page=2&per_page=1&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="last"
+Vary: Origin, Accept-Encoding
+X-Runtime: 0.139912
+X-Gitlab-Meta: {"correlation_id":"002c20b78ace441f5585931fed7093ed","version":"1"}
+Gitlab-Sv: localhost
+Cache-Control: max-age=0, private, must-revalidate
+X-Total: 2
+X-Total-Pages: 2
+Ratelimit-Observed: 16
+Ratelimit-Limit: 2000
+X-Content-Type-Options: nosniff
+Ratelimit-Remaining: 1984
+Set-Cookie: _cfuvid=6nsOEFMJm7NgrvYZAMGwiJBdm5A5CU71S33zOdN8Kyo-1701333889768-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Per-Page: 1
+X-Prev-Page: 
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Reset: 1701333949
+Gitlab-Lb: haproxy-main-09-lb-gprd
+X-Next-Page: 2
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Etag: W/"14f72c1f555b0e6348d338190e9e4839"
+X-Frame-Options: SAMEORIGIN
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:49 GMT
+
+[{"id":43524600,"iid":2,"project_id":15578026,"title":"Test branch","description":"do not merge this PR","state":"opened","created_at":"2019-11-28T15:56:54.104Z","updated_at":"2020-04-19T19:24:21.108Z","web_url":"https://gitlab.com/gitea/test_repo/-/merge_requests/2"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_1_approvals b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_1_approvals
new file mode 100644
index 0000000000..80df508bc3
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_1_approvals
@@ -0,0 +1,22 @@
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:51 GMT
+Ratelimit-Limit: 2000
+Content-Security-Policy: default-src 'none'
+X-Gitlab-Meta: {"correlation_id":"0a1a7339f3527e175a537afe058a6ac7","version":"1"}
+Ratelimit-Observed: 21
+Cache-Control: max-age=0, private, must-revalidate
+Gitlab-Lb: haproxy-main-38-lb-gprd
+X-Frame-Options: SAMEORIGIN
+Strict-Transport-Security: max-age=31536000
+Cf-Cache-Status: MISS
+Content-Type: application/json
+Etag: W/"19aa54b7d4531bd5ab98282e0b772f20"
+X-Content-Type-Options: nosniff
+Set-Cookie: _cfuvid=J2edW64FLja6v0MZCh5tVbLYO42.VvIsTqQ.uj1Gr_k-1701333891171-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Ratelimit-Reset: 1701333951
+Gitlab-Sv: localhost
+Vary: Origin, Accept-Encoding
+Ratelimit-Remaining: 1979
+X-Runtime: 0.155712
+Referrer-Policy: strict-origin-when-cross-origin
+
+{"id":43486906,"iid":1,"project_id":15578026,"title":"Update README.md","description":"add warning to readme","state":"merged","created_at":"2019-11-28T08:54:41.034Z","updated_at":"2019-11-28T16:02:08.377Z","merge_status":"can_be_merged","approved":true,"approvals_required":0,"approvals_left":0,"require_password_to_approve":false,"approved_by":[{"user":{"id":527793,"username":"axifive","name":"Alexey Terentyev","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/06683cd6b2e2c2ce0ab00fb80cc0729f?s=80\u0026d=identicon","web_url":"https://gitlab.com/axifive"}},{"user":{"id":4102996,"username":"zeripath","name":"zeripath","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/1ae18535c2b1aed798da090448997248?s=80\u0026d=identicon","web_url":"https://gitlab.com/zeripath"}}],"suggested_approvers":[],"approvers":[],"approver_groups":[],"user_has_approved":false,"user_can_approve":false,"approval_rules_left":[],"has_approval_rules":true,"merge_request_approvers_available":false,"multiple_approval_rules_available":false,"invalid_approvers_rules":[]}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2
new file mode 100644
index 0000000000..7119342f6c
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2
@@ -0,0 +1,22 @@
+Etag: W/"914149155d75f8d8f7ed2e5351f0fadb"
+X-Runtime: 0.234286
+Ratelimit-Remaining: 1983
+Strict-Transport-Security: max-age=31536000
+Referrer-Policy: strict-origin-when-cross-origin
+Gitlab-Sv: localhost
+Set-Cookie: _cfuvid=aYLZ68TRL8gsnraUk.zZIxRvuv981nIhZNIO9vVpgbU-1701333890175-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+Ratelimit-Observed: 17
+Content-Type: application/json
+Cache-Control: max-age=0, private, must-revalidate
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:50 GMT
+Ratelimit-Limit: 2000
+Vary: Origin, Accept-Encoding
+Content-Security-Policy: default-src 'none'
+Gitlab-Lb: haproxy-main-33-lb-gprd
+Cf-Cache-Status: MISS
+Ratelimit-Reset: 1701333950
+X-Gitlab-Meta: {"correlation_id":"10d576ab8e82b745b7202a6daec3c5e1","version":"1"}
+
+{"id":43524600,"iid":2,"project_id":15578026,"title":"Test branch","description":"do not merge this PR","state":"opened","created_at":"2019-11-28T15:56:54.104Z","updated_at":"2020-04-19T19:24:21.108Z","merged_by":null,"merge_user":null,"merged_at":null,"closed_by":null,"closed_at":null,"target_branch":"master","source_branch":"feat/test","user_notes_count":0,"upvotes":1,"downvotes":0,"author":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"assignees":[],"assignee":null,"reviewers":[],"source_project_id":15578026,"target_project_id":15578026,"labels":["bug"],"draft":false,"work_in_progress":false,"milestone":{"id":1082926,"iid":1,"project_id":15578026,"title":"1.0.0","description":"","state":"closed","created_at":"2019-11-28T08:42:30.301Z","updated_at":"2019-11-28T15:57:52.401Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/gitea/test_repo/-/milestones/1"},"merge_when_pipeline_succeeds":false,"merge_status":"can_be_merged","detailed_merge_status":"mergeable","sha":"9f733b96b98a4175276edf6a2e1231489c3bdd23","merge_commit_sha":null,"squash_commit_sha":null,"discussion_locked":null,"should_remove_source_branch":null,"force_remove_source_branch":true,"prepared_at":"2019-11-28T15:56:54.104Z","reference":"!2","references":{"short":"!2","relative":"!2","full":"gitea/test_repo!2"},"web_url":"https://gitlab.com/gitea/test_repo/-/merge_requests/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"squash":true,"squash_on_merge":true,"task_completion_status":{"count":0,"completed_count":0},"has_conflicts":false,"blocking_discussions_resolved":true,"approvals_before_merge":null,"subscribed":false,"changes_count":"1","latest_build_started_at":null,"latest_build_finished_at":null,"first_deployed_to_production_at":null,"pipeline":null,"head_pipeline":null,"diff_refs":{"base_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","head_sha":"9f733b96b98a4175276edf6a2e1231489c3bdd23","start_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83"},"merge_error":null,"first_contribution":false,"user":{"can_merge":false}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_approvals b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_approvals
new file mode 100644
index 0000000000..02a1deae29
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_approvals
@@ -0,0 +1,22 @@
+Vary: Origin, Accept-Encoding
+Ratelimit-Remaining: 1978
+Gitlab-Lb: haproxy-main-04-lb-gprd
+Set-Cookie: _cfuvid=cKUtcpJODQwk9SDRn91k1DY8CY5Tg238DXGgT0a2go0-1701333891493-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Content-Type: application/json
+Cf-Cache-Status: MISS
+Etag: W/"ce2f774c1b05c5c8a14ec9274444cba3"
+Ratelimit-Limit: 2000
+X-Content-Type-Options: nosniff
+Cache-Control: max-age=0, private, must-revalidate
+X-Gitlab-Meta: {"correlation_id":"98ee1da556bdb3d764679ebab9ab5312","version":"1"}
+Referrer-Policy: strict-origin-when-cross-origin
+X-Frame-Options: SAMEORIGIN
+Gitlab-Sv: localhost
+Content-Security-Policy: default-src 'none'
+X-Runtime: 0.165471
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Observed: 22
+Ratelimit-Reset: 1701333951
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:51 GMT
+
+{"id":43524600,"iid":2,"project_id":15578026,"title":"Test branch","description":"do not merge this PR","state":"opened","created_at":"2019-11-28T15:56:54.104Z","updated_at":"2020-04-19T19:24:21.108Z","merge_status":"can_be_merged","approved":true,"approvals_required":0,"approvals_left":0,"require_password_to_approve":false,"approved_by":[{"user":{"id":4575606,"username":"real6543","name":"6543","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/4575606/avatar.png","web_url":"https://gitlab.com/real6543"}}],"suggested_approvers":[],"approvers":[],"approver_groups":[{"group":{"id":3181312,"web_url":"https://gitlab.com/groups/gitea","name":"gitea","path":"gitea","description":"Mirror of Gitea source code repositories","visibility":"public","share_with_group_lock":false,"require_two_factor_authentication":false,"two_factor_grace_period":48,"project_creation_level":"maintainer","auto_devops_enabled":null,"subgroup_creation_level":"owner","emails_disabled":false,"emails_enabled":true,"mentions_disabled":null,"lfs_enabled":true,"default_branch_protection":2,"default_branch_protection_defaults":{"allowed_to_push":[{"access_level":30}],"allow_force_push":true,"allowed_to_merge":[{"access_level":30}]},"avatar_url":"https://gitlab.com/uploads/-/system/group/avatar/3181312/gitea.png","request_access_enabled":true,"full_name":"gitea","full_path":"gitea","created_at":"2018-07-04T16:32:10.176Z","parent_id":null,"shared_runners_setting":"enabled","ldap_cn":null,"ldap_access":null,"wiki_access_level":"enabled"}}],"user_has_approved":false,"user_can_approve":false,"approval_rules_left":[],"has_approval_rules":true,"merge_request_approvers_available":false,"multiple_approval_rules_available":false,"invalid_approvers_rules":[]}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=1&per_page=1 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=1&per_page=1
new file mode 100644
index 0000000000..aab7a74df8
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=1&per_page=1
@@ -0,0 +1,29 @@
+X-Prev-Page: 
+X-Runtime: 0.066211
+Strict-Transport-Security: max-age=31536000
+Content-Security-Policy: default-src 'none'
+X-Per-Page: 1
+X-Total: 2
+Ratelimit-Reset: 1701333950
+Ratelimit-Limit: 2000
+Cf-Cache-Status: MISS
+X-Content-Type-Options: nosniff
+X-Gitlab-Meta: {"correlation_id":"d0f8c843558e938161d7307b686f1cd9","version":"1"}
+Gitlab-Sv: localhost
+Set-Cookie: _cfuvid=WFMplweUX3zWl6uoteYRHeDcpElbTNYhWrIBbNEVC3A-1701333890399-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Content-Type: application/json
+X-Total-Pages: 2
+Etag: W/"798718b23a2ec66b16cce20cb7155116"
+X-Next-Page: 2
+Link: <https://gitlab.com/api/v4/projects/15578026/merge_requests/2/award_emoji?id=15578026&merge_request_iid=2&page=2&per_page=1>; rel="next", <https://gitlab.com/api/v4/projects/15578026/merge_requests/2/award_emoji?id=15578026&merge_request_iid=2&page=1&per_page=1>; rel="first", <https://gitlab.com/api/v4/projects/15578026/merge_requests/2/award_emoji?id=15578026&merge_request_iid=2&page=2&per_page=1>; rel="last"
+Vary: Origin, Accept-Encoding
+Ratelimit-Observed: 18
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:50 GMT
+X-Frame-Options: SAMEORIGIN
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Remaining: 1982
+Gitlab-Lb: haproxy-main-31-lb-gprd
+Cache-Control: max-age=0, private, must-revalidate
+X-Page: 1
+
+[{"id":5541414,"name":"thumbsup","user":{"id":4575606,"username":"real6543","name":"6543","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/4575606/avatar.png","web_url":"https://gitlab.com/real6543"},"created_at":"2020-09-02T23:42:34.310Z","updated_at":"2020-09-02T23:42:34.310Z","awardable_id":43524600,"awardable_type":"MergeRequest","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=2&per_page=1 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=2&per_page=1
new file mode 100644
index 0000000000..5d85a567e8
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=2&per_page=1
@@ -0,0 +1,29 @@
+Cf-Cache-Status: MISS
+Etag: W/"e6776aaa57e6a81bf8a2d8823272cc70"
+X-Frame-Options: SAMEORIGIN
+X-Gitlab-Meta: {"correlation_id":"db01aae11b0cf7febcf051706159faae","version":"1"}
+X-Total-Pages: 2
+Strict-Transport-Security: max-age=31536000
+Gitlab-Lb: haproxy-main-51-lb-gprd
+X-Total: 2
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Limit: 2000
+Cache-Control: max-age=0, private, must-revalidate
+X-Next-Page: 
+Set-Cookie: _cfuvid=X0n26HdiufQTXsshb4pvCyuf0jDSstPZ8GnIiyx57YU-1701333890628-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Link: <https://gitlab.com/api/v4/projects/15578026/merge_requests/2/award_emoji?id=15578026&merge_request_iid=2&page=1&per_page=1>; rel="prev", <https://gitlab.com/api/v4/projects/15578026/merge_requests/2/award_emoji?id=15578026&merge_request_iid=2&page=1&per_page=1>; rel="first", <https://gitlab.com/api/v4/projects/15578026/merge_requests/2/award_emoji?id=15578026&merge_request_iid=2&page=2&per_page=1>; rel="last"
+Ratelimit-Observed: 19
+Ratelimit-Reset: 1701333950
+Content-Type: application/json
+Vary: Origin, Accept-Encoding
+X-Per-Page: 1
+X-Runtime: 0.067511
+Gitlab-Sv: localhost
+X-Prev-Page: 1
+Ratelimit-Remaining: 1981
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:50 GMT
+Content-Security-Policy: default-src 'none'
+X-Content-Type-Options: nosniff
+X-Page: 2
+
+[{"id":5541415,"name":"tada","user":{"id":4575606,"username":"real6543","name":"6543","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/4575606/avatar.png","web_url":"https://gitlab.com/real6543"},"created_at":"2020-09-02T23:42:59.060Z","updated_at":"2020-09-02T23:42:59.060Z","awardable_id":43524600,"awardable_type":"MergeRequest","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=3&per_page=1 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=3&per_page=1
new file mode 100644
index 0000000000..aa5a50e45b
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_merge_requests_2_award_emoji?page=3&per_page=1
@@ -0,0 +1,31 @@
+X-Page: 3
+Strict-Transport-Security: max-age=31536000
+Accept-Ranges: bytes
+Set-Cookie: _cfuvid=CBSpRhUuajZbJ9Mc_r7SkVmZawoSi5ofuts2TGyHgRk-1701333890842-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Cache-Control: max-age=0, private, must-revalidate
+X-Prev-Page: 
+X-Total-Pages: 2
+Ratelimit-Reset: 1701333950
+Gitlab-Sv: localhost
+X-Content-Type-Options: nosniff
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:50 GMT
+Gitlab-Lb: haproxy-main-05-lb-gprd
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Vary: Origin, Accept-Encoding
+X-Frame-Options: SAMEORIGIN
+X-Gitlab-Meta: {"correlation_id":"36817edd7cae21d5d6b875faf173ce80","version":"1"}
+X-Per-Page: 1
+X-Total: 2
+Referrer-Policy: strict-origin-when-cross-origin
+Content-Security-Policy: default-src 'none'
+Link: <https://gitlab.com/api/v4/projects/15578026/merge_requests/2/award_emoji?id=15578026&merge_request_iid=2&page=1&per_page=1>; rel="first", <https://gitlab.com/api/v4/projects/15578026/merge_requests/2/award_emoji?id=15578026&merge_request_iid=2&page=2&per_page=1>; rel="last"
+X-Next-Page: 
+X-Runtime: 0.061075
+Ratelimit-Limit: 2000
+Ratelimit-Observed: 20
+Cf-Cache-Status: MISS
+Content-Type: application/json
+Content-Length: 2
+Ratelimit-Remaining: 1980
+
+[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_milestones?page=1&per_page=100&state=all b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_milestones?page=1&per_page=100&state=all
new file mode 100644
index 0000000000..78310e123d
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_milestones?page=1&per_page=100&state=all
@@ -0,0 +1,29 @@
+X-Content-Type-Options: nosniff
+X-Next-Page: 
+Ratelimit-Observed: 5
+X-Frame-Options: SAMEORIGIN
+X-Per-Page: 100
+Ratelimit-Limit: 2000
+Cf-Cache-Status: MISS
+Strict-Transport-Security: max-age=31536000
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:46 GMT
+Content-Security-Policy: default-src 'none'
+Link: <https://gitlab.com/api/v4/projects/15578026/milestones?id=15578026&include_parent_milestones=false&page=1&per_page=100&state=all>; rel="first", <https://gitlab.com/api/v4/projects/15578026/milestones?id=15578026&include_parent_milestones=false&page=1&per_page=100&state=all>; rel="last"
+X-Gitlab-Meta: {"correlation_id":"4f72373995f8681ce127c62d384745a3","version":"1"}
+Gitlab-Sv: localhost
+X-Runtime: 0.073691
+Ratelimit-Remaining: 1995
+Ratelimit-Reset: 1701333946
+Content-Type: application/json
+Etag: W/"c8e2d3a5f05ee29c58b665c86684f9f9"
+X-Page: 1
+Gitlab-Lb: haproxy-main-47-lb-gprd
+Vary: Origin, Accept-Encoding
+X-Prev-Page: 
+X-Total: 2
+Cache-Control: max-age=0, private, must-revalidate
+X-Total-Pages: 1
+Set-Cookie: _cfuvid=ZfjvK5rh2nTUjEDt1Guwzd8zrl6uCDplfE8NBPbdJ7c-1701333886832-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+
+[{"id":1082927,"iid":2,"project_id":15578026,"title":"1.1.0","description":"","state":"active","created_at":"2019-11-28T08:42:44.575Z","updated_at":"2019-11-28T08:42:44.575Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/gitea/test_repo/-/milestones/2"},{"id":1082926,"iid":1,"project_id":15578026,"title":"1.0.0","description":"","state":"closed","created_at":"2019-11-28T08:42:30.301Z","updated_at":"2019-11-28T15:57:52.401Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/gitea/test_repo/-/milestones/1"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_releases?page=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_releases?page=1&per_page=100
new file mode 100644
index 0000000000..9be0b74729
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_15578026_releases?page=1&per_page=100
@@ -0,0 +1,29 @@
+Strict-Transport-Security: max-age=31536000
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Reset: 1701333947
+X-Total: 1
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:47 GMT
+Ratelimit-Limit: 2000
+X-Runtime: 0.178411
+Gitlab-Lb: haproxy-main-15-lb-gprd
+Vary: Origin, Accept-Encoding
+X-Page: 1
+X-Frame-Options: SAMEORIGIN
+Ratelimit-Observed: 7
+Cf-Cache-Status: MISS
+Etag: W/"dccc7159dc4b46989d13128a7d6ee859"
+X-Content-Type-Options: nosniff
+Ratelimit-Remaining: 1993
+X-Gitlab-Meta: {"correlation_id":"0044a3de3ede2f913cabe6e464dd73c2","version":"1"}
+X-Total-Pages: 1
+X-Next-Page: 
+X-Per-Page: 100
+Content-Type: application/json
+Content-Security-Policy: default-src 'none'
+Set-Cookie: _cfuvid=h1ayMNs6W_kFPoFe28IpiaFUz1ZAPvY6npUWxARRx4I-1701333887452-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Link: <https://gitlab.com/api/v4/projects/15578026/releases?id=15578026&order_by=released_at&page=1&per_page=100&sort=desc>; rel="first", <https://gitlab.com/api/v4/projects/15578026/releases?id=15578026&order_by=released_at&page=1&per_page=100&sort=desc>; rel="last"
+Gitlab-Sv: localhost
+Cache-Control: max-age=0, private, must-revalidate
+X-Prev-Page: 
+
+[{"name":"First Release","tag_name":"v0.9.99","description":"A test release","created_at":"2019-11-28T09:09:48.840Z","released_at":"2019-11-28T09:09:48.836Z","upcoming_release":false,"author":{"id":1241334,"username":"lafriks","name":"Lauris BH","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/1241334/avatar.png","web_url":"https://gitlab.com/lafriks"},"commit":{"id":"0720a3ec57c1f843568298117b874319e7deee75","short_id":"0720a3ec","created_at":"2019-11-28T08:49:16.000+00:00","parent_ids":["93ea21ce45d35690c35e80961d239645139e872c"],"title":"Add new file","message":"Add new file","author_name":"Lauris BH","author_email":"lauris@nix.lv","authored_date":"2019-11-28T08:49:16.000+00:00","committer_name":"Lauris BH","committer_email":"lauris@nix.lv","committed_date":"2019-11-28T08:49:16.000+00:00","trailers":{},"extended_trailers":{},"web_url":"https://gitlab.com/gitea/test_repo/-/commit/0720a3ec57c1f843568298117b874319e7deee75"},"commit_path":"/gitea/test_repo/-/commit/0720a3ec57c1f843568298117b874319e7deee75","tag_path":"/gitea/test_repo/-/tags/v0.9.99","assets":{"count":4,"sources":[{"format":"zip","url":"https://gitlab.com/gitea/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.zip"},{"format":"tar.gz","url":"https://gitlab.com/gitea/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.gz"},{"format":"tar.bz2","url":"https://gitlab.com/gitea/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.bz2"},{"format":"tar","url":"https://gitlab.com/gitea/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar"}],"links":[]},"evidences":[{"sha":"89f1223473ee01f192a83d0cb89f4d1eac1de74f01ad","filepath":"https://gitlab.com/gitea/test_repo/-/releases/v0.9.99/evidences/52147.json","collected_at":"2019-11-28T09:09:48.888Z"}],"_links":{"closed_issues_url":"https://gitlab.com/gitea/test_repo/-/issues?release_tag=v0.9.99\u0026scope=all\u0026state=closed","closed_merge_requests_url":"https://gitlab.com/gitea/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=closed","merged_merge_requests_url":"https://gitlab.com/gitea/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=merged","opened_issues_url":"https://gitlab.com/gitea/test_repo/-/issues?release_tag=v0.9.99\u0026scope=all\u0026state=opened","opened_merge_requests_url":"https://gitlab.com/gitea/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=opened","self":"https://gitlab.com/gitea/test_repo/-/releases/v0.9.99"}}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_projects_gitea%2Ftest_repo b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_gitea%2Ftest_repo
new file mode 100644
index 0000000000..07fed52a81
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_projects_gitea%2Ftest_repo
@@ -0,0 +1,22 @@
+Content-Security-Policy: default-src 'none'
+Vary: Origin, Accept-Encoding
+Referrer-Policy: strict-origin-when-cross-origin
+Gitlab-Sv: localhost
+X-Content-Type-Options: nosniff
+Ratelimit-Reset: 1701333946
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:46 GMT
+X-Runtime: 0.144599
+Content-Type: application/json
+X-Gitlab-Meta: {"correlation_id":"919887b868b11ed34c5917e98b4be40d","version":"1"}
+Ratelimit-Observed: 2
+Gitlab-Lb: haproxy-main-42-lb-gprd
+Strict-Transport-Security: max-age=31536000
+Cf-Cache-Status: MISS
+Ratelimit-Limit: 2000
+Set-Cookie: _cfuvid=BENIrMVlxs_tt.JplEkDKbUrMpOF_kjRRLJOifNTLqY-1701333886061-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Etag: W/"3cacfe29f44a69e84a577337eac55d89"
+X-Frame-Options: SAMEORIGIN
+Cache-Control: max-age=0, private, must-revalidate
+Ratelimit-Remaining: 1998
+
+{"id":15578026,"description":"Test repository for testing migration from gitlab to gitea","name":"test_repo","name_with_namespace":"gitea / test_repo","path":"test_repo","path_with_namespace":"gitea/test_repo","created_at":"2019-11-28T08:20:33.019Z","default_branch":"master","tag_list":["migration","test"],"topics":["migration","test"],"ssh_url_to_repo":"git@gitlab.com:gitea/test_repo.git","http_url_to_repo":"https://gitlab.com/gitea/test_repo.git","web_url":"https://gitlab.com/gitea/test_repo","readme_url":"https://gitlab.com/gitea/test_repo/-/blob/master/README.md","forks_count":1,"avatar_url":null,"star_count":0,"last_activity_at":"2020-04-19T19:46:04.527Z","namespace":{"id":3181312,"name":"gitea","path":"gitea","kind":"group","full_path":"gitea","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/3181312/gitea.png","web_url":"https://gitlab.com/groups/gitea"},"container_registry_image_prefix":"registry.gitlab.com/gitea/test_repo","_links":{"self":"https://gitlab.com/api/v4/projects/15578026","issues":"https://gitlab.com/api/v4/projects/15578026/issues","merge_requests":"https://gitlab.com/api/v4/projects/15578026/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/15578026/repository/branches","labels":"https://gitlab.com/api/v4/projects/15578026/labels","events":"https://gitlab.com/api/v4/projects/15578026/events","members":"https://gitlab.com/api/v4/projects/15578026/members","cluster_agents":"https://gitlab.com/api/v4/projects/15578026/cluster_agents"},"packages_enabled":true,"empty_repo":false,"archived":false,"visibility":"public","resolve_outdated_diff_discussions":false,"issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":true,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":1241334,"import_status":"none","open_issues_count":0,"description_html":"\u003cp data-sourcepos=\"1:1-1:58\" dir=\"auto\"\u003eTest repository for testing migration from gitlab to gitea\u003c/p\u003e","updated_at":"2022-08-26T19:41:46.691Z","ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"ff","squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"autoclose_referenced_issues":true,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":false,"compliance_frameworks":[],"permissions":{"project_access":null,"group_access":null}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/_api_v4_version b/services/migrations/testdata/gitlab/full_download/_api_v4_version
new file mode 100644
index 0000000000..7c2cd320ad
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/_api_v4_version
@@ -0,0 +1,22 @@
+Etag: W/"4e5c0a031c3aacb6ba0a3c19e67d7592"
+Ratelimit-Observed: 1
+Content-Type: application/json
+Ratelimit-Remaining: 1999
+Set-Cookie: _cfuvid=qtYbzv8YeGg4q7XaV0aAE2.YqWIp_xrYPGilXrlecsk-1701333885742-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Gitlab-Meta: {"correlation_id":"c7c75f0406e1b1b9705a6d7e9bdb06a5","version":"1"}
+X-Runtime: 0.039264
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Ratelimit-Reset: 1701333945
+Gitlab-Sv: localhost
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:45:45 GMT
+Gitlab-Lb: haproxy-main-23-lb-gprd
+Cache-Control: max-age=0, private, must-revalidate
+X-Frame-Options: SAMEORIGIN
+Ratelimit-Limit: 2000
+
+{"version":"16.7.0-pre","revision":"acd848a9228","kas":{"enabled":true,"externalUrl":"wss://kas.gitlab.com","version":"v16.7.0-rc2"},"enterprise":true}
\ No newline at end of file

From abc129c762b3c1a992ad5c67adf62d8336eadbbe Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Thu, 30 Nov 2023 13:56:47 +0000
Subject: [PATCH 32/62] [GITEA] Avoid conflicts of issue and PR numbers in
 GitLab migration (#1790)

Closes #1789.

The bug was due to the fact that GitLab does not guarantee that issue numbers are created sequentially: some identifiers can be skipped. Therefore, the new pull requests numbers should not be offset by the number of issues, but by the maximum issue number.

See for instance https://gitlab.com/troyengel/archbuild/-/issues/?sort=created_date&state=all&first_page_size=20, where there is only a singe issue with number "2".

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1790
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
(cherry picked from commit 2c185c39fe600041701d5f59cb1076a788815cb4)
(cherry picked from commit 8f68dc4c9c2f0acab55d59a496b0f141befad969)
(cherry picked from commit 7e932b7fca1b119e7cc646183c383ba51a5f1d14)
(cherry picked from commit 6bbe75ecf8ac502bd42ff5765e6e7733f290a54e)
(cherry picked from commit b18c2e8d658c3311e0a299696bd1b6612c52ef13)

Conflicts:
	services/migrations/gitlab.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
---
 services/migrations/gitlab_test.go            | 43 +++++++++++++++++++
 .../_api_v4_projects_6590996                  | 22 ++++++++++
 ...sues?page=1&per_page=10&sort=asc&state=all | 29 +++++++++++++
 ...96_issues_2_award_emoji?page=1&per_page=10 | 31 +++++++++++++
 ...ge_requests?page=1&per_page=10&view=simple | 29 +++++++++++++
 .../_api_v4_projects_6590996_merge_requests_1 | 22 ++++++++++
 ..._requests_1_award_emoji?page=1&per_page=10 | 31 +++++++++++++
 .../_api_v4_projects_troyengel%2Farchbuild    | 22 ++++++++++
 .../skipped_issue_number/_api_v4_version      | 22 ++++++++++
 9 files changed, 251 insertions(+)
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_issues?page=1&per_page=10&sort=asc&state=all
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_issues_2_award_emoji?page=1&per_page=10
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests?page=1&per_page=10&view=simple
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests_1
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests_1_award_emoji?page=1&per_page=10
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_troyengel%2Farchbuild
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_version

diff --git a/services/migrations/gitlab_test.go b/services/migrations/gitlab_test.go
index fe56c2f4e6..25324a087f 100644
--- a/services/migrations/gitlab_test.go
+++ b/services/migrations/gitlab_test.go
@@ -334,6 +334,49 @@ func TestGitlabDownloadRepo(t *testing.T) {
 	}, rvs)
 }
 
+func TestGitlabSkippedIssueNumber(t *testing.T) {
+	// If a GitLab access token is provided, this test will make HTTP requests to the live gitlab.com instance.
+	// When doing so, the responses from gitlab.com will be saved as test data files.
+	// If no access token is available, those cached responses will be used instead.
+	gitlabPersonalAccessToken := os.Getenv("GITLAB_READ_TOKEN")
+	fixturePath := "./testdata/gitlab/skipped_issue_number"
+	server := unittest.NewMockWebServer(t, "https://gitlab.com", fixturePath, gitlabPersonalAccessToken != "")
+	defer server.Close()
+
+	downloader, err := NewGitlabDownloader(context.Background(), server.URL, "troyengel/archbuild", "", "", gitlabPersonalAccessToken)
+	if err != nil {
+		t.Fatalf("NewGitlabDownloader is nil: %v", err)
+	}
+	repo, err := downloader.GetRepoInfo()
+	assert.NoError(t, err)
+	assertRepositoryEqual(t, &base.Repository{
+		Name:          "archbuild",
+		Owner:         "troyengel",
+		Description:   "Arch packaging and build files",
+		CloneURL:      server.URL + "/troyengel/archbuild.git",
+		OriginalURL:   server.URL + "/troyengel/archbuild",
+		DefaultBranch: "master",
+	}, repo)
+
+	issues, isEnd, err := downloader.GetIssues(1, 10)
+	assert.NoError(t, err)
+	assert.True(t, isEnd)
+
+	// the only issue in this repository has number 2
+	assert.EqualValues(t, 1, len(issues))
+	assert.EqualValues(t, 2, issues[0].Number)
+	assert.EqualValues(t, "vpn unlimited errors", issues[0].Title)
+
+	prs, _, err := downloader.GetPullRequests(1, 10)
+	assert.NoError(t, err)
+	// the only merge request in this repository has number 1,
+	// but we offset it by the maximum issue number so it becomes
+	// pull request 3 in Forgejo
+	assert.EqualValues(t, 1, len(prs))
+	assert.EqualValues(t, 3, prs[0].Number)
+	assert.EqualValues(t, "Review", prs[0].Title)
+}
+
 func gitlabClientMockSetup(t *testing.T) (*http.ServeMux, *httptest.Server, *gitlab.Client) {
 	// mux is the HTTP request multiplexer used with the test server.
 	mux := http.NewServeMux()
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996 b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996
new file mode 100644
index 0000000000..db8d596173
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996
@@ -0,0 +1,22 @@
+X-Runtime: 0.088022
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Observed: 3
+Cache-Control: max-age=0, private, must-revalidate
+Etag: W/"03ce4f6ce1c1e8c5a31df8a44cf2fbdd"
+Gitlab-Lb: haproxy-main-11-lb-gprd
+Content-Security-Policy: default-src 'none'
+Ratelimit-Limit: 2000
+X-Gitlab-Meta: {"correlation_id":"b57b226f741f9140a1fea54f65cb5cfd","version":"1"}
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Remaining: 1997
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:53 GMT
+Set-Cookie: _cfuvid=V0ToiOTUW0XbtWq7BirwVNfL1_YP1POMrLBnDSEWS0M-1701332633965-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+Gitlab-Sv: localhost
+Content-Type: application/json
+Vary: Origin, Accept-Encoding
+Ratelimit-Reset: 1701332693
+Cf-Cache-Status: MISS
+
+{"id":6590996,"description":"Arch packaging and build files","name":"archbuild","name_with_namespace":"Troy Engel / archbuild","path":"archbuild","path_with_namespace":"troyengel/archbuild","created_at":"2018-06-03T22:53:17.388Z","default_branch":"master","tag_list":[],"topics":[],"ssh_url_to_repo":"git@gitlab.com:troyengel/archbuild.git","http_url_to_repo":"https://gitlab.com/troyengel/archbuild.git","web_url":"https://gitlab.com/troyengel/archbuild","readme_url":"https://gitlab.com/troyengel/archbuild/-/blob/master/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2020-12-13T18:09:32.071Z","namespace":{"id":1452515,"name":"Troy Engel","path":"troyengel","kind":"user","full_path":"troyengel","parent_id":null,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"container_registry_image_prefix":"registry.gitlab.com/troyengel/archbuild","_links":{"self":"https://gitlab.com/api/v4/projects/6590996","issues":"https://gitlab.com/api/v4/projects/6590996/issues","merge_requests":"https://gitlab.com/api/v4/projects/6590996/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/6590996/repository/branches","labels":"https://gitlab.com/api/v4/projects/6590996/labels","events":"https://gitlab.com/api/v4/projects/6590996/events","members":"https://gitlab.com/api/v4/projects/6590996/members","cluster_agents":"https://gitlab.com/api/v4/projects/6590996/cluster_agents"},"packages_enabled":null,"empty_repo":false,"archived":true,"visibility":"public","owner":{"id":1215848,"username":"troyengel","name":"Troy Engel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"resolve_outdated_diff_discussions":false,"issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":false,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"shared_runners_enabled":true,"lfs_enabled":false,"creator_id":1215848,"import_status":"finished","open_issues_count":0,"description_html":"\u003cp data-sourcepos=\"1:1-1:30\" dir=\"auto\"\u003eArch packaging and build files\u003c/p\u003e","updated_at":"2022-07-13T21:32:12.624Z","ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":false,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":null,"printing_merge_request_link_enabled":true,"merge_method":"merge","squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"autoclose_referenced_issues":true,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":false,"compliance_frameworks":[],"permissions":{"project_access":null,"group_access":null}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_issues?page=1&per_page=10&sort=asc&state=all b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_issues?page=1&per_page=10&sort=asc&state=all
new file mode 100644
index 0000000000..99133d5f8d
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_issues?page=1&per_page=10&sort=asc&state=all
@@ -0,0 +1,29 @@
+Link: <https://gitlab.com/api/v4/projects/6590996/issues?id=6590996&order_by=created_at&page=1&per_page=10&sort=asc&state=all&with_labels_details=false>; rel="first", <https://gitlab.com/api/v4/projects/6590996/issues?id=6590996&order_by=created_at&page=1&per_page=10&sort=asc&state=all&with_labels_details=false>; rel="last"
+Ratelimit-Observed: 4
+Ratelimit-Remaining: 1996
+Gitlab-Lb: haproxy-main-04-lb-gprd
+Vary: Origin, Accept-Encoding
+Content-Security-Policy: default-src 'none'
+X-Next-Page: 
+Ratelimit-Reset: 1701332694
+Etag: W/"f50a70d0fc1465a289d231f80806ced7"
+X-Gitlab-Meta: {"correlation_id":"47afd74254dd7946d2b2bded87448c60","version":"1"}
+X-Page: 1
+X-Prev-Page: 
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:54 GMT
+Cf-Cache-Status: MISS
+X-Total: 1
+X-Total-Pages: 1
+Strict-Transport-Security: max-age=31536000
+Content-Type: application/json
+X-Frame-Options: SAMEORIGIN
+Ratelimit-Limit: 2000
+Gitlab-Sv: localhost
+Set-Cookie: _cfuvid=YDWTZ5VoSuLBDZgKsBnXMyYxz.0rHJ9TBYXv5zBj24Q-1701332634294-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Cache-Control: max-age=0, private, must-revalidate
+X-Content-Type-Options: nosniff
+X-Per-Page: 10
+X-Runtime: 0.179458
+
+[{"id":11201348,"iid":2,"project_id":6590996,"title":"vpn unlimited errors","description":"updated version to 2.8.0, build and tried running `vpnu-arch`:\n\n```\nvpn-unlimited: /usr/lib/libcurl.so.3: no version information available (required by /usr/lib/libvpnu_rpc.so.1)\nvpn-unlimited: /usr/lib/libssl.so.1.0.0: no version information available (required by /usr/lib/libvpnu_enc.so.1)\nvpn-unlimited: symbol lookup error: /usr/lib/libvpnu_rpc.so.1: undefined symbol: _ZNK4Json5Value8asStringEv\n```\n","state":"closed","created_at":"2016-03-26T16:41:12.000Z","updated_at":"2016-03-27T12:19:27.000Z","closed_at":null,"closed_by":null,"labels":[],"milestone":null,"assignees":[],"author":{"id":10273,"username":"brauliobo","name":"Bráulio Bhavamitra","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/cd3fcb7a417c8acb989fc320b604a2a8?s=80\u0026d=identicon","web_url":"https://gitlab.com/brauliobo"},"type":"ISSUE","assignee":null,"user_notes_count":1,"merge_requests_count":0,"upvotes":0,"downvotes":0,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/troyengel/archbuild/-/issues/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/6590996/issues/2","notes":"https://gitlab.com/api/v4/projects/6590996/issues/2/notes","award_emoji":"https://gitlab.com/api/v4/projects/6590996/issues/2/award_emoji","project":"https://gitlab.com/api/v4/projects/6590996","closed_as_duplicate_of":null},"references":{"short":"#2","relative":"#2","full":"troyengel/archbuild#2"},"severity":"UNKNOWN","moved_to_id":null,"service_desk_reply_to":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_issues_2_award_emoji?page=1&per_page=10 b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_issues_2_award_emoji?page=1&per_page=10
new file mode 100644
index 0000000000..8f829d08f0
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_issues_2_award_emoji?page=1&per_page=10
@@ -0,0 +1,31 @@
+Gitlab-Sv: localhost
+X-Content-Type-Options: nosniff
+Gitlab-Lb: haproxy-main-25-lb-gprd
+X-Total-Pages: 1
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Observed: 5
+Ratelimit-Remaining: 1995
+Content-Security-Policy: default-src 'none'
+X-Gitlab-Meta: {"correlation_id":"eeab46d836341bd4cb18e3d2e82abf97","version":"1"}
+Ratelimit-Limit: 2000
+Accept-Ranges: bytes
+Content-Type: application/json
+X-Page: 1
+X-Frame-Options: SAMEORIGIN
+X-Prev-Page: 
+Cf-Cache-Status: MISS
+X-Total: 0
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:54 GMT
+Link: <https://gitlab.com/api/v4/projects/6590996/issues/2/award_emoji?id=6590996&issue_iid=2&page=1&per_page=10>; rel="first", <https://gitlab.com/api/v4/projects/6590996/issues/2/award_emoji?id=6590996&issue_iid=2&page=1&per_page=10>; rel="last"
+X-Per-Page: 10
+Set-Cookie: _cfuvid=c5HuTPxOuSXdHSuVrXQALS.uV7WvAYfc5Mc_143EAB8-1701332634513-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Content-Length: 2
+Vary: Origin, Accept-Encoding
+Cache-Control: max-age=0, private, must-revalidate
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+X-Runtime: 0.069269
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Reset: 1701332694
+X-Next-Page: 
+
+[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests?page=1&per_page=10&view=simple b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests?page=1&per_page=10&view=simple
new file mode 100644
index 0000000000..5339392008
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests?page=1&per_page=10&view=simple
@@ -0,0 +1,29 @@
+Vary: Origin, Accept-Encoding
+Strict-Transport-Security: max-age=31536000
+Gitlab-Sv: localhost
+X-Content-Type-Options: nosniff
+X-Prev-Page: 
+Ratelimit-Reset: 1701332694
+Cache-Control: max-age=0, private, must-revalidate
+Ratelimit-Limit: 2000
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Observed: 6
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:54 GMT
+Cf-Cache-Status: MISS
+Content-Type: application/json
+Content-Security-Policy: default-src 'none'
+Etag: W/"1a50811aa3cccb2e6a404a976422a83a"
+X-Total: 1
+Ratelimit-Remaining: 1994
+Set-Cookie: _cfuvid=u.zumTkG1ayCnh_OwrT9Q1Fl3MXV9Gh98W.ma4WN2Xs-1701332634745-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Link: <https://gitlab.com/api/v4/projects/6590996/merge_requests?id=6590996&order_by=created_at&page=1&per_page=10&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="first", <https://gitlab.com/api/v4/projects/6590996/merge_requests?id=6590996&order_by=created_at&page=1&per_page=10&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="last"
+X-Frame-Options: SAMEORIGIN
+X-Page: 1
+X-Total-Pages: 1
+Gitlab-Lb: haproxy-main-05-lb-gprd
+X-Gitlab-Meta: {"correlation_id":"907f9e1f94131ea7a6d1405100a8cc4b","version":"1"}
+X-Next-Page: 
+X-Per-Page: 10
+X-Runtime: 0.078413
+
+[{"id":10518914,"iid":1,"project_id":6590996,"title":"Review","description":"*Created by: cgtx*\n\n### remove patch from makedepends\n- patch is in base-devel\n- The group base-devel is assumed to be already installed when building with makepkg. Members of \"base-devel\" should not be included in makedepends arrays.\n- https://wiki.archlinux.org/index.php/Pkgbuild#makedepends\n### remove python2 from makedepends\n- python2 is a dependency of python2-setuptools.  It is redundant to list it again.\n- You do not need to list packages that your software depends on if other packages your software depends on already have those packages listed in their dependency.\n- https://wiki.archlinux.org/index.php/Pkgbuild#depends\n### more simple find/delete command\n- just because\n","state":"merged","created_at":"2014-12-12T15:01:32.000Z","updated_at":"2014-12-12T15:28:38.000Z","web_url":"https://gitlab.com/troyengel/archbuild/-/merge_requests/1"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests_1 b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests_1
new file mode 100644
index 0000000000..18e8a8583f
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests_1
@@ -0,0 +1,22 @@
+Ratelimit-Observed: 7
+Set-Cookie: _cfuvid=_b9GQEo3CBPMs9QmGE89dBdOmbSTfnYjZlzValULQPs-1701332635000-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Strict-Transport-Security: max-age=31536000
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:54 GMT
+Gitlab-Lb: haproxy-main-50-lb-gprd
+Gitlab-Sv: localhost
+X-Gitlab-Meta: {"correlation_id":"da44cd0303a4e62cc52ed8de3b2adf14","version":"1"}
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Remaining: 1993
+Etag: W/"f6299e7e884cb8df8109256c086eb4e7"
+X-Runtime: 0.107573
+Content-Type: application/json
+Ratelimit-Reset: 1701332694
+X-Frame-Options: SAMEORIGIN
+Cache-Control: max-age=0, private, must-revalidate
+X-Content-Type-Options: nosniff
+Ratelimit-Limit: 2000
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Vary: Origin, Accept-Encoding
+
+{"id":10518914,"iid":1,"project_id":6590996,"title":"Review","description":"*Created by: cgtx*\n\n### remove patch from makedepends\n- patch is in base-devel\n- The group base-devel is assumed to be already installed when building with makepkg. Members of \"base-devel\" should not be included in makedepends arrays.\n- https://wiki.archlinux.org/index.php/Pkgbuild#makedepends\n### remove python2 from makedepends\n- python2 is a dependency of python2-setuptools.  It is redundant to list it again.\n- You do not need to list packages that your software depends on if other packages your software depends on already have those packages listed in their dependency.\n- https://wiki.archlinux.org/index.php/Pkgbuild#depends\n### more simple find/delete command\n- just because\n","state":"merged","created_at":"2014-12-12T15:01:32.000Z","updated_at":"2014-12-12T15:28:38.000Z","merged_by":null,"merge_user":null,"merged_at":null,"closed_by":null,"closed_at":null,"target_branch":"master","source_branch":"cgtx:review","user_notes_count":1,"upvotes":0,"downvotes":0,"author":{"id":1215848,"username":"troyengel","name":"Troy Engel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"assignees":[],"assignee":null,"reviewers":[],"source_project_id":6590996,"target_project_id":6590996,"labels":[],"draft":false,"work_in_progress":false,"milestone":null,"merge_when_pipeline_succeeds":false,"merge_status":"cannot_be_merged","detailed_merge_status":"not_open","sha":"9006fee398299beed8f5d5086f8e6008ffc02280","merge_commit_sha":null,"squash_commit_sha":null,"discussion_locked":null,"should_remove_source_branch":null,"force_remove_source_branch":null,"prepared_at":"2014-12-12T15:01:32.000Z","reference":"!1","references":{"short":"!1","relative":"!1","full":"troyengel/archbuild!1"},"web_url":"https://gitlab.com/troyengel/archbuild/-/merge_requests/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"squash":false,"squash_on_merge":false,"task_completion_status":{"count":0,"completed_count":0},"has_conflicts":true,"blocking_discussions_resolved":true,"approvals_before_merge":null,"subscribed":false,"changes_count":"1","latest_build_started_at":null,"latest_build_finished_at":null,"first_deployed_to_production_at":null,"pipeline":null,"head_pipeline":null,"diff_refs":{"base_sha":"6edcf8fc09f6c44213c892f5108d34a5255a47e1","head_sha":"9006fee398299beed8f5d5086f8e6008ffc02280","start_sha":"6edcf8fc09f6c44213c892f5108d34a5255a47e1"},"merge_error":null,"first_contribution":false,"user":{"can_merge":false}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests_1_award_emoji?page=1&per_page=10 b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests_1_award_emoji?page=1&per_page=10
new file mode 100644
index 0000000000..d6f8dd4941
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_6590996_merge_requests_1_award_emoji?page=1&per_page=10
@@ -0,0 +1,31 @@
+Link: <https://gitlab.com/api/v4/projects/6590996/merge_requests/1/award_emoji?id=6590996&merge_request_iid=1&page=1&per_page=10>; rel="first", <https://gitlab.com/api/v4/projects/6590996/merge_requests/1/award_emoji?id=6590996&merge_request_iid=1&page=1&per_page=10>; rel="last"
+Set-Cookie: _cfuvid=qK29tijoyp0AdVoHf9Lqjc8Y28h4jplJDW9hOFLfq28-1701332635229-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Cache-Control: max-age=0, private, must-revalidate
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Ratelimit-Observed: 8
+Gitlab-Sv: localhost
+Content-Length: 2
+Gitlab-Lb: haproxy-main-16-lb-gprd
+X-Total: 0
+Ratelimit-Remaining: 1992
+Ratelimit-Reset: 1701332695
+Ratelimit-Limit: 2000
+Vary: Origin, Accept-Encoding
+X-Frame-Options: SAMEORIGIN
+Content-Type: application/json
+X-Content-Type-Options: nosniff
+X-Next-Page: 
+X-Page: 1
+Strict-Transport-Security: max-age=31536000
+Accept-Ranges: bytes
+Content-Security-Policy: default-src 'none'
+X-Per-Page: 10
+X-Total-Pages: 1
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:55 GMT
+Cf-Cache-Status: MISS
+X-Gitlab-Meta: {"correlation_id":"eb59d63fed23cdbec69308570cc49c3e","version":"1"}
+X-Runtime: 0.065972
+X-Prev-Page: 
+
+[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_troyengel%2Farchbuild b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_troyengel%2Farchbuild
new file mode 100644
index 0000000000..a8c2882c26
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_projects_troyengel%2Farchbuild
@@ -0,0 +1,22 @@
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:53 GMT
+Gitlab-Lb: haproxy-main-41-lb-gprd
+Cache-Control: max-age=0, private, must-revalidate
+Referrer-Policy: strict-origin-when-cross-origin
+Cf-Cache-Status: MISS
+X-Content-Type-Options: nosniff
+Set-Cookie: _cfuvid=r78xThY2IPR6QvHnea1t_L7DbvuQp4.HWOiG1cKTWUg-1701332633720-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Ratelimit-Limit: 2000
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Gitlab-Meta: {"correlation_id":"4c3e0f8b5858454b6e138ecae9902a8d","version":"1"}
+X-Runtime: 0.097047
+Ratelimit-Observed: 2
+Ratelimit-Remaining: 1998
+X-Frame-Options: SAMEORIGIN
+Content-Security-Policy: default-src 'none'
+Etag: W/"03ce4f6ce1c1e8c5a31df8a44cf2fbdd"
+Content-Type: application/json
+Gitlab-Sv: localhost
+Ratelimit-Reset: 1701332693
+
+{"id":6590996,"description":"Arch packaging and build files","name":"archbuild","name_with_namespace":"Troy Engel / archbuild","path":"archbuild","path_with_namespace":"troyengel/archbuild","created_at":"2018-06-03T22:53:17.388Z","default_branch":"master","tag_list":[],"topics":[],"ssh_url_to_repo":"git@gitlab.com:troyengel/archbuild.git","http_url_to_repo":"https://gitlab.com/troyengel/archbuild.git","web_url":"https://gitlab.com/troyengel/archbuild","readme_url":"https://gitlab.com/troyengel/archbuild/-/blob/master/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2020-12-13T18:09:32.071Z","namespace":{"id":1452515,"name":"Troy Engel","path":"troyengel","kind":"user","full_path":"troyengel","parent_id":null,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"container_registry_image_prefix":"registry.gitlab.com/troyengel/archbuild","_links":{"self":"https://gitlab.com/api/v4/projects/6590996","issues":"https://gitlab.com/api/v4/projects/6590996/issues","merge_requests":"https://gitlab.com/api/v4/projects/6590996/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/6590996/repository/branches","labels":"https://gitlab.com/api/v4/projects/6590996/labels","events":"https://gitlab.com/api/v4/projects/6590996/events","members":"https://gitlab.com/api/v4/projects/6590996/members","cluster_agents":"https://gitlab.com/api/v4/projects/6590996/cluster_agents"},"packages_enabled":null,"empty_repo":false,"archived":true,"visibility":"public","owner":{"id":1215848,"username":"troyengel","name":"Troy Engel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"resolve_outdated_diff_discussions":false,"issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":false,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"shared_runners_enabled":true,"lfs_enabled":false,"creator_id":1215848,"import_status":"finished","open_issues_count":0,"description_html":"\u003cp data-sourcepos=\"1:1-1:30\" dir=\"auto\"\u003eArch packaging and build files\u003c/p\u003e","updated_at":"2022-07-13T21:32:12.624Z","ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":false,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":null,"printing_merge_request_link_enabled":true,"merge_method":"merge","squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"autoclose_referenced_issues":true,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":false,"compliance_frameworks":[],"permissions":{"project_access":null,"group_access":null}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_version b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_version
new file mode 100644
index 0000000000..eb6df2ffb1
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/_api_v4_version
@@ -0,0 +1,22 @@
+Ratelimit-Observed: 1
+X-Gitlab-Meta: {"correlation_id":"aa75720bd9c597c7f2f886a4042d1f80","version":"1"}
+Etag: W/"4e5c0a031c3aacb6ba0a3c19e67d7592"
+X-Content-Type-Options: nosniff
+Ratelimit-Limit: 2000
+Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:53 GMT
+X-Runtime: 0.039899
+Ratelimit-Remaining: 1999
+Set-Cookie: _cfuvid=7OAEitQ3J0BOxrXk2pMBApFg1KFnz5aBVqOY7mHwLRk-1701332633452-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Content-Security-Policy: default-src 'none'
+Gitlab-Sv: localhost
+Cf-Cache-Status: MISS
+Vary: Origin, Accept-Encoding
+X-Frame-Options: SAMEORIGIN
+Cache-Control: max-age=0, private, must-revalidate
+Strict-Transport-Security: max-age=31536000
+Referrer-Policy: strict-origin-when-cross-origin
+Ratelimit-Reset: 1701332693
+Gitlab-Lb: haproxy-main-39-lb-gprd
+Content-Type: application/json
+
+{"version":"16.7.0-pre","revision":"acd848a9228","kas":{"enabled":true,"externalUrl":"wss://kas.gitlab.com","version":"v16.7.0-rc2"},"enterprise":true}
\ No newline at end of file

From 079b995d49ba7a625035fe9ec53741f6b0112007 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 17 Nov 2023 00:17:40 +0100
Subject: [PATCH 33/62] [GITEA] Allow user to select email for file operations
 in Web UI

- Add a dropdown to the web interface for changing files to select which
Email should be used for the commit. It only shows (and verifies) that a
activated mail can be used, while this isn't necessary, it's better to
have this already in place.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/281

(cherry picked from commit 564e701f407c0e110f3c7a4102bf7ed7902b815f)
(cherry picked from commit de8f2e03cc7d274049dd6a849b3d226968782644)
(cherry picked from commit 0182cff12ed4b68bd49ebc2b9951d9a29f7a36ca)
(cherry picked from commit 9c74254d4606febd702315c670db4fb6b14040a1)
(cherry picked from commit 2f0b68f821ae53dd12b496cc660353d5bf7cd143)
---
 models/user/email_address.go                 |  19 ++
 models/user/email_address_test.go            |  35 ++++
 options/locale/locale_en-US.ini              |   1 +
 routers/web/repo/editor.go                   |  66 ++++++-
 services/forms/repo_form.go                  |   1 +
 services/repository/files/file.go            |   4 +
 templates/repo/editor/commit_form.tmpl       |   8 +
 tests/integration/api_repo_languages_test.go |  11 +-
 tests/integration/editor_test.go             | 174 +++++++++++++++++--
 tests/integration/empty_repo_test.go         |   9 +-
 10 files changed, 303 insertions(+), 25 deletions(-)

diff --git a/models/user/email_address.go b/models/user/email_address.go
index 2af2621f5f..b795a7e94b 100644
--- a/models/user/email_address.go
+++ b/models/user/email_address.go
@@ -189,6 +189,25 @@ func GetEmailAddresses(ctx context.Context, uid int64) ([]*EmailAddress, error)
 	return emails, nil
 }
 
+type ActivatedEmailAddress struct {
+	ID    int64
+	Email string
+}
+
+func GetActivatedEmailAddresses(ctx context.Context, uid int64) ([]*ActivatedEmailAddress, error) {
+	emails := make([]*ActivatedEmailAddress, 0, 8)
+	if err := db.GetEngine(ctx).
+		Table("email_address").
+		Select("id, email").
+		Where("uid=?", uid).
+		And("is_activated=?", true).
+		Asc("id").
+		Find(&emails); err != nil {
+		return nil, err
+	}
+	return emails, nil
+}
+
 // GetEmailAddressByID gets a user's email address by ID
 func GetEmailAddressByID(ctx context.Context, uid, id int64) (*EmailAddress, error) {
 	// User ID is required for security reasons
diff --git a/models/user/email_address_test.go b/models/user/email_address_test.go
index 7f3ca75cfd..b20797d700 100644
--- a/models/user/email_address_test.go
+++ b/models/user/email_address_test.go
@@ -4,6 +4,7 @@
 package user_test
 
 import (
+	"fmt"
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
@@ -309,3 +310,37 @@ func TestEmailAddressValidate(t *testing.T) {
 		})
 	}
 }
+
+func TestGetActivatedEmailAddresses(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	testCases := []struct {
+		UID      int64
+		expected []*user_model.ActivatedEmailAddress
+	}{
+		{
+			UID:      1,
+			expected: []*user_model.ActivatedEmailAddress{{ID: 9, Email: "user1@example.com"}, {ID: 33, Email: "user1-2@example.com"}, {ID: 34, Email: "user1-3@example.com"}},
+		},
+		{
+			UID:      2,
+			expected: []*user_model.ActivatedEmailAddress{{ID: 3, Email: "user2@example.com"}},
+		},
+		{
+			UID:      4,
+			expected: []*user_model.ActivatedEmailAddress{{ID: 11, Email: "user4@example.com"}},
+		},
+		{
+			UID:      11,
+			expected: []*user_model.ActivatedEmailAddress{},
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(fmt.Sprintf("User %d", testCase.UID), func(t *testing.T) {
+			emails, err := user_model.GetActivatedEmailAddresses(db.DefaultContext, testCase.UID)
+			assert.NoError(t, err)
+			assert.Equal(t, testCase.expected, emails)
+		})
+	}
+}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 09ee4dfe8e..f57474fe24 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1244,6 +1244,7 @@ editor.new_branch_name_desc = New branch name…
 editor.cancel = Cancel
 editor.filename_cannot_be_empty = The filename cannot be empty.
 editor.filename_is_invalid = The filename is invalid: "%s".
+editor.invalid_commit_mail = Invalid mail for creating a commit.
 editor.branch_does_not_exist = Branch "%s" does not exist in this repository.
 editor.branch_already_exists = Branch "%s" already exists in this repository.
 editor.directory_is_a_file = Directory name "%s" is already used as a filename in this repository.
diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go
index 5e7cd1caa3..c19e0aa32d 100644
--- a/routers/web/repo/editor.go
+++ b/routers/web/repo/editor.go
@@ -14,6 +14,7 @@ import (
 	git_model "code.gitea.io/gitea/models/git"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/charset"
 	"code.gitea.io/gitea/modules/context"
@@ -99,6 +100,27 @@ func getParentTreeFields(treePath string) (treeNames, treePaths []string) {
 	return treeNames, treePaths
 }
 
+// getSelectableEmailAddresses returns which emails can be used by the user as
+// email for a Git commiter.
+func getSelectableEmailAddresses(ctx *context.Context) ([]*user_model.ActivatedEmailAddress, error) {
+	// Retrieve emails that the user could use for commiter identity.
+	commitEmails, err := user_model.GetActivatedEmailAddresses(ctx, ctx.Doer.ID)
+	if err != nil {
+		return nil, fmt.Errorf("GetActivatedEmailAddresses: %w", err)
+	}
+
+	// Allow for the placeholder mail to be used. Use -1 as ID to identify
+	// this entry to be the placerholder mail of the user.
+	placeholderMail := &user_model.ActivatedEmailAddress{ID: -1, Email: ctx.Doer.GetPlaceholderEmail()}
+	if ctx.Doer.KeepEmailPrivate {
+		commitEmails = append([]*user_model.ActivatedEmailAddress{placeholderMail}, commitEmails...)
+	} else {
+		commitEmails = append(commitEmails, placeholderMail)
+	}
+
+	return commitEmails, nil
+}
+
 func editFile(ctx *context.Context, isNewFile bool) {
 	ctx.Data["PageIsEdit"] = true
 	ctx.Data["IsNewFile"] = isNewFile
@@ -177,6 +199,12 @@ func editFile(ctx *context.Context, isNewFile bool) {
 		treeNames = append(treeNames, fileName)
 	}
 
+	commitEmails, err := getSelectableEmailAddresses(ctx)
+	if err != nil {
+		ctx.ServerError("getSelectableEmailAddresses", err)
+		return
+	}
+
 	ctx.Data["TreeNames"] = treeNames
 	ctx.Data["TreePaths"] = treePaths
 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
@@ -192,6 +220,8 @@ func editFile(ctx *context.Context, isNewFile bool) {
 	ctx.Data["PreviewableExtensions"] = strings.Join(markup.PreviewableExtensions(), ",")
 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
 	ctx.Data["EditorconfigJson"] = GetEditorConfig(ctx, treePath)
+	ctx.Data["CommitMails"] = commitEmails
+	ctx.Data["DefaultCommitMail"] = ctx.Doer.GetEmail()
 
 	ctx.HTML(http.StatusOK, tplEditFile)
 }
@@ -227,6 +257,12 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
 		branchName = form.NewBranchName
 	}
 
+	commitEmails, err := getSelectableEmailAddresses(ctx)
+	if err != nil {
+		ctx.ServerError("getSelectableEmailAddresses", err)
+		return
+	}
+
 	ctx.Data["PageIsEdit"] = true
 	ctx.Data["PageHasPosted"] = true
 	ctx.Data["IsNewFile"] = isNewFile
@@ -243,6 +279,8 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
 	ctx.Data["PreviewableExtensions"] = strings.Join(markup.PreviewableExtensions(), ",")
 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
 	ctx.Data["EditorconfigJson"] = GetEditorConfig(ctx, form.TreePath)
+	ctx.Data["CommitMails"] = commitEmails
+	ctx.Data["DefaultCommitMail"] = ctx.Doer.GetEmail()
 
 	if ctx.HasError() {
 		ctx.HTML(http.StatusOK, tplEditFile)
@@ -277,6 +315,30 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
 		operation = "create"
 	}
 
+	gitIdentity := &files_service.IdentityOptions{
+		Name: ctx.Doer.Name,
+	}
+
+	// -1 is defined as placeholder email.
+	if form.CommitMailID == -1 {
+		gitIdentity.Email = ctx.Doer.GetPlaceholderEmail()
+	} else {
+		// Check if the given email is activated.
+		email, err := user_model.GetEmailAddressByID(ctx, ctx.Doer.ID, form.CommitMailID)
+		if err != nil {
+			ctx.ServerError("GetEmailAddressByID", err)
+			return
+		}
+
+		if email == nil || !email.IsActivated {
+			ctx.Data["Err_CommitMailID"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.invalid_commit_mail"), tplEditFile, &form)
+			return
+		}
+
+		gitIdentity.Email = email.Email
+	}
+
 	if _, err := files_service.ChangeRepoFiles(ctx, ctx.Repo.Repository, ctx.Doer, &files_service.ChangeRepoFilesOptions{
 		LastCommitID: form.LastCommit,
 		OldBranch:    ctx.Repo.BranchName,
@@ -290,7 +352,9 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
 				ContentReader: strings.NewReader(strings.ReplaceAll(form.Content, "\r", "")),
 			},
 		},
-		Signoff: form.Signoff,
+		Signoff:   form.Signoff,
+		Author:    gitIdentity,
+		Committer: gitIdentity,
 	}); err != nil {
 		// This is where we handle all the errors thrown by files_service.ChangeRepoFiles
 		if git.IsErrNotExist(err) {
diff --git a/services/forms/repo_form.go b/services/forms/repo_form.go
index 86599000a5..ed4d82e1e5 100644
--- a/services/forms/repo_form.go
+++ b/services/forms/repo_form.go
@@ -767,6 +767,7 @@ type EditRepoFileForm struct {
 	CommitChoice  string `binding:"Required;MaxSize(50)"`
 	NewBranchName string `binding:"GitRefName;MaxSize(100)"`
 	LastCommit    string
+	CommitMailID  int64 `binding:"Required"`
 	Signoff       bool
 }
 
diff --git a/services/repository/files/file.go b/services/repository/files/file.go
index 16783f5b5f..852cca0371 100644
--- a/services/repository/files/file.go
+++ b/services/repository/files/file.go
@@ -123,6 +123,8 @@ func GetAuthorAndCommitterUsers(author, committer *IdentityOptions, doer *user_m
 			if committer.Name != "" {
 				committerUser.FullName = committer.Name
 			}
+			// Use the provided email and not revert to placeholder mail.
+			committerUser.KeepEmailPrivate = false
 		} else {
 			committerUser = &user_model.User{
 				FullName: committer.Name,
@@ -136,6 +138,8 @@ func GetAuthorAndCommitterUsers(author, committer *IdentityOptions, doer *user_m
 			if authorUser.Name != "" {
 				authorUser.FullName = author.Name
 			}
+			// Use the provided email and not revert to placeholder mail.
+			authorUser.KeepEmailPrivate = false
 		} else {
 			authorUser = &user_model.User{
 				FullName: author.Name,
diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl
index 34dde576a1..6fd240da62 100644
--- a/templates/repo/editor/commit_form.tmpl
+++ b/templates/repo/editor/commit_form.tmpl
@@ -66,6 +66,14 @@
 			</div>
 			{{end}}
 		</div>
+		<div class="field {{if .Err_CommitMailID}}error{{end}}">
+			<label for="commit_mail_id">Commit email</label>
+			<select class="ui selection dropdown" name="commit_mail_id">
+			{{range .CommitMails}}
+				<option{{if eq $.DefaultCommitMail .Email}} selected="selected"{{end}} value="{{.ID}}">{{.Email}}</option>
+			{{end}}
+			</select>
+		</div>
 	</div>
 	<button id="commit-button" type="submit" class="ui primary button">
 		{{if eq .commit_choice "commit-to-new-branch"}}{{ctx.Locale.Tr "repo.editor.propose_file_change"}}{{else}}{{ctx.Locale.Tr "repo.editor.commit_changes"}}{{end}}
diff --git a/tests/integration/api_repo_languages_test.go b/tests/integration/api_repo_languages_test.go
index 1045aef57d..3572e2a8e1 100644
--- a/tests/integration/api_repo_languages_test.go
+++ b/tests/integration/api_repo_languages_test.go
@@ -26,11 +26,12 @@ func TestRepoLanguages(t *testing.T) {
 
 		// Save new file to master branch
 		req = NewRequestWithValues(t, "POST", "/user2/repo1/_new/master/", map[string]string{
-			"_csrf":         doc.GetCSRF(),
-			"last_commit":   lastCommit,
-			"tree_path":     "test.go",
-			"content":       "package main",
-			"commit_choice": "direct",
+			"_csrf":          doc.GetCSRF(),
+			"last_commit":    lastCommit,
+			"tree_path":      "test.go",
+			"content":        "package main",
+			"commit_choice":  "direct",
+			"commit_mail_id": "3",
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
 
diff --git a/tests/integration/editor_test.go b/tests/integration/editor_test.go
index de2a9d7d23..5f005a7320 100644
--- a/tests/integration/editor_test.go
+++ b/tests/integration/editor_test.go
@@ -4,14 +4,21 @@
 package integration
 
 import (
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"path"
 	"testing"
 
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	gitea_context "code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/translation"
+	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -30,11 +37,12 @@ func TestCreateFile(t *testing.T) {
 
 		// Save new file to master branch
 		req = NewRequestWithValues(t, "POST", "/user2/repo1/_new/master/", map[string]string{
-			"_csrf":         doc.GetCSRF(),
-			"last_commit":   lastCommit,
-			"tree_path":     "test.txt",
-			"content":       "Content",
-			"commit_choice": "direct",
+			"_csrf":          doc.GetCSRF(),
+			"last_commit":    lastCommit,
+			"tree_path":      "test.txt",
+			"content":        "Content",
+			"commit_choice":  "direct",
+			"commit_mail_id": "3",
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
 	})
@@ -67,11 +75,12 @@ func TestCreateFileOnProtectedBranch(t *testing.T) {
 
 		// Save new file to master branch
 		req = NewRequestWithValues(t, "POST", "/user2/repo1/_new/master/", map[string]string{
-			"_csrf":         doc.GetCSRF(),
-			"last_commit":   lastCommit,
-			"tree_path":     "test.txt",
-			"content":       "Content",
-			"commit_choice": "direct",
+			"_csrf":          doc.GetCSRF(),
+			"last_commit":    lastCommit,
+			"tree_path":      "test.txt",
+			"content":        "Content",
+			"commit_choice":  "direct",
+			"commit_mail_id": "3",
 		})
 
 		resp = session.MakeRequest(t, req, http.StatusOK)
@@ -111,11 +120,12 @@ func testEditFile(t *testing.T, session *TestSession, user, repo, branch, filePa
 	// Submit the edits
 	req = NewRequestWithValues(t, "POST", path.Join(user, repo, "_edit", branch, filePath),
 		map[string]string{
-			"_csrf":         htmlDoc.GetCSRF(),
-			"last_commit":   lastCommit,
-			"tree_path":     filePath,
-			"content":       newContent,
-			"commit_choice": "direct",
+			"_csrf":          htmlDoc.GetCSRF(),
+			"last_commit":    lastCommit,
+			"tree_path":      filePath,
+			"content":        newContent,
+			"commit_choice":  "direct",
+			"commit_mail_id": "-1",
 		},
 	)
 	session.MakeRequest(t, req, http.StatusSeeOther)
@@ -146,6 +156,7 @@ func testEditFileToNewBranch(t *testing.T, session *TestSession, user, repo, bra
 			"content":         newContent,
 			"commit_choice":   "commit-to-new-branch",
 			"new_branch_name": targetBranch,
+			"commit_mail_id":  "-1",
 		},
 	)
 	session.MakeRequest(t, req, http.StatusSeeOther)
@@ -171,3 +182,136 @@ func TestEditFileToNewBranch(t *testing.T) {
 		testEditFileToNewBranch(t, session, "user2", "repo1", "master", "feature/test", "README.md", "Hello, World (Edited)\n")
 	})
 }
+
+func TestEditFileCommitMail(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, _ *url.URL) {
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		session := loginUser(t, user.Name)
+		link := path.Join("user2", "repo1", "_edit", "master", "README.md")
+
+		lastCommitAndCSRF := func() (string, string) {
+			req := NewRequest(t, "GET", link)
+			resp := session.MakeRequest(t, req, http.StatusOK)
+
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			lastCommit := htmlDoc.GetInputValueByName("last_commit")
+			assert.NotEmpty(t, lastCommit)
+
+			return lastCommit, htmlDoc.GetCSRF()
+		}
+
+		t.Run("Not activated", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			email := unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{ID: 35, UID: user.ID})
+			assert.False(t, email.IsActivated)
+
+			lastCommit, csrf := lastCommitAndCSRF()
+			req := NewRequestWithValues(t, "POST", link, map[string]string{
+				"_csrf":          csrf,
+				"last_commit":    lastCommit,
+				"tree_path":      "README.md",
+				"content":        "new_content",
+				"commit_choice":  "direct",
+				"commit_mail_id": fmt.Sprintf("%d", email.ID),
+			})
+			resp := session.MakeRequest(t, req, http.StatusOK)
+
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			assert.Contains(t,
+				htmlDoc.doc.Find(".ui.negative.message").Text(),
+				translation.NewLocale("en-US").Tr("repo.editor.invalid_commit_mail"),
+			)
+		})
+
+		t.Run("Not belong to user", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			email := unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{ID: 1, IsActivated: true})
+			assert.NotEqualValues(t, email.UID, user.ID)
+
+			lastCommit, csrf := lastCommitAndCSRF()
+			req := NewRequestWithValues(t, "POST", link, map[string]string{
+				"_csrf":          csrf,
+				"last_commit":    lastCommit,
+				"tree_path":      "README.md",
+				"content":        "new_content",
+				"commit_choice":  "direct",
+				"commit_mail_id": fmt.Sprintf("%d", email.ID),
+			})
+			resp := session.MakeRequest(t, req, http.StatusOK)
+
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			assert.Contains(t,
+				htmlDoc.doc.Find(".ui.negative.message").Text(),
+				translation.NewLocale("en-US").Tr("repo.editor.invalid_commit_mail"),
+			)
+		})
+
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		gitRepo, _ := git.OpenRepository(git.DefaultContext, repo1.RepoPath())
+		defer gitRepo.Close()
+
+		t.Run("Placeholder mail", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			lastCommit, csrf := lastCommitAndCSRF()
+			req := NewRequestWithValues(t, "POST", link, map[string]string{
+				"_csrf":          csrf,
+				"last_commit":    lastCommit,
+				"tree_path":      "README.md",
+				"content":        "authored by placeholder mail",
+				"commit_choice":  "direct",
+				"commit_mail_id": "-1",
+			})
+			session.MakeRequest(t, req, http.StatusSeeOther)
+
+			commit, err := gitRepo.GetCommitByPath("README.md")
+			assert.NoError(t, err)
+
+			fileContent, err := commit.GetFileContent("README.md", 64)
+			assert.NoError(t, err)
+			assert.EqualValues(t, "authored by placeholder mail", fileContent)
+
+			assert.EqualValues(t, "user2", commit.Author.Name)
+			assert.EqualValues(t, "user2@noreply.example.org", commit.Author.Email)
+			assert.EqualValues(t, "user2", commit.Committer.Name)
+			assert.EqualValues(t, "user2@noreply.example.org", commit.Committer.Email)
+		})
+
+		t.Run("Normal", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			// Require that the user has KeepEmailPrivate enabled, because it needs
+			// to be tested that even with this setting enabled, it will use the
+			// provided mail and not revert to the placeholder one.
+			assert.True(t, user.KeepEmailPrivate)
+
+			email := unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{ID: 3, UID: user.ID, IsActivated: true})
+
+			lastCommit, csrf := lastCommitAndCSRF()
+			req := NewRequestWithValues(t, "POST", link, map[string]string{
+				"_csrf":          csrf,
+				"last_commit":    lastCommit,
+				"tree_path":      "README.md",
+				"content":        "authored by activated mail",
+				"commit_choice":  "direct",
+				"commit_mail_id": fmt.Sprintf("%d", email.ID),
+			})
+			session.MakeRequest(t, req, http.StatusSeeOther)
+
+			commit, err := gitRepo.GetCommitByPath("README.md")
+			assert.NoError(t, err)
+
+			fileContent, err := commit.GetFileContent("README.md", 64)
+			assert.NoError(t, err)
+			assert.EqualValues(t, "authored by activated mail", fileContent)
+
+			assert.EqualValues(t, "user2", commit.Author.Name)
+			assert.EqualValues(t, email.Email, commit.Author.Email)
+			assert.EqualValues(t, "user2", commit.Committer.Name)
+			assert.EqualValues(t, email.Email, commit.Committer.Email)
+		})
+	})
+}
diff --git a/tests/integration/empty_repo_test.go b/tests/integration/empty_repo_test.go
index 8842de5f6f..34777accaf 100644
--- a/tests/integration/empty_repo_test.go
+++ b/tests/integration/empty_repo_test.go
@@ -54,10 +54,11 @@ func TestEmptyRepoAddFile(t *testing.T) {
 	doc := NewHTMLParser(t, resp.Body).Find(`input[name="commit_choice"]`)
 	assert.Empty(t, doc.AttrOr("checked", "_no_"))
 	req = NewRequestWithValues(t, "POST", "/user30/empty/_new/"+setting.Repository.DefaultBranch, map[string]string{
-		"_csrf":         GetCSRF(t, session, "/user/settings"),
-		"commit_choice": "direct",
-		"tree_path":     "test-file.md",
-		"content":       "newly-added-test-file",
+		"_csrf":          GetCSRF(t, session, "/user/settings"),
+		"commit_choice":  "direct",
+		"tree_path":      "test-file.md",
+		"content":        "newly-added-test-file",
+		"commit_mail_id": "32",
 	})
 
 	resp = session.MakeRequest(t, req, http.StatusSeeOther)

From a46ef652ebac4422f6e4d48a676f8386dbfb7d0d Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 26 Nov 2023 20:43:51 +0100
Subject: [PATCH 34/62] [GITEA] Require Latex code to have a end sequence

- Currently the parser will look for `\[` and `$$` to detect when Latex
code starts, it will look for `\]` and `$$` respectively in order to
determine the end of the code. However if no end is found the parser
assumes the rest of the input is part of the Latex code.
- Adjust the parser's behavior to not allow the case to assume the rest
of the input is part of the Latex code and requires in order to
determine if some input is Latex code that the end sequence is also
specified.
- Example: `\[hello]` would no longer be detected as Latex code with
this patch.
- Added unit tests.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1817

(cherry picked from commit 452aef1bb1a5ccf986f187b6467d9827b01789f3)
(cherry picked from commit 8a857c24b0421145ece67a69d54e78af20689e0d)
(cherry picked from commit acd1456db9e5a16ad0f697b52b789cca4f96fc7c)
(cherry picked from commit 6523b45073838c168df75108b444f7fb2ef9dd2c)
(cherry picked from commit e2e1a8afe7f8a2627d518e7dc18cc7f97ca86e48)
---
 modules/markup/markdown/markdown_test.go     | 12 ++++++++++++
 modules/markup/markdown/math/block_parser.go |  5 +----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index 8f855f1b13..caffe0ea43 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -510,6 +510,18 @@ func TestMathBlock(t *testing.T) {
 			"$$a$$",
 			`<pre class="code-block is-loading"><code class="chroma language-math display">a</code></pre>` + nl,
 		},
+		{
+			`\[a b\]`,
+			`<pre class="code-block is-loading"><code class="chroma language-math display">a b</code></pre>` + nl,
+		},
+		{
+			`\[a b]`,
+			`<p>[a b]</p>` + nl,
+		},
+		{
+			`$$a`,
+			`<p>$$a</p>` + nl,
+		},
 	}
 
 	for _, test := range testcases {
diff --git a/modules/markup/markdown/math/block_parser.go b/modules/markup/markdown/math/block_parser.go
index 7f714d7239..f3262c82c0 100644
--- a/modules/markup/markdown/math/block_parser.go
+++ b/modules/markup/markdown/math/block_parser.go
@@ -55,10 +55,7 @@ func (b *blockParser) Open(parent ast.Node, reader text.Reader, pc parser.Contex
 		return node, parser.Close | parser.NoChildren
 	}
 
-	reader.Advance(segment.Len() - 1)
-	segment.Start += 2
-	node.Lines().Append(segment)
-	return node, parser.NoChildren
+	return nil, parser.NoChildren
 }
 
 // Continue parses the current line and returns a result of parsing.

From f5b41300a86222308eb605c84945ed7c9770b04d Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 28 Nov 2023 12:46:34 +0100
Subject: [PATCH 35/62] [GITEA] Add download URL for executable files

- Consider executable files as a valid case when returning a downloadURL
for them. They are just regular files with the difference being the
executable permission bit being set.
- Not integration testing as it's not possible without adding adjusting
the existing repositories to have a executable file.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1825

(cherry picked from commit ca32891d548c302b0f3b3072647058278ffb9cbf)
(cherry picked from commit 72c9df8e457ea291f767e6edf2b3c8f9af15700f)
(cherry picked from commit 0eae22d429a66f137daa200f559883a6b6a31de0)
(cherry picked from commit d37d0773bc005df19f300f9ada03632ea9f97642)
(cherry picked from commit de4532a96721ed4259aa36cb417bb49ed979f6e5)
---
 services/repository/files/content.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/repository/files/content.go b/services/repository/files/content.go
index 30d62fbcdf..8a3219bb18 100644
--- a/services/repository/files/content.go
+++ b/services/repository/files/content.go
@@ -219,7 +219,7 @@ func GetContents(ctx context.Context, repo *repo_model.Repository, treePath, ref
 		}
 	}
 	// Handle links
-	if entry.IsRegular() || entry.IsLink() {
+	if entry.IsRegular() || entry.IsLink() || entry.IsExecutable() {
 		downloadURL, err := url.Parse(repo.HTMLURL() + "/raw/" + url.PathEscape(string(refType)) + "/" + util.PathEscapeSegments(ref) + "/" + util.PathEscapeSegments(treePath))
 		if err != nil {
 			return nil, err

From f4e19d332392cb455b3b4e32e271f3e42302bbc8 Mon Sep 17 00:00:00 2001
From: Gergely Nagy <forgejo@gergo.csillger.hu>
Date: Fri, 1 Dec 2023 13:07:36 +0000
Subject: [PATCH 36/62] [GITEA] new doctor check:
 fix-push-mirrors-without-git-remote (#1853)

This adds a new `doctor` check: `fix-push-mirrors-without-git-remote`. The new check looks for push mirrors that do not have their remotes configured in git. If automatic fixing is enabled, it will remove these push mirrors from the database.

The check is not run by default, and thus, must be invoked manually. It should be usable in a half-migrated state, too, and as such, fixes #1800.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1853
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 9038e07ef35978336612588d68c1315179a45c73)
(cherry picked from commit b15bafcbc7d9033b0cc7b0fd888915b117e08d42)
(cherry picked from commit 93ba05a2dd9fdec46f337542cd5f22c8960ac55f)
(cherry picked from commit e418ea80822361e387b460c583592bbd83d4a39e)
(cherry picked from commit 321790a91ec8553d1b3668f606ebec762865dd17)
---
 models/migrations/v1_21/v276.go           | 29 +-------
 models/repo/pushmirror.go                 | 24 ++++++
 modules/doctor/push_mirror_consistency.go | 91 +++++++++++++++++++++++
 tests/integration/mirror_push_test.go     | 28 ++++++-
 4 files changed, 145 insertions(+), 27 deletions(-)
 create mode 100644 modules/doctor/push_mirror_consistency.go

diff --git a/models/migrations/v1_21/v276.go b/models/migrations/v1_21/v276.go
index ed1bc3bda5..67e950177d 100644
--- a/models/migrations/v1_21/v276.go
+++ b/models/migrations/v1_21/v276.go
@@ -4,13 +4,7 @@
 package v1_21 //nolint
 
 import (
-	"context"
-	"fmt"
-	"path/filepath"
-	"strings"
-
-	"code.gitea.io/gitea/modules/git"
-	giturl "code.gitea.io/gitea/modules/git/url"
+	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/setting"
 
 	"xorm.io/xorm"
@@ -73,7 +67,7 @@ func migratePullMirrors(x *xorm.Engine) error {
 		start += len(mirrors)
 
 		for _, m := range mirrors {
-			remoteAddress, err := getRemoteAddress(m.RepoOwner, m.RepoName, "origin")
+			remoteAddress, err := repo_model.GetPushMirrorRemoteAddress(m.RepoOwner, m.RepoName, "origin")
 			if err != nil {
 				return err
 			}
@@ -136,7 +130,7 @@ func migratePushMirrors(x *xorm.Engine) error {
 		start += len(mirrors)
 
 		for _, m := range mirrors {
-			remoteAddress, err := getRemoteAddress(m.RepoOwner, m.RepoName, m.RemoteName)
+			remoteAddress, err := repo_model.GetPushMirrorRemoteAddress(m.RepoOwner, m.RepoName, m.RemoteName)
 			if err != nil {
 				return err
 			}
@@ -160,20 +154,3 @@ func migratePushMirrors(x *xorm.Engine) error {
 
 	return sess.Commit()
 }
-
-func getRemoteAddress(ownerName, repoName, remoteName string) (string, error) {
-	repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(ownerName), strings.ToLower(repoName)+".git")
-
-	remoteURL, err := git.GetRemoteAddress(context.Background(), repoPath, remoteName)
-	if err != nil {
-		return "", fmt.Errorf("get remote %s's address of %s/%s failed: %v", remoteName, ownerName, repoName, err)
-	}
-
-	u, err := giturl.Parse(remoteURL)
-	if err != nil {
-		return "", err
-	}
-	u.User = nil
-
-	return u.String(), nil
-}
diff --git a/models/repo/pushmirror.go b/models/repo/pushmirror.go
index 24c58faf84..60e3093f44 100644
--- a/models/repo/pushmirror.go
+++ b/models/repo/pushmirror.go
@@ -5,10 +5,16 @@ package repo
 
 import (
 	"context"
+	"fmt"
+	"path/filepath"
+	"strings"
 	"time"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/git"
+	giturl "code.gitea.io/gitea/modules/git/url"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
 
@@ -129,3 +135,21 @@ func PushMirrorsIterate(ctx context.Context, limit int, f func(idx int, bean any
 	}
 	return sess.Iterate(new(PushMirror), f)
 }
+
+// GetPushMirrorRemoteAddress returns the address of associated with a repository's given remote.
+func GetPushMirrorRemoteAddress(ownerName, repoName, remoteName string) (string, error) {
+	repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(ownerName), strings.ToLower(repoName)+".git")
+
+	remoteURL, err := git.GetRemoteAddress(context.Background(), repoPath, remoteName)
+	if err != nil {
+		return "", fmt.Errorf("get remote %s's address of %s/%s failed: %v", remoteName, ownerName, repoName, err)
+	}
+
+	u, err := giturl.Parse(remoteURL)
+	if err != nil {
+		return "", err
+	}
+	u.User = nil
+
+	return u.String(), nil
+}
diff --git a/modules/doctor/push_mirror_consistency.go b/modules/doctor/push_mirror_consistency.go
new file mode 100644
index 0000000000..68b96d6415
--- /dev/null
+++ b/modules/doctor/push_mirror_consistency.go
@@ -0,0 +1,91 @@
+// Copyright 2023 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package doctor
+
+import (
+	"context"
+	"strings"
+
+	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/modules/log"
+
+	"xorm.io/builder"
+)
+
+func FixPushMirrorsWithoutGitRemote(ctx context.Context, logger log.Logger, autofix bool) error {
+	var missingMirrors []*repo_model.PushMirror
+
+	err := db.Iterate(ctx, builder.Gt{"id": 0}, func(ctx context.Context, repo *repo_model.Repository) error {
+		pushMirrors, _, err := repo_model.GetPushMirrorsByRepoID(ctx, repo.ID, db.ListOptions{})
+		if err != nil {
+			return err
+		}
+
+		for i := 0; i < len(pushMirrors); i++ {
+			_, err = repo_model.GetPushMirrorRemoteAddress(repo.OwnerName, repo.Name, pushMirrors[i].RemoteName)
+			if err != nil {
+				if strings.Contains(err.Error(), "No such remote") {
+					missingMirrors = append(missingMirrors, pushMirrors[i])
+				} else if logger != nil {
+					logger.Warn("Unable to retrieve the remote address of a mirror: %s", err)
+				}
+			}
+		}
+
+		return nil
+	})
+	if err != nil {
+		if logger != nil {
+			logger.Critical("Unable to iterate across repounits to fix push mirrors without a git remote: Error %v", err)
+		}
+		return err
+	}
+
+	count := len(missingMirrors)
+	if !autofix {
+		if logger != nil {
+			if count == 0 {
+				logger.Info("Found no push mirrors with missing git remotes")
+			} else {
+				logger.Warn("Found %d push mirrors with missing git remotes", count)
+			}
+		}
+		return nil
+	}
+
+	for i := 0; i < len(missingMirrors); i++ {
+		if logger != nil {
+			logger.Info("Removing push mirror #%d (remote: %s), for repo: %s/%s",
+				missingMirrors[i].ID,
+				missingMirrors[i].RemoteName,
+				missingMirrors[i].GetRepository(ctx).OwnerName,
+				missingMirrors[i].GetRepository(ctx).Name)
+		}
+
+		err = repo_model.DeletePushMirrors(ctx, repo_model.PushMirrorOptions{
+			ID:         missingMirrors[i].ID,
+			RepoID:     missingMirrors[i].RepoID,
+			RemoteName: missingMirrors[i].RemoteName,
+		})
+		if err != nil {
+			if logger != nil {
+				logger.Critical("Error removing a push mirror (repo_id: %d, push_mirror: %d): %s", missingMirrors[i].Repo.ID, missingMirrors[i].ID, err)
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func init() {
+	Register(&Check{
+		Title:     "Check for push mirrors without a git remote configured",
+		Name:      "fix-push-mirrors-without-git-remote",
+		IsDefault: false,
+		Run:       FixPushMirrorsWithoutGitRemote,
+		Priority:  7,
+	})
+}
diff --git a/tests/integration/mirror_push_test.go b/tests/integration/mirror_push_test.go
index c6f0c85616..8df2567c4e 100644
--- a/tests/integration/mirror_push_test.go
+++ b/tests/integration/mirror_push_test.go
@@ -16,6 +16,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	gitea_context "code.gitea.io/gitea/modules/context"
+	doctor "code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/migrations"
@@ -47,10 +48,11 @@ func testMirrorPush(t *testing.T, u *url.URL) {
 	ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name)
 
 	doCreatePushMirror(ctx, fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(ctx.Username), url.PathEscape(mirrorRepo.Name)), user.LowerName, userPassword)(t)
+	doCreatePushMirror(ctx, fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(ctx.Username), url.PathEscape("does-not-matter")), user.LowerName, userPassword)(t)
 
 	mirrors, _, err := repo_model.GetPushMirrorsByRepoID(db.DefaultContext, srcRepo.ID, db.ListOptions{})
 	assert.NoError(t, err)
-	assert.Len(t, mirrors, 1)
+	assert.Len(t, mirrors, 2)
 
 	ok := mirror_service.SyncPushMirror(context.Background(), mirrors[0].ID)
 	assert.True(t, ok)
@@ -71,6 +73,30 @@ func testMirrorPush(t *testing.T, u *url.URL) {
 
 	assert.Equal(t, srcCommit.ID, mirrorCommit.ID)
 
+	// Test that we can "repair" push mirrors where the remote doesn't exist in git's state.
+	// To do that, we artificially remove the remote...
+	cmd := git.NewCommand(db.DefaultContext, "remote", "rm").AddDynamicArguments(mirrors[0].RemoteName)
+	_, _, err = cmd.RunStdString(&git.RunOpts{Dir: srcRepo.RepoPath()})
+	assert.NoError(t, err)
+
+	// ...then ensure that trying to get its remote address fails
+	_, err = repo_model.GetPushMirrorRemoteAddress(srcRepo.OwnerName, srcRepo.Name, mirrors[0].RemoteName)
+	assert.Error(t, err)
+
+	// ...and that we can fix it.
+	err = doctor.FixPushMirrorsWithoutGitRemote(db.DefaultContext, nil, true)
+	assert.NoError(t, err)
+
+	// ...and after fixing, we only have one remote
+	mirrors, _, err = repo_model.GetPushMirrorsByRepoID(db.DefaultContext, srcRepo.ID, db.ListOptions{})
+	assert.NoError(t, err)
+	assert.Len(t, mirrors, 1)
+
+	// ...one we can get the address of, and it's not the one we removed
+	remoteAddress, err := repo_model.GetPushMirrorRemoteAddress(srcRepo.OwnerName, srcRepo.Name, mirrors[0].RemoteName)
+	assert.NoError(t, err)
+	assert.Contains(t, remoteAddress, "does-not-matter")
+
 	// Cleanup
 	doRemovePushMirror(ctx, fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(ctx.Username), url.PathEscape(mirrorRepo.Name)), user.LowerName, userPassword, int(mirrors[0].ID))(t)
 	mirrors, _, err = repo_model.GetPushMirrorsByRepoID(db.DefaultContext, srcRepo.ID, db.ListOptions{})

From ed53157084bfac78c76ad924a9473caee4897829 Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Mon, 4 Dec 2023 14:10:23 +0100
Subject: [PATCH 37/62] [GITEA] fix VSCode settings

Without this change, I get the error:
> Error creating test engine: sqlite3 requires: import _ "github.com/mattn/go-sqlite3" or -tags sqlite,sqlite_unlock_notify

(cherry picked from commit 15fa4cf98e6f72203e4e1e8906ae32ce5cc6b753)
(cherry picked from commit 29932030932e74410857fcdb97ccca9374c8232a)
(cherry picked from commit f5054e48832d056ab72bf6c46369bc64098dc06b)
(cherry picked from commit e14c5f934c65441e5b2a75e084f17fc4812f6e52)
---
 contrib/ide/vscode/settings.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contrib/ide/vscode/settings.json b/contrib/ide/vscode/settings.json
index e33bccf902..2ec666f3c1 100644
--- a/contrib/ide/vscode/settings.json
+++ b/contrib/ide/vscode/settings.json
@@ -1,4 +1,4 @@
 {
-    "go.buildTags": "'sqlite sqlite_unlock_notify'",
+    "go.buildTags": "sqlite,sqlite_unlock_notify",
     "go.testFlags": ["-v"]
-}
\ No newline at end of file
+}

From 1e289375462e4ba24be5432d035fe5d149789c73 Mon Sep 17 00:00:00 2001
From: Otto Richter <git@otto.splvs.net>
Date: Tue, 5 Dec 2023 22:32:11 +0100
Subject: [PATCH 38/62] [GITEA] correct default license selection

The default license choice was not working as expected,
because both the files in options/license were named differently, and
the setting string is not parsed properly.

The documentation will also be corrected.

See conversation on Matrix:
https://matrix.to/#/%23forgejo-chat%3Amatrix.org/%24ue13GJPr2d7D8fEaLx8yh1mFn3a4TVy_khkajrAYtx0?via=matrix.tu-berlin.de&via=turbo.ooo&via=matrix.org&via=catgirl.cloud

(cherry picked from commit 450a34d08d6d00063e97c4e176cdfe0695367985)
(cherry picked from commit 2770af7044cc8e5e564318a0d733b43ec16bdde5)
(cherry picked from commit 0fadf41985917d629b18c0a822b6317fa618c841)
(cherry picked from commit 9c3aa1dbbd13f2670d76ea00c00fec3b9cbb0339)
(cherry picked from commit f8ecff84222163ba513e81244c37d78c47499922)
---
 modules/setting/repository.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/setting/repository.go b/modules/setting/repository.go
index 9697a851d3..d5a521b973 100644
--- a/modules/setting/repository.go
+++ b/modules/setting/repository.go
@@ -150,7 +150,7 @@ var (
 		DefaultPrivate:                          RepoCreatingLastUserVisibility,
 		DefaultPushCreatePrivate:                true,
 		MaxCreationLimit:                        -1,
-		PreferredLicenses:                       []string{"Apache License 2.0", "MIT License"},
+		PreferredLicenses:                       []string{"Apache-2.0", "MIT"},
 		DisableHTTPGit:                          false,
 		AccessControlAllowOrigin:                "",
 		UseCompatSSHURI:                         false,

From cd3e0a74e6a7bb90da6f069b7fea0796d5f3d775 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Thu, 7 Dec 2023 23:17:14 +0100
Subject: [PATCH 39/62] [GITEA] Make HTTPS schema default for Swagger

- Switch the supported schemas for the Swagger API around, such that
https is the first one listed. This ensures that when the Swagger API is
used it will default to the https schema, which is likely the schema you
want to use in the majority of the cases.
- Resolves #1895

BREAKING CHANGE NOTICE:
If you are using the Swagger API JSON directly to communicate with the
Forgejo API, the library you are using may be using the first schema
defined in the JSON file (e.g. https://code.forgejo.org/swagger.v1.json)
to construct the request url, this used to be `http` but has now changed
to `https`. This can cause failures if you want to send the swagger
request over `http` (and there is no HTTPS redirection configured).

(cherry picked from commit 81e5f438868192e9cca46824ceb3db787bdd8629)
(cherry picked from commit d847469ea278e77ed4fd6147dd54025ce222ebc9)
(cherry picked from commit 96e75e1d5ca97cd4c668fc60d444dc91c98e83a6)
(cherry picked from commit 65baa6426109403f0b8a779b061f7733d8034ba7)
---
 routers/api/v1/api.go          | 2 +-
 templates/swagger/v1_json.tmpl | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index b092fd3602..7ec74ab70e 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -6,7 +6,7 @@
 //
 // This documentation describes the Gitea API.
 //
-//	Schemes: http, https
+//	Schemes: https, http
 //	BasePath: /api/v1
 //	Version: {{AppVer | JSEscape | Safe}}
 //	License: MIT http://opensource.org/licenses/MIT
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 6d85b9673a..4d7bf00549 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -8,8 +8,8 @@
     "text/html"
   ],
   "schemes": [
-    "http",
-    "https"
+    "https",
+    "http"
   ],
   "swagger": "2.0",
   "info": {

From 9e5cce1afccebcd6146e5e0d364bfdbb840b5276 Mon Sep 17 00:00:00 2001
From: Gergely Nagy <forgejo@gergo.csillger.hu>
Date: Fri, 8 Dec 2023 13:41:48 +0100
Subject: [PATCH 40/62] [GITEA] allow viewing the latest Action Run on the web

Similar to how some other parts of the web UI support a `/latest` path
to directly go to the latest of a certain thing, let the Actions web UI
do the same: `/{owner}/{repo}/actions/runs/latest` will redirect to the
latest run, if there's one available.

Fixes gitea#27991.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit f67ccef1dd3146b0b942a94e2482b37595180e91)

Code cleanup in the actions.ViewLatest route handler

Based on feedback received after the feature was merged, use
`ctx.NotFound` and `ctx.ServerError`, and drop the use of the
unnecessary `ctx.Written()`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 74e42da5630f9148faaf6b03bf1ac5724fa86b25)
(cherry picked from commit f7535a1cef96ce0589f37907f88b024cd095d0ac)
(cherry picked from commit 1a90cd37c31a1b9c770d6d79a4663ed8d67845c0)
(cherry picked from commit d86d71340afd372e5b5083d5563c2f5b48d975e6)
---
 models/actions/run.go                   | 11 +++
 routers/web/repo/actions/view.go        | 14 ++++
 routers/web/web.go                      | 25 ++++---
 tests/integration/actions_route_test.go | 91 +++++++++++++++++++++++++
 4 files changed, 130 insertions(+), 11 deletions(-)
 create mode 100644 tests/integration/actions_route_test.go

diff --git a/models/actions/run.go b/models/actions/run.go
index 4656aa22a2..e84552682b 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -308,6 +308,17 @@ func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWork
 	return commiter.Commit()
 }
 
+func GetLatestRun(ctx context.Context, repoID int64) (*ActionRun, error) {
+	var run ActionRun
+	has, err := db.GetEngine(ctx).Where("repo_id=?", repoID).OrderBy("id DESC").Limit(1).Get(&run)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, fmt.Errorf("latest run: %w", util.ErrNotExist)
+	}
+	return &run, nil
+}
+
 func GetRunByID(ctx context.Context, id int64) (*ActionRun, error) {
 	var run ActionRun
 	has, err := db.GetEngine(ctx).Where("id=?", id).Get(&run)
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 1cdae32a32..b6984567e5 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -46,6 +46,20 @@ func View(ctx *context_module.Context) {
 	ctx.HTML(http.StatusOK, tplViewActions)
 }
 
+func ViewLatest(ctx *context_module.Context) {
+	run, err := actions_model.GetLatestRun(ctx, ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.NotFound("GetLatestRun", err)
+		return
+	}
+	err = run.LoadAttributes(ctx)
+	if err != nil {
+		ctx.ServerError("LoadAttributes", err)
+		return
+	}
+	ctx.Redirect(run.HTMLURL(), http.StatusTemporaryRedirect)
+}
+
 type ViewRequest struct {
 	LogCursors []struct {
 		Step     int   `json:"step"`
diff --git a/routers/web/web.go b/routers/web/web.go
index 5172d33d03..69540d1d64 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1345,22 +1345,25 @@ func registerRoutes(m *web.Route) {
 			m.Post("/disable", reqRepoAdmin, actions.DisableWorkflowFile)
 			m.Post("/enable", reqRepoAdmin, actions.EnableWorkflowFile)
 
-			m.Group("/runs/{run}", func() {
-				m.Combo("").
-					Get(actions.View).
-					Post(web.Bind(actions.ViewRequest{}), actions.ViewPost)
-				m.Group("/jobs/{job}", func() {
+			m.Group("/runs", func() {
+				m.Get("/latest", actions.ViewLatest)
+				m.Group("/{run}", func() {
 					m.Combo("").
 						Get(actions.View).
 						Post(web.Bind(actions.ViewRequest{}), actions.ViewPost)
+					m.Group("/jobs/{job}", func() {
+						m.Combo("").
+							Get(actions.View).
+							Post(web.Bind(actions.ViewRequest{}), actions.ViewPost)
+						m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
+						m.Get("/logs", actions.Logs)
+					})
+					m.Post("/cancel", reqRepoActionsWriter, actions.Cancel)
+					m.Post("/approve", reqRepoActionsWriter, actions.Approve)
+					m.Post("/artifacts", actions.ArtifactsView)
+					m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
 					m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
-					m.Get("/logs", actions.Logs)
 				})
-				m.Post("/cancel", reqRepoActionsWriter, actions.Cancel)
-				m.Post("/approve", reqRepoActionsWriter, actions.Approve)
-				m.Post("/artifacts", actions.ArtifactsView)
-				m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
-				m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
 			})
 		}, reqRepoActionsReader, actions.MustEnableActions)
 
diff --git a/tests/integration/actions_route_test.go b/tests/integration/actions_route_test.go
new file mode 100644
index 0000000000..b6ebacda8b
--- /dev/null
+++ b/tests/integration/actions_route_test.go
@@ -0,0 +1,91 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"testing"
+	"time"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
+	unit_model "code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
+	repo_service "code.gitea.io/gitea/services/repository"
+	files_service "code.gitea.io/gitea/services/repository/files"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActionsWebRouteLatestRun(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		// create the repo
+		repo, err := repo_service.CreateRepository(db.DefaultContext, user2, user2, repo_service.CreateRepoOptions{
+			Name:          "actions-latest",
+			Description:   "test /actions/runs/latest",
+			AutoInit:      true,
+			Gitignores:    "Go",
+			License:       "MIT",
+			Readme:        "Default",
+			DefaultBranch: "main",
+			IsPrivate:     false,
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, repo)
+
+		// enable actions
+		err = repo_model.UpdateRepositoryUnits(db.DefaultContext, repo, []repo_model.RepoUnit{{
+			RepoID: repo.ID,
+			Type:   unit_model.TypeActions,
+		}}, nil)
+		assert.NoError(t, err)
+
+		// add workflow file to the repo
+		addWorkflowToBaseResp, err := files_service.ChangeRepoFiles(git.DefaultContext, repo, user2, &files_service.ChangeRepoFilesOptions{
+			Files: []*files_service.ChangeRepoFile{
+				{
+					Operation:     "create",
+					TreePath:      ".gitea/workflows/pr.yml",
+					ContentReader: strings.NewReader("name: test\non:\n  push:\njobs:\n  test:\n    runs-on: ubuntu-latest\n    steps:\n      - run: echo helloworld\n"),
+				},
+			},
+			Message:   "add workflow",
+			OldBranch: "main",
+			NewBranch: "main",
+			Author: &files_service.IdentityOptions{
+				Name:  user2.Name,
+				Email: user2.Email,
+			},
+			Committer: &files_service.IdentityOptions{
+				Name:  user2.Name,
+				Email: user2.Email,
+			},
+			Dates: &files_service.CommitDateOptions{
+				Author:    time.Now(),
+				Committer: time.Now(),
+			},
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, addWorkflowToBaseResp)
+
+		// a run has been created
+		assert.Equal(t, 1, unittest.GetCount(t, &actions_model.ActionRun{RepoID: repo.ID}))
+
+		// Hit the `/actions/runs/latest` route
+		req := NewRequest(t, "GET", fmt.Sprintf("%s/actions/runs/latest", repo.HTMLURL()))
+		resp := MakeRequest(t, req, http.StatusTemporaryRedirect)
+
+		// Verify that it redirects to the run we just created
+		expectedURI := fmt.Sprintf("%s/actions/runs/1", repo.HTMLURL())
+		assert.Equal(t, expectedURI, resp.Header().Get("Location"))
+	})
+}

From 9ed4e685ebd1a0c32d5550fd96f4f912fbd02c18 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 9 Dec 2023 14:52:30 +0100
Subject: [PATCH 41/62] [GITEA] GetScheduledMergeByPullID may involve a system
 user

Refs: https://codeberg.org/forgejo/forgejo/issues/1897
(cherry picked from commit ddc3c2255840d347afd13c272d2695c68196d6ef)
(cherry picked from commit a7fe969b93ffe00aa66942d04e66ddb4221cb5ad)
(cherry picked from commit 62bda95774ae0840652daf29f557b61650745ac1)
(cherry picked from commit 8149a822c797eb6c9ea648757261c0aba8f8d548)
---
 models/pull/automerge.go              |   2 +-
 tests/integration/forgejo_git_test.go | 139 ++++++++++++++++++++++++++
 2 files changed, 140 insertions(+), 1 deletion(-)
 create mode 100644 tests/integration/forgejo_git_test.go

diff --git a/models/pull/automerge.go b/models/pull/automerge.go
index f69fcb60d1..f31159a8d8 100644
--- a/models/pull/automerge.go
+++ b/models/pull/automerge.go
@@ -74,7 +74,7 @@ func GetScheduledMergeByPullID(ctx context.Context, pullID int64) (bool, *AutoMe
 		return false, nil, err
 	}
 
-	doer, err := user_model.GetUserByID(ctx, scheduledPRM.DoerID)
+	doer, err := user_model.GetPossibleUserByID(ctx, scheduledPRM.DoerID)
 	if err != nil {
 		return false, nil, err
 	}
diff --git a/tests/integration/forgejo_git_test.go b/tests/integration/forgejo_git_test.go
new file mode 100644
index 0000000000..f81521d735
--- /dev/null
+++ b/tests/integration/forgejo_git_test.go
@@ -0,0 +1,139 @@
+// Copyright Earl Warren <contact@earl-warren.org>
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"testing"
+	"time"
+
+	actions_model "code.gitea.io/gitea/models/actions"
+	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/git"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActionsUserGit(t *testing.T) {
+	onGiteaRun(t, testActionsUserGit)
+}
+
+func NewActionsUserTestContext(t *testing.T, username, reponame string) APITestContext {
+	t.Helper()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{Name: reponame})
+	repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: username})
+
+	task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 47})
+	task.RepoID = repo.ID
+	task.OwnerID = repoOwner.ID
+	task.GenerateToken()
+
+	actions_model.UpdateTask(db.DefaultContext, task)
+	return APITestContext{
+		Session:  emptyTestSession(t),
+		Token:    task.Token,
+		Username: username,
+		Reponame: reponame,
+	}
+}
+
+func testActionsUserGit(t *testing.T, u *url.URL) {
+	username := "user2"
+	reponame := "repo1"
+	httpContext := NewAPITestContext(t, username, reponame, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+
+	for _, testCase := range []struct {
+		name string
+		head string
+		ctx  APITestContext
+	}{
+		{
+			name: "UserTypeIndividual",
+			head: "individualhead",
+			ctx:  httpContext,
+		},
+		{
+			name: "ActionsUser",
+			head: "actionsuserhead",
+			ctx:  NewActionsUserTestContext(t, username, reponame),
+		},
+	} {
+		t.Run("CreatePR "+testCase.name, func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			dstPath := t.TempDir()
+			u.Path = httpContext.GitPath()
+			u.User = url.UserPassword(httpContext.Username, userPassword)
+			t.Run("Clone", doGitClone(dstPath, u))
+			t.Run("PopulateBranch", doActionsUserPopulateBranch(dstPath, &httpContext, "master", testCase.head))
+			t.Run("CreatePR", doActionsUserPR(httpContext, testCase.ctx, "master", testCase.head))
+		})
+	}
+}
+
+func doActionsUserPopulateBranch(dstPath string, ctx *APITestContext, baseBranch, headBranch string) func(t *testing.T) {
+	return func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		t.Run("CreateHeadBranch", doGitCreateBranch(dstPath, headBranch))
+
+		t.Run("AddCommit", func(t *testing.T) {
+			err := os.WriteFile(path.Join(dstPath, "test_file"), []byte("## test content"), 0o666)
+			if !assert.NoError(t, err) {
+				return
+			}
+
+			err = git.AddChanges(dstPath, true)
+			assert.NoError(t, err)
+
+			err = git.CommitChanges(dstPath, git.CommitChangesOptions{
+				Committer: &git.Signature{
+					Email: "user2@example.com",
+					Name:  "user2",
+					When:  time.Now(),
+				},
+				Author: &git.Signature{
+					Email: "user2@example.com",
+					Name:  "user2",
+					When:  time.Now(),
+				},
+				Message: "Testing commit 1",
+			})
+			assert.NoError(t, err)
+		})
+
+		t.Run("Push", func(t *testing.T) {
+			err := git.NewCommand(git.DefaultContext, "push", "origin").AddDynamicArguments("HEAD:refs/heads/" + headBranch).Run(&git.RunOpts{Dir: dstPath})
+			assert.NoError(t, err)
+		})
+	}
+}
+
+func doActionsUserPR(ctx, doerCtx APITestContext, baseBranch, headBranch string) func(t *testing.T) {
+	return func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		var pr api.PullRequest
+		var err error
+
+		// Create a test pullrequest
+		t.Run("CreatePullRequest", func(t *testing.T) {
+			pr, err = doAPICreatePullRequest(doerCtx, ctx.Username, ctx.Reponame, baseBranch, headBranch)(t)
+			assert.NoError(t, err)
+		})
+		doerCtx.ExpectedCode = http.StatusCreated
+		t.Run("AutoMergePR", doAPIAutoMergePullRequest(doerCtx, ctx.Username, ctx.Reponame, pr.Index))
+		// Ensure the PR page works
+		t.Run("EnsureCanSeePull", doEnsureCanSeePull(ctx, pr))
+	}
+}

From 59f57a1bc9d97d76319a6e2d8b7a336a9a480bb4 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Wed, 13 Dec 2023 17:38:55 +0100
Subject: [PATCH 42/62] [GITEA] Revert "Make `user-content-* ` consistent with
 github (#26388)"

Refs: https://codeberg.org/forgejo/forgejo/issues/1943

This reverts commit d41aee1d1e1cb07ccf71330dd3414beff603e48a.

(cherry picked from commit d29ec91e91362b0657edee631f12cf1d55ba7a2c)
(cherry picked from commit a0f5a9750e81c5e3992365f61b8cb9ab99413139)
(cherry picked from commit 26bfc3bc14b7f07d11819b11251c716a8cf7eaf1)
---
 modules/markup/common/footnote.go      | 13 ++++--
 modules/markup/common/footnote_test.go | 60 --------------------------
 2 files changed, 9 insertions(+), 64 deletions(-)
 delete mode 100644 modules/markup/common/footnote_test.go

diff --git a/modules/markup/common/footnote.go b/modules/markup/common/footnote.go
index 4406803694..0e75e2adfd 100644
--- a/modules/markup/common/footnote.go
+++ b/modules/markup/common/footnote.go
@@ -29,12 +29,17 @@ func CleanValue(value []byte) []byte {
 	value = bytes.TrimSpace(value)
 	rs := bytes.Runes(value)
 	result := make([]rune, 0, len(rs))
+	needsDash := false
 	for _, r := range rs {
-		if unicode.IsLetter(r) || unicode.IsNumber(r) || r == '_' || r == '-' {
+		switch {
+		case unicode.IsLetter(r) || unicode.IsNumber(r) || r == '_':
+			if needsDash && len(result) > 0 {
+				result = append(result, '-')
+			}
+			needsDash = false
 			result = append(result, unicode.ToLower(r))
-		}
-		if unicode.IsSpace(r) {
-			result = append(result, '-')
+		default:
+			needsDash = true
 		}
 	}
 	return []byte(string(result))
diff --git a/modules/markup/common/footnote_test.go b/modules/markup/common/footnote_test.go
deleted file mode 100644
index 2327a7b14b..0000000000
--- a/modules/markup/common/footnote_test.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-package common
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestCleanValue(t *testing.T) {
-	tests := []struct {
-		param  string
-		expect string
-	}{
-		// Github behavior test cases
-		{"", ""},
-		{"test(0)", "test0"},
-		{"test!1", "test1"},
-		{"test:2", "test2"},
-		{"test*3", "test3"},
-		{"test！4", "test4"},
-		{"test：5", "test5"},
-		{"test*6", "test6"},
-		{"test：6 a", "test6-a"},
-		{"test：6 !b", "test6-b"},
-		{"test：ad # df", "testad--df"},
-		{"test：ad #23 df 2*/*", "testad-23-df-2"},
-		{"test：ad 23 df 2*/*", "testad-23-df-2"},
-		{"test：ad # 23 df 2*/*", "testad--23-df-2"},
-		{"Anchors in Markdown", "anchors-in-markdown"},
-		{"a_b_c", "a_b_c"},
-		{"a-b-c", "a-b-c"},
-		{"a-b-c----", "a-b-c----"},
-		{"test：6a", "test6a"},
-		{"test：a6", "testa6"},
-		{"tes a a   a  a", "tes-a-a---a--a"},
-		{"  tes a a   a  a  ", "tes-a-a---a--a"},
-		{"Header with \"double quotes\"", "header-with-double-quotes"},
-		{"Placeholder to force scrolling on link's click", "placeholder-to-force-scrolling-on-links-click"},
-		{"tes（）", "tes"},
-		{"tes（0）", "tes0"},
-		{"tes{0}", "tes0"},
-		{"tes[0]", "tes0"},
-		{"test【0】", "test0"},
-		{"tes…@a", "tesa"},
-		{"tes￥& a", "tes-a"},
-		{"tes= a", "tes-a"},
-		{"tes|a", "tesa"},
-		{"tes\\a", "tesa"},
-		{"tes/a", "tesa"},
-		{"a啊啊b", "a啊啊b"},
-		{"c🤔️🤔️d", "cd"},
-		{"a⚡a", "aa"},
-		{"e.~f", "ef"},
-	}
-	for _, test := range tests {
-		assert.Equal(t, []byte(test.expect), CleanValue([]byte(test.param)), test.param)
-	}
-}

From a0ad36f0ad5d99896d5319e9aca11d0cf0ce23ee Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Wed, 13 Dec 2023 17:42:34 +0100
Subject: [PATCH 43/62] [GITEA] test markdown CleanValue to prevent regression

It will determine how anchors are created and will break existing
links otherwise.

Adapted from Revert "Make `user-content-* ` consistent with github (#26388)

(cherry picked from commit 1666fba8f577e11ea234c8a671aeaab1290cfbaf)
(cherry picked from commit 48f38280e8b9f34d7c45399f05a670ef3460dac1)
(cherry picked from commit 03adb3a2b46081e183738a86ca3d54bf730de0bd)
---
 modules/markup/common/footnote_test.go | 62 ++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 modules/markup/common/footnote_test.go

diff --git a/modules/markup/common/footnote_test.go b/modules/markup/common/footnote_test.go
new file mode 100644
index 0000000000..62763c5622
--- /dev/null
+++ b/modules/markup/common/footnote_test.go
@@ -0,0 +1,62 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+package common
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCleanValue(t *testing.T) {
+	tests := []struct {
+		param  string
+		expect string
+	}{
+		// Github behavior test cases
+		{"", ""},
+		{"test.0.1", "test-0-1"},
+		{"test(0)", "test-0"},
+		{"test!1", "test-1"},
+		{"test:2", "test-2"},
+		{"test*3", "test-3"},
+		{"test！4", "test-4"},
+		{"test：5", "test-5"},
+		{"test*6", "test-6"},
+		{"test：6 a", "test-6-a"},
+		{"test：6 !b", "test-6-b"},
+		{"test：ad # df", "test-ad-df"},
+		{"test：ad #23 df 2*/*", "test-ad-23-df-2"},
+		{"test：ad 23 df 2*/*", "test-ad-23-df-2"},
+		{"test：ad # 23 df 2*/*", "test-ad-23-df-2"},
+		{"Anchors in Markdown", "anchors-in-markdown"},
+		{"a_b_c", "a_b_c"},
+		{"a-b-c", "a-b-c"},
+		{"a-b-c----", "a-b-c"},
+		{"test：6a", "test-6a"},
+		{"test：a6", "test-a6"},
+		{"tes a a   a  a", "tes-a-a-a-a"},
+		{"  tes a a   a  a  ", "tes-a-a-a-a"},
+		{"Header with \"double quotes\"", "header-with-double-quotes"},
+		{"Placeholder to force scrolling on link's click", "placeholder-to-force-scrolling-on-link-s-click"},
+		{"tes（）", "tes"},
+		{"tes（0）", "tes-0"},
+		{"tes{0}", "tes-0"},
+		{"tes[0]", "tes-0"},
+		{"test【0】", "test-0"},
+		{"tes…@a", "tes-a"},
+		{"tes￥& a", "tes-a"},
+		{"tes= a", "tes-a"},
+		{"tes|a", "tes-a"},
+		{"tes\\a", "tes-a"},
+		{"tes/a", "tes-a"},
+		{"a啊啊b", "a啊啊b"},
+		{"c🤔️🤔️d", "c-d"},
+		{"a⚡a", "a-a"},
+		{"e.~f", "e-f"},
+	}
+	for _, test := range tests {
+		assert.Equal(t, []byte(test.expect), CleanValue([]byte(test.param)), test.param)
+	}
+}

From 03989418a70d3445e0edada7fbe5a4151d7836b1 Mon Sep 17 00:00:00 2001
From: Gergely Nagy <forgejo@gergo.csillger.hu>
Date: Thu, 7 Dec 2023 12:57:16 +0100
Subject: [PATCH 44/62] [GITEA] Allow changing the email address before
 activation

During registration, one may be required to give their email address, to
be verified and activated later. However, if one makes a mistake, a
typo, they may end up with an account that cannot be activated due to
having a wrong email address.

They can still log in, but not change the email address, thus, no way to
activate it without help from an administrator.

To remedy this issue, lets allow changing the email address for logged
in, but not activated users.

This fixes gitea#17785.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit aaaece28e4c6a8980cef932e224e84933d7c9262)
(cherry picked from commit 639dafabec0a5c1f943b44ca02f72c5ba2fc5e10)
(cherry picked from commit d699c12cebea7dbbda950ae257a46d53c39f22ea)

[GITEA] Allow changing the email address before activation (squash) cache is always active

This needs to be revisited because the MailResendLimit is not enforced
and turns out to not be tested.

See e7cb8da2a8 * Always enable caches (#28527)

(cherry picked from commit 43ded8ee30ab5c7a40a456600cdaa8a0fbdccec2)

Rate limit pre-activation email change separately

Changing the email address before any email address is activated should
be subject to a different rate limit than the normal activation email
resending. If there's only one rate limit for both, then if a newly
signed up quickly discovers they gave a wrong email address, they'd have
to wait three minutes to change it.

With the two separate limits, they don't - but they'll have to wait
three minutes before they can change the email address again.

The downside of this setup is that a malicious actor can alternate
between resending and changing the email address (to something like
`user+$idx@domain`, delivered to the same inbox) to effectively halving
the rate limit. I do not think there's a better solution, and this feels
like such a small attack surface that I'd deem it acceptable.

The way the code works after this change is that `ActivatePost` will now
check the `MailChangeLimit_user` key rather than `MailResendLimit_user`,
and if we're within the limit, it will set `MailChangedJustNow_user`. The
`Activate` method - which sends the activation email, whether it is a
normal resend, or one following an email change - will check
`MailChangedJustNow_user`, and if it is set, it will check the rate
limit against `MailChangedLimit_user`, otherwise against
`MailResendLimit_user`, and then will delete the
`MailChangedJustNow_user` key from the cache.

Fixes #2040.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e35d2af2e56f4ecb3a4f6d1109d02c8aa1a6d182)
---
 models/user/email_address.go      | 77 +++++++++++++++++++++----------
 models/user/email_address_test.go | 22 +++++++++
 options/locale/locale_en-US.ini   |  5 +-
 routers/web/auth/auth.go          | 50 +++++++++++++++++++-
 templates/user/auth/activate.tmpl | 10 ++++
 tests/integration/signup_test.go  | 76 ++++++++++++++++++++++++++++++
 6 files changed, 212 insertions(+), 28 deletions(-)

diff --git a/models/user/email_address.go b/models/user/email_address.go
index b795a7e94b..986f12e900 100644
--- a/models/user/email_address.go
+++ b/models/user/email_address.go
@@ -375,31 +375,7 @@ func updateActivation(ctx context.Context, email *EmailAddress, activate bool) e
 	return UpdateUserCols(ctx, user, "rands")
 }
 
-// MakeEmailPrimary sets primary email address of given user.
-func MakeEmailPrimary(ctx context.Context, email *EmailAddress) error {
-	has, err := db.GetEngine(ctx).Get(email)
-	if err != nil {
-		return err
-	} else if !has {
-		return ErrEmailAddressNotExist{Email: email.Email}
-	}
-
-	if !email.IsActivated {
-		return ErrEmailNotActivated
-	}
-
-	user := &User{}
-	has, err = db.GetEngine(ctx).ID(email.UID).Get(user)
-	if err != nil {
-		return err
-	} else if !has {
-		return ErrUserNotExist{
-			UID:   email.UID,
-			Name:  "",
-			KeyID: 0,
-		}
-	}
-
+func makeEmailPrimary(ctx context.Context, user *User, email *EmailAddress) error {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return err
@@ -429,6 +405,57 @@ func MakeEmailPrimary(ctx context.Context, email *EmailAddress) error {
 	return committer.Commit()
 }
 
+// ReplaceInactivePrimaryEmail replaces the primary email of a given user, even if the primary is not yet activated.
+func ReplaceInactivePrimaryEmail(ctx context.Context, oldEmail string, email *EmailAddress) error {
+	user := &User{}
+	has, err := db.GetEngine(ctx).ID(email.UID).Get(user)
+	if err != nil {
+		return err
+	} else if !has {
+		return ErrUserNotExist{
+			UID:   email.UID,
+			Name:  "",
+			KeyID: 0,
+		}
+	}
+
+	err = AddEmailAddress(ctx, email)
+	if err != nil {
+		return err
+	}
+
+	err = makeEmailPrimary(ctx, user, email)
+	if err != nil {
+		return err
+	}
+
+	return DeleteEmailAddress(ctx, &EmailAddress{UID: email.UID, Email: oldEmail})
+}
+
+// MakeEmailPrimary sets primary email address of given user.
+func MakeEmailPrimary(ctx context.Context, email *EmailAddress) error {
+	has, err := db.GetEngine(ctx).Get(email)
+	if err != nil {
+		return err
+	} else if !has {
+		return ErrEmailAddressNotExist{Email: email.Email}
+	}
+
+	if !email.IsActivated {
+		return ErrEmailNotActivated
+	}
+
+	user := &User{}
+	has, err = db.GetEngine(ctx).ID(email.UID).Get(user)
+	if err != nil {
+		return err
+	} else if !has {
+		return ErrUserNotExist{UID: email.UID}
+	}
+
+	return makeEmailPrimary(ctx, user, email)
+}
+
 // VerifyActiveEmailCode verifies active email code when active account
 func VerifyActiveEmailCode(ctx context.Context, code, email string) *EmailAddress {
 	minutes := setting.Service.ActiveCodeLives
diff --git a/models/user/email_address_test.go b/models/user/email_address_test.go
index b20797d700..c2c0378061 100644
--- a/models/user/email_address_test.go
+++ b/models/user/email_address_test.go
@@ -167,6 +167,28 @@ func TestMakeEmailPrimary(t *testing.T) {
 	assert.Equal(t, "user101@example.com", user.Email)
 }
 
+func TestReplaceInactivePrimaryEmail(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	email := &user_model.EmailAddress{
+		Email: "user9999999@example.com",
+		UID:   9999999,
+	}
+	err := user_model.ReplaceInactivePrimaryEmail(db.DefaultContext, "user10@example.com", email)
+	assert.Error(t, err)
+	assert.True(t, user_model.IsErrUserNotExist(err))
+
+	email = &user_model.EmailAddress{
+		Email: "user201@example.com",
+		UID:   10,
+	}
+	err = user_model.ReplaceInactivePrimaryEmail(db.DefaultContext, "user10@example.com", email)
+	assert.NoError(t, err)
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 10})
+	assert.Equal(t, "user201@example.com", user.Email)
+}
+
 func TestActivate(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index f57474fe24..a5c82bfcf6 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -367,7 +367,7 @@ forgot_password_title= Forgot Password
 forgot_password = Forgot password?
 sign_up_now = Need an account? Register now.
 sign_up_successful = Account was successfully created. Welcome!
-confirmation_mail_sent_prompt = A new confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the registration process.
+confirmation_mail_sent_prompt = A new confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the registration process. If the email is incorrect, you can log in, and request another confirmation email to be sent to a different address.
 must_change_password = Update your password
 allow_password_change = Require user to change password (recommended)
 reset_password_mail_sent_prompt = A confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the account recovery process.
@@ -377,6 +377,9 @@ prohibit_login = Sign In Prohibited
 prohibit_login_desc = Your account is prohibited from signing in, please contact your site administrator.
 resent_limit_prompt = You have already requested an activation email recently. Please wait 3 minutes and try again.
 has_unconfirmed_mail = Hi %s, you have an unconfirmed email address (<b>%s</b>). If you haven't received a confirmation email or need to resend a new one, please click on the button below.
+change_unconfirmed_email_summary = Change the email address activation mail is sent to.
+change_unconfirmed_email = If you have given the wrong email address during registration, you can change it below, and a confirmation will be sent to the new address instead.
+change_unconfirmed_email_error = Unable to change the email address: %v
 resend_mail = Click here to resend your activation email
 email_not_associate = The email address is not associated with any account.
 send_reset_mail = Send Account Recovery Email
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index 536c9b2087..fe3d9782bb 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -647,13 +647,22 @@ func Activate(ctx *context.Context) {
 		}
 		// Resend confirmation email.
 		if setting.Service.RegisterEmailConfirm {
-			if ctx.Cache.IsExist("MailResendLimit_" + ctx.Doer.LowerName) {
+			var cacheKey string
+			if ctx.Cache.IsExist("MailChangedJustNow_" + ctx.Doer.LowerName) {
+				cacheKey = "MailChangedLimit_"
+				if err := ctx.Cache.Delete("MailChangedJustNow_" + ctx.Doer.LowerName); err != nil {
+					log.Error("Delete cache(MailChangedJustNow) fail: %v", err)
+				}
+			} else {
+				cacheKey = "MailResendLimit_"
+			}
+			if ctx.Cache.IsExist(cacheKey + ctx.Doer.LowerName) {
 				ctx.Data["ResendLimited"] = true
 			} else {
 				ctx.Data["ActiveCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale)
 				mailer.SendActivateAccountMail(ctx.Locale, ctx.Doer)
 
-				if err := ctx.Cache.Put("MailResendLimit_"+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {
+				if err := ctx.Cache.Put(cacheKey+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {
 					log.Error("Set cache(MailResendLimit) fail: %v", err)
 				}
 			}
@@ -687,6 +696,43 @@ func Activate(ctx *context.Context) {
 func ActivatePost(ctx *context.Context) {
 	code := ctx.FormString("code")
 	if len(code) == 0 {
+		email := ctx.FormString("email")
+		if len(email) > 0 {
+			ctx.Data["IsActivatePage"] = true
+			if ctx.Doer == nil || ctx.Doer.IsActive {
+				ctx.NotFound("invalid user", nil)
+				return
+			}
+			// Change the primary email
+			if setting.Service.RegisterEmailConfirm {
+				if ctx.Cache.IsExist("MailChangeLimit_" + ctx.Doer.LowerName) {
+					ctx.Data["ResendLimited"] = true
+				} else {
+					ctx.Data["ActiveCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale)
+					err := user_model.ReplaceInactivePrimaryEmail(ctx, ctx.Doer.Email, &user_model.EmailAddress{
+						UID:   ctx.Doer.ID,
+						Email: email,
+					})
+					if err != nil {
+						ctx.Data["IsActivatePage"] = false
+						log.Error("Couldn't replace inactive primary email of user %d: %v", ctx.Doer.ID, err)
+						ctx.RenderWithErr(ctx.Tr("auth.change_unconfirmed_email_error", err), TplActivate, nil)
+						return
+					}
+					if err := ctx.Cache.Put("MailChangeLimit_"+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {
+						log.Error("Set cache(MailChangeLimit) fail: %v", err)
+					}
+					if err := ctx.Cache.Put("MailChangedJustNow_"+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {
+						log.Error("Set cache(MailChangedJustNow) fail: %v", err)
+					}
+
+					// Confirmation mail will be re-sent after the redirect to `/user/activate` below.
+				}
+			} else {
+				ctx.Data["ServiceNotEnabled"] = true
+			}
+		}
+
 		ctx.Redirect(setting.AppSubURL + "/user/activate")
 		return
 	}
diff --git a/templates/user/auth/activate.tmpl b/templates/user/auth/activate.tmpl
index 1b06719753..d8a737e996 100644
--- a/templates/user/auth/activate.tmpl
+++ b/templates/user/auth/activate.tmpl
@@ -39,6 +39,16 @@
 						{{else}}
 							<p>{{ctx.Locale.Tr "auth.has_unconfirmed_mail" (.SignedUser.Name|Escape) (.SignedUser.Email|Escape) | Str2html}}</p>
 							<div class="divider"></div>
+							<details class="inline field">
+								<summary>{{ctx.Locale.Tr "auth.change_unconfirmed_email_summary"}}</summary>
+
+								<p>{{ctx.Locale.Tr "auth.change_unconfirmed_email"}}</p>
+								<div class="inline field">
+									<label for="email">{{ctx.Locale.Tr "email"}}</label>
+									<input id="email" name="email" type="email" autocomplete="on">
+								</div>
+							</details>
+
 							<div class="text right">
 								<button class="ui primary button">{{ctx.Locale.Tr "auth.resend_mail"}}</button>
 							</div>
diff --git a/tests/integration/signup_test.go b/tests/integration/signup_test.go
index f983f98ad8..8b0013419f 100644
--- a/tests/integration/signup_test.go
+++ b/tests/integration/signup_test.go
@@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/tests"
 
@@ -91,3 +92,78 @@ func TestSignupEmail(t *testing.T) {
 		}
 	}
 }
+
+func TestSignupEmailChangeForInactiveUser(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// Disable the captcha & enable email confirmation for registrations
+	defer test.MockVariableValue(&setting.Service.EnableCaptcha, false)()
+	defer test.MockVariableValue(&setting.Service.RegisterEmailConfirm, true)()
+
+	// Create user
+	req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
+		"user_name": "exampleUserX",
+		"email":     "wrong-email@example.com",
+		"password":  "examplePassword!1",
+		"retype":    "examplePassword!1",
+	})
+	MakeRequest(t, req, http.StatusOK)
+
+	session := loginUserWithPassword(t, "exampleUserX", "examplePassword!1")
+
+	// Verify that the initial e-mail is the wrong one.
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "exampleUserX"})
+	assert.Equal(t, "wrong-email@example.com", user.Email)
+
+	// Change the email address
+	req = NewRequestWithValues(t, "POST", "/user/activate", map[string]string{
+		"email": "fine-email@example.com",
+	})
+	session.MakeRequest(t, req, http.StatusSeeOther)
+
+	// Verify that the email was updated
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "exampleUserX"})
+	assert.Equal(t, "fine-email@example.com", user.Email)
+
+	// Try to change the email again
+	req = NewRequestWithValues(t, "POST", "/user/activate", map[string]string{
+		"email": "wrong-again@example.com",
+	})
+	session.MakeRequest(t, req, http.StatusSeeOther)
+	// Verify that the email was NOT updated
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "exampleUserX"})
+	assert.Equal(t, "fine-email@example.com", user.Email)
+}
+
+func TestSignupEmailChangeForActiveUser(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// Disable the captcha & enable email confirmation for registrations
+	defer test.MockVariableValue(&setting.Service.EnableCaptcha, false)()
+	defer test.MockVariableValue(&setting.Service.RegisterEmailConfirm, false)()
+
+	// Create user
+	req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
+		"user_name": "exampleUserY",
+		"email":     "wrong-email-2@example.com",
+		"password":  "examplePassword!1",
+		"retype":    "examplePassword!1",
+	})
+	MakeRequest(t, req, http.StatusSeeOther)
+
+	session := loginUserWithPassword(t, "exampleUserY", "examplePassword!1")
+
+	// Verify that the initial e-mail is the wrong one.
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "exampleUserY"})
+	assert.Equal(t, "wrong-email-2@example.com", user.Email)
+
+	// Changing the email for a validated address is not available
+	req = NewRequestWithValues(t, "POST", "/user/activate", map[string]string{
+		"email": "fine-email-2@example.com",
+	})
+	session.MakeRequest(t, req, http.StatusNotFound)
+
+	// Verify that the email remained unchanged
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "exampleUserY"})
+	assert.Equal(t, "wrong-email-2@example.com", user.Email)
+}

From 2cdaf1083617acbeec558deeb657a1375cbb3904 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 18 Dec 2023 12:40:05 +0100
Subject: [PATCH 45/62] [GITEA] Add footnote testing

- This adds coverage to the most common and the edge cases of what the
footnote implementation should be capable of. This was partly done to
ensure no hidden surprises when changing the implementation, as markdown
rendering is one of the more important features of Forgejo.

(cherry picked from commit 16ecdb41705332843921af8d58c1c9a242add95b)
(cherry picked from commit 19dc5ef5e5808abe8a5f85d3eaca3317865595ad)
(cherry picked from commit d5955efc0a463164c0b3a75b6621974af22ea47f)
---
 modules/markup/markdown/markdown_test.go | 198 +++++++++++++++++++++++
 1 file changed, 198 insertions(+)

diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index caffe0ea43..77ed126afa 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -568,3 +568,201 @@ foo: bar
 		assert.Equal(t, test.expected, res, "Unexpected result in testcase %q", test.testcase)
 	}
 }
+
+func TestFootnote(t *testing.T) {
+	testcases := []struct {
+		testcase string
+		expected string
+	}{
+		{
+			`Citation needed[^0].
+[^0]: Source`,
+			`<p>Citation needed<sup id="fnref:user-content-0"><a href="#fn:user-content-0" rel="nofollow">1</a></sup>.</p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-0">
+<p>Source <a href="#fnref:user-content-0" rel="nofollow">↩︎</a></p>
+</li>
+</ol>
+</div>
+`,
+		},
+		{
+			`Citation needed[^0]`,
+			`<p>Citation needed[^0]</p>
+`,
+		},
+		{
+			`Citation needed[^1], Citation needed twice[^3]
+[^3]: Source`,
+			`<p>Citation needed[^1], Citation needed twice<sup id="fnref:user-content-3"><a href="#fn:user-content-3" rel="nofollow">1</a></sup></p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-3">
+<p>Source <a href="#fnref:user-content-3" rel="nofollow">↩︎</a></p>
+</li>
+</ol>
+</div>
+`,
+		},
+		{
+			`Citation needed[^0]
+[^1]: Source`,
+			`<p>Citation needed[^0]</p>
+`,
+		},
+		{
+			`Citation needed[^0]
+[^0]: Source 1
+[^0]: Source 2`,
+			`<p>Citation needed<sup id="fnref:user-content-0"><a href="#fn:user-content-0" rel="nofollow">1</a></sup></p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-0">
+<p>Source 1 <a href="#fnref:user-content-0" rel="nofollow">↩︎</a></p>
+</li>
+</ol>
+</div>
+`,
+		},
+		{
+			`Citation needed![^0]
+[^0]: Source`,
+			`<p>Citation needed<sup id="fnref:user-content-0"><a href="#fn:user-content-0" rel="nofollow">1</a></sup></p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-0">
+<p>Source <a href="#fnref:user-content-0" rel="nofollow">↩︎</a></p>
+</li>
+</ol>
+</div>
+`,
+		},
+		{
+			`Trigger [^`,
+			`<p>Trigger [^</p>
+`,
+		},
+		{
+			`Trigger 2 [^0`,
+			`<p>Trigger 2 [^0</p>
+`,
+		},
+		{
+			`Citation needed[^0]
+[^0]: Source with citation needed[^1]
+[^1]: Source`,
+			`<p>Citation needed<sup id="fnref:user-content-0"><a href="#fn:user-content-0" rel="nofollow">1</a></sup></p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-0">
+<p>Source with citation needed<sup id="fnref:user-content-1"><a href="#fn:user-content-1" rel="nofollow">2</a></sup> <a href="#fnref:user-content-0" rel="nofollow">↩︎</a></p>
+</li>
+<li id="fn:user-content-1">
+<p>Source <a href="#fnref:user-content-1" rel="nofollow">↩︎</a></p>
+</li>
+</ol>
+</div>
+`,
+		},
+		{
+			`Citation needed[^#]
+[^#]: Source`,
+			`<p>Citation needed<sup id="fnref:user-content-1"><a href="#fn:user-content-1" rel="nofollow">1</a></sup></p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-1">
+<p>Source <a href="#fnref:user-content-1" rel="nofollow">↩︎</a></p>
+</li>
+</ol>
+</div>
+`,
+		},
+		{
+			`Citation needed[^0]
+    [^0]: Source`,
+			`<p>Citation needed[^0]<br/>
+[^0]: Source</p>
+`,
+		},
+		{
+			`[^0]: Source
+
+Citation needed[^0].`,
+			`<p>Citation needed<sup id="fnref:user-content-0"><a href="#fn:user-content-0" rel="nofollow">1</a></sup>.</p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-0">
+<p>Source <a href="#fnref:user-content-0" rel="nofollow">↩︎</a></p>
+</li>
+</ol>
+</div>
+`,
+		},
+		{
+			`Citation needed[^]
+[^]: Source`,
+			`<p>Citation needed[^]<br/>
+[^]: Source</p>
+`,
+		},
+		{
+			`Citation needed[^0]
+[^0] Source`,
+			`<p>Citation needed[^0]<br/>
+[^0] Source</p>
+`,
+		},
+		{
+			`Citation needed[^0]
+[^0 Source`,
+			`<p>Citation needed[^0]<br/>
+[^0 Source</p>
+`,
+		},
+		{
+			`Citation needed[^0] [^0]: Source`,
+			`<p>Citation needed[^0] [^0]: Source</p>
+`,
+		},
+		{
+			`Citation needed[^Source here 0 # 9-3]
+[^Source here 0 # 9-3]: Source`,
+			`<p>Citation needed<sup id="fnref:user-content-source-here-0-9-3"><a href="#fn:user-content-source-here-0-9-3" rel="nofollow">1</a></sup></p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-source-here-0-9-3">
+<p>Source <a href="#fnref:user-content-source-here-0-9-3" rel="nofollow">↩︎</a></p>
+</li>
+</ol>
+</div>
+`,
+		},
+		{
+			`Citation needed[^0]
+[^0]:`,
+			`<p>Citation needed<sup id="fnref:user-content-0"><a href="#fn:user-content-0" rel="nofollow">1</a></sup></p>
+<div>
+<hr/>
+<ol>
+<li id="fn:user-content-0">
+ <a href="#fnref:user-content-0" rel="nofollow">↩︎</a></li>
+</ol>
+</div>
+`,
+		},
+	}
+	for _, test := range testcases {
+		res, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test.testcase)
+		assert.NoError(t, err, "Unexpected error in testcase: %q", test.testcase)
+		assert.Equal(t, test.expected, res, "Unexpected result in testcase %q", test.testcase)
+	}
+}

From 2262654cd75f2ef49ef5d8b6e3c534460c2742a9 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Mon, 18 Dec 2023 17:05:50 +0100
Subject: [PATCH 46/62] [GITEA] Allow release creation on commit (squash)
 s/SHAFullLength/FullLength/

(cherry picked from commit 9d549c0d33b6a16685db6eeff77734e5d60ae96e)
(cherry picked from commit 8b2af5f040b968dd40579be110b734b4baa822c7)
---
 routers/web/repo/release.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/routers/web/repo/release.go b/routers/web/repo/release.go
index 9dee7c7d4f..61eeb53c37 100644
--- a/routers/web/repo/release.go
+++ b/routers/web/repo/release.go
@@ -391,9 +391,14 @@ func NewReleasePost(ctx *context.Context) {
 		return
 	}
 
+	objectFormat, err := ctx.Repo.GitRepo.GetObjectFormat()
+	if err != nil {
+		ctx.ServerError("GetCommit", err)
+		return
+	}
 	// form.Target can be a branch name or a full commitID.
 	if !ctx.Repo.GitRepo.IsBranchExist(form.Target) &&
-		len(form.Target) == git.SHAFullLength && !ctx.Repo.GitRepo.IsCommitExist(form.Target) {
+		len(form.Target) == objectFormat.FullLength() && !ctx.Repo.GitRepo.IsCommitExist(form.Target) {
 		ctx.RenderWithErr(ctx.Tr("form.target_branch_not_exist"), tplReleaseNew, &form)
 		return
 	}

From 37e21a0c174bd9a040d31170abf0ac9249f54c5b Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Mon, 18 Dec 2023 19:30:08 +0100
Subject: [PATCH 47/62] [GITEA] Revert "Deprecate query string auth tokens
 (#28390)"

It shows warnings although the setting is not set, this will surely be
fixed later but there is no sense in spaming the users right now. This
revert can be discarded when another fix lands in v1.21.

su -c "forgejo admin user generate-access-token -u root --raw --scopes 'all,sudo'" git
2023/12/12 15:54:45 .../setting/security.go:166:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.

This reverts commit 4e879fed90665331d2a57e5abee9e0f02372c470.

Conflicts:
	routers/api/v1/api.go
	trivial context conflict

(cherry picked from commit dec6f8055907c39450ae62d34fc5f1a98082fc85)
(cherry picked from commit 807b6d9066cb04d9c70e471dec8ceb7be4016ac7)
---
 custom/conf/app.example.ini    |  5 -----
 modules/setting/security.go    |  8 --------
 routers/api/v1/api.go          | 11 -----------
 services/auth/oauth2.go        | 20 +++++++-------------
 templates/swagger/v1_json.tmpl |  2 --
 5 files changed, 7 insertions(+), 39 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index f9ef78be9e..73108ab84e 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -496,11 +496,6 @@ INTERNAL_TOKEN=
 ;; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations.
 ;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
 ;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
-;;
-;; Reject API tokens sent in URL query string (Accept Header-based API tokens only). This avoids security vulnerabilities
-;; stemming from cached/logged plain-text API tokens.
-;; In future releases, this will become the default behavior
-;DISABLE_QUERY_AUTH_TOKEN = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/modules/setting/security.go b/modules/setting/security.go
index 4adfe20635..92caa05fad 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -34,7 +34,6 @@ var (
 	PasswordHashAlgo                   string
 	PasswordCheckPwn                   bool
 	SuccessfulTokensCacheSize          int
-	DisableQueryAuthToken              bool
 	CSRFCookieName                     = "_csrf"
 	CSRFCookieHTTPOnly                 = true
 )
@@ -158,11 +157,4 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 			PasswordComplexity = append(PasswordComplexity, name)
 		}
 	}
-
-	// TODO: default value should be true in future releases
-	DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)
-
-	if !DisableQueryAuthToken {
-		log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
-	}
 }
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 7ec74ab70e..c182a474c5 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -35,12 +35,10 @@
 //	     type: apiKey
 //	     name: token
 //	     in: query
-//	     description: This authentication option is deprecated for removal in Gitea 1.23. Please use AuthorizationHeaderToken instead.
 //	AccessToken:
 //	     type: apiKey
 //	     name: access_token
 //	     in: query
-//	     description: This authentication option is deprecated for removal in Gitea 1.23. Please use AuthorizationHeaderToken instead.
 //	AuthorizationHeaderToken:
 //	     type: apiKey
 //	     name: Authorization
@@ -808,13 +806,6 @@ func individualPermsChecker(ctx *context.APIContext) {
 	}
 }
 
-// check for and warn against deprecated authentication options
-func checkDeprecatedAuthMethods(ctx *context.APIContext) {
-	if ctx.FormString("token") != "" || ctx.FormString("access_token") != "" {
-		ctx.Resp.Header().Set("Warning", "token and access_token API authentication is deprecated and will be removed in gitea 1.23. Please use AuthorizationHeaderToken instead. Existing queries will continue to work but without authorization.")
-	}
-}
-
 // Routes registers all v1 APIs routes to web application.
 func Routes() *web.Route {
 	m := web.NewRoute()
@@ -831,8 +822,6 @@ func Routes() *web.Route {
 	}
 	m.Use(context.APIContexter())
 
-	m.Use(checkDeprecatedAuthMethods)
-
 	// Get user from session if logged in.
 	m.Use(apiAuth(buildAuthGroup()))
 
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index f2f7858a85..08a2a05539 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -14,7 +14,6 @@ import (
 	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/web/middleware"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
@@ -63,19 +62,14 @@ func (o *OAuth2) Name() string {
 // representing whether the token exists or not
 func parseToken(req *http.Request) (string, bool) {
 	_ = req.ParseForm()
-	if !setting.DisableQueryAuthToken {
-		// Check token.
-		if token := req.Form.Get("token"); token != "" {
-			return token, true
-		}
-		// Check access token.
-		if token := req.Form.Get("access_token"); token != "" {
-			return token, true
-		}
-	} else if req.Form.Get("token") != "" || req.Form.Get("access_token") != "" {
-		log.Warn("API token sent in query string but DISABLE_QUERY_AUTH_TOKEN=true")
+	// Check token.
+	if token := req.Form.Get("token"); token != "" {
+		return token, true
+	}
+	// Check access token.
+	if token := req.Form.Get("access_token"); token != "" {
+		return token, true
 	}
-
 	// check header token
 	if auHead := req.Header.Get("Authorization"); auHead != "" {
 		auths := strings.Fields(auHead)
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 4d7bf00549..d7332d195d 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -24206,7 +24206,6 @@
   },
   "securityDefinitions": {
     "AccessToken": {
-      "description": "This authentication option is deprecated for removal in Gitea 1.23. Please use AuthorizationHeaderToken instead.",
       "type": "apiKey",
       "name": "access_token",
       "in": "query"
@@ -24239,7 +24238,6 @@
       "in": "header"
     },
     "Token": {
-      "description": "This authentication option is deprecated for removal in Gitea 1.23. Please use AuthorizationHeaderToken instead.",
       "type": "apiKey",
       "name": "token",
       "in": "query"

From 4ff3474fc05529367d8d9e7de988166bcf924bd7 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Wed, 13 Dec 2023 15:21:17 +0100
Subject: [PATCH 48/62] [GITEA] the ref of a scheduled action is always the
 default branch

Since a scheduled action is only run from the default branch, it
cannot be anything else.

Refs: https://codeberg.org/forgejo/forgejo/issues/1926
(cherry picked from commit eff0822856fd727915f6e6493a80844cffd7b02a)
(cherry picked from commit 2b1aa50bd14510d5eaf8db2c98ff4c604abe69e7)

Conflicts:
	services/actions/notifier_helper.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
---
 services/actions/notifier_helper.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 705661ae7a..4e774952ac 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -449,7 +449,7 @@ func handleSchedules(
 			OwnerID:       input.Repo.OwnerID,
 			WorkflowID:    dwf.EntryName,
 			TriggerUserID: input.Doer.ID,
-			Ref:           ref,
+			Ref:           input.Repo.DefaultBranch,
 			CommitSHA:     commit.ID.String(),
 			Event:         input.Event,
 			EventPayload:  string(p),

From 4d0a1e0637450865c7bbac69e42d92d63b95149c Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 18 Dec 2023 18:14:04 +0100
Subject: [PATCH 49/62] [GITEA] Fix NPE in `UsernameSubRoute`

- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df8390bc1f017006caaf4d4c69825880

(cherry picked from commit f0e06962786ef8c417b0c6f07940c1909d3b91ba)
(cherry picked from commit 75d806690875a4fc38eb1e3c904096be34657011)
---
 routers/web/user/home.go       |  5 ++++-
 tests/integration/user_test.go | 29 +++++++++++++++++++----------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index 204d4adbd4..ddb74443f1 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -710,12 +710,15 @@ func UsernameSubRoute(ctx *context.Context) {
 	reloadParam := func(suffix string) (success bool) {
 		ctx.SetParams("username", strings.TrimSuffix(username, suffix))
 		context_service.UserAssignmentWeb()(ctx)
+		if ctx.Written() {
+			return false
+		}
 		// check view permissions
 		if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
 			ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
 			return false
 		}
-		return !ctx.Written()
+		return true
 	}
 	switch {
 	case strings.HasSuffix(username, ".png"):
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index d8e4c64e85..0defa109ae 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -243,16 +243,25 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) {
 }
 
 func TestGetUserRss(t *testing.T) {
-	user34 := "the_34-user.with.all.allowedChars"
-	req := NewRequestf(t, "GET", "/%s.rss", user34)
-	resp := MakeRequest(t, req, http.StatusOK)
-	if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) {
-		rssDoc := NewHTMLParser(t, resp.Body).Find("channel")
-		title, _ := rssDoc.ChildrenFiltered("title").Html()
-		assert.EqualValues(t, "Feed of &#34;the_1-user.with.all.allowedChars&#34;", title)
-		description, _ := rssDoc.ChildrenFiltered("description").Html()
-		assert.EqualValues(t, "&lt;p dir=&#34;auto&#34;&gt;some &lt;a href=&#34;https://commonmark.org/&#34; rel=&#34;nofollow&#34;&gt;commonmark&lt;/a&gt;!&lt;/p&gt;\n", description)
-	}
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Normal", func(t *testing.T) {
+		user34 := "the_34-user.with.all.allowedChars"
+		req := NewRequestf(t, "GET", "/%s.rss", user34)
+		resp := MakeRequest(t, req, http.StatusOK)
+		if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) {
+			rssDoc := NewHTMLParser(t, resp.Body).Find("channel")
+			title, _ := rssDoc.ChildrenFiltered("title").Html()
+			assert.EqualValues(t, "Feed of &#34;the_1-user.with.all.allowedChars&#34;", title)
+			description, _ := rssDoc.ChildrenFiltered("description").Html()
+			assert.EqualValues(t, "&lt;p dir=&#34;auto&#34;&gt;some &lt;a href=&#34;https://commonmark.org/&#34; rel=&#34;nofollow&#34;&gt;commonmark&lt;/a&gt;!&lt;/p&gt;\n", description)
+		}
+	})
+	t.Run("Non-existent user", func(t *testing.T) {
+		session := loginUser(t, "user2")
+		req := NewRequestf(t, "GET", "/non-existent-user.rss")
+		session.MakeRequest(t, req, http.StatusNotFound)
+	})
 }
 
 func TestListStopWatches(t *testing.T) {

From bb83604fa2e6f29d995378c3daf5037a468c0858 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 23 Dec 2023 12:14:02 +0100
Subject: [PATCH 50/62] [ACTIONS] on.schedule: the event is always "schedule"

handleSchedules() is called every time an event is received and will
check the content of the main branch to (re)create scheduled events.
There is no reason why intput.Event will be relevant when the schedule
workflow runs.

(cherry picked from commit 9a712bb276f2103cd7bccc4bb07b6cc669537e38)
(cherry picked from commit 41af36da818eb1f4ceb18c0447f2b6e099d4e04c)
---
 modules/actions/github.go           | 4 ++++
 modules/actions/workflows.go        | 1 +
 modules/actions/workflows_test.go   | 7 +++++++
 modules/webhook/type.go             | 1 +
 services/actions/notifier_helper.go | 2 +-
 services/actions/schedule_tasks.go  | 1 +
 6 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/modules/actions/github.go b/modules/actions/github.go
index 71f81a8903..a988b2a124 100644
--- a/modules/actions/github.go
+++ b/modules/actions/github.go
@@ -22,6 +22,7 @@ const (
 	GithubEventRelease                  = "release"
 	GithubEventPullRequestComment       = "pull_request_comment"
 	GithubEventGollum                   = "gollum"
+	GithubEventSchedule                 = "schedule"
 )
 
 // canGithubEventMatch check if the input Github event can match any Gitea event.
@@ -34,6 +35,9 @@ func canGithubEventMatch(eventName string, triggedEvent webhook_module.HookEvent
 	case GithubEventGollum:
 		return triggedEvent == webhook_module.HookEventWiki
 
+	case GithubEventSchedule:
+		return triggedEvent == webhook_module.HookEventSchedule
+
 	case GithubEventIssues:
 		switch triggedEvent {
 		case webhook_module.HookEventIssues,
diff --git a/modules/actions/workflows.go b/modules/actions/workflows.go
index c49cf3193a..00d83e06d7 100644
--- a/modules/actions/workflows.go
+++ b/modules/actions/workflows.go
@@ -153,6 +153,7 @@ func detectMatched(gitRepo *git.Repository, commit *git.Commit, triggedEvent web
 
 	switch triggedEvent {
 	case // events with no activity types
+		webhook_module.HookEventSchedule,
 		webhook_module.HookEventCreate,
 		webhook_module.HookEventDelete,
 		webhook_module.HookEventFork,
diff --git a/modules/actions/workflows_test.go b/modules/actions/workflows_test.go
index 2d57f19488..c8e1e553fe 100644
--- a/modules/actions/workflows_test.go
+++ b/modules/actions/workflows_test.go
@@ -118,6 +118,13 @@ func TestDetectMatched(t *testing.T) {
 			yamlOn:       "on: gollum",
 			expected:     true,
 		},
+		{
+			desc:         "HookEventSchedue(schedule) matches GithubEventSchedule(schedule)",
+			triggedEvent: webhook_module.HookEventSchedule,
+			payload:      nil,
+			yamlOn:       "on: schedule",
+			expected:     true,
+		},
 	}
 
 	for _, tc := range testCases {
diff --git a/modules/webhook/type.go b/modules/webhook/type.go
index 7042d391b7..0013691c02 100644
--- a/modules/webhook/type.go
+++ b/modules/webhook/type.go
@@ -31,6 +31,7 @@ const (
 	HookEventRepository                HookEventType = "repository"
 	HookEventRelease                   HookEventType = "release"
 	HookEventPackage                   HookEventType = "package"
+	HookEventSchedule                  HookEventType = "schedule"
 )
 
 // Event returns the HookEventType as an event string
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 4e774952ac..0c12b50dd4 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -451,7 +451,7 @@ func handleSchedules(
 			TriggerUserID: input.Doer.ID,
 			Ref:           input.Repo.DefaultBranch,
 			CommitSHA:     commit.ID.String(),
-			Event:         input.Event,
+			Event:         webhook_module.HookEventType(api.HookScheduleCreated),
 			EventPayload:  string(p),
 			Specs:         schedules,
 			Content:       dwf.Content,
diff --git a/services/actions/schedule_tasks.go b/services/actions/schedule_tasks.go
index 8eef2b67bd..dfde34d994 100644
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@@ -112,6 +112,7 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 		Ref:           cron.Ref,
 		CommitSHA:     cron.CommitSHA,
 		Event:         cron.Event,
+		TriggerEvent:  string(webhook_module.HookEventSchedule),
 		EventPayload:  cron.EventPayload,
 		ScheduleID:    cron.ID,
 		Status:        actions_model.StatusWaiting,

From 4bd5d2e9d0c7987a9d7cce495509c8790dcdcd3a Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 23 Dec 2023 12:17:20 +0100
Subject: [PATCH 51/62] [ACTIONS] on.schedule: create a new payload

do not reuse the payload of the event that triggered the creation of
the scheduled event. Create a new one instead that contains no other
information than the event name in the action field ("schedule").

(cherry picked from commit 0b40ca1ea5e6b704bcb6c0d370a21f633facc7d6)
(cherry picked from commit f86487432b3b5f2fd4e2bb0a2d737674d9a105a6)
---
 modules/structs/hook.go             | 10 ++++++++++
 services/actions/notifier_helper.go |  6 +++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/modules/structs/hook.go b/modules/structs/hook.go
index 0babe84410..e8944c1130 100644
--- a/modules/structs/hook.go
+++ b/modules/structs/hook.go
@@ -402,6 +402,16 @@ func (p *PullRequestPayload) JSONPayload() ([]byte, error) {
 	return json.MarshalIndent(p, "", "  ")
 }
 
+type HookScheduleAction string
+
+const (
+	HookScheduleCreated HookScheduleAction = "schedule"
+)
+
+type SchedulePayload struct {
+	Action HookScheduleAction `json:"action"`
+}
+
 // ReviewPayload FIXME
 type ReviewPayload struct {
 	Type    string `json:"type"`
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 0c12b50dd4..66566a29a7 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -424,7 +424,11 @@ func handleSchedules(
 		return nil
 	}
 
-	p, err := json.Marshal(input.Payload)
+	payload := &api.SchedulePayload{
+		Action: api.HookScheduleCreated,
+	}
+
+	p, err := json.Marshal(payload)
 	if err != nil {
 		return fmt.Errorf("json.Marshal: %w", err)
 	}

From 08195803eb123b3a7acf593f3bcff1fb9a441c75 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sat, 23 Dec 2023 12:18:51 +0100
Subject: [PATCH 52/62] [ACTIONS] on.schedule: do not cancel jobs

The cancelation of jobs is taken care of by handleWorkflows which is
called right after handleSchedules with the same event.

(cherry picked from commit ad1af2e436f60bc56cbd7528b7e22aa4a2530976)
(cherry picked from commit e21252f14740e55aea83d6f4208771060def49ef)
---
 services/actions/notifier_helper.go | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 66566a29a7..964d14a19a 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -461,18 +461,6 @@ func handleSchedules(
 			Content:       dwf.Content,
 		}
 
-		// cancel running jobs if the event is push
-		if run.Event == webhook_module.HookEventPush {
-			// cancel running jobs of the same workflow
-			if err := actions_model.CancelRunningJobs(
-				ctx,
-				run.RepoID,
-				run.Ref,
-				run.WorkflowID,
-			); err != nil {
-				log.Error("CancelRunningJobs: %v", err)
-			}
-		}
 		crons = append(crons, run)
 	}
 

From 874ef1978d7db5e8ba1482d4c8190b914fa110b3 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Wed, 27 Dec 2023 23:22:06 +0100
Subject: [PATCH 53/62] [GITEA] Fix session generation for database

- If the session doesn't exist, it shouldn't be expected that the
variable is non-nil. Define the session variable instead and insert that.
- Add unit tests to test the behavior of the database sessions code .
- Regression caused by dd30d9d5c0f577cb6e084aae6de2752ad43474d8.
- Resolves https://codeberg.org/forgejo/forgejo/issues/2042

(cherry picked from commit 90307ad2004a9a9ddda30af4038224fedf0e6ca3)
---
 models/auth/session_test.go | 142 ++++++++++++++++++++++++++++++++++++
 1 file changed, 142 insertions(+)
 create mode 100644 models/auth/session_test.go

diff --git a/models/auth/session_test.go b/models/auth/session_test.go
new file mode 100644
index 0000000000..1731f40ccd
--- /dev/null
+++ b/models/auth/session_test.go
@@ -0,0 +1,142 @@
+// Copyright 2023 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package auth_test
+
+import (
+	"testing"
+	"time"
+
+	"code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAuthSession(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	defer timeutil.Unset()
+
+	key := "I-Like-Free-Software"
+
+	t.Run("Create Session", func(t *testing.T) {
+		// Ensure it doesn't exist.
+		ok, err := auth.ExistSession(db.DefaultContext, key)
+		assert.NoError(t, err)
+		assert.False(t, ok)
+
+		preCount, err := auth.CountSessions(db.DefaultContext)
+		assert.NoError(t, err)
+
+		now := time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC)
+		timeutil.Set(now)
+
+		// New session is created.
+		sess, err := auth.ReadSession(db.DefaultContext, key)
+		assert.NoError(t, err)
+		assert.EqualValues(t, key, sess.Key)
+		assert.Empty(t, sess.Data)
+		assert.EqualValues(t, now.Unix(), sess.Expiry)
+
+		// Ensure it exists.
+		ok, err = auth.ExistSession(db.DefaultContext, key)
+		assert.NoError(t, err)
+		assert.True(t, ok)
+
+		// Ensure the session is taken into account for count..
+		postCount, err := auth.CountSessions(db.DefaultContext)
+		assert.NoError(t, err)
+		assert.Greater(t, postCount, preCount)
+	})
+
+	t.Run("Update session", func(t *testing.T) {
+		data := []byte{0xba, 0xdd, 0xc0, 0xde}
+		now := time.Date(2022, 1, 1, 0, 0, 0, 0, time.UTC)
+		timeutil.Set(now)
+
+		// Update session.
+		err := auth.UpdateSession(db.DefaultContext, key, data)
+		assert.NoError(t, err)
+
+		timeutil.Set(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
+
+		// Read updated session.
+		// Ensure data is updated and expiry is set from the update session call.
+		sess, err := auth.ReadSession(db.DefaultContext, key)
+		assert.NoError(t, err)
+		assert.EqualValues(t, key, sess.Key)
+		assert.EqualValues(t, data, sess.Data)
+		assert.EqualValues(t, now.Unix(), sess.Expiry)
+
+		timeutil.Set(now)
+	})
+
+	t.Run("Delete session", func(t *testing.T) {
+		// Ensure it't exist.
+		ok, err := auth.ExistSession(db.DefaultContext, key)
+		assert.NoError(t, err)
+		assert.True(t, ok)
+
+		preCount, err := auth.CountSessions(db.DefaultContext)
+		assert.NoError(t, err)
+
+		err = auth.DestroySession(db.DefaultContext, key)
+		assert.NoError(t, err)
+
+		// Ensure it doens't exists.
+		ok, err = auth.ExistSession(db.DefaultContext, key)
+		assert.NoError(t, err)
+		assert.False(t, ok)
+
+		// Ensure the session is taken into account for count..
+		postCount, err := auth.CountSessions(db.DefaultContext)
+		assert.NoError(t, err)
+		assert.Less(t, postCount, preCount)
+	})
+
+	t.Run("Cleanup sessions", func(t *testing.T) {
+		timeutil.Set(time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC))
+
+		_, err := auth.ReadSession(db.DefaultContext, "sess-1")
+		assert.NoError(t, err)
+
+		// One minute later.
+		timeutil.Set(time.Date(2023, 1, 1, 0, 1, 0, 0, time.UTC))
+		_, err = auth.ReadSession(db.DefaultContext, "sess-2")
+		assert.NoError(t, err)
+
+		// 5 minutes, shouldn't clean up anything.
+		err = auth.CleanupSessions(db.DefaultContext, 5*60)
+		assert.NoError(t, err)
+
+		ok, err := auth.ExistSession(db.DefaultContext, "sess-1")
+		assert.NoError(t, err)
+		assert.True(t, ok)
+
+		ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
+		assert.NoError(t, err)
+		assert.True(t, ok)
+
+		// 1 minute, should clean up sess-1.
+		err = auth.CleanupSessions(db.DefaultContext, 60)
+		assert.NoError(t, err)
+
+		ok, err = auth.ExistSession(db.DefaultContext, "sess-1")
+		assert.NoError(t, err)
+		assert.False(t, ok)
+
+		ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
+		assert.NoError(t, err)
+		assert.True(t, ok)
+
+		// Now, should clean up sess-2.
+		err = auth.CleanupSessions(db.DefaultContext, 0)
+		assert.NoError(t, err)
+
+		ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
+		assert.NoError(t, err)
+		assert.False(t, ok)
+	})
+}

From 337cf62c1094273ab61fbaab8e7fb41eb6e2e979 Mon Sep 17 00:00:00 2001
From: Gergely Nagy <forgejo@gergo.csillger.hu>
Date: Wed, 20 Dec 2023 21:44:55 +0100
Subject: [PATCH 54/62] [GITEA] Optionally allow anyone to edit Wikis

This is largely based on gitea#6312 by @ashimokawa, with updates and
fixes by myself, and incorporates the review feedback given in that pull
request, and more.

What this patch does is add a new "default_permissions" column to the
`repo_units` table (defaulting to read permission), adjusts the
permission checking code to take this into consideration, and then
exposes a setting that lets a repo administrator enable any user on a
Forgejo instance to edit the repo's wiki (effectively giving the wiki
unit of the repo "write" permissions by default).

By default, wikis will remain restricted to collaborators, but with the
new setting exposed, they can be turned into globally editable wikis.

Fixes Codeberg/Community#28.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b744399229f255eb124c22e3969715046043209)
---
 models/forgejo_migrations/migrate.go  |  3 ++
 models/forgejo_migrations/v1_22/v4.go | 17 +++++++++
 models/perm/access/repo_permission.go | 28 +++++++++++++--
 models/repo/repo_unit.go              | 41 ++++++++++++++++++---
 models/repo/repo_unit_test.go         |  9 +++++
 options/locale/locale_en-US.ini       |  1 +
 routers/web/repo/setting/setting.go   | 13 +++++--
 services/forms/repo_form.go           |  1 +
 templates/repo/settings/options.tmpl  | 10 ++++++
 tests/integration/api_wiki_test.go    | 51 +++++++++++++++++++++++++++
 10 files changed, 164 insertions(+), 10 deletions(-)
 create mode 100644 models/forgejo_migrations/v1_22/v4.go

diff --git a/models/forgejo_migrations/migrate.go b/models/forgejo_migrations/migrate.go
index 58f158bd17..8ac2fb63f2 100644
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@@ -10,6 +10,7 @@ import (
 
 	"code.gitea.io/gitea/models/forgejo/semver"
 	forgejo_v1_20 "code.gitea.io/gitea/models/forgejo_migrations/v1_20"
+	forgejo_v1_22 "code.gitea.io/gitea/models/forgejo_migrations/v1_22"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -43,6 +44,8 @@ var migrations = []*Migration{
 	NewMigration("create the forgejo_sem_ver table", forgejo_v1_20.CreateSemVerTable),
 	// v2 -> v3
 	NewMigration("create the forgejo_auth_token table", forgejo_v1_20.CreateAuthorizationTokenTable),
+	// v3 -> v4
+	NewMigration("Add default_permissions to repo_unit", forgejo_v1_22.AddDefaultPermissionsToRepoUnit),
 }
 
 // GetCurrentDBVersion returns the current Forgejo database version.
diff --git a/models/forgejo_migrations/v1_22/v4.go b/models/forgejo_migrations/v1_22/v4.go
new file mode 100644
index 0000000000..f1195f5f66
--- /dev/null
+++ b/models/forgejo_migrations/v1_22/v4.go
@@ -0,0 +1,17 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package v1_22 //nolint
+
+import (
+	"xorm.io/xorm"
+)
+
+func AddDefaultPermissionsToRepoUnit(x *xorm.Engine) error {
+	type RepoUnit struct {
+		ID                 int64
+		DefaultPermissions int `xorm:"NOT NULL DEFAULT 0"`
+	}
+
+	return x.Sync(&RepoUnit{})
+}
diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 395ecdf1a5..0b66e62d7d 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -33,6 +33,16 @@ func (p *Permission) IsAdmin() bool {
 	return p.AccessMode >= perm_model.AccessModeAdmin
 }
 
+// IsGloballyWriteable returns true if the unit is writeable by all users of the instance.
+func (p *Permission) IsGloballyWriteable(unitType unit.Type) bool {
+	for _, u := range p.Units {
+		if u.Type == unitType {
+			return u.DefaultPermissions == repo_model.UnitAccessModeWrite
+		}
+	}
+	return false
+}
+
 // HasAccess returns true if the current user has at least read access to any unit of this repository
 func (p *Permission) HasAccess() bool {
 	if p.UnitsMode == nil {
@@ -198,7 +208,19 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
 	if err := repo.LoadOwner(ctx); err != nil {
 		return perm, err
 	}
+
 	if !repo.Owner.IsOrganization() {
+		// for a public repo, different repo units may have different default
+		// permissions for non-restricted users.
+		if !repo.IsPrivate && !user.IsRestricted && len(repo.Units) > 0 {
+			perm.UnitsMode = make(map[unit.Type]perm_model.AccessMode)
+			for _, u := range repo.Units {
+				if _, ok := perm.UnitsMode[u.Type]; !ok {
+					perm.UnitsMode[u.Type] = u.DefaultPermissions.ToAccessMode(perm.AccessMode)
+				}
+			}
+		}
+
 		return perm, nil
 	}
 
@@ -239,10 +261,12 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
 			}
 		}
 
-		// for a public repo on an organization, a non-restricted user has read permission on non-team defined units.
+		// for a public repo on an organization, a non-restricted user should
+		// have the same permission on non-team defined units as the default
+		// permissions for the repo unit.
 		if !found && !repo.IsPrivate && !user.IsRestricted {
 			if _, ok := perm.UnitsMode[u.Type]; !ok {
-				perm.UnitsMode[u.Type] = perm_model.AccessModeRead
+				perm.UnitsMode[u.Type] = u.DefaultPermissions.ToAccessMode(perm_model.AccessModeRead)
 			}
 		}
 	}
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index 89f28b8fca..3df5236ea7 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/setting"
@@ -39,13 +40,43 @@ func (err ErrUnitTypeNotExist) Unwrap() error {
 	return util.ErrNotExist
 }
 
+// RepoUnitAccessMode specifies the users access mode to a repo unit
+type UnitAccessMode int
+
+const (
+	// UnitAccessModeUnset - no unit mode set
+	UnitAccessModeUnset UnitAccessMode = iota // 0
+	// UnitAccessModeNone no access
+	UnitAccessModeNone // 1
+	// UnitAccessModeRead read access
+	UnitAccessModeRead // 2
+	// UnitAccessModeWrite write access
+	UnitAccessModeWrite // 3
+)
+
+func (mode UnitAccessMode) ToAccessMode(modeIfUnset perm.AccessMode) perm.AccessMode {
+	switch mode {
+	case UnitAccessModeUnset:
+		return modeIfUnset
+	case UnitAccessModeNone:
+		return perm.AccessModeNone
+	case UnitAccessModeRead:
+		return perm.AccessModeRead
+	case UnitAccessModeWrite:
+		return perm.AccessModeWrite
+	default:
+		return perm.AccessModeNone
+	}
+}
+
 // RepoUnit describes all units of a repository
 type RepoUnit struct { //revive:disable-line:exported
-	ID          int64
-	RepoID      int64              `xorm:"INDEX(s)"`
-	Type        unit.Type          `xorm:"INDEX(s)"`
-	Config      convert.Conversion `xorm:"TEXT"`
-	CreatedUnix timeutil.TimeStamp `xorm:"INDEX CREATED"`
+	ID                 int64
+	RepoID             int64              `xorm:"INDEX(s)"`
+	Type               unit.Type          `xorm:"INDEX(s)"`
+	Config             convert.Conversion `xorm:"TEXT"`
+	CreatedUnix        timeutil.TimeStamp `xorm:"INDEX CREATED"`
+	DefaultPermissions UnitAccessMode     `xorm:"NOT NULL DEFAULT 0"`
 }
 
 func init() {
diff --git a/models/repo/repo_unit_test.go b/models/repo/repo_unit_test.go
index a760594013..27a34fd0eb 100644
--- a/models/repo/repo_unit_test.go
+++ b/models/repo/repo_unit_test.go
@@ -6,6 +6,8 @@ package repo
 import (
 	"testing"
 
+	"code.gitea.io/gitea/models/perm"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -28,3 +30,10 @@ func TestActionsConfig(t *testing.T) {
 	cfg.DisableWorkflow("test3.yaml")
 	assert.EqualValues(t, "test1.yaml,test2.yaml,test3.yaml", cfg.ToString())
 }
+
+func TestRepoUnitAccessMode(t *testing.T) {
+	assert.Equal(t, UnitAccessModeNone.ToAccessMode(perm.AccessModeAdmin), perm.AccessModeNone)
+	assert.Equal(t, UnitAccessModeRead.ToAccessMode(perm.AccessModeAdmin), perm.AccessModeRead)
+	assert.Equal(t, UnitAccessModeWrite.ToAccessMode(perm.AccessModeAdmin), perm.AccessModeWrite)
+	assert.Equal(t, UnitAccessModeUnset.ToAccessMode(perm.AccessModeRead), perm.AccessModeRead)
+}
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index a5c82bfcf6..40e1a3ecbe 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2036,6 +2036,7 @@ settings.branches.update_default_branch = Update Default Branch
 settings.branches.add_new_rule = Add New Rule
 settings.advanced_settings = Advanced Settings
 settings.wiki_desc = Enable Repository Wiki
+settings.wiki_globally_editable = Allow anyone to edit the Wiki
 settings.use_internal_wiki = Use Built-In Wiki
 settings.use_external_wiki = Use External Wiki
 settings.external_wiki_url = External Wiki URL
diff --git a/routers/web/repo/setting/setting.go b/routers/web/repo/setting/setting.go
index 989ada816f..6d294d1f26 100644
--- a/routers/web/repo/setting/setting.go
+++ b/routers/web/repo/setting/setting.go
@@ -473,10 +473,17 @@ func SettingsPost(ctx *context.Context) {
 			})
 			deleteUnitTypes = append(deleteUnitTypes, unit_model.TypeWiki)
 		} else if form.EnableWiki && !form.EnableExternalWiki && !unit_model.TypeWiki.UnitGlobalDisabled() {
+			var wikiPermissions repo_model.UnitAccessMode
+			if form.GloballyWriteableWiki {
+				wikiPermissions = repo_model.UnitAccessModeWrite
+			} else {
+				wikiPermissions = repo_model.UnitAccessModeRead
+			}
 			units = append(units, repo_model.RepoUnit{
-				RepoID: repo.ID,
-				Type:   unit_model.TypeWiki,
-				Config: new(repo_model.UnitConfig),
+				RepoID:             repo.ID,
+				Type:               unit_model.TypeWiki,
+				Config:             new(repo_model.UnitConfig),
+				DefaultPermissions: wikiPermissions,
 			})
 			deleteUnitTypes = append(deleteUnitTypes, unit_model.TypeExternalWiki)
 		} else {
diff --git a/services/forms/repo_form.go b/services/forms/repo_form.go
index ed4d82e1e5..c1dfce0a87 100644
--- a/services/forms/repo_form.go
+++ b/services/forms/repo_form.go
@@ -140,6 +140,7 @@ type RepoSettingForm struct {
 	// Advanced settings
 	EnableCode                            bool
 	EnableWiki                            bool
+	GloballyWriteableWiki                 bool
 	EnableExternalWiki                    bool
 	ExternalWikiURL                       string
 	EnableIssues                          bool
diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index 80aec2b252..5c2da5ebbd 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -318,6 +318,16 @@
 							<label>{{ctx.Locale.Tr "repo.settings.use_internal_wiki"}}</label>
 						</div>
 					</div>
+					{{if (not .Repository.IsPrivate)}}
+					<div class="field {{if (.Repository.UnitEnabled $.Context $.UnitTypeExternalWiki)}}disabled{{end}}">
+						<div class="field">
+							<div class="ui checkbox">
+								<input name="globally_writeable_wiki" type="checkbox" {{if .Permission.IsGloballyWriteable $.UnitTypeWiki}}checked{{end}}>
+								<label>{{ctx.Locale.Tr "repo.settings.wiki_globally_editable"}}</label>
+							</div>
+						</div>
+					</div>
+					{{end}}
 					<div class="field">
 						<div class="ui radio checkbox{{if $isExternalWikiGlobalDisabled}} disabled{{end}}"{{if $isExternalWikiGlobalDisabled}} data-tooltip-content="{{ctx.Locale.Tr "repo.unit_disabled"}}"{{end}}>
 							<input class="enable-system-radio" name="enable_external_wiki" type="radio" value="true" data-target="#external_wiki_box" {{if .Repository.UnitEnabled $.Context $.UnitTypeExternalWiki}}checked{{end}}>
diff --git a/tests/integration/api_wiki_test.go b/tests/integration/api_wiki_test.go
index 05d90fc4e3..3b5469a1a5 100644
--- a/tests/integration/api_wiki_test.go
+++ b/tests/integration/api_wiki_test.go
@@ -4,12 +4,16 @@
 package integration
 
 import (
+	"context"
 	"encoding/base64"
 	"fmt"
 	"net/http"
 	"testing"
 
 	auth_model "code.gitea.io/gitea/models/auth"
+	repo_model "code.gitea.io/gitea/models/repo"
+	unit_model "code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/models/unittest"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/tests"
 
@@ -209,6 +213,53 @@ func TestAPIEditWikiPage(t *testing.T) {
 	MakeRequest(t, req, http.StatusOK)
 }
 
+func TestAPIEditOtherWikiPage(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// (drive-by-user) user, session, and token for a drive-by wiki editor
+	username := "drive-by-user"
+	req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
+		"user_name": username,
+		"email":     "drive-by@example.com",
+		"password":  "examplePassword!1",
+		"retype":    "examplePassword!1",
+	})
+	MakeRequest(t, req, http.StatusSeeOther)
+	session := loginUserWithPassword(t, username, "examplePassword!1")
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+	// (user2) user for the user whose wiki we're going to edit (as drive-by-user)
+	otherUsername := "user2"
+
+	// Creating a new Wiki page on user2's repo as user1 fails
+	testCreateWiki := func(expectedStatusCode int) {
+		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/new?token=%s", otherUsername, "repo1", token)
+		req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateWikiPageOptions{
+			Title:         "Globally Edited Page",
+			ContentBase64: base64.StdEncoding.EncodeToString([]byte("Wiki page content for API unit tests")),
+			Message:       "",
+		})
+		session.MakeRequest(t, req, expectedStatusCode)
+	}
+	testCreateWiki(http.StatusForbidden)
+
+	// Update the repo settings for user2's repo to enable globally writeable wiki
+	ctx := context.Background()
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	var units []repo_model.RepoUnit
+	units = append(units, repo_model.RepoUnit{
+		RepoID:             repo.ID,
+		Type:               unit_model.TypeWiki,
+		Config:             new(repo_model.UnitConfig),
+		DefaultPermissions: repo_model.UnitAccessModeWrite,
+	})
+	err := repo_model.UpdateRepositoryUnits(ctx, repo, units, nil)
+	assert.NoError(t, err)
+
+	// Creating a new Wiki page on user2's repo works now
+	testCreateWiki(http.StatusCreated)
+}
+
 func TestAPIListPageRevisions(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	username := "user2"

From c89e0735fab6b3994ff1769afafb012d1147972f Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 22 Dec 2023 17:20:50 +0100
Subject: [PATCH 55/62] [GITEA] Fix /issues/search endpoint

- The endpoint was moved from being an API endpoint to an web endpoint
with JSON result. However the API context isn't the same as the web
context, for example the `ctx.Error` only takes in the first two
arguments into consideration and doesn't do logging, which is not the
same behavior as the API context where there's three arguments and does
do logging and only reveal the function + error if the user is admin.
- Remove any details in the error message and do the logging seperatly,
this is somewhat consistent with how other API endpoints behave.
- Ref: https://codeberg.org/forgejo/forgejo/issues/1998

(cherry picked from commit fe71e32ace98461398cffe55f99ad31dc1be0b4e)
---
 routers/web/repo/issue.go | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 14781be822..a759014894 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -2482,7 +2482,8 @@ func UpdatePullReviewRequest(ctx *context.Context) {
 func SearchIssues(ctx *context.Context) {
 	before, since, err := context.GetQueryBeforeSince(ctx.Base)
 	if err != nil {
-		ctx.Error(http.StatusUnprocessableEntity, err.Error())
+		log.Error("GetQueryBeforeSince: %v", err)
+		ctx.Error(http.StatusUnprocessableEntity, "invalid before or since")
 		return
 	}
 
@@ -2519,10 +2520,11 @@ func SearchIssues(ctx *context.Context) {
 		if ctx.FormString("owner") != "" {
 			owner, err := user_model.GetUserByName(ctx, ctx.FormString("owner"))
 			if err != nil {
+				log.Error("GetUserByName: %v", err)
 				if user_model.IsErrUserNotExist(err) {
 					ctx.Error(http.StatusBadRequest, "Owner not found", err.Error())
 				} else {
-					ctx.Error(http.StatusInternalServerError, "GetUserByName", err.Error())
+					ctx.Error(http.StatusInternalServerError)
 				}
 				return
 			}
@@ -2533,15 +2535,16 @@ func SearchIssues(ctx *context.Context) {
 		}
 		if ctx.FormString("team") != "" {
 			if ctx.FormString("owner") == "" {
-				ctx.Error(http.StatusBadRequest, "", "Owner organisation is required for filtering on team")
+				ctx.Error(http.StatusBadRequest, "Owner organisation is required for filtering on team")
 				return
 			}
 			team, err := organization.GetTeam(ctx, opts.OwnerID, ctx.FormString("team"))
 			if err != nil {
+				log.Error("GetTeam: %v", err)
 				if organization.IsErrTeamNotExist(err) {
-					ctx.Error(http.StatusBadRequest, "Team not found", err.Error())
+					ctx.Error(http.StatusBadRequest)
 				} else {
-					ctx.Error(http.StatusInternalServerError, "GetUserByName", err.Error())
+					ctx.Error(http.StatusInternalServerError)
 				}
 				return
 			}
@@ -2554,7 +2557,8 @@ func SearchIssues(ctx *context.Context) {
 		}
 		repoIDs, _, err = repo_model.SearchRepositoryIDs(ctx, opts)
 		if err != nil {
-			ctx.Error(http.StatusInternalServerError, "SearchRepositoryIDs", err.Error())
+			log.Error("SearchRepositoryIDs: %v", err)
+			ctx.Error(http.StatusInternalServerError)
 			return
 		}
 		if len(repoIDs) == 0 {
@@ -2588,7 +2592,8 @@ func SearchIssues(ctx *context.Context) {
 		}
 		includedAnyLabels, err = issues_model.GetLabelIDsByNames(ctx, includedLabelNames)
 		if err != nil {
-			ctx.Error(http.StatusInternalServerError, "GetLabelIDsByNames", err.Error())
+			log.Error("GetLabelIDsByNames: %v", err)
+			ctx.Error(http.StatusInternalServerError)
 			return
 		}
 	}
@@ -2602,7 +2607,8 @@ func SearchIssues(ctx *context.Context) {
 		}
 		includedMilestones, err = issues_model.GetMilestoneIDsByNames(ctx, includedMilestoneNames)
 		if err != nil {
-			ctx.Error(http.StatusInternalServerError, "GetMilestoneIDsByNames", err.Error())
+			log.Error("GetMilestoneIDsByNames: %v", err)
+			ctx.Error(http.StatusInternalServerError)
 			return
 		}
 	}
@@ -2669,12 +2675,14 @@ func SearchIssues(ctx *context.Context) {
 
 	ids, total, err := issue_indexer.SearchIssues(ctx, searchOpt)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "SearchIssues", err.Error())
+		log.Error("SearchIssues: %v", err)
+		ctx.Error(http.StatusInternalServerError)
 		return
 	}
 	issues, err := issues_model.GetIssuesByIDs(ctx, ids, true)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "FindIssuesByIDs", err.Error())
+		log.Error("GetIssuesByIDs: %v", err)
+		ctx.Error(http.StatusInternalServerError)
 		return
 	}
 

From ca65deba1cc183ce1643ee6a1f698c5ecb2ac571 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 17 Dec 2023 16:39:58 +0100
Subject: [PATCH 56/62] [GITEA] Avoid `WHERE IN` for comment migration query

- Rewrite `UpdateCommentsMigrationsByType` to not use `WHERE IN` as
that's a performance diaster for MariaDB, it now use batching to query
the the relevant comment IDs via JOINs (which is not possible in a
UPDATE query for SQLite) and then update them in a seperate query.
- Add unit test.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1856

(cherry picked from commit 8098ca9d2e391b17e5e3da5cfa5af042221bfe36)

Conflicts:
	models/issues/comment.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
---
 models/issues/comment_test.go | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/models/issues/comment_test.go b/models/issues/comment_test.go
index c5bbfdedc2..e08bd7fbf5 100644
--- a/models/issues/comment_test.go
+++ b/models/issues/comment_test.go
@@ -12,6 +12,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/structs"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -97,3 +98,29 @@ func TestMigrate_InsertIssueComments(t *testing.T) {
 
 	unittest.CheckConsistencyFor(t, &issues_model.Issue{})
 }
+
+func TestUpdateCommentsMigrationsByType(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 1})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID})
+	comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 1, IssueID: issue.ID})
+
+	// Set repository to migrated from Gitea.
+	repo.OriginalServiceType = structs.GiteaService
+	repo_model.UpdateRepositoryCols(db.DefaultContext, repo, "original_service_type")
+
+	// Set comment to have an original author.
+	comment.OriginalAuthor = "Example User"
+	comment.OriginalAuthorID = 1
+	comment.PosterID = 0
+	_, err := db.GetEngine(db.DefaultContext).ID(comment.ID).Cols("original_author", "original_author_id", "poster_id").Update(comment)
+	assert.NoError(t, err)
+
+	assert.NoError(t, issues_model.UpdateCommentsMigrationsByType(db.DefaultContext, structs.GiteaService, "1", 513))
+
+	comment = unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 1, IssueID: issue.ID})
+	assert.Empty(t, comment.OriginalAuthor)
+	assert.Empty(t, comment.OriginalAuthorID)
+	assert.EqualValues(t, 513, comment.PosterID)
+}

From 58c76aad8f624d7701e3fa6c12264328962cdf58 Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Tue, 19 Dec 2023 22:18:07 +0100
Subject: [PATCH 57/62] [GITEA] pulls: "Edit File" button in "Files Changed"
 tab
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #1894.
Gitea issue: https://github.com/go-gitea/gitea/issues/23848

(cherry picked from commit 79c75164ca70937261b1d9a68420ebfdbdcfa4d4)
---
 routers/web/repo/pull.go              | 12 ++++++++++
 templates/repo/diff/box.tmpl          |  3 +++
 tests/integration/forgejo_git_test.go |  2 +-
 tests/integration/git_test.go         | 34 +++++++++++++++++++++------
 4 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 39f9cefa5c..c52b0116aa 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -966,6 +966,18 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		return
 	}
 
+	// determine if the user viewing the pull request can edit the head branch
+	if ctx.Doer != nil && pull.HeadRepo != nil && !pull.HasMerged {
+		headRepoPerm, err := access_model.GetUserRepoPermission(ctx, pull.HeadRepo, ctx.Doer)
+		if err != nil {
+			ctx.ServerError("GetUserRepoPermission", err)
+			return
+		}
+		ctx.Data["HeadBranchIsEditable"] = pull.HeadRepo.CanEnableEditor() && issues_model.CanMaintainerWriteToBranch(ctx, headRepoPerm, pull.HeadBranch, ctx.Doer)
+		ctx.Data["SourceRepoLink"] = pull.HeadRepo.Link()
+		ctx.Data["HeadBranch"] = pull.HeadBranch
+	}
+
 	if ctx.IsSigned && ctx.Doer != nil {
 		if ctx.Data["CanMarkConversation"], err = issues_model.CanMarkConversation(ctx, issue, ctx.Doer); err != nil {
 			ctx.ServerError("CanMarkConversation", err)
diff --git a/templates/repo/diff/box.tmpl b/templates/repo/diff/box.tmpl
index 1224bbe84c..a5fecce7c1 100644
--- a/templates/repo/diff/box.tmpl
+++ b/templates/repo/diff/box.tmpl
@@ -166,6 +166,9 @@
 										<a class="ui basic tiny button" rel="nofollow" href="{{$.BeforeSourcePath}}/{{PathEscapeSegments .Name}}">{{ctx.Locale.Tr "repo.diff.view_file"}}</a>
 									{{else}}
 										<a class="ui basic tiny button" rel="nofollow" href="{{$.SourcePath}}/{{PathEscapeSegments .Name}}">{{ctx.Locale.Tr "repo.diff.view_file"}}</a>
+										{{if and $.HeadBranchIsEditable (not $file.IsLFSFile)}}
+											<a class="ui basic tiny button" rel="nofollow" href="{{$.SourceRepoLink}}/_edit/{{PathEscapeSegments $.HeadBranch}}/{{PathEscapeSegments .Name}}">{{ctx.Locale.Tr "repo.editor.edit_this_file"}}</a>
+										{{end}}
 									{{end}}
 								{{end}}
 								{{if $isReviewFile}}
diff --git a/tests/integration/forgejo_git_test.go b/tests/integration/forgejo_git_test.go
index f81521d735..bd0fb207eb 100644
--- a/tests/integration/forgejo_git_test.go
+++ b/tests/integration/forgejo_git_test.go
@@ -134,6 +134,6 @@ func doActionsUserPR(ctx, doerCtx APITestContext, baseBranch, headBranch string)
 		doerCtx.ExpectedCode = http.StatusCreated
 		t.Run("AutoMergePR", doAPIAutoMergePullRequest(doerCtx, ctx.Username, ctx.Reponame, pr.Index))
 		// Ensure the PR page works
-		t.Run("EnsureCanSeePull", doEnsureCanSeePull(ctx, pr))
+		t.Run("EnsureCanSeePull", doEnsureCanSeePull(ctx, pr, true))
 	}
 }
diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index 0c3a8616f0..0afe9fa580 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -455,8 +455,19 @@ func doMergeFork(ctx, baseCtx APITestContext, baseBranch, headBranch string) fun
 			assert.NoError(t, err)
 		})
 
-		// Ensure the PR page works
-		t.Run("EnsureCanSeePull", doEnsureCanSeePull(baseCtx, pr))
+		// Ensure the PR page works.
+		// For the base repository owner, the PR is not editable (maintainer edits are not enabled):
+		t.Run("EnsureCanSeePull", doEnsureCanSeePull(baseCtx, pr, false))
+		// For the head repository owner, the PR is editable:
+		headSession := loginUser(t, "user2")
+		headToken := getTokenForLoggedInUser(t, headSession, auth_model.AccessTokenScopeReadRepository, auth_model.AccessTokenScopeReadUser)
+		headCtx := APITestContext{
+			Session:  headSession,
+			Token:    headToken,
+			Username: baseCtx.Username,
+			Reponame: baseCtx.Reponame,
+		}
+		t.Run("EnsureCanSeePull", doEnsureCanSeePull(headCtx, pr, true))
 
 		// Then get the diff string
 		var diffHash string
@@ -470,7 +481,9 @@ func doMergeFork(ctx, baseCtx APITestContext, baseBranch, headBranch string) fun
 
 		// Now: Merge the PR & make sure that doesn't break the PR page or change its diff
 		t.Run("MergePR", doAPIMergePullRequest(baseCtx, baseCtx.Username, baseCtx.Reponame, pr.Index))
-		t.Run("EnsureCanSeePull", doEnsureCanSeePull(baseCtx, pr))
+		// for both users the PR is still visible but not editable anymore after it was merged
+		t.Run("EnsureCanSeePull", doEnsureCanSeePull(baseCtx, pr, false))
+		t.Run("EnsureCanSeePull", doEnsureCanSeePull(headCtx, pr, false))
 		t.Run("CheckPR", func(t *testing.T) {
 			oldMergeBase := pr.MergeBase
 			pr2, err := doAPIGetPullRequest(baseCtx, baseCtx.Username, baseCtx.Reponame, pr.Index)(t)
@@ -481,12 +494,12 @@ func doMergeFork(ctx, baseCtx APITestContext, baseBranch, headBranch string) fun
 
 		// Then: Delete the head branch & make sure that doesn't break the PR page or change its diff
 		t.Run("DeleteHeadBranch", doBranchDelete(baseCtx, baseCtx.Username, baseCtx.Reponame, headBranch))
-		t.Run("EnsureCanSeePull", doEnsureCanSeePull(baseCtx, pr))
+		t.Run("EnsureCanSeePull", doEnsureCanSeePull(baseCtx, pr, false))
 		t.Run("EnsureDiffNoChange", doEnsureDiffNoChange(baseCtx, pr, diffHash, diffLength))
 
 		// Delete the head repository & make sure that doesn't break the PR page or change its diff
 		t.Run("DeleteHeadRepository", doAPIDeleteRepository(ctx))
-		t.Run("EnsureCanSeePull", doEnsureCanSeePull(baseCtx, pr))
+		t.Run("EnsureCanSeePull", doEnsureCanSeePull(baseCtx, pr, false))
 		t.Run("EnsureDiffNoChange", doEnsureDiffNoChange(baseCtx, pr, diffHash, diffLength))
 	}
 }
@@ -520,12 +533,19 @@ func doCreatePRAndSetManuallyMerged(ctx, baseCtx APITestContext, dstPath, baseBr
 	}
 }
 
-func doEnsureCanSeePull(ctx APITestContext, pr api.PullRequest) func(t *testing.T) {
+func doEnsureCanSeePull(ctx APITestContext, pr api.PullRequest, editable bool) func(t *testing.T) {
 	return func(t *testing.T) {
 		req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame), pr.Index))
 		ctx.Session.MakeRequest(t, req, http.StatusOK)
 		req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/files", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame), pr.Index))
-		ctx.Session.MakeRequest(t, req, http.StatusOK)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+		doc := NewHTMLParser(t, resp.Body)
+		editButtonCount := doc.doc.Find("div.diff-file-header-actions a[href*='/_edit/']").Length()
+		if editable {
+			assert.Greater(t, editButtonCount, 0, "Expected to find a button to edit a file in the PR diff view but there were none")
+		} else {
+			assert.Equal(t, 0, editButtonCount, "Expected not to find any buttons to edit files in PR diff view but there were some")
+		}
 		req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/commits", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame), pr.Index))
 		ctx.Session.MakeRequest(t, req, http.StatusOK)
 	}

From 60ac881776c750bc25e1d142e201e78e48e3ac23 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 30 Dec 2023 15:06:17 +0100
Subject: [PATCH 58/62] [GITEA] Fix NPE in `ToPullReviewList`

- Add condition to ensure doer isn't nil when using it.
- Added unit test.
- Resolves #2055

(cherry picked from commit 8f1a74fb2944c2a1cf3824c2c6f233d6df2df593)
---
 services/convert/pull_review.go |  2 +-
 services/convert/pull_test.go   | 28 ++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/services/convert/pull_review.go b/services/convert/pull_review.go
index 0332606285..85f2d703d2 100644
--- a/services/convert/pull_review.go
+++ b/services/convert/pull_review.go
@@ -64,7 +64,7 @@ func ToPullReviewList(ctx context.Context, rl []*issues_model.Review, doer *user
 	result := make([]*api.PullReview, 0, len(rl))
 	for i := range rl {
 		// show pending reviews only for the user who created them
-		if rl[i].Type == issues_model.ReviewTypePending && !(doer.IsAdmin || doer.ID == rl[i].ReviewerID) {
+		if rl[i].Type == issues_model.ReviewTypePending && (doer == nil || !(doer.IsAdmin || doer.ID == rl[i].ReviewerID)) {
 			continue
 		}
 		r, err := ToPullReview(ctx, rl[i], doer)
diff --git a/services/convert/pull_test.go b/services/convert/pull_test.go
index e069fa4a68..66c7313f7d 100644
--- a/services/convert/pull_test.go
+++ b/services/convert/pull_test.go
@@ -12,6 +12,7 @@ import (
 	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/structs"
 
@@ -47,3 +48,30 @@ func TestPullRequest_APIFormat(t *testing.T) {
 	assert.Nil(t, apiPullRequest.Head.Repository)
 	assert.EqualValues(t, -1, apiPullRequest.Head.RepoID)
 }
+
+func TestPullReviewList(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("Pending review", func(t *testing.T) {
+		reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		review := unittest.AssertExistsAndLoadBean(t, &issues_model.Review{ID: 6, ReviewerID: reviewer.ID})
+		rl := []*issues_model.Review{review}
+
+		t.Run("Anonymous", func(t *testing.T) {
+			prList, err := ToPullReviewList(db.DefaultContext, rl, nil)
+			assert.NoError(t, err)
+			assert.Empty(t, prList)
+		})
+		t.Run("Reviewer", func(t *testing.T) {
+			prList, err := ToPullReviewList(db.DefaultContext, rl, reviewer)
+			assert.NoError(t, err)
+			assert.Len(t, prList, 1)
+		})
+		t.Run("Admin", func(t *testing.T) {
+			adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true}, unittest.Cond("id != ?", reviewer.ID))
+			prList, err := ToPullReviewList(db.DefaultContext, rl, adminUser)
+			assert.NoError(t, err)
+			assert.Len(t, prList, 1)
+		})
+	})
+}

From 42ac34fbf9105eed27ee687b305a85515270f0cc Mon Sep 17 00:00:00 2001
From: Gergely Nagy <forgejo@gergo.csillger.hu>
Date: Sun, 31 Dec 2023 16:24:05 +0100
Subject: [PATCH 59/62] [GITEA] Configurable clone methods

Adds `[repository].DOWNLOAD_OR_CLONE_METHODS` (defaulting to
"download-zip,download-targz,download-bundle,vscode-clone"), which lets
an instance administrator override the additional clone methods
displayed on the repository home view.

This is purely display-only, the clone methods not listed here are still
available, unless disabled elsewhere. They're just not displayed.

Fixes #710.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 2aadcf4946e48ee43800568fe705d00a062c42bf)
---
 modules/setting/repository.go    | 11 +++++
 modules/web/middleware/data.go   |  1 +
 options/locale/locale_en-US.ini  |  1 +
 templates/repo/clone_script.tmpl |  3 ++
 templates/repo/home.tmpl         | 31 ++++++++++---
 tests/integration/repo_test.go   | 79 ++++++++++++++++++++++++++++++++
 6 files changed, 119 insertions(+), 7 deletions(-)

diff --git a/modules/setting/repository.go b/modules/setting/repository.go
index d5a521b973..8add0a353b 100644
--- a/modules/setting/repository.go
+++ b/modules/setting/repository.go
@@ -7,6 +7,7 @@ import (
 	"os/exec"
 	"path"
 	"path/filepath"
+	"slices"
 	"strings"
 
 	"code.gitea.io/gitea/modules/log"
@@ -19,6 +20,8 @@ const (
 	RepoCreatingPublic             = "public"
 )
 
+var RecognisedRepositoryDownloadOrCloneMethods = []string{"download-zip", "download-targz", "download-bundle", "vscode-clone", "vscodium-clone", "cite"}
+
 // ItemsPerPage maximum items per page in forks, watchers and stars of a repo
 const ItemsPerPage = 40
 
@@ -43,6 +46,7 @@ var (
 		DisabledRepoUnits                       []string
 		DefaultRepoUnits                        []string
 		DefaultForkRepoUnits                    []string
+		DownloadOrCloneMethods                  []string
 		PrefixArchiveFiles                      bool
 		DisableMigrations                       bool
 		DisableStars                            bool `ini:"DISABLE_STARS"`
@@ -160,6 +164,7 @@ var (
 		DisabledRepoUnits:                       []string{},
 		DefaultRepoUnits:                        []string{},
 		DefaultForkRepoUnits:                    []string{},
+		DownloadOrCloneMethods:                  []string{"download-zip", "download-targz", "download-bundle", "vscode-clone"},
 		PrefixArchiveFiles:                      true,
 		DisableMigrations:                       false,
 		DisableStars:                            false,
@@ -358,4 +363,10 @@ func loadRepositoryFrom(rootCfg ConfigProvider) {
 	if err := loadRepoArchiveFrom(rootCfg); err != nil {
 		log.Fatal("loadRepoArchiveFrom: %v", err)
 	}
+
+	for _, method := range Repository.DownloadOrCloneMethods {
+		if !slices.Contains(RecognisedRepositoryDownloadOrCloneMethods, method) {
+			log.Error("Unrecognised repository download or clone method: %s", method)
+		}
+	}
 }
diff --git a/modules/web/middleware/data.go b/modules/web/middleware/data.go
index 08d83f94be..c1d1af8528 100644
--- a/modules/web/middleware/data.go
+++ b/modules/web/middleware/data.go
@@ -53,6 +53,7 @@ func CommonTemplateContextData() ContextData {
 		"ShowMilestonesDashboardPage":   setting.Service.ShowMilestonesDashboardPage,
 		"ShowFooterVersion":             setting.Other.ShowFooterVersion,
 		"DisableDownloadSourceArchives": setting.Repository.DisableDownloadSourceArchives,
+		"DownloadOrCloneMethods":        setting.Repository.DownloadOrCloneMethods,
 
 		"EnableSwagger":      setting.API.EnableSwagger,
 		"EnableOpenIDSignIn": setting.Service.EnableOpenIDSignIn,
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 40e1a3ecbe..34380cceb5 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -961,6 +961,7 @@ all_branches = All branches
 fork_no_valid_owners = This repository can not be forked because there are no valid owners.
 use_template = Use this template
 clone_in_vsc = Clone in VS Code
+clone_in_vscodium = Clone in VS Codium
 download_zip = Download ZIP
 download_tar = Download TAR.GZ
 download_bundle = Download BUNDLE
diff --git a/templates/repo/clone_script.tmpl b/templates/repo/clone_script.tmpl
index 0797b400d8..9ff826bc93 100644
--- a/templates/repo/clone_script.tmpl
+++ b/templates/repo/clone_script.tmpl
@@ -38,5 +38,8 @@
 		for (const el of document.getElementsByClassName('js-clone-url-vsc')) {
 			el['href'] = 'vscode://vscode.git/clone?url=' + encodeURIComponent(link);
 		}
+		for (const el of document.getElementsByClassName('js-clone-url-vscodium')) {
+			el['href'] = 'vscodium://vscode.git/clone?url=' + encodeURIComponent(link);
+		}
 	})();
 </script>
diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl
index d91dc4394e..eb6d96f28e 100644
--- a/templates/repo/home.tmpl
+++ b/templates/repo/home.tmpl
@@ -131,15 +131,32 @@
 						<button id="more-btn" class="ui basic small compact jump dropdown icon button" data-tooltip-content="{{ctx.Locale.Tr "repo.more_operations"}}">
 							{{svg "octicon-kebab-horizontal"}}
 							<div class="menu">
-								{{if not $.DisableDownloadSourceArchives}}
-									<a class="item archive-link" href="{{$.RepoLink}}/archive/{{PathEscapeSegments $.RefName}}.zip" rel="nofollow">{{svg "octicon-file-zip" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.download_zip"}}</a>
-									<a class="item archive-link" href="{{$.RepoLink}}/archive/{{PathEscapeSegments $.RefName}}.tar.gz" rel="nofollow">{{svg "octicon-file-zip" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.download_tar"}}</a>
-									<a class="item archive-link" href="{{$.RepoLink}}/archive/{{PathEscapeSegments $.RefName}}.bundle" rel="nofollow">{{svg "octicon-package" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.download_bundle"}}</a>
-									{{if .CitiationExist}}
-										<a class="item" id="cite-repo-button">{{svg "octicon-cross-reference" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.cite_this_repo"}}</a>
+								{{$citation := .CitationExist}}
+								{{$originLink := .CloneButtonOriginLink}}
+								{{range $.DownloadOrCloneMethods}}
+									{{if not $.DisableDownloadSourceArchives}}
+										{{if eq . "download-zip"}}
+										<a class="item archive-link" href="{{$.RepoLink}}/archive/{{PathEscapeSegments $.RefName}}.zip" rel="nofollow">{{svg "octicon-file-zip" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.download_zip"}}</a>
+										{{end}}
+										{{if eq . "download-targz"}}
+										<a class="item archive-link" href="{{$.RepoLink}}/archive/{{PathEscapeSegments $.RefName}}.tar.gz" rel="nofollow">{{svg "octicon-file-zip" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.download_tar"}}</a>
+										{{end}}
+										{{if eq . "download-bundle"}}
+										<a class="item archive-link" href="{{$.RepoLink}}/archive/{{PathEscapeSegments $.RefName}}.bundle" rel="nofollow">{{svg "octicon-package" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.download_bundle"}}</a>
+										{{end}}
+										{{if $citation}}
+											{{if eq . "cite"}}
+											<a class="item" id="cite-repo-button">{{svg "octicon-cross-reference" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.cite_this_repo"}}</a>
+											{{end}}
+										{{end}}
+									{{end}}
+									{{if eq . "vscode-clone"}}
+									<a class="item js-clone-url-vsc" href="vscode://vscode.git/clone?url={{$originLink.HTTPS}}">{{svg "gitea-vscode" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.clone_in_vsc"}}</a>
+									{{end}}
+									{{if eq . "vscodium-clone"}}
+									<a class="item js-clone-url-vscodium" href="vscodium://vscode.git/clone?url={{$originLink.HTTPS}}">{{svg "gitea-vscode" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.clone_in_vscodium"}}</a>
 									{{end}}
 								{{end}}
-								<a class="item js-clone-url-vsc" href="vscode://vscode.git/clone?url={{.CloneButtonOriginLink.HTTPS}}">{{svg "gitea-vscode" 16 "gt-mr-3"}}{{ctx.Locale.Tr "repo.clone_in_vsc"}}</a>
 							</div>
 						</button>
 						{{template "repo/clone_script" .}}{{/* the script will update `.js-clone-url` and related elements */}}
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 3393f147ea..f0056dbdad 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/tests"
 
 	"github.com/PuerkitoBio/goquery"
@@ -42,6 +43,84 @@ func TestViewRepo(t *testing.T) {
 	session.MakeRequest(t, req, http.StatusNotFound)
 }
 
+func TestViewRepoCloneMethods(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	getCloneMethods := func() []string {
+		req := NewRequest(t, "GET", "/user2/repo1")
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		cloneMoreMethodsHTML := htmlDoc.doc.Find("#more-btn div a")
+
+		var methods []string
+		cloneMoreMethodsHTML.Each(func(i int, s *goquery.Selection) {
+			a, _ := s.Attr("href")
+			methods = append(methods, a)
+		})
+
+		return methods
+	}
+
+	testCloneMethods := func(expected []string) {
+		methods := getCloneMethods()
+
+		assert.Len(t, methods, len(expected))
+		for i, expectedMethod := range expected {
+			assert.Contains(t, methods[i], expectedMethod)
+		}
+	}
+
+	t.Run("Defaults", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		testCloneMethods([]string{"/master.zip", "/master.tar.gz", "/master.bundle", "vscode://"})
+	})
+
+	t.Run("Customized methods", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		defer test.MockVariableValue(&setting.Repository.DownloadOrCloneMethods, []string{"vscodium-clone", "download-targz"})()
+
+		testCloneMethods([]string{"vscodium://", "/master.tar.gz"})
+	})
+
+	t.Run("Individual methods", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		singleMethodTest := func(method, expectedURLPart string) {
+			t.Run(method, func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				defer test.MockVariableValue(&setting.Repository.DownloadOrCloneMethods, []string{method})()
+
+				testCloneMethods([]string{expectedURLPart})
+			})
+		}
+
+		cases := map[string]string{
+			"download-zip":    "/master.zip",
+			"download-targz":  "/master.tar.gz",
+			"download-bundle": "/master.bundle",
+			"vscode-clone":    "vscode://",
+			"vscodium-clone":  "vscodium://",
+		}
+		for method, expectedURLPart := range cases {
+			singleMethodTest(method, expectedURLPart)
+		}
+	})
+
+	t.Run("All methods", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		defer test.MockVariableValue(&setting.Repository.DownloadOrCloneMethods, setting.RecognisedRepositoryDownloadOrCloneMethods)()
+
+		methods := getCloneMethods()
+		// We compare against
+		// len(setting.RecognisedRepositoryDownloadOrCloneMethods) - 1, because
+		// the test environment does not currently set things up for the cite
+		// method to display.
+		assert.GreaterOrEqual(t, len(methods), len(setting.RecognisedRepositoryDownloadOrCloneMethods)-1)
+	})
+}
+
 func testViewRepo(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 3bb73e0813b46fd8b518a46d7499ee1c525bc434 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 17 Dec 2023 22:49:58 +0100
Subject: [PATCH 60/62] [GITEA] Remove redundant `syncBranchToDB`

- The transaction in combination with Git push was causing deadlocks if
you had the `push_update` queue set to `immediate`. This was the root
cause of slow integration tests in CI.
- Remove the sync branch code as this is already being done in the Git
post-receive hook.
- Add tests to proof the branch models are in sync even with this code
removed.

(cherry picked from commit 90110e1f44a40837a6ef5b3979a6ed96bfd614be)
(cherry picked from commit a064065cb9a6e39597e38c37a405d066cfabf7f7)
(cherry picked from commit 7713e558eb6419a3a7d3f2d1beaa8062899490c8)

Conflicts:
	services/repository/branch.go
	https://codeberg.org/forgejo/forgejo/pulls/2068
---
 tests/integration/branches_test.go    | 99 +++++++++++----------------
 tests/integration/repo_branch_test.go | 16 ++++-
 2 files changed, 56 insertions(+), 59 deletions(-)

diff --git a/tests/integration/branches_test.go b/tests/integration/branches_test.go
index 99d7eef706..26bed8c90a 100644
--- a/tests/integration/branches_test.go
+++ b/tests/integration/branches_test.go
@@ -4,72 +4,55 @@
 package integration
 
 import (
+	"fmt"
 	"net/http"
 	"net/url"
 	"testing"
 
-	"code.gitea.io/gitea/modules/translation"
-	"code.gitea.io/gitea/tests"
+	git_model "code.gitea.io/gitea/models/git"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	gitea_context "code.gitea.io/gitea/modules/context"
 
 	"github.com/stretchr/testify/assert"
 )
 
-func TestViewBranches(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	req := NewRequest(t, "GET", "/user2/repo1/branches")
-	resp := MakeRequest(t, req, http.StatusOK)
-
-	htmlDoc := NewHTMLParser(t, resp.Body)
-	_, exists := htmlDoc.doc.Find(".delete-branch-button").Attr("data-url")
-	assert.False(t, exists, "The template has changed")
-}
-
-func TestDeleteBranch(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	deleteBranch(t)
-}
-
-func TestUndoDeleteBranch(t *testing.T) {
+func TestBranchActions(t *testing.T) {
 	onGiteaRun(t, func(t *testing.T, u *url.URL) {
-		deleteBranch(t)
-		htmlDoc, name := branchAction(t, ".restore-branch-button")
-		assert.Contains(t,
-			htmlDoc.doc.Find(".ui.positive.message").Text(),
-			translation.NewLocale("en-US").Tr("repo.branch.restore_success", name),
-		)
+		session := loginUser(t, "user2")
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		branch3 := unittest.AssertExistsAndLoadBean(t, &git_model.Branch{ID: 3, RepoID: repo1.ID})
+		branchesLink := repo1.FullName() + "/branches"
+
+		t.Run("View", func(t *testing.T) {
+			req := NewRequest(t, "GET", branchesLink)
+			MakeRequest(t, req, http.StatusOK)
+		})
+
+		t.Run("Delete branch", func(t *testing.T) {
+			link := fmt.Sprintf("/%s/branches/delete?name=%s", repo1.FullName(), branch3.Name)
+			req := NewRequestWithValues(t, "POST", link, map[string]string{
+				"_csrf": GetCSRF(t, session, branchesLink),
+			})
+			session.MakeRequest(t, req, http.StatusOK)
+			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Contains(t, flashCookie.Value, "success%3DBranch%2B%2522branch2%2522%2Bhas%2Bbeen%2Bdeleted.")
+
+			assert.True(t, unittest.AssertExistsAndLoadBean(t, &git_model.Branch{ID: 3, RepoID: repo1.ID}).IsDeleted)
+		})
+
+		t.Run("Restore branch", func(t *testing.T) {
+			link := fmt.Sprintf("/%s/branches/restore?branch_id=%d&name=%s", repo1.FullName(), branch3.ID, branch3.Name)
+			req := NewRequestWithValues(t, "POST", link, map[string]string{
+				"_csrf": GetCSRF(t, session, branchesLink),
+			})
+			session.MakeRequest(t, req, http.StatusOK)
+			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Contains(t, flashCookie.Value, "success%3DBranch%2B%2522branch2%2522%2Bhas%2Bbeen%2Brestored")
+
+			assert.False(t, unittest.AssertExistsAndLoadBean(t, &git_model.Branch{ID: 3, RepoID: repo1.ID}).IsDeleted)
+		})
 	})
 }
-
-func deleteBranch(t *testing.T) {
-	htmlDoc, name := branchAction(t, ".delete-branch-button")
-	assert.Contains(t,
-		htmlDoc.doc.Find(".ui.positive.message").Text(),
-		translation.NewLocale("en-US").Tr("repo.branch.deletion_success", name),
-	)
-}
-
-func branchAction(t *testing.T, button string) (*HTMLDoc, string) {
-	session := loginUser(t, "user2")
-	req := NewRequest(t, "GET", "/user2/repo1/branches")
-	resp := session.MakeRequest(t, req, http.StatusOK)
-
-	htmlDoc := NewHTMLParser(t, resp.Body)
-	link, exists := htmlDoc.doc.Find(button).Attr("data-url")
-	if !assert.True(t, exists, "The template has changed") {
-		t.Skip()
-	}
-
-	req = NewRequestWithValues(t, "POST", link, map[string]string{
-		"_csrf": htmlDoc.GetCSRF(),
-	})
-	session.MakeRequest(t, req, http.StatusOK)
-
-	url, err := url.Parse(link)
-	assert.NoError(t, err)
-	req = NewRequest(t, "GET", "/user2/repo1/branches")
-	resp = session.MakeRequest(t, req, http.StatusOK)
-
-	return NewHTMLParser(t, resp.Body), url.Query().Get("name")
-}
diff --git a/tests/integration/repo_branch_test.go b/tests/integration/repo_branch_test.go
index 91674ddc82..9eb17eda00 100644
--- a/tests/integration/repo_branch_test.go
+++ b/tests/integration/repo_branch_test.go
@@ -10,6 +10,8 @@ import (
 	"strings"
 	"testing"
 
+	git_model "code.gitea.io/gitea/models/git"
+	"code.gitea.io/gitea/models/unittest"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/modules/translation"
@@ -47,12 +49,14 @@ func testCreateBranches(t *testing.T, giteaURL *url.URL) {
 		CreateRelease  string
 		FlashMessage   string
 		ExpectedStatus int
+		CheckBranch    bool
 	}{
 		{
 			OldRefSubURL:   "branch/master",
 			NewBranch:      "feature/test1",
 			ExpectedStatus: http.StatusSeeOther,
 			FlashMessage:   translation.NewLocale("en-US").Tr("repo.branch.create_success", "feature/test1"),
+			CheckBranch:    true,
 		},
 		{
 			OldRefSubURL:   "branch/master",
@@ -65,6 +69,7 @@ func testCreateBranches(t *testing.T, giteaURL *url.URL) {
 			NewBranch:      "feature=test1",
 			ExpectedStatus: http.StatusSeeOther,
 			FlashMessage:   translation.NewLocale("en-US").Tr("repo.branch.create_success", "feature=test1"),
+			CheckBranch:    true,
 		},
 		{
 			OldRefSubURL:   "branch/master",
@@ -94,6 +99,7 @@ func testCreateBranches(t *testing.T, giteaURL *url.URL) {
 			NewBranch:      "feature/test3",
 			ExpectedStatus: http.StatusSeeOther,
 			FlashMessage:   translation.NewLocale("en-US").Tr("repo.branch.create_success", "feature/test3"),
+			CheckBranch:    true,
 		},
 		{
 			OldRefSubURL:   "branch/master",
@@ -108,10 +114,15 @@ func testCreateBranches(t *testing.T, giteaURL *url.URL) {
 			CreateRelease:  "v1.0.1",
 			ExpectedStatus: http.StatusSeeOther,
 			FlashMessage:   translation.NewLocale("en-US").Tr("repo.branch.create_success", "feature/test4"),
+			CheckBranch:    true,
 		},
 	}
+
+	session := loginUser(t, "user2")
 	for _, test := range tests {
-		session := loginUser(t, "user2")
+		if test.CheckBranch {
+			unittest.AssertNotExistsBean(t, &git_model.Branch{RepoID: 1, Name: test.NewBranch})
+		}
 		if test.CreateRelease != "" {
 			createNewRelease(t, session, "/user2/repo1", test.CreateRelease, test.CreateRelease, false, false)
 		}
@@ -125,6 +136,9 @@ func testCreateBranches(t *testing.T, giteaURL *url.URL) {
 				test.FlashMessage,
 			)
 		}
+		if test.CheckBranch {
+			unittest.AssertExistsAndLoadBean(t, &git_model.Branch{RepoID: 1, Name: test.NewBranch})
+		}
 	}
 }
 

From acc6b51be2b6d676129f653a8949b2c06aa2ad94 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Mon, 1 Jan 2024 16:15:15 +0100
Subject: [PATCH 61/62] [GITEA] Fix session generation for database (squash)
 timeutil.Mock

because of e743570f65 * Refactor timeutil package (#28623)
---
 models/auth/session_test.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/models/auth/session_test.go b/models/auth/session_test.go
index 1731f40ccd..3475fdd2cd 100644
--- a/models/auth/session_test.go
+++ b/models/auth/session_test.go
@@ -17,7 +17,7 @@ import (
 
 func TestAuthSession(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	defer timeutil.Unset()
+	defer timeutil.MockUnset()
 
 	key := "I-Like-Free-Software"
 
@@ -31,7 +31,7 @@ func TestAuthSession(t *testing.T) {
 		assert.NoError(t, err)
 
 		now := time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC)
-		timeutil.Set(now)
+		timeutil.MockSet(now)
 
 		// New session is created.
 		sess, err := auth.ReadSession(db.DefaultContext, key)
@@ -54,13 +54,13 @@ func TestAuthSession(t *testing.T) {
 	t.Run("Update session", func(t *testing.T) {
 		data := []byte{0xba, 0xdd, 0xc0, 0xde}
 		now := time.Date(2022, 1, 1, 0, 0, 0, 0, time.UTC)
-		timeutil.Set(now)
+		timeutil.MockSet(now)
 
 		// Update session.
 		err := auth.UpdateSession(db.DefaultContext, key, data)
 		assert.NoError(t, err)
 
-		timeutil.Set(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
+		timeutil.MockSet(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
 
 		// Read updated session.
 		// Ensure data is updated and expiry is set from the update session call.
@@ -70,7 +70,7 @@ func TestAuthSession(t *testing.T) {
 		assert.EqualValues(t, data, sess.Data)
 		assert.EqualValues(t, now.Unix(), sess.Expiry)
 
-		timeutil.Set(now)
+		timeutil.MockSet(now)
 	})
 
 	t.Run("Delete session", func(t *testing.T) {
@@ -97,13 +97,13 @@ func TestAuthSession(t *testing.T) {
 	})
 
 	t.Run("Cleanup sessions", func(t *testing.T) {
-		timeutil.Set(time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC))
+		timeutil.MockSet(time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC))
 
 		_, err := auth.ReadSession(db.DefaultContext, "sess-1")
 		assert.NoError(t, err)
 
 		// One minute later.
-		timeutil.Set(time.Date(2023, 1, 1, 0, 1, 0, 0, time.UTC))
+		timeutil.MockSet(time.Date(2023, 1, 1, 0, 1, 0, 0, time.UTC))
 		_, err = auth.ReadSession(db.DefaultContext, "sess-2")
 		assert.NoError(t, err)
 

From 05682614e5ef2462cbb6a1635ca01e296fe03d23 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Mon, 1 Jan 2024 16:21:03 +0100
Subject: [PATCH 62/62] [GITEA] notifies admins on new user registration
 (squash) DeleteByID

trivial conflict because of
   778ad795fd4a19dc15723b59a846a250034c7c3a Refactor deletion (#28610)
---
 services/mailer/mail_admin_new_user_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/mailer/mail_admin_new_user_test.go b/services/mailer/mail_admin_new_user_test.go
index be6ecd9791..b89d888ee1 100644
--- a/services/mailer/mail_admin_new_user_test.go
+++ b/services/mailer/mail_admin_new_user_test.go
@@ -40,7 +40,7 @@ func getTestUsers(t *testing.T) []*user_model.User {
 
 func cleanUpUsers(ctx context.Context, users []*user_model.User) {
 	for _, u := range users {
-		db.DeleteByID(ctx, u.ID, new(user_model.User))
+		db.DeleteByID[user_model.User](ctx, u.ID)
 	}
 }