31231

1231
2026-05-28 21:30:36 +00:00 · 2026-05-28 17:20:19 -04:00 · 2026-05-28 17:10:08 -04:00 · 2026-05-28 16:53:38 -04:00 · 2026-05-28 16:40:47 -04:00 · 2026-05-28 16:31:27 -04:00
1495 changed files with 282674 additions and 117740 deletions
@@ -1,19 +0,0 @@
-[run]
-init_cmds = [
-	["make", "build-dev", "TAGS=sqlite"],
-	["./gogs", "web"]
-]
-watch_all = true
-watch_dirs = [
-	"$WORKDIR/cmd",
-	"$WORKDIR/models",
-	"$WORKDIR/modules",
-	"$WORKDIR/routers"
-]
-watch_exts = [".go"]
-ignore_files = [".+_test.go"]
-build_delay = 1500
-cmds = [
-	["make", "build-dev", "TAGS=sqlite"], # cert pam tidb
-	["./gogs", "web"]
-]
@@ -0,0 +1,13 @@
+Analyze and help fix the GitHub Security Advisory (GHSA) at: $ARGUMENTS
+
+Steps:
+1. Fetch the GHSA page using `gh api repos/gogs/gogs/security-advisories` and understand the vulnerability details (description, severity, affected versions, CWE).
+2. Verify the reported vulnerability actually exists, and why.
+3. Identify the affected code in this repository.
+4. Propose a fix with a clear explanation of the root cause and how the fix addresses it. Check for prior art in the codebase to stay consistent with existing patterns.
+5. Implement the fix. Only add tests when there is something meaningful to test at our layer.
+6. Run all the usual build and test commands.
+7. If a changelog entry is warranted (user will specify), add it to CHANGELOG.md with a placeholder for the PR link.
+8. Create a branch named after the GHSA ID, commit, and push.
+9. Create a pull request with a proper title and description, do not reveal too much detail and link the GHSA.
+10. If a changelog entry was added, update it with the PR link, then commit and push again.
@@ -1,19 +1,16 @@
-.git
-.git/**
-packager
-packager/**
 scripts
 scripts/**
 .github/
 .github/**
-config.codekit
 .dockerignore
 *.yml
 *.md
-.bra.toml
 .editorconfig
 .gitignore
 Dockerfile*
-vendor
-vendor/**
 gogs
+node_modules
+**/node_modules
+public/dist
+**/*.tsbuildinfo
+**/.vite
@@ -4,9 +4,20 @@ root = true

 [*]
 charset = utf-8
-end_of_line = lf
-indent_style = tab
+insert_final_newline = true
+trim_trailing_whitespace = true

-[*.yml]
+[*.go]
+indent_style = tab
+indent_size = 4
+
+[*.tmpl]
+indent_style = tab
+indent_size = 2
+
+[*.{less, yml}]
 indent_style = space
 indent_size = 2
+
+[*.js]
+indent_size = 2
@@ -1,2 +1,8 @@
-public/assets/* linguist-vendored
-public/plugins/* linguist-vendored
+conf/gitignore/** linguist-vendored
+conf/license/** linguist-vendored
+public/assets/** linguist-vendored
+public/plugins/** linguist-vendored
+public/css/themes/** linguist-vendored
+public/css/semantic-* linguist-vendored
+public/js/libs/** linguist-vendored
+public/js/semantic-* linguist-vendored
@@ -0,0 +1,2 @@
+# Default
+* @unknwon
@@ -1,63 +1,77 @@
-# Contributing to Gogs
+# Welcome to Gogs contributing guide

-> This guidelines sheet is forked from [CONTRIBUTING.md](https://github.com/drone/drone/blob/8d9c7cee56d6c2eac81dc156ce27be6716d97e68/CONTRIBUTING.md).
+Thank you for investing your time in contributing to our projects!

-Gogs is not perfect, and it has bugs or incomplete features in rare cases. You're welcome to tell us, or to contribute some code. This document describes details about how can you contribute to Gogs project.
+Read our [Code of Conduct](https://go.dev/conduct) to keep our community approachable and respectable.

-## Contribution guidelines
+In this guide you will get an overview of the contribution workflow from opening an issue, creating a PR, reviewing, and merging the PR.

-Depends on the situation, you will:
+Use the table of contents icon <img src="https://github.com/github/docs/raw/50561895328b8f369694973252127b7d93899d83/assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of this document to get to a specific section of this guide quickly.

- Find a bug and create an issue
- Need more functionality and make a feature request
- Want to contribute code and open a pull request
- Run into issue and need help
+## New contributor guide

-### Bug Report
+To get an overview of the project, read the [README](/README.md). Here are some resources to help you get started with open source contributions:

-If you find something you consider a bug, please create a issue on [GitHub](https://github.com/gogits/gogs/issues). To avoid wasting time and reduce back-and-forth communication with team members, please include at least the following information in a form comfortable for you:
+- [Finding ways to contribute to open source on GitHub](https://docs.github.com/en/get-started/exploring-projects-on-github/finding-ways-to-contribute-to-open-source-on-github)
+- [Set up Git](https://docs.github.com/en/get-started/quickstart/set-up-git)
+- [GitHub flow](https://docs.github.com/en/get-started/quickstart/github-flow)
+- [Collaborating with pull requests](https://docs.github.com/en/github/collaborating-with-pull-requests)
+- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
+- [Talk, then code](https://www.craft.do/s/kyHVs6OoE4Dj5V)

- Bug Description
- Gogs Version
- Git Version
- System Type
- Error Log
- Other information
+In addition to the general guides with open source contributions, you would also need to:

-Please take a moment to check that an issue on [GitHub](https://github.com/gogits/gogs/issues) doesn't already exist documenting your bug report or improvement proposal. If it does, it never hurts to add a quick "+1" or "I have this problem too". This will help prioritize the most common problems and requests.
+- Have basic knowledge about web applications development, database management systems and programming in [Go](https://go.dev/).
+- Have a working local development setup with a reasonable good IDE or editor like [Visual Studio Code](https://code.visualstudio.com/docs/languages/go), [GoLand](https://www.jetbrains.com/go/) or [Vim](https://github.com/fatih/vim-go).
+- [Set up your development environment](/docs/dev/local_development.md).

-#### Bug Report Example
+## Issues

-Gogs crashed when creating a repository with a license, using v0.5.13.0207, SQLite3, Git 1.9.0, Ubuntu 12.04.
+### Ask for help

-Error log:
+Before opening an issue, please make sure the problem you're encountering isn't already addressed on the [Troubleshooting](https://gogs.io/asking/troubleshooting) and [FAQs](https://gogs.io/asking/faq) pages.

-```
-2014/09/01 07:21:49 [E] nil pointer
-```
+### Create a new issue

-### Feature Request
+- For questions, ask in [Discussions](https://github.com/gogs/gogs/discussions).
+- [Check to make sure](https://docs.github.com/en/github/searching-for-information-on-github/searching-on-github/searching-issues-and-pull-requests#search-by-the-title-body-or-comments) someone hasn't already opened a similar [issue](https://github.com/gogs/gogs/issues).
+- If a similar issue doesn't exist, open a new issue using a relevant [issue form](https://github.com/gogs/gogs/issues/new/choose).
+- Blank issues that are not coming from maintainers will be closed without a response.

-There is no standard form of making a feature request. Just try to describe the feature as clearly as possible, because team members may not have experience with the functionality you're talking about.
+### Pick up an issue to solve

-### Pull Request
+- Scan through our [existing issues](https://github.com/gogs/gogs/issues) to find one that interests you.
+- The [👋 good first issue](https://github.com/gogs/gogs/issues?q=is%3Aissue+is%3Aopen+label%3A%22%F0%9F%91%8B+good+first+issue%22) is a good place to start exploring issues that are well-groomed for newcomers.
+- Do not hesitate to ask for more details or clarifying questions on the issue!
+- Communicate on the issue you are intended to pick up _before_ starting working on it.
+- Every issue that gets picked up will have an expected timeline for the implementation, the issue may be reassigned after the expected timeline. Please be responsible and proactive on the communication 🙇‍♂️

-Please read detailed information on [Wiki](https://github.com/gogits/gogs/wiki/Contributing-Code).
+## Add new features or make big changes

-### Ask For Help
+New features or big changes require proposals before we may be able to accept any contribution. Proposals should be posted to the [Discussions - Proposal](https://github.com/gogs/gogs/discussions/categories/proposal) category for review and discussions. GitHub Discussions provides sub-threading which is much more suitable than GitHub Issues for discussions to happen. Please read [Write a proposal for open source contributions](https://unknwon.io/posts/220210-write-a-proposal-for-open-source-contributions/) to begin with.

-Before opening an issue, please make sure your problem isn't already addressed on the [Troubleshooting](http://gogs.io/docs/intro/troubleshooting.html) and [FAQs](http://gogs.io/docs/intro/faqs.html) pages.
+## Pull requests

-## Code of conduct
+When you're finished with the changes, create a pull request, or a series of pull requests if necessary.

-As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+Contributing to another codebase is not as simple as code changes, it is also about contributing influence to the design. Therefore, we kindly ask you that:

-We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
+- Please acknowledge that no pull request is guaranteed to be merged.
+- Please always do a self-review before requesting reviews from others.
+- Please expect code review to be strict and may have multiple rounds.
+- Please make self-contained incremental changes, pull requests with huge diff may be rejected for review.
+- Please use English in code comments and docstring.
+- Please do not force push unless absolutely necessary. Force pushes make review much harder in multiple rounds, and we use [Squash and merge](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/about-pull-request-merges#squash-and-merge-your-pull-request-commits) so you don't need to worry about messy commits and just focus on the changes.

-Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+### Things we do not accept

-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+1. Updates to locale files (`conf/locale_xx-XX.ini`) other than the `conf/locale_en-US.ini`. Please read the [guide for localizing Gogs](https://gogs.io/advancing/localization).
+1. Docker compose files.

-Instances of abusive, harassing, or otherwise unacceptable behavior can be reported by emailing u@gogs.io
+### Coding guidelines

-This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
+1. Please read the Sourcegraph's [Go style guide](https://github.com/sourcegraph/sourcegraph-public-snapshot/blob/main/doc/dev/background-information/languages/go.md).
+
+## Your PR is merged!
+
+Congratulations 🎉🎉 Thanks again for taking the effort to have this journey with us 🌟
@@ -1,24 +0,0 @@
-The issue will be closed without any reasons if it does not satisfy any of following requirements:
-
-1. Please do NOT post questions or config/deploy problems on GitHub, please use our forum: https://discuss.gogs.io
-2. Please take a moment to search that an issue doesn't already exist.
-3. Please give all relevant information below for bug reports; incomplete details considered invalid report.
-
-**You MUST delete above content including this line before posting; too lazy to take this action considered invalid report.**
-
- Gogs version (or commit ref): 
- Git version: 
- Operating system: 
- Database (use `[x]`):
-  - [ ] PostgreSQL
-  - [ ] MySQL
-  - [ ] SQLite
- Can you reproduce the bug at https://try.gogs.io:
-  - [ ] Yes (provide example URL)
-  - [ ] No
-  - [ ] Not relevant
- Log gist:
-
-## Description
-
-...
@@ -0,0 +1,82 @@
+name: Bug report
+description: File a bug report to help us improve
+labels: ["\U0001F48A bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+        
+        - Please use English :)
+        - For questions, ask in [Discussions](https://github.com/gogs/gogs/discussions).
+        - Before you file an issue read the [Contributing guide](https://github.com/gogs/gogs/blob/main/.github/CONTRIBUTING.md).
+        - Check to make sure someone hasn't already opened a similar [issue](https://github.com/gogs/gogs/issues).
+  - type: input
+    attributes:
+      label: Gogs version
+      description: |
+        Please specify the exact Gogs version you're reporting for, e.g. "0.12.3". You can find the version information in the admin dashboard (`/admin`).
+        
+        _Note that "gogs/gogs:latest" is not a Gogs version, it does not mean anything._
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Git version
+      description: |
+        Please specify the exact Git version you're using of both server and client. You can find the version information by running `git version`.
+      value: |
+        - Server: 
+        - Client: 
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Operating system
+      description: |
+        Please specify the exact operating system name and version you're reporting for, e.g. "Windows 10", "CentOS 7", "Ubuntu 20.04".
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Database
+      description: |
+        Please specify the exact database and version you're reporting for, e.g. "PostgreSQL 9.6", "MySQL 5.7", "SQLite 3".
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: To reproduce
+      description: The steps to reproduce the problem described above.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: |
+        Links? References? Suggestions? Anything that will give us more context about the issue you are encountering!
+        
+        Please include any error logs found in the `log/gogs.log` file. Otherwise, we probably won't be able to help you much.
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://go.dev/conduct)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Ask questions
+    url: https://github.com/gogs/gogs/discussions
+    about: Please ask questions in Discussions.
+  - name: Make a proposal
+    url: https://github.com/gogs/gogs/discussions/categories/proposal
+    about: Please make proposals in Discussions.
@@ -0,0 +1,46 @@
+---
+name: "Dev: Release a minor version"
+about: ONLY USED BY MAINTAINERS.
+assignees: "unknwon"
+title: "Release [VERSION]"
+labels: 📸 release
+---
+
+_This is generated from the [minor release template](https://github.com/gogs/gogs/blob/main/.github/ISSUE_TEMPLATE/dev_release_minor_version.md)._
+
+## Before release
+
+On the `main` branch:
+
+- [ ] Close stale issues with the label [status: needs feedback](https://github.com/gogs/gogs/issues?q=is%3Aissue+is%3Aopen+label%3A%22status%3A+needs+feedback%22).
+- [ ] [Sync locales from Crowdin](https://github.com/gogs/gogs/blob/main/docs/dev/import_locale.md).
+- [ ] [Update CHANGELOG](https://github.com/gogs/gogs/commit/f1102a7a7c545ec221d2906f02fa19170d96f96d) to include entries for the current minor release.
+	- Do not forget adding entries for GHSA patches.
+- [ ] Cut a new release branch `release/<MAJOR>.<MINOR>`, e.g. `release/0.14`.
+
+## During release
+
+On the release branch:
+
+- [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f0e3cd90f8d7695960eeef2e4e54b2e717302f6c) to the current release, e.g. `0.14.0+dev` -> `0.14.0`.
+- [ ] Wait for GitHub Actions to complete and no failed jobs.
+- [ ] Publish new RC releases (e.g. `v0.14.0-rc.1`, `v0.14.0-rc.2`) ⚠️ **on the release branch** ⚠️ and ensure Docker and release workflows both succeed.
+	- [ ] Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
+	- [ ] Download one of the release archives and run through application setup to make sure nothing blows up.
+- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) ⚠️ **on the release branch** ⚠️ with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current minor release.
+- [ ] [Wait for new image tags for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
+	- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
+- [ ] Download all release archives and [generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
+- [ ] Upload all archives and `checksum_sha256.txt` to https://dl.gogs.io.
+
+## After release
+
+On the `main` branch:
+
+- [ ] Update the repository mirror on [Gitee](https://gitee.com/unknwon/gogs).
+- [ ] Create a new release announcement in [Discussions](https://github.com/gogs/gogs/discussions/categories/announcements).
+- [ ] Send a tweet on the [official Twitter account](https://twitter.com/GogsHQ) for the minor release.
+- [ ] Close the milestone for the minor release.
+- [ ] [Bump the hard-coded version](https://github.com/gogs/gogs/commit/a98968436cd5841cf691bb0b80c54c81470d1676) to the new develop version, e.g. `0.14.0+dev` -> `0.15.0+dev`.
+- [ ] Run `grep -rnw "\(LEGACY\|Deprecated\)" internal` to identify deprecated code that is aimed to be removed in current develop version.
+- [ ] **After 14 days**, publish [GitHub security advisories](https://github.com/gogs/gogs/security) for security patches included in the release.
@@ -0,0 +1,49 @@
+---
+name: "Dev: Release a patch version"
+about: ONLY USED BY MAINTAINERS.
+assignees: "unknwon"
+title: "Release [VERSION]"
+labels: 📸 release
+---
+
+_This is generated from the [patch release template](https://github.com/gogs/gogs/blob/main/.github/ISSUE_TEMPLATE/dev_release_patch_version.md)._
+
+## Before release
+
+On the release branch:
+
+- [ ] Make sure all commits are cherry-picked from the `main` branch by checking the patch milestone.
+	- Run `moon run gogs:build-prod --force` for every cherry-picked commit to make sure there is no compilation error.
+- [ ] [Update CHANGELOG on the `main` branch](https://github.com/gogs/gogs/commit/f1102a7a7c545ec221d2906f02fa19170d96f96d) to include entries for the current patch release.
+
+## During release
+
+On the release branch:
+
+- [ ] [Update the hard-coded version](https://github.com/gogs/gogs/commit/f0e3cd90f8d7695960eeef2e4e54b2e717302f6c) to the current release, e.g. `0.12.0` -> `0.12.1`.
+- [ ] Wait for GitHub Actions to complete and no failed jobs.
+- [ ] Publish new RC releases in [GitHub release](https://github.com/gogs/gogs/releases) (e.g. `v0.12.0-rc.1`, `v0.12.0-rc.2`) ⚠️ **on the release branch** ⚠️ and ensure Docker workflow succeeds.
+	- [ ] Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
+	- [ ] Download one of the release archives and run through application setup to make sure nothing blows up.
+- [ ] Publish a new [GitHub release](https://github.com/gogs/gogs/releases) ⚠️ **on the release branch** ⚠️ with entries from [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md) for the current patch release and all previous releases with same minor version.
+- [ ] Update all previous GitHub releases with same minor version with the warning:
+	```
+	**ℹ️ Heads up! There is a new patch release [0.12.1](https://github.com/gogs/gogs/releases/tag/v0.12.1) available, we recommend directly installing or upgrading to that version.**
+	```
+- [ ] [Wait for new image tags for the current release](https://github.com/gogs/gogs/actions/workflows/docker.yml?query=event%3Arelease) to be created automatically on both [Docker Hub](https://hub.docker.com/r/gogs/gogs/tags) and [GitHub Container registry](https://github.com/gogs/gogs/pkgs/container/gogs).
+	- Pull down the Docker image and [run through application setup](https://github.com/gogs/gogs/blob/main/docker/README.md) to make sure nothing blows up.
+- [ ] Download all release archives and [generate SHA256 checksum](https://github.com/gogs/gogs/blob/main/docs/dev/release/sha256.sh) for all binaries to the file `checksum_sha256.txt`.
+- [ ] Upload all archives and `checksum_sha256.txt` to https://dl.gogs.io.
+
+## After release
+
+On the `main` branch:
+
+- [ ] Post the following message on issues that are included in the patch milestone:
+    ```
+    The <MAJOR>.<MINOR>.<PATCH> has been released that includes the patch of the reported issue.
+    ```
+- [ ] Create a new release announcement in [Discussions](https://github.com/gogs/gogs/discussions/categories/announcements).
+- [ ] Send a tweet on the [official Twitter account](https://twitter.com/GogsHQ) for the patch release.
+- [ ] Close the milestone for the patch release.
+- [ ] **After 14 days**, publish [GitHub security advisories](https://github.com/gogs/gogs/security) for security patches included in the release.
@@ -0,0 +1,32 @@
+name: Improve documentation
+description: Suggest an idea or a patch for documentation
+labels: ["📖 documentation"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this form!
+        
+        - Please use English :)
+        - For questions, ask in [Discussions](https://github.com/gogs/gogs/discussions).
+        - Before you file an issue read the [Contributing guide](https://github.com/gogs/gogs/blob/main/.github/CONTRIBUTING.md).
+        - Check to make sure someone hasn't already opened a similar [issue](https://github.com/gogs/gogs/issues).
+  - type: textarea
+    attributes:
+      label: What needs to be improved? Please describe
+      description: A clear and concise description of what is wrong or missing.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Why do you think it is important?
+      description: A clear and concise explanation of the rationale.
+    validations:
+      required: true
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://go.dev/conduct)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
@@ -0,0 +1,47 @@
+name: Feature request
+description: Suggest an idea for this project
+labels: ["\U0001F3AF feature"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this form!
+        
+        - Please use English :)
+        - For questions, ask in [Discussions](https://github.com/gogs/gogs/discussions).
+        - Before you file an issue read the [Contributing guide](https://github.com/gogs/gogs/blob/main/.github/CONTRIBUTING.md).
+        - Check to make sure someone hasn't already opened a similar [issue](https://github.com/gogs/gogs/issues).
+  - type: textarea
+    attributes:
+      label: Describe the feature
+      description: A clear and concise description of what the feature is, e.g. I think it is reasonable to have [...]
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: |
+        Links? References? Suggestions? Anything that will give us more context about the feature you are requesting!
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false
+  - type: checkboxes
+    attributes:
+      label: Code of Conduct
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://go.dev/conduct)
+      options:
+        - label: I agree to follow this project's Code of Conduct
+          required: true
@@ -1,9 +0,0 @@
-The pull request will be closed without any reasons if it does not satisfy any of following requirements:
-
-1. Please make sure you are targeting the `develop` branch.
-2. Please read contributing guidelines:
-https://github.com/gogits/gogs/wiki/Contributing-Code
-3. Please describe what your pull request does and which issue you're targeting
-4. ... if it is not related to any particular issues, explain why we should not reject your pull request.
-
-**You MUST delete above content including this line before posting; too lazy to take this action considered invalid pull request.**
@@ -0,0 +1,9 @@
+# Docs: https://git.io/JCUAY
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "mod:"
@@ -0,0 +1,16 @@
+## Describe the pull request
+
+A clear and concise description of what the pull request is about, i.e. what problem should be fixed? 
+
+Link to the issue: <!-- paste the issue link here, or put "n/a" if not applicable -->
+
+## Checklist
+
+- [ ] I agree to follow the [Code of Conduct](https://go.dev/conduct) by submitting this pull request.
+- [ ] I have read and acknowledge the [Contributing guide](https://github.com/gogs/gogs/blob/main/.github/CONTRIBUTING.md).
+- [ ] I have added test cases to cover the new code or have provided the test plan. (if applicable)
+- [ ] I have added an entry to [CHANGELOG](https://github.com/gogs/gogs/blob/main/CHANGELOG.md). (if applicable)
+
+## Test plan
+
+<!-- Please provide concrete but concise steps to proof things are working as stated, see an example in https://github.com/gogs/gogs/pull/7345 -->
@@ -0,0 +1,75 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    paths:
+      - '.github/workflows/codeql.yml'
+  schedule:
+    - cron: '0 19 * * 0'
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          # We must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head.
+          fetch-depth: 2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3.28.3
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3.28.3
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3.28.3
@@ -0,0 +1,26 @@
+name: DigitalOcean
+on:
+  workflow_dispatch:
+  workflow_call:
+
+jobs:
+  garbage-collection:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Install doctl
+        uses: digitalocean/action-doctl@5727c67aa3c2c34ae9462d5a0ecfea8a1b31e5ce # v2
+        with:
+          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+      - name: Run garbage collection
+        run: |
+          # --force: Required for CI to skip confirmation prompts
+          # --include-untagged-manifests: Deletes unreferenced manifests to maximize space
+          doctl registry garbage-collection start --force --include-untagged-manifests
+      - name: Send email on failure
+        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
+        if: ${{ failure() }}
+        with:
+          smtp_username: ${{ secrets.SMTP_USERNAME }}
+          smtp_password: ${{ secrets.SMTP_PASSWORD }}
@@ -0,0 +1,397 @@
+name: Docker
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    paths:
+      - '.trivy.yaml'
+      - 'Dockerfile'
+      - 'Dockerfile.next'
+      - 'docker/**'
+      - 'docker-next/**'
+      - '.github/workflows/docker.yml'
+  release:
+    types: [ published ]
+
+jobs:
+  buildx-next:
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
+    concurrency:
+      group: ${{ github.workflow }}-next-${{ github.ref }}
+      cancel-in-progress: true
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: read
+      packages: write
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Inspect builder
+        run: |
+          echo "Name:      ${{ steps.buildx.outputs.name }}"
+          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+          echo "Status:    ${{ steps.buildx.outputs.status }}"
+          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+      - name: Login to Docker Hub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to DigitalOcean Container registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: registry.digitalocean.com
+          username: ${{ secrets.DIGITALOCEAN_USERNAME }}
+          password: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+      - name: Build and push next-gen images
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: Dockerfile.next
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          tags: |
+            gogs/gogs:edge
+            ghcr.io/gogs/gogs:edge
+            registry.digitalocean.com/gogs/gogs:edge
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        with:
+          image-ref: gogs/gogs:edge
+          exit-code: '1'
+      - name: Send email on failure
+        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
+        if: ${{ failure() }}
+        with:
+          smtp_username: ${{ secrets.SMTP_USERNAME }}
+          smtp_password: ${{ secrets.SMTP_PASSWORD }}
+
+  deploy-demo:
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
+    needs: buildx-next
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Configure kubectl
+        run: |
+          mkdir -p ~/.kube
+          echo "${KUBECONFIG}" | base64 -d > ~/.kube/config
+        env:
+          KUBECONFIG: ${{ secrets.DIGITALOCEAN_K8S_CLUSTER_KUBECONFIG }}
+      - name: Restart gogs-demo deployment
+        timeout-minutes: 5
+        run: |
+          set -ex
+          kubectl rollout restart deployment gogs-demo -n gogs
+          kubectl rollout status deployment gogs-demo -n gogs
+      - name: Send email on failure
+        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
+        if: ${{ failure() }}
+        with:
+          smtp_username: ${{ secrets.SMTP_USERNAME }}
+          smtp_password: ${{ secrets.SMTP_PASSWORD }}
+
+  buildx-pull-request:
+    if: ${{ github.event_name == 'pull_request'}}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        with:
+          config-inline: |
+            [worker.oci]
+              max-parallelism = 2
+      - name: Inspect builder
+        run: |
+          echo "Name:      ${{ steps.buildx.outputs.name }}"
+          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+          echo "Status:    ${{ steps.buildx.outputs.status }}"
+          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+      - name: Compute short commit SHA
+        id: short-sha
+        uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0
+      - name: Build and push images
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          platforms: linux/amd64
+          push: true
+          tags: |
+            ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:7d
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        with:
+          image-ref: ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:7d
+          exit-code: '1'
+
+  buildx-next-pull-request:
+    if: ${{ github.event_name == 'pull_request'}}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        with:
+          config-inline: |
+            [worker.oci]
+              max-parallelism = 2
+      - name: Inspect builder
+        run: |
+          echo "Name:      ${{ steps.buildx.outputs.name }}"
+          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+          echo "Status:    ${{ steps.buildx.outputs.status }}"
+          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+      - name: Compute short commit SHA
+        id: short-sha
+        uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0
+      - name: Build and push next-gen images
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: Dockerfile.next
+          platforms: linux/amd64
+          push: true
+          tags: |
+            ttl.sh/gogs/gogs-next-${{ steps.short-sha.outputs.sha }}:7d
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        with:
+          image-ref: ttl.sh/gogs/gogs-next-${{ steps.short-sha.outputs.sha }}:7d
+          exit-code: '1'
+
+  # Updates to the following section needs to be synced to all release branches within their lifecycles.
+  buildx-release:
+    if: ${{ github.event_name == 'release' }}
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: read
+      packages: write
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          # Full history with tags is required so the next step can determine
+          # whether this release is the highest stable version across the repo.
+          fetch-depth: 0
+          fetch-tags: true
+      - name: Compute image tags
+        run: |
+          IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)
+          echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
+
+          TAGS="gogs/gogs:$IMAGE_TAG
+          ghcr.io/gogs/gogs:$IMAGE_TAG"
+
+          # For stable releases (no prerelease suffix per semver), add the
+          # minor-version tag only if this release is the highest patch of that
+          # minor line, and add `latest` only if this release is the highest
+          # stable version across the repository. Back-patches on older lines
+          # must not clobber moving tags.
+          if [[ ! "$IMAGE_TAG" =~ - ]]; then
+            STABLE_TAGS=$(git tag --list 'v*' | sed 's/^v//' | grep -v -- '-' || true)
+            HIGHEST_STABLE=$(echo "$STABLE_TAGS" | sort -V | tail -n 1)
+            MINOR_TAG=$(echo "$IMAGE_TAG" | cut -d. -f1,2)
+            # `|| true` keeps the step running when `grep` finds no matches,
+            # since bash runs with `-e -o pipefail` in GitHub Actions.
+            HIGHEST_IN_MINOR=$(echo "$STABLE_TAGS" | { grep "^${MINOR_TAG}\." || true; } | sort -V | tail -n 1)
+
+            if [[ "$IMAGE_TAG" == "$HIGHEST_IN_MINOR" ]]; then
+              TAGS="$TAGS
+          gogs/gogs:$MINOR_TAG
+          ghcr.io/gogs/gogs:$MINOR_TAG"
+            fi
+            if [[ "$IMAGE_TAG" == "$HIGHEST_STABLE" ]]; then
+              TAGS="$TAGS
+          gogs/gogs:latest
+          ghcr.io/gogs/gogs:latest"
+            fi
+          fi
+
+          echo "TAGS<<EOF" >> $GITHUB_ENV
+          echo "$TAGS" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Inspect builder
+        run: |
+          echo "Name:      ${{ steps.buildx.outputs.name }}"
+          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+          echo "Status:    ${{ steps.buildx.outputs.status }}"
+          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+      - name: Login to Docker Hub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push images
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          tags: ${{ env.TAGS }}
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        with:
+          image-ref: gogs/gogs:${{ env.IMAGE_TAG }}
+          exit-code: '1'
+      - name: Send email on failure
+        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
+        if: ${{ failure() }}
+        with:
+          smtp_username: ${{ secrets.SMTP_USERNAME }}
+          smtp_password: ${{ secrets.SMTP_PASSWORD }}
+
+  # Updates to the following section needs to be synced to all release branches within their lifecycles.
+  buildx-next-release:
+    if: ${{ github.event_name == 'release' }}
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: read
+      packages: write
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          # Full history with tags is required so the next step can determine
+          # whether this release is the highest stable version across the repo.
+          fetch-depth: 0
+          fetch-tags: true
+      - name: Compute image tags
+        run: |
+          IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)
+          echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
+
+          TAGS="gogs/gogs:next-$IMAGE_TAG
+          ghcr.io/gogs/gogs:next-$IMAGE_TAG"
+
+          # For stable releases (no prerelease suffix per semver), add the
+          # minor-version tag only if this release is the highest patch of that
+          # minor line, and add `next-latest` only if this release is the
+          # highest stable version across the repository. Back-patches on older
+          # lines must not clobber moving tags.
+          if [[ ! "$IMAGE_TAG" =~ - ]]; then
+            STABLE_TAGS=$(git tag --list 'v*' | sed 's/^v//' | grep -v -- '-' || true)
+            HIGHEST_STABLE=$(echo "$STABLE_TAGS" | sort -V | tail -n 1)
+            MINOR_TAG=$(echo "$IMAGE_TAG" | cut -d. -f1,2)
+            # `|| true` keeps the step running when `grep` finds no matches,
+            # since bash runs with `-e -o pipefail` in GitHub Actions.
+            HIGHEST_IN_MINOR=$(echo "$STABLE_TAGS" | { grep "^${MINOR_TAG}\." || true; } | sort -V | tail -n 1)
+
+            if [[ "$IMAGE_TAG" == "$HIGHEST_IN_MINOR" ]]; then
+              TAGS="$TAGS
+          gogs/gogs:next-$MINOR_TAG
+          ghcr.io/gogs/gogs:next-$MINOR_TAG"
+            fi
+            if [[ "$IMAGE_TAG" == "$HIGHEST_STABLE" ]]; then
+              TAGS="$TAGS
+          gogs/gogs:next-latest
+          ghcr.io/gogs/gogs:next-latest"
+            fi
+          fi
+
+          echo "TAGS<<EOF" >> $GITHUB_ENV
+          echo "$TAGS" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Inspect builder
+        run: |
+          echo "Name:      ${{ steps.buildx.outputs.name }}"
+          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+          echo "Status:    ${{ steps.buildx.outputs.status }}"
+          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+      - name: Login to Docker Hub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push next-gen images
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: Dockerfile.next
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          tags: ${{ env.TAGS }}
+      - name: Scan for container vulnerabilities
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        with:
+          image-ref: gogs/gogs:next-${{ env.IMAGE_TAG }}
+          exit-code: '1'
+      - name: Send email on failure
+        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
+        if: ${{ failure() }}
+        with:
+          smtp_username: ${{ secrets.SMTP_USERNAME }}
+          smtp_password: ${{ secrets.SMTP_PASSWORD }}
+
+  digitalocean-gc:
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
+    needs: buildx-next
+    permissions:
+      contents: read
+    uses: ./.github/workflows/digitalocean_gc.yml
+    secrets: inherit
+
+  digitalocean-gc-pull-request:
+    if: ${{ github.event_name == 'pull_request' && github.repository == 'gogs/gogs' }}
+    needs: buildx-next-pull-request
+    permissions:
+      contents: read
+    uses: ./.github/workflows/digitalocean_gc.yml
+    secrets: inherit
@@ -0,0 +1,172 @@
+name: Go
+on:
+  push:
+    branches:
+      - main
+      - 'release/**'
+    paths:
+      - '**.go'
+      - 'go.mod'
+      - '.golangci.yml'
+      - '.github/workflows/go.yml'
+  pull_request:
+    paths:
+      - '**.go'
+      - 'go.mod'
+      - '.golangci.yml'
+      - '.github/workflows/go.yml'
+env:
+  GOPROXY: "https://proxy.golang.org"
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    permissions:
+      contents: read       # for actions/checkout to fetch code
+      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: 1.26.x
+      - name: Check Go module tidiness and generated files
+        shell: bash
+        run: |
+          go mod tidy
+          go generate ./...
+          STATUS=$(git status --porcelain)
+          if [ ! -z "$STATUS" ]; then
+            echo "Unstaged files:"
+            echo $STATUS
+            echo "Run 'go mod tidy' or 'go generate ./...' and commit them"
+            exit 1
+          fi
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@9fae48acfc02a90574d7c304a1758ef9895495fa # v7.0.1
+        with:
+          version: latest
+          args: --timeout=30m
+
+  test:
+    name: Test
+    strategy:
+      matrix:
+        go-version: [ 1.26.x ]
+        platform: [ ubuntu-latest, macos-latest ]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests with coverage
+        run: |
+          go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic -json ./... > test-report.json
+          go install github.com/mfridman/tparse@latest
+          tparse -all -file=test-report.json
+      - name: Send email on failure
+        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
+        if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+        with:
+          smtp_username: ${{ secrets.SMTP_USERNAME }}
+          smtp_password: ${{ secrets.SMTP_PASSWORD }}
+
+  # Running tests with race detection consumes too much memory on Windows,
+  # see https://github.com/golang/go/issues/46099 for details.
+  test-windows:
+    name: Test Windows
+    strategy:
+      matrix:
+        go-version: [ 1.26.x ]
+        platform: [ windows-latest ]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests with coverage
+        run: go test -shuffle=on -v -coverprofile=coverage -covermode=atomic ./...
+      - name: Send email on failure
+        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
+        if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+        with:
+          smtp_username: ${{ secrets.SMTP_USERNAME }}
+          smtp_password: ${{ secrets.SMTP_PASSWORD }}
+
+  postgres:
+    name: Postgres
+    strategy:
+      matrix:
+        go-version: [ 1.26.x ]
+        platform: [ ubuntu-latest ]
+    runs-on: ${{ matrix.platform }}
+    services:
+      postgres:
+        image: postgres:9.6
+        env:
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests with coverage
+        run: |
+          go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic -json ./internal/database/... > test-report.json
+          go install github.com/mfridman/tparse@latest
+          tparse -all -file=test-report.json
+        env:
+          GOGS_DATABASE_TYPE: postgres
+          PGPORT: 5432
+          PGHOST: localhost
+          PGUSER: postgres
+          PGPASSWORD: postgres
+          PGSSLMODE: disable
+
+  mysql:
+    name: MySQL
+    strategy:
+      matrix:
+        go-version: [ 1.26.x ]
+        platform: [ ubuntu-22.04 ] # Use the lowest version possible for backwards compatibility
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Start MySQL server
+        run: sudo systemctl start mysql
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Run tests with coverage
+        run: |
+          go test -shuffle=on -v -race -coverprofile=coverage -covermode=atomic -json ./internal/database/... > test-report.json
+          go install github.com/mfridman/tparse@latest
+          tparse -all -file=test-report.json
+        env:
+          GOGS_DATABASE_TYPE: mysql
+          MYSQL_USER: root
+          MYSQL_PASSWORD: root
+          MYSQL_HOST: localhost
+          MYSQL_PORT: 3306
@@ -0,0 +1,25 @@
+name: 'Lock Threads'
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+permissions:
+  issues: write
+  pull-requests: write
+
+concurrency:
+  group: lock
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
+        with:
+          github-token: ${{ github.token }}
+          issue-inactive-days: '90'
+          issue-lock-reason: 'resolved'
+          pr-inactive-days: '365'
+          pr-lock-reason: 'resolved'
@@ -0,0 +1,216 @@
+name: Release
+
+on:
+  release:
+    types: [published]
+  push:
+    branches:
+      - main
+  pull_request:
+    paths:
+      - '.github/workflows/release.yml'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  GOPROXY: "https://proxy.golang.org"
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    name: Build ${{ matrix.goos }}/${{ matrix.goarch }}${{ matrix.suffix }}
+    if: ${{ github.repository == 'gogs/gogs' }}
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - {goos: linux, goarch: amd64, runner: ubuntu-latest}
+          - {goos: linux, goarch: arm64, runner: ubuntu-latest}
+          - {goos: linux, goarch: "386", runner: ubuntu-latest}
+          - {goos: darwin, goarch: amd64, runner: macos-latest}
+          - {goos: darwin, goarch: arm64, runner: macos-latest}
+          - {goos: windows, goarch: amd64, runner: ubuntu-latest}
+          - {goos: windows, goarch: arm64, runner: ubuntu-latest}
+          - {goos: windows, goarch: "386", runner: ubuntu-latest}
+          - {goos: windows, goarch: amd64, suffix: "_mws", tags: minwinsvc, runner: ubuntu-latest}
+          - {goos: windows, goarch: arm64, suffix: "_mws", tags: minwinsvc, runner: ubuntu-latest}
+          - {goos: windows, goarch: "386", suffix: "_mws", tags: minwinsvc, runner: ubuntu-latest}
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Set up Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: 1.26.x
+      - name: Set up pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+      - name: Set up Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version: 24
+          cache: pnpm
+      - name: Build web assets
+        run: |
+          pnpm install --frozen-lockfile
+          pnpm --filter gogs-web run build
+      - name: Determine version
+        id: version
+        run: |
+          if [ "${{ github.event_name }}" = "release" ]; then
+            echo "version=${{ github.event.release.tag_name }}" | sed 's/version=v/version=/' >> "$GITHUB_OUTPUT"
+            echo "release_tag=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
+          elif [ "${{ github.event_name }}" = "push" ] && [ "${{ github.ref }}" = "refs/heads/main" ]; then
+            echo "version=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+            echo "release_tag=latest-commit-build" >> "$GITHUB_OUTPUT"
+          else
+            echo "version=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+            echo "release_tag=release-archive-testing" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Build binary
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+          CGO_ENABLED: "0"
+        run: |
+          BINARY_NAME="gogs"
+          if [ "${{ matrix.goos }}" = "windows" ]; then
+            BINARY_NAME="gogs.exe"
+          fi
+
+          TAGS="prod"
+          if [ -n "${{ matrix.tags }}" ]; then
+            TAGS="$TAGS ${{ matrix.tags }}"
+          fi
+
+          go build -v \
+            -ldflags "
+              -X \"gogs.io/gogs/internal/conf.BuildTime=$(date -u '+%Y-%m-%d %I:%M:%S %Z')\"
+              -X \"gogs.io/gogs/internal/conf.BuildCommit=$(git rev-parse HEAD)\"
+            " \
+            -tags "$TAGS" \
+            -trimpath -o "$BINARY_NAME" ./cmd/gogs
+      - name: Import Apple signing certificate
+        if: ${{ matrix.goos == 'darwin' }}
+        env:
+          APPLE_DEVELOPER_ID_CERTIFICATE_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_BASE64 }}
+          APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }}
+          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+        run: |
+          if [ -z "$APPLE_DEVELOPER_ID_CERTIFICATE_BASE64" ] || [ -z "$APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD" ] || [ -z "$APPLE_KEYCHAIN_PASSWORD" ]; then
+            echo "Missing required Apple signing secrets." >&2
+            exit 1
+          fi
+
+          CERTIFICATE_PATH="$RUNNER_TEMP/developer_id_application.p12"
+          KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
+
+          printf '%s' "$APPLE_DEVELOPER_ID_CERTIFICATE_BASE64" | base64 -d > "$CERTIFICATE_PATH"
+          security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
+          security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security import "$CERTIFICATE_PATH" -P "$APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
+          security list-keychains -d user -s "$KEYCHAIN_PATH"
+          security default-keychain -s "$KEYCHAIN_PATH"
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$APPLE_KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+      - name: Sign macOS binary
+        if: ${{ matrix.goos == 'darwin' }}
+        env:
+          APPLE_DEVELOPER_IDENTITY: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
+        run: |
+          if [ -z "$APPLE_DEVELOPER_IDENTITY" ]; then
+            echo "Missing required Apple signing identity secret." >&2
+            exit 1
+          fi
+
+          security find-identity -v -p codesigning
+          codesign --force --options runtime --timestamp --sign "$APPLE_DEVELOPER_IDENTITY" "gogs"
+          codesign --verify --verbose=2 "gogs"
+      - name: Prepare archive contents
+        run: |
+          mkdir -p dist/gogs
+          BINARY_NAME="gogs"
+          if [ "${{ matrix.goos }}" = "windows" ]; then
+            BINARY_NAME="gogs.exe"
+          fi
+          cp "$BINARY_NAME" dist/gogs/
+          cp LICENSE README.md dist/gogs/
+          cp -r scripts dist/gogs/
+      - name: Create archives
+        working-directory: dist
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          ARCHIVE_BASE="gogs_${VERSION}_${{ matrix.goos }}_${{ matrix.goarch }}${{ matrix.suffix }}"
+
+          zip -r "${ARCHIVE_BASE}.zip" gogs
+
+          if [ "${{ matrix.goos }}" = "linux" ]; then
+            tar -czvf "${ARCHIVE_BASE}.tar.gz" gogs
+          fi
+      - name: Notarize macOS archive
+        if: ${{ matrix.goos == 'darwin' }}
+        env:
+          APPLE_NOTARY_ISSUER_ID: ${{ secrets.APPLE_NOTARY_ISSUER_ID }}
+          APPLE_NOTARY_KEY_BASE64: ${{ secrets.APPLE_NOTARY_KEY_BASE64 }}
+          APPLE_NOTARY_KEY_ID: ${{ secrets.APPLE_NOTARY_KEY_ID }}
+        run: |
+          if [ -z "$APPLE_NOTARY_ISSUER_ID" ] || [ -z "$APPLE_NOTARY_KEY_BASE64" ] || [ -z "$APPLE_NOTARY_KEY_ID" ]; then
+            echo "Missing required Apple notarization secrets." >&2
+            exit 1
+          fi
+
+          VERSION="${{ steps.version.outputs.version }}"
+          ARCHIVE_PATH="dist/gogs_${VERSION}_${{ matrix.goos }}_${{ matrix.goarch }}${{ matrix.suffix }}.zip"
+          NOTARY_KEY_PATH="$RUNNER_TEMP/AuthKey_${APPLE_NOTARY_KEY_ID}.p8"
+
+          printf '%s' "$APPLE_NOTARY_KEY_BASE64" | base64 -d > "$NOTARY_KEY_PATH"
+          xcrun notarytool submit "$ARCHIVE_PATH" \
+            --key "$NOTARY_KEY_PATH" \
+            --key-id "$APPLE_NOTARY_KEY_ID" \
+            --issuer "$APPLE_NOTARY_ISSUER_ID" \
+            --wait
+      - name: Upload to release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          RELEASE_TAG="${{ steps.version.outputs.release_tag }}"
+
+          if [ "${{ github.event_name }}" != "release" ]; then
+            git tag -f "$RELEASE_TAG"
+            git push origin "$RELEASE_TAG" --force || true
+
+            RELEASE_TITLE="Release archive testing"
+            RELEASE_NOTES="Automated testing release for workflow development."
+            if [ "$RELEASE_TAG" = "latest-commit-build" ]; then
+              RELEASE_TITLE="Latest commit build"
+              RELEASE_NOTES="Automated build from the latest commit on main branch. This release is updated automatically with every push to main."
+            fi
+
+            gh release view "$RELEASE_TAG" || gh release create "$RELEASE_TAG" --title "$RELEASE_TITLE" --notes "$RELEASE_NOTES" --prerelease
+          fi
+
+          PATTERN="_${{ matrix.goos }}_${{ matrix.goarch }}${{ matrix.suffix }}\."
+          gh release view "$RELEASE_TAG" --json assets --jq ".assets[].name" | grep "$PATTERN" | while read -r asset; do
+            gh release delete-asset "$RELEASE_TAG" "$asset" --yes || true
+          done
+
+          gh release upload "$RELEASE_TAG" dist/gogs_*.zip --clobber
+          if [ "${{ matrix.goos }}" = "linux" ]; then
+            gh release upload "$RELEASE_TAG" dist/gogs_*.tar.gz --clobber
+          fi
+
+  notify-failure:
+    name: Notify on failure
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: ${{ failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    steps:
+      - name: Send email on failure
+        uses: unknwon/send-email-on-failure@89339a1bc93f4ad1d30f3b7e4911fcba985c9adb # v1
+        with:
+          smtp_username: ${{ secrets.SMTP_USERNAME }}
+          smtp_password: ${{ secrets.SMTP_PASSWORD }}
@@ -0,0 +1,17 @@
+name: Shell
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
@@ -0,0 +1,54 @@
+name: Web
+on:
+  push:
+    branches:
+      - main
+      - 'release/**'
+    paths:
+      - 'web/**'
+      - 'pnpm-lock.yaml'
+      - 'pnpm-workspace.yaml'
+      - 'package.json'
+      - 'conf/locale/locale_*.ini'
+      - '.github/workflows/web.yml'
+  pull_request:
+    paths:
+      - 'web/**'
+      - 'pnpm-lock.yaml'
+      - 'pnpm-workspace.yaml'
+      - 'package.json'
+      - 'conf/locale/locale_*.ini'
+      - '.github/workflows/web.yml'
+
+permissions:
+  contents: read
+
+jobs:
+  web:
+    name: Lint and build
+    runs-on: ubuntu-latest
+    env:
+      MOON_COLOR: "true"
+      FORCE_COLOR: "1"
+    steps:
+      - name: Check out code
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          fetch-depth: 0
+      - name: Set up pnpm
+        uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+      - name: Set up Node
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version: 24
+          cache: pnpm
+      - name: Set up moon
+        uses: moonrepo/setup-toolchain@261c62cb5b0f580c7be7c8cd0f023a2e96756095 # v0.6.4
+        with:
+          auto-install: false
+      - name: Lint
+        run: moon run web:lint
+      - name: Build
+        run: moon run web:build
+      - name: Check for uncommitted changes
+        run: git diff --exit-code --stat
@@ -1,20 +1,19 @@
-.DS_Store
-*.db
-*.log
+# Build artifacts and cache
+.bin/
+dist/
+.moon/cache/
+node_modules/
+.agents/skills/
+.claude/skills
+
+# Runtime data
 log/
 custom/
 data/
-.vendor/
+
+# Configuration and application files
 .idea/
-*.iml
-public/img/avatar/
-*.exe
-*.exe~
-/gogs
-profile/
-*.pem
-output*
-gogs.sublime-project
-gogs.sublime-workspace
-/release
-vendor
+.envrc
+
+# System junk
+.DS_Store
@@ -0,0 +1,42 @@
+version: "2"
+linters:
+  enable:
+    - nakedret
+    - rowserrcheck
+    - unconvert
+    - unparam
+  settings:
+    govet:
+      disable:
+        # printf: non-constant format string in call to fmt.Errorf (govet)
+        # showing up since golangci-lint version 1.60.1
+        - printf
+    staticcheck:
+      checks:
+        - all
+        - "-SA1019" # This project is under active refactoring and not all code is up to date.
+        - "-QF1001" # I'm a math noob
+        - "-ST1016" # Some legit code uses this pattern
+    nakedret:
+      max-func-lines: 0 # Disallow any unnamed return statement
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
@@ -1,58 +0,0 @@
-[target]
-path = github.com/gogits/gogs
-
-[deps]
-github.com/bradfitz/gomemcache = commit:fb1f79c
-github.com/codegangsta/cli = commit:1efa31f
-github.com/go-macaron/binding = commit:9440f33
-github.com/go-macaron/cache = commit:5617353
-github.com/go-macaron/captcha = commit:8aa5919
-github.com/go-macaron/csrf = commit:6a9a7df
-github.com/go-macaron/gzip = commit:cad1c65
-github.com/go-macaron/i18n = commit:ef57533
-github.com/go-macaron/inject = commit:c5ab7bf
-github.com/go-macaron/session = commit:66031fc
-github.com/go-macaron/toolbox = commit:82b5115
-github.com/go-sql-driver/mysql = commit:0b58b37
-github.com/go-xorm/core = commit:bc1b7f8
-github.com/go-xorm/xorm = commit:b8b1711
-github.com/gogits/chardet = commit:2404f77
-github.com/gogits/cron = commit:96040e4
-github.com/gogits/git-module = commit:53bcb73
-github.com/gogits/go-gogs-client = commit:d725743
-github.com/issue9/identicon = commit:d36b545
-github.com/jaytaylor/html2text = commit:52d9b78
-github.com/kardianos/minwinsvc = commit:cad6b2b
-github.com/klauspost/compress = commit:14eb9c4
-github.com/klauspost/cpuid = commit:09cded8
-github.com/klauspost/crc32 = commit:19b0b33
-github.com/lib/pq = commit:4dd446e
-github.com/mattn/go-sqlite3 = commit:e118d44
-github.com/mcuadros/go-version = commit:d52711f
-github.com/microcosm-cc/bluemonday = commit:9dc1992
-github.com/msteinert/pam = commit:02ccfbf
-github.com/nfnt/resize = commit:891127d
-github.com/russross/blackfriday = commit:93622da
-github.com/satori/go.uuid = commit:0aa62d5
-github.com/sergi/go-diff = commit:ec7fdbb
-github.com/shurcooL/sanitized_anchor_name = commit:10ef21a
-github.com/Unknwon/cae = commit:7f5e046
-github.com/Unknwon/com = commit:28b053d
-github.com/Unknwon/i18n = commit:39d6f27
-github.com/Unknwon/paginater = commit:7748a72
-golang.org/x/crypto = commit:bc89c49
-golang.org/x/net = commit:57bfaa8
-golang.org/x/sys = commit:a646d33
-golang.org/x/text = commit:2910a50
-gopkg.in/alexcesaro/quotedprintable.v3 = commit:2caba25
-gopkg.in/asn1-ber.v1 = commit:4e86f43
-gopkg.in/bufio.v1 = commit:567b2bf
-gopkg.in/gomail.v2 = commit:81ebce5
-gopkg.in/ini.v1 = commit:cf53f92
-gopkg.in/ldap.v2 = commit:537128f
-gopkg.in/macaron.v1 = commit:2133042
-gopkg.in/redis.v2 = commit:e617904
-
-[res]
-include = public|scripts|templates
-
@@ -0,0 +1,4 @@
+Joe Chen <jc@unknwon.io> Unknwon <u@gogs.io>
+Joe Chen <jc@unknwon.io> 无闻 <u@gogs.io>
+Joe Chen <jc@unknwon.io> ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
+Joe Chen <jc@unknwon.io> ᴜɴᴋɴᴡᴏɴ <jc@unknwon.io>
@@ -0,0 +1,4 @@
+$schema: "https://moonrepo.dev/schemas/tasks.json"
+
+taskOptions:
+  outputStyle: "stream"
@@ -0,0 +1,9 @@
+$schema: "https://moonrepo.dev/schemas/workspace.json"
+
+projects:
+  gogs: "."
+  web: "web"
+
+vcs:
+  client: "git"
+  defaultBranch: "main"
@@ -1,27 +0,0 @@
-targets:
-  debian-7: &debian
-    build_dependencies:
-      - libpam0g-dev
-    dependencies:
-      - libpam0g
-      - git
-  debian-8:
-    <<: *debian
-  ubuntu-14.04:
-    <<: *debian
-  ubuntu-12.04:
-    <<: *debian
-  centos-6: &el
-    build_dependencies:
-      - pam-devel
-    dependencies:
-      - pam
-      - git
-  centos-7:
-    <<: *el
-before:
-  - mv packager/Procfile .
-  - mv packager/.godir .
-after:
-  - mv bin/main gogs
-after_install: ./packager/hooks/postinst
@@ -1,29 +0,0 @@
-language: go
-
-go:
-  - 1.4
-  - 1.5
-  - 1.6
-
-before_install:
-  - sudo apt-get update -qq
-  - sudo apt-get install -y libpam-dev
-  - go get github.com/msteinert/pam 
-
-install:
-  - go get -t -v ./...
-
-script: 
-  - go build -v -tags "pam"
-  - go test -v -cover -race ./...
-
-notifications:
-  email:
-    - u@gogs.io
-  slack: gophercn:o5pSanyTeNhnfYc3QnG0X7Wx
-  webhooks:
-    urls:
-      - https://webhooks.gitter.im/e/b590f8e03882f7aedc3e
-    on_success: change 
-    on_failure: always 
-    on_start: never     
@@ -0,0 +1,48 @@
+## Core principles
+
+- Stop telling me "You're right", it just shows how incompetent you are. Do it right on your first try, fact-check and review after changes. If you are not sure, ask for help.
+- When you see changes made outside your knowledge, use the current version as your new starting point. Do not blindly overwrite those changes or you suck. Even if you have to update the code, always respect the pattern in the surrounding context!
+
+## Style and mechanics
+
+This applies to all texts, including but not limited to UI, documentation, code comments.
+
+- Use sentence case. Preserve original casing for brand names.
+- End with a period for a full sentence.
+- Never use em dashes (`—`) or en dashes (`–`) in prose. Rewrite the sentence with a comma, period, colon, or parentheses instead. Exception: em/en dashes are allowed as visual separators in UI design (e.g., between a title and description, in a terminal prompt label) where they function as a graphic element rather than punctuation.
+- Do not overuse semicolons. Two short sentences are almost always clearer than one sentence joined by a semicolon. Reserve the semicolon for the rare case where the two clauses are so tightly coupled that splitting them loses meaning, never as a default em-dash replacement or a way to chain related thoughts.
+- Do not add comments that repeat what the code is doing, always prefer more descriptive names. Do add comments for intentions that aren't obvious via reading the code alone. This rule takes precedence over matching existing patterns.
+
+## Coding guidelines
+
+- Use `github.com/cockroachdb/errors` for error handling.
+- Use `github.com/stretchr/testify` for assertions in tests. Be mindful about the choice of `require` and `assert`, the former should be used when the test cannot proceed meaningfully after a failed assertion.
+- Every 5xx response must log the error directly inside the handler, do not log errors in a shared helper.
+
+## Localization
+
+- Only edit `conf/locale/locale_en-US.ini`. The other `locale_*.ini` files are community-maintained translations. Do not add, remove, or rewrite keys in them, even when removing keys that are dead on the Go/template side.
+
+## UI guidelines
+
+- Design mobile-friendly. Every UI must look and work well on narrow viewports before adding desktop refinements via responsive breakpoints. Test at ~375px width before considering a UI done.
+- Meet WCAG 2.2 AA at minimum. Specifically: every interactive control has a discernible accessible name (visible label or `aria-label`); color is never the sole carrier of information (pair with text, icon, or shape); text and meaningful icons meet 4.5:1 contrast against their background (3:1 for large text and UI components); focus is always visible and never trapped; touch targets are at least 24×24 CSS px (40×40 preferred). When unsure, lean toward more contrast, larger targets, and explicit labels.
+- For work under `web/`, follow the patterns in [`web/DESIGN.md`](web/DESIGN.md) (typography, color hierarchy, surface chrome, file naming, accessibility specifics). Update that doc when a pattern is used in two places.
+- When a page needs server data to render, fetch it in the TanStack Router route's `loader` so the page only mounts after the response arrives. Do not fire that fetch from a `useEffect` inside the page component, which causes a flash of empty UI before the data lands.
+
+## Build instructions
+
+- Prefer `moon run <project>:<task>` over vanilla `go` or `pnpm` commands when available (e.g. `moon run gogs:build`, `moon run web:dev`). Pass `--force` to bypass cache when necessary.
+- Run `moon run gogs:lint` after every time you finish changing Go code, and `moon run web:lint` after changing frontend code; fix all linter errors.
+
+## Tool-use guidance
+
+- Use `gh` CLI to access information on github.com that is not publicly available.
+- Run the Chrome DevTools MCP in headless mode so it does not steal focus from the user's foreground browser session. After finishing any task that used the Chrome DevTools MCP, kill all `chrome-devtools-mcp` processes with `pkill -f chrome-devtools-mcp`.
+
+## Source code control
+
+- When pushing changes to a pull request from a fork, use SSH address and do not add remote.
+- Never commit on the `main` branch directly unless being explicitly asked to do so. A single ask only grants a single commit action on the `main` branch.
+- Never amend commits unless being explicitly asked to do so.
+- When creating a git worktree, the worktree directory name must match its branch name. Do not use random or generated suffixes.
@@ -0,0 +1,332 @@
+# Changelog
+
+All notable changes to Gogs are documented in this file.
+
+## 0.15.0+dev (`main`)
+
+### Changed
+
+- Docker builds from `main` are now published only as `gogs/gogs:edge`, using the next-generation `Dockerfile.next`. The legacy `Dockerfile` no longer produces `main` builds. The `gogs/gogs:latest` and `gogs/gogs:next-latest` tags now always point to the highest published stable release, never to a back-patch on an older line. [#8278](https://github.com/gogs/gogs/pull/8278)
+
+### Fixed
+
+- _Security:_ Denial of service in repository and wiki file listing pages via crafted file names. [#8116](https://github.com/gogs/gogs/pull/8116) - [GHSA-3qq3-668m-v9mj](https://github.com/gogs/gogs/security/advisories/GHSA-3qq3-668m-v9mj)
+- _Security:_ Reverse proxy authentication header was honored from any remote address, allowing user impersonation when Gogs was reachable directly. The header is now only trusted from addresses listed in `[auth] TRUSTED_PROXY_IPS`. [#8264](https://github.com/gogs/gogs/pull/8264) - [GHSA-w6j9-vw59-27wv](https://github.com/gogs/gogs/security/advisories/GHSA-w6j9-vw59-27wv)
+- _Security:_ Server-side request forgery in webhook deliveries via HTTP redirects to local network addresses. [#8263](https://github.com/gogs/gogs/pull/8263) - [GHSA-c4v7-xg93-qf8g](https://github.com/gogs/gogs/security/advisories/GHSA-c4v7-xg93-qf8g)
+- _Security:_ The "remember me" auto-login cookie was derived from database columns, so an attacker with a database dump could forge a valid cookie for any user. The auto-login cookie path has been removed entirely. Persistence is now provided by the server-issued session cookie. [#8289](https://github.com/gogs/gogs/pull/8289) - [GHSA-4pph-25p3-pw73](https://github.com/gogs/gogs/security/advisories/GHSA-4pph-25p3-pw73)
+
+### Removed
+
+- The `gogs cert` subcommand. [#8153](https://github.com/gogs/gogs/pull/8153)
+- The `[email] DISABLE_HELO` configuration option. HELO/EHLO is now always sent during SMTP handshake. [#8164](https://github.com/gogs/gogs/pull/8164)
+- Support for MSSQL as the database backend. Stay on 0.14 for continued usage. [#8173](https://github.com/gogs/gogs/pull/8173)
+- Support for `memcache` as the cache adapter. Stay on 0.14 for continued usage. [#8270](https://github.com/gogs/gogs/pull/8270)
+- The `/debug`, `/debug/pprof/*`, `/debug/profile/*`, and `/urlmap.json` endpoints. [#8271](https://github.com/gogs/gogs/pull/8271)
+
+## 0.14.2
+
+### Fixed
+
+- _Security:_ Cross-repository LFS object overwrite via missing content hash verification. [#8166](https://github.com/gogs/gogs/pull/8166) - [GHSA-gmf8-978x-2fg2](https://github.com/gogs/gogs/security/advisories/GHSA-gmf8-978x-2fg2)
+- _Security:_ Stored XSS via data URI in issue comments. [#8174](https://github.com/gogs/gogs/pull/8174) - [GHSA-xrcr-gmf5-2r8j](https://github.com/gogs/gogs/security/advisories/GHSA-xrcr-gmf5-2r8j)
+- _Security:_ Release tag option injection in release deletion. [#8175](https://github.com/gogs/gogs/pull/8175) - [GHSA-v9vm-r24h-6rqm](https://github.com/gogs/gogs/security/advisories/GHSA-v9vm-r24h-6rqm)
+- _Security:_ Stored XSS in branch and wiki views through author and committer names. [#8176](https://github.com/gogs/gogs/pull/8176) - [GHSA-vgvf-m4fw-938j](https://github.com/gogs/gogs/security/advisories/GHSA-vgvf-m4fw-938j)
+- _Security:_ DOM-based XSS via issue meta selection on the issue page. [#8178](https://github.com/gogs/gogs/pull/8178) - [GHSA-vgjm-2cpf-4g7c](https://github.com/gogs/gogs/security/advisories/GHSA-vgjm-2cpf-4g7c)
+- Unable to update files via web editor and API. [#8184](https://github.com/gogs/gogs/pull/8184)
+
+### Removed
+
+- Support for passing API access tokens via URL query parameters (`token`, `access_token`). Use the `Authorization` header instead. [#8177](https://github.com/gogs/gogs/pull/8177) - [GHSA-x9p5-w45c-7ffc](https://github.com/gogs/gogs/security/advisories/GHSA-x9p5-w45c-7ffc)
+
+## 0.14.1
+
+### Added
+
+- Support comparing tags in addition to branches. [#6141](https://github.com/gogs/gogs/issues/6141)
+- Show file name in browser tab title when viewing files. [#5896](https://github.com/gogs/gogs/pull/5896)
+- Support using TLS for Redis session provider using `[session] PROVIDER_CONFIG = ...,tls=true`. [#7860](https://github.com/gogs/gogs/pull/7860)
+- Support expanading values in `app.ini` from environment variables, e.g. `[database] PASSWORD = ${DATABASE_PASSWORD}`. [#8057](https://github.com/gogs/gogs/pull/8057)
+- Support custom logout URL that users get redirected to after sign out using `[auth] CUSTOM_LOGOUT_URL`. [#8089](https://github.com/gogs/gogs/pull/8089)
+- Start publishing next-generation, security-focused Docker image via `gogs/gogs:next-latest`, which will become the default image distribution (`gogs/gogs:latest`) starting 0.16.0. While not all container options support have been added in the next-generation image, the use of current legacy Docker image is deprecated, it will be published as `gogs/gogs:legacy-latest` starting 0.16.0, and be completely removed no earlier than 0.17.0. [#8061](https://github.com/gogs/gogs/pull/8061)
+
+### Changed
+
+- The required Go version to compile source code changed to 1.25.
+- The build tag `cert` has been removed, and the `gogs cert` subcommand is now always available. [#7883](https://github.com/gogs/gogs/pull/7883)
+- Switched to pure-Go SQLite driver, CGO is no longer required to compile Gogs. [#7882](https://github.com/gogs/gogs/issues/7882)
+- Updated Mermaid JS to 11.9.0. [#8009](https://github.com/gogs/gogs/pull/8009)
+- Halt the repository creation and leave the directory untouched if the repository root already exists. [#8091](https://github.com/gogs/gogs/pull/8091)
+
+### Fixed
+
+- _Security:_ Unauthenticated file upload. [#8128](https://github.com/gogs/gogs/pull/8128) - [GHSA-fc3h-92p8-h36f](https://github.com/gogs/gogs/security/advisories/GHSA-fc3h-92p8-h36f)
+- _Security:_ Protected branch bypass in web UI. [#8124](https://github.com/gogs/gogs/pull/8124) - [GHSA-2c6v-8r3v-gh6p](https://github.com/gogs/gogs/security/advisories/GHSA-2c6v-8r3v-gh6p)
+- _Security:_ Authorization bypass allows cross-repository label modification. [#8123](https://github.com/gogs/gogs/pull/8123) - [GHSA-cv22-72px-f4gh](https://github.com/gogs/gogs/security/advisories/GHSA-cv22-72px-f4gh)
+- _Security:_ Cross-repository comment deletion. [#8119](https://github.com/gogs/gogs/pull/8119) - [GHSA-jj5m-h57j-5gv7](https://github.com/gogs/gogs/security/advisories/GHSA-jj5m-h57j-5gv7)
+- 500 error on repository watchers and stargazers pages when using MSSQL. [#5482](https://github.com/gogs/gogs/issues/5482)
+- Submodules using `ssh://` protocol and a port number are not rendered correctly. [#4941](https://github.com/gogs/gogs/issues/4941)
+- Missing link to user profile on the first commit in commits history page. [#7404](https://github.com/gogs/gogs/issues/7404)
+- Unable to delete or display files with special characters in their names. [#7596](https://github.com/gogs/gogs/issues/7596)
+- Docker healthcheck fails when `HTTP_PROXY` or `HTTPS_PROXY` environment variables are set. [#7529](https://github.com/gogs/gogs/issues/7529)
+
+## 0.13.4
+
+### Fixed
+
+- _Security:_ DoS in repository mirror sync. [#8065](https://github.com/gogs/gogs/pull/8065) - [GHSA-cr88-6mqm-4g57](https://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57)
+- _Security:_ RCE in repository put contents API. [#8082](https://github.com/gogs/gogs/pull/8082) - [GHSA-gg64-xxr9-qhjp](https://github.com/gogs/gogs/security/advisories/GHSA-gg64-xxr9-qhjp)
+- _Security:_ Arbitrary file deletion via path traversal in wiki page update. [#8099](https://github.com/gogs/gogs/pull/8099) - [GHSA-jp7c-wj6q-3qf2](https://github.com/gogs/gogs/security/advisories/GHSA-jp7c-wj6q-3qf2)
+- _Security:_ 2FA bypass via recovery code. [#8100](https://github.com/gogs/gogs/pull/8100) - [GHSA-p6x6-9mx6-26wj](https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-26wj)
+- _Security:_ Authorization bypass in repository deletion API. [#8101](https://github.com/gogs/gogs/pull/8101) - [GHSA-rjv5-9px2-fqw6](https://github.com/gogs/gogs/security/advisories/GHSA-rjv5-9px2-fqw6)
+- _Security:_ Update repository content via API with read-only permission. [#8102](https://github.com/gogs/gogs/pull/8102) - [GHSA-5qhx-gwfj-6jqr](https://github.com/gogs/gogs/security/advisories/GHSA-5qhx-gwfj-6jqr)
+- _Security:_ Arbitrary file read/write via path traversal in Git hook editing. [#8103](https://github.com/gogs/gogs/pull/8103) - [GHSA-mrph-w4hh-gx3g](https://github.com/gogs/gogs/security/advisories/GHSA-mrph-w4hh-gx3g)
+- _Security:_ Stored XSS via Mermaid diagrams. [`2c88cd4`](https://github.com/gogs/gogs/commit/2c88cd4d9fdc346d8e06d82f5368d657c10e79c2) - [GHSA-26gq-grmh-6xm6](https://github.com/gogs/gogs/security/advisories/GHSA-26gq-grmh-6xm6)
+- Route `GET /api/v1/user/repos` responses 500 when accessible repositories contain forks. [#8069](https://github.com/gogs/gogs/pull/8069)
+- Newer Git versions that uses default branch `main` cause wiki initialization to fail. [#8094](https://github.com/gogs/gogs/pull/8094)
+
+## 0.13.3
+
+### Fixed
+
+- _Security:_ Stored XSS in PDF renderer. [GHSA-xh32-cx6c-cp4v](https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v)
+- _Security:_ Path Traversal in file editing UI. [GHSA-wj44-9vcg-wjq7](https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7)
+- Randomly timeout on repository file uploads. [#7890](https://github.com/gogs/gogs/pull/7890)
+- Unable to override email templates in custom directory. [#7905](https://github.com/gogs/gogs/pull/7905)
+
+## 0.13.2
+
+### Fixed
+
+- _Security:_ Path Traversal in file editing UI. [GHSA-r7j8-5h9c-f6fx](https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx)
+- _Security:_ Path Traversal in file update API. [GHSA-qf5v-rp47-55gg](https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg)
+- _Security:_ Argument Injection in the built-in SSH server. [GHSA-vm62-9jw3-c8w3](https://github.com/gogs/gogs/security/advisories/GHSA-vm62-9jw3-c8w3)
+- _Security:_ Deletion of internal files. [GHSA-ccqv-43vm-4f3w](https://github.com/gogs/gogs/security/advisories/GHSA-ccqv-43vm-4f3w)
+- _Security:_ Argument Injection during changes preview. [GHSA-9pp6-wq8c-3w2c](https://github.com/gogs/gogs/security/advisories/GHSA-9pp6-wq8c-3w2c)
+- _Security:_ Argument Injection when tagging new releases. [GHSA-m27m-h5gj-wwmg](https://github.com/gogs/gogs/security/advisories/GHSA-m27m-h5gj-wwmg)
+- Use the non-deprecated section name `[email]` during installation for email settings. [#7704](https://github.com/gogs/gogs/pull/7704)
+- Use the non-deprecated section name `[email] PASSWORD` during installation for email password. [#7807](https://github.com/gogs/gogs/pull/7807)
+- Make purple template label color to actually use the hexcode of purple. [#7722](https://github.com/gogs/gogs/pull/7722)
+
+## 0.13.0
+
+### Added
+
+- Support using personal access token in the password field. [#3866](https://github.com/gogs/gogs/issues/3866)
+- An unlisted option is added when create or migrate a repository. Unlisted repositories are public but not being listed for users without direct access in the UI. [#5733](https://github.com/gogs/gogs/issues/5733)
+- New API endpoint `PUT /repos/:owner/:repo/contents/:path` for creating and update repository contents. [#5967](https://github.com/gogs/gogs/issues/5967)
+- New configuration option `[git.timeout] DIFF` for customizing operation timeout of `git diff`. [#6315](https://github.com/gogs/gogs/issues/6315)
+- New configuration option `[server] SSH_SERVER_MACS` for setting list of accepted MACs for connections to builtin SSH server. [#6434](https://github.com/gogs/gogs/issues/6434)
+- New configuration option `[repository] DEFAULT_BRANCH` for setting default branch name for new repositories. [#7291](https://github.com/gogs/gogs/issues/7291)
+- New configuration option `[server] SSH_SERVER_ALGORITHMS` for specifying the list of accepted key exchange algorithms for connections to builtin SSH server. [#7345](https://github.com/gogs/gogs/pull/7345)
+- Support specifying custom schema for PostgreSQL. [#6695](https://github.com/gogs/gogs/pull/6695)
+- Support rendering Mermaid diagrams in Markdown. [#6776](https://github.com/gogs/gogs/pull/6776)
+- Docker: Allow passing extra arguments to the `backup` command. [#7060](https://github.com/gogs/gogs/pull/7060)
+- New languages support: Mongolian, Romanian. [#6510](https://github.com/gogs/gogs/pull/6510) [#7082](https://github.com/gogs/gogs/pull/7082)
+
+### Changed
+
+- The default branch has been changed to `main`. [#6285](https://github.com/gogs/gogs/pull/6285)
+- MSSQL as database backend is deprecated, installation page no longer shows it as an option. Existing installations and manually craft configuration file continue to work. [#6295](https://github.com/gogs/gogs/pull/6295)
+- Use [Task](https://github.com/go-task/task) as the build tool. [#6297](https://github.com/gogs/gogs/pull/6297)
+- The required Go version to compile source code changed to 1.18.
+- Access tokens are now stored using their SHA256 hashes instead of raw values. [#7008](https://github.com/gogs/gogs/pull/7008)
+
+### Fixed
+
+- Unable to use LDAP authentication on ARM machines. [#6761](https://github.com/gogs/gogs/issues/6761)
+- Unable to choose "Lookup Avatar by mail" in user settings without deleting custom avatar. [#7267](https://github.com/gogs/gogs/pull/7267)
+- Mistakenly include the "data" directory under the custom directory in the Docker setup. [#7343](https://github.com/gogs/gogs/pull/7343)
+- Unable to start after data recovery with an outdated migration version. [#7125](https://github.com/gogs/gogs/issues/7125)
+
+### Removed
+
+- ⚠️ Migrations before 0.12 are removed, installations not on 0.12 should upgrade to it to run the migrations and then upgrade to 0.13.
+- Configuration section `[mailer]` is no longer used, please use `[email]`.
+- Configuration section `[service]` is no longer used, please use `[auth]`.
+- Configuration option `APP_NAME` is no longer used, please use `BRAND_NAME`.
+- Configuration option `[security] REVERSE_PROXY_AUTHENTICATION_USER` is no longer used, please use `[auth] REVERSE_PROXY_AUTHENTICATION_HEADER`.
+- Configuration option `[auth] ACTIVE_CODE_LIVE_MINUTES` is no longer used, please use `[auth] ACTIVATE_CODE_LIVES`.
+- Configuration option `[auth] RESET_PASSWD_CODE_LIVE_MINUTES` is no longer used, please use `[auth] RESET_PASSWORD_CODE_LIVES`.
+- Configuration option `[auth] ENABLE_CAPTCHA` is no longer used, please use `[auth] ENABLE_REGISTRATION_CAPTCHA`.
+- Configuration option `[auth] ENABLE_NOTIFY_MAIL` is no longer used, please use `[user] ENABLE_EMAIL_NOTIFICATION`.
+- Configuration option `[auth] REGISTER_EMAIL_CONFIRM` is no longer used, please use `[auth] REQUIRE_EMAIL_CONFIRMATION`.
+- Configuration option `[session] GC_INTERVAL_TIME` is no longer used, please use `[session] GC_INTERVAL`.
+- Configuration option `[session] SESSION_LIFE_TIME` is no longer used, please use `[session] MAX_LIFE_TIME`.
+- Configuration option `[server] ROOT_URL` is no longer used, please use `[server] EXTERNAL_URL`.
+- Configuration option `[server] LANDING_PAGE` is no longer used, please use `[server] LANDING_URL`.
+- Configuration option `[database] DB_TYPE` is no longer used, please use `[database] TYPE`.
+- Configuration option `[database] PASSWD` is no longer used, please use `[database] PASSWORD`.
+- Remove option to use Makefile as the build tool. [#6980](https://github.com/gogs/gogs/pull/6980)
+
+## 0.12.11
+
+### Fixed
+
+- _Security:_ Stored XSS for issue assignees. [#7145](https://github.com/gogs/gogs/issues/7145)
+- _Security:_ OS Command Injection in repo editor on case-insensitive file systems. [#7030](https://github.com/gogs/gogs/issues/7030)
+- Unable to render repository pages with implicit submodules (e.g. `get submodule "REDACTED": revision does not exist`). [#6436](https://github.com/gogs/gogs/issues/6436)
+
+## 0.12.10
+
+### Changed
+
+- Support using `[security] LOCAL_NETWORK_ALLOWLIST = *` to allow all hostnames. [#7111](https://github.com/gogs/gogs/pull/7111)
+
+### Fixed
+
+- Unable to send webhooks to local network addresses after configured `[security] LOCAL_NETWORK_ALLOWLIST`. [#7074](https://github.com/gogs/gogs/issues/7074)
+
+## 0.12.9
+
+### Fixed
+
+- _Security:_ OS Command Injection in file editor. [#7000](https://github.com/gogs/gogs/issues/7000)
+- _Security:_ Sanitize `DisplayName` in repository issue list. [#7009](https://github.com/gogs/gogs/pull/7009)
+- _Security:_ Path Traversal in file editor on Windows. [#7001](https://github.com/gogs/gogs/issues/7001)
+- _Security:_ Path Traversal in Git HTTP endpoints. [#7002](https://github.com/gogs/gogs/issues/7002)
+- Unable to init repository during creation on Windows. [#6967](https://github.com/gogs/gogs/issues/6967)
+- Mysterious panic on `Value not found for type *repo.HTTPContext`. [#6963](https://github.com/gogs/gogs/issues/6963)
+
+## 0.12.8
+
+### Changed
+
+- All users (including admins) need to use the configuration option `[security] LOCAL_NETWORK_ALLOWLIST` to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. [#6988](https://github.com/gogs/gogs/pull/6988)
+
+### Fixed
+
+- _Security:_ SSRF in webhook. [#6901](https://github.com/gogs/gogs/issues/6901)
+- _Security:_ XSS in cookies. [#6953](https://github.com/gogs/gogs/issues/6953)
+- _Security:_ OS Command Injection in file uploading. [#6968](https://github.com/gogs/gogs/issues/6968)
+- _Security:_ Remote Command Execution in file editing. [#6555](https://github.com/gogs/gogs/issues/6555)
+
+## 0.12.7
+
+### Fixed
+
+- _Security:_ Stored XSS in issues. [#6919](https://github.com/gogs/gogs/issues/6919)
+- Invalid character in `Access-Control-Allow-Credentials` response header. [#4983](https://github.com/gogs/gogs/issues/4983)
+- Mysterious `ssh: overflow reading version string` errors from builtin SSH server. [#6882](https://github.com/gogs/gogs/issues/6882)
+
+## 0.12.6
+
+### Fixed
+
+- _Security:_ Remote command execution in file uploading. [#6833](https://github.com/gogs/gogs/issues/6833)
+- _Regression:_ Unable to migrate repository from other local Git hosting. Added a new configuration option `[security] LOCAL_NETWORK_ALLOWLIST`, which is a comma separated list of hostnames that are explicitly allowed to be accessed within the local network. [#6841](https://github.com/gogs/gogs/issues/6841)
+- Slow start of Docker containers using NAS devices. [#6554](https://github.com/gogs/gogs/issues/6554)
+
+## 0.12.5
+
+### Fixed
+
+- _Security:_ Potential SSRF in repository migration. [#6754](https://github.com/gogs/gogs/issues/6754)
+- _Security:_ Improper PAM authorization handling. [#6810](https://github.com/gogs/gogs/issues/6810)
+
+## 0.12.4
+
+### Fixed
+
+- _Security:_ Potential SSRF attack by CRLF injection via repository migration. [#6413](https://github.com/gogs/gogs/issues/6413)
+- _Regression:_ Fixed smart links for issues stops rendering. [#6506](https://github.com/gogs/gogs/issues/6506)
+- Added `X-Frame-Options` header to prevent Clickjacking. [#6409](https://github.com/gogs/gogs/issues/6409)
+
+## 0.12.3
+
+### Fixed
+
+- _Regression:_ When running Gogs on Windows, push commits no longer fail on a daily basis with the error "pre-receive hook declined". [#6316](https://github.com/gogs/gogs/issues/6316)
+- Auto-linked commit SHAs now have correct links. [#6300](https://github.com/gogs/gogs/issues/6300)
+- Git LFS client (with version >= 2.5.0) wasn't able to upload files with known format (e.g. PNG, JPEG), and the server is expecting the HTTP Header `Content-Type` to be `application/octet-stream`. The server now tells the LFS client to always use `Content-Type: application/octet-stream` when upload files.
+
+## 0.12.2
+
+### Fixed
+
+- _Regression:_ Pages are correctly rendered when requesting `?go-get=1` for subdirectories. [#6314](https://github.com/gogs/gogs/issues/6314)
+- _Regression:_ Submodule with a relative path is linked correctly. [#6319](https://github.com/gogs/gogs/issues/6319)
+- Backup can be processed when `--target` is specified on Windows. [#6339](https://github.com/gogs/gogs/issues/6339)
+- Commit message contains keywords look like an issue reference no longer fails the push entirely. [#6289](https://github.com/gogs/gogs/issues/6289)
+
+## 0.12.1
+
+### Fixed
+
+- The `updated_at` field is now correctly updated when updates an issue. [#6209](https://github.com/gogs/gogs/issues/6209)
+- Fixed a regression which created `login_source.cfg` column to have `VARCHAR(255)` instead of `TEXT` in MySQL. [#6280](https://github.com/gogs/gogs/issues/6280)
+
+## 0.12.0
+
+### Added
+
+- Support for Git LFS, you can read documentation for both [user](https://github.com/gogs/gogs/blob/main/docs/user/lfs.md) and [admin](https://github.com/gogs/gogs/blob/main/docs/admin/lfs.md). [#1322](https://github.com/gogs/gogs/issues/1322)
+- Allow admin to remove observers from the repository. [#5803](https://github.com/gogs/gogs/pull/5803)
+- Use `Last-Modified` HTTP header for raw files. [#5811](https://github.com/gogs/gogs/issues/5811)
+- Support syntax highlighting for SAS code files (i.e. `.r`, `.sas`, `.tex`, `.yaml`). [#5856](https://github.com/gogs/gogs/pull/5856)
+- Able to fill in pull request title with a template. [#5901](https://github.com/gogs/gogs/pull/5901)
+- Able to override static files under `public/` directory, please refer to [documentation](https://gogs.io/docs/features/custom_template) for usage. [#5920](https://github.com/gogs/gogs/pull/5920)
+- New API endpoint `GET /admin/teams/:teamid/members` to list members of a team. [#5877](https://github.com/gogs/gogs/issues/5877)
+- Support backup with retention policy for Docker deployments. [#6140](https://github.com/gogs/gogs/pull/6140)
+
+### Changed
+
+- The organization profile page has changed to display at most 12 members. [#5506](https://github.com/gogs/gogs/issues/5506)
+- The required Go version to compile source code changed to 1.14.
+- All assets are now embedded into binary and served from memory by default. Set `[server] LOAD_ASSETS_FROM_DISK = true` to load them from disk. [#5920](https://github.com/gogs/gogs/pull/5920)
+- Application and Go versions are removed from page footer and only show in the admin dashboard.
+- Build tag for running as Windows Service has been changed from `miniwinsvc` to `minwinsvc`.
+- Configuration option `APP_NAME` is deprecated and will end support in 0.13.0, please start using `BRAND_NAME`.
+- Configuration option `[server] ROOT_URL` is deprecated and will end support in 0.13.0, please start using `[server] EXTERNAL_URL`.
+- Configuration option `[server] LANDING_PAGE` is deprecated and will end support in 0.13.0, please start using `[server] LANDING_URL`.
+- Configuration option `[database] DB_TYPE` is deprecated and will end support in 0.13.0, please start using `[database] TYPE`.
+- Configuration option `[database] PASSWD` is deprecated and will end support in 0.13.0, please start using `[database] PASSWORD`.
+- Configuration option `[security] REVERSE_PROXY_AUTHENTICATION_USER` is deprecated and will end support in 0.13.0, please start using `[auth] REVERSE_PROXY_AUTHENTICATION_HEADER`.
+- Configuration section `[mailer]` is deprecated and will end support in 0.13.0, please start using `[email]`.
+- Configuration section `[service]` is deprecated and will end support in 0.13.0, please start using `[auth]`.
+- Configuration option `[auth] ACTIVE_CODE_LIVE_MINUTES` is deprecated and will end support in 0.13.0, please start using `[auth] ACTIVATE_CODE_LIVES`.
+- Configuration option `[auth] RESET_PASSWD_CODE_LIVE_MINUTES` is deprecated and will end support in 0.13.0, please start using `[auth] RESET_PASSWORD_CODE_LIVES`.
+- Configuration option `[auth] REGISTER_EMAIL_CONFIRM` is deprecated and will end support in 0.13.0, please start using `[auth] REQUIRE_EMAIL_CONFIRMATION`.
+- Configuration option `[auth] ENABLE_CAPTCHA` is deprecated and will end support in 0.13.0, please start using `[auth] ENABLE_REGISTRATION_CAPTCHA`.
+- Configuration option `[auth] ENABLE_NOTIFY_MAIL` is deprecated and will end support in 0.13.0, please start using `[user] ENABLE_EMAIL_NOTIFICATION`.
+- Configuration option `[session] GC_INTERVAL_TIME` is deprecated and will end support in 0.13.0, please start using `[session] GC_INTERVAL`.
+- Configuration option `[session] SESSION_LIFE_TIME` is deprecated and will end support in 0.13.0, please start using `[session] MAX_LIFE_TIME`.
+- The name `-` is reserved and cannot be used for users or organizations.
+
+### Fixed
+
+- [Security] Potential open redirection with i18n.
+- [Security] Potential ability to delete files outside a repository.
+- [Security] Potential ability to set primary email on others' behalf from their verified emails.
+- [Security] Potential XSS attack via `.ipynb`. [#5170](https://github.com/gogs/gogs/issues/5170)
+- [Security] Potential SSRF attack via webhooks. [#5366](https://github.com/gogs/gogs/issues/5366)
+- [Security] Potential CSRF attack in admin panel. [#5367](https://github.com/gogs/gogs/issues/5367)
+- [Security] Potential stored XSS attack in some browsers. [#5397](https://github.com/gogs/gogs/issues/5397)
+- [Security] Potential RCE on mirror repositories. [#5767](https://github.com/gogs/gogs/issues/5767)
+- [Security] Potential XSS attack with raw markdown API. [#5907](https://github.com/gogs/gogs/pull/5907)
+- File both modified and renamed within a commit treated as separate files. [#5056](https://github.com/gogs/gogs/issues/5056)
+- Unable to restore the database backup to MySQL 8.0 with syntax error. [#5602](https://github.com/gogs/gogs/issues/5602)
+- Open/close milestone redirects to a 404 page. [#5677](https://github.com/gogs/gogs/issues/5677)
+- Disallow multiple tokens with same name. [#5587](https://github.com/gogs/gogs/issues/5587) [#5820](https://github.com/gogs/gogs/pull/5820)
+- Enable Federated Avatar Lookup could cause server to crash. [#5848](https://github.com/gogs/gogs/issues/5848)
+- Private repositories are hidden in the organization's view. [#5869](https://github.com/gogs/gogs/issues/5869)
+- Users have access to base repository cannot view commits in forks. [#5878](https://github.com/gogs/gogs/issues/5878)
+- Server error when changing email address in user settings page. [#5899](https://github.com/gogs/gogs/issues/5899)
+- Fall back to use RFC 3339 as time layout when misconfigured. [#6098](https://github.com/gogs/gogs/issues/6098)
+- Unable to update team with server error. [#6185](https://github.com/gogs/gogs/issues/6185)
+- Webhooks are not fired after push when `[service] REQUIRE_SIGNIN_VIEW = true`.
+- Files with identical content are randomly displayed one of them.
+
+### Removed
+
+- Configuration option `[other] SHOW_FOOTER_VERSION`
+- Configuration option `[server] STATIC_ROOT_PATH`
+- Configuration option `[repository] MIRROR_QUEUE_LENGTH`
+- Configuration option `[repository] PULL_REQUEST_QUEUE_LENGTH`
+- Configuration option `[session] ENABLE_SET_COOKIE`
+- Configuration option `[release.attachment] PATH`
+- Configuration option `[webhook] QUEUE_LENGTH`
+- Build tag `sqlite`, which means CGO is now required.
+
+---
+
+**Older change logs can be found on [GitHub](https://github.com/gogs/gogs/releases?after=v0.12.0).**
@@ -0,0 +1 @@
+AGENTS.md
@@ -0,0 +1,2 @@
+# Default
+* @gogs/core
@@ -1,22 +1,56 @@
-FROM alpine:3.3
-MAINTAINER jp@roemer.im
+FROM --platform=$BUILDPLATFORM node:24-alpine AS webbuilder
+RUN corepack enable
+WORKDIR /src
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY web ./web
+COPY conf/locale ./conf/locale
+RUN pnpm install --frozen-lockfile
+RUN pnpm --filter gogs-web run build

-# Install system utils & Gogs runtime dependencies
-ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-amd64 /usr/sbin/gosu
-RUN chmod +x /usr/sbin/gosu \
- && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
+FROM golang:1.26-alpine3.23 AS binarybuilder
+RUN apk --no-cache --no-progress add --virtual \
+  build-deps \
+  build-base \
+  git \
+  linux-pam-dev

-ENV GOGS_CUSTOM /data/gogs
+WORKDIR /gogs.io/gogs
+COPY . .
+COPY --from=webbuilder /src/public/dist ./public/dist

-COPY . /app/gogs/
-WORKDIR /app/gogs/
-RUN ./docker/build.sh
+RUN go build -v -trimpath -tags "pam prod" \
+  -ldflags "-X 'gogs.io/gogs/internal/conf.BuildTime=$(date -u '+%Y-%m-%d %I:%M:%S %Z')' -X 'gogs.io/gogs/internal/conf.BuildCommit=$(git rev-parse HEAD)'" \
+  -o .bin/gogs ./cmd/gogs

-# Configure LibC Name Service
+FROM alpine:3.23
+RUN apk --no-cache --no-progress add \
+  bash \
+  ca-certificates \
+  curl \
+  git \
+  linux-pam \
+  openssh \
+  s6 \
+  shadow \
+  socat \
+  tzdata \
+  rsync \
+  "zlib>1.3.2"
+
+ENV GOGS_CUSTOM=/data/gogs
+
+# Configure LibC Name Service
 COPY docker/nsswitch.conf /etc/nsswitch.conf

-# Configure Docker Container
-VOLUME ["/data"]
+WORKDIR /app/gogs
+COPY docker ./docker
+COPY --from=binarybuilder /gogs.io/gogs/.bin/gogs .
+
+RUN ./docker/build/finalize.sh
+
+# Configure Docker Container
+VOLUME ["/data", "/backup"]
 EXPOSE 22 3000
-ENTRYPOINT ["docker/start.sh"]
-CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"]
+HEALTHCHECK CMD (curl --noproxy localhost -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
+ENTRYPOINT ["/app/gogs/docker/start.sh"]
+CMD ["/usr/bin/s6-svscan", "/app/gogs/docker/s6/"]
@@ -0,0 +1,62 @@
+FROM --platform=$BUILDPLATFORM node:24-alpine AS webbuilder
+RUN corepack enable
+WORKDIR /src
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY web ./web
+COPY conf/locale ./conf/locale
+RUN pnpm install --frozen-lockfile
+RUN pnpm --filter gogs-web run build
+
+FROM golang:1.26-alpine3.23 AS binarybuilder
+RUN apk --no-cache --no-progress add --virtual \
+  build-deps \
+  build-base \
+  git \
+  linux-pam-dev
+
+WORKDIR /gogs.io/gogs
+COPY . .
+COPY --from=webbuilder /src/public/dist ./public/dist
+
+RUN go build -v -trimpath -tags "pam prod" \
+  -ldflags "-X 'gogs.io/gogs/internal/conf.BuildTime=$(date -u '+%Y-%m-%d %I:%M:%S %Z')' -X 'gogs.io/gogs/internal/conf.BuildCommit=$(git rev-parse HEAD)'" \
+  -o .bin/gogs ./cmd/gogs
+
+FROM alpine:3.23
+
+# Create git user and group with fixed UID/GID at build time for better K8s security context support.
+# Using 1000:1000 as it's a common non-root UID/GID that works well with most volume permission setups.
+ARG GOGS_UID=1000
+ARG GOGS_GID=1000
+RUN addgroup -g ${GOGS_GID} -S git && \
+    adduser -u ${GOGS_UID} -G git -H -D -g 'Gogs Git User' -h /data/git -s /bin/sh git
+
+RUN apk --no-cache --no-progress add \
+  bash \
+  ca-certificates \
+  curl \
+  git \
+  linux-pam \
+  openssh-keygen \
+  "zlib>1.3.2"
+
+ENV GOGS_CUSTOM=/data/gogs
+
+WORKDIR /app/gogs
+COPY --from=binarybuilder /gogs.io/gogs/.bin/gogs .
+COPY docker-next/start.sh .
+RUN chmod +x start.sh && \
+    mkdir -p /data && \
+    ln -s /data/git /home/git && \
+    chown -R git:git /app/gogs /data
+
+# Configure Docker Container
+VOLUME ["/data", "/backup"]
+EXPOSE 22 3000
+HEALTHCHECK CMD (curl --noproxy localhost -o /dev/null -sS http://localhost:3000/healthcheck) || exit 1
+
+# Run as non-root user by default for better K8s security context support.
+USER git:git
+
+ENTRYPOINT ["/app/gogs/start.sh"]
+CMD ["/app/gogs/gogs", "web"]
@@ -1,25 +0,0 @@
-FROM hypriot/rpi-alpine-scratch:v3.2
-MAINTAINER jp@roemer.im, raxetul@gmail.com
-
-# Install system utils & Gogs runtime dependencies
-ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-armhf /usr/sbin/gosu
-RUN chmod +x /usr/sbin/gosu \
- && echo "http://dl-4.alpinelinux.org/alpine/v3.3/main/"      | tee /etc/apk/repositories    \
- && echo "http://dl-4.alpinelinux.org/alpine/v3.3/community/" | tee -a /etc/apk/repositories \
- && apk -U --no-progress upgrade && rm -f /var/cache/apk/APKINDEX.* \
- && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
-
-ENV GOGS_CUSTOM /data/gogs
-
-COPY . /app/gogs/
-WORKDIR /app/gogs/
-RUN ./docker/build.sh
-
-# Configure LibC Name Service
-COPY docker/nsswitch.conf /etc/nsswitch.conf
-
-# Configure Docker Container
-VOLUME ["/data"]
-EXPOSE 22 3000
-ENTRYPOINT ["docker/start.sh"]
-CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"]
@@ -1,4 +1,4 @@
-Copyright (c) 2014 All Gogs Contributors
+Copyright (c) The Gogs Authors

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -1,66 +0,0 @@
-LDFLAGS += -X "github.com/gogits/gogs/modules/setting.BuildTime=$(shell date -u '+%Y-%m-%d %I:%M:%S %Z')"
-LDFLAGS += -X "github.com/gogits/gogs/modules/setting.BuildGitHash=$(shell git rev-parse HEAD)"
-
-DATA_FILES := $(shell find conf | sed 's/ /\\ /g')
-LESS_FILES := $(wildcard public/less/gogs.less public/less/_*.less)
-GENERATED  := modules/bindata/bindata.go public/css/gogs.css
-
-TAGS = ""
-BUILD_FLAGS = "-v"
-
-RELEASE_ROOT = "release"
-RELEASE_GOGS = "release/gogs"
-NOW = $(shell date -u '+%Y%m%d%I%M%S')
-
-.PHONY: build pack release bindata clean
-
-.IGNORE: public/css/gogs.css
-
-build: $(GENERATED)
-	go install $(BUILD_FLAGS) -ldflags '$(LDFLAGS)' -tags '$(TAGS)'
-	cp '$(GOPATH)/bin/gogs' .
-
-govet:
-	go tool vet -composites=false -methods=false -structtags=false .
-
-build-dev: $(GENERATED) govet
-	go install $(BUILD_FLAGS) -tags '$(TAGS)'
-	cp '$(GOPATH)/bin/gogs' .
-
-build-dev-race: $(GENERATED) govet
-	go install $(BUILD_FLAGS) -race -tags '$(TAGS)'
-	cp '$(GOPATH)/bin/gogs' .
-
-pack:
-	rm -rf $(RELEASE_GOGS)
-	mkdir -p $(RELEASE_GOGS)
-	cp -r gogs LICENSE README.md README_ZH.md templates public scripts $(RELEASE_GOGS)
-	rm -rf $(RELEASE_GOGS)/public/config.codekit $(RELEASE_GOGS)/public/less
-	cd $(RELEASE_ROOT) && zip -r gogs.$(NOW).zip "gogs"
-
-release: build pack
-
-bindata: modules/bindata/bindata.go
-
-modules/bindata/bindata.go: $(DATA_FILES)
-	go-bindata -o=$@ -ignore="\\.DS_Store|README.md|TRANSLATORS" -pkg=bindata conf/...
-
-less: public/css/gogs.css
-
-public/css/gogs.css: $(LESS_FILES)
-	lessc $< $@
-
-clean:
-	go clean -i ./...
-
-clean-mac: clean
-	find . -name ".DS_Store" -print0 | xargs -0 rm
-
-test:
-	go test -cover -race ./...
-
-fixme:
-	grep -rnw "FIXME" routers models modules
-
-todo:
-	grep -rnw "TODO" routers models modules
@@ -1,135 +1,111 @@
-Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?branch=master)](https://travis-ci.org/gogits/gogs) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/gogs/localized.svg)](https://crowdin.com/project/gogs) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/gogits/gogs?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-=====================

-![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
+ <p>
+  <div align="center">
+    <img src="docs/images/logo-light.svg#gh-light-mode-only" alt="Gogs">
+    <img src="docs/images/logo-dark.svg#gh-dark-mode-only" alt="Gogs">
+  </div>
+  <div align="center">
+    <a href="https://github.com/gogs/gogs/actions?query=branch%3Amain"><img
+  src="https://img.shields.io/github/checks-status/gogs/gogs/main?logo=github&style=for-the-badge" alt="GitHub Workflow Status"></a>
+    <a href="https://sourcegraph.com/github.com/gogs/gogs"><img
+src="https://img.shields.io/badge/view%20on-Sourcegraph-brightgreen.svg?style=for-the-badge&logo=sourcegraph" alt="Sourcegraph"></a>
+  </div>
+  <div align="center">
+    👉 Deploy on DigitalOcean and <a href="https://m.do.co/c/5aeb02268b55">get $200 in free credits</a>!
+  </div>
+</p>

-##### Current tip version: 0.9.60 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions)
+## 🔮 Vision

-| Web | UI  | Preview  |
-|:-------------:|:-------:|:-------:|
-|![Dashboard](https://gogs.io/img/screenshots/1.png)|![Repository](https://gogs.io/img/screenshots/2.png)|![Commits History](https://gogs.io/img/screenshots/3.png)|
-|![Profile](https://gogs.io/img/screenshots/4.png)|![Admin Dashboard](https://gogs.io/img/screenshots/5.png)|![Diff](https://gogs.io/img/screenshots/6.png)|
-|![Issues](https://gogs.io/img/screenshots/7.png)|![Releases](https://gogs.io/img/screenshots/8.png)|![Organization](https://gogs.io/img/screenshots/9.png)|
+The Gogs (`/gɑgz/`) project aims to build a simple, stable and extensible self-hosted Git service that can be set up in the most painless way. With Go, this can be done with an independent binary distribution across all platforms that Go supports, including Linux, macOS, Windows and ARM-based systems.

-### Important Notes
+## 📡 Overview

-1. **YOU MUST READ [Contributing Code](https://github.com/gogits/gogs/wiki/Contributing-Code) BEFORE STARTING TO WORK ON A PULL REQUEST**.
-2. Due to testing purpose, data of [try.gogs.io](https://try.gogs.io) was reset in **Jan 28, 2015** and will reset multiple times after. Please do **NOT** put your important data on the site.
-3. The demo site [try.gogs.io](https://try.gogs.io) is running under `develop` branch.
-4. If you think there are vulnerabilities in the project, please talk privately to **u@gogs.io**. Thanks!
-5. If you're interested in using APIs, we have experimental support with [documentation](https://github.com/gogits/go-gogs-client/wiki).
-6. If your team/company is using Gogs and would like to put your logo on [our website](http://gogs.io), contact us by any means.
-
-[简体中文](README_ZH.md)
-
-## Purpose
-
-The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service. With Go, this can be done with an independent binary distribution across **ALL platforms** that Go supports, including Linux, Mac OS X, Windows and ARM.
-
-## Overview
-
- Please see the [Documentation](http://gogs.io/docs/intro) for common usages and change log.
- See the [Trello Board](https://trello.com/b/uxAoeLUl/gogs-go-git-service) to follow the develop team.
+- Please visit [our home page](https://gogs.io) for user documentation.
+- Please refer to [CHANGELOG.md](CHANGELOG.md) for list of changes in each releases.
 - Want to try it before doing anything else? Do it [online](https://try.gogs.io/gogs/gogs)!
- Having trouble? Get help with [Troubleshooting](http://gogs.io/docs/intro/troubleshooting.html) or [User Forum](https://discuss.gogs.io/).
- Want to help with localization? Check out the [guide](http://gogs.io/docs/features/i18n.html)!
+- Having trouble? Help yourself with [troubleshooting](https://gogs.io/asking/troubleshooting) or ask questions in [Discussions](https://github.com/gogs/gogs/discussions).
+- Want to help with localization? Check out the [localization documentation](https://gogs.io/advancing/localization).
+- Ready to get hands dirty? Read our [contributing guide](.github/CONTRIBUTING.md).
+- Hmm... What about APIs? We have experimental support with [documentation](https://gogs.io/api-reference).

-## Features
+## 💌 Features

- Activity timeline
- SSH and HTTP/HTTPS protocols
- SMTP/LDAP/Reverse proxy authentication
- Reverse proxy with sub-path
- Account/Organization/Repository management
- Repository/Organization webhooks (including Slack)
- Repository Git hooks/deploy keys
- Repository issues, pull requests and wiki
- Add/Remove repository collaborators
- Gravatar and custom source
- Mail service
- Administration panel
- Supports MySQL, PostgreSQL, SQLite3 and [TiDB](https://github.com/pingcap/tidb) (experimental)
- Multi-language support ([18 languages](https://crowdin.com/project/gogs))
+- User dashboard, user profile and activity timeline.
+- Access repositories via SSH, HTTP and HTTPS protocols.
+- User, organization and repository management.
+- Repository and organization webhooks, including Slack, Discord and Dingtalk.
+- Repository Git hooks, deploy keys and Git LFS.
+- Repository issues, pull requests, wiki, protected branches and collaboration.
+- Migrate and mirror repositories with wiki from other code hosts.
+- Web editor for quick editing repository files and wiki.
+- Jupyter Notebook and PDF rendering.
+- Authentication via SMTP, LDAP, reverse proxy, GitHub.com and GitHub Enterprise with 2FA.
+- Customize HTML templates, static files and many others.
+- Rich database backend support, including PostgreSQL, MySQL, SQLite3 or any database backend that speaks one of those protocols.
+- Have localization over [31 languages](https://crowdin.com/project/gogs).

-## System Requirements
+## 💾 Hardware requirements

- A cheap Raspberry Pi is powerful enough for basic functionality.
- 2 CPU cores and 1GB RAM would be the baseline for teamwork.
+- A Raspberry Pi or $5 Digital Ocean Droplet is more than enough to get you started. Some even use 64MB RAM Docker [CaaS](https://www.docker.com/blog/containers-as-a-service-caas/).
+- 2 CPU cores and 512MB RAM would be the baseline for teamwork.
+- Increase CPU cores when your team size gets significantly larger, memory footprint remains low.

-## Browser Support
+## 💻 Browser support

 - Please see [Semantic UI](https://github.com/Semantic-Org/Semantic-UI#browser-support) for specific versions of supported browsers.
- The official support minimal size  is **1024*768**, UI may still looks right in smaller size but no promises and fixes.
+- The smallest resolution officially supported is **1024*768**, however the UI may still look right in smaller resolutions, but no promises or fixes.

-## Installation
+## 📜 Installation

-Make sure you install the [prerequisites](http://gogs.io/docs/installation) first.
+Please follow [the guide in our documentation](https://gogs.io/getting-started/installation).

-There are 5 ways to install Gogs:
+### Deploy to cloud

- [Install from binary](http://gogs.io/docs/installation/install_from_binary.html)
- [Install from source](http://gogs.io/docs/installation/install_from_source.html)
- [Install from packages](http://gogs.io/docs/installation/install_from_packages.html)
- [Ship with Docker](https://github.com/gogits/gogs/tree/master/docker)
- [Install with Vagrant](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)
+- [Cloudron](https://www.cloudron.io/store/io.gogs.cloudronapp.html)
+- [YunoHost](https://github.com/YunoHost-Apps/gogs_ynh)
+- [alwaysdata](https://www.alwaysdata.com/en/marketplace/gogs/)

 ### Tutorials

+- [Private Git Web Portal in Raspberry PI With Gogs](https://peppe8o.com/private-git-web-portal-in-raspberry-pi-with-gogs/)
 - [How To Set Up Gogs on Ubuntu 14.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-gogs-on-ubuntu-14-04)
- [Run your own GitHub-like service with the help of Docker](http://blog.hypriot.com/post/run-your-own-github-like-service-with-docker/)
- [Dockerized Gogs git server and alpine postgres in 20 minutes or less](http://garthwaite.org/docker-gogs.html)
- [Host Your Own Private GitHub with Gogs.io](https://eladnava.com/host-your-own-private-github-with-gogs-io/)
- [使用 Gogs 搭建自己的 Git 服务器](https://mynook.info/blog/post/host-your-own-git-server-using-gogs) (Chinese)
- [阿里云上 Ubuntu 14.04 64 位安装 Gogs](http://my.oschina.net/luyao/blog/375654) (Chinese)
+- [Run your own GitHub-like service with the help of Docker](https://blog.hypriot.com/post/run-your-own-github-like-service-with-docker/)
+- [Dockerized Gogs git server and alpine postgres in 20 minutes or less](https://garthwaite.org/docker-gogs.html)
+- [Host Your Own Private GitHub with Gogs](https://eladnava.com/host-your-own-private-github-with-gogs-io/)
+- [使用 Gogs 搭建自己的 Git 服务器](https://blog.mynook.info/post/host-your-own-git-server-using-gogs/) (Chinese)
+- [阿里云上 Ubuntu 14.04 64 位安装 Gogs](https://my.oschina.net/luyao/blog/375654) (Chinese)
 - [Installing Gogs on FreeBSD](https://www.codejam.info/2015/03/installing-gogs-on-freebsd.html)
- [Gogs on Raspberry Pi](http://blog.meinside.pe.kr/Gogs-on-Raspberry-Pi/)
- [Cloudflare Full SSL with GOGS (Go Git Service) using NGINX](http://www.listekconsulting.com/articles/cloudflare-full-ssl-with-gogs-go-git-service-using-nginx/)
+- [How to install Gogs on a Linux Server (DigitalOcean)](https://www.youtube.com/watch?v=deSfX0gqefE)

-### Screencasts
-
- [Instalando Gogs no Ubuntu](https://www.youtube.com/watch?v=4UkHAR1F7ZA) (Português)
-
-### Deploy to Cloud
-
- [OpenShift](https://github.com/tkisme/gogs-openshift)
- [Cloudron](https://cloudron.io/appstore.html#io.gogs.cloudronapp)
- [Scaleway](https://www.scaleway.com/imagehub/gogs/)
- [Portal](https://portaldemo.xyz/cloud/)
- [Sandstorm](https://github.com/cem/gogs-sandstorm)
- [sloppy.io](https://github.com/sloppyio/quickstarters/tree/master/gogs)
- [YunoHost](https://github.com/mbugeia/gogs_ynh)
- [DPlatform](https://github.com/j8r/DPlatform)
-
-## Software and Service Support
-
- [Drone](https://github.com/drone/drone) (CI)
- [Fabric8](http://fabric8.io/) (DevOps)
- [Taiga](https://taiga.io/) (Project Management)
- [Puppet](https://forge.puppetlabs.com/Siteminds/gogs) (IT)
- [Kanboard](http://kanboard.net/plugin/gogs-webhook) (Project Management)
- [BearyChat](https://bearychat.com/) (Team Communication)
- [HiWork](http://www.hiwork.cc/) (Team Communication)
-
-### Product Support
+## 📦 Software, service and product support

+- [Jenkins](https://plugins.jenkins.io/gogs-webhook/) (CI)
+- [Puppet](https://forge.puppet.com/modules/Siteminds/gogs) (IT)
 - [Synology](https://www.synology.com) (Docker)
- [One Space](http://www.onespace.cc) (App Store)
+- [Syncloud](https://syncloud.org/) (App Store)

-## Acknowledgments
+## 🙇‍♂️ Acknowledgments

- Router and middleware mechanism of [Macaron](https://github.com/go-macaron/macaron).
- System Monitor Status is inspired by [GoBlog](https://github.com/fuxiaohei/goblog).
- Thanks [lavachen](http://www.lavachen.cn/) and [Rocker](http://weibo.com/rocker1989) for designing Logo.
- Thanks [Crowdin](https://crowdin.com/project/gogs) for providing open source translation plan.
- Thanks [DigitalOcean](https://www.digitalocean.com) for hosting home and demo sites.
- Thanks [KeyCDN](https://www.keycdn.com/) and [QiNiu](http://www.qiniu.com/) for providing CDN service.
+<p>This project is proudly supported by:</p>
+<p>
+  <a href="https://m.do.co/c/5aeb02268b55">
+    <img src="https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg" width="201px">
+  </a>
+</p>

-## Contributors
+Other acknowledgments:

- Ex-team members [@lunny](https://github.com/lunny), [@fuxiaohei](https://github.com/fuxiaohei) and [@slene](https://github.com/slene).
- See [contributors page](https://github.com/gogits/gogs/graphs/contributors) for full list of contributors.
+- Thanks [Egon Elbre](https://twitter.com/egonelbre) for designing the original version of the logo.
+- Thanks [Mintlify](https://mintlify.com) for sponsoring open source documentation plan.
+- Thanks [Crowdin](https://crowdin.com) for sponsoring open source translation plan.
+- Thanks [Buildkite](https://buildkite.com) for sponsoring open source CI/CD plan.
+
+## 👋 Contributors
+
+- See [contributors page](https://github.com/gogs/gogs/graphs/contributors) for top 100 contributors.
 - See [TRANSLATORS](conf/locale/TRANSLATORS) for public list of translators.

-## License
+## ⚖️ License

-This project is under the MIT License. See the [LICENSE](https://github.com/gogits/gogs/blob/master/LICENSE) file for the full license text.
+This project is under the MIT License. See the [LICENSE](https://github.com/gogs/gogs/blob/main/LICENSE) file for the full license text.
@@ -1,105 +0,0 @@
-Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?branch=master)](https://travis-ci.org/gogits/gogs)
-=====================
-
-Gogs (Go Git Service) 是一款极易搭建的自助 Git 服务。
-
-## 开发目的
-
-Gogs 的目标是打造一个最简单、最快速和最轻松的方式搭建自助 Git 服务。使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发，并且支持 Go 语言支持的 **所有平台**，包括 Linux、Mac OS X、Windows 以及 ARM 平台。
-
-## 项目概览
-
- 有关基本用法和变更日志，请通过 [使用手册](http://gogs.io/docs/intro/) 查看。
- 您可以到 [Trello Board](https://trello.com/b/uxAoeLUl/gogs-go-git-service) 跟随开发团队的脚步。
- 想要先睹为快？直接去 [在线体验](https://try.gogs.io/gogs/gogs) 。
- 使用过程中遇到问题？尝试从 [故障排查](http://gogs.io/docs/intro/troubleshooting.html) 页面或 [用户论坛](https://discuss.gogs.io/) 获取帮助。
- 希望帮助多国语言界面的翻译吗？请立即访问 [详情页面](http://gogs.io/docs/features/i18n.html)！
-
-## 功能特性
-
- 支持活动时间线
- 支持 SSH 以及 HTTP/HTTPS 协议
- 支持 SMTP、LDAP 和反向代理的用户认证
- 支持反向代理子路径
- 支持用户、组织和仓库管理系统
- 支持仓库和组织级别 Web 钩子（包括 Slack 集成）
- 支持仓库 Git 钩子和部署密钥
- 支持仓库工单（Issue）、合并请求（Pull Request）以及 Wiki
- 支持添加和删除仓库协作者
- 支持 Gravatar 以及自定义源
- 支持邮件服务
- 支持后台管理面板
- 支持 MySQL、PostgreSQL、SQLite3 和 [TiDB](https://github.com/pingcap/tidb)（实验性支持） 数据库
- 支持多语言本地化（[18 种语言]([more](https://crowdin.com/project/gogs))）
-
-## 系统要求
-
- 最低的系统硬件要求为一个廉价的树莓派
- 如果用于团队项目，建议使用 2 核 CPU 及 1GB 内存
-
-## 浏览器支持
-
- 请根据 [Semantic UI](https://github.com/Semantic-Org/Semantic-UI#browser-support) 查看具体支持的浏览器版本。
- 官方支持的最小 UI 尺寸为 **1024*768**，UI 不一定会在更小尺寸的设备上被破坏，但我们无法保证且不会修复。
-
-## 安装部署
-
-在安装 Gogs 之前，您需要先安装 [基本环境](http://gogs.io/docs/installation)。
-
-然后，您可以通过以下 5 种方式来安装 Gogs：
-
- [二进制安装](http://gogs.io/docs/installation/install_from_binary.html)
- [源码安装](http://gogs.io/docs/installation/install_from_source.html)
- [包管理安装](http://gogs.io/docs/installation/install_from_packages.html)
- [采用 Docker 部署](https://github.com/gogits/gogs/tree/master/docker)
- [通过 Vagrant 安装](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)
-
-### 使用教程
-
- [使用 Gogs 搭建自己的 Git 服务器](https://mynook.info/blog/post/host-your-own-git-server-using-gogs)
- [阿里云上 Ubuntu 14.04 64 位安装 Gogs](http://my.oschina.net/luyao/blog/375654)
-
-### 云端部署
-
- [OpenShift](https://github.com/tkisme/gogs-openshift)
- [Cloudron](https://cloudron.io/appstore.html#io.gogs.cloudronapp)
- [Scaleway](https://www.scaleway.com/imagehub/gogs/)
- [Portal](https://portaldemo.xyz/cloud/)
- [Sandstorm](https://github.com/cem/gogs-sandstorm)
- [sloppy.io](https://github.com/sloppyio/quickstarters/tree/master/gogs)
- [YunoHost](https://github.com/mbugeia/gogs_ynh)
- [DPlatform](https://github.com/j8r/DPlatform)
-
-## 软件及服务支持
-
- [Drone](https://github.com/drone/drone)（CI）
- [Fabric8](http://fabric8.io/)（DevOps）
- [Taiga](https://taiga.io/)（项目管理）
- [Puppet](https://forge.puppetlabs.com/Siteminds/gogs)（IT）
- [Kanboard](http://kanboard.net/plugin/gogs-webhook)（项目管理）
- [BearyChat](https://bearychat.com/)（团队交流）
- [HiWork](http://www.hiwork.cc/)（团队交流）
-
-### 产品支持
-
- [Synology](https://www.synology.com)（Docker）
- [One Space](http://www.onespace.cc)（应用商店）
-
-## 特别鸣谢
-
- 基于 [Macaron](https://github.com/go-macaron/macaron) 的路由与中间件机制。
- 基于 [GoBlog](https://github.com/fuxiaohei/goblog) 修改的系统监视状态。
- 感谢 [lavachen](http://www.lavachen.cn/) 和 [Rocker](http://weibo.com/rocker1989) 设计的 Logo。
- 感谢 [Crowdin](https://crowdin.com/project/gogs) 提供免费的开源项目本地化支持。
- 感谢 [DigitalOcean](https://www.digitalocean.com) 提供主站和体验站点的服务器赞助。
- 感谢 [KeyCDN](https://www.keycdn.com/) 和 [七牛云存储](http://www.qiniu.com/) 提供 CDN 服务赞助。
-
-## 贡献成员
-
- 前团队成员 [@lunny](https://github.com/lunny)、[@fuxiaohei](https://github.com/fuxiaohei) 和 [@slene](https://github.com/slene)。
- 您可以通过查看 [贡献者页面](https://github.com/gogits/gogs/graphs/contributors) 获取完整的贡献者列表。
- 您可以通过查看 [TRANSLATORS](conf/locale/TRANSLATORS) 文件获取公开的翻译人员列表。
-
-## 授权许可
-
-本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/gogits/gogs/blob/master/LICENSE) 文件中。
@@ -0,0 +1,27 @@
+# Security policy
+
+## Supported versions
+
+Only the latest minor version releases are supported (e.g., 0.14) for patching vulnerabilities. You can find the latest minor version in the [GitHub releases](https://github.com/gogs/gogs/releases) page. 
+
+Existing vulnerability reports are being tracked in [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories). Not all accepted GHSA are published.
+
+## Vulnerability lifecycle
+
+> [!important]
+> Starting **Nov 9, 2023 00:00 UTC**, only security vulnerabilities reported through [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories/new) are accepted.
+> Pre-existing vulnerability reported through https://huntr.dev/ or email (`security@gogs.io`) will continue to be worked through.
+
+1. Report an advisory for the vulnerability.
+    - Please be aware that **only advisories reported in plain English** will be reviewed.
+    - We DO NOT accept vulnerabilities cannot be reproduced on the latest `main` commit.
+1. Project maintainers review the advisory:
+    - Ask clarifying questions
+    - Make sure there was no prior advisory exists for the same vulnerability
+    - Confirm or deny the vulnerability
+1. Once the advisory is accepted, the reporter may submit a patch or wait for project maintainers to patch.
+    - The latter is usually significantly slower.
+1. Patch releases will be made for the supported versions.
+1. After 14 days of the release, publish the corresponding advisory on [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories).
+
+Thank you for making open source community a better place!
@@ -1,163 +0,0 @@
-// +build cert
-
-// Copyright 2009 The Go Authors. All rights reserved.
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
-	"log"
-	"math/big"
-	"net"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/codegangsta/cli"
-)
-
-var CmdCert = cli.Command{
-	Name:  "cert",
-	Usage: "Generate self-signed certificate",
-	Description: `Generate a self-signed X.509 certificate for a TLS server. 
-Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
-	Action: runCert,
-	Flags: []cli.Flag{
-		stringFlag("host", "", "Comma-separated hostnames and IPs to generate a certificate for"),
-		stringFlag("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521"),
-		intFlag("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set"),
-		stringFlag("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011"),
-		durationFlag("duration", 365*24*time.Hour, "Duration that certificate is valid for"),
-		boolFlag("ca", "whether this cert should be its own Certificate Authority"),
-	},
-}
-
-func publicKey(priv interface{}) interface{} {
-	switch k := priv.(type) {
-	case *rsa.PrivateKey:
-		return &k.PublicKey
-	case *ecdsa.PrivateKey:
-		return &k.PublicKey
-	default:
-		return nil
-	}
-}
-
-func pemBlockForKey(priv interface{}) *pem.Block {
-	switch k := priv.(type) {
-	case *rsa.PrivateKey:
-		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
-	case *ecdsa.PrivateKey:
-		b, err := x509.MarshalECPrivateKey(k)
-		if err != nil {
-			log.Fatalf("Unable to marshal ECDSA private key: %v\n", err)
-		}
-		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
-	default:
-		return nil
-	}
-}
-
-func runCert(ctx *cli.Context) error {
-	if len(ctx.String("host")) == 0 {
-		log.Fatal("Missing required --host parameter")
-	}
-
-	var priv interface{}
-	var err error
-	switch ctx.String("ecdsa-curve") {
-	case "":
-		priv, err = rsa.GenerateKey(rand.Reader, ctx.Int("rsa-bits"))
-	case "P224":
-		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
-	case "P256":
-		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	case "P384":
-		priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
-	case "P521":
-		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
-	default:
-		log.Fatalf("Unrecognized elliptic curve: %q", ctx.String("ecdsa-curve"))
-	}
-	if err != nil {
-		log.Fatalf("Failed to generate private key: %s", err)
-	}
-
-	var notBefore time.Time
-	if len(ctx.String("start-date")) == 0 {
-		notBefore = time.Now()
-	} else {
-		notBefore, err = time.Parse("Jan 2 15:04:05 2006", ctx.String("start-date"))
-		if err != nil {
-			log.Fatalf("Failed to parse creation date: %s", err)
-		}
-	}
-
-	notAfter := notBefore.Add(ctx.Duration("duration"))
-
-	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
-	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
-	if err != nil {
-		log.Fatalf("Failed to generate serial number: %s", err)
-	}
-
-	template := x509.Certificate{
-		SerialNumber: serialNumber,
-		Subject: pkix.Name{
-			Organization: []string{"Acme Co"},
-			CommonName:   "Gogs",
-		},
-		NotBefore: notBefore,
-		NotAfter:  notAfter,
-
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-	}
-
-	hosts := strings.Split(ctx.String("host"), ",")
-	for _, h := range hosts {
-		if ip := net.ParseIP(h); ip != nil {
-			template.IPAddresses = append(template.IPAddresses, ip)
-		} else {
-			template.DNSNames = append(template.DNSNames, h)
-		}
-	}
-
-	if ctx.Bool("ca") {
-		template.IsCA = true
-		template.KeyUsage |= x509.KeyUsageCertSign
-	}
-
-	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
-	if err != nil {
-		log.Fatalf("Failed to create certificate: %s", err)
-	}
-
-	certOut, err := os.Create("cert.pem")
-	if err != nil {
-		log.Fatalf("Failed to open cert.pem for writing: %s", err)
-	}
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	certOut.Close()
-	log.Println("Written cert.pem")
-
-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	if err != nil {
-		log.Fatalf("Failed to open key.pem for writing: %v\n", err)
-	}
-	pem.Encode(keyOut, pemBlockForKey(priv))
-	keyOut.Close()
-	log.Println("Written key.pem")
-
-	return nil
-}
@@ -1,28 +0,0 @@
-// +build !cert
-
-// Copyright 2009 The Go Authors. All rights reserved.
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/codegangsta/cli"
-)
-
-var CmdCert = cli.Command{
-	Name:        "cert",
-	Usage:       "Generate self-signed certificate",
-	Description: `Please use build tags "cert" to rebuild Gogs in order to have this ability`,
-	Action:      runCert,
-}
-
-func runCert(ctx *cli.Context) error {
-	fmt.Println("Command cert not available, please use build tags 'cert' to rebuild.")
-	os.Exit(1)
-
-	return nil
-}
@@ -1,42 +0,0 @@
-// Copyright 2015 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"time"
-
-	"github.com/codegangsta/cli"
-)
-
-func stringFlag(name, value, usage string) cli.StringFlag {
-	return cli.StringFlag{
-		Name:  name,
-		Value: value,
-		Usage: usage,
-	}
-}
-
-func boolFlag(name, usage string) cli.BoolFlag {
-	return cli.BoolFlag{
-		Name:  name,
-		Usage: usage,
-	}
-}
-
-func intFlag(name string, value int, usage string) cli.IntFlag {
-	return cli.IntFlag{
-		Name:  name,
-		Value: value,
-		Usage: usage,
-	}
-}
-
-func durationFlag(name string, value time.Duration, usage string) cli.DurationFlag {
-	return cli.DurationFlag{
-		Name:  name,
-		Value: value,
-		Usage: usage,
-	}
-}
@@ -1,104 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"fmt"
-	"log"
-	"os"
-	"path"
-	"time"
-
-	"io/ioutil"
-
-	"github.com/Unknwon/cae/zip"
-	"github.com/codegangsta/cli"
-
-	"github.com/gogits/gogs/models"
-	"github.com/gogits/gogs/modules/setting"
-)
-
-var CmdDump = cli.Command{
-	Name:  "dump",
-	Usage: "Dump Gogs files and database",
-	Description: `Dump compresses all related files and database into zip file.
-It can be used for backup and capture Gogs server image to send to maintainer`,
-	Action: runDump,
-	Flags: []cli.Flag{
-		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
-		boolFlag("verbose, v", "Show process details"),
-		stringFlag("tempdir, t", os.TempDir(), "Temporary dir path"),
-	},
-}
-
-func runDump(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
-	}
-	setting.NewContext()
-	models.LoadConfigs()
-	models.SetEngine()
-
-	tmpDir := ctx.String("tempdir")
-	if _, err := os.Stat(tmpDir); os.IsNotExist(err) {
-		log.Fatalf("Path does not exist: %s", tmpDir)
-	}
-	TmpWorkDir, err := ioutil.TempDir(tmpDir, "gogs-dump-")
-	if err != nil {
-		log.Fatalf("Fail to create tmp work directory: %v", err)
-	}
-	log.Printf("Creating tmp work dir: %s", TmpWorkDir)
-
-	reposDump := path.Join(TmpWorkDir, "gogs-repo.zip")
-	dbDump := path.Join(TmpWorkDir, "gogs-db.sql")
-
-	log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
-	zip.Verbose = ctx.Bool("verbose")
-	if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
-		log.Fatalf("Fail to dump local repositories: %v", err)
-	}
-
-	log.Printf("Dumping database...")
-	if err := models.DumpDatabase(dbDump); err != nil {
-		log.Fatalf("Fail to dump database: %v", err)
-	}
-
-	fileName := fmt.Sprintf("gogs-dump-%d.zip", time.Now().Unix())
-	log.Printf("Packing dump files...")
-	z, err := zip.Create(fileName)
-	if err != nil {
-		os.Remove(fileName)
-		log.Fatalf("Fail to create %s: %v", fileName, err)
-	}
-
-	if err := z.AddFile("gogs-repo.zip", reposDump); err != nil {
-		log.Fatalf("Fail to include gogs-repo.zip: %v", err)
-	}
-	if err := z.AddFile("gogs-db.sql", dbDump); err != nil {
-		log.Fatalf("Fail to include gogs-db.sql: %v", err)
-	}
-	customDir, err := os.Stat(setting.CustomPath)
-	if err == nil && customDir.IsDir() {
-		if err := z.AddDir("custom", setting.CustomPath); err != nil {
-			log.Fatalf("Fail to include custom: %v", err)
-		}
-	} else {
-		log.Printf("Custom dir %s doesn't exist, skipped", setting.CustomPath)
-	}
-	if err := z.AddDir("log", setting.LogRootPath); err != nil {
-		log.Fatalf("Fail to include log: %v", err)
-	}
-	// FIXME: SSH key file.
-	if err = z.Close(); err != nil {
-		os.Remove(fileName)
-		log.Fatalf("Fail to save %s: %v", fileName, err)
-	}
-
-	log.Printf("Removing tmp work dir: %s", TmpWorkDir)
-	os.RemoveAll(TmpWorkDir)
-	log.Printf("Finish dumping in file %s", fileName)
-
-	return nil
-}
@@ -0,0 +1,189 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+	"runtime"
+
+	"github.com/cockroachdb/errors"
+	"github.com/urfave/cli/v3"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/database"
+)
+
+var (
+	adminCommand = cli.Command{
+		Name:  "admin",
+		Usage: "Perform admin operations on command line",
+		Description: `Allow using internal logic of Gogs without hacking into the source code
+to make automatic initialization process more smoothly`,
+		Commands: []*cli.Command{
+			&subcmdCreateUser,
+			&subcmdDeleteInactivateUsers,
+			&subcmdDeleteRepositoryArchives,
+			&subcmdDeleteMissingRepositories,
+			&subcmdGitGcRepos,
+			&subcmdRewriteAuthorizedKeys,
+			&subcmdSyncRepositoryHooks,
+			&subcmdReinitMissingRepositories,
+		},
+	}
+
+	subcmdCreateUser = cli.Command{
+		Name:   "create-user",
+		Usage:  "Create a new user in database",
+		Action: runCreateUser,
+		Flags: []cli.Flag{
+			stringFlag("name", "", "Username"),
+			stringFlag("password", "", "User password"),
+			stringFlag("email", "", "User email address"),
+			boolFlag("admin", "User is an admin"),
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+
+	subcmdDeleteInactivateUsers = cli.Command{
+		Name:  "delete-inactive-users",
+		Usage: "Delete all inactive accounts",
+		Action: adminDashboardOperation(
+			func() error { return database.Handle.Users().DeleteInactivated() },
+			"All inactivated accounts have been deleted successfully",
+		),
+		Flags: []cli.Flag{
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+
+	subcmdDeleteRepositoryArchives = cli.Command{
+		Name:  "delete-repository-archives",
+		Usage: "Delete all repositories archives",
+		Action: adminDashboardOperation(
+			database.DeleteRepositoryArchives,
+			"All repositories archives have been deleted successfully",
+		),
+		Flags: []cli.Flag{
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+
+	subcmdDeleteMissingRepositories = cli.Command{
+		Name:  "delete-missing-repositories",
+		Usage: "Delete all repository records that lost Git files",
+		Action: adminDashboardOperation(
+			database.DeleteMissingRepositories,
+			"All repositories archives have been deleted successfully",
+		),
+		Flags: []cli.Flag{
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+
+	subcmdGitGcRepos = cli.Command{
+		Name:  "collect-garbage",
+		Usage: "Do garbage collection on repositories",
+		Action: adminDashboardOperation(
+			database.GitGcRepos,
+			"All repositories have done garbage collection successfully",
+		),
+		Flags: []cli.Flag{
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+
+	subcmdRewriteAuthorizedKeys = cli.Command{
+		Name:  "rewrite-authorized-keys",
+		Usage: "Rewrite '.ssh/authorized_keys' file (caution: non-Gogs keys will be lost)",
+		Action: adminDashboardOperation(
+			database.RewriteAuthorizedKeys,
+			"All public keys have been rewritten successfully",
+		),
+		Flags: []cli.Flag{
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+
+	subcmdSyncRepositoryHooks = cli.Command{
+		Name:  "resync-hooks",
+		Usage: "Resync pre-receive, update and post-receive hooks",
+		Action: adminDashboardOperation(
+			database.SyncRepositoryHooks,
+			"All repositories' pre-receive, update and post-receive hooks have been resynced successfully",
+		),
+		Flags: []cli.Flag{
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+
+	subcmdReinitMissingRepositories = cli.Command{
+		Name:  "reinit-missing-repositories",
+		Usage: "Reinitialize all repository records that lost Git files",
+		Action: adminDashboardOperation(
+			database.ReinitMissingRepositories,
+			"All repository records that lost Git files have been reinitialized successfully",
+		),
+		Flags: []cli.Flag{
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+)
+
+func runCreateUser(ctx context.Context, cmd *cli.Command) error {
+	if !cmd.IsSet("name") {
+		return errors.New("Username is not specified")
+	} else if !cmd.IsSet("password") {
+		return errors.New("Password is not specified")
+	} else if !cmd.IsSet("email") {
+		return errors.New("Email is not specified")
+	}
+
+	err := conf.Init(configFromLineage(cmd))
+	if err != nil {
+		return errors.Wrap(err, "init configuration")
+	}
+	conf.InitLogging(true)
+
+	if _, err = database.SetEngine(); err != nil {
+		return errors.Wrap(err, "set engine")
+	}
+
+	user, err := database.Handle.Users().Create(
+		ctx,
+		cmd.String("name"),
+		cmd.String("email"),
+		database.CreateUserOptions{
+			Password:  cmd.String("password"),
+			Activated: true,
+			Admin:     cmd.Bool("admin"),
+		},
+	)
+	if err != nil {
+		return errors.Wrap(err, "create user")
+	}
+
+	fmt.Printf("New user %q has been successfully created!\n", user.Name)
+	return nil
+}
+
+func adminDashboardOperation(operation func() error, successMessage string) func(context.Context, *cli.Command) error {
+	return func(_ context.Context, cmd *cli.Command) error {
+		err := conf.Init(configFromLineage(cmd))
+		if err != nil {
+			return errors.Wrap(err, "init configuration")
+		}
+		conf.InitLogging(true)
+
+		if _, err = database.SetEngine(); err != nil {
+			return errors.Wrap(err, "set engine")
+		}
+
+		if err := operation(); err != nil {
+			functionName := runtime.FuncForPC(reflect.ValueOf(operation).Pointer()).Name()
+			return errors.Newf("%s: %v", functionName, err)
+		}
+
+		fmt.Printf("%s\n", successMessage)
+		return nil
+	}
+}
@@ -0,0 +1,194 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path"
+	"path/filepath"
+	"strconv"
+	"time"
+
+	"github.com/cockroachdb/errors"
+	"github.com/unknwon/cae/zip"
+	"github.com/urfave/cli/v3"
+	"gopkg.in/ini.v1"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/database"
+	"gogs.io/gogs/internal/osx"
+)
+
+var backupCommand = cli.Command{
+	Name:  "backup",
+	Usage: "Backup files and database",
+	Description: `Backup dumps and compresses all related files and database into zip file,
+which can be used for migrating Gogs to another server. The output format is meant to be
+portable among all supported database engines.`,
+	Action: runBackup,
+	Flags: []cli.Flag{
+		stringFlag("config, c", "", "Custom configuration file path"),
+		boolFlag("verbose, v", "Show process details"),
+		stringFlag("tempdir, t", os.TempDir(), "Temporary directory path"),
+		stringFlag("target", "./", "Target directory path to save backup archive"),
+		stringFlag("archive-name", fmt.Sprintf("gogs-backup-%s.zip", time.Now().Format("20060102150405")), "Name of backup archive"),
+		boolFlag("database-only", "Only dump database"),
+		boolFlag("exclude-mirror-repos", "Exclude mirror repositories"),
+		boolFlag("exclude-repos", "Exclude repositories"),
+	},
+}
+
+const (
+	currentBackupFormatVersion = 1
+	archiveRootDir             = "gogs-backup"
+)
+
+func runBackup(ctx context.Context, cmd *cli.Command) error {
+	zip.Verbose = cmd.Bool("verbose")
+
+	err := conf.Init(configFromLineage(cmd))
+	if err != nil {
+		return errors.Wrap(err, "init configuration")
+	}
+	conf.InitLogging(true)
+
+	conn, err := database.SetEngine()
+	if err != nil {
+		return errors.Wrap(err, "set engine")
+	}
+
+	tmpDir := cmd.String("tempdir")
+	if !osx.Exist(tmpDir) {
+		log.Fatal("'--tempdir' does not exist: %s", tmpDir)
+	}
+	rootDir, err := os.MkdirTemp(tmpDir, "gogs-backup-")
+	if err != nil {
+		log.Fatal("Failed to create backup root directory '%s': %v", rootDir, err)
+	}
+	log.Info("Backup root directory: %s", rootDir)
+
+	// Metadata
+	metaFile := path.Join(rootDir, "metadata.ini")
+	metadata := ini.Empty()
+	metadata.Section("").Key("VERSION").SetValue(strconv.Itoa(currentBackupFormatVersion))
+	metadata.Section("").Key("DATE_TIME").SetValue(time.Now().String())
+	metadata.Section("").Key("GOGS_VERSION").SetValue(conf.App.Version)
+	if err = metadata.SaveTo(metaFile); err != nil {
+		log.Fatal("Failed to save metadata '%s': %v", metaFile, err)
+	}
+
+	archiveName := filepath.Join(cmd.String("target"), cmd.String("archive-name"))
+	log.Info("Packing backup files to: %s", archiveName)
+
+	z, err := zip.Create(archiveName)
+	if err != nil {
+		log.Fatal("Failed to create backup archive '%s': %v", archiveName, err)
+	}
+	if err = z.AddFile(archiveRootDir+"/metadata.ini", metaFile); err != nil {
+		log.Fatal("Failed to include 'metadata.ini': %v", err)
+	}
+
+	// Database
+	dbDir := filepath.Join(rootDir, "db")
+	if err = database.DumpDatabase(ctx, conn, dbDir, cmd.Bool("verbose")); err != nil {
+		log.Fatal("Failed to dump database: %v", err)
+	}
+	if err = z.AddDir(archiveRootDir+"/db", dbDir); err != nil {
+		log.Fatal("Failed to include 'db': %v", err)
+	}
+
+	if !cmd.Bool("database-only") {
+		// Custom files
+		err = addCustomDirToBackup(z)
+		if err != nil {
+			log.Fatal("Failed to add custom directory to backup: %v", err)
+		}
+
+		// Data files
+		for _, dir := range []string{"ssh", "attachments", "avatars", "repo-avatars"} {
+			dirPath := filepath.Join(conf.Server.AppDataPath, dir)
+			if !osx.IsDir(dirPath) {
+				continue
+			}
+
+			if err = z.AddDir(path.Join(archiveRootDir+"/data", dir), dirPath); err != nil {
+				log.Fatal("Failed to include 'data': %v", err)
+			}
+		}
+	}
+
+	// Repositories
+	if !cmd.Bool("exclude-repos") && !cmd.Bool("database-only") {
+		reposDump := filepath.Join(rootDir, "repositories.zip")
+		log.Info("Dumping repositories in %q", conf.Repository.Root)
+		if cmd.Bool("exclude-mirror-repos") {
+			repos, err := database.GetNonMirrorRepositories()
+			if err != nil {
+				log.Fatal("Failed to get non-mirror repositories: %v", err)
+			}
+			reposZip, err := zip.Create(reposDump)
+			if err != nil {
+				log.Fatal("Failed to create %q: %v", reposDump, err)
+			}
+			baseDir := filepath.Base(conf.Repository.Root)
+			for _, r := range repos {
+				name := r.FullName() + ".git"
+				if err := reposZip.AddDir(filepath.Join(baseDir, name), filepath.Join(conf.Repository.Root, name)); err != nil {
+					log.Fatal("Failed to add %q: %v", name, err)
+				}
+			}
+			if err = reposZip.Close(); err != nil {
+				log.Fatal("Failed to save %q: %v", reposDump, err)
+			}
+		} else {
+			if err = zip.PackTo(conf.Repository.Root, reposDump, true); err != nil {
+				log.Fatal("Failed to dump repositories: %v", err)
+			}
+		}
+		log.Info("Repositories dumped to: %s", reposDump)
+
+		if err = z.AddFile(archiveRootDir+"/repositories.zip", reposDump); err != nil {
+			log.Fatal("Failed to include %q: %v", reposDump, err)
+		}
+	}
+
+	if err = z.Close(); err != nil {
+		log.Fatal("Failed to save backup archive '%s': %v", archiveName, err)
+	}
+
+	_ = os.RemoveAll(rootDir)
+	log.Info("Backup succeed! Archive is located at: %s", archiveName)
+	log.Stop()
+	return nil
+}
+
+func addCustomDirToBackup(z *zip.ZipArchive) error {
+	customDir := conf.CustomDir()
+	entries, err := os.ReadDir(customDir)
+	if err != nil {
+		return errors.Wrap(err, "list custom directory entries")
+	}
+
+	for _, e := range entries {
+		if e.Name() == "data" {
+			// Skip the "data" directory because it lives under the "custom" directory in
+			// the Docker setup and will be backed up separately.
+			log.Trace(`Skipping "data" directory in custom directory`)
+			continue
+		}
+
+		add := z.AddFile
+		if e.IsDir() {
+			add = z.AddDir
+		}
+		err = add(
+			fmt.Sprintf("%s/custom/%s", archiveRootDir, e.Name()),
+			filepath.Join(customDir, e.Name()),
+		)
+		if err != nil {
+			return errors.Wrapf(err, "add %q", e.Name())
+		}
+	}
+	return nil
+}
@@ -0,0 +1,56 @@
+package main
+
+import (
+	"strings"
+
+	"github.com/urfave/cli/v3"
+)
+
+func stringFlag(name, value, usage string) *cli.StringFlag {
+	parts := strings.SplitN(name, ", ", 2)
+	f := &cli.StringFlag{
+		Name:  parts[0],
+		Value: value,
+		Usage: usage,
+	}
+	if len(parts) > 1 {
+		f.Aliases = []string{parts[1]}
+	}
+	return f
+}
+
+// configFromLineage walks the command lineage to find the --config flag value.
+// This is needed because subcommands may not directly see flags set on parent commands.
+func configFromLineage(cmd *cli.Command) string {
+	for _, c := range cmd.Lineage() {
+		if c.IsSet("config") {
+			return c.String("config")
+		}
+	}
+	return ""
+}
+
+func intFlag(name string, value int, usage string) *cli.IntFlag {
+	parts := strings.SplitN(name, ", ", 2)
+	f := &cli.IntFlag{
+		Name:  parts[0],
+		Value: value,
+		Usage: usage,
+	}
+	if len(parts) > 1 {
+		f.Aliases = []string{parts[1]}
+	}
+	return f
+}
+
+func boolFlag(name, usage string) *cli.BoolFlag {
+	parts := strings.SplitN(name, ", ", 2)
+	f := &cli.BoolFlag{
+		Name:  parts[0],
+		Usage: usage,
+	}
+	if len(parts) > 1 {
+		f.Aliases = []string{parts[1]}
+	}
+	return f
+}
@@ -0,0 +1,273 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net/url"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/urfave/cli/v3"
+	log "unknwon.dev/clog/v2"
+
+	"github.com/gogs/git-module"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/database"
+	"gogs.io/gogs/internal/email"
+	"gogs.io/gogs/internal/httplib"
+	"gogs.io/gogs/internal/osx"
+)
+
+var (
+	hookCommand = cli.Command{
+		Name:        "hook",
+		Usage:       "Delegate commands to corresponding Git hooks",
+		Description: "All sub-commands should only be called by Git",
+		Flags: []cli.Flag{
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+		Commands: []*cli.Command{
+			&subcmdHookPreReceive,
+			&subcmdHookUpadte,
+			&subcmdHookPostReceive,
+		},
+	}
+
+	subcmdHookPreReceive = cli.Command{
+		Name:        "pre-receive",
+		Usage:       "Delegate pre-receive Git hook",
+		Description: "This command should only be called by Git",
+		Action:      runHookPreReceive,
+	}
+	subcmdHookUpadte = cli.Command{
+		Name:        "update",
+		Usage:       "Delegate update Git hook",
+		Description: "This command should only be called by Git",
+		Action:      runHookUpdate,
+	}
+	subcmdHookPostReceive = cli.Command{
+		Name:        "post-receive",
+		Usage:       "Delegate post-receive Git hook",
+		Description: "This command should only be called by Git",
+		Action:      runHookPostReceive,
+	}
+)
+
+func runHookPreReceive(_ context.Context, cmd *cli.Command) error {
+	if os.Getenv("SSH_ORIGINAL_COMMAND") == "" {
+		return nil
+	}
+	setup(cmd, "pre-receive.log", true)
+
+	isWiki := strings.Contains(os.Getenv(database.EnvRepoCustomHooksPath), ".wiki.git/")
+
+	buf := bytes.NewBuffer(nil)
+	scanner := bufio.NewScanner(os.Stdin)
+	for scanner.Scan() {
+		buf.Write(scanner.Bytes())
+		buf.WriteByte('\n')
+
+		if isWiki {
+			continue
+		}
+
+		fields := bytes.Fields(scanner.Bytes())
+		if len(fields) != 3 {
+			continue
+		}
+		oldCommitID := string(fields[0])
+		newCommitID := string(fields[1])
+		branchName := git.RefShortName(string(fields[2]))
+
+		// Branch protection
+		repoID, _ := strconv.ParseInt(os.Getenv(database.EnvRepoID), 10, 64)
+		protectBranch, err := database.GetProtectBranchOfRepoByName(repoID, branchName)
+		if err != nil {
+			if database.IsErrBranchNotExist(err) {
+				continue
+			}
+			fail("Internal error", "GetProtectBranchOfRepoByName [repo_id: %d, branch: %s]: %v", repoID, branchName, err)
+		}
+		if !protectBranch.Protected {
+			continue
+		}
+
+		// Whitelist users can bypass require pull request check
+		bypassRequirePullRequest := false
+
+		// Check if user is in whitelist when enabled
+		userID, _ := strconv.ParseInt(os.Getenv(database.EnvAuthUserID), 10, 64)
+		if protectBranch.EnableWhitelist {
+			if !database.IsUserInProtectBranchWhitelist(repoID, userID, branchName) {
+				fail(fmt.Sprintf("Branch '%s' is protected and you are not in the push whitelist", branchName), "")
+			}
+
+			bypassRequirePullRequest = true
+		}
+
+		// Check if branch allows direct push
+		if !bypassRequirePullRequest && protectBranch.RequirePullRequest {
+			fail(fmt.Sprintf("Branch '%s' is protected and commits must be merged through pull request", branchName), "")
+		}
+
+		// check and deletion
+		if newCommitID == git.EmptyID {
+			fail(fmt.Sprintf("Branch '%s' is protected from deletion", branchName), "")
+		}
+
+		// Check force push
+		output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).
+			RunInDir(database.RepoPath(os.Getenv(database.EnvRepoOwnerName), os.Getenv(database.EnvRepoName)))
+		if err != nil {
+			fail("Internal error", "Failed to detect force push: %v", err)
+		} else if len(output) > 0 {
+			fail(fmt.Sprintf("Branch '%s' is protected from force push", branchName), "")
+		}
+	}
+
+	customHooksPath := filepath.Join(os.Getenv(database.EnvRepoCustomHooksPath), "pre-receive")
+	if !osx.IsFile(customHooksPath) {
+		return nil
+	}
+
+	var hookCmd *exec.Cmd
+	if conf.IsWindowsRuntime() {
+		hookCmd = exec.Command("bash.exe", "custom_hooks/pre-receive")
+	} else {
+		hookCmd = exec.Command(customHooksPath)
+	}
+	hookCmd.Dir = database.RepoPath(os.Getenv(database.EnvRepoOwnerName), os.Getenv(database.EnvRepoName))
+	hookCmd.Stdout = os.Stdout
+	hookCmd.Stdin = buf
+	hookCmd.Stderr = os.Stderr
+	if err := hookCmd.Run(); err != nil {
+		fail("Internal error", "Failed to execute custom pre-receive hook: %v", err)
+	}
+	return nil
+}
+
+func runHookUpdate(_ context.Context, cmd *cli.Command) error {
+	if os.Getenv("SSH_ORIGINAL_COMMAND") == "" {
+		return nil
+	}
+	setup(cmd, "update.log", false)
+
+	args := cmd.Args().Slice()
+	if len(args) != 3 {
+		fail("Arguments received are not equal to three", "Arguments received are not equal to three")
+	} else if args[0] == "" {
+		fail("First argument 'refName' is empty", "First argument 'refName' is empty")
+	}
+
+	customHooksPath := filepath.Join(os.Getenv(database.EnvRepoCustomHooksPath), "update")
+	if !osx.IsFile(customHooksPath) {
+		return nil
+	}
+
+	var hookCmd *exec.Cmd
+	if conf.IsWindowsRuntime() {
+		hookCmd = exec.Command("bash.exe", append([]string{"custom_hooks/update"}, args...)...)
+	} else {
+		hookCmd = exec.Command(customHooksPath, args...)
+	}
+	hookCmd.Dir = database.RepoPath(os.Getenv(database.EnvRepoOwnerName), os.Getenv(database.EnvRepoName))
+	hookCmd.Stdout = os.Stdout
+	hookCmd.Stdin = os.Stdin
+	hookCmd.Stderr = os.Stderr
+	if err := hookCmd.Run(); err != nil {
+		fail("Internal error", "Failed to execute custom pre-receive hook: %v", err)
+	}
+	return nil
+}
+
+func runHookPostReceive(_ context.Context, cmd *cli.Command) error {
+	if os.Getenv("SSH_ORIGINAL_COMMAND") == "" {
+		return nil
+	}
+	setup(cmd, "post-receive.log", true)
+
+	// Post-receive hook does more than just gather Git information,
+	// so we need to setup additional services for email notifications.
+	email.NewContext()
+
+	isWiki := strings.Contains(os.Getenv(database.EnvRepoCustomHooksPath), ".wiki.git/")
+
+	buf := bytes.NewBuffer(nil)
+	scanner := bufio.NewScanner(os.Stdin)
+	for scanner.Scan() {
+		buf.Write(scanner.Bytes())
+		buf.WriteByte('\n')
+
+		// TODO: support news feeds for wiki
+		if isWiki {
+			continue
+		}
+
+		fields := bytes.Fields(scanner.Bytes())
+		if len(fields) != 3 {
+			continue
+		}
+
+		pusherID, _ := strconv.ParseInt(os.Getenv(database.EnvAuthUserID), 10, 64)
+		options := database.PushUpdateOptions{
+			OldCommitID:  string(fields[0]),
+			NewCommitID:  string(fields[1]),
+			FullRefspec:  string(fields[2]),
+			PusherID:     pusherID,
+			PusherName:   os.Getenv(database.EnvAuthUserName),
+			RepoUserName: os.Getenv(database.EnvRepoOwnerName),
+			RepoName:     os.Getenv(database.EnvRepoName),
+		}
+		if err := database.PushUpdate(options); err != nil {
+			log.Error("PushUpdate: %v", err)
+		}
+
+		// Ask for running deliver hook and test pull request tasks
+		q := make(url.Values)
+		q.Add("branch", git.RefShortName(options.FullRefspec))
+		q.Add("secret", os.Getenv(database.EnvRepoOwnerSaltMd5))
+		q.Add("pusher", os.Getenv(database.EnvAuthUserID))
+		reqURL := fmt.Sprintf("%s%s/%s/tasks/trigger?%s", conf.Server.LocalRootURL, options.RepoUserName, options.RepoName, q.Encode())
+		log.Trace("Trigger task: %s", reqURL)
+
+		resp, err := httplib.Get(reqURL).
+			SetTLSClientConfig(&tls.Config{
+				InsecureSkipVerify: true,
+			}).Response()
+		if err == nil {
+			_ = resp.Body.Close()
+			if resp.StatusCode/100 != 2 {
+				log.Error("Failed to trigger task: unsuccessful response code %d", resp.StatusCode)
+			}
+		} else {
+			log.Error("Failed to trigger task: %v", err)
+		}
+	}
+
+	customHooksPath := filepath.Join(os.Getenv(database.EnvRepoCustomHooksPath), "post-receive")
+	if !osx.IsFile(customHooksPath) {
+		return nil
+	}
+
+	var hookCmd *exec.Cmd
+	if conf.IsWindowsRuntime() {
+		hookCmd = exec.Command("bash.exe", "custom_hooks/post-receive")
+	} else {
+		hookCmd = exec.Command(customHooksPath)
+	}
+	hookCmd.Dir = database.RepoPath(os.Getenv(database.EnvRepoOwnerName), os.Getenv(database.EnvRepoName))
+	hookCmd.Stdout = os.Stdout
+	hookCmd.Stdin = buf
+	hookCmd.Stderr = os.Stderr
+	if err := hookCmd.Run(); err != nil {
+		fail("Internal error", "Failed to execute custom post-receive hook: %v", err)
+	}
+	return nil
+}
@@ -0,0 +1,108 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/cockroachdb/errors"
+	"github.com/urfave/cli/v3"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/osx"
+)
+
+var (
+	importCommand = cli.Command{
+		Name:  "import",
+		Usage: "Import portable data as local Gogs data",
+		Description: `Allow user import data from other Gogs installations to local instance
+without manually hacking the data files`,
+		Commands: []*cli.Command{
+			&subcmdImportLocale,
+		},
+	}
+
+	subcmdImportLocale = cli.Command{
+		Name:   "locale",
+		Usage:  "Import locale files to local repository",
+		Action: runImportLocale,
+		Flags: []cli.Flag{
+			stringFlag("source", "", "Source directory that stores new locale files"),
+			stringFlag("target", "", "Target directory that stores old locale files"),
+			stringFlag("config, c", "", "Custom configuration file path"),
+		},
+	}
+)
+
+func runImportLocale(_ context.Context, cmd *cli.Command) error {
+	if !cmd.IsSet("source") {
+		return errors.New("source directory is not specified")
+	} else if !cmd.IsSet("target") {
+		return errors.New("target directory is not specified")
+	}
+	if !osx.IsDir(cmd.String("source")) {
+		return errors.Newf("source directory %q does not exist or is not a directory", cmd.String("source"))
+	} else if !osx.IsDir(cmd.String("target")) {
+		return errors.Newf("target directory %q does not exist or is not a directory", cmd.String("target"))
+	}
+
+	err := conf.Init(configFromLineage(cmd))
+	if err != nil {
+		return errors.Wrap(err, "init configuration")
+	}
+
+	now := time.Now()
+
+	var line []byte
+	badChars := []byte(`="`)
+	escapedQuotes := []byte(`\"`)
+	regularQuotes := []byte(`"`)
+	// Cut out en-US.
+	for _, lang := range conf.I18n.Langs[1:] {
+		name := fmt.Sprintf("locale_%s.ini", lang)
+		source := filepath.Join(cmd.String("source"), name)
+		target := filepath.Join(cmd.String("target"), name)
+		if !osx.IsFile(source) {
+			continue
+		}
+
+		// Crowdin surrounds double quotes for strings contain quotes inside,
+		// this breaks INI parser, we need to fix that.
+		sr, err := os.Open(source)
+		if err != nil {
+			return errors.Newf("open: %v", err)
+		}
+
+		tw, err := os.Create(target)
+		if err != nil {
+			return errors.Newf("create: %v", err)
+		}
+
+		scanner := bufio.NewScanner(sr)
+		for scanner.Scan() {
+			line = scanner.Bytes()
+			idx := bytes.Index(line, badChars)
+			if idx > -1 && line[len(line)-1] == '"' {
+				// We still want the "=" sign
+				line = append(line[:idx+1], line[idx+2:len(line)-1]...)
+				line = bytes.ReplaceAll(line, escapedQuotes, regularQuotes)
+			}
+			_, _ = tw.Write(line)
+			_, _ = tw.WriteString("\n")
+		}
+		_ = sr.Close()
+		_ = tw.Close()
+
+		// Modification time of files from Crowdin often ahead of current,
+		// so we need to set back to current.
+		_ = os.Chtimes(target, now, now)
+	}
+
+	fmt.Println("Locale files has been successfully imported!")
+	return nil
+}
@@ -0,0 +1,89 @@
+package web
+
+import (
+	"crypto/tls"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/cache"
+	"github.com/flamego/cache/redis"
+	"gopkg.in/ini.v1"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/strx"
+)
+
+func parseCacheOptions(confOpts conf.CacheOptions) (cache.Options, error) {
+	opts := cache.Options{
+		GCInterval: time.Duration(confOpts.Interval) * time.Second,
+	}
+
+	switch strx.Coalesce(strings.ToLower(confOpts.Adapter), "memory") {
+	case "memory":
+		opts.Initer = cache.MemoryIniter()
+	case "file":
+		opts.Initer = cache.FileIniter()
+		opts.Config = cache.FileConfig{RootDir: confOpts.Host}
+	case "redis":
+		cfg, err := parseRedisConfig(confOpts.Host)
+		if err != nil {
+			return cache.Options{}, errors.Wrap(err, "parse redis config")
+		}
+		opts.Initer = redis.Initer()
+		opts.Config = cfg
+	default:
+		return cache.Options{}, errors.Errorf("unsupported adapter %q", confOpts.Adapter)
+	}
+	return opts, nil
+}
+
+func parseRedisConfig(host string) (redis.Config, error) {
+	cfg, err := ini.Load([]byte(strings.ReplaceAll(host, ",", "\n")))
+	if err != nil {
+		return redis.Config{}, errors.Wrap(err, "load HOST")
+	}
+
+	var config redis.Config
+	for k, v := range cfg.Section("").KeysHash() {
+		switch k {
+		case "network":
+			config.Options.Network = v
+		case "addr":
+			config.Options.Addr = v
+		case "password":
+			config.Options.Password = v
+		case "db":
+			n, err := strconv.Atoi(v)
+			if err != nil {
+				return redis.Config{}, errors.Wrapf(err, "parse db %q", v)
+			}
+			config.Options.DB = n
+		case "pool_size":
+			n, err := strconv.Atoi(v)
+			if err != nil {
+				return redis.Config{}, errors.Wrapf(err, "parse pool_size %q", v)
+			}
+			config.Options.PoolSize = n
+		case "idle_timeout":
+			d, err := time.ParseDuration(v + "s")
+			if err != nil {
+				return redis.Config{}, errors.Wrapf(err, "parse idle_timeout %q", v)
+			}
+			config.Options.ConnMaxIdleTime = d
+		case "prefix":
+			config.KeyPrefix = v
+		case "tls":
+			// Matches go-macaron/session/redis: any non-empty `tls=` value enables
+			// TLS with InsecureSkipVerify.
+			config.Options.TLSConfig = &tls.Config{InsecureSkipVerify: true}
+		case "hset_name":
+			// Macaron stored values in a single Redis hash named by this key,
+			// whereas Flamego stores per-key with KeyPrefix, so this knob has no equivalent.
+		default:
+			return redis.Config{}, errors.Errorf("unsupported redis HOST key %q", k)
+		}
+	}
+	return config, nil
+}
@@ -0,0 +1,88 @@
+package web
+
+import (
+	"net/http"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/flamego"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/database"
+	"gogs.io/gogs/internal/ptrx"
+)
+
+// repoContext is the request-scoped viewer of the repository. Viewer can be an
+// authenticated or anonymous user.
+type repoContext struct {
+	Owner *database.User
+	Repo  *database.Repository
+
+	ViewerID     int64
+	viewerAccess database.AccessMode
+}
+
+func (c *repoContext) ViewerCanRead() bool {
+	return c.viewerAccess >= database.AccessModeRead
+}
+
+func (c *repoContext) ViewerCanWrite() bool {
+	return c.viewerAccess >= database.AccessModeWrite
+}
+
+func (c *repoContext) ViewerCanAdminister() bool {
+	return c.viewerAccess >= database.AccessModeAdmin
+}
+
+// withRepoContext injects the repoContext of the repository derived from the
+// route.
+func withRepoContext(c flamego.Context, user *database.User) {
+	ctx := c.Request().Context()
+	w := c.ResponseWriter()
+	ownerName := c.Param("owner")
+	repoName := c.Param("repo")
+
+	owner, err := database.Handle.Users().GetByUsername(ctx, ownerName)
+	if err != nil {
+		if database.IsErrUserNotExist(err) {
+			writeErrorResponse(w, http.StatusNotFound, errors.New("repository does not exist"))
+			return
+		}
+		log.Error("repoContext: get user by username %q: %v", ownerName, err)
+		writeErrorResponse(w, http.StatusInternalServerError, errors.Wrap(err, "get owner"))
+		return
+	}
+
+	repo, err := database.Handle.Repositories().GetByName(ctx, owner.ID, repoName)
+	if err != nil {
+		if database.IsErrRepoNotExist(err) {
+			writeErrorResponse(w, http.StatusNotFound, errors.New("repository does not exist"))
+			return
+		}
+		log.Error("repoContext: get repo by name %q/%q: %v", ownerName, repoName, err)
+		writeErrorResponse(w, http.StatusInternalServerError, errors.Wrap(err, "get repo"))
+		return
+	}
+
+	viewer := ptrx.Deref(user, database.User{})
+	var viewerAccess database.AccessMode
+	if viewer.IsAdmin {
+		viewerAccess = database.AccessModeOwner
+	} else {
+		viewerAccess = database.Handle.Permissions().AccessMode(
+			ctx,
+			viewer.ID,
+			repo.ID,
+			database.AccessModeOptions{
+				OwnerID: owner.ID,
+				Private: repo.IsPrivate,
+			},
+		)
+	}
+
+	c.Map(&repoContext{
+		Owner:        owner,
+		Repo:         repo,
+		ViewerID:     viewer.ID,
+		viewerAccess: viewerAccess,
+	})
+}
@@ -0,0 +1,869 @@
+package web
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"net/http/fcgi"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/cache"
+	"github.com/flamego/captcha"
+	"github.com/flamego/flamego"
+	"github.com/go-macaron/binding"
+	macaroncache "github.com/go-macaron/cache"
+	"github.com/go-macaron/csrf"
+	"github.com/go-macaron/gzip"
+	"github.com/go-macaron/i18n"
+	"github.com/go-macaron/session"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"gopkg.in/macaron.v1"
+	log "unknwon.dev/clog/v2"
+
+	embedConf "gogs.io/gogs/conf"
+	"gogs.io/gogs/internal/app"
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/database"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/osx"
+	"gogs.io/gogs/internal/route"
+	"gogs.io/gogs/internal/route/admin"
+	apiv1 "gogs.io/gogs/internal/route/api/v1"
+	"gogs.io/gogs/internal/route/lfs"
+	"gogs.io/gogs/internal/route/org"
+	"gogs.io/gogs/internal/route/repo"
+	"gogs.io/gogs/internal/route/user"
+	"gogs.io/gogs/internal/template"
+	"gogs.io/gogs/internal/urlx"
+	"gogs.io/gogs/public"
+	"gogs.io/gogs/templates"
+)
+
+// Run starts the web server with the given configuration path and port override.
+func Run(configPath string, portOverride int) error {
+	err := route.GlobalInit(configPath)
+	if err != nil {
+		return errors.Wrap(err, "initialize application")
+	}
+
+	m, err := newMacaron()
+	if err != nil {
+		return errors.Wrap(err, "initialize macaron")
+	}
+
+	webHandler, err := newRoutingHandler()
+	if err != nil {
+		return errors.Wrap(err, "initialize web handler")
+	}
+
+	reqSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: true})
+	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: conf.Auth.RequireSigninView})
+
+	bindIgnErr := binding.BindIgnErr
+
+	m.SetAutoHead(true)
+
+	m.Group("", func() {
+		m.Get("/", ignSignIn, route.Home)
+		m.Group("/explore", func() {
+			m.Get("", func(c *context.Context) {
+				c.Redirect(conf.Server.Subpath + "/explore/repos")
+			})
+			m.Get("/repos", route.ExploreRepos)
+			m.Get("/users", route.ExploreUsers)
+			m.Get("/organizations", route.ExploreOrganizations)
+		}, ignSignIn)
+		m.Combo("/install", route.InstallInit).Get(route.Install).
+			Post(bindIgnErr(form.Install{}), route.InstallPost)
+		m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
+
+		// ***** START: User *****
+		m.Group("/user/settings", func() {
+			m.Get("", user.Settings)
+			m.Post("", bindIgnErr(form.UpdateProfile{}), user.SettingsPost)
+			m.Combo("/avatar").Get(user.SettingsAvatar).
+				Post(binding.MultipartForm(form.Avatar{}), user.SettingsAvatarPost)
+			m.Post("/avatar/delete", user.SettingsDeleteAvatar)
+			m.Combo("/email").Get(user.SettingsEmails).
+				Post(bindIgnErr(form.AddEmail{}), user.SettingsEmailPost)
+			m.Post("/email/delete", user.DeleteEmail)
+			m.Get("/password", user.SettingsPassword)
+			m.Post("/password", bindIgnErr(form.ChangePassword{}), user.SettingsPasswordPost)
+			m.Combo("/ssh").Get(user.SettingsSSHKeys).
+				Post(bindIgnErr(form.AddSSHKey{}), user.SettingsSSHKeysPost)
+			m.Post("/ssh/delete", user.DeleteSSHKey)
+			m.Group("/security", func() {
+				m.Get("", user.SettingsSecurity)
+				m.Combo("/two_factor_enable").Get(user.SettingsTwoFactorEnable).
+					Post(user.SettingsTwoFactorEnablePost)
+				m.Combo("/two_factor_recovery_codes").Get(user.SettingsTwoFactorRecoveryCodes).
+					Post(user.SettingsTwoFactorRecoveryCodesPost)
+				m.Post("/two_factor_disable", user.SettingsTwoFactorDisable)
+			})
+			m.Group("/repositories", func() {
+				m.Get("", user.SettingsRepos)
+				m.Post("/leave", user.SettingsLeaveRepo)
+			})
+			m.Group("/organizations", func() {
+				m.Get("", user.SettingsOrganizations)
+				m.Post("/leave", user.SettingsLeaveOrganization)
+			})
+
+			settingsHandler := user.NewSettingsHandler(user.NewSettingsStore())
+			m.Combo("/applications").Get(settingsHandler.Applications()).
+				Post(bindIgnErr(form.NewAccessToken{}), settingsHandler.ApplicationsPost())
+			m.Post("/applications/delete", settingsHandler.DeleteApplication())
+			m.Route("/delete", "GET,POST", user.SettingsDelete)
+		}, reqSignIn, func(c *context.Context) {
+			c.Data["PageIsUserSettings"] = true
+		})
+
+		m.Group("/user", func() {
+			m.Any("/activate_email", user.ActivateEmail)
+			m.Get("/email2user", user.Email2User)
+		})
+		// ***** END: User *****
+
+		reqAdmin := context.Toggle(&context.ToggleOptions{SignInRequired: true, AdminRequired: true})
+
+		// ***** START: Admin *****
+		m.Group("/admin", func() {
+			m.Combo("").Get(admin.Dashboard).Post(admin.Operation) // "/admin"
+			m.Get("/config", admin.Config)
+			m.Post("/config/test_mail", admin.SendTestMail)
+			m.Get("/monitor", admin.Monitor)
+
+			m.Group("/users", func() {
+				m.Get("", admin.Users)
+				m.Combo("/new").Get(admin.NewUser).Post(bindIgnErr(form.AdminCrateUser{}), admin.NewUserPost)
+				m.Combo("/:userid").Get(admin.EditUser).Post(bindIgnErr(form.AdminEditUser{}), admin.EditUserPost)
+				m.Post("/:userid/delete", admin.DeleteUser)
+			})
+
+			m.Group("/orgs", func() {
+				m.Get("", admin.Organizations)
+			})
+
+			m.Group("/repos", func() {
+				m.Get("", admin.Repos)
+				m.Post("/delete", admin.DeleteRepo)
+			})
+
+			m.Group("/auths", func() {
+				m.Get("", admin.Authentications)
+				m.Combo("/new").Get(admin.NewAuthSource).Post(bindIgnErr(form.Authentication{}), admin.NewAuthSourcePost)
+				m.Combo("/:authid").Get(admin.EditAuthSource).
+					Post(bindIgnErr(form.Authentication{}), admin.EditAuthSourcePost)
+				m.Post("/:authid/delete", admin.DeleteAuthSource)
+			})
+
+			m.Group("/notices", func() {
+				m.Get("", admin.Notices)
+				m.Post("/delete", admin.DeleteNotices)
+				m.Get("/empty", admin.EmptyNotices)
+			})
+		}, reqAdmin)
+		// ***** END: Admin *****
+
+		m.Group("", func() {
+			m.Group("/:username", func() {
+				m.Get("", user.Profile)
+				m.Get("/followers", user.Followers)
+				m.Get("/following", user.Following)
+				m.Get("/stars", user.Stars)
+			}, context.InjectParamsUser())
+
+			m.Get("/attachments/:uuid", func(c *context.Context) {
+				attach, err := database.GetAttachmentByUUID(c.Params(":uuid"))
+				if err != nil {
+					c.NotFoundOrError(err, "get attachment by UUID")
+					return
+				} else if !osx.IsFile(attach.LocalPath()) {
+					c.NotFound()
+					return
+				}
+
+				fr, err := os.Open(attach.LocalPath())
+				if err != nil {
+					c.Error(err, "open attachment file")
+					return
+				}
+				defer fr.Close()
+
+				c.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
+				c.Header().Set("Cache-Control", "public,max-age=86400")
+				c.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, attach.Name))
+
+				if _, err = io.Copy(c.Resp, fr); err != nil {
+					c.Error(err, "copy from file to response")
+					return
+				}
+			})
+		}, ignSignIn)
+
+		m.Group("", func() {
+			m.Post("/issues/attachments", repo.UploadIssueAttachment)
+			m.Post("/releases/attachments", repo.UploadReleaseAttachment)
+		}, reqSignIn)
+
+		m.Group("/:username", func() {
+			m.Post("/action/:action", user.Action)
+		}, reqSignIn, context.InjectParamsUser())
+
+		reqRepoAdmin := context.RequireRepoAdmin()
+		reqRepoWriter := context.RequireRepoWriter()
+
+		webhookRoutes := func() {
+			m.Group("", func() {
+				m.Get("", repo.Webhooks)
+				m.Post("/delete", repo.DeleteWebhook)
+				m.Get("/:type/new", repo.WebhooksNew)
+				m.Post("/gogs/new", bindIgnErr(form.NewWebhook{}), repo.WebhooksNewPost)
+				m.Post("/slack/new", bindIgnErr(form.NewSlackHook{}), repo.WebhooksSlackNewPost)
+				m.Post("/discord/new", bindIgnErr(form.NewDiscordHook{}), repo.WebhooksDiscordNewPost)
+				m.Post("/dingtalk/new", bindIgnErr(form.NewDingtalkHook{}), repo.WebhooksDingtalkNewPost)
+				m.Get("/:id", repo.WebhooksEdit)
+				m.Post("/gogs/:id", bindIgnErr(form.NewWebhook{}), repo.WebhooksEditPost)
+				m.Post("/slack/:id", bindIgnErr(form.NewSlackHook{}), repo.WebhooksSlackEditPost)
+				m.Post("/discord/:id", bindIgnErr(form.NewDiscordHook{}), repo.WebhooksDiscordEditPost)
+				m.Post("/dingtalk/:id", bindIgnErr(form.NewDingtalkHook{}), repo.WebhooksDingtalkEditPost)
+			}, repo.InjectOrgRepoContext())
+		}
+
+		// ***** START: Organization *****
+		m.Group("/org", func() {
+			m.Group("", func() {
+				m.Get("/create", org.Create)
+				m.Post("/create", bindIgnErr(form.CreateOrg{}), org.CreatePost)
+			}, func(c *context.Context) {
+				if !c.User.CanCreateOrganization() {
+					c.NotFound()
+				}
+			})
+
+			m.Group("/:org", func() {
+				m.Get("/dashboard", user.Dashboard)
+				m.Get("/^:type(issues|pulls)$", user.Issues)
+				m.Get("/members", org.Members)
+				m.Get("/members/action/:action", org.MembersAction)
+
+				m.Get("/teams", org.Teams)
+			}, context.OrgAssignment(true))
+
+			m.Group("/:org", func() {
+				m.Get("/teams/:team", org.TeamMembers)
+				m.Get("/teams/:team/repositories", org.TeamRepositories)
+				m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
+				m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
+			}, context.OrgAssignment(true, false, true))
+
+			m.Group("/:org", func() {
+				m.Get("/teams/new", org.NewTeam)
+				m.Post("/teams/new", bindIgnErr(form.CreateTeam{}), org.NewTeamPost)
+				m.Get("/teams/:team/edit", org.EditTeam)
+				m.Post("/teams/:team/edit", bindIgnErr(form.CreateTeam{}), org.EditTeamPost)
+				m.Post("/teams/:team/delete", org.DeleteTeam)
+
+				m.Group("/settings", func() {
+					m.Combo("").Get(org.Settings).
+						Post(bindIgnErr(form.UpdateOrgSetting{}), org.SettingsPost)
+					m.Post("/avatar", binding.MultipartForm(form.Avatar{}), org.SettingsAvatar)
+					m.Post("/avatar/delete", org.SettingsDeleteAvatar)
+					m.Group("/hooks", webhookRoutes)
+					m.Route("/delete", "GET,POST", org.SettingsDelete)
+				})
+
+				m.Route("/invitations/new", "GET,POST", org.Invitation)
+			}, context.OrgAssignment(true, true))
+		}, reqSignIn)
+		// ***** END: Organization *****
+
+		// ***** START: Repository *****
+		m.Group("/repo", func() {
+			m.Get("/create", repo.Create)
+			m.Post("/create", bindIgnErr(form.CreateRepo{}), repo.CreatePost)
+			m.Get("/migrate", repo.Migrate)
+			m.Post("/migrate", bindIgnErr(form.MigrateRepo{}), repo.MigratePost)
+			m.Combo("/fork/:repoid").Get(repo.Fork).
+				Post(bindIgnErr(form.CreateRepo{}), repo.ForkPost)
+		}, reqSignIn)
+
+		m.Group("/:username/:reponame", func() {
+			m.Group("/settings", func() {
+				m.Combo("").Get(repo.Settings).
+					Post(bindIgnErr(form.RepoSetting{}), repo.SettingsPost)
+				m.Combo("/avatar").Get(repo.SettingsAvatar).
+					Post(binding.MultipartForm(form.Avatar{}), repo.SettingsAvatarPost)
+				m.Post("/avatar/delete", repo.SettingsDeleteAvatar)
+				m.Group("/collaboration", func() {
+					m.Combo("").Get(repo.SettingsCollaboration).Post(repo.SettingsCollaborationPost)
+					m.Post("/access_mode", repo.ChangeCollaborationAccessMode)
+					m.Post("/delete", repo.DeleteCollaboration)
+				})
+				m.Group("/branches", func() {
+					m.Get("", repo.SettingsBranches)
+					m.Post("/default_branch", repo.UpdateDefaultBranch)
+					m.Combo("/*").Get(repo.SettingsProtectedBranch).
+						Post(bindIgnErr(form.ProtectBranch{}), repo.SettingsProtectedBranchPost)
+				}, func(c *context.Context) {
+					if c.Repo.Repository.IsMirror {
+						c.NotFound()
+						return
+					}
+				})
+
+				m.Group("/hooks", func() {
+					webhookRoutes()
+
+					m.Group("/:id", func() {
+						m.Post("/test", repo.TestWebhook)
+						m.Post("/redelivery", repo.RedeliveryWebhook)
+					})
+
+					m.Group("/git", func() {
+						m.Get("", repo.SettingsGitHooks)
+						m.Combo("/:name").Get(repo.SettingsGitHooksEdit).
+							Post(repo.SettingsGitHooksEditPost)
+					}, context.GitHookService())
+				})
+
+				m.Group("/keys", func() {
+					m.Combo("").Get(repo.SettingsDeployKeys).
+						Post(bindIgnErr(form.AddSSHKey{}), repo.SettingsDeployKeysPost)
+					m.Post("/delete", repo.DeleteDeployKey)
+				})
+			}, func(c *context.Context) {
+				c.Data["PageIsSettings"] = true
+			})
+		}, reqSignIn, context.RepoAssignment(), reqRepoAdmin, context.RepoRef())
+
+		m.Post("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), repo.Action)
+		m.Group("/:username/:reponame", func() {
+			m.Get("/issues", repo.RetrieveLabels, repo.Issues)
+			m.Get("/issues/:index", repo.ViewIssue)
+			m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
+			m.Get("/milestones", repo.Milestones)
+		}, ignSignIn, context.RepoAssignment(true))
+		m.Group("/:username/:reponame", func() {
+			// FIXME: should use different URLs but mostly same logic for comments of issue and pull request.
+			// So they can apply their own enable/disable logic on routers.
+			m.Group("/issues", func() {
+				m.Combo("/new", repo.MustEnableIssues).Get(context.RepoRef(), repo.NewIssue).
+					Post(bindIgnErr(form.NewIssue{}), repo.NewIssuePost)
+
+				m.Group("/:index", func() {
+					m.Post("/title", repo.UpdateIssueTitle)
+					m.Post("/content", repo.UpdateIssueContent)
+					m.Combo("/comments").Post(bindIgnErr(form.CreateComment{}), repo.NewComment)
+				})
+			})
+			m.Group("/comments/:id", func() {
+				m.Post("", repo.UpdateCommentContent)
+				m.Post("/delete", repo.DeleteComment)
+			})
+		}, reqSignIn, context.RepoAssignment(true))
+		m.Group("/:username/:reponame", func() {
+			m.Group("/wiki", func() {
+				m.Get("/?:page", repo.Wiki)
+				m.Get("/_pages", repo.WikiPages)
+			}, repo.MustEnableWiki, context.RepoRef())
+		}, ignSignIn, context.RepoAssignment(false, true))
+
+		m.Group("/:username/:reponame", func() {
+			// FIXME: should use different URLs but mostly same logic for comments of issue and pull request.
+			// So they can apply their own enable/disable logic on routers.
+			m.Group("/issues", func() {
+				m.Group("/:index", func() {
+					m.Post("/label", repo.UpdateIssueLabel)
+					m.Post("/milestone", repo.UpdateIssueMilestone)
+					m.Post("/assignee", repo.UpdateIssueAssignee)
+				}, reqRepoWriter)
+			})
+			m.Group("/labels", func() {
+				m.Post("/new", bindIgnErr(form.CreateLabel{}), repo.NewLabel)
+				m.Post("/edit", bindIgnErr(form.CreateLabel{}), repo.UpdateLabel)
+				m.Post("/delete", repo.DeleteLabel)
+				m.Post("/initialize", bindIgnErr(form.InitializeLabels{}), repo.InitializeLabels)
+			}, reqRepoWriter, context.RepoRef())
+			m.Group("/milestones", func() {
+				m.Combo("/new").Get(repo.NewMilestone).
+					Post(bindIgnErr(form.CreateMilestone{}), repo.NewMilestonePost)
+				m.Get("/:id/edit", repo.EditMilestone)
+				m.Post("/:id/edit", bindIgnErr(form.CreateMilestone{}), repo.EditMilestonePost)
+				m.Get("/:id/:action", repo.ChangeMilestonStatus)
+				m.Post("/delete", repo.DeleteMilestone)
+			}, reqRepoWriter, context.RepoRef())
+
+			m.Group("/releases", func() {
+				m.Get("/new", repo.NewRelease)
+				m.Post("/new", bindIgnErr(form.NewRelease{}), repo.NewReleasePost)
+				m.Post("/delete", repo.DeleteRelease)
+				m.Get("/edit/*", repo.EditRelease)
+				m.Post("/edit/*", bindIgnErr(form.EditRelease{}), repo.EditReleasePost)
+			}, repo.MustBeNotBare, reqRepoWriter, func(c *context.Context) {
+				c.Data["PageIsViewFiles"] = true
+			})
+
+			// FIXME: Should use c.Repo.PullRequest to unify the template. Same-repo PR URLs include a
+			// redundant head user, e.g. /org1/test-repo/compare/master...org1:develop should be
+			// /org1/test-repo/compare/master...develop.
+			m.Combo("/compare/*", repo.MustAllowPulls).Get(repo.CompareAndPullRequest).
+				Post(bindIgnErr(form.NewIssue{}), repo.CompareAndPullRequestPost)
+
+			m.Group("", func() {
+				m.Combo("/_edit/*").Get(repo.EditFile).
+					Post(bindIgnErr(form.EditRepoFile{}), repo.EditFilePost)
+				m.Combo("/_new/*").Get(repo.NewFile).
+					Post(bindIgnErr(form.EditRepoFile{}), repo.NewFilePost)
+				m.Post("/_preview/*", bindIgnErr(form.EditPreviewDiff{}), repo.DiffPreviewPost)
+				m.Combo("/_delete/*").Get(repo.DeleteFile).
+					Post(bindIgnErr(form.DeleteRepoFile{}), repo.DeleteFilePost)
+
+				m.Group("", func() {
+					m.Combo("/_upload/*").Get(repo.UploadFile).
+						Post(bindIgnErr(form.UploadRepoFile{}), repo.UploadFilePost)
+					m.Post("/upload-file", repo.UploadFileToServer)
+					m.Post("/upload-remove", bindIgnErr(form.RemoveUploadFile{}), repo.RemoveUploadFileFromServer)
+				}, func(c *context.Context) {
+					if !conf.Repository.Upload.Enabled {
+						c.NotFound()
+						return
+					}
+				})
+			}, repo.MustBeNotBare, reqRepoWriter, context.RepoRef(), func(c *context.Context) {
+				if !c.Repo.CanEnableEditor() {
+					c.NotFound()
+					return
+				}
+
+				c.Data["PageIsViewFiles"] = true
+			})
+		}, reqSignIn, context.RepoAssignment())
+
+		m.Group("/:username/:reponame", func() {
+			m.Group("", func() {
+				m.Get("/releases", repo.MustBeNotBare, repo.Releases)
+				m.Get("/pulls", repo.RetrieveLabels, repo.Pulls)
+				m.Get("/pulls/:index", repo.ViewPull)
+			}, context.RepoRef())
+
+			m.Group("/branches", func() {
+				m.Get("", repo.Branches)
+				m.Get("/all", repo.AllBranches)
+				m.Post("/delete/*", reqSignIn, reqRepoWriter, repo.DeleteBranchPost)
+			}, repo.MustBeNotBare, func(c *context.Context) {
+				c.Data["PageIsViewFiles"] = true
+			})
+
+			m.Group("/wiki", func() {
+				m.Group("", func() {
+					m.Combo("/_new").Get(repo.NewWiki).
+						Post(bindIgnErr(form.NewWiki{}), repo.NewWikiPost)
+					m.Combo("/:page/_edit").Get(repo.EditWiki).
+						Post(bindIgnErr(form.NewWiki{}), repo.EditWikiPost)
+					m.Post("/:page/delete", repo.DeleteWikiPagePost)
+				}, reqSignIn, reqRepoWriter)
+			}, repo.MustEnableWiki, context.RepoRef())
+
+			m.Get("/archive/*", repo.MustBeNotBare, repo.Download)
+
+			m.Group("/pulls/:index", func() {
+				m.Get("/commits", context.RepoRef(), repo.ViewPullCommits)
+				m.Get("/files", context.RepoRef(), repo.ViewPullFiles)
+				m.Post("/merge", reqRepoWriter, repo.MergePullRequest)
+			}, repo.MustAllowPulls)
+
+			m.Group("", func() {
+				m.Get("/src/*", repo.Home)
+				m.Get("/commits/*", repo.RefCommits)
+				m.Get("/forks", repo.Forks)
+			}, repo.MustBeNotBare, context.RepoRef())
+			// Bridged to Flamego to skip the legacy `RepoRef` middleware, which double-resolves the ref.
+			m.Get("/raw/*", flamegoBridger(webHandler))
+			m.Get("/commit/:sha([a-f0-9]{7,40})\\.:ext(patch|diff)", flamegoBridger(webHandler))
+			// Constrain SHA shape so non-matching `/commit/...` paths 404 instead of loading the SPA with a bad param.
+			m.Get("/commit/:sha([a-f0-9]{7,40})$", repo.MustBeNotBare, func(c *context.Context) { c.ServeWeb() })
+
+			m.Get("/compare/:before([a-z0-9]{40})\\.\\.\\.:after([a-z0-9]{40})", repo.MustBeNotBare, context.RepoRef(), repo.CompareDiff)
+		}, ignSignIn, context.RepoAssignment())
+		m.Group("/:username/:reponame", func() {
+			m.Get("", repo.Home)
+			m.Get("/stars", repo.Stars)
+			m.Get("/watchers", repo.Watchers)
+		}, context.ServeGoGet(), ignSignIn, context.RepoAssignment(), context.RepoRef())
+		// ***** END: Repository *****
+
+		// **********************
+		// ----- API routes -----
+		// **********************
+
+		// TODO: Without session and CSRF
+		m.Group("/api", func() {
+			apiv1.RegisterRoutes(m)
+		}, ignSignIn)
+
+		m.Any("/api/web/*", flamegoBridger(webHandler))
+		m.Get("/redirect", flamegoBridger(webHandler))
+		m.Get("/captcha/*", flamegoBridger(webHandler))
+		m.Any("/*", func(c *context.Context) { c.ServeWeb() })
+	},
+		session.Sessioner(session.Options{
+			Provider:       conf.Session.Provider,
+			ProviderConfig: conf.Session.ProviderConfig,
+			CookieName:     conf.Session.CookieName,
+			CookiePath:     conf.Server.Subpath,
+			Gclifetime:     conf.Session.GCInterval,
+			Maxlifetime:    conf.Session.MaxLifeTime,
+			Secure:         conf.Session.CookieSecure,
+			CookieLifeTime: 86400 * conf.Security.LoginRememberDays,
+		}),
+		csrf.Csrfer(csrf.Options{
+			Secret:         conf.Security.SecretKey,
+			Header:         "X-CSRF-Token",
+			Cookie:         conf.Session.CSRFCookieName,
+			CookieDomain:   conf.Server.URL.Hostname(),
+			CookiePath:     conf.Server.Subpath,
+			CookieHttpOnly: true,
+			SetCookie:      true,
+			Secure:         conf.Server.URL.Scheme == "https",
+		}),
+		context.Contexter(context.NewStore(), webHandler),
+	)
+
+	// ***************************
+	// ----- HTTP Git routes -----
+	// ***************************
+
+	m.Group("/:username/:reponame", func() {
+		m.Get("/tasks/trigger", repo.TriggerTask)
+
+		m.Group("/info/lfs", func() {
+			lfs.RegisterRoutes(m.Router)
+		})
+
+		gitHTTP := []macaron.Handler{context.ServeGoGet(), repo.HTTPContexter(repo.NewStore()), repo.HTTP}
+		m.Route("/info/refs", "GET,OPTIONS", gitHTTP...)
+		m.Route("/HEAD", "GET,OPTIONS", gitHTTP...)
+		m.Route("/git-upload-pack", "POST,OPTIONS", gitHTTP...)
+		m.Route("/git-receive-pack", "POST,OPTIONS", gitHTTP...)
+		m.Route("/objects/info/alternates", "GET,OPTIONS", gitHTTP...)
+		m.Route("/objects/info/http-alternates", "GET,OPTIONS", gitHTTP...)
+		m.Route("/objects/info/packs", "GET,OPTIONS", gitHTTP...)
+		m.Route("/objects/info/*", "GET,OPTIONS", gitHTTP...)
+		m.Route("/objects/:prefix([0-9a-f]{2})/:suffix([0-9a-f]{38})", "GET,OPTIONS", gitHTTP...)
+		m.Route("/objects/pack/pack-:sha([0-9a-f]{40}).pack", "GET,OPTIONS", gitHTTP...)
+		m.Route("/objects/pack/pack-:sha([0-9a-f]{40}).idx", "GET,OPTIONS", gitHTTP...)
+	})
+
+	// ***************************
+	// ----- Internal routes -----
+	// ***************************
+
+	m.Group("/-", func() {
+		m.Get("/metrics", app.MetricsFilter(), promhttp.Handler()) // "/-/metrics"
+
+		m.Group("/api", func() {
+			m.Post("/sanitize_ipynb", app.SanitizeIpynb()) // "/-/api/sanitize_ipynb"
+		})
+	})
+
+	// **********************
+	// ----- robots.txt -----
+	// **********************
+
+	m.Get("/robots.txt", func(w http.ResponseWriter, r *http.Request) {
+		if conf.HasRobotsTxt {
+			http.ServeFile(w, r, filepath.Join(conf.CustomDir(), "robots.txt"))
+		} else {
+			w.WriteHeader(http.StatusNotFound)
+		}
+	})
+
+	// Flag for port number in case first time run conflict.
+	if portOverride > 0 {
+		port := strconv.Itoa(portOverride)
+		conf.Server.URL.Host = strings.Replace(conf.Server.URL.Host, ":"+conf.Server.URL.Port(), ":"+port, 1)
+		conf.Server.ExternalURL = conf.Server.URL.String()
+		conf.Server.HTTPPort = portOverride
+	}
+
+	var listenAddr string
+	if conf.Server.Protocol == "unix" {
+		listenAddr = conf.Server.HTTPAddr
+	} else {
+		listenAddr = fmt.Sprintf("%s:%d", conf.Server.HTTPAddr, conf.Server.HTTPPort)
+	}
+	log.Info("Available on %s", conf.Server.ExternalURL)
+
+	switch conf.Server.Protocol {
+	case "http":
+		err = http.ListenAndServe(listenAddr, m)
+
+	case "https":
+		tlsMinVersion := tls.VersionTLS12
+		switch conf.Server.TLSMinVersion {
+		case "TLS13":
+			tlsMinVersion = tls.VersionTLS13
+		case "TLS12":
+			tlsMinVersion = tls.VersionTLS12
+		case "TLS11":
+			tlsMinVersion = tls.VersionTLS11
+		case "TLS10":
+			tlsMinVersion = tls.VersionTLS10
+		}
+		server := &http.Server{
+			Addr: listenAddr,
+			TLSConfig: &tls.Config{
+				MinVersion:               uint16(tlsMinVersion),
+				CurvePreferences:         []tls.CurveID{tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521},
+				PreferServerCipherSuites: true,
+				CipherSuites: []uint16{
+					tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+					tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+				},
+			}, Handler: m,
+		}
+		err = server.ListenAndServeTLS(conf.Server.CertFile, conf.Server.KeyFile)
+
+	case "fcgi":
+		err = fcgi.Serve(nil, m)
+
+	case "unix":
+		if osx.Exist(listenAddr) {
+			err = os.Remove(listenAddr)
+			if err != nil {
+				return errors.Wrap(err, "remove existing Unix domain socket")
+			}
+		}
+
+		var listener *net.UnixListener
+		listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"})
+		if err != nil {
+			return errors.Wrap(err, "listen on Unix network")
+		}
+
+		// FIXME: add proper implementation of signal capture on all protocols
+		// execute this on SIGTERM or SIGINT: listener.Close()
+		if err = os.Chmod(listenAddr, conf.Server.UnixSocketMode); err != nil {
+			return errors.Wrap(err, "change permission of Unix domain socket")
+		}
+		err = http.Serve(listener, m)
+
+	default:
+		return errors.Newf("unexpected server protocol: %s", conf.Server.Protocol)
+	}
+
+	if err != nil {
+		return errors.Wrap(err, "start server")
+	}
+
+	return nil
+}
+
+func newRoutingHandler() (http.Handler, error) {
+	f := flamego.New()
+	f.Use(flamego.Recovery())
+	f.Use(flamegoInjector)
+	f.Use(captcha.Captchaer(captcha.Options{URLPrefix: "/captcha/"}))
+
+	cacherOpts, err := parseCacheOptions(conf.Cache)
+	if err != nil {
+		return nil, errors.Wrap(err, "parse cache options")
+	}
+	f.Use(cache.Cacher(cacherOpts))
+
+	f.ReturnHandler(func(c flamego.Context, statusCode int, resp any, err error) {
+		w := c.ResponseWriter()
+		w.Header().Set("Cache-Control", "no-store")
+		if err != nil {
+			msg := err.Error()
+			if statusCode >= http.StatusInternalServerError && conf.IsProdMode() {
+				msg = "Internal server error"
+			}
+			resp = map[string]any{"error": msg}
+		}
+		if resp == nil {
+			w.WriteHeader(statusCode)
+			return
+		}
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+		w.WriteHeader(statusCode)
+		_ = json.NewEncoder(w).Encode(resp)
+	})
+
+	f.Get("/redirect", getRedirect)
+
+	// The captcha middleware writes the response. This route exists so the request reaches it.
+	f.Get("/captcha/image.jpeg", func() {})
+
+	f.Group("/{owner}/{repo}", func() {
+		f.Get("/commit/{sha: /[0-9a-f]{7,40}/}.{format: /(diff|patch)/}", getRepoCommitRaw)
+		f.Get("/raw/{ref}/{filepath: **}", getRepoRawFile)
+	}, withRepoContext)
+
+	mountWebAPIRoutes(f)
+	err = mountWebAppRoutes(f)
+	if err != nil {
+		return nil, errors.Wrap(err, "mount web app routes")
+	}
+	return f, nil
+}
+
+func getRedirect(c flamego.Context) {
+	to := c.Request().URL.Query().Get("to")
+	if !urlx.IsSameSite(to) {
+		to = conf.Server.Subpath + "/"
+	}
+	c.Redirect(to, http.StatusSeeOther)
+}
+
+// newMacaron initializes Macaron instance.
+func newMacaron() (*macaron.Macaron, error) {
+	m := macaron.New()
+	if !conf.Server.DisableRouterLog {
+		m.Use(macaron.Logger())
+	}
+	m.Use(macaron.Recovery())
+	if conf.Server.EnableGzip {
+		m.Use(gzip.Gziper())
+	}
+	if conf.Server.Protocol == "fcgi" {
+		m.SetURLPrefix(conf.Server.Subpath)
+	}
+
+	// Register custom middleware first to make it possible to override files under "public".
+	m.Use(macaron.Static(
+		filepath.Join(conf.CustomDir(), "public"),
+		macaron.StaticOptions{
+			SkipLogging: conf.Server.DisableRouterLog,
+		},
+	))
+	var publicFs http.FileSystem
+	if !conf.Server.LoadAssetsFromDisk {
+		publicFs = http.FS(public.Files)
+	}
+	m.Use(macaron.Static(
+		filepath.Join(conf.WorkDir(), "public"),
+		macaron.StaticOptions{
+			ETag:        true,
+			SkipLogging: conf.Server.DisableRouterLog,
+			FileSystem:  publicFs,
+		},
+	))
+
+	m.Use(macaron.Static(
+		conf.Picture.AvatarUploadPath,
+		macaron.StaticOptions{
+			ETag:        true,
+			Prefix:      conf.UsersAvatarPathPrefix,
+			SkipLogging: conf.Server.DisableRouterLog,
+		},
+	))
+	m.Use(macaron.Static(
+		conf.Picture.RepositoryAvatarUploadPath,
+		macaron.StaticOptions{
+			ETag:        true,
+			Prefix:      database.RepoAvatarURLPrefix,
+			SkipLogging: conf.Server.DisableRouterLog,
+		},
+	))
+
+	customDir := filepath.Join(conf.CustomDir(), "templates")
+	renderOpt := macaron.RenderOptions{
+		Directory:         filepath.Join(conf.WorkDir(), "templates"),
+		AppendDirectories: []string{customDir},
+		Funcs:             template.FuncMap(),
+		IndentJSON:        macaron.Env != macaron.PROD,
+	}
+	if !conf.Server.LoadAssetsFromDisk {
+		renderOpt.TemplateFileSystem = templates.NewTemplateFileSystem("", customDir)
+	}
+	m.Use(macaron.Renderer(renderOpt))
+
+	localeNames, err := embedConf.FileNames("locale")
+	if err != nil {
+		return nil, errors.Wrap(err, "list locale files")
+	}
+	localeFiles := make(map[string][]byte)
+	for _, name := range localeNames {
+		localeFiles[name], err = embedConf.Files.ReadFile("locale/" + name)
+		if err != nil {
+			return nil, errors.Wrapf(err, "read locale file %q", name)
+		}
+	}
+	m.Use(i18n.I18n(i18n.Options{
+		SubURL:          conf.Server.Subpath,
+		Files:           localeFiles,
+		CustomDirectory: filepath.Join(conf.CustomDir(), "conf", "locale"),
+		Langs:           conf.I18n.Langs,
+		Names:           conf.I18n.Names,
+		DefaultLang:     "en-US",
+		Redirect:        true,
+	}))
+	m.Use(macaroncache.Cacher(macaroncache.Options{
+		Adapter:       conf.Cache.Adapter,
+		AdapterConfig: conf.Cache.Host,
+		Interval:      conf.Cache.Interval,
+	}))
+	m.Route("/healthcheck", http.MethodHead+","+http.MethodGet, healthCheck)
+	return m, nil
+}
+
+// renderIndex returns the index.html shell with per-request substitutions
+// applied for the given WebContext.
+func renderIndex(index []byte, wc context.WebContext) ([]byte, error) {
+	// json.Marshal escapes <, >, and &, so the payload cannot break out of the surrounding <script>.
+	payload, err := json.Marshal(struct {
+		Lang   string `json:"lang"`
+		SubURL string `json:"subURL"`
+	}{
+		Lang:   wc.Lang,
+		SubURL: wc.SubURL,
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "marshal web context")
+	}
+	script := `<script>window.__webContext=` + string(payload) +
+		`;document.documentElement.lang=window.__webContext.lang;</script>`
+
+	pairs := []string{
+		"{{.WebContext}}", script,
+	}
+	if wc.SubURL != "" {
+		// Prefix Vite's absolute root paths with the subpath for non-root mounts.
+		pairs = append(pairs,
+			`src="/assets/`, `src="`+wc.SubURL+`/assets/`,
+			`href="/assets/`, `href="`+wc.SubURL+`/assets/`,
+			`src="/src/`, `src="`+wc.SubURL+`/src/`,
+			`href="/img/`, `href="`+wc.SubURL+`/img/`,
+		)
+	}
+	return []byte(strings.NewReplacer(pairs...).Replace(string(index))), nil
+}
+
+func healthCheck(w http.ResponseWriter, r *http.Request) {
+	if err := database.Ping(); err != nil {
+		w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+		w.WriteHeader(http.StatusServiceUnavailable)
+		_, _ = fmt.Fprintf(w, "* Database connection: %s\n", err)
+		return
+	}
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	w.WriteHeader(http.StatusOK)
+	if r.Method == http.MethodHead {
+		return
+	}
+	_, _ = w.Write([]byte("* Database connection: OK\n"))
+}
@@ -0,0 +1,182 @@
+package web
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/flamego"
+	"github.com/gogs/git-module"
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/gitx"
+	"gogs.io/gogs/internal/repox"
+	"gogs.io/gogs/internal/tool"
+	log "unknwon.dev/clog/v2"
+)
+
+// whitespaceFlag maps the `whitespace` query value to its `git diff` flag.
+// `ignore-change` (`-b`) still surfaces added/removed blank lines, unlike
+// `ignore-all` (`-w`). Empty or unknown values disable whitespace handling.
+func whitespaceFlag(v string) string {
+	switch v {
+	case "ignore-all":
+		return "-w"
+	case "ignore-change":
+		return "-b"
+	default:
+		return ""
+	}
+}
+
+func writeErrorResponse(w http.ResponseWriter, code int, err error) {
+	w.Header().Set("Cache-Control", "no-store")
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+	message := err.Error()
+	// Match the JSON-API ReturnHandler: in prod, never leak 5xx detail.
+	if code >= http.StatusInternalServerError && conf.IsProdMode() {
+		message = "Internal server error"
+	}
+	w.WriteHeader(code)
+	_ = json.NewEncoder(w).Encode(map[string]string{"error": message})
+}
+
+func getRepoCommitRaw(c flamego.Context, repoCtx *repoContext) {
+	w := c.ResponseWriter()
+	if !repoCtx.ViewerCanRead() {
+		writeErrorResponse(w, http.StatusNotFound, errors.New("repository does not exist"))
+		return
+	}
+
+	owner := repoCtx.Owner
+	repo := repoCtx.Repo
+	sha := c.Param("sha")
+	format := c.Param("format")
+
+	gitRepo, err := git.Open(repox.RepositoryPath(owner.Name, repo.Name))
+	if err != nil {
+		log.Error("getRepoCommitRaw: open repository %q/%q: %v", owner.Name, repo.Name, err)
+		writeErrorResponse(w, http.StatusInternalServerError, errors.Wrap(err, "open repository"))
+		return
+	}
+
+	if _, err = gitRepo.CatFileCommit(sha); err != nil {
+		if gitx.IsErrRevisionNotExist(err) {
+			writeErrorResponse(w, http.StatusNotFound, errors.New("commit does not exist"))
+			return
+		}
+		log.Error("getRepoCommitRaw: cat-file commit %q in %q/%q: %v", sha, owner.Name, repo.Name, err)
+		writeErrorResponse(w, http.StatusInternalServerError, errors.Wrap(err, "cat-file commit"))
+		return
+	}
+
+	var rawOpts []git.RawDiffOptions
+	if flag := whitespaceFlag(c.Request().URL.Query().Get("whitespace")); flag != "" {
+		rawOpts = append(rawOpts, git.RawDiffOptions{
+			CommandOptions: git.CommandOptions{Args: []string{flag}},
+		})
+	}
+
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	w.Header().Set("Cache-Control", "no-store")
+	if err = gitRepo.RawDiff(sha, git.RawDiffFormat(format), w, rawOpts...); err != nil {
+		log.Error("getRepoCommitRaw: get raw diff %s: %v", sha, err)
+	}
+}
+
+// resolveRef resolves ref as a commit SHA, then a branch name, then a tag
+// name, in that order. A branch and tag of the same name resolve to the branch.
+func resolveRef(gitRepo *git.Repository, ref string) (*git.Commit, error) {
+	commit, err := gitRepo.CatFileCommit(ref)
+	if err == nil {
+		return commit, nil
+	}
+	if !gitx.IsErrRevisionNotExist(err) {
+		return nil, errors.Wrap(err, "cat-file commit")
+	}
+	commit, err = gitRepo.BranchCommit(ref)
+	if err == nil {
+		return commit, nil
+	}
+	if !gitx.IsErrRevisionNotExist(err) {
+		return nil, errors.Wrap(err, "get branch commit")
+	}
+	commit, err = gitRepo.TagCommit(ref)
+	if err != nil {
+		return nil, errors.Wrap(err, "get tag commit")
+	}
+	return commit, nil
+}
+
+func getRepoRawFile(c flamego.Context, repoCtx *repoContext) {
+	w := c.ResponseWriter()
+	if !repoCtx.ViewerCanRead() {
+		writeErrorResponse(w, http.StatusNotFound, errors.New("repository does not exist"))
+		return
+	}
+
+	owner := repoCtx.Owner
+	repo := repoCtx.Repo
+	rawRef := c.Param("ref")
+	filepath := c.Param("filepath")
+
+	ref, err := url.PathUnescape(rawRef)
+	if err != nil {
+		writeErrorResponse(w, http.StatusNotFound, errors.New("ref does not exist"))
+		return
+	}
+
+	gitRepo, err := git.Open(repox.RepositoryPath(owner.Name, repo.Name))
+	if err != nil {
+		log.Error("getRepoRawFile: open repository %q/%q: %v", owner.Name, repo.Name, err)
+		writeErrorResponse(w, http.StatusInternalServerError, errors.Wrap(err, "open repository"))
+		return
+	}
+
+	commit, err := resolveRef(gitRepo, ref)
+	if err != nil {
+		if gitx.IsErrRevisionNotExist(err) {
+			writeErrorResponse(w, http.StatusNotFound, errors.New("ref does not exist"))
+			return
+		}
+		log.Error("getRepoRawFile: resolve ref %q in %q/%q: %v", ref, owner.Name, repo.Name, err)
+		writeErrorResponse(w, http.StatusInternalServerError, errors.Wrap(err, "resolve ref"))
+		return
+	}
+
+	blob, err := commit.Blob(filepath)
+	if err != nil {
+		if gitx.IsErrRevisionNotExist(err) || errors.Is(err, git.ErrNotBlob) {
+			writeErrorResponse(w, http.StatusNotFound, errors.New("file does not exist"))
+			return
+		}
+		log.Error("getRepoRawFile: blob %s:%s in %q/%q: %v", commit.ID, filepath, owner.Name, repo.Name, err)
+		writeErrorResponse(w, http.StatusInternalServerError, errors.Wrap(err, "get blob"))
+		return
+	}
+
+	data, err := blob.Bytes()
+	if err != nil {
+		log.Error("getRepoRawFile: read blob %s:%s: %v", commit.ID, filepath, err)
+		writeErrorResponse(w, http.StatusInternalServerError, errors.Wrap(err, "read blob"))
+		return
+	}
+
+	if pathCommit, err := commit.CommitByPath(git.CommitByRevisionOptions{Path: filepath}); err == nil && pathCommit != nil {
+		w.Header().Set("Last-Modified", pathCommit.Committer.When.Format(http.TimeFormat))
+	}
+
+	render, _ := strconv.ParseBool(c.Request().URL.Query().Get("render"))
+	switch {
+	case !tool.IsTextFile(data) && !tool.IsImageFile(data):
+		w.Header().Set("Content-Disposition", `attachment; filename="`+path.Base(filepath)+`"`)
+		w.Header().Set("Content-Transfer-Encoding", "binary")
+	case tool.IsTextFile(data) && (!conf.Repository.EnableRawFileRenderMode || !render):
+		w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	}
+
+	_, _ = w.Write(data)
+}
@@ -0,0 +1,219 @@
+package web
+
+import (
+	stdctx "context"
+	"encoding/json"
+	"net/http"
+	"reflect"
+	"regexp"
+	"strings"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/binding"
+	"github.com/flamego/flamego"
+	"github.com/flamego/session"
+	"github.com/flamego/validator"
+	"github.com/go-macaron/i18n"
+	macaronsession "github.com/go-macaron/session"
+	"gopkg.in/macaron.v1"
+
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/database"
+)
+
+type (
+	webAPIUserKey    struct{}
+	webAPISessionKey struct{}
+	webAPIMacaronKey struct{}
+	webAPILocaleKey  struct{}
+)
+
+func flamegoBridger(webHandler http.Handler) func(c *context.Context, l i18n.Locale) {
+	return func(c *context.Context, l i18n.Locale) {
+		ctx := c.Req.Context()
+		ctx = stdctx.WithValue(ctx, webAPIUserKey{}, c.User)
+		ctx = stdctx.WithValue(ctx, webAPISessionKey{}, c.Session)
+		ctx = stdctx.WithValue(ctx, webAPIMacaronKey{}, c.Context)
+		ctx = stdctx.WithValue(ctx, webAPILocaleKey{}, l)
+		webHandler.ServeHTTP(c.Resp, c.Req.WithContext(ctx))
+	}
+}
+
+func flamegoInjector(c flamego.Context) {
+	ctx := c.Request().Context()
+	user, _ := ctx.Value(webAPIUserKey{}).(*database.User)
+	sess, _ := ctx.Value(webAPISessionKey{}).(macaronsession.Store)
+	mc, _ := ctx.Value(webAPIMacaronKey{}).(*macaron.Context)
+	l, _ := ctx.Value(webAPILocaleKey{}).(i18n.Locale)
+	c.Map(user, sess, mc, l)
+	c.MapTo(flamegoSessionAdapter{sess: sess}, (*session.Session)(nil))
+}
+
+// flamegoSessionAdapter exposes the underlying Macaron session via the Flamego
+// session interface so the captcha middleware (and any future Flamego-native
+// session consumer) can read/write the same session store the rest of the app
+// uses.
+type flamegoSessionAdapter struct {
+	sess macaronsession.Store
+}
+
+func (s flamegoSessionAdapter) ID() string                      { return s.sess.ID() }
+func (s flamegoSessionAdapter) Get(key interface{}) interface{} { return s.sess.Get(key) }
+func (s flamegoSessionAdapter) Set(key, val interface{})        { _ = s.sess.Set(key, val) }
+func (s flamegoSessionAdapter) SetFlash(val interface{})        { _ = s.sess.Set("_flash", val) }
+func (s flamegoSessionAdapter) Delete(key interface{})          { _ = s.sess.Delete(key) }
+func (s flamegoSessionAdapter) Flush()                          { _ = s.sess.Flush() }
+func (s flamegoSessionAdapter) Encode() ([]byte, error)         { return nil, nil }
+
+func enforceWebAPIMaxBodySize(c flamego.Context) {
+	r := c.Request().Request
+	r.Body = http.MaxBytesReader(c.ResponseWriter(), r.Body, 4*1024) // 4 KiB
+}
+
+// webAPIValidator is the shared validator instance used by every webapi
+// binding. Registering the json-tag name function makes validation errors
+// carry the wire field name (e.g. "recoveryCode") via ve.Field(), so the
+// 400 payload keys match what the React client sends and reads.
+var webAPIValidator = func() *validator.Validate {
+	v := validator.New()
+	v.RegisterTagNameFunc(func(fld reflect.StructField) string {
+		name := strings.SplitN(fld.Tag.Get("json"), ",", 2)[0]
+		if name == "-" {
+			return ""
+		}
+		return name
+	})
+	_ = v.RegisterValidation("alphadashdot", func(fl validator.FieldLevel) bool {
+		return !alphaDashDotInvalid.MatchString(fl.Field().String())
+	})
+	return v
+}()
+
+var alphaDashDotInvalid = regexp.MustCompile(`[^\d\w\-_\.]`)
+
+// bindJSON binds the request body to T. On binding or validation failure it
+// short-circuits with a 400 carrying the standard renderBindingErrors payload,
+// so downstream handlers can drop the `if len(bindErrs) > 0` boilerplate and
+// the binding.Errors parameter entirely.
+func bindJSON(model any) flamego.Handler {
+	return binding.JSON(model, binding.Options{
+		Validator: webAPIValidator,
+		ErrorHandler: func(c flamego.Context, l i18n.Locale, errs binding.Errors) {
+			w := c.ResponseWriter()
+			w.Header().Set("Cache-Control", "no-store")
+			w.Header().Set("Content-Type", "application/json; charset=utf-8")
+			w.WriteHeader(http.StatusBadRequest)
+			_ = json.NewEncoder(w).Encode(renderBindingErrors(l, errs))
+		},
+	})
+}
+
+func mountWebAPIRoutes(f *flamego.Flame) {
+	f.Group("/api/web", func() {
+		f.Group("/user", func() {
+			f.Get("/info", getUserInfo)
+			f.Combo("/sign-up").
+				Get(getUserSignUp).
+				Post(bindJSON(userSignUpRequest{}), postUserSignUp)
+			f.Group("/reset-password", func() {
+				f.Combo("").
+					Get(getUserResetPassword).
+					Post(bindJSON(userResetPasswordEmailRequest{}), postUserResetPassword)
+				f.Post("/complete", bindJSON(userResetPasswordCompleteRequest{}), postUserResetPasswordComplete)
+			})
+			f.Combo("/sign-in").
+				Get(getUserSignIn).
+				Post(bindJSON(userSignInRequest{}), postUserSignIn)
+			f.Group("/mfa", func() {
+				f.Combo("").
+					Get(getUserMFA).
+					Post(bindJSON(userMFARequest{}), postUserMFA)
+				f.Post("/recovery", bindJSON(userMFARecoveryRequest{}), postUserMFARecovery)
+			})
+			f.Group("/activate", func() {
+				f.Combo("").
+					Get(getUserActivate).
+					Post(postUserActivate)
+				f.Post("/complete", bindJSON(userActivateCompleteRequest{}), postUserActivateComplete)
+			})
+			f.Post("/sign-out", postUserSignOut)
+		})
+		f.Group("/{owner}/{repo}", func() {
+			f.Get("/header", getRepoHeader)
+			f.Get("/commit/{sha: /[0-9a-f]{7,40}/}", getRepoCommit)
+			f.Combo("/watch").Post(postRepoWatch).Delete(deleteRepoWatch)
+			f.Combo("/star").Post(postRepoStar).Delete(deleteRepoStar)
+		}, withRepoContext)
+	}, enforceWebAPIMaxBodySize)
+}
+
+// fieldErrors maps JSON field names to per-field localized messages. A non-nil
+// value renders inline under the input. A nil value marks the input as
+// invalid (highlight + focus eligibility) without duplicating text. Used in
+// concert with bindingErrorResponse.Error to surface one banner message while
+// highlighting multiple inputs.
+type fieldErrors map[string]*string
+
+// bindingErrorResponse carries form-validation failures. Error is the top-level
+// message shown as a banner above the form (used when the failure is not tied
+// to a specific input, e.g. malformed body, bad credentials).
+type bindingErrorResponse struct {
+	Error  string      `json:"error,omitempty"`
+	Fields fieldErrors `json:"fields,omitempty"`
+}
+
+// ruleSuffixKeys maps a validator tag to the shared "form.*_error" suffix key
+// (e.g. "max" -> "form.max_size_error"). Messages are composed as
+// <field label> + <suffix>, mirroring the legacy Macaron binding behavior.
+var ruleSuffixKeys = map[string]string{
+	"required":     "form.require_error",
+	"max":          "form.max_size_error",
+	"min":          "form.min_size_error",
+	"len":          "form.size_error",
+	"email":        "form.email_error",
+	"url":          "form.url_error",
+	"alphadashdot": "form.alpha_dash_dot_error",
+}
+
+// renderBindingErrors maps binding.Errors to the response shape, looking up
+// localized messages via the request's locale. The per-field label comes from
+// "form.<StructField>" (e.g. "form.UserName"); the rule suffix comes from
+// ruleSuffixKeys. Rule parameters (e.g. "254" for `max=254`) are passed
+// through to the suffix translation for %s expansion. Always HTTP 400.
+func renderBindingErrors(l i18n.Locale, errs binding.Errors) *bindingErrorResponse {
+	for _, e := range errs {
+		if e.Category == binding.ErrorCategoryDeserialization {
+			return &bindingErrorResponse{Error: l.Tr("form.invalid_request") + ": " + e.Err.Error()}
+		}
+	}
+
+	out := make(fieldErrors)
+	for _, e := range errs {
+		var ves validator.ValidationErrors
+		ok := errors.As(e.Err, &ves)
+		if !ok {
+			continue
+		}
+		for _, ve := range ves {
+			field := ve.Field()
+			if _, exists := out[field]; exists {
+				// Keep the first rule that failed for a given field so the client renders one
+				// message per input. Subsequent rules surface only after the first is fixed.
+				continue
+			}
+			label := l.Tr("form." + ve.StructField())
+			suffixKey, known := ruleSuffixKeys[ve.Tag()]
+			var msg string
+			switch {
+			case !known:
+				msg = l.Tr("form.unknown_error") + " " + ve.Tag()
+			case ve.Param() != "":
+				msg = label + l.Tr(suffixKey, ve.Param())
+			default:
+				msg = label + l.Tr(suffixKey)
+			}
+			out[field] = &msg
+		}
+	}
+	return &bindingErrorResponse{Fields: out}
+}
@@ -0,0 +1,248 @@
+package web
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/flamego"
+	"github.com/gogs/git-module"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/database"
+	"gogs.io/gogs/internal/gitx"
+	"gogs.io/gogs/internal/repox"
+	"gogs.io/gogs/internal/strx"
+	"gogs.io/gogs/internal/tool"
+)
+
+type repoHeader struct {
+	ID                   int64  `json:"id"`
+	Owner                string `json:"owner"`
+	Name                 string `json:"name"`
+	AvatarURL            string `json:"avatarURL"`
+	Visibility           string `json:"visibility"`
+	MirrorOf             string `json:"mirrorOf,omitempty"`
+	WatchCount           int    `json:"watchCount"`
+	StarCount            int    `json:"starCount"`
+	ForkCount            int    `json:"forkCount"`
+	IssuesEnabled        bool   `json:"issuesEnabled"`
+	OpenIssueCount       int    `json:"openIssueCount"`
+	PullRequestsEnabled  bool   `json:"pullRequestsEnabled"`
+	OpenPullRequestCount int    `json:"openPullRequestCount"`
+	WikiEnabled          bool   `json:"wikiEnabled"`
+
+	ViewerCanAdminister bool `json:"viewerCanAdminister"`
+	ViewerIsWatching    bool `json:"viewerIsWatching"`
+	ViewerIsStarring    bool `json:"viewerIsStarring"`
+}
+
+func getRepoHeader(repoCtx *repoContext) (statusCode int, resp *repoHeader, err error) {
+	owner := repoCtx.Owner
+	repo := repoCtx.Repo
+
+	issuesEnabled := repo.EnableIssues
+	wikiEnabled := repo.EnableWiki
+	if !repoCtx.ViewerCanRead() {
+		if !repo.IsPartialPublic() {
+			return http.StatusNotFound, nil, errors.New("repository does not exist")
+		}
+		issuesEnabled = repo.CanGuestViewIssues()
+		wikiEnabled = repo.CanGuestViewWiki()
+	}
+
+	visibility := "public"
+	if repo.IsPrivate {
+		visibility = "private"
+	}
+
+	resp = &repoHeader{
+		ID:                   repo.ID,
+		Owner:                owner.Name,
+		Name:                 repo.Name,
+		AvatarURL:            strx.Coalesce(repo.AvatarLink(), owner.AvatarURL()),
+		Visibility:           visibility,
+		WatchCount:           repo.NumWatches,
+		StarCount:            repo.NumStars,
+		ForkCount:            repo.NumForks,
+		IssuesEnabled:        issuesEnabled,
+		OpenIssueCount:       repo.NumIssues - repo.NumClosedIssues,
+		PullRequestsEnabled:  repo.AllowsPulls(),
+		OpenPullRequestCount: repo.NumPulls - repo.NumClosedPulls,
+		WikiEnabled:          wikiEnabled,
+
+		ViewerCanAdminister: repoCtx.ViewerCanAdminister(),
+		ViewerIsWatching:    database.IsWatching(repoCtx.ViewerID, repo.ID),
+		ViewerIsStarring:    database.IsStarring(repoCtx.ViewerID, repo.ID),
+	}
+
+	if repo.IsMirror {
+		mirror, err := database.GetMirrorByRepoID(repo.ID)
+		if err != nil {
+			log.Error("getRepoHeader: get mirror by repo ID %d: %v", repo.ID, err)
+		} else if mirror != nil {
+			resp.MirrorOf = mirror.Address()
+		}
+	}
+
+	return http.StatusOK, resp, nil
+}
+
+type repoCommitSignature struct {
+	Name       string    `json:"name"`
+	Email      string    `json:"email"`
+	When       time.Time `json:"when"`
+	AvatarURL  string    `json:"avatarURL"`
+	ProfileURL string    `json:"profileURL,omitempty"`
+}
+
+type repoCommit struct {
+	SHA     string              `json:"sha"`
+	Subject string              `json:"subject"`
+	Body    string              `json:"body"`
+	Author  repoCommitSignature `json:"author"`
+	Parents []string            `json:"parents"`
+}
+
+func getRepoCommit(c flamego.Context, repoCtx *repoContext) (statusCode int, resp *repoCommit, err error) {
+	if !repoCtx.ViewerCanRead() {
+		return http.StatusNotFound, nil, errors.New("repository does not exist")
+	}
+
+	ctx := c.Request().Context()
+	owner := repoCtx.Owner
+	repo := repoCtx.Repo
+	commitID := c.Param("sha")
+
+	gitRepo, err := git.Open(repox.RepositoryPath(owner.Name, repo.Name))
+	if err != nil {
+		log.Error("getRepoCommit: open repository %q/%q: %v", owner.Name, repo.Name, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "open repository")
+	}
+
+	commit, err := gitRepo.CatFileCommit(commitID)
+	if err != nil {
+		if gitx.IsErrRevisionNotExist(err) {
+			return http.StatusNotFound, nil, nil
+		}
+		log.Error("getRepoCommit: cat-file commit %q in %q/%q: %v", commitID, owner.Name, repo.Name, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "cat-file commit")
+	}
+
+	parents := make([]string, commit.ParentsCount())
+	for i := 0; i < commit.ParentsCount(); i++ {
+		sha, err := commit.ParentID(i)
+		if err != nil {
+			log.Error("getRepoCommit: parent ID %d for %q in %q/%q: %v", i, commitID, owner.Name, repo.Name, err)
+			return http.StatusInternalServerError, nil, errors.Wrap(err, "parent ID")
+		}
+		parents[i] = sha.String()
+	}
+
+	toSignature := func(s *git.Signature) repoCommitSignature {
+		sig := repoCommitSignature{
+			Name:      s.Name,
+			Email:     s.Email,
+			When:      s.When.UTC(),
+			AvatarURL: tool.AvatarLink(s.Email),
+		}
+		if u, err := database.Handle.Users().GetByEmail(ctx, s.Email); err == nil && u != nil {
+			sig.ProfileURL = conf.Server.Subpath + "/" + u.Name
+		}
+		return sig
+	}
+
+	subject := commit.Summary()
+	var body string
+	if msg := commit.Message; len(msg) > len(subject) {
+		body = msg[len(subject):]
+	}
+
+	return http.StatusOK, &repoCommit{
+		SHA:     commitID,
+		Subject: subject,
+		Body:    body,
+		Author:  toSignature(commit.Author),
+		Parents: parents,
+	}, nil
+}
+
+type repoWatchResponse struct {
+	WatchCount int `json:"watchCount"`
+}
+
+func repoWatchAction(ctx context.Context, repoCtx *repoContext, watching bool) (statusCode int, resp *repoWatchResponse, err error) {
+	if repoCtx.ViewerCanRead() {
+		return http.StatusNotFound, nil, errors.New("repository does not exist")
+	}
+
+	repo := repoCtx.Repo
+
+	if watching {
+		err = database.Handle.Repositories().Watch(ctx, repoCtx.ViewerID, repo.ID)
+	} else {
+		err = database.WatchRepo(repoCtx.ViewerID, repo.ID, false)
+	}
+	if err != nil {
+		log.Error("repoWatchAction: set watching=%t for user %d on repo %d: %v", watching, repoCtx.ViewerID, repo.ID, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "watch repo")
+	}
+
+	updated, err := database.Handle.Repositories().GetByName(ctx, repo.OwnerID, repo.Name)
+	if err != nil {
+		log.Error("repoWatchAction: reload repo %d (%q): %v", repo.ID, repo.Name, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "reload repo")
+	}
+	return http.StatusOK, &repoWatchResponse{
+		WatchCount: updated.NumWatches,
+	}, nil
+}
+
+func postRepoWatch(c flamego.Context, repoCtx *repoContext) (statusCode int, resp *repoWatchResponse, err error) {
+	return repoWatchAction(c.Request().Context(), repoCtx, true)
+}
+
+func deleteRepoWatch(c flamego.Context, repoCtx *repoContext) (statusCode int, resp *repoWatchResponse, err error) {
+	return repoWatchAction(c.Request().Context(), repoCtx, false)
+}
+
+type repoStarResponse struct {
+	StarCount int `json:"starCount"`
+}
+
+func repoStarAction(ctx context.Context, repoCtx *repoContext, starring bool) (statusCode int, resp *repoStarResponse, err error) {
+	if !repoCtx.ViewerCanRead() {
+		return http.StatusNotFound, nil, errors.New("repository does not exist")
+	}
+
+	repo := repoCtx.Repo
+
+	if starring {
+		err = database.Handle.Repositories().Star(ctx, repoCtx.ViewerID, repo.ID)
+	} else {
+		err = database.StarRepo(repoCtx.ViewerID, repo.ID, false)
+	}
+	if err != nil {
+		log.Error("repoStarAction: set starred=%t for user %d on repo %d: %v", starring, repoCtx.ViewerID, repo.ID, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "star repo")
+	}
+
+	updated, err := database.Handle.Repositories().GetByName(ctx, repo.OwnerID, repo.Name)
+	if err != nil {
+		log.Error("repoStarAction: reload repo %d (%q): %v", repo.ID, repo.Name, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "reload repo")
+	}
+	return http.StatusOK, &repoStarResponse{
+		StarCount: updated.NumStars,
+	}, nil
+}
+
+func postRepoStar(c flamego.Context, repoCtx *repoContext) (statusCode int, resp *repoStarResponse, err error) {
+	return repoStarAction(c.Request().Context(), repoCtx, true)
+}
+
+func deleteRepoStar(c flamego.Context, repoCtx *repoContext) (statusCode int, resp *repoStarResponse, err error) {
+	return repoStarAction(c.Request().Context(), repoCtx, false)
+}
@@ -0,0 +1,514 @@
+package web
+
+import (
+	stdctx "context"
+	"encoding/hex"
+	"net/http"
+	"os"
+	"strconv"
+	"time"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/cache"
+	"github.com/flamego/captcha"
+	"github.com/flamego/session"
+	"github.com/go-macaron/i18n"
+	macaronsession "github.com/go-macaron/session"
+	"gopkg.in/macaron.v1"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/auth"
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/database"
+	"gogs.io/gogs/internal/email"
+	"gogs.io/gogs/internal/tool"
+	"gogs.io/gogs/internal/userx"
+)
+
+func parseUserFromCode(ctx stdctx.Context, code string) (user *database.User) {
+	if len(code) <= tool.TimeLimitCodeLength {
+		return nil
+	}
+
+	hexStr := code[tool.TimeLimitCodeLength:]
+	if b, err := hex.DecodeString(hexStr); err == nil {
+		if user, err = database.Handle.Users().GetByUsername(ctx, string(b)); user != nil {
+			return user
+		} else if !database.IsErrUserNotExist(err) {
+			log.Error("parseUserFromCode: get user by name %q: %v", string(b), err)
+		}
+	}
+	return nil
+}
+
+func verifyUserActiveCode(ctx stdctx.Context, code string) (user *database.User) {
+	if user = parseUserFromCode(ctx, code); user != nil {
+		prefix := code[:tool.TimeLimitCodeLength]
+		data := strconv.FormatInt(user.ID, 10) + user.Email + user.LowerName + user.Password + user.Rands
+		if tool.VerifyTimeLimitCode(data, conf.Auth.ActivateCodeLives, prefix) {
+			return user
+		}
+	}
+	return nil
+}
+
+type loginSource struct {
+	ID        int64  `json:"id"`
+	Name      string `json:"name"`
+	IsDefault bool   `json:"isDefault"`
+}
+
+type getUserSignInResponse struct {
+	LoginSources []loginSource `json:"loginSources"`
+}
+
+type getUserSignUpResponse struct {
+	RegistrationDisabled bool `json:"registrationDisabled"`
+	CaptchaEnabled       bool `json:"captchaEnabled"`
+}
+
+func getUserSignUp() (statusCode int, resp *getUserSignUpResponse, err error) {
+	return http.StatusOK, &getUserSignUpResponse{
+		RegistrationDisabled: conf.Auth.DisableRegistration,
+		CaptchaEnabled:       conf.Auth.EnableRegistrationCaptcha,
+	}, nil
+}
+
+type userSignUpRequest struct {
+	UserName string `json:"userName" validate:"required,alphadashdot,max=35"`
+	Email    string `json:"email" validate:"required,email,max=254"`
+	Password string `json:"password" validate:"required,max=255"`
+	Captcha  string `json:"captcha"`
+}
+
+type userSignUpResponse struct {
+	EmailConfirmationRequired bool   `json:"emailConfirmationRequired,omitempty"`
+	Email                     string `json:"email,omitempty"`
+	Hours                     int    `json:"hours,omitempty"`
+}
+
+func postUserSignUp(r *http.Request, mc *macaron.Context, ca cache.Cache, l i18n.Locale, cpt captcha.Captcha, req userSignUpRequest) (statusCode int, resp any, err error) {
+	if conf.Auth.DisableRegistration {
+		return http.StatusForbidden, &bindingErrorResponse{Error: l.Tr("auth.disable_register_prompt")}, nil
+	}
+	if conf.Auth.EnableRegistrationCaptcha && !cpt.ValidText(req.Captcha) {
+		msg := l.Tr("form.captcha_incorrect")
+		return http.StatusUnauthorized, &bindingErrorResponse{
+			Fields: fieldErrors{"captcha": &msg},
+		}, nil
+	}
+	u, err := database.Handle.Users().Create(
+		r.Context(),
+		req.UserName,
+		req.Email,
+		database.CreateUserOptions{
+			Password:  req.Password,
+			Activated: !conf.Auth.RequireEmailConfirmation,
+		},
+	)
+	if err != nil {
+		switch {
+		case database.IsErrUserAlreadyExist(err):
+			msg := l.Tr("form.username_been_taken")
+			return http.StatusUnprocessableEntity, &bindingErrorResponse{Fields: fieldErrors{"userName": &msg}}, nil
+		case database.IsErrEmailAlreadyUsed(err):
+			msg := l.Tr("form.email_been_used")
+			return http.StatusUnprocessableEntity, &bindingErrorResponse{Fields: fieldErrors{"email": &msg}}, nil
+		case database.IsErrNameNotAllowed(err):
+			msg := l.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value())
+			return http.StatusBadRequest, &bindingErrorResponse{Fields: fieldErrors{"userName": &msg}}, nil
+		default:
+			log.Error("postUserSignUp: create user %q: %v", req.UserName, err)
+			return http.StatusInternalServerError, nil, errors.Wrap(err, "create user")
+		}
+	}
+	log.Trace("Account created: %s", u.Name)
+
+	if database.Handle.Users().Count(r.Context()) == 1 {
+		v := true
+		err := database.Handle.Users().Update(
+			r.Context(),
+			u.ID,
+			database.UpdateUserOptions{
+				IsActivated: &v,
+				IsAdmin:     &v,
+			},
+		)
+		if err != nil {
+			log.Error("postUserSignUp: update first user %q: %v", u.Name, err)
+			return http.StatusInternalServerError, nil, errors.Wrap(err, "update user")
+		}
+	}
+
+	if conf.Auth.RequireEmailConfirmation && u.ID > 1 {
+		if err := email.SendActivateAccountMail(mc, database.NewMailerUser(u)); err != nil {
+			log.Error("postUserSignUp: send activation mail to user %q: %v", u.Name, err)
+		}
+		if err := ca.Set(r.Context(), userx.MailResendCacheKey(u.ID), 1, 180*time.Second); err != nil {
+			log.Error("postUserSignUp: put mail resend cache for user %q: %v", u.Name, err)
+		}
+		return http.StatusOK, &userSignUpResponse{
+			EmailConfirmationRequired: true,
+			Email:                     u.Email,
+			Hours:                     conf.Auth.ActivateCodeLives / 60,
+		}, nil
+	}
+
+	return http.StatusOK, &userSignUpResponse{}, nil
+}
+
+func getUserSignIn(r *http.Request) (statusCode int, resp *getUserSignInResponse, err error) {
+	sources, err := database.Handle.LoginSources().List(r.Context(), database.ListLoginSourceOptions{OnlyActivated: true})
+	if err != nil {
+		log.Error("getUserSignIn: list activated login sources: %v", err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "list activated login sources")
+	}
+	loginSources := make([]loginSource, 0, len(sources))
+	for _, s := range sources {
+		loginSources = append(loginSources, loginSource{ID: s.ID, Name: s.Name, IsDefault: s.IsDefault})
+	}
+	return http.StatusOK, &getUserSignInResponse{LoginSources: loginSources}, nil
+}
+
+type userSignInRequest struct {
+	Username    string `json:"username" validate:"required,max=254"`
+	Password    string `json:"password" validate:"required,max=255"`
+	LoginSource int64  `json:"loginSource"`
+}
+
+type getUserResetPasswordResponse struct {
+	EmailEnabled bool `json:"emailEnabled"`
+	Valid        bool `json:"valid"`
+}
+
+func getUserResetPassword(r *http.Request) (statusCode int, resp *getUserResetPasswordResponse, err error) {
+	code := r.URL.Query().Get("code")
+	return http.StatusOK, &getUserResetPasswordResponse{
+		EmailEnabled: conf.Email.Enabled,
+		Valid:        code != "" && verifyUserActiveCode(r.Context(), code) != nil,
+	}, nil
+}
+
+type userResetPasswordEmailRequest struct {
+	Email string `json:"email" validate:"required,email,max=254"`
+}
+
+type userResetPasswordCompleteRequest struct {
+	Code     string `json:"code" validate:"required"`
+	Password string `json:"password" validate:"required,min=6,max=255"`
+}
+
+type userResetPasswordResponse struct {
+	Hours         int  `json:"hours,omitempty"`
+	ResendLimited bool `json:"resendLimited,omitempty"`
+}
+
+func postUserResetPassword(r *http.Request, ca cache.Cache, l i18n.Locale, req userResetPasswordEmailRequest) (statusCode int, resp any, err error) {
+	if !conf.Email.Enabled {
+		return http.StatusForbidden, &bindingErrorResponse{Error: l.Tr("auth.disable_register_mail")}, nil
+	}
+
+	ctx := r.Context()
+	u, err := database.Handle.Users().GetByEmail(ctx, req.Email)
+	if err != nil {
+		if database.IsErrUserNotExist(err) {
+			return http.StatusOK, &userResetPasswordResponse{Hours: conf.Auth.ActivateCodeLives / 60}, nil
+		}
+		log.Error("postUserResetPassword: get user by email %q: %v", req.Email, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "get user by email")
+	}
+
+	if !u.IsLocal() {
+		msg := l.Tr("auth.non_local_account")
+		return http.StatusForbidden, &bindingErrorResponse{Fields: fieldErrors{"email": &msg}}, nil
+	}
+
+	if _, err := ca.Get(ctx, userx.MailResendCacheKey(u.ID)); err == nil {
+		return http.StatusOK, &userResetPasswordResponse{
+			Hours:         conf.Auth.ActivateCodeLives / 60,
+			ResendLimited: true,
+		}, nil
+	} else if !errors.Is(err, os.ErrNotExist) {
+		log.Error("postUserResetPassword: get mail resend cache for user %q: %v", u.Name, err)
+	}
+
+	if err = email.SendResetPasswordMail(l, database.NewMailerUser(u)); err != nil {
+		log.Error("postUserResetPassword: send reset password mail to user %q: %v", u.Name, err)
+	}
+	if err = ca.Set(ctx, userx.MailResendCacheKey(u.ID), 1, 180*time.Second); err != nil {
+		log.Error("postUserResetPassword: put mail resend cache for user %q: %v", u.Name, err)
+	}
+
+	return http.StatusOK, &userResetPasswordResponse{Hours: conf.Auth.ActivateCodeLives / 60}, nil
+}
+
+func postUserResetPasswordComplete(r *http.Request, l i18n.Locale, req userResetPasswordCompleteRequest) (statusCode int, resp any, err error) {
+	u := verifyUserActiveCode(r.Context(), req.Code)
+	if u == nil {
+		return http.StatusBadRequest, &bindingErrorResponse{Error: l.Tr("auth.invalid_code")}, nil
+	}
+
+	if err := database.Handle.Users().Update(r.Context(), u.ID, database.UpdateUserOptions{Password: &req.Password}); err != nil {
+		log.Error("postUserResetPasswordComplete: update password for user %q: %v", u.Name, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "update user")
+	}
+
+	log.Trace("User password reset: %s", u.Name)
+	return http.StatusNoContent, nil, nil
+}
+
+type userSignInResponse struct {
+	// MFA is true when the account has MFA enabled and the password step
+	// succeeded but a second factor is still required. The client should
+	// navigate to /user/mfa to complete the challenge.
+	MFA bool `json:"mfa,omitempty"`
+}
+
+func postUserSignIn(r *http.Request, sess session.Session, mc *macaron.Context, l i18n.Locale, req userSignInRequest) (statusCode int, resp any, err error) {
+	u, err := database.Handle.Users().Authenticate(r.Context(), req.Username, req.Password, req.LoginSource)
+	if err != nil {
+		switch {
+		case auth.IsErrBadCredentials(err):
+			return http.StatusUnauthorized, &bindingErrorResponse{
+				Error:  l.Tr("form.username_password_incorrect"),
+				Fields: fieldErrors{"username": nil, "password": nil},
+			}, nil
+		case database.IsErrLoginSourceMismatch(err):
+			return http.StatusUnprocessableEntity, nil, errors.New(l.Tr("form.auth_source_mismatch"))
+		default:
+			log.Error("postUserSignIn: authenticate user %q: %v", req.Username, err)
+			return http.StatusInternalServerError, nil, errors.Wrap(err, "authenticate user")
+		}
+	}
+
+	if database.Handle.TwoFactors().IsEnabled(r.Context(), u.ID) {
+		sess.Set("mfaUserID", u.ID)
+		return http.StatusOK, &userSignInResponse{MFA: true}, nil
+	}
+
+	completeSignIn(sess, mc, u)
+	return http.StatusOK, &userSignInResponse{}, nil
+}
+
+// completeSignIn finalizes the sign-in session for u: writes the auth session,
+// clears any in-flight MFA state, and sets the login-status cookie. The
+// caller is responsible for navigating to a post-login destination via
+// /redirect?to=.
+func completeSignIn(sess session.Session, mc *macaron.Context, u *database.User) {
+	sess.Set("uid", u.ID)
+	sess.Set("uname", u.Name)
+	sess.Delete("mfaUserID")
+
+	mc.SetCookie(conf.Session.CSRFCookieName, "", -1, conf.Server.Subpath)
+	if conf.Security.EnableLoginStatusCookie {
+		mc.SetCookie(conf.Security.LoginStatusCookieName, "true", 0, conf.Server.Subpath)
+	}
+}
+
+func getUserMFA(sess session.Session) (statusCode int, resp any, err error) {
+	if _, ok := sess.Get("mfaUserID").(int64); !ok {
+		return http.StatusNotFound, nil, nil
+	}
+	return http.StatusNoContent, nil, nil
+}
+
+type userMFARequest struct {
+	Passcode string `json:"passcode" validate:"required,len=6"`
+}
+
+type userMFAResponse struct{}
+
+func postUserMFA(r *http.Request, sess session.Session, mc *macaron.Context, ca cache.Cache, l i18n.Locale, req userMFARequest) (statusCode int, resp any, err error) {
+	userID, ok := sess.Get("mfaUserID").(int64)
+	if !ok {
+		return http.StatusUnauthorized, &bindingErrorResponse{Error: l.Tr("auth.mfa_session_expired")}, nil
+	}
+
+	t, err := database.Handle.TwoFactors().GetByUserID(r.Context(), userID)
+	if err != nil {
+		log.Error("postUserMFA: get two factor by user ID %d: %v", userID, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "get two factor by user ID")
+	}
+
+	valid, err := t.ValidateTOTP(req.Passcode)
+	if err != nil {
+		log.Error("postUserMFA: validate TOTP for user %d: %v", userID, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "validate TOTP")
+	}
+	if !valid {
+		msg := l.Tr("auth.mfa_invalid_passcode")
+		return http.StatusUnauthorized, &bindingErrorResponse{
+			Fields: fieldErrors{"passcode": &msg},
+		}, nil
+	}
+
+	cacheKey := userx.TwoFactorCacheKey(userID, req.Passcode)
+	if _, err := ca.Get(r.Context(), cacheKey); err == nil {
+		msg := l.Tr("auth.mfa_reused_passcode")
+		return http.StatusUnauthorized, &bindingErrorResponse{
+			Fields: fieldErrors{"passcode": &msg},
+		}, nil
+	} else if !errors.Is(err, os.ErrNotExist) {
+		log.Error("postUserMFA: get two factor passcode cache for user %d: %v", userID, err)
+	}
+	if err = ca.Set(r.Context(), cacheKey, 1, 60*time.Second); err != nil {
+		log.Error("postUserMFA: cache two factor passcode for user %d: %v", userID, err)
+	}
+
+	u, err := database.Handle.Users().GetByID(r.Context(), userID)
+	if err != nil {
+		log.Error("postUserMFA: get user by ID %d: %v", userID, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "get user by ID")
+	}
+
+	completeSignIn(sess, mc, u)
+	return http.StatusOK, &userMFAResponse{}, nil
+}
+
+type userMFARecoveryRequest struct {
+	RecoveryCode string `json:"recoveryCode" validate:"required,len=11"`
+}
+
+func postUserMFARecovery(r *http.Request, sess session.Session, mc *macaron.Context, l i18n.Locale, req userMFARecoveryRequest) (statusCode int, resp any, err error) {
+	userID, ok := sess.Get("mfaUserID").(int64)
+	if !ok {
+		return http.StatusUnauthorized, &bindingErrorResponse{Error: l.Tr("auth.mfa_session_expired")}, nil
+	}
+
+	if err := database.Handle.TwoFactors().UseRecoveryCode(r.Context(), userID, req.RecoveryCode); err != nil {
+		if database.IsTwoFactorRecoveryCodeNotFound(err) {
+			msg := l.Tr("auth.mfa_invalid_recovery_code")
+			return http.StatusUnauthorized, &bindingErrorResponse{
+				Fields: fieldErrors{"recoveryCode": &msg},
+			}, nil
+		}
+		log.Error("postUserMFARecovery: use recovery code for user %d: %v", userID, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "use recovery code")
+	}
+
+	u, err := database.Handle.Users().GetByID(r.Context(), userID)
+	if err != nil {
+		log.Error("postUserMFARecovery: get user by ID %d: %v", userID, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "get user by ID")
+	}
+
+	completeSignIn(sess, mc, u)
+	return http.StatusOK, &userMFAResponse{}, nil
+}
+
+type userInfo struct {
+	Username              string `json:"username"`
+	AvatarURL             string `json:"avatarURL"`
+	IsAdmin               bool   `json:"isAdmin"`
+	CanCreateOrganization bool   `json:"canCreateOrganization"`
+}
+
+func getUserInfo(user *database.User) (statusCode int, resp *userInfo, err error) {
+	if user == nil {
+		return http.StatusNoContent, nil, nil
+	}
+	return http.StatusOK,
+		&userInfo{
+			Username:              user.Name,
+			AvatarURL:             user.AvatarURL(),
+			IsAdmin:               user.IsAdmin,
+			CanCreateOrganization: user.CanCreateOrganization(),
+		},
+		nil
+}
+
+type getUserActivateResponse struct {
+	Email             string `json:"email,omitempty"`
+	CodeLifetimeHours int    `json:"codeLifetimeHours,omitempty"`
+}
+
+func getUserActivate(u *database.User) (statusCode int, resp any, err error) {
+	if u == nil {
+		return http.StatusUnauthorized, nil, nil
+	}
+	// An already-active and authenticated user has no business on the activation page.
+	if u.IsActive {
+		return http.StatusNotFound, nil, nil
+	}
+	return http.StatusOK, &getUserActivateResponse{
+		Email:             u.Email,
+		CodeLifetimeHours: conf.Auth.ActivateCodeLives / 60,
+	}, nil
+}
+
+type postUserActivateResponse struct {
+	RateLimited       bool `json:"rateLimited,omitempty"`
+	CodeLifetimeHours int  `json:"codeLifetimeHours,omitempty"`
+}
+
+func postUserActivate(r *http.Request, u *database.User, mc *macaron.Context, ca cache.Cache, l i18n.Locale) (statusCode int, resp any, err error) {
+	if u == nil {
+		return http.StatusUnauthorized, nil, nil
+	}
+	if u.IsActive {
+		return http.StatusNotFound, nil, nil
+	}
+	if !conf.Auth.RequireEmailConfirmation {
+		return http.StatusForbidden, &bindingErrorResponse{Error: l.Tr("auth.disable_register_mail")}, nil
+	}
+
+	ctx := r.Context()
+	if _, err := ca.Get(ctx, userx.MailResendCacheKey(u.ID)); err == nil {
+		return http.StatusOK, &postUserActivateResponse{
+			RateLimited:       true,
+			CodeLifetimeHours: conf.Auth.ActivateCodeLives / 60,
+		}, nil
+	} else if !errors.Is(err, os.ErrNotExist) {
+		log.Error("postUserActivate: get mail resend cache for user %q: %v", u.Name, err)
+	}
+
+	if err := email.SendActivateAccountMail(mc, database.NewMailerUser(u)); err != nil {
+		log.Error("postUserActivate: send activation mail to user %q: %v", u.Name, err)
+	}
+	if err := ca.Set(ctx, userx.MailResendCacheKey(u.ID), 1, 180*time.Second); err != nil {
+		log.Error("postUserActivate: put mail resend cache for user %q: %v", u.Name, err)
+	}
+	return http.StatusOK, &postUserActivateResponse{CodeLifetimeHours: conf.Auth.ActivateCodeLives / 60}, nil
+}
+
+type userActivateCompleteRequest struct {
+	Code string `json:"code" validate:"required"`
+}
+
+func postUserActivateComplete(r *http.Request, sess session.Session, mc *macaron.Context, l i18n.Locale, req userActivateCompleteRequest) (statusCode int, resp any, err error) {
+	target := verifyUserActiveCode(r.Context(), req.Code)
+	if target == nil {
+		return http.StatusBadRequest, &bindingErrorResponse{Error: l.Tr("auth.invalid_code")}, nil
+	}
+
+	v := true
+	if err := database.Handle.Users().Update(
+		r.Context(),
+		target.ID,
+		database.UpdateUserOptions{
+			GenerateNewRands: true,
+			IsActivated:      &v,
+		},
+	); err != nil {
+		log.Error("postUserActivateComplete: update user %q: %v", target.Name, err)
+		return http.StatusInternalServerError, nil, errors.Wrap(err, "update user")
+	}
+
+	log.Trace("User activated: %s", target.Name)
+	completeSignIn(sess, mc, target)
+	return http.StatusNoContent, nil, nil
+}
+
+type postUserSignOutResponse struct {
+	RedirectTo string `json:"redirectTo,omitempty"`
+}
+
+func postUserSignOut(sess macaronsession.Store, mc *macaron.Context) (statusCode int, resp *postUserSignOutResponse, err error) {
+	_ = sess.Flush()
+	_ = sess.Destory(mc)
+	mc.SetCookie(conf.Session.CSRFCookieName, "", -1, conf.Server.Subpath)
+	if conf.Auth.CustomLogoutURL != "" {
+		return http.StatusOK, &postUserSignOutResponse{RedirectTo: conf.Auth.CustomLogoutURL}, nil
+	}
+	return http.StatusNoContent, nil, nil
+}
@@ -0,0 +1,62 @@
+//go:build !prod
+
+package web
+
+import (
+	"bytes"
+	"io"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/flamego"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/context"
+)
+
+func mountWebAppRoutes(f *flamego.Flame) error {
+	viteURL, err := url.Parse("http://localhost:5173")
+	if err != nil {
+		return errors.Wrap(err, "parse Vite URL")
+	}
+	proxy := httputil.NewSingleHostReverseProxy(viteURL)
+	proxy.ModifyResponse = func(resp *http.Response) error {
+		if !strings.HasPrefix(resp.Header.Get("Content-Type"), "text/html") {
+			return nil
+		}
+		raw, err := io.ReadAll(resp.Body)
+		if err != nil {
+			return errors.Wrap(err, "read Vite response body")
+		}
+		_ = resp.Body.Close()
+		wc := context.WebContextFrom(resp.Request)
+		body, err := renderIndex(raw, wc)
+		if err != nil {
+			log.Error("Failed to render index: %v", err)
+			body = []byte("Internal Server Error\n")
+			resp.StatusCode = http.StatusInternalServerError
+			resp.Status = http.StatusText(http.StatusInternalServerError)
+			resp.Header.Set("Content-Type", "text/plain; charset=utf-8")
+		} else if wc.StatusCode > 0 {
+			resp.StatusCode = wc.StatusCode
+			resp.Status = http.StatusText(wc.StatusCode)
+		}
+		resp.Body = io.NopCloser(bytes.NewReader(body))
+		resp.ContentLength = int64(len(body))
+		resp.Header.Set("Content-Length", strconv.Itoa(len(body)))
+		// The upstream validators describe the unmodified body. Drop them
+		// so the browser does not satisfy a conditional request from a
+		// cached copy that has a stale injected lang attribute.
+		resp.Header.Del("ETag")
+		resp.Header.Del("Last-Modified")
+		return nil
+	}
+	f.Any("/{**}", func(w http.ResponseWriter, r *http.Request) {
+		proxy.ServeHTTP(w, r)
+	})
+	return nil
+}
@@ -0,0 +1,68 @@
+//go:build prod
+
+package web
+
+import (
+	"io/fs"
+	"net/http"
+
+	"github.com/cockroachdb/errors"
+	"github.com/flamego/flamego"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/public"
+)
+
+func mountWebAppRoutes(f *flamego.Flame) error {
+	webFS, err := fs.Sub(public.WebAssets, "dist")
+	if err != nil {
+		return errors.Wrap(err, "load embedded web assets")
+	}
+	// Prefix matches the path rewrites renderIndex applies to the index
+	// shell. Without it the browser fetches /<subpath>/assets/... and the
+	// static handler looks them up in webFS at "<subpath>/assets/...",
+	// which has no <subpath> directory, so every asset would 404 and fall
+	// through to the wildcard handler as text/html.
+	//
+	// Index is set to a sentinel that does not exist in the FS so flamego.Static
+	// never serves the raw index.html for "/" requests. The catch-all below
+	// always renders the shell through renderIndex instead, ensuring template
+	// substitutions are applied.
+	f.Use(flamego.Static(flamego.StaticOptions{
+		FileSystem: http.FS(webFS),
+		Prefix:     conf.Server.Subpath,
+		Index:      "__disabled__",
+	}))
+
+	index, err := public.WebAssets.ReadFile("dist/index.html")
+	if err != nil {
+		return errors.Wrap(err, `read "dist/index.html"`)
+	}
+
+	f.Get("/{**}", func(w http.ResponseWriter, r *http.Request) {
+		wc := context.WebContextFrom(r)
+		body, err := renderIndex(index, wc)
+		if err != nil {
+			log.Error("Failed to render index: %v", err)
+			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		// The body is rewritten per request (lang injection, future
+		// runtime config), so caching it would serve stale content to
+		// any user whose request resolves to a different locale. Use
+		// no-store rather than no-cache so the browser cannot keep a
+		// copy at all, not even for revalidation. Static assets keep
+		// their normal caching via flamego.Static.
+		w.Header().Set("Cache-Control", "no-store")
+		status := wc.StatusCode
+		if status <= 0 {
+			status = http.StatusOK
+		}
+		w.WriteHeader(status)
+		_, _ = w.Write(body)
+	})
+	return nil
+}
@@ -0,0 +1,55 @@
+// Gogs is a painless self-hosted Git Service.
+package main
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+
+	"github.com/urfave/cli/v3"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/cmd/gogs/internal/web"
+	"gogs.io/gogs/internal/conf"
+)
+
+func init() {
+	conf.App.Version = "0.15.0+dev"
+}
+
+var webCommand = cli.Command{
+	Name:        "web",
+	Usage:       "Start the web server",
+	Description: "Serves the web interface, API, and HTTP Git endpoints.",
+	Action: func(_ context.Context, cmd *cli.Command) error {
+		var portOverride int
+		if cmd.IsSet("port") {
+			portOverride = cmd.Int("port")
+		}
+		return web.Run(configFromLineage(cmd), portOverride)
+	},
+	Flags: []cli.Flag{
+		intFlag("port, p", 3000, "Alternative listening port to use"),
+		stringFlag("config, c", filepath.Join(conf.CustomDir(), "conf", "app.ini"), "Custom configuration file path"),
+	},
+}
+
+func main() {
+	cmd := &cli.Command{
+		Name:    "Gogs",
+		Usage:   "The painless way to host your own Git service",
+		Version: conf.App.Version,
+		Commands: []*cli.Command{
+			&webCommand,
+			&servCommand,
+			&hookCommand,
+			&adminCommand,
+			&importCommand,
+			&backupCommand,
+			&restoreCommand,
+		},
+	}
+	if err := cmd.Run(context.Background(), os.Args); err != nil {
+		log.Fatal("Failed to start application: %v", err)
+	}
+}
@@ -0,0 +1,161 @@
+package main
+
+import (
+	"context"
+	"os"
+	"path"
+	"path/filepath"
+
+	"github.com/cockroachdb/errors"
+	"github.com/unknwon/cae/zip"
+	"github.com/urfave/cli/v3"
+	"gopkg.in/ini.v1"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/database"
+	"gogs.io/gogs/internal/osx"
+	"gogs.io/gogs/internal/semverx"
+)
+
+var restoreCommand = cli.Command{
+	Name:  "restore",
+	Usage: "Restore files and database from backup",
+	Description: `Restore imports all related files and database from a backup archive.
+The backup version must lower or equal to current Gogs version. You can also import
+backup from other database engines, which is useful for database migrating.
+
+If corresponding files or database tables are not presented in the archive, they will
+be skipped and remain unchanged.`,
+	Action: runRestore,
+	Flags: []cli.Flag{
+		stringFlag("config, c", "", "Custom configuration file path"),
+		boolFlag("verbose, v", "Show process details"),
+		stringFlag("tempdir, t", os.TempDir(), "Temporary directory path"),
+		stringFlag("from", "", "Path to backup archive"),
+		boolFlag("database-only", "Only import database"),
+		boolFlag("exclude-repos", "Exclude repositories"),
+	},
+}
+
+// lastSupportedVersionOfFormat returns the last supported version of the backup archive
+// format that is able to import.
+var lastSupportedVersionOfFormat = map[int]string{}
+
+func runRestore(ctx context.Context, cmd *cli.Command) error {
+	zip.Verbose = cmd.Bool("verbose")
+
+	tmpDir := cmd.String("tempdir")
+	if !osx.IsDir(tmpDir) {
+		log.Fatal("'--tempdir' does not exist: %s", tmpDir)
+	}
+	archivePath := path.Join(tmpDir, archiveRootDir)
+
+	// Make sure there was no leftover and also clean up afterwards
+	err := os.RemoveAll(archivePath)
+	if err != nil {
+		log.Fatal("Failed to clean up previous leftover in %q: %v", archivePath, err)
+	}
+	defer func() { _ = os.RemoveAll(archivePath) }()
+
+	log.Info("Restoring backup from: %s", cmd.String("from"))
+	err = zip.ExtractTo(cmd.String("from"), tmpDir)
+	if err != nil {
+		log.Fatal("Failed to extract backup archive: %v", err)
+	}
+
+	// Check backup version
+	metaFile := filepath.Join(archivePath, "metadata.ini")
+	if !osx.IsFile(metaFile) {
+		log.Fatal("File 'metadata.ini' is missing")
+	}
+	metadata, err := ini.Load(metaFile)
+	if err != nil {
+		log.Fatal("Failed to load metadata '%s': %v", metaFile, err)
+	}
+	backupVersion := metadata.Section("").Key("GOGS_VERSION").MustString("999.0")
+	if semverx.Compare(conf.App.Version, "<", backupVersion) {
+		log.Fatal("Current Gogs version is lower than backup version: %s < %s", conf.App.Version, backupVersion)
+	}
+	formatVersion := metadata.Section("").Key("VERSION").MustInt()
+	if formatVersion == 0 {
+		log.Fatal("Failed to determine the backup format version from metadata '%s': %s", metaFile, "VERSION is not presented")
+	}
+	if formatVersion != currentBackupFormatVersion {
+		log.Fatal("Backup format version found is %d but this binary only supports %d\nThe last known version that is able to import your backup is %s",
+			formatVersion, currentBackupFormatVersion, lastSupportedVersionOfFormat[formatVersion])
+	}
+
+	// If config file is not present in backup, user must set this file via flag.
+	// Otherwise, it's optional to set config file flag.
+	configFile := filepath.Join(archivePath, "custom", "conf", "app.ini")
+	var customConf string
+	if lineageConf := configFromLineage(cmd); lineageConf != "" {
+		customConf = lineageConf
+	} else if !osx.IsFile(configFile) {
+		log.Fatal("'--config' is not specified and custom config file is not found in backup")
+	} else {
+		customConf = configFile
+	}
+
+	err = conf.Init(customConf)
+	if err != nil {
+		return errors.Wrap(err, "init configuration")
+	}
+	conf.InitLogging(true)
+
+	conn, err := database.SetEngine()
+	if err != nil {
+		return errors.Wrap(err, "set engine")
+	}
+
+	// Database
+	dbDir := path.Join(archivePath, "db")
+	if err = database.ImportDatabase(ctx, conn, dbDir, cmd.Bool("verbose")); err != nil {
+		log.Fatal("Failed to import database: %v", err)
+	}
+
+	if !cmd.Bool("database-only") {
+		// Custom files
+		if osx.IsDir(conf.CustomDir()) {
+			if err = os.Rename(conf.CustomDir(), conf.CustomDir()+".bak"); err != nil {
+				log.Fatal("Failed to backup current 'custom': %v", err)
+			}
+		}
+		if err = os.Rename(filepath.Join(archivePath, "custom"), conf.CustomDir()); err != nil {
+			log.Fatal("Failed to import 'custom': %v", err)
+		}
+
+		// Data files
+		_ = os.MkdirAll(conf.Server.AppDataPath, os.ModePerm)
+		for _, dir := range []string{"attachments", "avatars", "repo-avatars"} {
+			// Skip if backup archive does not have corresponding data
+			srcPath := filepath.Join(archivePath, "data", dir)
+			if !osx.IsDir(srcPath) {
+				continue
+			}
+
+			dirPath := filepath.Join(conf.Server.AppDataPath, dir)
+			if osx.IsDir(dirPath) {
+				if err = os.Rename(dirPath, dirPath+".bak"); err != nil {
+					log.Fatal("Failed to backup current 'data': %v", err)
+				}
+			}
+			if err = os.Rename(srcPath, dirPath); err != nil {
+				log.Fatal("Failed to import 'data': %v", err)
+			}
+		}
+	}
+
+	// Repositories
+	reposPath := filepath.Join(archivePath, "repositories.zip")
+	if !cmd.Bool("exclude-repos") && !cmd.Bool("database-only") && osx.IsFile(reposPath) {
+		if err := zip.ExtractTo(reposPath, filepath.Dir(conf.Repository.Root)); err != nil {
+			log.Fatal("Failed to extract 'repositories.zip': %v", err)
+		}
+	}
+
+	log.Info("Restore succeed!")
+	log.Stop()
+	return nil
+}
@@ -0,0 +1,274 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/urfave/cli/v3"
+	log "unknwon.dev/clog/v2"
+
+	"gogs.io/gogs/internal/conf"
+	"gogs.io/gogs/internal/database"
+)
+
+const (
+	accessDeniedMessage = "Repository does not exist or you do not have access"
+)
+
+var servCommand = cli.Command{
+	Name:        "serv",
+	Usage:       "This command should only be called by SSH shell",
+	Description: `Serv provide access auth for repositories`,
+	Action:      runServ,
+	Flags: []cli.Flag{
+		stringFlag("config, c", "", "Custom configuration file path"),
+	},
+}
+
+// fail prints user message to the Git client (i.e. os.Stderr) and
+// logs error message on the server side. When not in "prod" mode,
+// error message is also printed to the client for easier debugging.
+func fail(userMessage, errMessage string, args ...any) {
+	_, _ = fmt.Fprintln(os.Stderr, "Gogs:", userMessage)
+
+	if len(errMessage) > 0 {
+		if !conf.IsProdMode() {
+			fmt.Fprintf(os.Stderr, errMessage+"\n", args...)
+		}
+		log.Error(errMessage, args...)
+	}
+
+	log.Stop()
+	os.Exit(1)
+}
+
+func setup(cmd *cli.Command, logFile string, connectDB bool) {
+	conf.HookMode = true
+
+	customConf := configFromLineage(cmd)
+
+	err := conf.Init(customConf)
+	if err != nil {
+		fail("Internal error", "Failed to init configuration: %v", err)
+	}
+	conf.InitLogging(true)
+
+	level := log.LevelTrace
+	if conf.IsProdMode() {
+		level = log.LevelError
+	}
+
+	err = log.NewFile(log.FileConfig{
+		Level:    level,
+		Filename: filepath.Join(conf.Log.RootPath, "hooks", logFile),
+		FileRotationConfig: log.FileRotationConfig{
+			Rotate:  true,
+			Daily:   true,
+			MaxDays: 3,
+		},
+	})
+	if err != nil {
+		fail("Internal error", "Failed to init file logger: %v", err)
+	}
+	log.Remove(log.DefaultConsoleName) // Remove the primary logger
+
+	if !connectDB {
+		return
+	}
+
+	if conf.UseSQLite3 {
+		_ = os.Chdir(conf.WorkDir())
+	}
+
+	if _, err := database.SetEngine(); err != nil {
+		fail("Internal error", "Failed to set database engine: %v", err)
+	}
+}
+
+func parseSSHCmd(cmd string) (string, string) {
+	ss := strings.SplitN(cmd, " ", 2)
+	if len(ss) != 2 {
+		return "", ""
+	}
+	return ss[0], strings.Replace(ss[1], "'/", "'", 1)
+}
+
+func checkDeployKey(key *database.PublicKey, repo *database.Repository) {
+	// Check if this deploy key belongs to current repository.
+	if !database.HasDeployKey(key.ID, repo.ID) {
+		fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
+	}
+
+	// Update deploy key activity.
+	deployKey, err := database.GetDeployKeyByRepo(key.ID, repo.ID)
+	if err != nil {
+		fail("Internal error", "GetDeployKey: %v", err)
+	}
+
+	deployKey.Updated = time.Now()
+	if err = database.UpdateDeployKey(deployKey); err != nil {
+		fail("Internal error", "UpdateDeployKey: %v", err)
+	}
+}
+
+var allowedCommands = map[string]database.AccessMode{
+	"git-upload-pack":    database.AccessModeRead,
+	"git-upload-archive": database.AccessModeRead,
+	"git-receive-pack":   database.AccessModeWrite,
+}
+
+func runServ(ctx context.Context, cmd *cli.Command) error {
+	setup(cmd, "serv.log", true)
+
+	if conf.SSH.Disabled {
+		println("Gogs: SSH has been disabled")
+		return nil
+	}
+
+	if cmd.Args().Len() < 1 {
+		fail("Not enough arguments", "Not enough arguments")
+	}
+
+	sshCmd := os.Getenv("SSH_ORIGINAL_COMMAND")
+	if sshCmd == "" {
+		println("Hi there, You've successfully authenticated, but Gogs does not provide shell access.")
+		println("If this is unexpected, please log in with password and setup Gogs under another user.")
+		return nil
+	}
+
+	verb, args := parseSSHCmd(sshCmd)
+	repoFullName := strings.ToLower(strings.Trim(args, "'"))
+	repoFields := strings.SplitN(repoFullName, "/", 2)
+	if len(repoFields) != 2 {
+		fail("Invalid repository path", "Invalid repository path: %v", args)
+	}
+	ownerName := strings.ToLower(repoFields[0])
+	repoName := strings.TrimSuffix(strings.ToLower(repoFields[1]), ".git")
+	repoName = strings.TrimSuffix(repoName, ".wiki")
+
+	owner, err := database.Handle.Users().GetByUsername(ctx, ownerName)
+	if err != nil {
+		if database.IsErrUserNotExist(err) {
+			fail("Repository owner does not exist", "Unregistered owner: %s", ownerName)
+		}
+		fail("Internal error", "Failed to get repository owner '%s': %v", ownerName, err)
+	}
+
+	repo, err := database.GetRepositoryByName(owner.ID, repoName)
+	if err != nil {
+		if database.IsErrRepoNotExist(err) {
+			fail(accessDeniedMessage, "Repository does not exist: %s/%s", owner.Name, repoName)
+		}
+		fail("Internal error", "Failed to get repository: %v", err)
+	}
+	repo.Owner = owner
+
+	requestMode, ok := allowedCommands[verb]
+	if !ok {
+		fail("Unknown git command", "Unknown git command '%s'", verb)
+	}
+
+	// Prohibit push to mirror repositories.
+	if requestMode > database.AccessModeRead && repo.IsMirror {
+		fail("Mirror repository is read-only", "")
+	}
+
+	// Allow anonymous (user is nil) clone for public repositories.
+	var user *database.User
+
+	keyID, _ := strconv.ParseInt(strings.TrimPrefix(cmd.Args().Get(0), "key-"), 10, 64)
+	key, err := database.GetPublicKeyByID(keyID)
+	if err != nil {
+		fail("Invalid key ID", "Invalid key ID '%s': %v", cmd.Args().Get(0), err)
+	}
+
+	if requestMode == database.AccessModeWrite || repo.IsPrivate {
+		// Check deploy key or user key.
+		if key.IsDeployKey() {
+			if key.Mode < requestMode {
+				fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
+			}
+			checkDeployKey(key, repo)
+		} else {
+			user, err = database.Handle.Users().GetByKeyID(ctx, key.ID)
+			if err != nil {
+				fail("Internal error", "Failed to get user by key ID '%d': %v", key.ID, err)
+			}
+
+			mode := database.Handle.Permissions().AccessMode(ctx, user.ID, repo.ID,
+				database.AccessModeOptions{
+					OwnerID: repo.OwnerID,
+					Private: repo.IsPrivate,
+				},
+			)
+			if mode < requestMode {
+				clientMessage := accessDeniedMessage
+				if mode >= database.AccessModeRead {
+					clientMessage = "You do not have sufficient authorization for this action"
+				}
+				fail(clientMessage,
+					"User '%s' does not have level '%v' access to repository '%s'",
+					user.Name, requestMode, repoFullName)
+			}
+		}
+	} else {
+		// Check if the key can access to the repository in case of it is a deploy key (a deploy keys != user key).
+		// A deploy key doesn't represent a signed in user, so in a site with Auth.RequireSignInView enabled,
+		// we should give read access only in repositories where this deploy key is in use. In other cases,
+		// a server or system using an active deploy key can get read access to all repositories on a Gogs instance.
+		if key.IsDeployKey() && conf.Auth.RequireSigninView {
+			checkDeployKey(key, repo)
+		}
+	}
+
+	// Update user key activity.
+	if key.ID > 0 {
+		key, err := database.GetPublicKeyByID(key.ID)
+		if err != nil {
+			fail("Internal error", "GetPublicKeyByID: %v", err)
+		}
+
+		key.Updated = time.Now()
+		if err = database.UpdatePublicKey(key); err != nil {
+			fail("Internal error", "UpdatePublicKey: %v", err)
+		}
+	}
+
+	// Special handle for Windows.
+	if conf.IsWindowsRuntime() {
+		verb = strings.Replace(verb, "-", " ", 1)
+	}
+
+	var gitCmd *exec.Cmd
+	verbs := strings.Split(verb, " ")
+	if len(verbs) == 2 {
+		gitCmd = exec.Command(verbs[0], verbs[1], repoFullName)
+	} else {
+		gitCmd = exec.Command(verb, repoFullName)
+	}
+	if requestMode == database.AccessModeWrite {
+		gitCmd.Env = append(os.Environ(), database.ComposeHookEnvs(database.ComposeHookEnvsOptions{
+			AuthUser:  user,
+			OwnerName: owner.Name,
+			OwnerSalt: owner.Salt,
+			RepoID:    repo.ID,
+			RepoName:  repo.Name,
+			RepoPath:  repo.RepoPath(),
+		})...)
+	}
+	gitCmd.Dir = conf.Repository.Root
+	gitCmd.Stdout = os.Stdout
+	gitCmd.Stdin = os.Stdin
+	gitCmd.Stderr = os.Stderr
+	if err = gitCmd.Run(); err != nil {
+		fail("Internal error", "Failed to execute git command: %v", err)
+	}
+
+	return nil
+}
@@ -1,295 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"crypto/tls"
-	"fmt"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"github.com/Unknwon/com"
-	"github.com/codegangsta/cli"
-	gouuid "github.com/satori/go.uuid"
-
-	"github.com/gogits/gogs/models"
-	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/httplib"
-	"github.com/gogits/gogs/modules/log"
-	"github.com/gogits/gogs/modules/setting"
-)
-
-const (
-	_ACCESS_DENIED_MESSAGE = "Repository does not exist or you do not have access"
-)
-
-var CmdServ = cli.Command{
-	Name:        "serv",
-	Usage:       "This command should only be called by SSH shell",
-	Description: `Serv provide access auth for repositories`,
-	Action:      runServ,
-	Flags: []cli.Flag{
-		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
-	},
-}
-
-func setup(logPath string) {
-	setting.NewContext()
-	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
-
-	models.LoadConfigs()
-
-	if setting.UseSQLite3 || setting.UseTiDB {
-		workDir, _ := setting.WorkDir()
-		os.Chdir(workDir)
-	}
-
-	models.SetEngine()
-}
-
-func parseCmd(cmd string) (string, string) {
-	ss := strings.SplitN(cmd, " ", 2)
-	if len(ss) != 2 {
-		return "", ""
-	}
-	return ss[0], strings.Replace(ss[1], "'/", "'", 1)
-}
-
-var (
-	allowedCommands = map[string]models.AccessMode{
-		"git-upload-pack":    models.ACCESS_MODE_READ,
-		"git-upload-archive": models.ACCESS_MODE_READ,
-		"git-receive-pack":   models.ACCESS_MODE_WRITE,
-	}
-)
-
-func fail(userMessage, logMessage string, args ...interface{}) {
-	fmt.Fprintln(os.Stderr, "Gogs:", userMessage)
-
-	if len(logMessage) > 0 {
-		if !setting.ProdMode {
-			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
-		}
-		log.GitLogger.Fatal(3, logMessage, args...)
-		return
-	}
-
-	log.GitLogger.Close()
-	os.Exit(1)
-}
-
-func handleUpdateTask(uuid string, user, repoUser *models.User, reponame string, isWiki bool) {
-	task, err := models.GetUpdateTaskByUUID(uuid)
-	if err != nil {
-		if models.IsErrUpdateTaskNotExist(err) {
-			log.GitLogger.Trace("No update task is presented: %s", uuid)
-			return
-		}
-		log.GitLogger.Fatal(2, "GetUpdateTaskByUUID: %v", err)
-	} else if err = models.DeleteUpdateTaskByUUID(uuid); err != nil {
-		log.GitLogger.Fatal(2, "DeleteUpdateTaskByUUID: %v", err)
-	}
-
-	if isWiki {
-		return
-	}
-
-	if err = models.PushUpdate(models.PushUpdateOptions{
-		RefName:      task.RefName,
-		OldCommitID:  task.OldCommitID,
-		NewCommitID:  task.NewCommitID,
-		PusherID:     user.ID,
-		PusherName:   user.Name,
-		RepoUserName: repoUser.Name,
-		RepoName:     reponame,
-	}); err != nil {
-		log.GitLogger.Error(2, "Update: %v", err)
-	}
-
-	// Ask for running deliver hook and test pull request tasks.
-	reqURL := setting.LocalURL + repoUser.Name + "/" + reponame + "/tasks/trigger?branch=" +
-		strings.TrimPrefix(task.RefName, "refs/heads/") + "&secret=" + base.EncodeMD5(repoUser.Salt)
-	log.GitLogger.Trace("Trigger task: %s", reqURL)
-
-	resp, err := httplib.Head(reqURL).SetTLSClientConfig(&tls.Config{
-		InsecureSkipVerify: true,
-	}).Response()
-	if err == nil {
-		resp.Body.Close()
-		if resp.StatusCode/100 != 2 {
-			log.GitLogger.Error(2, "Fail to trigger task: not 2xx response code")
-		}
-	} else {
-		log.GitLogger.Error(2, "Fail to trigger task: %v", err)
-	}
-}
-
-func runServ(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
-	setup("serv.log")
-
-	if setting.SSH.Disabled {
-		println("Gogs: SSH has been disabled")
-		return nil
-	}
-
-	if len(c.Args()) < 1 {
-		fail("Not enough arguments", "Not enough arguments")
-	}
-
-	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
-	if len(cmd) == 0 {
-		println("Hi there, You've successfully authenticated, but Gogs does not provide shell access.")
-		println("If this is unexpected, please log in with password and setup Gogs under another user.")
-		return nil
-	}
-
-	verb, args := parseCmd(cmd)
-	repoPath := strings.ToLower(strings.Trim(args, "'"))
-	rr := strings.SplitN(repoPath, "/", 2)
-	if len(rr) != 2 {
-		fail("Invalid repository path", "Invalid repository path: %v", args)
-	}
-	username := strings.ToLower(rr[0])
-	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))
-
-	isWiki := false
-	if strings.HasSuffix(reponame, ".wiki") {
-		isWiki = true
-		reponame = reponame[:len(reponame)-5]
-	}
-
-	repoUser, err := models.GetUserByName(username)
-	if err != nil {
-		if models.IsErrUserNotExist(err) {
-			fail("Repository owner does not exist", "Unregistered owner: %s", username)
-		}
-		fail("Internal error", "Failed to get repository owner (%s): %v", username, err)
-	}
-
-	repo, err := models.GetRepositoryByName(repoUser.ID, reponame)
-	if err != nil {
-		if models.IsErrRepoNotExist(err) {
-			fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, reponame)
-		}
-		fail("Internal error", "Failed to get repository: %v", err)
-	}
-
-	requestedMode, has := allowedCommands[verb]
-	if !has {
-		fail("Unknown git command", "Unknown git command %s", verb)
-	}
-
-	// Prohibit push to mirror repositories.
-	if requestedMode > models.ACCESS_MODE_READ && repo.IsMirror {
-		fail("mirror repository is read-only", "")
-	}
-
-	// Allow anonymous clone for public repositories.
-	var (
-		keyID int64
-		user  *models.User
-	)
-	if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate {
-		keys := strings.Split(c.Args()[0], "-")
-		if len(keys) != 2 {
-			fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
-		}
-
-		key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
-		if err != nil {
-			fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
-		}
-		keyID = key.ID
-
-		// Check deploy key or user key.
-		if key.Type == models.KEY_TYPE_DEPLOY {
-			if key.Mode < requestedMode {
-				fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
-			}
-			// Check if this deploy key belongs to current repository.
-			if !models.HasDeployKey(key.ID, repo.ID) {
-				fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
-			}
-
-			// Update deploy key activity.
-			deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.ID)
-			if err != nil {
-				fail("Internal error", "GetDeployKey: %v", err)
-			}
-
-			deployKey.Updated = time.Now()
-			if err = models.UpdateDeployKey(deployKey); err != nil {
-				fail("Internal error", "UpdateDeployKey: %v", err)
-			}
-		} else {
-			user, err = models.GetUserByKeyID(key.ID)
-			if err != nil {
-				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
-			}
-
-			mode, err := models.AccessLevel(user, repo)
-			if err != nil {
-				fail("Internal error", "Fail to check access: %v", err)
-			} else if mode < requestedMode {
-				clientMessage := _ACCESS_DENIED_MESSAGE
-				if mode >= models.ACCESS_MODE_READ {
-					clientMessage = "You do not have sufficient authorization for this action"
-				}
-				fail(clientMessage,
-					"User %s does not have level %v access to repository %s",
-					user.Name, requestedMode, repoPath)
-			}
-		}
-	}
-
-	uuid := gouuid.NewV4().String()
-	os.Setenv("uuid", uuid)
-
-	// Special handle for Windows.
-	if setting.IsWindows {
-		verb = strings.Replace(verb, "-", " ", 1)
-	}
-
-	var gitcmd *exec.Cmd
-	verbs := strings.Split(verb, " ")
-	if len(verbs) == 2 {
-		gitcmd = exec.Command(verbs[0], verbs[1], repoPath)
-	} else {
-		gitcmd = exec.Command(verb, repoPath)
-	}
-	gitcmd.Dir = setting.RepoRootPath
-	gitcmd.Stdout = os.Stdout
-	gitcmd.Stdin = os.Stdin
-	gitcmd.Stderr = os.Stderr
-	if err = gitcmd.Run(); err != nil {
-		fail("Internal error", "Failed to execute git command: %v", err)
-	}
-
-	if requestedMode == models.ACCESS_MODE_WRITE {
-		handleUpdateTask(uuid, user, repoUser, reponame, isWiki)
-	}
-
-	// Update user key activity.
-	if keyID > 0 {
-		key, err := models.GetPublicKeyByID(keyID)
-		if err != nil {
-			fail("Internal error", "GetPublicKeyById: %v", err)
-		}
-
-		key.Updated = time.Now()
-		if err = models.UpdatePublicKey(key); err != nil {
-			fail("Internal error", "UpdatePublicKey: %v", err)
-		}
-	}
-
-	return nil
-}
@@ -1,58 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"os"
-
-	"github.com/codegangsta/cli"
-
-	"github.com/gogits/gogs/models"
-	"github.com/gogits/gogs/modules/log"
-	"github.com/gogits/gogs/modules/setting"
-)
-
-var CmdUpdate = cli.Command{
-	Name:        "update",
-	Usage:       "This command should only be called by Git hook",
-	Description: `Update get pushed info and insert into database`,
-	Action:      runUpdate,
-	Flags: []cli.Flag{
-		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
-	},
-}
-
-func runUpdate(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
-	setup("update.log")
-
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
-		log.GitLogger.Trace("SSH_ORIGINAL_COMMAND is empty")
-		return nil
-	}
-
-	args := c.Args()
-	if len(args) != 3 {
-		log.GitLogger.Fatal(2, "Arguments received are not equal to three")
-	} else if len(args[0]) == 0 {
-		log.GitLogger.Fatal(2, "First argument 'refName' is empty, shouldn't use")
-	}
-
-	task := models.UpdateTask{
-		UUID:        os.Getenv("uuid"),
-		RefName:     args[0],
-		OldCommitID: args[1],
-		NewCommitID: args[2],
-	}
-
-	if err := models.AddUpdateTask(&task); err != nil {
-		log.GitLogger.Fatal(2, "AddUpdateTask: %v", err)
-	}
-
-	return nil
-}
@@ -1,600 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"crypto/tls"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/http/fcgi"
-	"os"
-	"path"
-	"strings"
-
-	"github.com/codegangsta/cli"
-	"github.com/go-macaron/binding"
-	"github.com/go-macaron/cache"
-	"github.com/go-macaron/captcha"
-	"github.com/go-macaron/csrf"
-	"github.com/go-macaron/gzip"
-	"github.com/go-macaron/i18n"
-	"github.com/go-macaron/session"
-	"github.com/go-macaron/toolbox"
-	"github.com/go-xorm/xorm"
-	"github.com/mcuadros/go-version"
-	"gopkg.in/ini.v1"
-	"gopkg.in/macaron.v1"
-
-	"github.com/gogits/git-module"
-	"github.com/gogits/go-gogs-client"
-
-	"github.com/gogits/gogs/models"
-	"github.com/gogits/gogs/modules/auth"
-	"github.com/gogits/gogs/modules/bindata"
-	"github.com/gogits/gogs/modules/context"
-	"github.com/gogits/gogs/modules/log"
-	"github.com/gogits/gogs/modules/setting"
-	"github.com/gogits/gogs/modules/template"
-	"github.com/gogits/gogs/routers"
-	"github.com/gogits/gogs/routers/admin"
-	apiv1 "github.com/gogits/gogs/routers/api/v1"
-	"github.com/gogits/gogs/routers/dev"
-	"github.com/gogits/gogs/routers/org"
-	"github.com/gogits/gogs/routers/repo"
-	"github.com/gogits/gogs/routers/user"
-)
-
-var CmdWeb = cli.Command{
-	Name:  "web",
-	Usage: "Start Gogs web server",
-	Description: `Gogs web server is the only thing you need to run,
-and it takes care of all the other things for you`,
-	Action: runWeb,
-	Flags: []cli.Flag{
-		stringFlag("port, p", "3000", "Temporary port number to prevent conflict"),
-		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
-	},
-}
-
-type VerChecker struct {
-	ImportPath string
-	Version    func() string
-	Expected   string
-}
-
-// checkVersion checks if binary matches the version of templates files.
-func checkVersion() {
-	// Templates.
-	data, err := ioutil.ReadFile(setting.StaticRootPath + "/templates/.VERSION")
-	if err != nil {
-		log.Fatal(4, "Fail to read 'templates/.VERSION': %v", err)
-	}
-	if string(data) != setting.AppVer {
-		log.Fatal(4, "Binary and template file version does not match, did you forget to recompile?")
-	}
-
-	// Check dependency version.
-	checkers := []VerChecker{
-		{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.5.5"},
-		{"github.com/go-macaron/binding", binding.Version, "0.3.2"},
-		{"github.com/go-macaron/cache", cache.Version, "0.1.2"},
-		{"github.com/go-macaron/csrf", csrf.Version, "0.1.0"},
-		{"github.com/go-macaron/i18n", i18n.Version, "0.3.0"},
-		{"github.com/go-macaron/session", session.Version, "0.1.6"},
-		{"github.com/go-macaron/toolbox", toolbox.Version, "0.1.0"},
-		{"gopkg.in/ini.v1", ini.Version, "1.8.4"},
-		{"gopkg.in/macaron.v1", macaron.Version, "1.1.4"},
-		{"github.com/gogits/git-module", git.Version, "0.3.3"},
-		{"github.com/gogits/go-gogs-client", gogs.Version, "0.10.1"},
-	}
-	for _, c := range checkers {
-		if !version.Compare(c.Version(), c.Expected, ">=") {
-			log.Fatal(4, `Dependency outdated!
-Package '%s' current version (%s) is below requirement (%s), 
-please use following command to update this package and recompile Gogs:
-go get -u %[1]s`, c.ImportPath, c.Version(), c.Expected)
-		}
-	}
-}
-
-// newMacaron initializes Macaron instance.
-func newMacaron() *macaron.Macaron {
-	m := macaron.New()
-	if !setting.DisableRouterLog {
-		m.Use(macaron.Logger())
-	}
-	m.Use(macaron.Recovery())
-	if setting.EnableGzip {
-		m.Use(gzip.Gziper())
-	}
-	if setting.Protocol == setting.FCGI {
-		m.SetURLPrefix(setting.AppSubUrl)
-	}
-	m.Use(macaron.Static(
-		path.Join(setting.StaticRootPath, "public"),
-		macaron.StaticOptions{
-			SkipLogging: setting.DisableRouterLog,
-		},
-	))
-	m.Use(macaron.Static(
-		setting.AvatarUploadPath,
-		macaron.StaticOptions{
-			Prefix:      "avatars",
-			SkipLogging: setting.DisableRouterLog,
-		},
-	))
-
-	funcMap := template.NewFuncMap()
-	m.Use(macaron.Renderer(macaron.RenderOptions{
-		Directory:         path.Join(setting.StaticRootPath, "templates"),
-		AppendDirectories: []string{path.Join(setting.CustomPath, "templates")},
-		Funcs:             funcMap,
-		IndentJSON:        macaron.Env != macaron.PROD,
-	}))
-	models.InitMailRender(path.Join(setting.StaticRootPath, "templates/mail"),
-		path.Join(setting.CustomPath, "templates/mail"), funcMap)
-
-	localeNames, err := bindata.AssetDir("conf/locale")
-	if err != nil {
-		log.Fatal(4, "Fail to list locale files: %v", err)
-	}
-	localFiles := make(map[string][]byte)
-	for _, name := range localeNames {
-		localFiles[name] = bindata.MustAsset("conf/locale/" + name)
-	}
-	m.Use(i18n.I18n(i18n.Options{
-		SubURL:          setting.AppSubUrl,
-		Files:           localFiles,
-		CustomDirectory: path.Join(setting.CustomPath, "conf/locale"),
-		Langs:           setting.Langs,
-		Names:           setting.Names,
-		DefaultLang:     "en-US",
-		Redirect:        true,
-	}))
-	m.Use(cache.Cacher(cache.Options{
-		Adapter:       setting.CacheAdapter,
-		AdapterConfig: setting.CacheConn,
-		Interval:      setting.CacheInternal,
-	}))
-	m.Use(captcha.Captchaer(captcha.Options{
-		SubURL: setting.AppSubUrl,
-	}))
-	m.Use(session.Sessioner(setting.SessionConfig))
-	m.Use(csrf.Csrfer(csrf.Options{
-		Secret:     setting.SecretKey,
-		Cookie:     setting.CSRFCookieName,
-		SetCookie:  true,
-		Header:     "X-Csrf-Token",
-		CookiePath: setting.AppSubUrl,
-	}))
-	m.Use(toolbox.Toolboxer(m, toolbox.Options{
-		HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{
-			&toolbox.HealthCheckFuncDesc{
-				Desc: "Database connection",
-				Func: models.Ping,
-			},
-		},
-	}))
-	m.Use(context.Contexter())
-	return m
-}
-
-func runWeb(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
-	}
-	routers.GlobalInit()
-	checkVersion()
-
-	m := newMacaron()
-
-	reqSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: true})
-	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: setting.Service.RequireSignInView})
-	ignSignInAndCsrf := context.Toggle(&context.ToggleOptions{DisableCSRF: true})
-	reqSignOut := context.Toggle(&context.ToggleOptions{SignOutRequired: true})
-
-	bindIgnErr := binding.BindIgnErr
-
-	// FIXME: not all routes need go through same middlewares.
-	// Especially some AJAX requests, we can reduce middleware number to improve performance.
-	// Routers.
-	m.Get("/", ignSignIn, routers.Home)
-	m.Group("/explore", func() {
-		m.Get("", func(ctx *context.Context) {
-			ctx.Redirect(setting.AppSubUrl + "/explore/repos")
-		})
-		m.Get("/repos", routers.ExploreRepos)
-		m.Get("/users", routers.ExploreUsers)
-	}, ignSignIn)
-	m.Combo("/install", routers.InstallInit).Get(routers.Install).
-		Post(bindIgnErr(auth.InstallForm{}), routers.InstallPost)
-	m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
-
-	// ***** START: User *****
-	m.Group("/user", func() {
-		m.Get("/login", user.SignIn)
-		m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
-		m.Get("/sign_up", user.SignUp)
-		m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
-		m.Get("/reset_password", user.ResetPasswd)
-		m.Post("/reset_password", user.ResetPasswdPost)
-	}, reqSignOut)
-
-	m.Group("/user/settings", func() {
-		m.Get("", user.Settings)
-		m.Post("", bindIgnErr(auth.UpdateProfileForm{}), user.SettingsPost)
-		m.Post("/avatar", binding.MultipartForm(auth.UploadAvatarForm{}), user.SettingsAvatar)
-		m.Post("/avatar/delete", user.SettingsDeleteAvatar)
-		m.Combo("/email").Get(user.SettingsEmails).
-			Post(bindIgnErr(auth.AddEmailForm{}), user.SettingsEmailPost)
-		m.Post("/email/delete", user.DeleteEmail)
-		m.Get("/password", user.SettingsPassword)
-		m.Post("/password", bindIgnErr(auth.ChangePasswordForm{}), user.SettingsPasswordPost)
-		m.Combo("/ssh").Get(user.SettingsSSHKeys).
-			Post(bindIgnErr(auth.AddSSHKeyForm{}), user.SettingsSSHKeysPost)
-		m.Post("/ssh/delete", user.DeleteSSHKey)
-		m.Combo("/applications").Get(user.SettingsApplications).
-			Post(bindIgnErr(auth.NewAccessTokenForm{}), user.SettingsApplicationsPost)
-		m.Post("/applications/delete", user.SettingsDeleteApplication)
-		m.Route("/delete", "GET,POST", user.SettingsDelete)
-	}, reqSignIn, func(ctx *context.Context) {
-		ctx.Data["PageIsUserSettings"] = true
-	})
-
-	m.Group("/user", func() {
-		// r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
-		m.Any("/activate", user.Activate)
-		m.Any("/activate_email", user.ActivateEmail)
-		m.Get("/email2user", user.Email2User)
-		m.Get("/forget_password", user.ForgotPasswd)
-		m.Post("/forget_password", user.ForgotPasswdPost)
-		m.Get("/logout", user.SignOut)
-	})
-	// ***** END: User *****
-
-	adminReq := context.Toggle(&context.ToggleOptions{SignInRequired: true, AdminRequired: true})
-
-	// ***** START: Admin *****
-	m.Group("/admin", func() {
-		m.Get("", adminReq, admin.Dashboard)
-		m.Get("/config", admin.Config)
-		m.Post("/config/test_mail", admin.SendTestMail)
-		m.Get("/monitor", admin.Monitor)
-
-		m.Group("/users", func() {
-			m.Get("", admin.Users)
-			m.Combo("/new").Get(admin.NewUser).Post(bindIgnErr(auth.AdminCrateUserForm{}), admin.NewUserPost)
-			m.Combo("/:userid").Get(admin.EditUser).Post(bindIgnErr(auth.AdminEditUserForm{}), admin.EditUserPost)
-			m.Post("/:userid/delete", admin.DeleteUser)
-		})
-
-		m.Group("/orgs", func() {
-			m.Get("", admin.Organizations)
-		})
-
-		m.Group("/repos", func() {
-			m.Get("", admin.Repos)
-			m.Post("/delete", admin.DeleteRepo)
-		})
-
-		m.Group("/auths", func() {
-			m.Get("", admin.Authentications)
-			m.Combo("/new").Get(admin.NewAuthSource).Post(bindIgnErr(auth.AuthenticationForm{}), admin.NewAuthSourcePost)
-			m.Combo("/:authid").Get(admin.EditAuthSource).
-				Post(bindIgnErr(auth.AuthenticationForm{}), admin.EditAuthSourcePost)
-			m.Post("/:authid/delete", admin.DeleteAuthSource)
-		})
-
-		m.Group("/notices", func() {
-			m.Get("", admin.Notices)
-			m.Post("/delete", admin.DeleteNotices)
-			m.Get("/empty", admin.EmptyNotices)
-		})
-	}, adminReq)
-	// ***** END: Admin *****
-
-	m.Group("", func() {
-		m.Group("/:username", func() {
-			m.Get("", user.Profile)
-			m.Get("/followers", user.Followers)
-			m.Get("/following", user.Following)
-			m.Get("/stars", user.Stars)
-		})
-
-		m.Get("/attachments/:uuid", func(ctx *context.Context) {
-			attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid"))
-			if err != nil {
-				if models.IsErrAttachmentNotExist(err) {
-					ctx.Error(404)
-				} else {
-					ctx.Handle(500, "GetAttachmentByUUID", err)
-				}
-				return
-			}
-
-			fr, err := os.Open(attach.LocalPath())
-			if err != nil {
-				ctx.Handle(500, "Open", err)
-				return
-			}
-			defer fr.Close()
-
-			ctx.Header().Set("Cache-Control", "public,max-age=86400")
-			// Fix #312. Attachments with , in their name are not handled correctly by Google Chrome.
-			// We must put the name in " manually.
-			if err = repo.ServeData(ctx, "\""+attach.Name+"\"", fr); err != nil {
-				ctx.Handle(500, "ServeData", err)
-				return
-			}
-		})
-		m.Post("/issues/attachments", repo.UploadIssueAttachment)
-	}, ignSignIn)
-
-	m.Group("/:username", func() {
-		m.Get("/action/:action", user.Action)
-	}, reqSignIn)
-
-	if macaron.Env == macaron.DEV {
-		m.Get("/template/*", dev.TemplatePreview)
-	}
-
-	reqRepoAdmin := context.RequireRepoAdmin()
-	reqRepoWriter := context.RequireRepoWriter()
-
-	// ***** START: Organization *****
-	m.Group("/org", func() {
-		m.Get("/create", org.Create)
-		m.Post("/create", bindIgnErr(auth.CreateOrgForm{}), org.CreatePost)
-
-		m.Group("/:org", func() {
-			m.Get("/dashboard", user.Dashboard)
-			m.Get("/^:type(issues|pulls)$", user.Issues)
-			m.Get("/members", org.Members)
-			m.Get("/members/action/:action", org.MembersAction)
-
-			m.Get("/teams", org.Teams)
-		}, context.OrgAssignment(true))
-
-		m.Group("/:org", func() {
-			m.Get("/teams/:team", org.TeamMembers)
-			m.Get("/teams/:team/repositories", org.TeamRepositories)
-			m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
-			m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
-		}, context.OrgAssignment(true, false, true))
-
-		m.Group("/:org", func() {
-			m.Get("/teams/new", org.NewTeam)
-			m.Post("/teams/new", bindIgnErr(auth.CreateTeamForm{}), org.NewTeamPost)
-			m.Get("/teams/:team/edit", org.EditTeam)
-			m.Post("/teams/:team/edit", bindIgnErr(auth.CreateTeamForm{}), org.EditTeamPost)
-			m.Post("/teams/:team/delete", org.DeleteTeam)
-
-			m.Group("/settings", func() {
-				m.Combo("").Get(org.Settings).
-					Post(bindIgnErr(auth.UpdateOrgSettingForm{}), org.SettingsPost)
-				m.Post("/avatar", binding.MultipartForm(auth.UploadAvatarForm{}), org.SettingsAvatar)
-				m.Post("/avatar/delete", org.SettingsDeleteAvatar)
-
-				m.Group("/hooks", func() {
-					m.Get("", org.Webhooks)
-					m.Post("/delete", org.DeleteWebhook)
-					m.Get("/:type/new", repo.WebhooksNew)
-					m.Post("/gogs/new", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksNewPost)
-					m.Post("/slack/new", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksNewPost)
-					m.Get("/:id", repo.WebHooksEdit)
-					m.Post("/gogs/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
-					m.Post("/slack/:id", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksEditPost)
-				})
-
-				m.Route("/delete", "GET,POST", org.SettingsDelete)
-			})
-
-			m.Route("/invitations/new", "GET,POST", org.Invitation)
-		}, context.OrgAssignment(true, true))
-	}, reqSignIn)
-	// ***** END: Organization *****
-
-	// ***** START: Repository *****
-	m.Group("/repo", func() {
-		m.Get("/create", repo.Create)
-		m.Post("/create", bindIgnErr(auth.CreateRepoForm{}), repo.CreatePost)
-		m.Get("/migrate", repo.Migrate)
-		m.Post("/migrate", bindIgnErr(auth.MigrateRepoForm{}), repo.MigratePost)
-		m.Combo("/fork/:repoid").Get(repo.Fork).
-			Post(bindIgnErr(auth.CreateRepoForm{}), repo.ForkPost)
-	}, reqSignIn)
-
-	m.Group("/:username/:reponame", func() {
-		m.Group("/settings", func() {
-			m.Combo("").Get(repo.Settings).
-				Post(bindIgnErr(auth.RepoSettingForm{}), repo.SettingsPost)
-			m.Group("/collaboration", func() {
-				m.Combo("").Get(repo.Collaboration).Post(repo.CollaborationPost)
-				m.Post("/access_mode", repo.ChangeCollaborationAccessMode)
-				m.Post("/delete", repo.DeleteCollaboration)
-			})
-
-			m.Group("/hooks", func() {
-				m.Get("", repo.Webhooks)
-				m.Post("/delete", repo.DeleteWebhook)
-				m.Get("/:type/new", repo.WebhooksNew)
-				m.Post("/gogs/new", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksNewPost)
-				m.Post("/slack/new", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksNewPost)
-				m.Get("/:id", repo.WebHooksEdit)
-				m.Post("/:id/test", repo.TestWebhook)
-				m.Post("/gogs/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
-				m.Post("/slack/:id", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksEditPost)
-
-				m.Group("/git", func() {
-					m.Get("", repo.GitHooks)
-					m.Combo("/:name").Get(repo.GitHooksEdit).
-						Post(repo.GitHooksEditPost)
-				}, context.GitHookService())
-			})
-
-			m.Group("/keys", func() {
-				m.Combo("").Get(repo.DeployKeys).
-					Post(bindIgnErr(auth.AddSSHKeyForm{}), repo.DeployKeysPost)
-				m.Post("/delete", repo.DeleteDeployKey)
-			})
-
-		}, func(ctx *context.Context) {
-			ctx.Data["PageIsSettings"] = true
-		})
-	}, reqSignIn, context.RepoAssignment(), reqRepoAdmin, context.RepoRef())
-
-	m.Get("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), repo.Action)
-	m.Group("/:username/:reponame", func() {
-		m.Group("/issues", func() {
-			m.Combo("/new", repo.MustEnableIssues).Get(context.RepoRef(), repo.NewIssue).
-				Post(bindIgnErr(auth.CreateIssueForm{}), repo.NewIssuePost)
-
-			m.Combo("/:index/comments").Post(bindIgnErr(auth.CreateCommentForm{}), repo.NewComment)
-			m.Group("/:index", func() {
-				m.Post("/label", repo.UpdateIssueLabel)
-				m.Post("/milestone", repo.UpdateIssueMilestone)
-				m.Post("/assignee", repo.UpdateIssueAssignee)
-			}, reqRepoWriter)
-
-			m.Group("/:index", func() {
-				m.Post("/title", repo.UpdateIssueTitle)
-				m.Post("/content", repo.UpdateIssueContent)
-			})
-		})
-		m.Group("/comments/:id", func() {
-			m.Post("", repo.UpdateCommentContent)
-			m.Post("/delete", repo.DeleteComment)
-		})
-		m.Group("/labels", func() {
-			m.Post("/new", bindIgnErr(auth.CreateLabelForm{}), repo.NewLabel)
-			m.Post("/edit", bindIgnErr(auth.CreateLabelForm{}), repo.UpdateLabel)
-			m.Post("/delete", repo.DeleteLabel)
-		}, reqRepoWriter, context.RepoRef())
-		m.Group("/milestones", func() {
-			m.Combo("/new").Get(repo.NewMilestone).
-				Post(bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost)
-			m.Get("/:id/edit", repo.EditMilestone)
-			m.Post("/:id/edit", bindIgnErr(auth.CreateMilestoneForm{}), repo.EditMilestonePost)
-			m.Get("/:id/:action", repo.ChangeMilestonStatus)
-			m.Post("/delete", repo.DeleteMilestone)
-		}, reqRepoWriter, context.RepoRef())
-
-		m.Group("/releases", func() {
-			m.Get("/new", repo.NewRelease)
-			m.Post("/new", bindIgnErr(auth.NewReleaseForm{}), repo.NewReleasePost)
-			m.Get("/edit/:tagname", repo.EditRelease)
-			m.Post("/edit/:tagname", bindIgnErr(auth.EditReleaseForm{}), repo.EditReleasePost)
-			m.Post("/delete", repo.DeleteRelease)
-		}, reqRepoWriter, context.RepoRef())
-
-		m.Combo("/compare/*", repo.MustAllowPulls).Get(repo.CompareAndPullRequest).
-			Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)
-	}, reqSignIn, context.RepoAssignment(), repo.MustBeNotBare)
-
-	m.Group("/:username/:reponame", func() {
-		m.Group("", func() {
-			m.Get("/releases", repo.Releases)
-			m.Get("/^:type(issues|pulls)$", repo.RetrieveLabels, repo.Issues)
-			m.Get("/^:type(issues|pulls)$/:index", repo.ViewIssue)
-			m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
-			m.Get("/milestones", repo.Milestones)
-		}, context.RepoRef())
-
-		// m.Get("/branches", repo.Branches)
-
-		m.Group("/wiki", func() {
-			m.Get("/?:page", repo.Wiki)
-			m.Get("/_pages", repo.WikiPages)
-
-			m.Group("", func() {
-				m.Combo("/_new").Get(repo.NewWiki).
-					Post(bindIgnErr(auth.NewWikiForm{}), repo.NewWikiPost)
-				m.Combo("/:page/_edit").Get(repo.EditWiki).
-					Post(bindIgnErr(auth.NewWikiForm{}), repo.EditWikiPost)
-				m.Post("/:page/delete", repo.DeleteWikiPagePost)
-			}, reqSignIn, reqRepoWriter)
-		}, repo.MustEnableWiki, context.RepoRef())
-
-		m.Get("/archive/*", repo.Download)
-
-		m.Group("/pulls/:index", func() {
-			m.Get("/commits", context.RepoRef(), repo.ViewPullCommits)
-			m.Get("/files", context.RepoRef(), repo.ViewPullFiles)
-			m.Post("/merge", reqRepoWriter, repo.MergePullRequest)
-		}, repo.MustAllowPulls)
-
-		m.Group("", func() {
-			m.Get("/src/*", repo.Home)
-			m.Get("/raw/*", repo.SingleDownload)
-			m.Get("/commits/*", repo.RefCommits)
-			m.Get("/commit/:sha([a-z0-9]{40})$", repo.Diff)
-			m.Get("/forks", repo.Forks)
-		}, context.RepoRef())
-		m.Get("/commit/:sha([a-z0-9]{40})\\.:ext(patch|diff)", repo.RawDiff)
-
-		m.Get("/compare/:before([a-z0-9]{40})\\.\\.\\.:after([a-z0-9]{40})", repo.CompareDiff)
-	}, ignSignIn, context.RepoAssignment(), repo.MustBeNotBare)
-	m.Group("/:username/:reponame", func() {
-		m.Get("/stars", repo.Stars)
-		m.Get("/watchers", repo.Watchers)
-	}, ignSignIn, context.RepoAssignment(), context.RepoRef())
-
-	m.Group("/:username", func() {
-		m.Group("/:reponame", func() {
-			m.Get("", repo.Home)
-			m.Get("\\.git$", repo.Home)
-		}, ignSignIn, context.RepoAssignment(true), context.RepoRef())
-
-		m.Group("/:reponame", func() {
-			m.Any("/*", ignSignInAndCsrf, repo.HTTP)
-			m.Head("/tasks/trigger", repo.TriggerTask)
-		})
-	})
-	// ***** END: Repository *****
-
-	m.Group("/api", func() {
-		apiv1.RegisterRoutes(m)
-	}, ignSignIn)
-
-	// robots.txt
-	m.Get("/robots.txt", func(ctx *context.Context) {
-		if setting.HasRobotsTxt {
-			ctx.ServeFileContent(path.Join(setting.CustomPath, "robots.txt"))
-		} else {
-			ctx.Error(404)
-		}
-	})
-
-	// Not found handler.
-	m.NotFound(routers.NotFound)
-
-	// Flag for port number in case first time run conflict.
-	if ctx.IsSet("port") {
-		setting.AppUrl = strings.Replace(setting.AppUrl, setting.HttpPort, ctx.String("port"), 1)
-		setting.HttpPort = ctx.String("port")
-	}
-
-	var err error
-	listenAddr := fmt.Sprintf("%s:%s", setting.HttpAddr, setting.HttpPort)
-	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubUrl)
-	switch setting.Protocol {
-	case setting.HTTP:
-		err = http.ListenAndServe(listenAddr, m)
-	case setting.HTTPS:
-		server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{MinVersion: tls.VersionTLS10}, Handler: m}
-		err = server.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
-	case setting.FCGI:
-		err = fcgi.Serve(nil, m)
-	default:
-		log.Fatal(4, "Invalid protocol: %s", setting.Protocol)
-	}
-
-	if err != nil {
-		log.Fatal(4, "Fail to start server: %v", err)
-	}
-
-	return nil
-}
@@ -1,3 +0,0 @@
-Execute following command in ROOT directory when anything is changed:
-
-$ make bindata
@@ -1,92 +1,27 @@
-# NEVER EVER MODIFY THIS FILE
-# PLEASE MAKE CHANGES ON CORRESPONDING CUSTOM CONFIG FILE
+# !!! NEVER EVER MODIFY THIS FILE !!!
+# !!! PLEASE MAKE CHANGES ON CORRESPONDING CUSTOM CONFIG FILE !!!
+# !!! IF YOU ARE PACKAGING PROVIDER, PLEASE MAKE OWN COPY OF IT !!!

-; App name that shows on every page title
-APP_NAME = Gogs: Go Git Service
-; Change it if you run locally
+; The brand name of the application, can be your company or team name.
+BRAND_NAME = Gogs
+; The system user who should be running the applications. It has no effect on Windows,
+; otherwise, it should match the value of $USER environment variable.
 RUN_USER = git
-; Either "dev", "prod" or "test", default is "dev"
+; The running mode of the application, can be either "dev", "prod" or "test".
 RUN_MODE = dev

-[repository]
-ROOT =
-SCRIPT_TYPE = bash
-; Default ANSI charset
-ANSI_CHARSET =
-; Force every new repository to be private
-FORCE_PRIVATE = false
-; Global maximum creation limit of repository per user, -1 means no limit
-MAX_CREATION_LIMIT = -1
-; Patch test queue length, make it as large as possible
-PULL_REQUEST_QUEUE_LENGTH = 10000
-
-[ui]
-; Number of repositories that are showed in one explore page
-EXPLORE_PAGING_NUM = 20
-; Number of issues that are showed in one page
-ISSUE_PAGING_NUM = 10
-; Number of maximum commits showed in one activity feed
-FEED_MAX_COMMIT_NUM = 5
-; Value of `theme-color` meta tag, used by Android >= 5.0
-; An invalid color like "none" or "disable" will have the default style
-; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
-THEME_COLOR_META_TAG = `#ff5343`
-; Max size of files to be displayed (defaults is 8MiB)
-MAX_DISPLAY_FILE_SIZE = 8388608
-
-[ui.admin]
-; Number of users that are showed in one page
-USER_PAGING_NUM = 50
-; Number of repos that are showed in one page
-REPO_PAGING_NUM = 50
-; Number of notices that are showed in one page
-NOTICE_PAGING_NUM = 25
-; Number of organization that are showed in one page
-ORG_PAGING_NUM = 50
-
-[ui.user]
-; Number of repos that are showed in one page
-REPO_PAGING_NUM = 15
-
-[markdown]
-; Enable hard line break extension
-ENABLE_HARD_LINE_BREAK = false
-; List of custom URL-Schemes that are allowed as links when rendering Markdown
-; for example git,magnet
-CUSTOM_URL_SCHEMES =
-
 [server]
-PROTOCOL = http
+; The public-facing URL for the application.
+EXTERNAL_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; The public-facing domain name for the application.
 DOMAIN = localhost
-ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; The protocol that is used to serve direct traffic to the application.
+; Currently supports "http", "https", "fcgi" and "unix".
+PROTOCOL = http
+; The address to be listened by the application.
 HTTP_ADDR = 0.0.0.0
+; The port number to be listened by the application.
 HTTP_PORT = 3000
-; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service.
-; In most cases you do not need to change the default value.
-; Alter it only if your SSH server node is not the same as HTTP node.
-LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
-; Disable SSH feature when not available
-DISABLE_SSH = false
-; Whether use builtin SSH server or not.
-START_SSH_SERVER = false
-; Domain name to be exposed in clone URL
-SSH_DOMAIN = %(DOMAIN)s
-; Port number to be exposed in clone URL
-SSH_PORT = 22
-; Port number builtin SSH server listens on
-SSH_LISTEN_PORT = %(SSH_PORT)s
-; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
-SSH_ROOT_PATH =
-; Directory to create temporary files when test publick key using ssh-keygen,
-; default is system temporary directory.
-SSH_KEY_TEST_PATH =
-; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call.
-SSH_KEYGEN_PATH = ssh-keygen
-; Indicate whether to check minimum key size with corresponding type
-MINIMUM_KEY_SIZE_CHECK = false
-; Disable CDN even in "prod" mode
-OFFLINE_MODE = false
-DISABLE_ROUTER_LOG = false
 ; Generate steps:
 ; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
 ;
@@ -96,219 +31,395 @@ DISABLE_ROUTER_LOG = false
 ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
 CERT_FILE = custom/https/cert.pem
 KEY_FILE = custom/https/key.pem
-; Upper level of template and static file path
-; default is the path where Gogs is executed
-STATIC_ROOT_PATH =
-; Default path for App data
-APP_DATA_PATH = data
-; Application level GZIP support
-ENABLE_GZIP = false
-; Landing page for non-logged users, can be "home" or "explore"
-LANDING_PAGE = home
+; The minimum allowed TLS version, currently supports "TLS10", "TLS11", "TLS12", and "TLS13".
+TLS_MIN_VERSION = TLS12
+; File permission when serve traffic via Unix domain socket.
+UNIX_SOCKET_PERMISSION = 666
+; Local (DMZ) URL for workers (e.g. SSH update) accessing web service.
+; In most cases you do not need to change the default value.
+; Alter it only if your SSH server node is not the same as HTTP node.
+LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/

-; Define allowed algorithms and their minimum key length (use -1 to disable a type)
+; Whether to disable using CDN for static files regardless.
+OFFLINE_MODE = false
+; Whether to disable logging in router.
+DISABLE_ROUTER_LOG = true
+; Whether to enable application level GZIP compression.
+ENABLE_GZIP = false
+
+; The path for storing application specific data.
+APP_DATA_PATH = data
+; Whether to enable to load assets (i.e. "conf", "templates", "public") from disk instead of embedded bindata.
+LOAD_ASSETS_FROM_DISK = false
+
+; The landing page URL for anonymous users, the value should not include
+; subpath that is handled by the reverse proxy.
+LANDING_URL = /
+
+; Whether to disable SSH access to the application entirely.
+DISABLE_SSH = false
+; The domain name to be exposed in SSH clone URL.
+SSH_DOMAIN = %(DOMAIN)s
+; The port number to be exposed in SSH clone URL.
+SSH_PORT = 22
+; The path of SSH root directory, default is "$HOME/.ssh".
+SSH_ROOT_PATH =
+; The path to ssh-keygen, default is "ssh-keygen" and let shell find out which one to call.
+SSH_KEYGEN_PATH = ssh-keygen
+; The directory to create temporary files when test a public key using ssh-keygen,
+; default is the system temporary directory.
+SSH_KEY_TEST_PATH =
+; Whether to check minimum public key size with corresponding type.
+MINIMUM_KEY_SIZE_CHECK = false
+; Whether to rewrite "~/.ssh/authorized_keys" file at start, ignored when use builtin SSH server.
+REWRITE_AUTHORIZED_KEYS_AT_START = false
+; Whether to start a builtin SSH server.
+START_SSH_SERVER = false
+; The network interface for builtin SSH server to listen on.
+SSH_LISTEN_HOST = 0.0.0.0
+; The port number for builtin SSH server to listen on.
+SSH_LISTEN_PORT = %(SSH_PORT)s
+; The list of accepted ciphers for connections to builtin SSH server.
+SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
+; The list of accepted MACs for connections to builtin SSH server.
+SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1
+; The list of accepted key exchange algorithms for connections to builtin SSH server.
+SSH_SERVER_ALGORITHMS = rsa, ecdsa, ed25519
+
+; Define allowed algorithms and their minimum key length (use -1 to disable a type).
 [ssh.minimum_key_sizes]
 ED25519 = 256
 ECDSA   = 256
 RSA     = 2048
 DSA     = 1024

-[database]
-; Either "mysql", "postgres" or "sqlite3", it's your choice
-DB_TYPE = mysql
-HOST = 127.0.0.1:3306
-NAME = gogs
-USER = root
-PASSWD =
-; For "postgres" only, either "disable", "require" or "verify-full"
-SSL_MODE = disable
-; For "sqlite3" and "tidb", use absolute path when you start as service
-PATH = data/gogs.db
+[repository]
+; The root path for storing managed repositories, default is "~/gogs-repositories"
+ROOT =
+; The script type server supports, sometimes could be "sh".
+SCRIPT_TYPE = bash
+; Default ANSI charset for an unrecognized charset.
+ANSI_CHARSET =
+; Whether to force every new repository to be private.
+FORCE_PRIVATE = false
+; The global limit of number of repositories a user can create, -1 means no limit.
+MAX_CREATION_LIMIT = -1
+; Preferred Licenses to place at the top of the list.
+; Name must match file name in "conf/license" or "custom/conf/license".
+PREFERRED_LICENSES = Apache License 2.0, MIT License
+; Whether to disable Git interaction with repositories via HTTP/HTTPS protocol.
+DISABLE_HTTP_GIT = false
+; Whether to enable ability to migrate repository by server local path.
+ENABLE_LOCAL_PATH_MIGRATION = false
+; Whether to enable render mode for raw file. There are potential security risks.
+ENABLE_RAW_FILE_RENDER_MODE = false
+; The maximum number of goroutines that can be run at the same time for a single
+; fetch request. Usually, the value depend of how many CPU (cores) you have. If
+; the value is non-positive, it matches the number of CPUs available to the application.
+COMMITS_FETCH_CONCURRENCY = 0
+; Default branch name when creating new repositories.
+DEFAULT_BRANCH = master

-[admin]
+[repository.editor]
+; List of file extensions that should have line wraps in the CodeMirror editor.
+; Separate extensions with a comma.
+LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd
+; Valid file modes that have a preview API associated with them, such as "/api/v1/markdown".
+; Separate values by commas. Preview tab in edit mode won't show if the file extension doesn't match.
+PREVIEWABLE_FILE_MODES = markdown

-[security]
-INSTALL_LOCK = false
-; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
-SECRET_KEY = !#@FDEWREWR&*(
-; Auto-login remember days
-LOGIN_REMEMBER_DAYS = 7
-COOKIE_USERNAME = gogs_awesome
-COOKIE_REMEMBER_NAME = gogs_incredible
-; Reverse proxy authentication header name of user name
-REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
-
-[service]
-ACTIVE_CODE_LIVE_MINUTES = 180
-RESET_PASSWD_CODE_LIVE_MINUTES = 180
-; User need to confirm e-mail for registration
-REGISTER_EMAIL_CONFIRM = false
-; Does not allow register and admin create account only
-DISABLE_REGISTRATION = false
-; User must sign in to view anything.
-REQUIRE_SIGNIN_VIEW = false
-; Mail notification
-ENABLE_NOTIFY_MAIL = false
-; More detail: https://github.com/gogits/gogs/issues/165
-ENABLE_REVERSE_PROXY_AUTHENTICATION = false
-ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
-; Enable captcha validation for registration
-ENABLE_CAPTCHA = true
-
-[webhook]
-; Hook task queue length
-QUEUE_LENGTH = 1000
-; Deliver timeout in seconds
-DELIVER_TIMEOUT = 5
-; Allow insecure certification
-SKIP_TLS_VERIFY = false
-; Number of history information in each page
-PAGING_NUM = 10
-
-[mailer]
-ENABLED = false
-; Buffer length of channel, keep it as it is if you don't know what it is.
-SEND_BUFFER_LEN = 100
-; Name displayed in mail title
-SUBJECT = %(APP_NAME)s
-; Mail server
-; Gmail: smtp.gmail.com:587
-; QQ: smtp.qq.com:465
-; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
-HOST =
-; Disable HELO operation when hostname are different.
-DISABLE_HELO =
-; Custom hostname for HELO operation, default is from system.
-HELO_HOSTNAME =
-; Do not verify the certificate of the server. Only use this for self-signed certificates
-SKIP_VERIFY =
-; Use client certificate
-USE_CERTIFICATE = false
-CERT_FILE = custom/mailer/cert.pem
-KEY_FILE = custom/mailer/key.pem
-; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
-FROM =
-; Mailer user name and password
-USER =
-PASSWD =
-; Use text/html as alternative format of content
-ENABLE_HTML_ALTERNATIVE = false
-
-[cache]
-; Either "memory", "redis", or "memcache", default is "memory"
-ADAPTER = memory
-; For "memory" only, GC interval in seconds, default is 60
-INTERVAL = 60
-; For "redis" and "memcache", connection host address
-; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-; memcache: `127.0.0.1:11211`
-HOST =
-
-[session]
-; Either "memory", "file", or "redis", default is "memory"
-PROVIDER = memory
-; Provider config options
-; memory: not have any config yet
-; file: session file path, e.g. `data/sessions`
-; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-PROVIDER_CONFIG = data/sessions
-; Session cookie name
-COOKIE_NAME = i_like_gogits
-; If you use session in https only, default is false
-COOKIE_SECURE = false
-; Enable set cookie, default is true
-ENABLE_SET_COOKIE = true
-; Session GC time interval, default is 86400
-GC_INTERVAL_TIME = 86400
-; Session life time, default is 86400
-SESSION_LIFE_TIME = 86400
-
-[picture]
-AVATAR_UPLOAD_PATH = data/avatars
-; Chinese users can choose "duoshuo"
-; or a custom avatar source, like: http://cn.gravatar.com/avatar/
-GRAVATAR_SOURCE = gravatar
-DISABLE_GRAVATAR = false
-
-[attachment]
-; Whether attachments are enabled. Defaults to `true`
-ENABLE = true
-; Path for attachments. Defaults to `data/attachments`
-PATH = data/attachments
-; One or more allowed types, e.g. image/jpeg|image/png
-ALLOWED_TYPES = image/jpeg|image/png
-; Max size of each file. Defaults to 32MB
-MAX_SIZE = 4
-; Max number of files per upload. Defaults to 10
+[repository.upload]
+; Whether to enable repository file uploads.
+ENABLED = true
+; The path to temporarily store uploads (content under this path gets wiped out on every start).
+TEMP_PATH = data/tmp/uploads
+; File types that are allowed to be uploaded, e.g. "image/jpeg|image/png". Leave empty to allow any file type.
+ALLOWED_TYPES =
+; The maximum size of each file in MB.
+FILE_MAX_SIZE = 3
+; The maximum number of files per upload.
 MAX_FILES = 5

-[time]
-; Specifies the format for fully outputed dates. Defaults to RFC1123
-; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
-; For more information about the format see http://golang.org/pkg/time/#pkg-constants
-FORMAT =
+[database]
+; The database backend, either "postgres", "mysql" or "sqlite3".
+TYPE = postgres
+HOST = 127.0.0.1:5432
+NAME = gogs
+USER = gogs
+PASSWORD =
+; For "postgres" only
+SCHEMA = public
+; For "postgres" only, either "disable", "require" or "verify-full".
+SSL_MODE = disable
+; For "sqlite3" only, make sure to use absolute path.
+PATH = data/gogs.db
+; The maximum open connections of the pool.
+MAX_OPEN_CONNS = 30
+; The maximum idle connections of the pool.
+MAX_IDLE_CONNS = 30

+[security]
+; Whether to show the install page, set this to "true" to bypass it.
+INSTALL_LOCK = false
+; The secret to encrypt cookie values, 2FA code, etc.
+; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+SECRET_KEY = !#@FDEWREWR&*(
+; The number of days a sign-in session persists across browser restarts.
+LOGIN_REMEMBER_DAYS = 7
+; Whether to set secure cookie.
+COOKIE_SECURE = false
+; Whether to set cookie to indicate user login status.
+ENABLE_LOGIN_STATUS_COOKIE = false
+; The cookie name to store user login status.
+LOGIN_STATUS_COOKIE_NAME = login_status
+; A comma separated list of hostnames that are explicitly allowed to be accessed within the local network.
+; Use "*" to allow all hostnames.
+LOCAL_NETWORK_ALLOWLIST =
+
+[email]
+; Whether to enable the email service.
+ENABLED = false
+; The prefix prepended to the subject line.
+SUBJECT_PREFIX = `[%(BRAND_NAME)s] `
+; The SMTP server with its port, e.g. smtp.mailgun.org:587, smtp.gmail.com:587, smtp.qq.com:465
+; If the port ends is "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409.
+; If the server supports STARTTLS it will always be used.
+HOST = smtp.mailgun.org:587
+; The email from address (RFC 5322). This can be just an email address, or the `"Name" <email@example.com>` format.
+FROM = noreply@gogs.localhost
+; The login user.
+USER = noreply@gogs.localhost
+; The login password.
+PASSWORD =
+
+; The custom hostname for HELO operation, default is from system.
+HELO_HOSTNAME =
+
+; Whether to skip verifying the certificate of the server. Only use this for self-signed certificates.
+SKIP_VERIFY = false
+; Whether to use client certificates.
+USE_CERTIFICATE = false
+CERT_FILE = custom/email/cert.pem
+KEY_FILE = custom/email/key.pem
+
+; Whether to use "text/plain" as content format.
+USE_PLAIN_TEXT = false
+; Whether to attach a plaintext alternative to the MIME message while sending HTML emails.
+; It is used to support older mail clients and make spam filters happier.
+ADD_PLAIN_TEXT_ALT = false
+
+[auth]
+; The valid duration of activate code in minutes.
+ACTIVATE_CODE_LIVES = 180
+; The valid duration of reset password code in minutes.
+RESET_PASSWORD_CODE_LIVES = 180
+; Whether to require email confirmation for adding new email addresses.
+; Enable this option will also require user to confirm the email for registration.
+REQUIRE_EMAIL_CONFIRMATION = false
+; Whether to disallow anonymous users visiting the site.
+REQUIRE_SIGNIN_VIEW = false
+; Whether to disable self-registration. When disabled, accounts would have to be created by admins.
+DISABLE_REGISTRATION = false
+; Whether to enable captcha validation for registration
+ENABLE_REGISTRATION_CAPTCHA = true
+
+; Whether to enable reverse proxy authentication via HTTP header.
+ENABLE_REVERSE_PROXY_AUTHENTICATION = false
+; Whether to automatically create new users for reverse proxy authentication.
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+; The HTTP header used as username for reverse proxy authentication.
+REVERSE_PROXY_AUTHENTICATION_HEADER = X-WEBAUTH-USER
+; Lists the IPs or CIDR ranges whose requests are allowed to set the reverse
+; proxy authentication header.
+TRUSTED_PROXY_IPS = 127.0.0.0/8,::1/128
+
+[user]
+; Whether to enable email notifications for users.
+ENABLE_EMAIL_NOTIFICATION = false
+
+[session]
+; The session provider, either "memory", "file", or "redis".
+PROVIDER = memory
+; The configuration for respective provider:
+; - memory: does not need any config yet
+; - file: session file path, e.g. `data/sessions`
+; - redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180,tls=true
+PROVIDER_CONFIG = data/sessions
+; The cookie name to store the session identifier.
+COOKIE_NAME = i_like_gogs
+; Whether to set cookie in HTTPS only.
+COOKIE_SECURE = false
+; The GC interval in seconds for session data.
+GC_INTERVAL = 3600
+; The maximum idle time in seconds before a session record is garbage-collected.
+; Set lower than `[security] LOGIN_REMEMBER_DAYS * 86400` to enforce a sliding
+; idle timeout. Otherwise the session lives for the full cookie lifetime.
+MAX_LIFE_TIME = 604800
+; The cookie name for CSRF token.
+CSRF_COOKIE_NAME = _csrf
+
+[cache]
+; The cache adapter, either "memory" or "redis".
+ADAPTER = memory
+; For "memory" only, GC interval in seconds.
+INTERVAL = 60
+; For "redis", connection host address:
+; - redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+HOST =
+
+[http]
+; The value for "Access-Control-Allow-Origin" header, default is not to present.
+ACCESS_CONTROL_ALLOW_ORIGIN =
+
+[lfs]
+; The storage backend for uploading new objects.
+STORAGE = local
+; The root path to store LFS objects on local file system.
+OBJECTS_PATH = data/lfs-objects
+; The path to temporarily store LFS objects during upload verification.
+OBJECTS_TEMP_PATH = data/tmp/lfs-objects
+
+[attachment]
+; Whether to enabled upload attachments in general.
+ENABLED = true
+; The path to store attachments on the file system.
+PATH = data/attachments
+; File types that are allowed to be uploaded, e.g. "image/jpeg|image/png". Leave empty to allow any file type.
+ALLOWED_TYPES = image/jpeg|image/png
+; The maximum size of each file in MB.
+MAX_SIZE = 4
+; The maximum number of files per upload.
+MAX_FILES = 5
+
+[release.attachment]
+; Whether to enabled upload attachments for releases.
+ENABLED = true
+; File types that are allowed to be uploaded, e.g. "image/jpeg|image/png". Leave empty to allow any file type.
+ALLOWED_TYPES = */*
+; The maximum size of each file in MB.
+MAX_SIZE = 32
+; The maximum number of files per upload.
+MAX_FILES = 10
+
+[time]
+; Specifies the format for fully outputed dates.
+; Values should be one of the following:
+; ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano.
+; For more information about the format see http://golang.org/pkg/time/#pkg-constants.
+FORMAT = RFC1123
+
+[picture]
+; The path to store user avatars on the file system.
+AVATAR_UPLOAD_PATH = data/avatars
+; The path to store repository avatars on the file system.
+REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
+; Chinese users can use a custom avatar source, such as http://cn.gravatar.com/avatar/.
+GRAVATAR_SOURCE = gravatar
+; Whether to disable Gravatar, this value will be forced to be true in offline mode.
+DISABLE_GRAVATAR = false
+; Whether to enable federated avatar lookup uses DNS to discover avatar associated
+; with emails, see https://www.libravatar.org for details.
+; This value will be forced to be false in offline mode or when Gravatar is disabled.
+ENABLE_FEDERATED_AVATAR = false
+
+[markdown]
+; Whether to enable hard line break extension.
+ENABLE_HARD_LINE_BREAK = false
+; The list of custom URL schemes that are allowed as links when rendering Markdown.
+; For example, "git" (for "git://") and "magnet" (for "magnet://").
+CUSTOM_URL_SCHEMES =
+; The list of file extensions that should be rendered/edited as Markdown.
+; Separate extensions with a comma. To render files with no extension as markdown, just put a comma.
+FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
+
+[smartypants]
+; Whether to enable the Smartypants extension.
+ENABLED = false
+FRACTIONS = true
+DASHES = true
+LATEX_DASHES = true
+ANGLED_QUOTES = true
+
+[admin]
+; Whether to disable regular (non-admin) users to create organizations.
+DISABLE_REGULAR_ORG_CREATION = false
+
+[webhook]
+; The list of enabled types for users to use, can be "gogs", "slack", "discord", "dingtalk".
+TYPES = gogs, slack, discord, dingtalk
+; Deliver timeout in seconds.
+DELIVER_TIMEOUT = 15
+; Whether to allow insecure certification.
+SKIP_TLS_VERIFY = false
+; The number of history information in each page.
+PAGING_NUM = 10
+
+; General settings of loggers.
 [log]
+; The root path for all log files, default is "log/" subdirectory.
 ROOT_PATH =
-; Either "console", "file", "conn", "smtp" or "database", default is "console"
+; Can be "console", "file", "slack" and "discord".
 ; Use comma to separate multiple modes, e.g. "console, file"
 MODE = console
 ; Buffer length of channel, keep it as it is if you don't know what it is.
-BUFFER_LEN = 10000
-; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+BUFFER_LEN = 100
+; Either "Trace", "Info", "Warn", "Error", "Fatal", default is "Trace"
 LEVEL = Trace

 ; For "console" mode only
 [log.console]
-LEVEL =
+; Comment out to inherit
+; LEVEL =

 ; For "file" mode only
 [log.file]
-LEVEL =
-; This enables automated log rotate(switch of following options), default is true
+; Comment out to inherit
+; LEVEL =
+; Whether to enable automated log rotate (switch of following options).
 LOG_ROTATE = true
-; Max line number of single file, default is 1000000
-MAX_LINES = 1000000
-; Max size shift of single file, default is 28 means 1 << 28, 256MB
-MAX_SIZE_SHIFT = 28
-; Segment log daily, default is true
+; Whether to segment log files daily.
 DAILY_ROTATE = true
-; Expired days of log file(delete after max days), default is 7
+; The maximum size shift of single file, default is 28 means 1 << 28 = 256MB.
+MAX_SIZE_SHIFT = 28
+; The maximum number of lines of single file.
+MAX_LINES = 1000000
+; The expired days of log file (delete after max days).
 MAX_DAYS = 7

-; For "conn" mode only
-[log.conn]
-LEVEL =
-; Reconnect host for every single message, default is false
-RECONNECT_ON_MSG = false
-; Try to reconnect when connection is lost, default is false
-RECONNECT = false
-; Either "tcp", "unix" or "udp", default is "tcp"
-PROTOCOL = tcp
-; Host address
-ADDR =
+; For "slack" mode only
+[log.slack]
+; Comment out to inherit
+; LEVEL =
+; Webhook URL
+URL =

-; For "smtp" mode only
-[log.smtp]
-LEVEL =
-; Name displayed in mail title, default is "Diagnostic message from server"
-SUBJECT = Diagnostic message from server
-; Mail server
-HOST =
-; Mailer user name and password
-USER =
-PASSWD =
-; Receivers, can be one or more, e.g. ["1@example.com","2@example.com"]
-RECEIVERS =
+[log.discord]
+; Comment out to inherit
+; LEVEL =
+; Webhook URL
+URL =
+; The username to be displayed in notification.
+USERNAME = %(BRAND_NAME)s

-; For "database" mode only
-[log.database]
-LEVEL =
-; Either "mysql" or "postgres"
-DRIVER =
-; Based on xorm, e.g.: root:root@localhost/gogs?charset=utf8
-CONN =
+[log.xorm]
+; Enable file rotation
+ROTATE = true
+; Rotate every day
+ROTATE_DAILY = true
+; Rotate once file size excesses x MB
+MAX_SIZE = 100
+; Maximum days to keep logger files
+MAX_DAYS = 3
+
+[log.gorm]
+; Whether to enable file rotation.
+ROTATE = true
+; Whether to rotate file every day.
+ROTATE_DAILY = true
+; The maximum file size in MB before next rotate.
+MAX_SIZE = 100
+; The maximum days to keep files.
+MAX_DAYS = 3

 [cron]
 ; Enable running cron tasks periodically.
@@ -316,8 +427,8 @@ ENABLED = true
 ; Run cron tasks when Gogs starts.
 RUN_AT_START = false

-; Update mirrors
 [cron.update_mirrors]
+; Defines how often the mirror syncer checks if any mirror needs to be synchronized (based on the mirror update interval).
 SCHEDULE = @every 10m

 ; Repository health check
@@ -333,13 +444,22 @@ ARGS =
 RUN_AT_START = true
 SCHEDULE = @every 24h

+; Cleanup repository archives
+[cron.repo_archive_cleanup]
+RUN_AT_START = false
+SCHEDULE = @every 24h
+; Time duration to check if archive should be cleaned
+OLDER_THAN = 24h
+
 [git]
-; Max number of lines allowed of a single file in diff view.
-MAX_GIT_DIFF_LINES = 1000
-; Max number of characters of a line allowed in diff view.
-MAX_GIT_DIFF_LINE_CHARACTERS = 500
-; Max number of files shown in diff view.
+; Disables highlight of added and removed changes
+DISABLE_DIFF_HIGHLIGHT = false
+; Max number of files shown in diff view
 MAX_GIT_DIFF_FILES = 100
+; Max number of lines allowed of a single file in diff view
+MAX_GIT_DIFF_LINES = 1000
+; Max number of characters of a line allowed in diff view
+MAX_GIT_DIFF_LINE_CHARACTERS = 2000
 ; Arguments for command 'git gc', e.g. "--aggressive --auto"
 ; see more on http://git-scm.com/docs/git-gc/1.7.5
 GC_ARGS =
@@ -350,16 +470,70 @@ MIGRATE = 600
 MIRROR = 300
 CLONE = 300
 PULL = 300
+DIFF = 60
+GC = 60
+
+[mirror]
+; Defines the default interval (in hours) until the next sync for a mirror (after a successful mirror sync).
+; It can be overridden individually for each mirror repository in the settings.
+DEFAULT_INTERVAL = 8

 [api]
 ; Max number of items will response in a page
 MAX_RESPONSE_ITEMS = 50

-[i18n]
-LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ
-NAMES = English,简体中文,繁體中文（香港）,繁體中文（台湾）,Deutsch,Français,Nederlands,Latviešu,Русский,日本語,Español,Português do Brasil,Polski,български,Italiano,Suomalainen,Türkçe,čeština
+[ui]
+; Number of repositories that are showed in one explore page
+EXPLORE_PAGING_NUM = 20
+; Number of issues that are showed in one page
+ISSUE_PAGING_NUM = 10
+; Number of maximum commits showed in one activity feed
+FEED_MAX_COMMIT_NUM = 5
+; Value of "theme-color" meta tag, used by Android >= 5.0
+; An invalid color like "none" or "disable" will have the default style
+; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+THEME_COLOR_META_TAG = `#ff5343`
+; Max size in bytes of files to be displayed (default is 8MB)
+MAX_DISPLAY_FILE_SIZE = 8388608

-; Used for datetimepicker
+[ui.admin]
+; Number of users that are showed in one page
+USER_PAGING_NUM = 50
+; Number of repos that are showed in one page
+REPO_PAGING_NUM = 50
+; Number of notices that are showed in one page
+NOTICE_PAGING_NUM = 25
+; Number of organization that are showed in one page
+ORG_PAGING_NUM = 50
+
+[ui.user]
+; Number of repos that are showed in one page
+REPO_PAGING_NUM = 15
+; Number of news feeds that are showed in one page
+NEWS_FEED_PAGING_NUM = 20
+; Number of commits that are showed in one page
+COMMITS_PAGING_NUM = 30
+
+[prometheus]
+; Whether to enable Prometheus metrics.
+ENABLED = true
+; Whether to enable HTTP Basic Authentication to protect metrics data.
+ENABLE_BASIC_AUTH = false
+; The username for HTTP Basic Authentication.
+BASIC_AUTH_USERNAME =
+; The password for HTTP Basic Authentication.
+BASIC_AUTH_PASSWORD =
+
+; Extension mapping to highlight class
+; e.g. .toml=ini
+[highlight.mapping]
+
+[i18n]
+LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,gl-ES,uk-UA,en-GB,hu-HU,sk-SK,id-ID,fa-IR,vi-VN,pt-PT,mn-MN,ro-RO
+NAMES = English,简体中文,繁體中文（香港）,繁體中文（臺灣）,Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,galego,українська,English (United Kingdom),Magyar,Slovenčina,Indonesian,Persian,Vietnamese,Português,Монгол,Română
+
+; Used for jQuery DateTimePicker,
+; list of supported languages in https://xdsoft.net/jqplugins/datetimepicker/#lang
 [i18n.datelang]
 en-US = en
 zh-CN = zh
@@ -379,12 +553,21 @@ it-IT = it
 fi-FI = fi
 tr-TR = tr
 cs-CZ = cs-CZ
-
-; Extension mapping to highlight class
-; e.g. .toml=ini
-[highlight.mapping]
+sr-SP = sr
+sv-SE = sv
+ko-KR = ko
+gl-ES = gl
+uk-UA = uk
+en-GB = en-GB
+hu-HU = hu
+sk-SK = sk
+id-ID = id
+fa-IR = fa
+vi-VN = vi
+pt-PT = pt
+mn-MN = mn
+ro-RO = ro

 [other]
-SHOW_FOOTER_BRANDING = false
-; Show version information about gogs and go in the footer
-SHOW_FOOTER_VERSION = true
+; Show time of template execution in the footer
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
@@ -0,0 +1,10 @@
+# This is an example of GitHub authentication
+#
+id           = 105
+type         = github
+name         = GitHub
+is_activated = true
+
+[config]
+api_endpoint = https://api.github.com/
+
@@ -0,0 +1,29 @@
+# This is an example of LDAP (BindDN) authentication
+#
+id           = 101
+type         = ldap_bind_dn
+name         = LDAP BindDN
+is_activated = true
+
+[config]
+host               = mydomain.com
+port               = 636
+# 0 - Unencrypted, 1 - LDAPS, 2 - StartTLS
+security_protocol  = 0
+skip_verify        = false
+bind_dn            = 
+bind_password      = 
+user_base          = ou=Users,dc=mydomain,dc=com
+attribute_username = 
+attribute_name     = 
+attribute_surname  = 
+attribute_mail     = mail
+attributes_in_bind = false
+filter             = (&(objectClass=posixAccount)(cn=%s))
+admin_filter       = 
+group_enabled      = false
+group_dn           = 
+group_filter       = 
+group_member_uid   = 
+user_uid           = 
+
@@ -0,0 +1,30 @@
+# This is an example of LDAP (simple auth) authentication
+#
+id           = 102
+type         = ldap_simple_auth
+name         = LDAP Simple Auth
+is_activated = true
+
+[config]
+host               = mydomain.com
+port               = 636
+# 0 - Unencrypted, 1 - LDAPS, 2 - StartTLS
+security_protocol  = 0
+skip_verify        = false
+bind_dn            = 
+bind_password      = 
+user_base          = 
+user_dn            = cn=%s,ou=Users,dc=mydomain,dc=com
+attribute_username = 
+attribute_name     = 
+attribute_surname  = 
+attribute_mail     = mail
+attributes_in_bind = false
+filter             = (&(objectClass=posixAccount)(cn=%s))
+admin_filter       = 
+group_enabled      = false
+group_dn           = 
+group_filter       = 
+group_member_uid   = 
+user_uid           = 
+
@@ -0,0 +1,10 @@
+# This is an example of PAM authentication
+#
+id           = 104
+type         = pam
+name         = System Auth
+is_activated = true
+
+[config]
+service_name = system-auth
+
@@ -0,0 +1,16 @@
+# This is an example of SMTP authentication
+#
+id           = 103
+type         = smtp
+name         = GMail
+is_activated = true
+
+[config]
+# Either "PLAIN" or "LOGIN"
+auth            = PLAIN
+host            = smtp.gmail.com
+port            = 587
+allowed_domains = 
+tls             = true
+skip_verify     = false
+
@@ -0,0 +1,23 @@
+package conf
+
+import (
+	"embed"
+)
+
+//go:embed app.ini **/*
+var Files embed.FS
+
+// FileNames returns a list of filenames exists in the given direction within
+// Files. The list includes names of subdirectories.
+func FileNames(dir string) ([]string, error) {
+	entries, err := Files.ReadDir(dir)
+	if err != nil {
+		return nil, err
+	}
+
+	fileNames := make([]string, 0, len(entries))
+	for _, entry := range entries {
+		fileNames = append(fileNames, entry.Name())
+	}
+	return fileNames, nil
+}
@@ -0,0 +1,16 @@
+package conf
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFileNames(t *testing.T) {
+	names, err := FileNames(".")
+	require.NoError(t, err)
+
+	want := []string{"app.ini", "auth.d", "gitignore", "label", "license", "locale", "readme"}
+	assert.Equal(t, want, names)
+}
@@ -0,0 +1,63 @@
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff:
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/dictionaries
+
+# Sensitive or high-churn files:
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.xml
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+
+# Gradle:
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# CMake
+cmake-build-debug/
+
+# Mongo Explorer plugin:
+.idea/**/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+/out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Ruby plugin and RubyMine
+/.rakeTasks
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+### PhpStorm Patch ###
+# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721
+
+# *.iml
+# modules.xml
+# .idea/misc.xml
+# *.ipr
+
+# Sonarlint plugin
+.idea/sonarlint
@@ -0,0 +1,76 @@
+# Visual Studio 2015 user specific files
+.vs/
+
+# Compiled Object files
+*.slo
+*.lo
+*.o
+*.obj
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Compiled Dynamic libraries
+*.so
+*.dylib
+*.dll
+
+# Fortran module files
+*.mod
+
+# Compiled Static libraries
+*.lai
+*.la
+*.a
+*.lib
+
+# Executables
+*.exe
+*.out
+*.app
+*.ipa
+
+# These project files can be generated by the engine
+*.xcodeproj
+*.xcworkspace
+*.sln
+*.suo
+*.opensdf
+*.sdf
+*.VC.db
+*.VC.opendb
+
+# Precompiled Assets
+SourceArt/**/*.png
+SourceArt/**/*.tga
+
+# Binary Files
+Binaries/*
+Plugins/*/Binaries/*
+
+# Builds
+Build/*
+
+# Whitelist PakBlacklist-<BuildConfiguration>.txt files
+!Build/*/
+Build/*/**
+!Build/*/PakBlacklist*.txt
+
+# Don't ignore icon files in Build
+!Build/**/*.ico
+
+# Built data for maps
+*_BuiltData.uasset
+
+# Configuration files generated by the Editor
+Saved/*
+
+# Compiled source files for the engine to use
+Intermediate/*
+Plugins/*/Intermediate/*
+
+# Cache files for the editor to use
+DerivedDataCache/*
+
+
@@ -0,0 +1,63 @@
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff:
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/dictionaries
+
+# Sensitive or high-churn files:
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.xml
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+
+# Gradle:
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# CMake
+cmake-build-debug/
+
+# Mongo Explorer plugin:
+.idea/**/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+/out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Ruby plugin and RubyMine
+/.rakeTasks
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+### WebStorm Patch ###
+# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721
+
+# *.iml
+# modules.xml
+# .idea/misc.xml
+# *.ipr
+
+# Sonarlint plugin
+.idea/sonarlint
@@ -1,24 +1,25 @@
-.DS_Store
-.AppleDouble
-.LSOverride
-
-# Icon must end with two \r
-Icon
-
-# Thumbnails
-._*
-
-# Files that might appear in the root of a volume
-.DocumentRevisions-V100
-.fseventsd
-.Spotlight-V100
-.TemporaryItems
-.Trashes
-.VolumeIcon.icns
-
-# Directories potentially created on remote AFP share
-.AppleDB
-.AppleDesktop
-Network Trash Folder
-Temporary Items
-.apdisk
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
@@ -0,0 +1,7 @@
+#ee0701 bug
+#cccccc duplicate
+#84b6eb enhancement
+#128a0c help wanted
+#e6e6e6 invalid
+#cc317c question
+#ffffff wontfix
@@ -7,22 +7,34 @@ Akihiro YAGASAKI <yaggytter AT momiage DOT com>
 Aleksejs Grocevs <aleksejs AT grocevs DOT pro>
 Aleksey Tarakin <hukendo AT yandex DOT ru>
 Alexander Steinhöfer <kontakt AT lx-s DOT de>
+Alexandre Espinosa Menor <aemenor DOT gmail DOT com>
 Alexandre Magno <alexandre DOT mbm AT gmail DOT com>
+Anders B. Hansen <anders AT birkoe DOT com>
+András Schenkerik <moviesharkteam AT gmail DOT com>
 Andrey Nering <andrey AT nering DOT com DOT br>
+Andrey Paskal <apaskal AT gmail DOT com>
 Andrey Solomatin <toadron AT yandex DOT ru>
 Antoine GIRARD <sapk AT sapk DOT fr>
 Arthur Aslanyan <arthur DOT e DOT aslanyan AT gmail DOT com>
 Aurelien Darragon <aurelien DOT darragon AT gmail DOT com>
 Barış Arda Yılmaz <ardayilmazgamer AT gmail DOT com>
+Bo-Yi Wu <appleboy DOT tw AT gmail DOT com>
+Breton Corentin <contact AT neodarz DOT net>
 Camille Baronnet <gogs AT camillebaronnet DOT fr>
+Changwoo Ryu <cwryu AT debian DOT org>
 Christoph Kisfeld <christoph DOT kisfeld AT gmail DOT com>
 Cysioland
+Damaris Padieu <damizx AT hotmail DOT fr>
 Daniel Speichert <daniel AT speichert DOT pl>
 David Yzaguirre <dvdyzag AT gmail DOT com>
+Denys Khomenko
 Dmitriy Nogay <me AT catwhocode DOT ga>
 Enrico Testori hypertesto AT gmail DOT com
 Ezequiel Gonzalez Rial <gonrial AT gmail DOT com>
+Farhan Naysee <wpmagic70 AT gmail DOT com>
+Flávio Monteiro <flaviomonteiro2013 AT gmail DOT com>
 Gabriel Dugny <gabriel DOT dugny AT gmail DOT com>
+Ganesha <reekoheek AT gmail DOT com>
 Gregor Santner <gdev AT live DOT de>
 Halil Kaya <halil AT halilkaya DOT net>
 Hamid Feizabadi <hamidfzm AT gmail DOT com>
@@ -30,32 +42,47 @@ Huimin Wang <wanghm2009 AT hotmail DOT co DOT jp>
 ilko <kontact-mr.k AT outlook DOT com">
 Ilya Makarov
 Jamie Mansfield <dev AT jamierocks DOT uk>
+Javier Ortiz Bultron <javier DOT ortiz DOT 78 AT gmail DOT com>
 Jean THOMAS <contact AT tibounise DOT com>
+John Behm <jxsl13 AT googlemail DOT com>
+Jonas De Kegel <jonasgithub [AT] gmail [DOT] com>
+Joubert RedRat <me+github AT redrat DOT com DOT br>
 Juraj Bubniak <contact AT jbub DOT eu>
 Lafriks <lafriks AT gmail DOT com>
 Lauri Ojansivu <x AT xet7 DOT org>
-Luc Stepniewski <luc AT stepniewski DOT fr>
 Luca Bozzo <luca AT bozzo DOT it>
 Luca Kröger <l DOT kroeger01 AT gmail DOT com>
+Luc Stepniewski <luc AT stepniewski DOT fr>
+Łukasz Jan Niemier <lukasz AT niemier DOT pl>
 Marc Schiller <marc AT schiller DOT im>
 Marvin Menzerath <github AT marvin-menzerath DOT de>
+Mathias Rangel Wulff <m AT rawu DOT dk>
 Michael Härtl <haertl DOT mike AT gmail DOT com>
 Miguel de la Cruz <miguel AT mcrx DOT me>
 Mikhail Burdin <xdshot9000 AT gmail DOT com>
+Mohammad Gholami <gholami DOT mohammad DOT mgh AT gmail DOT com>
 Morten Sørensen <klim8d AT gmail DOT com>
 Muhammad Fawwaz Orabi <mfawwaz93 AT gmail DOT com>
 Nakao Takamasa <at.mattenn AT gmail DOT com>
 Natan Albuquerque <natanalbuquerque5 AT gmail DOT com>
 Odilon Junior <odilon DOT junior93 AT gmail DOT com>
+Oleksandr Yermakov <olexander DOT yermakov AT gmail DOT com>
+Óscar García Amor <ogarcia AT connectical DOT com>
+Pablo Saavedra <psaavedra AT igalia DOT com>
+Pierre Prinetti >meatqrawldotnet<
 Richard Bukovansky <richard DOT bukovansky @ gmail DOT com>
 Robert Nuske <robert DOT nuske AT web DOT de>
 Robin Hübner <profan AT prfn DOT se>
+Rste Risafov <risafov AT lazy DOT com>
 SeongJae Park <sj38 DOT park AT gmail DOT com>
+Sergey Stepanov <sergystepanov AT gmail DOT com>
+Simona Iacob <s AT zp1 DOT net>
 Thomas Fanninger <gogs DOT thomas AT fanninger DOT at>
 Tilmann Bach <tilmann AT outlook DOT com>
 Toni Villena Jiménez <tonivj5 AT gmail DOT com>
+Vincent AMSTOUTZ <vincent DOT amstoutz AT outlook DOT fr>
 Vladimir Jigulin mogaika AT yandex DOT ru
 Vladimir Vissoultchev <wqweto AT gmail DOT com>
+Vongola <me AT vongola DOT tw>
 YJSoft <yjsoft AT yjsoft DOT pe DOT kr>
-Łukasz Jan Niemier <lukasz AT niemier DOT pl>
-Pablo Saavedra <psaavedra AT igalia DOT com>
+Oscar Quisbert <quisbert_karos AT outlook DOT com>
@@ -9,7 +9,6 @@ sign_out=Изход
 sign_up=Регистрирайте се
 register=Регистрация
 website=Уебсайт
-version=Версия
 page=Страница
 template=Шаблон
 language=Език
@@ -44,23 +43,27 @@ issues=Задачи

 cancel=Отказ

+[status]
+page_not_found=Страницата не е намерена
+internal_server_error=Вътрешна грешка в сървър
+
 [install]
 install=Инсталация
 title=Стъпки за инсталиране при първоначално стартиране
 docker_helper=Ако Gogs е стартиран в Docker контейнер, моля прочетете <a target="_blank" href="%s">нашите указания</a> внимателно, преди да правите промени по настройките на тази страница!
-requite_db_desc=Gogs изисква MySQL, PostgreSQL, SQLite3 или TiDB.
+requite_db_desc=Gogs изисква MySQL, PostgreSQL, SQLite3 или TiDB (през MySQL протокол).
 db_title=Настройки на базата данни
 db_type=Тип на база данни
 host=Сървър
 user=Потребител
 password=Парола
 db_name=Име на база данни
+db_schema=Схема
 db_helper=Моля, използвайте INNODB engine с utf8_general_ci кодиране на знаци за MySQL.
 ssl_mode=Режим SSL
 path=Път
-sqlite_helper=Файл на SQLite3 или TiDB база данни.<br>Моля използвайте абсолютен път до файл когато стартирате Gogs като услуга.
-err_empty_db_path=Пътят до SQLite3 или TiDB база данни не може да е празен.
-err_invalid_tidb_name=TiDB не позволява "." и "-" в името на базата данни.
+sqlite_helper=Път към файл на SQLite3 база от данни. <br>Моля използвайте абсолютен път, когато стартирате gogs като услуга.
+err_empty_db_path=Пътят към SQLite3 базата от данни не може да бъде празен.
 no_admin_and_disable_registration=Невъзможно изключване на регистрациите без предварително да е създаден поне един административен профил.
 err_empty_admin_password=Паролата на администратор не може да е празна.

@@ -75,12 +78,17 @@ domain=Домейн
 domain_helper=Тази настройка влияе на URL адреса за клониране чрез SSH.
 ssh_port=SSH порт
 ssh_port_helper=Номер на порт на SSH сървъра. Оставете празно за да изключите достъп през SSH.
+use_builtin_ssh_server=Използване на вграден SSH сървър
+use_builtin_ssh_server_popup=Стартиране на вграден SSH сървър за Git операции, различен от системния SSH демон.
 http_port=HTTP порт
 http_port_helper=Порт, на който приложението ще слуша.
 app_url=URL адрес на приложението
 app_url_helper=Този настройка променя HTTP/HTTPS адреса за клониране, а понякога и адреса на ел. поща.
 log_root_path=Път към журналите
 log_root_path_helper=Директория в която се записват журналите.
+enable_console_mode=Включване на конзолен режим
+enable_console_mode_popup=Изписване на логовете в конзолата, в допълнение към файловият режим.
+default_branch=Клон по подразбиране

 optional_title=Опционални настройки
 email_title=Настройки на пощенска услуга
@@ -96,13 +104,15 @@ offline_mode=Включи офлайн режима
 offline_mode_popup=Изключи CDN дори в продукционен режим, всички ресурсни файлове ще бъдат доставяни локално.
 disable_gravatar=Изключи връзка с Gravatar
 disable_gravatar_popup=Изключва Gravatar и външни източници, така че всички аватари трябва да са или качени от потребителите или да се ползват аватари по подразбиране.
+federated_avatar_lookup=Използване на външни аватари
+federated_avatar_lookup_popup=Позволява използване на външни аватари от услуги съвместими с libravatar.
 disable_registration=Изключи саморегистрацията
 disable_registration_popup=Изключи потребителската саморегистрация, само администратор може да създава профили.
 enable_captcha=Включи Captcha
 enable_captcha_popup=Изисква валидиране с captcha при саморегистрация на потребители.
 require_sign_in_view=Включи задължително вписване за преглед на страници
 require_sign_in_view_popup=Само вписани потребители могат да виждат страниците, анонимните посетители виждат само страниците за регистрация и вход.
-admin_setting_desc=Няма нужда от създаване на администраторски профил в момента, защото потребителят с първо ID в базата автоматично получава администраторски достъп.
+admin_setting_desc=Няма нужда да създавате администраторски профил в момента, защото потребителят с първо ID в базата автоматично получава администраторски достъп.
 admin_title=Настройки на профил на администратора
 admin_name=Потребителско име
 admin_password=Парола
@@ -114,7 +124,10 @@ sqlite3_not_available=Вашата версия не поддържа SQLite3,
 invalid_db_setting=Настройките на базата данни са некоректни: %v
 invalid_repo_path=Основният път към хранилищата е невалиден: %v
 run_user_not_match=Потребителският контекст на приложението не е на текущия потребител: %s -> %s
+smtp_host_missing_port=Липсва порт в зададения SMTP адрес.
+invalid_smtp_from=Невалидно поле От: %v
 save_config_failed=Неуспешно запазване на конфигурация: %v
+init_failed=Грешка при инициализация на приложение: %v
 invalid_admin_setting=Настройките на профил на администратора са невалидни: %v
 install_success=Добре дошли! Радваме се, че избрахте Gogs, и Ви пожелаваме приятна работа и сърдечни поздрави!
 invalid_log_root_path=Основният път към журналите е невалиден: %v
@@ -135,6 +148,7 @@ issues.in_your_repos=Във Вашите хранилища
 [explore]
 repos=Хранилища
 users=Потребители
+organizations=Организации
 search=Търсене

 [auth]
@@ -143,6 +157,8 @@ register_hepler_msg=Вече имате профил? Впишете се сег
 social_register_hepler_msg=Вече имате профил? Свържете се сега!
 disable_register_prompt=За съжаление създаването на нови регистрации е изключено. Обърнете се към администратора на сайта.
 disable_register_mail=За съжаление потвърждението на регистрации е изключено.
+auth_source=Източник за удостоверяване
+local=Локален
 remember_me=Запомни ме
 forgot_password=Забравена парола
 forget_password=Забравена парола?
@@ -154,7 +170,6 @@ prohibit_login_desc=Вашият профил е със забрана за вл
 resent_limit_prompt=За съжаление Вие съвсем наскоро изпратихте писмо за активация. Моля изчакайте 3 минути, след което опитайте отново.
 has_unconfirmed_mail=Здравейте %s, имате непотвърден адрес на ел. поща (<b>%s</b>). Ако не сте получили писмо за потвърждение или имате нужда да се изпрати ново писмо, моля щракнете бутона по-долу.
 resend_mail=Щракнете тук, за да се изпрати ново писмо за потвърждение
-email_not_associate=Този адрес на ел. поща не е свързан с никой профил.
 send_reset_mail=Щракнете тук, за да получите (отново) писмо за нулиране на паролата
 reset_password=Нулиране на паролата
 invalid_code=За съжаление Вашия код за потвърждение е изтекъл или е невалиден.
@@ -162,6 +177,14 @@ reset_password_helper=Щракнете тук, за да нулирате пар
 password_too_short=Размерът на паролата не може да бъде по-малък от 6 знака.
 non_local_account=Нелокални потребители не могат да сменят паролата си през Gogs.

+login_two_factor=Двуфакторно удостоверяване
+login_two_factor_passcode=Парола за удостоверяване
+login_two_factor_enter_recovery_code=Въведете двуфакторен код за възстановяване
+login_two_factor_recovery=Двуфакторно възстановяване
+login_two_factor_recovery_code=Код за възстановяване
+login_two_factor_enter_passcode=Въведете двуфакторен код
+login_two_factor_invalid_recovery_code=Този код за възстановяване вече е бил използван или не е валиден.
+
 [mail]
 activate_account=Моля активирайте Вашия профил
 activate_email=Провери адрес на ел. поща
@@ -187,9 +210,17 @@ TeamName=Име на екипа
 AuthName=Име на удостоверението
 AdminEmail=Ел. поща на администратора

+NewBranchName=Име на нов клон
+CommitSummary=Резюме на ревизия
+CommitMessage=Текст на ревизия
+CommitChoice=Избор на ревизия
+TreeName=Път до файл
+Content=Съдържание
+
 require_error=` не може да бъде празен.`
 alpha_dash_error=` трябва да e валидна буква, число или тире(-_).`
 alpha_dash_dot_error=` трябва да e валидна буква, число, тире(-_) или точка.`
+alpha_dash_dot_slash_error=` must be alphanumeric, dash (-_), dot or slash characters.`
 size_error=` трябва да е с размер %s.`
 min_size_error=` трябва да съдържа поне %s знака.`
 max_size_error=` трябва да съдържа най-много %s знака.`
@@ -206,6 +237,7 @@ org_name_been_taken=Името на организацията вече се п
 team_name_been_taken=Името на екипа вече се ползва.
 email_been_used=Този адрес на ел. поща вече се ползва.
 username_password_incorrect=Потребителското име или паролата не са верни.
+auth_source_mismatch=The authentication source selected is not associated with the user.
 enterred_invalid_repo_name=Моля уверете се, че въведеното име на хранилище е вярно.
 enterred_invalid_owner_name=Моля уверете се, че въведеното име на притежател е вярно.
 enterred_invalid_password=Моля уверете се, че въведената парола е вярна.
@@ -223,7 +255,7 @@ org_still_own_repo=Тази организация все още притежа
 target_branch_not_exist=Целевият клон не съществува.

 [user]
-change_avatar=Проми своя аватар
+change_avatar=Промени своя аватар
 join_on=Регистриран
 repositories=Хранилища
 activity=Публична дейност
@@ -233,18 +265,18 @@ following=Следване
 follow=Следване
 unfollow=Не следвай

-form.name_reserved=Потребителското име '%s' е запазено.
-form.name_pattern_not_allowed=Потребителското име '%s' не е допустимо.
+form.name_not_allowed=User name or pattern %q is not allowed.

 [settings]
 profile=Профил
 password=Парола
+avatar=Аватар
 ssh_keys=SSH ключове
-social=Социални профили
-applications=Приложения
+security=Сигурност
+repos=Хранилища
 orgs=Организации
+applications=Приложения
 delete=Изтрий профил
-uid=UID

 public_profile=Публичен профил
 profile_desc=Вашият адрес на ел. поща е публичен и ще бъде използван за всички свързани с профила Ви уведомления и всички уеб базирани операции, направени чрез сайта.
@@ -259,6 +291,8 @@ change_username_prompt=Този промяна ще засегне всички
 continue=Продължи
 cancel=Отказ

+lookup_avatar_by_mail=Търсене на аватари по адрес на ел. поща
+federated_avatar_lookup=Външно търсене на аватари
 enable_custom_avatar=Разреши потребителски аватар
 choose_new_avatar=Избор на нов аватар
 update_avatar=Запази настройките на аватара
@@ -283,6 +317,7 @@ delete_email=Изтрий
 email_deletion=Изтрий ел. поща
 email_deletion_desc=При изтриване на тази ел. поща ще се премахне свързаната информация от Вашия профил. Желаете ли да продължите?
 email_deletion_success=Ел. пощата беше изтрита успешно!
+email_deletion_primary=Cannot delete primary email address.
 add_new_email=Добавяне на нов адрес на ел. поща
 add_email=Добави ел. поща
 add_email_confirmation_sent=Ново писмо за потвърждение е изпратено до '%s'. Моля проверете пощенската си кутия в рамките на следващите %d часа, за да завършите процеса на регистрация.
@@ -308,14 +343,36 @@ no_activity=Няма скорошна дейност
 key_state_desc=Този ключ е използван през последните 7 дни
 token_state_desc=Този API ключ е използван през последните 7 дни

-manage_social=Управление на свързани профили в социалните мрежи
-social_desc=Това е списък на свързани профили в социалните мрежи. Премахнете всички, които не разпознавате.
-unbind=Освобождаване
-unbind_success=Социалния профил е освободен.
+two_factor=Two-factor Authentication
+two_factor_status=Статус:
+two_factor_on=Вкл.
+two_factor_off=Изкл.
+two_factor_enable=Активиране
+two_factor_disable=Деактивиране
+two_factor_view_recovery_codes=View and save <a href="%s%s">your recovery codes</a> in a safe place. You can use them as passcode if you lose access to your authentication application.
+two_factor_http=For HTTP/HTTPS operations, you are no longer able to use plain username and password. Please create and use <a href="%[1]s%[2]s">Personal Access Token</a> as your credential, e.g. <code>%[3]s</code>.
+two_factor_enable_title=Enable Two-factor Authentication
+two_factor_scan_qr=Please use your authentication application to scan the image:
+two_factor_or_enter_secret=Or enter the secret:
+two_factor_then_enter_passcode=След това въведете паролата:
+two_factor_verify=Потвърждаване
+two_factor_invalid_passcode=Въведената парола е невалидна! Моля опитайте отново.
+two_factor_reused_passcode=The passcode you entered has already been used, please try another one!
+two_factor_enable_error=Enable Two-factor authentication failed: %v
+two_factor_enable_success=Two-factor authentication has enabled for your account successfully!
+two_factor_recovery_codes_title=Two-factor Authentication Recovery Codes
+two_factor_recovery_codes_desc=Recovery codes are used when you temporarily lose access to your authentication application. Each recovery code can only be used once, <b>please keep these codes in a safe place</b>.
+two_factor_regenerate_recovery_codes=Ново генериране на кодове за възстановяване
+two_factor_regenerate_recovery_codes_error=Неуспешно генериране на кодове за възстановяване: %v
+two_factor_regenerate_recovery_codes_success=New recovery codes has been generated successfully!
+two_factor_disable_title=Disable Two-factor Authentication
+two_factor_disable_desc=Your account security level will decrease after disabled two-factor authentication. Do you want to continue?
+two_factor_disable_success=Two-factor authentication has disabled successfully!

 manage_access_token=Управление на индивидуални API ключове за достъп
 generate_new_token=Генериране на нов API ключ
 tokens_desc=Генерирани API ключове, които могат да се използват за достъп до API на Gogs.
+access_token_tips=The personal access token may be used as either username or password. It is recommended to use the "x-access-token" as the username and the personal access token as the password for Git applications.
 new_token_desc=Всеки API ключ ще има пълен достъп до Вашия профил.
 token_name=Име на API ключ
 generate_token=Генериране на API ключ
@@ -324,6 +381,16 @@ delete_token=Изтрий
 access_token_deletion=Изтрий индивидуален API ключ за достъп
 access_token_deletion_desc=При изтриване на този индивидуален API ключ за достъп ще се премахнат всички свързани права на приложението. Желаете ли да продължите?
 delete_token_success=Индивидуалният API ключ за достъп е изтрит успешно! Не забравяйте да преконфигурирате приложението също.
+token_name_exists=Token with same name already exists.
+
+orgs.none=Не сте член на никоя организация.
+orgs.leave_title=Напусни организация
+orgs.leave_desc=Ще загубите достъп до всички хранилища и екипи, след като напуснете организацията. Желаете ли да продължите?
+
+repos.leave=Напускане
+repos.leave_title=Напускане на хранилище
+repos.leave_desc=You will lose access to the repository after you left. Do you want to continue?
+repos.leave_success=Вие успешно напуснахте хранилище "%s"!

 delete_account=Изтриване на собствения профил
 delete_prompt=Тази операция ще изтрие Вашия профил завинаги и тя <strong>НЕ МОЖЕ</strong> да бъде отменена в последствие!
@@ -336,7 +403,9 @@ owner=Притежател
 repo_name=Име на хранилището
 repo_name_helper=Добро име на хранилище е име, състоящо от кратки, запомнящи се и уникални ключови думи.
 visibility=Видимост
+unlisted=Unlisted
 visiblity_helper=Това хранилище е <span class="ui red text">Частно</span>
+unlisted_helper=This repository is <span class="ui red text">Unlisted</span>
 visiblity_helper_forced=Административна настройка задължава всички нови хранилища да бъдат <span class="ui red text">Частни</span>
 visiblity_fork_helper=(Промяна на тази стойност ще се отрази на всички разклонения)
 clone_helper=Нуждаете се от помощ при клониране? Посетете <a target="_blank" href="%s">Помощ</a>!
@@ -345,7 +414,7 @@ fork_from=Разклонение от
 fork_visiblity_helper=Не може да променяте видимостта на разклонено хранилище.
 repo_desc=Описание
 repo_lang=Програмен език
-repo_lang_helper=Изберете .gitignore файлове
+repo_gitignore_helper=Избор на .gitignore шаблони
 license=Лиценз
 license_helper=Изберете лицензионен файл
 readme=Readme
@@ -358,27 +427,30 @@ mirror_prune_desc=Премахва всички препратки за отда
 mirror_interval=Интервал на отразяване (часове)
 mirror_address=Адрес на огледало
 mirror_address_desc=Моля включете потребител и парола в адреса ако са нужни.
+mirror_last_synced=Последна синхр.
 watchers=Наблюдаващи
 stargazers=Харесващи
 forks=Разклонения
+repo_description_helper=Description of repository. Maximum 512 characters length.
+repo_description_length=Available characters

 form.reach_limit_of_creation=Притежателят е достигнал настроения лимит от %d брой хранилища.
-form.name_reserved=Името на хранилището '%s' е запазено.
-form.name_pattern_not_allowed=Име на хранилището от вида '%s' не е позволено.
+form.name_not_allowed=Repository name or pattern %q is not allowed.

 need_auth=Изисква потребител и парола
 migrate_type=Тип мигриране
 migrate_type_helper=Това хранилище ще бъде <span class="text blue">огледало</span>
 migrate_repo=Мигрирай хранилище
 migrate.clone_address=Адрес за клониране
-migrate.clone_address_desc=Това може да е HTTP/HTTPS/GIT адрес или локален път на сървъра.
+migrate.clone_address_desc=Може да използвате HTTP/HTTPS/GIT адрес.
+migrate.clone_address_desc_import_local=Можете да мигрирате хранилище от локален път на сървъра.
 migrate.permission_denied=Недостатъчни права за импорт на локални хранилища.
 migrate.invalid_local_path=Невалиден път - не съществува или не е директория.
+migrate.clone_address_resolved_to_blocked_local_address=Clone address resolved to a local network address that is implicitly blocked.
 migrate.failed=Грешка при миграция: %v

 mirror_from=огледало от
 forked_from=разклонено от
-fork_from_self=Не можете да разклоните хранилище което си е Ваше!
 copy_link=Копирай
 copy_link_success=Копирано!
 copy_link_error=Натиснете ⌘-C или Ctrl-C за да копирате
@@ -394,9 +466,9 @@ quick_guide=Бърз справочник
 clone_this_repo=Клонирай хранилището
 create_new_repo_command=Създай ново хранилище чрез командния ред
 push_exist_repo=Предай съществуващо хранилище през командния ред
-repo_is_empty=Това хранилище е празно. Моля проверете по-късно пак!
+bare_message=Това хранилище все още не съдържа нищо.

-code=Код
+files=Файлове
 branch=Клон
 tree=ИН на ревизия
 filter_branch_and_tag=Филтър по маркер или клон
@@ -407,13 +479,65 @@ pulls=Заявки за сливане
 labels=Етикети
 milestones=Етапи
 commits=Ревизии
+git_branches=Клонове
 releases=Версии
 file_raw=Директен файл
 file_history=История
 file_view_raw=Виж директен файл
 file_permalink=Постоянна връзка
 file_too_large=Този файл е твърде голям за да се визуализира
+video_not_supported_in_browser=Вашият браузър не поддържа HTML5 видео тагове.

+branches.overview=Преглед
+branches.active_branches=Активни клонове
+branches.stale_branches=Застинали клонове
+branches.all=Всички клонове
+branches.updated_by=Актуализирани %[1]s от %[2]s
+branches.change_default_branch=Промяна на клон по подразбиране
+branches.default_deletion_not_allowed=Cannot delete the default branch.
+branches.protected_deletion_not_allowed=Cannot delete a protected branch.
+
+editor.new_file=Нов файл
+editor.upload_file=Качи файл
+editor.edit_file=Редактирай файл
+editor.preview_changes=Преглед на промени
+editor.cannot_edit_non_text_files=Невъзможна редакция на нетекстови файлове
+editor.edit_this_file=Редактирай този файл
+editor.must_be_on_a_branch=Трябва да сте избрали клон за да предложите промени в този файл
+editor.fork_before_edit=Първо трябва да разклоните хранилището преди да редактирате файл
+editor.delete_this_file=Изтрий този файл
+editor.must_have_write_access=Трябва да имате права за писане за да предложите промени в този файл
+editor.file_delete_success=Файл '%s' е изтрит успешно!
+editor.name_your_file=Име на файл...
+editor.filename_help=За да добавите директория, въведете името ѝ и натиснете /. За да я премахнете, позиционирайте се в началото на полето и натиснете BackSpace.
+editor.or=или
+editor.cancel_lower=отказ
+editor.commit_changes=Промени в ревизия
+editor.add_tmpl=Добави '%s/<filename>'
+editor.add=Добави '%s'
+editor.update=Модифицирай '%s'
+editor.delete=Изтрий '%s'
+editor.commit_message_desc=Добавяне на опционално разширено описание...
+editor.commit_directly_to_this_branch=Запази ревизия директно в клон <strong class="branch-name">%s</strong>.
+editor.create_new_branch=Създай <strong>нов клон</strong> от тази ревизия и изпрати заявки за сливане.
+editor.new_branch_name_desc=Име на нов клон...
+editor.cancel=Отказ
+editor.filename_cannot_be_empty=Името не може да бъде празно.
+editor.branch_already_exists=Клон '%s' вече съществува в това хранилище.
+editor.directory_is_a_file=Частта '%s' в пътя е файл, не директория в това хранилище.
+editor.file_is_a_symlink=Файл "%s" е символна връзка, която не може да се модифицира от редактора.
+editor.filename_is_a_directory=Име '%s' вече съществува като директория в това хранилище.
+editor.file_editing_no_longer_exists=Файл '%s' който редактирате вече не съществува в това хранилище.
+editor.file_changed_while_editing=Съдържанието на файла е било променено докато правихте редакциите. <a target="_blank" href="%s">Щракнете тук</a> за да прегледате какво е променено или <strong>натиснете Запис на ревизия</strong> отново за да презапишете чуждите промени.
+editor.file_already_exists=Файл с име '%s' вече съществува в това хранилище.
+editor.no_changes_to_show=Няма промени.
+editor.fail_to_update_file=Невъзможно модифициране/създаване на файл '%s' заради грешка: %v
+editor.fail_to_delete_file=Failed to delete file '%s' with error: %v
+editor.add_subdir=Добави поддиректория...
+editor.unable_to_upload_files=Невъзможно качване на файлове в '%s' заради грешка: %v
+editor.upload_files_to_dir=Качи файлове в '%s'
+
+commits.commit_history=Commit History
 commits.commits=Ревизии
 commits.search=Търсене в ревизии
 commits.find=Намери
@@ -439,6 +563,11 @@ issues.create=Създай задача
 issues.new_label=Нов етикет
 issues.new_label_placeholder=Име на етикета...
 issues.create_label=Създай етикет
+issues.label_templates.title=Зареждане на предварително зададен набор от етикети
+issues.label_templates.info=Липсват етикети все още. Можете да щракнете върху "Нов етикет" по-горе, за да създадете нов или да изберете предварително зададени набори от по-долу.
+issues.label_templates.helper=Изберете набор етикети
+issues.label_templates.use=Използвай този набор етикети
+issues.label_templates.fail_to_load_file=Неуспешно зареждане на шаблон с етикети '%s': %v
 issues.open_tab=%d отворени
 issues.close_tab=%d затворени
 issues.filter_label=Етикет
@@ -480,8 +609,7 @@ issues.commit_ref_at=`посочи тази задача от ревизия <a
 issues.poster=Участник
 issues.collaborator=Сътрудник
 issues.owner=Притежател
-issues.sign_up_for_free=Регистрирай се безплатно
-issues.sign_in_require_desc=за да се включите в този разговор. Вече имате профил? <a href="%s">Влезте, за да коментирате</a>
+issues.sign_in_require_desc=<a href="%s">Впишете се</a> за да се присъедините към разговора.
 issues.edit=Редакция
 issues.cancel=Отказ
 issues.save=Запис
@@ -496,6 +624,8 @@ issues.label_deletion=Изтрий етикет
 issues.label_deletion_desc=При изтриване на този етикет ще се премахне информацията за него във всички свързани задачи. Желаете ли да продължите?
 issues.label_deletion_success=Етикетът е изтрит успешно!
 issues.num_participants=%d участника
+issues.attachment.open_tab=`Щракнете за да прегледате "%s" в нов раздел`
+issues.attachment.download=`Щракнете за да изтеглите "%s"`

 pulls.new=Нова заявка за сливане
 pulls.compare_changes=Сравни промените
@@ -505,6 +635,7 @@ pulls.compare_compare=сравни
 pulls.filter_branch=Филтър по клон
 pulls.no_results=Няма резултати.
 pulls.nothing_to_compare=Няма нищо за сравняване, защото родителският клон и върхът са еднакви.
+pulls.nothing_merge_base=Няма нищо за сравняване, защото двата клона имат напълно различна история.
 pulls.has_pull_request=`Вече има заявка за сливане между тези две цели: <a href="%[1]s/pulls/%[3]d">%[2]s#%[3]d</a>`
 pulls.create=Създай заявка за сливане
 pulls.title_desc=заяви обединяване на %[1]d ревизии от <code>%[2]s</code> във <code>%[3]s</code>
@@ -520,8 +651,13 @@ pulls.is_checking=Проверката за конфликт все още е в
 pulls.can_auto_merge_desc=Може да се извърши обединяване на тази заявка за сливане.
 pulls.cannot_auto_merge_desc=Не може да се извърши обединяване, защото съществуват конфликти между ревизиите.
 pulls.cannot_auto_merge_helper=Моля, използвайте инструменти на командния ред за да разрешите конфликтите.
+pulls.create_merge_commit=Create a merge commit
+pulls.rebase_before_merging=Rebase before merging
+pulls.commit_description=Commit Description
 pulls.merge_pull_request=Обедини заявка за сливане
 pulls.open_unmerged_pull_exists=`Невъзможно повторно отваряне, защото вече съществува заявка за сливане (#%d) от същото хранилище със същата информация за обединяване, която чака да бъде извършена`
+pulls.delete_branch=Изтрий клон
+pulls.delete_branch_has_new_commits=Клонът не може да бъде изтрит, защото има ревизии след последното обединяване.

 milestones.new=Нов етап
 milestones.open_tab=%d отворени
@@ -572,26 +708,61 @@ settings.collaboration.admin=За администрация
 settings.collaboration.write=За писане
 settings.collaboration.read=За четене
 settings.collaboration.undefined=Недефинирано
+settings.branches=Клонове
+settings.branches_bare=You cannot manage branches for bare repository. Please push some content first.
+settings.default_branch=Клон по подразбиране
+settings.default_branch_desc=The default branch is considered the "base" branch for code commits, pull requests and online editing.
+settings.update=Update
+settings.update_default_branch_unsupported=Промяна на клон по подразбиране не се поддържа от тази версия на Git сървъра.
+settings.update_default_branch_success=Default branch of this repository has been updated successfully!
+settings.protected_branches=Защитени клонове
+settings.protected_branches_desc=Protect branches from force pushing, accidental deletion and whitelist code committers.
+settings.choose_a_branch=Избор на клон...
+settings.branch_protection=Защита на клон
+settings.branch_protection_desc=Please choose protect options for branch <b>%s</b>.
+settings.protect_this_branch=Protect this branch
+settings.protect_this_branch_desc=Disable force pushes and prevent from deletion.
+settings.protect_require_pull_request=Require pull request instead direct pushing
+settings.protect_require_pull_request_desc=Enable this option to disable direct pushing to this branch. Commits have to be pushed to another non-protected branch and merged to this branch through pull request.
+settings.protect_whitelist_committers=Списък на всички, които могат да изпращат към този клон
+settings.protect_whitelist_committers_desc=Add people or teams to whitelist of direct push to this branch. Users in whitelist will bypass require pull request check.
+settings.protect_whitelist_users=Потребители, които могат да изпращат към този клон
+settings.protect_whitelist_search_users=Търсене на потребители
+settings.protect_whitelist_teams=Teams for which members of them can push to this branch
+settings.protect_whitelist_search_teams=Търсене на екипи
+settings.update_protect_branch_success=Protect options for this branch has been updated successfully!
 settings.hooks=Уеб-куки
 settings.githooks=Git куки
 settings.basic_settings=Основни настройки
+settings.mirror_settings=Настройки на огледало
+settings.sync_mirror=Синхр. сега
+settings.mirror_sync_in_progress=Синхронизация на огледалото е в ход, моля обновете страницата след минута.
 settings.site=Официален сайт
 settings.update_settings=Запази настройките
 settings.change_reponame_prompt=Тази промяна ще засегне връзките, които се отнасят до това хранилището.
 settings.advanced_settings=Разширени настройки
-settings.wiki_desc=Включва уики за да може потребителите да създават документи
+settings.wiki_desc=Включи система за уики
+settings.use_internal_wiki=Използвай вградено уики
+settings.allow_public_wiki_desc=Allow public access to wiki when repository is private
 settings.use_external_wiki=Използвай външно уики
 settings.external_wiki_url=URL адрес на външно уики
 settings.external_wiki_url_desc=Посетителите ще бъдат пренасочени към този URL адрес от връзката за раздел уики.
-settings.issues_desc=Включва вградена система за проследяване на задачи
+settings.issues_desc=Включи система за проследяване на задачи
+settings.use_internal_issue_tracker=Изполвай вградена система за проследяване на задачи
+settings.allow_public_issues_desc=Allow public access to issues when repository is private
 settings.use_external_issue_tracker=Използвай външна система за проследяване на задачи
+settings.external_tracker_url=URL адрес на външна система за проследяване на задачи
+settings.external_tracker_url_desc=Посетителите ще бъдат пренасочени към този URL адрес от връзката на раздела.
 settings.tracker_url_format=Формат на URL адрес на външна система за проследяване на задачи
 settings.tracker_issue_style=Стил на именуване на външна система за проследяване на задачи:
 settings.tracker_issue_style.numeric=Цифров
 settings.tracker_issue_style.alphanumeric=Символен
 settings.tracker_url_format_desc=Можете да използвате текстови маркери <code>{user} {repo} {index}</code> за потребителско име, име на хранилище и индекс на задача съответно.
-settings.pulls_desc=Включва заявки за сливане за да може да се приемат външни доработки
+settings.pulls_desc=Enable pull requests to accept contributions between repositories and branches
+settings.pulls.ignore_whitespace=Ignore changes in whitespace
+settings.pulls.allow_rebase_merge=Allow use rebase to merge commits
 settings.danger_zone=Опасна зона
+settings.cannot_fork_to_same_owner=You cannot fork a repository to its original owner.
 settings.new_owner_has_same_repo=Новият притежател вече има хранилище със същото име. Изберете друго име.
 settings.convert=Промени към редовно хранилище
 settings.convert_desc=Можете да промените това огледало към редовно хранилище. Конверсията не може да се отмени.
@@ -610,7 +781,7 @@ settings.wiki_deletion_success=Данните за уики на това хра
 settings.delete=Изтрий това хранилище
 settings.delete_desc=След като изтриете хранилището, няма връщане назад. Моля, бъдете сигурни.
 settings.delete_notices_1=- Тази операция <strong>НЕ МОЖЕ</strong> да бъде отменена в последствие.
-settings.delete_notices_2=- Тази операция ще изтрие всичко от това хранилище, включително Git данни, задачи, коментари и достъпа на сътрудници.
+settings.delete_notices_2=- This operation will permanently delete everything in this repository, including Git data, issues, comments and collaborator access.
 settings.delete_notices_fork_1=- Всички разклонения ще станат независими след изтриването.
 settings.deletion_success=Хранилището е изтрито успешно!
 settings.update_settings_success=Настройките на хранилището са запазени успешно.
@@ -626,20 +797,25 @@ settings.collaborator_deletion_desc=Този потребител няма да
 settings.remove_collaborator_success=Сътрудникът е премахнат.
 settings.search_user_placeholder=Име на потребител...
 settings.org_not_allowed_to_be_collaborator=Невъзможно добавяне на организация като сътрудник.
-settings.user_is_org_member=Потребителят вече участва в организацията и не може да бъде добавен като сътрудник.
-settings.add_webhook=Добави уеб-кука
 settings.hooks_desc=Уеб-куките много приличат на обикновен HTTP POST тригер. Когато нещо се случи в Gogs, ние ще изпратим уведомление до сървъра, който посочите. Научете повече в <a target="_blank" href="%s">Ръководство за уеб-куки</a>.
+settings.webhooks.add_new=Add a new webhook:
+settings.webhooks.choose_a_type=Choose a type...
+settings.add_webhook=Добави уеб-кука
 settings.webhook_deletion=Изтрий уеб-кука
 settings.webhook_deletion_desc=При изтриване на тази уеб-кука ще се премахне информацията за нея и цялата хронология на нейното изпращане. Желаете ли да продължите?
 settings.webhook_deletion_success=Уеб-куката е изтрита успешно!
 settings.webhook.test_delivery=Тестово изпращане
 settings.webhook.test_delivery_desc=Симулира тестово изпращане за тест на настройките на уеб-куката
 settings.webhook.test_delivery_success=Тестовата уеб-кука е добавена в опашката за изпращане. Може да отнеме няколко секунди преди да се появи в историята с доставени.
+settings.webhook.redelivery=Redelivery
+settings.webhook.redelivery_success=Hook task '%s' has been readded to delivery queue. It may take few seconds to update delivery status in history.
 settings.webhook.request=Заявка
 settings.webhook.response=Отговор
 settings.webhook.headers=Заглавки
 settings.webhook.payload=Съдържание
 settings.webhook.body=Тяло
+settings.webhook.err_cannot_parse_payload_url=Cannot parse payload URL: %v
+settings.webhook.url_resolved_to_blocked_local_address=Payload URL resolved to a local network address that is implicitly blocked.
 settings.githooks_desc=Git куките се изпълняват от Git. Вие може да промените файловете с поддържаните куки в списъка по-долу, за да изпълните външни операции.
 settings.githook_edit_desc=Ако куката е неактивна, ще бъде представено примерно съдържание. Ако оставите съдържанието празно, то тази кука ще бъде изключена.
 settings.githook_name=Име на куката
@@ -649,6 +825,7 @@ settings.add_webhook_desc=Gogs ще изпрати <code>POST</code> заявк
 settings.payload_url=URL адрес на изпращане
 settings.content_type=Тип на съдържанието
 settings.secret=Тайна
+settings.secret_desc=Secret will be sent as SHA256 HMAC hex digest of payload via <code>X-Gogs-Signature</code> header.
 settings.slack_username=Потребителско име
 settings.slack_icon_url=URL адрес на икона
 settings.slack_color=Цвят
@@ -658,8 +835,20 @@ settings.event_send_everything=При <strong>всички</strong> събити
 settings.event_choose=Нека избера от какво имам нужда.
 settings.event_create=Създаване
 settings.event_create_desc=Създаване на клон или маркер
+settings.event_delete=Изтриване
+settings.event_delete_desc=Изтрит клон или етикет
+settings.event_fork=Fork
+settings.event_fork_desc=Repository forked
 settings.event_push=Предаване
 settings.event_push_desc=Git предаване към хранилището
+settings.event_issues=Issues
+settings.event_issues_desc=Issue opened, closed, reopened, edited, assigned, unassigned, label updated, label cleared, milestoned, or demilestoned.
+settings.event_pull_request=Заявка за сливане
+settings.event_pull_request_desc=Pull request opened, closed, reopened, edited, assigned, unassigned, label updated, label cleared, milestoned, demilestoned, or synchronized.
+settings.event_issue_comment=Issue Comment
+settings.event_issue_comment_desc=Issue comment created, edited, or deleted.
+settings.event_release=Release
+settings.event_release_desc=Release published in a repository.
 settings.active=Активна
 settings.active_helper=Подробности относно събитието, което е задействало куката, също ще бъдат изпратени.
 settings.add_hook_success=Новата уеб-кука е добавена успешно.
@@ -669,10 +858,13 @@ settings.delete_webhook=Изтрий уеб-куката
 settings.recent_deliveries=Последни изпращания
 settings.hook_type=Тип на куката
 settings.add_slack_hook_desc=Добавяне на интеграция със <a href="%s">Slack</a> във Вашето хранилище.
+settings.add_discord_hook_desc=Добавяне на интеграция с <a href="%s">Discord</a> към хранилището.
+settings.add_dingtalk_hook_desc=Добавяне на интеграция с <a href="%s">Dingtalk</a> към хранилището.
 settings.slack_token=API ключ
 settings.slack_domain=Домейн
 settings.slack_channel=Канал
 settings.deploy_keys=Ключове за внедряване
+settings.deploy_keys_helper=<b>Common Gotcha!</b> If you're looking for adding personal public keys, please add them in your <a href="%s%s">account settings</a>.
 settings.add_deploy_key=Добави ключ за внедряване
 settings.deploy_key_desc=Този ключ за внедряване има права само за четене. Това не е същото като SSH ключове на персонален потребител.
 settings.no_deploy_keys=Все още няма настроен никакъв ключ за внедряване.
@@ -684,6 +876,8 @@ settings.add_key_success=Новият ключ за внедряване '%s' е
 settings.deploy_key_deletion=Изтрий ключ за внедряване
 settings.deploy_key_deletion_desc=При изтриването на този ключ за внедряване ще се премахнат свързаните права за достъп до това хранилище. Желаете ли да продължите?
 settings.deploy_key_deletion_success=Ключът за внедряване е изтрит успешно!
+settings.description_desc=Description of repository. Maximum 512 characters length.
+settings.description_length=Available characters

 diff.browse_source=Преглед на файлове
 diff.parent=родител
@@ -702,7 +896,6 @@ release.releases=Версии
 release.new_release=Нова версия
 release.draft=Чернови
 release.prerelease=Предварителни
-release.stable=Стабилни
 release.edit=редактиране
 release.ahead=<strong>%d</strong> ревизии на %s след тази версия
 release.source_code=Изходен код
@@ -749,8 +942,8 @@ team_name_helper=Ще използвате това име при спомена
 team_desc_helper=Каква е целта на този екип?
 team_permission_desc=Какво ниво на достъп трябва да има този екип?

-form.name_reserved=Името на организацията '%s' е запазено.
-form.name_pattern_not_allowed=Име на организацията от вида '%s' не е разрешено.
+form.name_not_allowed=Organization name or pattern %q is not allowed.
+form.team_name_not_allowed=Team name or pattern %q is not allowed.

 settings=Настройки
 settings.options=Опции
@@ -822,12 +1015,19 @@ first_page=Първа
 last_page=Последна
 total=Общо: %d

+dashboard.build_info=Build Information
+dashboard.app_ver=Application version
+dashboard.git_version=Git version
+dashboard.go_version=Go version
+dashboard.build_time=Build time
+dashboard.build_commit=Build commit
 dashboard.statistic=Статистика
 dashboard.operations=Операции
 dashboard.system_status=Наблюдение на системния статус
 dashboard.statistic_info=Gogs базата данни има <b>%d</b> потребители, <b>%d</b> организации, <b>%d</b> публични ключове, <b>%d</b> хранилища, <b>%d</b> наблюдавания, <b>%d</b> харесвания, <b>%d</b> действия, <b>%d</b> достъпи, <b>%d</b> задачи, <b>%d</b> коментари, <b>%d</b> социални регистрации, <b>%d</b> последователи, <b>%d</b> огледала, <b>%d</b> версии, <b>%d</b> начини на удостоверяване, <b>%d</b> уеб-куки, <b>%d</b> етапи, <b>%d</b> етикети, <b>%d</b> задачи на куки, <b>%d</b> екипи, <b>%d</b> задачи при актуализация, <b>%d</b> прикачени файлове.
 dashboard.operation_name=Име на операцията
 dashboard.operation_switch=Превключи
+dashboard.select_operation_to_run=Please select operation to run
 dashboard.operation_run=Изпълни
 dashboard.clean_unbind_oauth=Почисти несвързани OAuthes
 dashboard.clean_unbind_oauth_success=Всички несвързани OAuthes са изтрити успешно.
@@ -841,8 +1041,8 @@ dashboard.git_gc_repos=Почисти изтрити данни в хранил
 dashboard.git_gc_repos_success=Всички хранилища са почистени от изтрити данни успешно.
 dashboard.resync_all_sshkeys=Презапис на ".ssh/authorized_keys" файл (внимание: не-Gogs ключове ще бъдат загубени)
 dashboard.resync_all_sshkeys_success=Всички публични ключове са презаписани успешно.
-dashboard.resync_all_update_hooks=Презапис на всички куки, закачени на актуализация на хранилищата (необходимо, когато се ползва собствен път за конфигурацията)
-dashboard.resync_all_update_hooks_success=Всички куки, закачени на актуализация на хранилищата, са презаписани успешно.
+dashboard.resync_all_hooks=Resync pre-receive, update and post-receive hooks of all repositories
+dashboard.resync_all_hooks_success=All repositories' pre-receive, update and post-receive hooks have been resynced successfully.
 dashboard.reinit_missing_repos=Реинициализира всички записи за хранилища
 dashboard.reinit_missing_repos_success=Всички записи за хранилища със загубени Git файлове са реинициализирани успешно.

@@ -917,12 +1117,14 @@ repos.private=Частно
 repos.watches=Наблюдавания
 repos.stars=Харесвания
 repos.issues=Задачи
+repos.size=Размер

-auths.auth_manage_panel=Управление на удостоверявания
+auths.auth_sources=Authentication Sources
 auths.new=Добави нов начин на удостоверяване
 auths.name=Име
 auths.type=Тип
 auths.enabled=Активно
+auths.default=Default
 auths.updated=Последна модификация
 auths.auth_type=Тип на удостоверяване
 auths.auth_name=Име на удостоверяване
@@ -931,15 +1133,21 @@ auths.domain=Домейн
 auths.host=Сървър
 auths.port=Порт
 auths.bind_dn=Име (DN) за свръзка
+auths.bind_dn_helper=You can use '%s' as placeholder for username, e.g. DOM\%s
 auths.bind_password=Парола за свръзка
 auths.bind_password_helper=Внимание: Тази парола се запазва некриптирана. Моля използвайте потребител, който няма административен достъп.
 auths.user_base=Базов OU за търсене
 auths.user_dn=Име (DN) на потребител
 auths.attribute_username=Атрибут за име
 auths.attribute_username_placeholder=Оставете празно за да използва потребителското име от форма за вписване.
-auths.attribute_name=Атрибут за име
+auths.attribute_name=First Name Attribute
 auths.attribute_surname=Атрибут за фамилия
 auths.attribute_mail=Атрибут за ел. поща
+auths.verify_group_membership=Verify group membership
+auths.group_search_base_dn=Group Search Base DN
+auths.group_filter=Group Filter
+auths.group_attribute_contain_user_list=Group Attribute Containing List of Users
+auths.user_attribute_listed_in_group=User Attribute Listed in Group
 auths.attributes_in_bind=Извличане на атрибути от контекста на име (DN) за свръзка
 auths.filter=Филтър за потребител
 auths.admin_filter=Филтър за администратор
@@ -953,9 +1161,9 @@ auths.enable_tls=Включи TLS криптиране
 auths.skip_tls_verify=Пропусни проверка на TLS сертификат
 auths.pam_service_name=Име на PAM услуга
 auths.enable_auto_register=Включи автоматична регистрация
-auths.tips=Съвети
 auths.edit=Редактирай настройки за удостоверяване
 auths.activated=Това удостоверяване е активно
+auths.default_auth=This authentication is default login source
 auths.new_success=Новото удостоверяване '%s' е добавено успешно.
 auths.update_success=Настройките за удостоверяване са запазени успешно.
 auths.update=Запази настройки за удостоверяване
@@ -964,86 +1172,189 @@ auths.delete_auth_title=Изтрий удостоверяването
 auths.delete_auth_desc=Това удостоверяване ще бъде изтрито. Желаете ли да продължите?
 auths.still_in_used=Това удостоверяване все още се използва от някои потребители. Моля изтрийте ги или ги конвертирайте до друг тип на влизане първо.
 auths.deletion_success=Удостоверяването е изтрито успешно!
+auths.login_source_exist=Източник за валидация на потребители "%s" вече съществува.
+auths.github_api_endpoint=API Endpoint

+config.not_set=(not set)
 config.server_config=Сървърни настройки
-config.app_name=Име на приложението
-config.app_ver=Версия на приложението
-config.app_url=URL адрес на приложението
-config.domain=Домейн
-config.offline_mode=Офлайн режим
-config.disable_router_log=Изключи журнал на маршрутизатора
+config.brand_name=Brand name
 config.run_user=Потребителски контекст
 config.run_mode=Режим на изпълнение
-config.repo_root_path=Основен път към хранилища
-config.static_file_root_path=Път към статични файлове
-config.log_file_root_path=Път към журнал
-config.script_type=Тип на скрипта
-config.reverse_auth_user=Потребителско име при обратно удостоверяване
+config.server.external_url=External URL
+config.server.domain=Domain
+config.server.protocol=Protocol
+config.server.http_addr=HTTP address
+config.server.http_port=HTTP port
+config.server.cert_file=Certificate file
+config.server.key_file=Key file
+config.server.tls_min_version=Minimum TLS version
+config.server.unix_socket_permission=Unix socket permission
+config.server.local_root_url=Local root URL
+config.server.offline_mode=Offline mode
+config.server.disable_router_log=Disable router log
+config.server.enable_gzip=Enable Gzip
+config.server.app_data_path=Application data path
+config.server.load_assets_from_disk=Load assets from disk
+config.server.landing_url=Landing URL

 config.ssh_config=SSH конфигурация
-config.ssh_enabled=Активен
-config.ssh_start_builtin_server=Стартирай вграден сървър
-config.ssh_domain=Домейн
-config.ssh_port=Порт
-config.ssh_listen_port=Порт за слушане
-config.ssh_root_path=Основен път
-config.ssh_key_test_path=Път до ключове
-config.ssh_keygen_path=Път до генератор ('ssh-keygen')
-config.ssh_minimum_key_size_check=Проверка за минимален размер на ключове
-config.ssh_minimum_key_sizes=Минимален размер на ключове
+config.ssh.enabled=Enabled
+config.ssh.domain=Exposed domain
+config.ssh.port=Exposed port
+config.ssh.root_path=Root path
+config.ssh.keygen_path=Keygen path
+config.ssh.key_test_path=Key test path
+config.ssh.minimum_key_size_check=Minimum key size check
+config.ssh.minimum_key_sizes=Minimum key sizes
+config.ssh.rewrite_authorized_keys_at_start=Rewrite "authorized_keys" at start
+config.ssh.start_builtin_server=Start builtin server
+config.ssh.listen_host=Listen host
+config.ssh.listen_port=Listen port
+config.ssh.server_ciphers=Server ciphers
+config.ssh.server_macs=Server MACs
+config.ssh.server_algorithms=Server algorithms
+
+config.repo_config=Конфигурация на хранилище
+config.repo.root_path=Root path
+config.repo.script_type=Script type
+config.repo.ansi_chatset=ANSI charset
+config.repo.force_private=Force private
+config.repo.max_creation_limit=Max creation limit
+config.repo.preferred_licenses=Preferred licenses
+config.repo.disable_http_git=Disable HTTP Git
+config.repo.enable_local_path_migration=Enable local path migration
+config.repo.enable_raw_file_render_mode=Enable raw file render mode
+config.repo.commits_fetch_concurrency=Commits fetch concurrency
+config.repo.editor.line_wrap_extensions=Editor line wrap extensions
+config.repo.editor.previewable_file_modes=Editor previewable file modes
+config.repo.upload.enabled=Upload enabled
+config.repo.upload.temp_path=Upload temporary path
+config.repo.upload.allowed_types=Upload allowed types
+config.repo.upload.file_max_size=Upload file size limit
+config.repo.upload.max_files=Upload files limit

 config.db_config=Настройки на базата данни
-config.db_type=Тип
-config.db_host=Сървър
-config.db_name=Име
-config.db_user=Потребител
-config.db_ssl_mode=SSL режим
-config.db_ssl_mode_helper=(само за postgres)
-config.db_path=Път
-config.db_path_helper=(за "sqlite3" и "tidb")
-config.service_config=Настройка на услугата
-config.register_email_confirm=Изисквай потвърждение на адреси на ел. поща
-config.disable_register=Изключи нови регистрации
-config.show_registration_button=Покажи бутон за регистрация
-config.require_sign_in_view=Изисквай вписване за преглед
-config.mail_notify=Уведомяване по ел. поща
-config.disable_key_size_check=Изключи проверка минимален размер на ключ
-config.enable_captcha=Включи Captcha
-config.active_code_lives=Кодове за активиране
-config.reset_password_code_lives=Кодове за изчистване на парола
-config.webhook_config=Конфигурация на уеб-куки
-config.queue_length=Дължина на опашка
-config.deliver_timeout=Време за отказ при изпращане
-config.skip_tls_verify=Пропусни проверка на TLS
-config.mailer_config=Конфигурация на мейлър
-config.mailer_enabled=Активен
-config.mailer_disable_helo=Изключи HELO
-config.mailer_name=Име
-config.mailer_host=Сървър
-config.mailer_user=Потребител
-config.send_test_mail=Изпрати тестово писмо
-config.test_mail_failed=Невъзможно изпращане на тестово писмо до '%s': %v
-config.test_mail_sent=Тестово писмо беше изпратено до '%s'.
-config.oauth_config=OAuth конфигурация
-config.oauth_enabled=Активна
-config.cache_config=Конфигурация на кеша
-config.cache_adapter=Кеш адаптер
-config.cache_interval=Кеш интервал
-config.cache_conn=Кеш на връзката
+config.db.type=Type
+config.db.host=Host
+config.db.name=Name
+config.db.schema=Schema
+config.db.schema_helper=(for "postgres" only)
+config.db.user=User
+config.db.ssl_mode=SSL mode
+config.db.ssl_mode_helper=(for "postgres" only)
+config.db.path=Path
+config.db.path_helper=(for "sqlite3"only)
+config.db.max_open_conns=Maximum open connections
+config.db.max_idle_conns=Maximum idle connections
+
+config.security_config=Security configuration
+config.security.login_remember_days=Login remember days
+config.security.cookie_remember_name=Remember cookie
+config.security.cookie_username=Username cookie
+config.security.cookie_secure=Enable secure cookie
+config.security.reverse_proxy_auth_user=Reverse proxy authentication header
+config.security.enable_login_status_cookie=Enable login status cookie
+config.security.login_status_cookie_name=Login status cookie
+config.security.local_network_allowlist=Local network allowlist
+
+config.email_config=Email configuration
+config.email.enabled=Enabled
+config.email.subject_prefix=Subject prefix
+config.email.host=Host
+config.email.from=From
+config.email.user=User
+config.email.disable_helo=Disable HELO
+config.email.helo_hostname=HELO hostname
+config.email.skip_verify=Skip certificate verify
+config.email.use_certificate=Use custom certificate
+config.email.cert_file=Certificate file
+config.email.key_file=Key file
+config.email.use_plain_text=Use plain text
+config.email.add_plain_text_alt=Add plain text alternative
+config.email.send_test_mail=Send test email
+config.email.test_mail_failed=Failed to send test email to '%s': %v
+config.email.test_mail_sent=Test email has been sent to '%s'.
+
+config.auth_config=Authentication configuration
+config.auth_custom_logout_url=Custom logout URL
+config.auth.activate_code_lives=Activate code lives
+config.auth.reset_password_code_lives=Reset password code lives
+config.auth.require_email_confirm=Require email confirmation
+config.auth.require_sign_in_view=Require sign in view
+config.auth.disable_registration=Disable registration
+config.auth.enable_registration_captcha=Enable registration captcha
+config.auth.enable_reverse_proxy_authentication=Enable reverse proxy authentication
+config.auth.enable_reverse_proxy_auto_registration=Enable reverse proxy auto registration
+config.auth.reverse_proxy_authentication_header=Reverse proxy authentication header
+
+config.user_config=User configuration
+config.user.enable_email_notify=Enable email notification
+
 config.session_config=Конфигурация на сесии
-config.session_provider=Доставчик на сесии
-config.provider_config=Конфигурация на доставчик
-config.cookie_name=Име на бисквитката
-config.enable_set_cookie=Включи използване на бисквитки
-config.gc_interval_time=GC през интервал
-config.session_life_time=Период на валидност на сесиите
-config.https_only=HTTPS само
-config.cookie_life_time=Период на валидност на бисквитките
+config.session.provider=Provider
+config.session.provider_config=Provider config
+config.session.cookie_name=Cookie
+config.session.https_only=HTTPS only
+config.session.gc_interval=GC interval
+config.session.max_life_time=Max life time
+config.session.csrf_cookie_name=CSRF cookie
+
+config.cache_config=Конфигурация на кеша
+config.cache.adapter=Adapter
+config.cache.interval=GC interval
+config.cache.host=Host
+
+config.http_config=Конфигуриране на HTTP
+config.http.access_control_allow_origin=Access control allow origin
+
+config.attachment_config=Attachment configuration
+config.attachment.enabled=Enabled
+config.attachment.path=Path
+config.attachment.allowed_types=Allowed types
+config.attachment.max_size=Size limit
+config.attachment.max_files=Files limit
+
+config.release_config=Release configuration
+config.release.attachment.enabled=Attachment enabled
+config.release.attachment.allowed_types=Attachment allowed types
+config.release.attachment.max_size=Attachment size limit
+config.release.attachment.max_files=Attachment files limit
+
 config.picture_config=Конфигурация на изображения
-config.picture_service=Услуги за снимки
-config.disable_gravatar=Изключи Gravatar
+config.picture.avatar_upload_path=User avatar upload path
+config.picture.repo_avatar_upload_path=Repository avatar upload path
+config.picture.gravatar_source=Gravatar source
+config.picture.disable_gravatar=Disable Gravatar
+config.picture.enable_federated_avatar=Enable federated avatars
+
+config.mirror_config=Mirror configuration
+config.mirror.default_interval=Default interval
+
+config.webhook_config=Конфигурация на уеб-куки
+config.webhook.types=Types
+config.webhook.deliver_timeout=Deliver timeout
+config.webhook.skip_tls_verify=Skip TLS verify
+
+config.git_config=Конфигурация на git
+config.git.disable_diff_highlight=Disable diff syntax highlight
+config.git.max_diff_lines=Diff lines limit (for a single file)
+config.git.max_diff_line_characters=Diff characters limit (for a single line)
+config.git.max_diff_files=Diff files limit (for a single diff)
+config.git.gc_args=GC arguments
+config.git.migrate_timeout=Migration timeout
+config.git.mirror_timeout=Mirror fetch timeout
+config.git.clone_timeout=Clone timeout
+config.git.pull_timeout=Pull timeout
+config.git.gc_timeout=GC timeout
+
+config.lfs_config=LFS configuration
+config.lfs.storage=Storage
+config.lfs.objects_path=Objects path
+
 config.log_config=Конфигурация на журнал
-config.log_mode=Режим на журнал
+config.log_file_root_path=Път към журнал
+config.log_mode=Режим
+config.log_options=Настройки

 monitor.cron=Cron задачи
 monitor.name=Име
@@ -1074,17 +1385,24 @@ notices.delete_success=Системните съобщения са изтрит
 create_repo=създаде хранилище <a href="%s"> %s</a>
 rename_repo=преименува хранилище от <code>%[1]s</code> на <a href="%[2]s">%[3]s</a>
 commit_repo=предаде към <a href="%[1]s/src/%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a>
+compare_commits=Сравнение между тези %d ревизии
+transfer_repo=прехвърли хранилище <code>%s</code> към <a href="%s">%s</a>
 create_issue=`отвори задача <a href="%s/issues/%s">%s#%[2]s"</a>`
 close_issue=`затвори <a href="%s/issues/%s">%s#%[2]s</a>`
 reopen_issue=`повторно отвори <a href="%s/issues/%s">%s#%[2]s</a>`
+comment_issue=`коментира задача <a href="%s/issues/%s">%s#%[2]s"</a>`
 create_pull_request=`създаде заявка за сливане <a href="%s/pulls/%s">%s#%[2]s</a>`
 close_pull_request=`затвори заявка за сливане <a href="%s/pulls/%s">%s#%[2]s</a>`
 reopen_pull_request=`повторно отвори заявка за сливане <a href="%s/pulls/%s">%s#%[2]s</a>`
-comment_issue=`коментира задача <a href="%s/issues/%s">%s#%[2]s"</a>`
 merge_pull_request=`обедини заявка за сливане <a href="%s/pulls/%s">%s#%[2]s</a>`
-transfer_repo=прехвърли хранилище <code>%s</code> към <a href="%s">%s</a>
+create_branch=създаде клон <a href="%[1]s/src/%[2]s"> %[3]s</a> % <a href="%[1]s">[4]s</a>
+delete_branch=изтри клон <code>%[2]s</code> % <a href="%[1]s">[3]s</a>
 push_tag=предаде маркер <a href="%s/src/%s">%[2]s</a> към <a href="%[1]s">[3]s</a>
-compare_commits=Сравнение между тези %d ревизии
+delete_tag=изтри етикет <code>%[2]s</code> % <a href="%[1]s">[3]s</a>
+fork_repo=forked a repository to <a href="%s">%s</a>
+mirror_sync_push=synced commits to <a href="%[1]s/src/%[2]s">%[3]s</a> at <a href="%[1]s">%[4]s</a> from mirror
+mirror_sync_create=synced new reference <a href="%s/src/%s">%[2]s</a> to <a href="%[1]s">%[3]s</a> from mirror
+mirror_sync_delete=synced and deleted reference <code>%[2]s</code> at <a href="%[1]s">%[3]s</a> from mirror

 [tool]
 ago=преди
@@ -1106,6 +1424,7 @@ months=%[2]s %[1]d месеца
 years=%[2]s %[1]d години
 raw_seconds=секунди
 raw_minutes=минути
+raw_hours=hours

 [dropzone]
 default_message=Тук пуснете файлове с влачене или просто щракнете за избор на файл за качване.
@@ -9,7 +9,6 @@ sign_out=Abmelden
 sign_up=Registrieren
 register=Registrieren
 website=Webseite
-version=Version
 page=Seite
 template=Vorlage
 language=Sprache
@@ -44,23 +43,27 @@ issues=Issues

 cancel=Abbrechen

+[status]
+page_not_found=Seite nicht gefunden
+internal_server_error=Interner Serverfehler
+
 [install]
 install=Installation
 title=Installationsschritte für den ersten Start
-docker_helper=Wenn Gogs innerhalb Docker läuft, lesen Sie sich bitte den <a target="_blank" href="%s">Leitfaden</a> genau durch, bevor Sie irgendwas auf dieser Seite ändern!
-requite_db_desc=Gogs benötigt MySQL, PostgreSQL, SQLite3 oder TiDB.
+docker_helper=Wenn Gogs innerhalb von Docker läuft, lesen Sie sich bitte den <a target="_blank" href="%s">Leitfaden</a> genau durch, bevor Sie etwas auf dieser Seite ändern!
+requite_db_desc=Gogs benötigt MySQL, PostgreSQL, SQLite3 oder TiDB (mit MySQL-Protokoll)
 db_title=Datenbankeinstellungen
 db_type=Datenbanktyp
 host=Host
 user=Benutzer
 password=Passwort
 db_name=Datenbankname
+db_schema=Schema
 db_helper=Bitte verwenden Sie in MySQL die InnoDB-Engine mit dem Zeichensatz utf8_general_ci.
 ssl_mode=SSL-Modus
 path=Pfad
-sqlite_helper=Der Dateipfad zur SQLite3- oder TiDB-Datenbank. <br>Bitte verwenden Sie einen absoluten Pfad, wenn Gogs als Service gestartet wird.
-err_empty_db_path=SQLite3 oder TiDB Datenbankpfad darf nicht leer sein.
-err_invalid_tidb_name=Der TiDB Datenbankname darf nicht "." und "-" enthalten.
+sqlite_helper=Der Dateipfad zur SQLite3-Datenbank. <br>Bitte verwenden Sie einen absoluten Pfad, wenn Gogs als Service gestartet wird.
+err_empty_db_path=SQLite3 Datenbankpfad darf nicht leer sein.
 no_admin_and_disable_registration=Sie können die Registrierung nicht deaktivieren, ohne ein Administratorkonto zu erstellen.
 err_empty_admin_password=Das Administrator-Passwort darf nicht leer sein.

@@ -75,12 +78,17 @@ domain=Domain
 domain_helper=Dies hat Auswirkung auf die SSH Klon-URLs.
 ssh_port=SSH Port
 ssh_port_helper=Der Port Ihres SSH-Servers. Leer lassen um SSH zu deaktivieren.
+use_builtin_ssh_server=Eingebauten SSH-Server verwenden
+use_builtin_ssh_server_popup=Starte eingebauten SSH-Server für git-Aufgaben, um es vom System-SSH-Dämon zu trennen.
 http_port=HTTP Port
 http_port_helper=Auf dieser Port Nummer wird Gogs erreichbar sein.
 app_url=Anwendungs-URL
 app_url_helper=Dies hat Auswirkung auf die HTTP/HTTPS Klon-URLs und den Inhalt der E-Mails.
 log_root_path=Logdateipfad
 log_root_path_helper=Verzeichnis in das Logdateien geschrieben werden.
+enable_console_mode=Konsolen-Modus einschalten
+enable_console_mode_popup=Zusätzlich zum Datei-Modus, zeige Logs auch in der Konsole.
+default_branch=Standard Branch

 optional_title=Optionale Einstellungen
 email_title=E-Mail-Service Einstellungen
@@ -96,6 +104,8 @@ offline_mode=Offline-Modus aktivieren
 offline_mode_popup=CDN auch im Produktivmodus deaktivieren. Alle Dateien werden von diesem Server ausgeliefert.
 disable_gravatar=Gravatar-Dienst deaktivieren
 disable_gravatar_popup=Gravatar und benutzerdefinierte Quellen deaktivieren. Alle Profilbilder werden vom Nutzer hochgeladen oder sind das Standard-Profilbild.
+federated_avatar_lookup=Suche nach föderierten Profilbildern einschalten
+federated_avatar_lookup_popup=Der Suche nach föderierten Profilbildern die Verwendung von föderierten open source Services basierend auf libravatar erlauben.
 disable_registration=Registrierung deaktivieren
 disable_registration_popup=Registrierung neuer Benutzer deaktivieren. Nur Administratoren können Benutzerkonten anlegen.
 enable_captcha=Captcha aktivieren
@@ -114,7 +124,10 @@ sqlite3_not_available=Ihre Gogs-Version unterstützt SQLite3 nicht. Bitte laden
 invalid_db_setting=Datenbankeinstellungen sind nicht korrekt: %v
 invalid_repo_path=Repository Verzeichnis ist ungültig: %v
 run_user_not_match=Der ausführende Benutzer ist nicht der aktuelle Benutzer: %s -> %s
+smtp_host_missing_port=In der Adresse des SMTP Host fehlt die Portnummer.
+invalid_smtp_from=SMTP Absender Feld ist nicht gültig: %v
 save_config_failed=Fehler beim Speichern der Konfiguration: %v
+init_failed=Fehler beim Initialisieren der Anwendung: %v
 invalid_admin_setting=Admin-Konto Einstellungen sind ungültig: %v
 install_success=Herzlich Willkommen! Wir sind froh, dass Sie sich für Gogs entschieden haben. Wir wünschen viel Vergnügen damit.
 invalid_log_root_path=Pfad zum Log-Verzeichnis ist ungültig: %v
@@ -135,6 +148,7 @@ issues.in_your_repos=In Ihren Repositories
 [explore]
 repos=Repositories
 users=Benutzer
+organizations=Organisationen
 search=Suche

 [auth]
@@ -143,6 +157,8 @@ register_hepler_msg=Haben Sie bereits ein Konto? Jetzt anmelden!
 social_register_hepler_msg=Haben Sie bereits ein Konto? Jetzt verknüpfen!
 disable_register_prompt=Es tut uns leid, die Registrierung wurde deaktiviert. Bitte wenden Sie sich an den Administrator.
 disable_register_mail=Es tut uns leid, die Bestätigung der Registrierungs-E-Mail wurde deaktiviert.
+auth_source=Authentifizierungsquelle
+local=Lokal
 remember_me=Angemeldet bleiben
 forgot_password=Passwort vergessen
 forget_password=Passwort vergessen?
@@ -154,7 +170,6 @@ prohibit_login_desc=Ihrem Konto ist es nicht gestattet sich anzumelden. Bitte ko
 resent_limit_prompt=Es tut uns leid, aber Sie haben bereits eine Aktivierungs-E-Mail angefordert. Bitte warten Sie 3 Minuten und probieren Sie es dann nochmal.
 has_unconfirmed_mail=Hallo %s, Sie haben eine unbestätigte E-Mail-Adresse (<b>%s</b>). Wenn Sie keine Bestätigungs-E-Mail erhalten haben oder eine neue benötigen, klicken Sie bitte auf den folgenden Button.
 resend_mail=Hier klicken, um die Aktivierungs-E-Mail erneut zu versenden
-email_not_associate=Diese E-Mail-Adresse ist mit keinem Konto verknüpft.
 send_reset_mail=Hier klicken, um die E-Mail zum Passwort-zurücksetzen erneut zu versenden
 reset_password=Passwort zurücksetzen
 invalid_code=Es tut uns leid, der Bestätigungscode ist abgelaufen oder ungültig.
@@ -162,6 +177,14 @@ reset_password_helper=Hier klicken, um das Passwort zurückzusetzen
 password_too_short=Das Passwort muss mindenstens 6 Zeichen lang sein.
 non_local_account=Nicht-lokale Konten können Passwörter nicht via Gogs ändern.

+login_two_factor=Zwei-Faktor-Authentifizierung
+login_two_factor_passcode=PIN
+login_two_factor_enter_recovery_code=Geben Sie einen Wiederherstellungscode für die Zwei-Faktor-Authentifizierung ein
+login_two_factor_recovery=Zwei-Faktor-Wiederherstellung
+login_two_factor_recovery_code=Wiederherstellungscode
+login_two_factor_enter_passcode=Geben Sie die Zwei-Faktor-Authentifizierungs PIN ein
+login_two_factor_invalid_recovery_code=Der Wiederherstellungscode wurde schon benutzt oder ist nicht gültig.
+
 [mail]
 activate_account=Bitte aktivieren Sie Ihr Konto
 activate_email=Bestätigen Sie Ihre E-Mail-Adresse
@@ -187,9 +210,17 @@ TeamName=Teamname
 AuthName=Name der Autorisierung
 AdminEmail=Administrator E-Mail

+NewBranchName=Neuer Branch Name
+CommitSummary=Commit Zusammenfassung
+CommitMessage=Commit Nachricht
+CommitChoice=Commit Auswahl
+TreeName=Dateipfad
+Content=Inhalt
+
 require_error=` darf nicht leer sein.`
 alpha_dash_error=` kann ausschließlich alphanumerische Zeichen und "-_" enthalten.`
 alpha_dash_dot_error=` kann ausschließlich alphanumerische Zeichen und ".-_" enthalten.`
+alpha_dash_dot_slash_error=` kann ausschließlich alphanumerische Zeichen und ".-_/" enthalten.`
 size_error=` muss die Größe %s haben.`
 min_size_error=` muss mindestens %s Zeichen enthalten.`
 max_size_error=` darf höchstens %s Zeichen enthalten.`
@@ -206,6 +237,7 @@ org_name_been_taken=Organisationsname ist bereits vergeben.
 team_name_been_taken=Teamname ist bereits vergeben.
 email_been_used=E-Mail-Adresse wird bereits verwendet.
 username_password_incorrect=Benutzername oder Passwort ist nicht korrekt.
+auth_source_mismatch=Die ausgewählte Authentifizierungsquelle ist dem Benutzer nicht zugeordnet.
 enterred_invalid_repo_name=Bitte achten Sie darauf, dass der von Ihnen eingegebene Repository-Name korrekt ist.
 enterred_invalid_owner_name=Bitte achten Sie darauf, dass der eingegebene Name des Besitzers korrekt ist.
 enterred_invalid_password=Bitte achten Sie darauf, dass das eingegebene Passwort richtig ist.
@@ -233,18 +265,18 @@ following=Folge ich
 follow=Folgen
 unfollow=Nicht mehr folgen

-form.name_reserved=Der Benutzername '%s' ist reserviert.
-form.name_pattern_not_allowed=Benutzernamen der Form '%s' sind nicht erlaubt.
+form.name_not_allowed=Benutzername oder Muster %q ist nicht erlaubt.

 [settings]
 profile=Profil
 password=Passwort
+avatar=Profilbild
 ssh_keys=SSH-Schlüssel
-social=Soziale Konten
-applications=Anwendungen
+security=Sicherheit
+repos=Repositories
 orgs=Organisationen
+applications=Anwendungen
 delete=Konto löschen
-uid=Uid

 public_profile=Öffentliches Profil
 profile_desc=Ihre E-Mail-Adresse ist öffentlich einsehbar und dient dazu, Ihnen Benachrichtigungen bezüglich Ihres Kontos und Aktivitäten auf der Webseite zu schicken.
@@ -259,6 +291,8 @@ change_username_prompt=Diese Änderung wirkt sich auf die Links zu Ihrem Benutze
 continue=Weiter
 cancel=Abbrechen

+lookup_avatar_by_mail=Suche nach Profilbildern via E-Mail
+federated_avatar_lookup=Suche nach föderierten Profilbildern
 enable_custom_avatar=Benutzerdefiniertes Profilbild aktivieren
 choose_new_avatar=Neues Profilbild auswählen
 update_avatar=Profilbildeinstellungen aktualisieren
@@ -283,6 +317,7 @@ delete_email=Löschen
 email_deletion=E-Mail löschen
 email_deletion_desc=Das Löschen dieser E-Mail Adresse wird alle Informationen entfernen, die mit dieser E-Mail Adresse verknüpft sind. Wollen Sie fortfahren?
 email_deletion_success=E-Mail-Adresse wurde erfolgreich gelöscht!
+email_deletion_primary=Die primäre E-Mail-Adresse kann nicht gelöscht werden.
 add_new_email=Neue E-Mail-Adresse hinzufügen
 add_email=E-Mail-Adresse hinzufügen
 add_email_confirmation_sent=Eine neue Bestätigungsmail wurde an '%s' gesendet, bitte überprüfen Sie Ihren Posteingang innerhalb von %d Stunden um die Bestätigung abzuschließen.
@@ -293,7 +328,7 @@ add_key=Schlüssel hinzufügen
 ssh_desc=Dies ist eine Liste aller SSH-Schlüssel, die Ihrem Konto zugeordnet sind. Bitte entfernen Sie alle Schlüssel, die Ihnen nicht bekannt sind.
 ssh_helper=<strong>Brauchen Sie Hilfe?</strong> Hier ist eine Anleitung zum <a href="%s">Erzeugen von SSH-Schlüsseln</a> oder <a href="%s">Lösen einfacher SSH-Probleme</a>.
 add_new_key=SSH-Schlüssel hinzufügen
-ssh_key_been_used=Inhalt des öffentlichen Schlüssels wurde verwendet.
+ssh_key_been_used=Inhalt des öffentlichen Schlüssels wurde bereits verwendet.
 ssh_key_name_used=Ein öffentlicher Schlüssel mit diesem Namen existiert bereits.
 key_name=Schlüsselname
 key_content=Inhalt
@@ -308,14 +343,36 @@ no_activity=Keine neuen Aktivitäten
 key_state_desc=Dieser Schlüssel wurde in den letzten 7 Tagen verwendet
 token_state_desc=Dieses Token wurde in den letzten 7 Tagen benutzt

-manage_social=Verknüpfte soziale Konten verwalten
-social_desc=Dies ist eine Liste verknüpfter sozialer Konten. Bitte entfernen Sie alle Verknüpfungen, die Ihnen nicht bekannt sind.
-unbind=Verknüpfung entfernen
-unbind_success=Die Verknüpfung zum sozialen Konto wurde entfernt.
+two_factor=Zwei-Faktor-Authentifizierung
+two_factor_status=Status:
+two_factor_on=Ein
+two_factor_off=Aus
+two_factor_enable=Aktivieren
+two_factor_disable=Deaktivieren
+two_factor_view_recovery_codes=Betrachten und verwahren Sie <a href="%s%s">Ihre Wiederherstellungscodes</a> an einem sicheren Ort. Sie können diese als Passwort-Code nutzen, auch wenn Sie den Zugriff zu Ihrer Authentifizierungsanwendung verloren haben.
+two_factor_http=Für HTTP/HTTPS-Operationen können Sie keine schlichten Benutzernamen und Passwörter mehr nutzen. Bitte erstellen und benutzen Sie ein <a href="%[1]s%[2]s">Persönliches Zugriffs-Token</a> als Ihre Anmeldeinformation, z.B. <code>%[3]s</code>.
+two_factor_enable_title=Zwei-Faktor-Authentifizierung aktivieren
+two_factor_scan_qr=Bitte benutzen Sie Ihre Authentifizierungsanwendung, um das Bild zu scannen:
+two_factor_or_enter_secret=Oder geben Sie Ihren Geheim-Code ein:
+two_factor_then_enter_passcode=Geben Sie die PIN ein:
+two_factor_verify=Bestätigen
+two_factor_invalid_passcode=Die eingegebene PIN ist ungültig. Bitte versuchen Sie es erneut!
+two_factor_reused_passcode=Der von dir eingegebene Passcode wurde bereits verwendet, bitte probiere einen anderen!
+two_factor_enable_error=Einschalten der Zwei-Faktor-Authentifizierung ist fehlgeschlagen: %v
+two_factor_enable_success=Die Zwei-Faktor-Authentifizierung wurde für Ihr Konto erfolgreich aktiviert!
+two_factor_recovery_codes_title=Zwei-Faktor-Authentifizierung-Wiederherstellungscodes
+two_factor_recovery_codes_desc=Wiederherstellungscodes sind dazu gedacht, verwendet zu werden, wenn Sie vorübergehend keinen Zugriff zu Ihrer Authentifizierungsanwendung haben. Jeder Wiederherstellungscode kann nur einmal verwendet werden. <b>Bitte bewahren Sie diese Codes an einem sicheren Ort auf</b>.
+two_factor_regenerate_recovery_codes=Wiederherstellungscodes neu generieren
+two_factor_regenerate_recovery_codes_error=Das erneute Generieren der Wiederherstellungscodes ist fehlgeschlagen: %v
+two_factor_regenerate_recovery_codes_success=Die neuen Wiederherstellungscodes wurden erfolgreich generiert!
+two_factor_disable_title=Zwei-Faktor-Authentifizierung deaktivieren
+two_factor_disable_desc=Das Sicherheitsniveau Ihres Kontos wird deutlich reduziert sein, nachdem die Zwei-Faktor-Authentifizierung deaktiviert wurde. Möchten Sie fortfahren?
+two_factor_disable_success=Die Zwei-Faktor-Authentifizierung wurde erfolgreich deaktiviert!

 manage_access_token=Verwaltung persönlicher Zugangs-Token
-generate_new_token=Neuen Token erzeugen
+generate_new_token=Neues Token erzeugen
 tokens_desc=Die von Ihnen erzeugten Token können zum Zugriff auf die Gogs-API verwendet werden.
+access_token_tips=Der persönliche Zugangs-Token kann entweder als Benutzername oder als Passwort verwendet werden. Es wird empfohlen den "x-access-token" als Benutzernamen und den persönlichen Zugangs-Token als Passwort für Git-Anwendungen zu verwenden.
 new_token_desc=Jeder Token erlaubt vollen Zugriff auf ihr Konto.
 token_name=Token-Name
 generate_token=Token generieren
@@ -324,6 +381,16 @@ delete_token=Löschen
 access_token_deletion=Persönlichen Token entfernen
 access_token_deletion_desc=Das Löschen dieses persönlichen Zugangs-Tokens wird alle zugehörigen Zugriffe der Anwendung entfernen. Möchten Sie fortfahren?
 delete_token_success=Persönlicher Zugriffs-Token wurde erfolgreich entfernt! Vergessen Sie nicht Ihre Anwendung zu aktualisieren.
+token_name_exists=Token mit dem gleichen Namen existiert bereits.
+
+orgs.none=Sie sind kein Mitglied einer Organisation.
+orgs.leave_title=Organisation verlassen
+orgs.leave_desc=Sie verlieren den Zugriff auf alle Repositories und Teams nach dem Verlassen der Organisation. Möchten Sie fortfahren?
+
+repos.leave=Verlassen
+repos.leave_title=Repository verlassen
+repos.leave_desc=Der Zugang zum Repository wird verloren gehen, wenn Sie es verlassen. Möchten Sie fortfahren?
+repos.leave_success=Sie haben das Repository '%s' erfolgreich verlassen!

 delete_account=Konto löschen
 delete_prompt=Diese Aktion wird Ihr Konto dauerhaft löschen und kann <strong>NICHT</strong> rückgängig gemacht werden!
@@ -336,16 +403,18 @@ owner=Besitzer
 repo_name=Repository-Name
 repo_name_helper=Ein guter Repository-Name besteht gewöhnlich aus kurzen, leicht zu merkenden und eindeutigen Schlüsselworten.
 visibility=Sichtbarkeit
+unlisted=Ungelistet
 visiblity_helper=Dieses Repository ist <span class="ui red text">privat</span>
+unlisted_helper=Dieses Repository ist <span class="ui red text">nicht gelistet</span>
 visiblity_helper_forced=Der Administrator hat festgelegt, dass alle neuen Repositories <span class="ui red text">privat</span> sein müssen
 visiblity_fork_helper=(Eine Änderung dieses Wertes wirkt sich auf alle Forks aus)
-clone_helper=Sie brauchen Hilfe beim Klonen? Öffnen Sie die <a target="_blank" href="%s">Hilfe</a>!
+clone_helper=Brauchen Sie Hilfe beim Klonen? Hier gibt es <a target="_blank" href="%s">Hilfe</a>!
 fork_repo=Repository forken
 fork_from=Fork von
 fork_visiblity_helper=Die Sichtbarkeit von geforkten Repositories ist nicht veränderbar.
 repo_desc=Beschreibung
 repo_lang=Sprache
-repo_lang_helper=Wählen Sie eine .gitignore-Datei aus
+repo_gitignore_helper=Wählen Sie eine .gitignore Vorlage aus
 license=Lizenz
 license_helper=Wählen Sie eine Lizenz aus
 readme=Readme
@@ -358,27 +427,30 @@ mirror_prune_desc=Entferne alle Verweise auf nicht mehr existierende entfernte R
 mirror_interval=Mirror-Intervall (in Stunden)
 mirror_address=Mirror-Adresse
 mirror_address_desc=Bitte die nötigen Zugangsdaten in die Adresse mit aufnehmen.
+mirror_last_synced=Zuletzt synchronisiert
 watchers=Beobachter
 stargazers=In Favoriten von
 forks=Forks
+repo_description_helper=Beschreibung des Repository. Maximal 512 Zeichen.
+repo_description_length=Verfügbare Zeichen

 form.reach_limit_of_creation=Der Besitzer hat die maximale Anzahl von %d erstellbaren Repositories erreicht.
-form.name_reserved=Repository-Name '%s' ist reserviert.
-form.name_pattern_not_allowed=Repository-Namen der Form '%s' sind nicht erlaubt.
+form.name_not_allowed=Repository name or pattern %q is not allowed.

 need_auth=Authorisierung benötigt
 migrate_type=Migrationstyp
 migrate_type_helper=Dieses Repository wird ein <span class="text blue">Mirror</span> sein
 migrate_repo=Repository migrieren
 migrate.clone_address=Adresse kopieren
-migrate.clone_address_desc=Dies kann eine HTTP/HTTPS/GIT URL oder ein lokaler Serverpfad sein.
+migrate.clone_address_desc=Dies kann eine HTTP/HTTPS/GIT-URL sein.
+migrate.clone_address_desc_import_local=Sie dürfen auch ein Repository vom lokalen Serverpfad migrieren.
 migrate.permission_denied=Ihnen fehlen die Rechte zum Importieren lokaler Repositories.
 migrate.invalid_local_path=Der lokale Pfad ist ungültig, existiert nicht oder ist kein Ordner.
+migrate.clone_address_resolved_to_blocked_local_address=Klonadresse in eine lokale Netzwerkadresse aufgelöst, die implizit blockiert ist.
 migrate.failed=Fehler bei Migration: %v

 mirror_from=Mirror von
 forked_from=geforkt von
-fork_from_self=Sie können kein Repository forken, das Ihnen gehört!
 copy_link=Kopieren
 copy_link_success=Kopiert!
 copy_link_error=Drücken Sie ⌘-C oder Strg-C zum Kopieren
@@ -394,9 +466,9 @@ quick_guide=Kurzanleitung
 clone_this_repo=Dieses Repository klonen
 create_new_repo_command=Erstellen Sie ein neues Repository mittels der Kommandozeile
 push_exist_repo=Bestehendes Repository von der Kommandozeile pushen
-repo_is_empty=Dieses Repository ist leer. Bitte kommen Sie später wieder!
+bare_message=Dieses Repository hat noch keinen Inhalt.

-code=Code
+files=Dateien
 branch=Branch
 tree=Struktur
 filter_branch_and_tag=Nach Branch oder Tag filtern
@@ -407,13 +479,65 @@ pulls=Pull-Requests
 labels=Label
 milestones=Meilensteine
 commits=Commits
+git_branches=Branches
 releases=Releases
 file_raw=Originalformat
 file_history=Verlauf
 file_view_raw=Ansicht im Originalformat
 file_permalink=Permalink
 file_too_large=Diese Datei ist zu groß zum Anzeigen
+video_not_supported_in_browser=Ihr Browser unterstützt HTML5 Video-Tags nicht.

+branches.overview=Übersicht
+branches.active_branches=Aktive Branches
+branches.stale_branches=Alte Branches
+branches.all=Alle Branches
+branches.updated_by=Aktualisiert %[1]s von %[2]s
+branches.change_default_branch=Ändere Standard-Branch
+branches.default_deletion_not_allowed=Cannot delete the default branch.
+branches.protected_deletion_not_allowed=Cannot delete a protected branch.
+
+editor.new_file=Neue Datei
+editor.upload_file=Datei hochladen
+editor.edit_file=Datei bearbeiten
+editor.preview_changes=Vorschau der Änderungen
+editor.cannot_edit_non_text_files=Nicht-Text Dateien können nicht bearbeitet werden
+editor.edit_this_file=Datei bearbeiten
+editor.must_be_on_a_branch=Sie müssen sich in einem Branch befinden, um Änderungen an dieser Datei vorzuschlagen oder vorzunehmen
+editor.fork_before_edit=Um die Datei zu bearbeiten, müssen Sie das Repository forken
+editor.delete_this_file=Datei löschen
+editor.must_have_write_access=Du musst Schreibzugriff haben, um Änderungen an dieser Datei vorzuschlagen oder vorzunehmen
+editor.file_delete_success=Die Datei '%s' wurde erfolgreich gelöscht!
+editor.name_your_file=Dateinamen eingeben...
+editor.filename_help=Um einen Ordner hinzuzufügen, gib den Namen ein und drücke /. Um einen Ordner zu entfernen, gehe zum Anfang des Feldes und drücke auf die Rücktaste.
+editor.or=oder
+editor.cancel_lower=abbrechen
+editor.commit_changes=Änderungen einchecken
+editor.add_tmpl=Hinzufügen von '%s/<filename>'
+editor.add='%s' hinzufügen
+editor.update='%s' ändern
+editor.delete='%s' löschen
+editor.commit_message_desc=Eine ausführlichere Beschreibung kann hinzugefügt werden...
+editor.commit_directly_to_this_branch=Direkt in den <strong class="branch-name">%s</strong> Branch einchecken.
+editor.create_new_branch=Einen <strong>neuen Branch</strong> für diesen Commit erstellen und einen Pull Request starten.
+editor.new_branch_name_desc=Neuer Branch Name...
+editor.cancel=Abbrechen
+editor.filename_cannot_be_empty=Der Dateiname darf nicht leer sein.
+editor.branch_already_exists=Branch '%s' existiert bereits in diesem Repository.
+editor.directory_is_a_file='%s' im übergeordneten Verzeichnis ist eine Datei und kein Verzeichnis.
+editor.file_is_a_symlink=Die Datei '%s' ist ein Symlink, der im Webeditor nicht bearbeitet werden kann.
+editor.filename_is_a_directory=Die Datei '%s' existiert bereits als Verzeichnis in diesem Repository.
+editor.file_editing_no_longer_exists=Die Datei '%s', welche Sie bearbeiten, existiert in diesem Repository nicht mehr.
+editor.file_changed_while_editing=Seit dem Start der Bearbeitung hat sich die Datei geändert. <a target="_blank" href="%s">Hier klicken</a> um die Änderungen zu sehen, oder nochmals <strong>Commit drücken</strong> um die Änderungen zu überschreiben.
+editor.file_already_exists=Eine Datei mit dem Namen '%s' existiert bereits in diesem Repository.
+editor.no_changes_to_show=Keine Änderungen vorhanden.
+editor.fail_to_update_file=Fehler beim Ändern/Erstellen der Datei '%s'. Fehler: %v
+editor.fail_to_delete_file=Fehler beim Löschen der Datei '%s'. Fehler: %v
+editor.add_subdir=Unterverzeichnis erstellen...
+editor.unable_to_upload_files=Fehler beim Hochladen der Dateien zu '%s'. Fehler: %v
+editor.upload_files_to_dir=Dateien hochladen nach '%s'
+
+commits.commit_history=Commit Verlauf
 commits.commits=Commits
 commits.search=Commits durchsuchen
 commits.find=Finden
@@ -439,6 +563,11 @@ issues.create=Issue erstellen
 issues.new_label=Neues Label
 issues.new_label_placeholder=Label-Name...
 issues.create_label=Label erstellen
+issues.label_templates.title=Lade vordefinierte Label
+issues.label_templates.info=Es sind noch keine Label vorhanden. Sie können vordefinierte Label benutzen, oder auf "Neues Label" klicken um eines zu erstellen.
+issues.label_templates.helper=Wählen Sie ein Label
+issues.label_templates.use=Dieses Label Set benutzen
+issues.label_templates.fail_to_load_file=Fehler beim Laden der Label Template Datei '%s': %v
 issues.open_tab=%d offen
 issues.close_tab=%d geschlossen
 issues.filter_label=Label
@@ -480,8 +609,7 @@ issues.commit_ref_at=`hat dieses Issue <a id="%[1]s" href="#%[1]s">%[2]s</a> aus
 issues.poster=Ersteller
 issues.collaborator=Mitarbeiter
 issues.owner=Besitzer
-issues.sign_up_for_free=Kostenlos anmelden
-issues.sign_in_require_desc=um dieser Diskussion beizutreten. Haben Sie bereits ein Konto? <a href="%s">Anmelden um zu kommentieren</a>
+issues.sign_in_require_desc=<a href="%s">Anmelden</a>, um an der Diskussion teilzunehmen.
 issues.edit=Bearbeiten
 issues.cancel=Abbrechen
 issues.save=Speichern
@@ -496,6 +624,8 @@ issues.label_deletion=Label löschen
 issues.label_deletion_desc=Das Label wird von allen verknüpften Issues entfernt. Möchten Sie fortfahren?
 issues.label_deletion_success=Label wurde erfolgreich gelöscht!
 issues.num_participants=%d Beteiligte
+issues.attachment.open_tab=`Klicken um "%s" in einem neuen Tab zu öffnen`
+issues.attachment.download=`Klicken um "%s" herunterzuladen`

 pulls.new=Neuer Pull-Request
 pulls.compare_changes=Änderungen vergleichen
@@ -505,6 +635,7 @@ pulls.compare_compare=vergleichen
 pulls.filter_branch=Branch filtern
 pulls.no_results=Keine Ergebnisse verfügbar.
 pulls.nothing_to_compare=Es gibt nichts zu vergleichen, da Base- und Head-Branch gleich sind.
+pulls.nothing_merge_base=Es gibt nichts zu vergleichen, da beide Zweige eine komplett unterschiedliche Historie haben.
 pulls.has_pull_request=`Es existiert bereits ein Pull-Request zwischen diesen beiden Zielen: <a href="%[1]s/pulls/%[3]d">%[2]s#%[3]d</a>`
 pulls.create=Pull-Request erstellen
 pulls.title_desc=möchte %[1]d Commits von <code>%[2]s</code> nach <code>%[3]s</code> zusammenführen
@@ -520,16 +651,21 @@ pulls.is_checking=Die Konfliktprüfung läuft noch. Bitte aktualisieren Sie die
 pulls.can_auto_merge_desc=Dieser Pull-Request kann automatisch zusammengeführt werden.
 pulls.cannot_auto_merge_desc=Dieser Pull-Request kann nicht automatisch zusammengeführt werden, da es Konflikte gibt.
 pulls.cannot_auto_merge_helper=Bitte manuell zusammenführen, um die Konflikte zu lösen.
+pulls.create_merge_commit=Erstelle einen Merge-Commit
+pulls.rebase_before_merging=Rebase vor dem Zusammenführen
+pulls.commit_description=Commit Beschreibung
 pulls.merge_pull_request=Pull-Request zusammenführen
 pulls.open_unmerged_pull_exists=`Sie können diesen Pull-Request nicht wieder öffnen, da bereits ein offener Pull-Request (#%d) aus dem selben Repository mit den gleichen Merge-Informationen existiert und auf das Zusammenführen wartet.`
+pulls.delete_branch=Zweig löschen
+pulls.delete_branch_has_new_commits=Zweig kann nicht gelöscht werden, da er noch weitere Commits nach dem Zusammenführen enthält.

 milestones.new=Neuer Meilenstein
 milestones.open_tab=%d offen
 milestones.close_tab=%d geschlossen
 milestones.closed=Geschlossen %s
 milestones.no_due_date=Kein Fälligkeitsdatum
-milestones.open=Offen
-milestones.close=Geschlossen
+milestones.open=Öffnen
+milestones.close=Schließen
 milestones.new_subheader=Erstellen Sie Meilensteine, um ihre Issues zu organisieren.
 milestones.create=Meilenstein erstellen
 milestones.title=Titel
@@ -572,26 +708,61 @@ settings.collaboration.admin=Adminrechte
 settings.collaboration.write=Schreibrechte
 settings.collaboration.read=Leserechte
 settings.collaboration.undefined=Nicht definiert
+settings.branches=Branches
+settings.branches_bare=Branches leerer Repositories können nicht verwaltet werden. Bitte erst Datei(en) pushen.
+settings.default_branch=Standard-Branch
+settings.default_branch_desc=Der Standard-Branch gilt als Basis für Commits, Pull-Requests und Online-Bearbeitung.
+settings.update=Aktualisieren
+settings.update_default_branch_unsupported=Die Änderung des Standard-Branch wird von der Git-Version auf dem Server nicht unterstützt.
+settings.update_default_branch_success=Standard-Branch dieses Repositories wurde erfolgreich aktualisiert!
+settings.protected_branches=Protected Branches
+settings.protected_branches_desc=Schützt Branches vor forcierten Pushes und versehentlichem Löschen. Comitter können freigeschaltet werden.
+settings.choose_a_branch=Wählen Sie einen Branch...
+settings.branch_protection=Branch-Schutz
+settings.branch_protection_desc=Bitte wählen Sie Schutzoptionen für den Branch <b>%s</b>.
+settings.protect_this_branch=Diesen Branch schützen
+settings.protect_this_branch_desc=Verhindere forcierte Pushes sowie Löschungen.
+settings.protect_require_pull_request=Verlange Pull-Request an Stelle von direkten Pushes
+settings.protect_require_pull_request_desc=Aktivieren Sie diese Option, um direktes Pushen in diesen Branch zu verhindern. Commits müssen in einen anderen, ungeschützten Branch gepusht werden und dann per Pull-Request in diesen Branch überführt werden.
+settings.protect_whitelist_committers=Hinzufügen von Benutzern oder Teams zur Whitelist, die in diesen Branch pushen dürfen
+settings.protect_whitelist_committers_desc=Fügt Benutzer oder Teams zur Push-Whitelist dieses Branches hinzu. Auf der Whitelist geführte Benutze können können ohne Prüfung von Pull-Requests pushen.
+settings.protect_whitelist_users=Benutzer, die in diesen Branch pushen können
+settings.protect_whitelist_search_users=Benutzer suchen
+settings.protect_whitelist_teams=Teams, deren Mitglieder in diesen Branch pushen können
+settings.protect_whitelist_search_teams=Teams suchen
+settings.update_protect_branch_success=Schutzoptionen für diesen Branch wurden erfolgreich aktualisiert!
 settings.hooks=Webhooks
 settings.githooks=Git-Hooks
 settings.basic_settings=Grundeinstellungen
+settings.mirror_settings=Mirror Einstellungen
+settings.sync_mirror=Jetzt synchronisieren
+settings.mirror_sync_in_progress=Mirror Synchronisierung läuft, bitte die Seite in ca. einer Minute neu laden.
 settings.site=Offizielle Webseite
 settings.update_settings=Einstellungen speichern
 settings.change_reponame_prompt=Diese Änderung wirkt sich darauf aus, wie sich Links auf Repositories beziehen.
 settings.advanced_settings=Erweiterte Einstellungen
-settings.wiki_desc=Wiki aktivieren, damit Benutzer Seiten anlegen können
+settings.wiki_desc=Wiki einschalten
+settings.use_internal_wiki=Eingebautes Wiki verwenden
+settings.allow_public_wiki_desc=Erlaube öffentlichen Zugang zum Wiki, auch wenn das Repository privat ist
 settings.use_external_wiki=Externes Wiki verwenden
 settings.external_wiki_url=Externe Wiki URL
 settings.external_wiki_url_desc=Besucher werden auf diese URL umgeleitet, wenn sie auf den Tab klicken.
-settings.issues_desc=Eingebautes einfaches Issue-System verwenden
+settings.issues_desc=Issue-Tracker einschalten
+settings.use_internal_issue_tracker=Eingebauten Issue-Tracker verwenden
+settings.allow_public_issues_desc=Erlaube öffentlichen Zugriff auf Issues, auch wenn das Repository privat ist
 settings.use_external_issue_tracker=Externes Issue-System verwenden
+settings.external_tracker_url=URL eines externen Issue Trackers
+settings.external_tracker_url_desc=Besucher werden auf diese URL umgeleitet, wenn sie auf den Tab klicken.
 settings.tracker_url_format=URL-Format des externen Issue-Systems
 settings.tracker_issue_style=Namenskonvention des externen Issue-Trackers:
 settings.tracker_issue_style.numeric=Numerisch
 settings.tracker_issue_style.alphanumeric=Alphanumerisch
 settings.tracker_url_format_desc=Sie können die Platzhalter <code>{user} {repo} {index}</code> für den Benutzernamen, den Namen des Repositories und die Issue-Nummer verwenden.
-settings.pulls_desc=Pull-Requests aktivieren, um öffentliche Mitwirkung zu ermöglichen
+settings.pulls_desc=Erlaube Pull-Requests zur Zusammenarbeit von Repositories und Branches
+settings.pulls.ignore_whitespace=Ignoriere whitespace Änderungen
+settings.pulls.allow_rebase_merge=Die Verwendung von Rebase erlauben, um Commits zu mergen
 settings.danger_zone=Gefahrenzone
+settings.cannot_fork_to_same_owner=Besitzer kann das Repository nicht forken.
 settings.new_owner_has_same_repo=Der neue Eigentümer hat bereits ein Repository mit dem gleichen Namen. Bitte wählen Sie einen anderen Namen.
 settings.convert=In ein normales Repository umwandeln
 settings.convert_desc=Dieser Mirror kann in ein normales Repository umgewandelt werden. Dies kann nicht rückgängig gemacht werden.
@@ -599,12 +770,12 @@ settings.convert_notices_1=- Dieser Vorgang wandelt das Mirror-Repository in ein
 settings.convert_confirm=Umwandlung bestätigen
 settings.convert_succeed=Das Repository wurde erfolgreich in ein normales Repository umgewandelt.
 settings.transfer=Besitz übertragen
-settings.transfer_desc=Dieses Repository auf einen anderen Benutzer bzw. eine Organisation in der Sie Admin-Rechte haben übertragen.
+settings.transfer_desc=Dieses Repository auf einen anderen Benutzer oder eine Organisation, in der Sie Admin-Rechte haben, übertragen.
 settings.transfer_notices_1=- Sie werden keinen Zugriff mehr haben, wenn der neue Besitzer ein individueller Benutzer ist.
 settings.transfer_notices_2=- Sie werden weiterhin Zugriff haben, wenn der neue Besitzer eine Organisation ist und Sie einer der Besitzer sind.
 settings.transfer_form_title=Bitte geben Sie die folgenden Informationen ein, um die Operation zu bestätigen:
 settings.wiki_delete=Wiki-Daten löschen
-settings.wiki_delete_desc=Das Löschen von Wiki Daten kann nicht rückgängig gemacht werden. Bitte seien Sie vorsichtig.
+settings.wiki_delete_desc=Das Löschen von Wiki-Daten kann nicht rückgängig gemacht werden. Bitte seien Sie vorsichtig.
 settings.wiki_delete_notices_1=- Dies löscht und deaktiviert das Wiki für %s
 settings.wiki_deletion_success=Repository Wiki Daten erfolgreich gelöscht.
 settings.delete=Dieses Repository löschen
@@ -626,20 +797,25 @@ settings.collaborator_deletion_desc=Nach dem Löschen wird dieser Benutzer keine
 settings.remove_collaborator_success=Mitarbeiter wurde entfernt.
 settings.search_user_placeholder=Benutzer suchen...
 settings.org_not_allowed_to_be_collaborator=Eine Organisation kann nicht als Mitarbeiter hinzugefügt werden.
-settings.user_is_org_member=Benutzer ist ein Organisationsmitglied und kann nicht als Mitarbeiter hinzugefügt werden.
-settings.add_webhook=Webhook hinzufügen
 settings.hooks_desc=Webhooks erlauben es Ihnen, externe Dienste zu informieren, wenn etwas Bestimmtes in Ihrem Repository passiert. Gogs sendet dann einen POST-Request an alle angegebenen URLs. Erfahren Sie mehr in unserem <a target="_blank" href="%s">Webhooks Guide</a>.
+settings.webhooks.add_new=Einen neuen Webhook hinzufügen:
+settings.webhooks.choose_a_type=Typ auswählen...
+settings.add_webhook=Webhook hinzufügen
 settings.webhook_deletion=Webhook entfernen
 settings.webhook_deletion_desc=Das Löschen dieses Webhooks wird alle zugehörigen Informationen und den Übertragungsverlauf entfernen. Wirklich fortfahren?
 settings.webhook_deletion_success=Webhook wurde erfolgreich entfernt!
 settings.webhook.test_delivery=Senden testen
 settings.webhook.test_delivery_desc=Sendet ein simuliertes Push-Ereignis, um die Webhook-Einstellungen zu testen
 settings.webhook.test_delivery_success=Test-Webhook wurde zur Auslieferungswarteschlange hinzugefügt. Es kann einige Sekunden dauern, bevor es in der Auslieferungshistorie erscheint.
+settings.webhook.redelivery=Erneuter Versand
+settings.webhook.redelivery_success=Hook-Task '%s' wurde wieder zur Auslieferungswarteschlange hinzugefügt. Es kann einige Sekunden, bis sich der Auslieferungsstatus in der History aktualisiert hat.
 settings.webhook.request=Anfrage
 settings.webhook.response=Antwort
 settings.webhook.headers=Kopfzeilen
 settings.webhook.payload=Nutzdaten
 settings.webhook.body=Inhalt
+settings.webhook.err_cannot_parse_payload_url=Payload URL kann nicht analysiert werden: %v
+settings.webhook.url_resolved_to_blocked_local_address=Die Payload-URL wurde in eine lokale Netzwerkadresse aufgelöst, die implizit blockiert ist.
 settings.githooks_desc=Git-Hooks werden von Git selbst bereitgestellt. Sie können die Dateien der unterstützten Hooks in der Liste unten bearbeiten, um eigene Operationen einzubinden.
 settings.githook_edit_desc=Wenn ein Hook inaktiv ist, wird der Standardinhalt benutzt. Lassen Sie den Inhalt leer, um den Hook zu deaktivieren.
 settings.githook_name=Hook-Name
@@ -649,6 +825,7 @@ settings.add_webhook_desc=Gogs sendet einen <code>POST</code>-Request an die unt
 settings.payload_url=Payload URL
 settings.content_type=Inhaltstyp
 settings.secret=Secret
+settings.secret_desc=Das Secret wird im <code>X-Gogs-Signature</code> Header als hexadezimalem SHA256 HMAC Stempel der Nutzlast.
 settings.slack_username=Benutzername
 settings.slack_icon_url=Icon URL
 settings.slack_color=Farbe
@@ -658,8 +835,20 @@ settings.event_send_everything=Ich brauche <strong>alles</strong>.
 settings.event_choose=Lass mich auswählen, was ich brauche.
 settings.event_create=Erstellen
 settings.event_create_desc=Branch/Tag erstellt
+settings.event_delete=Löschen
+settings.event_delete_desc=Branch/Tag gelöscht
+settings.event_fork=Fork
+settings.event_fork_desc=Repository geforkt
 settings.event_push=Push
 settings.event_push_desc=Git push auf ein Repository
+settings.event_issues=Issues
+settings.event_issues_desc=Issue geöffnet, geschlossen, wieder geöffnet, bearbeitet, zugewiesen, nicht zugewiesen, Label aktualisiert, Label gelöscht, einem Meilenstein zugewiesen oder davon entfernt.
+settings.event_pull_request=Pull-Request
+settings.event_pull_request_desc=Pull-Request geöffnet, geschlossen, wieder geöffnet, bearbeitet, zugewiesen, nicht zugewiesen, Label aktualisiert, Label gelöscht, einem Meilenstein zugewiesen, davon entfernt oder synchronisiert.
+settings.event_issue_comment=Issue-Kommentar
+settings.event_issue_comment_desc=Issue-Kommentar angelegt, geändert oder gelöscht.
+settings.event_release=Release
+settings.event_release_desc=Release in Repository veröffentlicht.
 settings.active=Aktiv
 settings.active_helper=Details über das auslösende Ereignis des Webhooks werden ebenfalls mit gesendet
 settings.add_hook_success=Webhook hinzugefügt
@@ -669,10 +858,13 @@ settings.delete_webhook=Webhook löschen
 settings.recent_deliveries=Letzte Zustellungen
 settings.hook_type=Hook Typ
 settings.add_slack_hook_desc=Fügen Sie <a href="%s">Slack</a>-Integration zu Ihrem Repository hinzu.
+settings.add_discord_hook_desc=Fügen Sie <a href="%s">Discord</a>-Integration zu Ihrem Repository hinzu.
+settings.add_dingtalk_hook_desc=<a href="%s">Dingtalk</a>-Integration zu deinem Repository hinzufügen.
 settings.slack_token=Token
 settings.slack_domain=Domain
 settings.slack_channel=Kanal
 settings.deploy_keys=Deploy-Schlüssel
+settings.deploy_keys_helper=<b>Häufiger Fehler!</b> Wenn Sie öffentliche Schlüssel hinzufügen wollen, gehen Sie zu Ihren <a href="%s%s"> Kontoeinstellungen</a>.
 settings.add_deploy_key=Deploy-Schlüssel hinzufügen
 settings.deploy_key_desc=Deploy-Schlüssel haben nur lesenden Zugriff. Sie sind nicht identisch mit dem SSH-Schlüssel des persönlichen Kontos.
 settings.no_deploy_keys=Sie haben noch keine Deploy-Schlüssel hinzugefügt.
@@ -684,6 +876,8 @@ settings.add_key_success=Der Deploy-Schlüssel '%s' wurde erfolgreich hinzugefü
 settings.deploy_key_deletion=Deploy-Schlüssel löschen
 settings.deploy_key_deletion_desc=Nach dem Löschen dieses Deploy-Schlüssels werden entsprechende Zugriffe auf dieses Repository nicht mehr möglich sein. Möchten Sie wirklich fortfahren?
 settings.deploy_key_deletion_success=Deploy-Schlüssel wurde erfolgreich gelöscht!
+settings.description_desc=Beschreibung des Repository. Maximal 512 Zeichen.
+settings.description_length=Verfügbare Zeichen

 diff.browse_source=Quellcode durchsuchen
 diff.parent=Ursprung
@@ -702,7 +896,6 @@ release.releases=Releases
 release.new_release=Neues Release
 release.draft=Entwurf
 release.prerelease=Pre-Release
-release.stable=Stabil
 release.edit=bearbeiten
 release.ahead=<strong>%d</strong> Commits zu %s seit diesem Release
 release.source_code=Quelltext
@@ -749,8 +942,8 @@ team_name_helper=Unter diesem Namen können Sie in Diskussionen auf das Team ver
 team_desc_helper=Worum geht es bei diesem Team?
 team_permission_desc=Welche Berechtigungsstufe soll das Team haben?

-form.name_reserved=Organisationsname '%s' ist bereits vergeben.
-form.name_pattern_not_allowed=Organisationsnamen der Form '%s' sind nicht erlaubt.
+form.name_not_allowed=Organisationsname oder Muster %q ist nicht zulässig.
+form.team_name_not_allowed=Benutzername oder Muster %q ist nicht erlaubt.

 settings=Einstellungen
 settings.options=Optionen
@@ -822,12 +1015,19 @@ first_page=Erste
 last_page=Letzte
 total=Gesamt: %d

+dashboard.build_info=Build-Informationen
+dashboard.app_ver=Anwendungsversion
+dashboard.git_version=Git-Version
+dashboard.go_version=Go-Version
+dashboard.build_time=Build-Zeit
+dashboard.build_commit=Build-Commit
 dashboard.statistic=Statistik
 dashboard.operations=Operationen
 dashboard.system_status=Systemmonitor-Status
 dashboard.statistic_info=Gogs Datenbank hat <b>%d</b> Benutzer, <b>%d</b> Organisationen, <b>%d</b> öffentliche Schlüssel, <b>%d</b> Repositories, <b>%d</b> Beobachtet, <b>%d</b> Favoriten, <b>%d</b> Aktionen, <b>%d</b> Zugriffe, <b>%d</b> Issues, <b>%d</b> Kommentare, <b>%d</b> Konten sozialer Medien, <b>%d</b> Folgende, <b>%d</b> Mirror, <b>%d</b> Releases, <b>%d</b> Login-Quellen, <b>%d</b> Webhooks, <b>%d</b> Meilensteine, <b>%d</b> Label, <b>%d</b> Hook-Tasks, <b>%d</b> Teams, <b>%d</b> Aktualisierungs-Tasks, <b>%d</b> Anhänge.
 dashboard.operation_name=Name der Operation
 dashboard.operation_switch=Wechseln
+dashboard.select_operation_to_run=Bitte wählen Sie den auszuführenden Vorgang aus
 dashboard.operation_run=Ausführen
 dashboard.clean_unbind_oauth=Nicht verbundene OAuths bereinigen
 dashboard.clean_unbind_oauth_success=Alle nicht verbundenen OAuth-Tokens wurden gelöscht.
@@ -841,8 +1041,8 @@ dashboard.git_gc_repos=Garbage Collection auf Repositories ausführen
 dashboard.git_gc_repos_success=Garbage Collection wurde auf allen Repositories erfolgreich ausgeführt.
 dashboard.resync_all_sshkeys=Datei '.ssh/authorized_keys' neu anlegen (Achtung: Schlüssel, die nicht zu Gogs gehören gehen verloren)
 dashboard.resync_all_sshkeys_success=Alle öffentlichen Keys wurden erfolgreich neu geschrieben.
-dashboard.resync_all_update_hooks=Alle Aktualisierungs-Hooks von Repositories neu anlegen (wird benötigt, wenn der angepasste Konfigurationspfad geändert wurde)
-dashboard.resync_all_update_hooks_success=Die Hooks aller Repositories wurden erfolgreich neu angelegt.
+dashboard.resync_all_hooks=Synchronisiere pre-receive, update und post-receive Hooks für alle Repositories
+dashboard.resync_all_hooks_success=Pre-receive, update und post-receive Hooks aller Repositorien wurden erfolgreich synchronisiert.
 dashboard.reinit_missing_repos=Alle Repository-Datensätze mit verloren gegangenen Git-Dateien neu initialisieren
 dashboard.reinit_missing_repos_success=Alle Repository-Datensätze, die Git-Dateien verloren haben wurden erfolgreich neu initialisiert.

@@ -917,12 +1117,14 @@ repos.private=Privat
 repos.watches=Beobachtungen
 repos.stars=Favoriten
 repos.issues=Issues
+repos.size=Größe

-auths.auth_manage_panel=Authentifizierung
+auths.auth_sources=Authentifizierungsquelle
 auths.new=Neue Quelle hinzufügen
 auths.name=Name
 auths.type=Typ
 auths.enabled=Aktiviert
+auths.default=Standard
 auths.updated=Aktualisiert
 auths.auth_type=Authentifizierungstyp
 auths.auth_name=Authentifizierungsname
@@ -931,15 +1133,21 @@ auths.domain=Domain
 auths.host=Host
 auths.port=Port
 auths.bind_dn=DN binden
+auths.bind_dn_helper=Sie können "%s" als Platzhalter für den Benutzernamen einsetzen, z.B. DOM\%s
 auths.bind_password=Passwort binden
 auths.bind_password_helper=Achtung: Das Passwort wird im Klartext gespeichert. Benutzen Sie kein Konto mit hoher Berechtigungsstufe.
 auths.user_base=Basis für Benutzersuche
-auths.user_dn=Benutzer DN
+auths.user_dn=Benutzer-DN
 auths.attribute_username=Attribut Benutzername
 auths.attribute_username_placeholder=Leer lassen, um den Wert aus dem Anmeldeformular als Benutzernamen zu verwenden.
-auths.attribute_name=Attribut Vorname
+auths.attribute_name=Vornamenattribut
 auths.attribute_surname=Attribut Nachname
 auths.attribute_mail=Attribut E-Mail
+auths.verify_group_membership=Überprüfen der Gruppenmitgliedschaft
+auths.group_search_base_dn=Gruppensuche Basisdomainname
+auths.group_filter=Gruppenfilter
+auths.group_attribute_contain_user_list=Gruppenattribut, beinhaltet die Benutzerliste
+auths.user_attribute_listed_in_group=Benutzerattribut in der Gruppenliste
 auths.attributes_in_bind=Hole Attribute im Bind-Kontext
 auths.filter=Benutzerfilter
 auths.admin_filter=Admin Filter
@@ -953,9 +1161,9 @@ auths.enable_tls=TLS-Verschlüsselung aktivieren
 auths.skip_tls_verify=TLS-Prüfung überspringen
 auths.pam_service_name=PAM Dienstname
 auths.enable_auto_register=Automatische Registrierung aktivieren
-auths.tips=Tipps
 auths.edit=Authentifizierungseinstellungen bearbeiten
 auths.activated=Diese Authentifizierung ist aktiv
+auths.default_auth=Diese Authentifizierungsmethode ist die Vorgabe
 auths.new_success=Neue Authentifizierung '%s' wurde erfolgreich hinzugefügt.
 auths.update_success=Die Authentifizierungseinstellungen wurden erfolgreich aktualisiert.
 auths.update=Authentifizierungseinstellungen aktualisieren
@@ -964,86 +1172,189 @@ auths.delete_auth_title=Authentifizierung löschen
 auths.delete_auth_desc=Diese Authentifizierung wird gelöscht. Möchten Sie fortfahren?
 auths.still_in_used=Diese Authentifizierung wird noch von einigen Benutzern verwendet. Bitte löschen Sie diese Benutzer oder ändern Sie deren Anmeldetyp.
 auths.deletion_success=Authentifizierung wurde erfolgreich gelöscht!
+auths.login_source_exist=Login-Quelle '%s' ist bereits vorhanden.
+auths.github_api_endpoint=API Endpunkt

+config.not_set=(nicht festgelegt)
 config.server_config=Serverkonfiguration
-config.app_name=Anwendungsname
-config.app_ver=Anwendungsversion
-config.app_url=Anwendungs-URL
-config.domain=Domain
-config.offline_mode=Offline-Modus
-config.disable_router_log=Router-Log deaktivieren
+config.brand_name=Markenname
 config.run_user=Ausführender Benutzer
 config.run_mode=Laufzeit-Modus
-config.repo_root_path=Repository-Verzeichnis
-config.static_file_root_path=Verzeichnis für statische Dateien
-config.log_file_root_path=Log-Verzeichnis
-config.script_type=Skript-Typ
-config.reverse_auth_user=Nutzer bei Reverse-Authentifizierung
+config.server.external_url=Externe URL
+config.server.domain=Domäne
+config.server.protocol=Protokoll
+config.server.http_addr=HTTP-Adresse
+config.server.http_port=HTTP-Port
+config.server.cert_file=Zertifikatsdatei
+config.server.key_file=Schlüsseldatei
+config.server.tls_min_version=Minimale TLS-Version
+config.server.unix_socket_permission=Unix-Socket-Berechtigung
+config.server.local_root_url=Lokale Root-URL
+config.server.offline_mode=Offline-Modus
+config.server.disable_router_log=Router-Log deaktivieren
+config.server.enable_gzip=Gzip aktivieren
+config.server.app_data_path=Anwendungsdatenpfad
+config.server.load_assets_from_disk=Assets von Festplatte laden
+config.server.landing_url=Startseite

 config.ssh_config=SSH Konfiguration
-config.ssh_enabled=Aktiviert
-config.ssh_start_builtin_server=Eingebauten Server starten
-config.ssh_domain=Domain
-config.ssh_port=Port
-config.ssh_listen_port=Listen Port
-config.ssh_root_path=Verzeichnis
-config.ssh_key_test_path=Schlüssel-Test-Pfad
-config.ssh_keygen_path=Keygen ('ssh-keygen') Pfad
-config.ssh_minimum_key_size_check=Prüfung der Mindestschlüssellänge
-config.ssh_minimum_key_sizes=Minimale Schlüssellängen
+config.ssh.enabled=Aktiviert
+config.ssh.domain=Exponierte Domain
+config.ssh.port=Exponierter Port
+config.ssh.root_path=Wurzelpfad
+config.ssh.keygen_path=Keygenpfad
+config.ssh.key_test_path=Schlüsseltestpfad
+config.ssh.minimum_key_size_check=Prüfung der Mindestschlüssellänge
+config.ssh.minimum_key_sizes=Mindestschlüssellängen
+config.ssh.rewrite_authorized_keys_at_start=Beim Start "authorized_keys" umschreiben
+config.ssh.start_builtin_server=Eingebauten Server starten
+config.ssh.listen_host=Listen-Host
+config.ssh.listen_port=Listen-Port
+config.ssh.server_ciphers=Serverchiffren
+config.ssh.server_macs=Server MACs
+config.ssh.server_algorithms=Server-Algorithmen
+
+config.repo_config=Repository-Konfiguration
+config.repo.root_path=Wurzelpfad
+config.repo.script_type=Skript-Typ
+config.repo.ansi_chatset=ANSI-Zeichensatz
+config.repo.force_private=Privat erzwingen
+config.repo.max_creation_limit=Maximales Erstellungslimit
+config.repo.preferred_licenses=Bevorzugte Lizenzen
+config.repo.disable_http_git=HTTP-Git deaktivieren
+config.repo.enable_local_path_migration=Lokale Pfadmigration aktivieren
+config.repo.enable_raw_file_render_mode=Darstellen von Roh-Dateien aktivieren
+config.repo.commits_fetch_concurrency=Anzahl gleichzeitiger Commit-/Fetch-Prozesse
+config.repo.editor.line_wrap_extensions=Editor Erweiterungen für Zeilenumbrüche
+config.repo.editor.previewable_file_modes=Vorschau der Dateimodi des Editors
+config.repo.upload.enabled=Upload aktiviert
+config.repo.upload.temp_path=Temporärer Pfad für Uploads
+config.repo.upload.allowed_types=Erlaubte Upload-Typen
+config.repo.upload.file_max_size=Upload-Dateigrößenlimit
+config.repo.upload.max_files=Upload-Dateilimit

 config.db_config=Datenbankkonfiguration
-config.db_type=Typ
-config.db_host=Host
-config.db_name=Name
-config.db_user=Benutzer
-config.db_ssl_mode=SSL-Modus
-config.db_ssl_mode_helper=(nur für "postgres")
-config.db_path=Verzeichnis
-config.db_path_helper=(für "sqlite3" und "tidb")
-config.service_config=Service-Konfiguration
-config.register_email_confirm=E-Mail-Bestätigung bei Registrierung
-config.disable_register=Registrierung deaktivieren
-config.show_registration_button=Schaltfläche Registrieren anzeigen
-config.require_sign_in_view=Ansehen erfordert Anmeldung
-config.mail_notify=E-Mail-Benachrichtigung
-config.disable_key_size_check=Prüfung der Mindestschlüssellänge deaktiveren
-config.enable_captcha=Captcha aktivieren
-config.active_code_lives=Aktivierungscode Lebensdauer
-config.reset_password_code_lives=Passwortcode Lebensdauer
-config.webhook_config=Webhook-Konfiguration
-config.queue_length=Warteschlangenlänge
-config.deliver_timeout=Zeitlimit für Zustellung
-config.skip_tls_verify=TLS verifikation überspringen
-config.mailer_config=Mailer-Konfiguration
-config.mailer_enabled=Aktiviert
-config.mailer_disable_helo=HELO Deaktivieren
-config.mailer_name=Name
-config.mailer_host=Host
-config.mailer_user=Benutzer
-config.send_test_mail=Test-E-Mail senden
-config.test_mail_failed=Das Senden der Test-E-Mail an '%s': %v ist fehlgeschlagen
-config.test_mail_sent=Test-E-Mail wurde an '%s' gesendet.
-config.oauth_config=OAuth-Konfiguration
-config.oauth_enabled=Aktiviert
-config.cache_config=Cache-Konfiguration
-config.cache_adapter=Cache-Adapter
-config.cache_interval=Cache-Intervall
-config.cache_conn=Cache-Anbindung
+config.db.type=Typ
+config.db.host=Host
+config.db.name=Name
+config.db.schema=Schema
+config.db.schema_helper=(nur für "postgres")
+config.db.user=Benutzer
+config.db.ssl_mode=SSL-Modus
+config.db.ssl_mode_helper=(nur für "postgres")
+config.db.path=Pfad
+config.db.path_helper=(nur für "sqlite3")
+config.db.max_open_conns=Maximale Anzahl offener Verbindungen
+config.db.max_idle_conns=Maximale Leerlaufverbindungen
+
+config.security_config=Sicherheitskonfiguration
+config.security.login_remember_days=Anzahl Tage zum Speichern des Logins
+config.security.cookie_remember_name=Cookie merken
+config.security.cookie_username=Benutzernamen-Cookie
+config.security.cookie_secure=Sicheres Cookie aktivieren
+config.security.reverse_proxy_auth_user=Reverse-Proxy-Authentifizierungs-Header
+config.security.enable_login_status_cookie=Login-Status-Cookie aktivieren
+config.security.login_status_cookie_name=Login-Status-Cookie
+config.security.local_network_allowlist=Zulassungsliste für lokale Netzwerke
+
+config.email_config=E-Mail-Konfiguration
+config.email.enabled=Aktiviert
+config.email.subject_prefix=Betreff-Präfix
+config.email.host=Host
+config.email.from=Von
+config.email.user=Benutzer
+config.email.disable_helo=HELO deaktivieren
+config.email.helo_hostname=HELO Hostname
+config.email.skip_verify=Zertifikatsüberprüfung überspringen
+config.email.use_certificate=Benutzerdefiniertes Zertifikat verwenden
+config.email.cert_file=Zertifikatsdatei
+config.email.key_file=Schlüsseldatei
+config.email.use_plain_text=Klartext verwenden
+config.email.add_plain_text_alt=Klartext-Alternative hinzufügen
+config.email.send_test_mail=Test-E-Mail senden
+config.email.test_mail_failed=Fehler beim Senden der Test-E-Mail an '%s': %v
+config.email.test_mail_sent=Test-E-Mail wurde an '%s ' gesendet.
+
+config.auth_config=Authentifizierungskonfiguration
+config.auth_custom_logout_url=Custom logout URL
+config.auth.activate_code_lives=Aktivierungscode Lebensdauer
+config.auth.reset_password_code_lives=Gültigkeitsdauer Zurücksetzungs-Code
+config.auth.require_email_confirm=E-Mail-Bestätigung erforderlich
+config.auth.require_sign_in_view=Anmeldung erforderlich
+config.auth.disable_registration=Registrierung deaktivieren
+config.auth.enable_registration_captcha=Registrierungs-Captcha aktivieren
+config.auth.enable_reverse_proxy_authentication=Reverse-Proxy-Authentifizierung aktivieren
+config.auth.enable_reverse_proxy_auto_registration=Automatische Reverse-Proxy-Registrierung aktivieren
+config.auth.reverse_proxy_authentication_header=Reverse-Proxy-Authentifizierungs-Header
+
+config.user_config=Benutzerkonfiguration
+config.user.enable_email_notify=E-Mail-Benachrichtigung aktivieren
+
 config.session_config=Session-Konfiguration
-config.session_provider=Session-Provider
-config.provider_config=Provider-Einstellungen
-config.cookie_name=Cookie-Name
-config.enable_set_cookie=Cookies verwenden
-config.gc_interval_time=GC-Intervall
-config.session_life_time=Session-Lebensdauer
-config.https_only=Nur HTTPS
-config.cookie_life_time=Cookie-Lebensdauer
+config.session.provider=Anbieter
+config.session.provider_config=Anbieter-Konfiguration
+config.session.cookie_name=Cookie
+config.session.https_only=Nur HTTPS
+config.session.gc_interval=GC-Intervall
+config.session.max_life_time=Maximale Lebensdauer
+config.session.csrf_cookie_name=CSRF-Cookie
+
+config.cache_config=Cache-Konfiguration
+config.cache.adapter=Adapter
+config.cache.interval=GC-Intervall
+config.cache.host=Host
+
+config.http_config=HTTP-Konfiguration
+config.http.access_control_allow_origin=Access-Control-Allow-Origin
+
+config.attachment_config=Anhang-Konfiguration
+config.attachment.enabled=Aktiviert
+config.attachment.path=Pfad
+config.attachment.allowed_types=Erlaubte Typen
+config.attachment.max_size=Größenlimit
+config.attachment.max_files=Dateilimit
+
+config.release_config=Release-Konfiguration
+config.release.attachment.enabled=Anhang aktiviert
+config.release.attachment.allowed_types=Erlaubte Anhang-Typen
+config.release.attachment.max_size=Größenlimit für Anhang
+config.release.attachment.max_files=Dateilimit für Anhang
+
 config.picture_config=Konfiguration der Profilbilder
-config.picture_service=Bildservice
-config.disable_gravatar=Gravatar deaktivieren
+config.picture.avatar_upload_path=Benutzer-Avatar Upload-Pfad
+config.picture.repo_avatar_upload_path=Repository-Avatar Upload-Pfad
+config.picture.gravatar_source=Gravatar-Quelle
+config.picture.disable_gravatar=Gravatar deaktivieren
+config.picture.enable_federated_avatar=Föderierte Avatare aktivieren
+
+config.mirror_config=Mirror-Konfiguration
+config.mirror.default_interval=Standardintervall
+
+config.webhook_config=Webhook-Konfiguration
+config.webhook.types=Typen
+config.webhook.deliver_timeout=Zeitlimit für Zustellung
+config.webhook.skip_tls_verify=TLS-Prüfung überspringen
+
+config.git_config=Git Konfiguration
+config.git.disable_diff_highlight=Diff-Syntaxhervorhebung ausschalten
+config.git.max_diff_lines=Zeilenlimit für Diff (für eine einzelne Datei)
+config.git.max_diff_line_characters=Zeichenlimit für Diff (für eine einzelne Datei)
+config.git.max_diff_files=Dateilimit für Diff (für einen einzelnen Diff)
+config.git.gc_args=GC-Argumente
+config.git.migrate_timeout=Zeitlimit für Migration
+config.git.mirror_timeout=Zeitlimit zum Spiegeln
+config.git.clone_timeout=Clone-Timeout
+config.git.pull_timeout=Pull-Timeout
+config.git.gc_timeout=GC-Timeout
+
+config.lfs_config=LFS-Konfiguration
+config.lfs.storage=Speicher
+config.lfs.objects_path=Objektpfad
+
 config.log_config=Konfiguration des Loggings
-config.log_mode=Log-Modus
+config.log_file_root_path=Log-Verzeichnis
+config.log_mode=Modus
+config.log_options=Optionen

 monitor.cron=Cron-Tasks
 monitor.name=Name
@@ -1074,17 +1385,24 @@ notices.delete_success=Systemmitteilungen wurden erfolgreich gelöscht.
 create_repo=hat das Repository <a href="%s">%s</a> erstellt
 rename_repo=hat das Repository von <code>%[1]s</code> zu <a href="%[2]s">%[3]s</a> umbenannt
 commit_repo=hat auf <a href="%[1]s/src/%[2]s">%[3]s</a> in <a href="%[1]s">%[4]s</a> gepusht
+compare_commits=Zeige Vergleich für diese %d Commits
+transfer_repo=hat Repository <code>%s</code> transferiert an <a href="%s">%s</a>
 create_issue=`hat Issue <a href="%s/issues/%s">%s#%[2]s</a> geöffnet`
 close_issue=`hat Issue <a href="%s/issues/%s">%s#%[2]s</a> geschlossen`
 reopen_issue=`hat Issue <a href="%s/issues/%s">%s#%[2]s</a> wieder geöffnet`
+comment_issue=`hat Issue <a href="%s/issues/%s">%s#%[2]s</a> kommentiert`
 create_pull_request=`hat Pull-Request <a href="%s/pulls/%s">%s#%[2]s</a> erstellt`
 close_pull_request=`hat Pull-Request <a href="%s/pulls/%s">%s#%[2]s</a> geschlossen`
 reopen_pull_request=`hat den Pull-Request <a href="%s/pulls/%s">%s#%[2]s</a> wieder geöffnet`
-comment_issue=`hat Issue <a href="%s/issues/%s">%s#%[2]s</a> kommentiert`
-merge_pull_request=`hat Pull-Request <a href="%s/pulls/%s">%s#%[2]s</a> zuammengeführt`
-transfer_repo=hat Repository <code>%s</code> transferiert an <a href="%s">%s</a>
+merge_pull_request=`hat Pull-Request <a href="%s/pulls/%s">%s#%[2]s</a> zusammengeführt`
+create_branch=hat neuen Branch <a href="%[1]s/src/%[2]s">%[3]s</a> in <a href="%[1]s">%[4]s</a> angelegt
+delete_branch=hat Branch <code>%[2]s</code> in <a href="%[1]s">%[3]s</a> gelöscht
 push_tag=hat Tag <a href="%s/src/%s">%[2]s</a> auf <a href="%[1]s">%[3]s</a> gepusht
-compare_commits=Zeige Vergleich für diese %d Commits
+delete_tag=hat Tag <code>%[2]s</code> in <a href="%[1]s">%[3]s</a> gelöscht
+fork_repo=hat das Repository nach <a href="%s">%s</a> geforkt
+mirror_sync_push=hat auf <a href="%[1]s/src/%[2]s">%[3]s</a> in <a href="%[1]s">%[4]s</a> gepusht
+mirror_sync_create=synced new reference <a href="%s/src/%s">%[2]s</a> to <a href="%[1]s">%[3]s</a> from mirror
+mirror_sync_delete=synced and deleted reference <code>%[2]s</code> at <a href="%[1]s">%[3]s</a> from mirror

 [tool]
 ago=vor
@@ -1106,6 +1424,7 @@ months=%[2]s %[1]d Monaten
 years=%[2]s %[1]d Jahren
 raw_seconds=Sekunden
 raw_minutes=Minuten
+raw_hours=Stunden

 [dropzone]
 default_message=Zum Hochladen hier klicken oder Datei hier ablegen.
@@ -9,7 +9,6 @@ sign_out=Cerrar sesión
 sign_up=Registro
 register=Registro
 website=Página web
-version=Versión
 page=Página
 template=Plantilla
 language=Idioma
@@ -25,7 +24,7 @@ captcha=Captcha

 repository=Repositorio
 organization=Organización
-mirror=Mirror
+mirror=Réplica
 new_repo=Nuevo repositorio
 new_migrate=Nueva migración
 new_mirror=Nueva réplica
@@ -44,23 +43,27 @@ issues=Incidencias

 cancel=Cancelar

+[status]
+page_not_found=Página no encontrada
+internal_server_error=Error Interno del Servidor
+
 [install]
 install=Instalación
 title=Pasos de la instalación por primera vez
 docker_helper=Si está ejecutando Gogs usando Docker, ¡por favor lea <a target="_blank" href="%s"> estas pautas</a> antes de cambiar nada en esta página!
-requite_db_desc=Gogs requiere una base de datos MySQL, PostgreSQL, SQLite3 o TiDB.
+requite_db_desc=Gogs requiere MySQL, PostgreSQL, SQLite3 o TiDB (a través del protocolo MySQL).
 db_title=Configuración de base de datos
 db_type=Tipo de base de datos
 host=Host
 user=Usuario
 password=Contraseña
 db_name=Nombre de la base de datos
+db_schema=Esquema
 db_helper=Por favor utilice el motor INNODB con la configuración de caracteres utf8_general_ci para MySQL.
 ssl_mode=Modo SSL
 path=Ruta
-sqlite_helper=Ruta al archivo de base de datos SQLite3 o TiDB. <br>Por favor, usa una ruta absoluta cuando inicies como servicio.
-err_empty_db_path=La ruta a la base de datos SQLite3 o TiDB no puede estar vacía.
-err_invalid_tidb_name=El nombre de la base de datos TiDB no puede contener los caracteres "." ni "-".
+sqlite_helper=La ruta del archivo de base de datos de SQLite3. <br> Por favor usar una ruta absoluta al iniciar Gogs como servicio.
+err_empty_db_path=La ruta de la base de datos SQLite3 no puede estar vacía.
 no_admin_and_disable_registration=No puede deshabilitar el registro sin crear una cuenta de administrador.
 err_empty_admin_password=La contraseña de administrador no puede estar vacía.

@@ -75,12 +78,17 @@ domain=Dominio
 domain_helper=Esto afecta a las URLs para clonar por SSH.
 ssh_port=Puerto SSH
 ssh_port_helper=Número de puerto de su servidor SSH, déjelo en blanco para desactivar SSH.
+use_builtin_ssh_server=Usar Builtin SSH Server
+use_builtin_ssh_server_popup=Iniciar servidor SSH integrado para operaciones con Git para distinguirlo del demonio SSH del sistema.
 http_port=Puerto HTTP
 http_port_helper=Puerto en el que escuchará la aplicación.
 app_url=URL de la aplicación
 app_url_helper=Esto afecta a las URLs para clonar por HTTP/HTTPS y a algunos correos electrónicos.
 log_root_path=Ruta del registro
 log_root_path_helper=Directorio donde almacenar los registros.
+enable_console_mode=Activar Modo Consola
+enable_console_mode_popup=Además del modo archivo, también imprime los registros en consola.
+default_branch=Rama por defecto

 optional_title=Configuración opcional
 email_title=Configuración del servicio de correo
@@ -96,6 +104,8 @@ offline_mode=Activar el modo Sin Conexión
 offline_mode_popup=Desactivar el CDN incluso en el modo de producción, todos los recursos se servirán localmente.
 disable_gravatar=Desactivar el servicio Gravatar
 disable_gravatar_popup=Desactivar Gravatar y cualquier otra fuente personalizada. Todos los avatares deben ser cargados por los usuarios o en su defecto se mostrará el avatar predeterminado.
+federated_avatar_lookup=Habilitar búsqueda de Avatares Federados
+federated_avatar_lookup_popup=Habilitar búsqueda de avatares federador para usar el servicio federado de código abierto basado en libravatar.
 disable_registration=Desactivar Auto-Registro
 disable_registration_popup=Desactivar auto-registro del usuario, solo el administrador podrá crear cuentas nuevas.
 enable_captcha=Activar la Captcha
@@ -109,12 +119,15 @@ admin_password=Contraseña
 confirm_password=Confirmar Contraseña
 admin_email=Correo electrónico del administrador
 install_gogs=Instalar Gogs
-test_git_failed=Fallo al probar el comando 'git': %v
+test_git_failed=Error al probar el comando 'git': %v
 sqlite3_not_available=Tu versión no soporta SQLite3, por favor descarga el binario oficial desde %s, NO la versión de gobuild.
 invalid_db_setting=La configuración de la base de datos no es correcta: %v
 invalid_repo_path=La ruta de la raíz del repositorio es inválida: %v
 run_user_not_match=El usuario que está ejecutando la aplicación no es el usuario actual: %s -> %s
+smtp_host_missing_port=No se ha definido el puerto para el host SMTP.
+invalid_smtp_from=El campo SMTP no es válido: %v
 save_config_failed=Error al guardar la configuración: %v
+init_failed=Error al inicializar la aplicación: %v
 invalid_admin_setting=La configuración de la cuenta de administración es inválida: %v
 install_success=Bienvenido! Estamos encantados de que hayas escogido Gogs, diviértete y cuídate.
 invalid_log_root_path=La ruta para los registros es inválida: %v
@@ -135,6 +148,7 @@ issues.in_your_repos=En tus repositorios
 [explore]
 repos=Repositorios
 users=Usuarios
+organizations=Organizaciones
 search=Buscar

 [auth]
@@ -143,6 +157,8 @@ register_hepler_msg=¿Ya tienes una cuenta? ¡Inicia sesión!
 social_register_hepler_msg=¿Ya tienes una cuenta? ¡Enlázala!
 disable_register_prompt=Lo sentimos, el registro está deshabilitado. Por favor, contacta con el administrador del sitio.
 disable_register_mail=Lo sentimos. Los correos de Confirmación de Registro están deshabilitados.
+auth_source=Authentication Source
+local=Local
 remember_me=Recuérdame
 forgot_password=He olvidado mi contraseña
 forget_password=¿Has olvidado tu contraseña?
@@ -152,16 +168,23 @@ active_your_account=Activa tu cuenta
 prohibit_login=Ingreso prohibido
 prohibit_login_desc=Su cuenta tiene prohibido ingresar al sistema, fovor contactar al administrador del sistema.
 resent_limit_prompt=Lo sentimos, estás solicitando el reenvío del mail de activación con demasiada frecuencia. Por favor, espera 3 minutos.
-has_unconfirmed_mail=Hola %s, tu correo electrónico (<b>%s</b>) no está confirmado. Si no has recibido un correo de confirmación o necesitas que lo enviemos de nuevo, por favor, haz click en el siguiente botón.
+has_unconfirmed_mail=Hola %s, tu correo electrónico (<b>%s</b>) no está confirmado. Si no has recibido un correo de confirmación o necesitas que te lo enviemos de nuevo, por favor haz click en el siguiente botón.
 resend_mail=Haz click aquí para reenviar tu correo electrónico de activación
-email_not_associate=Esta dirección de correo electrónico no esta asociada a ninguna cuenta.
 send_reset_mail=Haga clic aquí para (re)enviar el correo para el restablecimiento de la contraseña
 reset_password=Restablecer su contraseña
 invalid_code=Lo sentimos, su código de confirmación ha expirado o no es valido.
 reset_password_helper=Haga Clic aquí para restablecer su contraseña
-password_too_short=La longitud de la contraseña no puede ser menor a 6.
+password_too_short=La longitud de la contraseña no puede ser menor de 6 caracteres.
 non_local_account=Cuentas que no son locales no pueden cambiar las contraseñas a través de Gogs.

+login_two_factor=Autenticación en dos pasos
+login_two_factor_passcode=Pin de autenticación
+login_two_factor_enter_recovery_code=Introduce un código de recuperación de autenticación en dos pasos
+login_two_factor_recovery=Recuperación de autenticación en dos pasos
+login_two_factor_recovery_code=Código de recuperación
+login_two_factor_enter_passcode=Introduce un Pin de autenticación a dos pasos
+login_two_factor_invalid_recovery_code=El código de recuperación ya se ha utilizado o no es válido.
+
 [mail]
 activate_account=Por favor, active su cuenta
 activate_email=Verifique su correo electrónico
@@ -187,9 +210,17 @@ TeamName=Nombre del equipo
 AuthName=Nombre de autorización
 AdminEmail=Correo electrónico del administrador

+NewBranchName=Nuevo nombre de rama
+CommitSummary=Resumen del commit
+CommitMessage=Mensaje de commit
+CommitChoice=Hacer commit de la elección
+TreeName=Ruta del archivo
+Content=Contenido
+
 require_error=` no puede estar vacío.`
-alpha_dash_error=` los caracteres deben ser Alfanumericos o dash(-_).`
-alpha_dash_dot_error=` debe ser un caracter alfanumérivo válido, un guión alto o bajo (-_) o un signo de puntuación.`
+alpha_dash_error=` los caracteres deben ser alfanuméricos o un guión (-_).`
+alpha_dash_dot_error=` debe ser un carácter alfanumérico válido, un guión (-_) o un signo de puntuación.`
+alpha_dash_dot_slash_error=` deben ser caracteres alfanuméricos, guiones(-_), puntos o barras.`
 size_error=` debe ser de tamaño %s.`
 min_size_error=` debe contener al menos %s caracteres.`
 max_size_error=` debe contener como máximo %s caracteres.`
@@ -206,6 +237,7 @@ org_name_been_taken=Ya existe una organización con este nombre.
 team_name_been_taken=Ya existe un equipo con este nombre.
 email_been_used=Esta dirección de correo electrónico ya está en uso.
 username_password_incorrect=Nombre de usuario o contraseña incorrectos.
+auth_source_mismatch=The authentication source selected is not associated with the user.
 enterred_invalid_repo_name=Por favor, asegúrate de que has introducido correctamente el nombre del repositorio.
 enterred_invalid_owner_name=Por favor, asegúrate de que has introducido correctamente el nombre del propietario.
 enterred_invalid_password=Por favor, asegúrate de que has introducido correctamente tu contraseña.
@@ -233,18 +265,18 @@ following=Siguiendo
 follow=Seguir
 unfollow=Dejar de seguir

-form.name_reserved=El usuario '%s' está reservado.
-form.name_pattern_not_allowed=El patrón de nombre de usuario '%s' no está permitido.
+form.name_not_allowed=El nombre de usuario o patrón %q no está permitido.

 [settings]
 profile=Perfil
 password=Contraseña
+avatar=Avatar
 ssh_keys=Claves SSH
-social=Redes Sociales
-applications=Aplicaciones
+security=Seguridad
+repos=Repositorios
 orgs=Organizaciones
+applications=Aplicaciones
 delete=Eliminar cuenta
-uid=UUID

 public_profile=Perfil público
 profile_desc=Tu correo electrónico es público y será usado para todas las notificaciones relacionadas con cualquier cuenta y cualquier operación hecha a través de la web.
@@ -259,6 +291,8 @@ change_username_prompt=Este cambio afectará a los enlaces que hacen referencia
 continue=Continuar
 cancel=Cancelar

+lookup_avatar_by_mail=Buscar avatar por correo
+federated_avatar_lookup=Búsqueda de Avatar Federado
 enable_custom_avatar=Activar avatar personalizado
 choose_new_avatar=Selecciona nuevo avatar
 update_avatar=Actualizar configuración del avatar
@@ -283,6 +317,7 @@ delete_email=Eliminar
 email_deletion=Eliminar correo electrónico
 email_deletion_desc=Al eliminar esta dirección de correo electrónico se eliminará toda la información asociada a esta. ¿Deseas continuar?
 email_deletion_success=¡El correo electrónico ha sido eliminado correctamente!
+email_deletion_primary=Cannot delete primary email address.
 add_new_email=Añadir nueva dirección de correo electrónico
 add_email=Añadir correo electrónico
 add_email_confirmation_sent=Un nuevo correo de confirmación ha sido enviado a '%s'. Por favor, comprueba tu bandeja de entrada en las próximas %d horas para completar el proceso.
@@ -308,14 +343,36 @@ no_activity=No hay actividad reciente
 key_state_desc=Esta clave ha sido usada en los últimos 7 días
 token_state_desc=Token usado en los últimos 7 días

-manage_social=Gestionar Redes Sociales asociadas
-social_desc=Esta es una lista de las Redes Sociales asociadas. Elimina cualquier vínculo que no reconozcas.
-unbind=Desvincular
-unbind_success=La Red Social ha sido desvinculada.
+two_factor=Autenticación en dos pasos
+two_factor_status=Estado:
+two_factor_on=Activado
+two_factor_off=Desactivado
+two_factor_enable=Activar
+two_factor_disable=Desactivar
+two_factor_view_recovery_codes=Guarda <a href="%s%s"> tus códigos de recuperación</a> en un lugar seguro. Podrás usarlos como código de acceso si pierdes el acceso a tu aplicación de autenticación.
+two_factor_http=Para las operaciones sobre HTTP/HTTPS, no puedes usar un usuario y contraseña. Por favor, cree y utilice <a href="%[1]s%[2]s"> un token de acceso personal</a> como su credencial de acceso, por ejemplo, <code>%[3]s</code>.
+two_factor_enable_title=Habilitar autenticación en dos pasos
+two_factor_scan_qr=Por favor, use su aplicación de autenticación para escanear la imagen:
+two_factor_or_enter_secret=O introduzca el secreto:
+two_factor_then_enter_passcode=Introduce el Pin:
+two_factor_verify=Verificar
+two_factor_invalid_passcode=¡El Pin que has introducido no es válido, por favor, inténtalo de nuevo!
+two_factor_reused_passcode=¡El pin de autenticación que has introducido ya ha sido usado, por favor intenta con otro!
+two_factor_enable_error=Ha fallado la activación de la autenticación en dos pasos: %v
+two_factor_enable_success=¡La autenticación en dos pasos se ha activado en tu cuenta correctamente!
+two_factor_recovery_codes_title=Códigos de recuperación para la autenticación en dos pasos
+two_factor_recovery_codes_desc=Los códigos de recuperación se usan cuando pierdes temporalmente el acceso a tu aplicación de autenticación. Cada código de recuperación solo puede utilizarse en una ocasión, <b>por favor, mantén estos códigos en lugar seguro</b>.
+two_factor_regenerate_recovery_codes=Regenerar códigos de recuperación
+two_factor_regenerate_recovery_codes_error=Ha fallado la regeneración de códigos de recuperación: %v
+two_factor_regenerate_recovery_codes_success=¡Nuevos códigos de recuperación han sido generados con éxito!
+two_factor_disable_title=Deshabilitar autenticación en dos pasos
+two_factor_disable_desc=El nivel de seguridad de tu cuenta se verá reducido después de desactivar la autenticación en dos pasos. ¿Deseas continuar?
+two_factor_disable_success=¡La autenticación en dos pasos ha sido deshabilitada satisfactoriamente!

 manage_access_token=Gestionar los Tokens de Acceso personales
 generate_new_token=Generar nuevo Token
 tokens_desc=Tokens usados para acceder al API de Gogs.
+access_token_tips=El token de acceso personal puede utilizarse como nombre de usuario o como contraseña. Se recomienda utilizar el "x-access-token" como nombre de usuario y el token de acceso personal como contraseña para las aplicaciones Git.
 new_token_desc=Desde ahora, todos los tokens tendrán acceso completo a tu cuenta.
 token_name=Nombre del Token
 generate_token=Generar Token
@@ -324,6 +381,16 @@ delete_token=Eliminar
 access_token_deletion=Borrado de Token de Acceso Personal
 access_token_deletion_desc=Si elimina este token de acceso personal la aplicación asociada perderá el permiso de acceso. ¿Desea continuar?
 delete_token_success=¡El token de acceso personal ha sido eliminado con éxito! No se olvide de actualizar también las aplicaciones asociadas.
+token_name_exists=Ya existe un token con el mismo nombre.
+
+orgs.none=No eres un miembro de ninguna organización.
+orgs.leave_title=Salir de una organización
+orgs.leave_desc=Perderá el acceso a todos los repositorios y equipos después dejar la organización. ¿Desea continuar?
+
+repos.leave=Salir
+repos.leave_title=Dejar repositorio
+repos.leave_desc=Perderás acceso al repositorio cuando salgas. ¿Quieres continuar?
+repos.leave_success=¡Has dejado el repositorio '%s' con éxito!

 delete_account=Elimina tu cuenta
 delete_prompt=La operación eliminará tu cuenta de forma permanente y ¡<strong>NO</strong> se puede deshacer!
@@ -336,7 +403,9 @@ owner=Propietario
 repo_name=Nombre del repositorio
 repo_name_helper=Los grandes nombres de repositorios son cortos, memorables y <strong>únicos</strong>.
 visibility=Visibilidad
+unlisted=Sin listar
 visiblity_helper=Este repositorio es <span class="ui red text">privado</span>
+unlisted_helper=Este repositorio <span class="ui red text">no está en la lista</span>
 visiblity_helper_forced=El administrador web ha obligado a todos los repositorios nuevos a ser <span class="ui red text"> privados</span>
 visiblity_fork_helper=(Este cambio afectará a todos los forks)
 clone_helper=¿Necesitas ayuda con el clone? ¡Consulta la <a target="_blank" href="%s">Ayuda</a>!
@@ -345,7 +414,7 @@ fork_from=Crear un Fork desde
 fork_visiblity_helper=No es posible cambiar la visibilidad de un Fork
 repo_desc=Descripción
 repo_lang=Idioma
-repo_lang_helper=Seleccione archivo .gitignore
+repo_gitignore_helper=Seleccionar plantillas de .gitignore
 license=Licencia
 license_helper=Selecciona un fichero de licencia
 readme=Readme
@@ -354,31 +423,34 @@ auto_init=Inicializar los archivos seleccionados y plantillas de este repositori
 create_repo=Crear repositorio
 default_branch=Rama por defecto
 mirror_prune=Purgar
-mirror_prune_desc=Remover referencias remotas que no existan remotamente
+mirror_prune_desc=Elimina cualquier referencia de seguimiento remoto que ya no exista en el remoto
 mirror_interval=Intervalo de la réplica (en horas)
 mirror_address=Dirección de la réplica
 mirror_address_desc=Por favor, incluya las credenciales de usuario necesarias en la dirección.
+mirror_last_synced=Última sincronización
 watchers=Seguidores
 stargazers=Fans
 forks=Forks
+repo_description_helper=Descripción del repositorio. Longitud máxima de 512 caracteres.
+repo_description_length=Caracteres disponibles

 form.reach_limit_of_creation=El propietario ha alcanzado el límite máximo de %d repositorios creados.
-form.name_reserved=El nombre del repositorio '%s' está reservado.
-form.name_pattern_not_allowed=El patrón del nombre del repositorio '%s' no está permitido.
+form.name_not_allowed=El nombre de repositorio o patrón %q no está permitido.

 need_auth=Requiere autorización
 migrate_type=Tipo de migración
 migrate_type_helper=Este repositorio será una <span class="text blue">réplica</span>
 migrate_repo=Migrar Repositorio
 migrate.clone_address=Clonar dirección
-migrate.clone_address_desc=Puede ser una URL HTTP/HTTPS/GIT o una ruta local del servidor.
+migrate.clone_address_desc=Esto puede ser una dirección URL HTTP/HTTPS/GIT.
+migrate.clone_address_desc_import_local=También se le permite migrar un repositorio por la ruta del servidor local.
 migrate.permission_denied=No te está permitido importar repositorios locales.
 migrate.invalid_local_path=Rutal local inválida, no existe o no es un directorio.
+migrate.clone_address_resolved_to_blocked_local_address=La dirección de clonado se ha resuelto a una dirección de red local que está implícitamente bloqueada.
 migrate.failed=Migración fallida: %v

 mirror_from=espejo de
 forked_from=forked de
-fork_from_self=¡No puedes crear un fork de un repositorio que ya es tuyo!
 copy_link=Copiar
 copy_link_success=¡Copiado!
 copy_link_error=Presione ⌘ + C o Ctrl-C para copiar
@@ -394,9 +466,9 @@ quick_guide=Guía Rápida
 clone_this_repo=Clonar este repositorio
 create_new_repo_command=Crear un nuevo repositorio desde línea de comandos
 push_exist_repo=Hacer Push de un repositorio existente desde línea de comandos
-repo_is_empty=Este repositorio está vacío, por favor, ¡vuelva más tarde!
+bare_message=Este repositorio aun no tiene contenido alguno.

-code=Código
+files=Archivos
 branch=Rama
 tree=Árbol
 filter_branch_and_tag=Filtrar por rama o etiqueta
@@ -407,15 +479,67 @@ pulls=Pull Requests
 labels=Etiquetas
 milestones=Milestones
 commits=Commits
+git_branches=Ramas
 releases=Releases
 file_raw=Raw
 file_history=Histórico
 file_view_raw=Ver Raw
 file_permalink=Permalink
 file_too_large=Este archivo es demasiado grande para ser mostrado
+video_not_supported_in_browser=Su navegador no soporta el tag video de HTML5.

+branches.overview=Resumen
+branches.active_branches=Ramas activas
+branches.stale_branches=Ramas Viejas
+branches.all=Todas las Ramas
+branches.updated_by=%[1]s actualizado por %[2]s
+branches.change_default_branch=Cambiar la Rama por Defecto
+branches.default_deletion_not_allowed=Cannot delete the default branch.
+branches.protected_deletion_not_allowed=Cannot delete a protected branch.
+
+editor.new_file=Nuevo archivo
+editor.upload_file=Subir archivo
+editor.edit_file=Editar archivo
+editor.preview_changes=Vista previa de los cambios
+editor.cannot_edit_non_text_files=Sólo puede editar archivos de texto
+editor.edit_this_file=Editar este archivo
+editor.must_be_on_a_branch=Debes estar en una rama para hacer o proponer cambios en este archivo
+editor.fork_before_edit=Debes hacer un fork de este repositorio antes de editar el archivo
+editor.delete_this_file=Eliminar este archivo
+editor.must_have_write_access=Debes tener permisos de escritura para hacer o proponer cambios a este archivo
+editor.file_delete_success=¡El archivo '%s' ha sido eliminado con éxito!
+editor.name_your_file=Nombre de archivo...
+editor.filename_help=Para añadir un directorio, simplemente escribelo y presiona /. Para eliminar un directorio, ve al principio del campo y presiona retroceso.
+editor.or=o
+editor.cancel_lower=cancelar
+editor.commit_changes=Hacer commit de los cambios
+editor.add_tmpl=Añadir '%s<filename>'
+editor.add=Añadir '%s'
+editor.update=Actualizar '%s'
+editor.delete=Eliminar '%s'
+editor.commit_message_desc=Añadir una descripción extendida opcional...
+editor.commit_directly_to_this_branch=Hacer commit directamente en la rama <strong class="branch-name">%s</strong>.
+editor.create_new_branch=Crear una <strong>nueva rama</strong> para este commit y hacer un pull request.
+editor.new_branch_name_desc=Nombre de la rama nueva...
+editor.cancel=Cancelar
+editor.filename_cannot_be_empty=El nombre del archivo no puede estar vacío.
+editor.branch_already_exists=La rama '%s' ya existe en este repositorio.
+editor.directory_is_a_file=La entrada '%s' en el directorio padre es un archivo no un directorio en este repositorio.
+editor.file_is_a_symlink=El archivo '%s' es un enlace simbólico que no puede ser modificado desde el editor de la web.
+editor.filename_is_a_directory=El nombre del fichero '%s' es un directorio existente en este repositorio.
+editor.file_editing_no_longer_exists=El archivo '%s' que estás editando ya no existe en este repositorio.
+editor.file_changed_while_editing=El contenido del archivo ha sido modificado desde que empezó a editarlo. <a target="_blank" href="%s">Clic aquí</a> para ver qué ha sido modificado o <strong>presiona confirmar de nuevo</strong> para sobrescribir estos cambios.
+editor.file_already_exists=Ya existe un archivo con nombre '%s' en este repositorio.
+editor.no_changes_to_show=No existen cambios para mostrar.
+editor.fail_to_update_file=Error al actualizar/crear el archivo '%s', error: %v
+editor.fail_to_delete_file=Error al borrar el fichero '%s', error: %v
+editor.add_subdir=Añadir subdirectorio...
+editor.unable_to_upload_files=Error al subir archivos a '%s', error: %v
+editor.upload_files_to_dir=Subir archivos a '%s'
+
+commits.commit_history=Historial de Commits
 commits.commits=Commits
-commits.search=Buscar Commits
+commits.search=Buscar commits
 commits.find=Buscar
 commits.author=Autor
 commits.message=Mensaje
@@ -439,6 +563,11 @@ issues.create=Crear incidencia
 issues.new_label=Nueva Etiqueta
 issues.new_label_placeholder=Nombre etiqueta...
 issues.create_label=Crear etiqueta
+issues.label_templates.title=Carga un conjunto predefinido de etiquetas
+issues.label_templates.info=Tdavía no hay ninguna etiqueta. Puede hacer clic en el botón "Nueva etiqueta" para crear una o utilizar un conjunto predefinido abajo.
+issues.label_templates.helper=Seleccionar un conjunto de etiquetas
+issues.label_templates.use=Usar este conjunto de etiquetas
+issues.label_templates.fail_to_load_file=Error al cargar el archivo de plantilla de etiqueta '%s': %v
 issues.open_tab=%d abiertas
 issues.close_tab=%d cerradas
 issues.filter_label=Etiqueta
@@ -466,7 +595,7 @@ issues.next=Página Siguiente
 issues.open_title=Abierta
 issues.closed_title=Cerrada
 issues.num_comments=%d comentarios
-issues.commented_at='comentado <a href="#%s"> %s'</a>
+issues.commented_at=`comentado <a href="#%s"> %s</a>`
 issues.delete_comment_confirm=¿Seguro que deseas eliminar este comentario?
 issues.no_content=Aún no existe contenido.
 issues.close_issue=Cerrar
@@ -480,8 +609,7 @@ issues.commit_ref_at=`mencionada esta incidencia en un commit <a id="%[1]s" href
 issues.poster=Autor
 issues.collaborator=Colaborador
 issues.owner=Propietario
-issues.sign_up_for_free=Registro gratuito
-issues.sign_in_require_desc=para unirse a esta conversación. ¿Ya dispone de una cuenta? <a href="%s">Inicie sesión para comentar</a>
+issues.sign_in_require_desc=<a href="%s"> Inicie sesión</a> para unirse a esta conversación.
 issues.edit=Editar
 issues.cancel=Cancelar
 issues.save=Guardar
@@ -496,6 +624,8 @@ issues.label_deletion=Borrado de Etiqueta
 issues.label_deletion_desc=Al borrar la etiqueta su información será eliminada de todas las incidencias relacionadas. Desea continuar?
 issues.label_deletion_success=Etiqueta borrada con éxito!
 issues.num_participants=%d participantes
+issues.attachment.open_tab='Haga clic para ver "%s" en una pestaña nueva'
+issues.attachment.download=`Haga clic para descargar "%s"`

 pulls.new=Nuevo Pull Request
 pulls.compare_changes=Comparar cambios
@@ -505,6 +635,7 @@ pulls.compare_compare=comparar con
 pulls.filter_branch=Filtrar rama
 pulls.no_results=Sin resultados.
 pulls.nothing_to_compare=Nada que comparar. Las dos ramas coinciden.
+pulls.nothing_merge_base=No hay nada que comparar porque las dos ramas tienen una historia completamente distinta.
 pulls.has_pull_request=`Ya existe un pull request entre estas dos ramas: <a href="%[1]s/pulls/%[3]d">%[2]s#%[3]d</a>`
 pulls.create=Crear Pull Request
 pulls.title_desc=desea fusionar %[1]d commits de <code>%[2]s</code> en <code>%[3]s</code>
@@ -513,15 +644,20 @@ pulls.tab_conversation=Conversación
 pulls.tab_commits=Commits
 pulls.tab_files=Archivos modificados
 pulls.reopen_to_merge=Por favor reabra este Pull Request para proceder con la operación de fusionado.
-pulls.merged=Fuisionado
-pulls.has_merged=¡Este pull request se ha completado con éxito!
+pulls.merged=Fusionado
+pulls.has_merged=¡Este Pull Request se ha completado con éxito!
 pulls.data_broken=Los datos de este pull request ya no están disponibles porque se ha eliminado la información del fork.
 pulls.is_checking=Se está procediendo a la búsqueda de conflictos, por favor actualice la página en unos momentos.
 pulls.can_auto_merge_desc=Este Pull Request puede ser fusionado automáticamente.
 pulls.cannot_auto_merge_desc=Este Pull Request no puede ser fusionado automáticamente porque hay conflictos.
 pulls.cannot_auto_merge_helper=Por favor, fusiona manualmente para resolver los conflictos.
+pulls.create_merge_commit=Crear un commit del fusionado
+pulls.rebase_before_merging=Hacer rebase antes de fusionar
+pulls.commit_description=Descripción del commit
 pulls.merge_pull_request=Fusionar Pull Request
 pulls.open_unmerged_pull_exists=`Usted no puede realizar la operación de reapertura porque en estos momentos existe una solicitud de pull request (#%d) para el mismo repositorio con la misma información que se encuentra a la espera de aprobación`
+pulls.delete_branch=Eliminar la rama
+pulls.delete_branch_has_new_commits=La rama no se puede eliminar porque tiene nuevos commits después de la fusión.

 milestones.new=Nuevo Milestone
 milestones.open_tab=%d abiertas
@@ -572,26 +708,61 @@ settings.collaboration.admin=Administrador
 settings.collaboration.write=Escritura
 settings.collaboration.read=Lectura
 settings.collaboration.undefined=Indefinido
+settings.branches=Ramas
+settings.branches_bare=No puedes gestionar ramas en un repositorio vacío. Por favor sube algún contenido primero.
+settings.default_branch=Rama predeterminada
+settings.default_branch_desc=Se considera la rama «base» como la rama por defecto para commits de código, las solicitudes pull y edición en línea.
+settings.update=Actualizar
+settings.update_default_branch_unsupported=El cambio de rama por defecto no esta soportado por la versión de Git en el servidor.
+settings.update_default_branch_success=¡La Rama por defecto de este repositorio ha sido actualizado con éxito!
+settings.protected_branches=Ramas protegidas
+settings.protected_branches_desc=Proteger ramas force pushing, de eliminación accidental y lista blanca de committers de código.
+settings.choose_a_branch=Elegir una rama...
+settings.branch_protection=Protección de la rama
+settings.branch_protection_desc=Por favor, elija una opción de protección para la rama <b>%s</b>.
+settings.protect_this_branch=Proteger esta rama
+settings.protect_this_branch_desc=Desactivar force pushes y evite la eliminación.
+settings.protect_require_pull_request=Requiere una solicitud pull, en lugar de un push directo
+settings.protect_require_pull_request_desc=Active esta opción para deshabilitar un push directo a esta rama. Los commits tienen que ser empujados a otra rama no protegida y fusionados a esta rama a través de la solicitud pull.
+settings.protect_whitelist_committers=Lista blanca de quienes pueden empujar a esta rama
+settings.protect_whitelist_committers_desc=Añadir personas o equipos a la lista blanca de push directo a esta rama. Los usuarios en esta lista se saltan la comprobación de pull request.
+settings.protect_whitelist_users=Usuarios que pueden hacer push a esta rama
+settings.protect_whitelist_search_users=Buscar usuarios
+settings.protect_whitelist_teams=Equipos cuyos miembros pueden hacer push a esta rama
+settings.protect_whitelist_search_teams=Buscar equipos
+settings.update_protect_branch_success=¡Las opciones de protección para esta rama se han actualizado con éxito!
 settings.hooks=Webhooks
 settings.githooks=Git Hooks
 settings.basic_settings=Configuración Básica
+settings.mirror_settings=Configuración de réplica
+settings.sync_mirror=Sincronizar ahora
+settings.mirror_sync_in_progress=Sincronización de réplica en curso, por favor actualice la página en unos minutos.
 settings.site=Sitio oficial
 settings.update_settings=Actualizar configuración
 settings.change_reponame_prompt=Este cambio afectará a los enlaces al repositorio.
 settings.advanced_settings=Ajustes avanzados
-settings.wiki_desc=Habilitar la Wiki para que los colaboradores documenten
+settings.wiki_desc=Activar sistema de wiki
+settings.use_internal_wiki=Usar wiki integrada
+settings.allow_public_wiki_desc=Permitir acceso público a la wiki cuando el repositorio es privado
 settings.use_external_wiki=Usar Wiki externa
 settings.external_wiki_url=URL externa de la Wiki
 settings.external_wiki_url_desc=Los visitantes serán redireccionados a la URL cuando hagan click en la barra.
-settings.issues_desc=Habilitar tracker ligero de incidencias
+settings.issues_desc=Habilitar rastreo de incidencias
+settings.use_internal_issue_tracker=Usar rastreo de incidencias ligero incluido
+settings.allow_public_issues_desc=Permitir acceso público a las incidencias cuando el repositorio es privado
 settings.use_external_issue_tracker=Usar tracker externo de incidencias
+settings.external_tracker_url=URL de seguimiento de problemas externos
+settings.external_tracker_url_desc=Los visitantes serán redirigidos a la URL cuando hagan click en la barra.
 settings.tracker_url_format=Formato URL del tracker de incidencias externo
 settings.tracker_issue_style=Estilo de etiquetado del tracker externo de incidencias:
 settings.tracker_issue_style.numeric=Numérico
 settings.tracker_issue_style.alphanumeric=Alfanumérico
 settings.tracker_url_format_desc=Puedes usar las plantillas <code>{user} {repo} {index}</code> para el nombre de usuario, nombre del repositorio e índice de la incidencia.
-settings.pulls_desc=Habilitar Pull Requests para aceptar contribuciones públicas
+settings.pulls_desc=Permitir pull requests para aceptar contribuciones entre repositorios y ramas
+settings.pulls.ignore_whitespace=Ignorar los cambios en el espacio en blanco
+settings.pulls.allow_rebase_merge=Permite usar rebase para fusionar los commits
 settings.danger_zone=Zona de Peligro
+settings.cannot_fork_to_same_owner=No puedes hacer fork del repositorio a su propietario original.
 settings.new_owner_has_same_repo=El nuevo propietario tiene un repositorio con el mismo nombre.
 settings.convert=Convertir en un repositorio normal
 settings.convert_desc=Puedes convertir este repositorio en un repositorio normal. Este cambio no se puede deshacer.
@@ -610,7 +781,7 @@ settings.wiki_deletion_success=Los datos de la wiki del repositorio han sido bor
 settings.delete=Eliminar este repositorio
 settings.delete_desc=Una vez has eliminado un repositorio, no hay vuelta atrás. Por favor, asegúrate de que es lo que quieres.
 settings.delete_notices_1=- Esta operación <strong>NO PUEDE</strong> revertirse.
-settings.delete_notices_2=- Esta operación eliminará de manera permanente todo el contenido de este repositorio, incluyendo los datos de git, las incidencias, los comentarios y los permisos de acceso de los colaboradores.
+settings.delete_notices_2=- Esta operación eliminará de manera permanente todo el contenido de este repositorio, incluyendo los datos de Git, las incidencias, los comentarios y los permisos de acceso de los colaboradores.
 settings.delete_notices_fork_1=- Todos los forks se convertirán en independientes tras el borrado.
 settings.deletion_success=¡El respositorio ha sido eliminado satisfactoriamente!
 settings.update_settings_success=Las opciones del repositorio se han actualizado correctamente.
@@ -626,20 +797,25 @@ settings.collaborator_deletion_desc=Este usuario no podrá colaborar en este rep
 settings.remove_collaborator_success=El colaborador ha sido eliminado.
 settings.search_user_placeholder=Buscar usuario...
 settings.org_not_allowed_to_be_collaborator=Las organizaciones no tiene permitido ser añadidas como colaboradores.
-settings.user_is_org_member=El usuario es miembro de la organización, no puede ser añadido como colaborador.
-settings.add_webhook=Añadir Webhook
 settings.hooks_desc=Los Webhooks permiten a servicios externos recibir notificaciones cuando sucedan ciertos eventos en Gogs. Cuando sucedan los eventos especificados, enviaremos una petición POST a cada una de las URLs indicadas. Para obtener más información, consulta nuestra <a target="_blank" href="%s">Guía de Webhooks</a>.
+settings.webhooks.add_new=Añadir un nuevo webhook:
+settings.webhooks.choose_a_type=Elige un tipo...
+settings.add_webhook=Añadir Webhook
 settings.webhook_deletion=Eliminar Webhook
 settings.webhook_deletion_desc=Al borrar este webhook se eliminará su información y todo su historial. ¿Desea continuar?
 settings.webhook_deletion_success=¡Webhook eliminado con éxito!
 settings.webhook.test_delivery=Test de entrega
 settings.webhook.test_delivery_desc=Enviar un falso evento Push de entrega para probar tus ajustes de webhook
 settings.webhook.test_delivery_success=Probar que los webhook han sido añadidos a la cola de entrega. Esto puede tomar algunos segundos antes de aparecer en el historial de entregas.
+settings.webhook.redelivery=Reenviar
+settings.webhook.redelivery_success=La tarea del Hook '%s' ha sido reañadida en la cola de entrega. Puede tardar unos segundos en actualizarse el historial de estado de la cola.
 settings.webhook.request=Petición
 settings.webhook.response=Respuesta
 settings.webhook.headers=Encabezado
 settings.webhook.payload=Payload
 settings.webhook.body=Cuerpo del mensaje
+settings.webhook.err_cannot_parse_payload_url=No se puede analizar la URL de payload: %v
+settings.webhook.url_resolved_to_blocked_local_address=La URL de payload se ha resuelto a una dirección de red local que está implícitamente bloqueada.
 settings.githooks_desc=Los Git Hooks son una funcionalidad del propio Git, puedes editar los ficheros de los hooks soportados en la siguiente lista para aplicar operaciones personalizadas.
 settings.githook_edit_desc=Si el hook no está activo, se mostrará contenido de ejemplo. Dejar el contenido vacío deshabilitará este hook.
 settings.githook_name=Nombre del Hook
@@ -649,6 +825,7 @@ settings.add_webhook_desc=Enviaremos una petición <code>POST</code> a la siguie
 settings.payload_url=URL de Payload
 settings.content_type=Tipo de contenido
 settings.secret=Secreto
+settings.secret_desc=El secreto será enviado como un payload SHA256 HMAC hex digest vía cabecera <code>X-Gogs-Signature</code>.
 settings.slack_username=Nombre de usuario
 settings.slack_icon_url=URL de icono
 settings.slack_color=Color
@@ -658,8 +835,20 @@ settings.event_send_everything=Necesito <strong>todo</strong>.
 settings.event_choose=Déjeme elegir lo que necesito.
 settings.event_create=Crear
 settings.event_create_desc=Rama o etiqueta creada
+settings.event_delete=Borrar
+settings.event_delete_desc=Rama o etiqueta borrada
+settings.event_fork=Fork
+settings.event_fork_desc=Repositorio forked
 settings.event_push=Push
 settings.event_push_desc=Git push a un repositorio
+settings.event_issues=Incidencias
+settings.event_issues_desc=Incidencia abierta, cerrada, reabierta, editada, asignada, desasignada, etiqueta actualizada, etiqueta limpiada, hito marcado, o desmarcado,.
+settings.event_pull_request=Pull Request
+settings.event_pull_request_desc=Pull request abierto, cerrado, reabierto, editado, asignado, desasignado, etiqueta actualizada, etiqueta limpiada, hito marcado, hito desmarcado, o sincronizado.
+settings.event_issue_comment=Comentario de incidencia
+settings.event_issue_comment_desc=Comentario de incidencias creado, editado o borrado.
+settings.event_release=Lanzamiento
+settings.event_release_desc=Lanzamiento publicado en un repositorio.
 settings.active=Activo
 settings.active_helper=Enviaremos detalles del evento cuando este hook se dispare.
 settings.add_hook_success=Se ha añadido un nuevo webhook.
@@ -669,10 +858,13 @@ settings.delete_webhook=Borrar Webhook
 settings.recent_deliveries=Envíos Recientes
 settings.hook_type=Tipo de Hook
 settings.add_slack_hook_desc=Añade integración con <a href="%s">Slack</a> a tu repositorio.
+settings.add_discord_hook_desc=Añade integración con <a href="%s">Discord</a> a tu repositorio.
+settings.add_dingtalk_hook_desc=Añade integración con <a href="%s">Dingtalk</a> a tu repositorio.
 settings.slack_token=Token
 settings.slack_domain=Dominio
 settings.slack_channel=Canal
 settings.deploy_keys=Claves de Despliegue
+settings.deploy_keys_helper=<b>Gotcha!</b> Si usted está buscando agregar claves públicas personales, por favor, agréguelos en la <a href="%s%s"> configuración de la cuenta</a>.
 settings.add_deploy_key=Añadir Clave de Despliegue
 settings.deploy_key_desc=La clave de desarrollo tiene sólo acceso de lectura. No es igual que las claves SSH de las cuentas personales.
 settings.no_deploy_keys=No has añadido ninguna clave de despliegue.
@@ -684,6 +876,8 @@ settings.add_key_success=¡La nueva clave de desplieque '%s' ha sido creada con
 settings.deploy_key_deletion=Eliminar Clave de Despliegue
 settings.deploy_key_deletion_desc=Al eliminar esta clave de despliegue se perderán el permiso de acceso a este repositorio con dicha clave. ¿Deseas continuar?
 settings.deploy_key_deletion_success=¡Clave de despliegue eliminada con éxito!
+settings.description_desc=Descripción del repositorio. Longitud máxima de 512 caracteres.
+settings.description_length=Caracteres disponibles

 diff.browse_source=Explorar el Código
 diff.parent=padre
@@ -702,7 +896,6 @@ release.releases=Releases
 release.new_release=Nueva Release
 release.draft=Borrador
 release.prerelease=Pre-Release
-release.stable=Estable
 release.edit=editar
 release.ahead=<strong>%d</strong> commits en %s desde esta release
 release.source_code=Código Fuente
@@ -749,8 +942,8 @@ team_name_helper=Utiliza este nombre para mencionar a este equipo en las convers
 team_desc_helper=¿En qué consiste este equipo?
 team_permission_desc=¿Qué nivel de permisos debería tener este equipo?

-form.name_reserved=El nombre de la organización '%s' está reservado.
-form.name_pattern_not_allowed=El patrón de nombre de la organización '%s' no está permitido.
+form.name_not_allowed=El nombre de la organización o patrón %q no está permitido.
+form.team_name_not_allowed=El nombre del equipo o patrón %q no está permitido.

 settings=Configuración
 settings.options=Opciones
@@ -822,12 +1015,19 @@ first_page=Primera
 last_page=Última
 total=Total: %d

+dashboard.build_info=Build Information
+dashboard.app_ver=Versión de la aplicación
+dashboard.git_version=Versión de Git
+dashboard.go_version=Versión de Go
+dashboard.build_time=Tiempo de compilación
+dashboard.build_commit=Build commit
 dashboard.statistic=Estadísticas
 dashboard.operations=Operaciones
 dashboard.system_status=Estado del Monitor del Sistema
 dashboard.statistic_info=La base de datos de Gogs contiene <b>%d</b> usuarios, <b>%d</b> organizaciones, <b>%d</b> claves públicas, <b>%d</b> repositorios, <b>%d</b> vigilados, <b>%d</b> destacados, <b>%d</b> acciones, <b>%d</b> accesos, <b>%d</b> incidencias, <b>%d</b> comentarios, <b>%d</b> cuentas de redes sociales, <b>%d</b> seguidores, <b>%d</b> mirrors, <b>%d</b> releases, <b>%d</b> fuentes de login, <b>%d</b> webhooks, <b>%d</b> milestones, <b>%d</b> etiquetas, <b>%d</b> hooks, <b>%d</b> equipos, <b>%d</b> tareas actualizadas, <b>%d</b> adjuntos.
 dashboard.operation_name=Nombre de la operación
 dashboard.operation_switch=Interruptor
+dashboard.select_operation_to_run=Please select operation to run
 dashboard.operation_run=Ejecutar
 dashboard.clean_unbind_oauth=Limpiar solicitudes de OAuth sin confirmar
 dashboard.clean_unbind_oauth_success=Las solicitudes de OAuth sin confirmar se han eliminado correctamente.
@@ -841,8 +1041,8 @@ dashboard.git_gc_repos=Ejecutar la recolección de basura en los repositorios
 dashboard.git_gc_repos_success=Todos los repositorios han ejecutado correctamente el recolector de basuras.
 dashboard.resync_all_sshkeys=Reescribir el fichero '.ssh/authorized_keys'(atención: se perderán las claves que no pertenezcan a Gogs)
 dashboard.resync_all_sshkeys_success=Todas las claves públicas se han reescrito correctamente.
-dashboard.resync_all_update_hooks=Reescribir todos los hooks de actualización de los repositorios (necesario cuando se modifica la ruta de configuración personalizada)
-dashboard.resync_all_update_hooks_success=Todos los hooks de actualización de los repositorios se han reescrito correctamente.
+dashboard.resync_all_hooks=Resincroniza los "hooks" de pre-recepción, actualización y post-recepción en todos los repositorios
+dashboard.resync_all_hooks_success=Se han vuelto a sincronizar todos los "hooks" de pre-recepción, actualización y post-recepción de los repositorios con éxito.
 dashboard.reinit_missing_repos=Reinicializar todos los registros del repositorio que tienen archivos Git eliminados
 dashboard.reinit_missing_repos_success=Todos los registros del repositorio con archivos Git eliminados han sido reinicializados con éxito.

@@ -917,12 +1117,14 @@ repos.private=Privado
 repos.watches=Vigilantes
 repos.stars=Estrellas
 repos.issues=Incidencias
+repos.size=Tamaño

-auths.auth_manage_panel=Panel de administración de autenticación
+auths.auth_sources=Fuentes de autentificación
 auths.new=Añadir nuevo origen
 auths.name=Nombre
 auths.type=Tipo
 auths.enabled=Activo
+auths.default=Por defecto
 auths.updated=Actualizado
 auths.auth_type=Tipo de autenticación
 auths.auth_name=Nombre de autenticación
@@ -931,6 +1133,7 @@ auths.domain=Dominio
 auths.host=Host
 auths.port=Puerto
 auths.bind_dn=Bind DN
+auths.bind_dn_helper=Puedes usar '%s' como marcador de posición para el nombre de usuario, ej. DOM\%s
 auths.bind_password=Contraseña Bind
 auths.bind_password_helper=Advertencia: La contraseña se almacena como texto plano. No utilice una cuenta con privilegios elevados.
 auths.user_base=Base de búsqueda de usuarios
@@ -940,6 +1143,11 @@ auths.attribute_username_placeholder=Dejar vacío para usar el campo de inicio d
 auths.attribute_name=Atributo nombre
 auths.attribute_surname=Atributo apellido
 auths.attribute_mail=Atributo correo electrónico
+auths.verify_group_membership=Verificar pertenencia a grupo
+auths.group_search_base_dn=Base DN para la búsqueda de grupos
+auths.group_filter=Filtro de grupo
+auths.group_attribute_contain_user_list=Atributo de grupo que contiene la lista de usuarios
+auths.user_attribute_listed_in_group=Atributo de usuario listado en grupo
 auths.attributes_in_bind=Buscar atributos en el contexto del Bind DN
 auths.filter=Filtro de usuario
 auths.admin_filter=Filtro de aministrador
@@ -953,9 +1161,9 @@ auths.enable_tls=Habilitar cifrado TLS
 auths.skip_tls_verify=Omitir la verificación TLS
 auths.pam_service_name=Nombre del Servicio PAM
 auths.enable_auto_register=Hablilitar Auto-Registro
-auths.tips=Consejos
 auths.edit=Editar la Configuración de Autenticación
 auths.activated=Esta autenticación ha sido activada
+auths.default_auth=Esta autenticación es la fuente de inicio de sesión predeterminada
 auths.new_success=¡La autenticación '%s' ha sido añadida con éxito!
 auths.update_success=La configuración de autenticación ha sido actualizada con éxito.
 auths.update=Actualizar la configuración de autenticación
@@ -964,86 +1172,189 @@ auths.delete_auth_title=Borrado de autenticación
 auths.delete_auth_desc=Esta autenticación será eliminada. ¿Deseas continuar?
 auths.still_in_used=Este método de autentificación aún es utilizado por algunos usuarios, por favor elimine o convierta estos usuarios a otro tipo de autentificación.
 auths.deletion_success=¡La autenticación ha sido eliminada con éxito!
+auths.login_source_exist=El origen de autenticación '%s' ya existe.
+auths.github_api_endpoint=Endpoint de la API

+config.not_set=(sin definir)
 config.server_config=Configuración del servidor
-config.app_name=Nombre de la Aplicación
-config.app_ver=Versión de la Aplicación
-config.app_url=URL de la Aplicación
-config.domain=Dominio
-config.offline_mode=Modo Sin Conexión
-config.disable_router_log=Deshabilitar Log del Router
+config.brand_name=Nombre de la marca
 config.run_user=Ejecutada como Usuario
 config.run_mode=Modo de ejecución
-config.repo_root_path=Ruta del Repositorio
-config.static_file_root_path=Ruta de los Ficheros Estáticos
-config.log_file_root_path=Ruta de los Ficheros de Log
-config.script_type=Tipo de Script
-config.reverse_auth_user=Autenticación Inversa de Usuario
+config.server.external_url=URL externa
+config.server.domain=Dominio
+config.server.protocol=Protocolo
+config.server.http_addr=Dirección HTTP
+config.server.http_port=Puerto HTTP
+config.server.cert_file=Archivo de certificado
+config.server.key_file=Archivo de claves
+config.server.tls_min_version=Versión mínima de TLS
+config.server.unix_socket_permission=Unix socket permission
+config.server.local_root_url=Local root URL
+config.server.offline_mode=Offline mode
+config.server.disable_router_log=Disable router log
+config.server.enable_gzip=Enable Gzip
+config.server.app_data_path=Application data path
+config.server.load_assets_from_disk=Load assets from disk
+config.server.landing_url=Landing URL

 config.ssh_config=Configuración SSH
-config.ssh_enabled=Habilitado
-config.ssh_start_builtin_server=Iniciar servidor integrado
-config.ssh_domain=Dominio
-config.ssh_port=Puerto
-config.ssh_listen_port=Puerto de escucha
-config.ssh_root_path=Ruta raíz
-config.ssh_key_test_path=Ruta de la clave de prueba
-config.ssh_keygen_path=Ruta del generador de claves ('ssh-keygen')
-config.ssh_minimum_key_size_check=Tamaño mínimo de la clave de verificación
-config.ssh_minimum_key_sizes=Tamaños de clave mínimos
+config.ssh.enabled=Activado
+config.ssh.domain=Dominio expuesto
+config.ssh.port=Puerto expuesto
+config.ssh.root_path=Root path
+config.ssh.keygen_path=Ruta del generador de claves
+config.ssh.key_test_path=Ruta de la clave de prueba
+config.ssh.minimum_key_size_check=Comprobación del tamaño mínimo de la clave
+config.ssh.minimum_key_sizes=Tamaño mínimo de las claves
+config.ssh.rewrite_authorized_keys_at_start=Reescribir "authorized_keys" al inicio
+config.ssh.start_builtin_server=Iniciar servidor integrado
+config.ssh.listen_host=Host de escucha
+config.ssh.listen_port=Puerto de escucha
+config.ssh.server_ciphers=Cifrados del servidor
+config.ssh.server_macs=MACs del servidor
+config.ssh.server_algorithms=Algoritmos del servidor
+
+config.repo_config=Configuración del repositorio
+config.repo.root_path=Ruta raíz
+config.repo.script_type=Script type
+config.repo.ansi_chatset=ANSI charset
+config.repo.force_private=Force private
+config.repo.max_creation_limit=Max creation limit
+config.repo.preferred_licenses=Licencias preferidas
+config.repo.disable_http_git=Disable HTTP Git
+config.repo.enable_local_path_migration=Enable local path migration
+config.repo.enable_raw_file_render_mode=Enable raw file render mode
+config.repo.commits_fetch_concurrency=Commits fetch concurrency
+config.repo.editor.line_wrap_extensions=Editor line wrap extensions
+config.repo.editor.previewable_file_modes=Editor previewable file modes
+config.repo.upload.enabled=Upload enabled
+config.repo.upload.temp_path=Upload temporary path
+config.repo.upload.allowed_types=Upload allowed types
+config.repo.upload.file_max_size=Upload file size limit
+config.repo.upload.max_files=Upload files limit

 config.db_config=Configuración de la Base de Datos
-config.db_type=Tipo
-config.db_host=Host
-config.db_name=Nombre
-config.db_user=Usuario
-config.db_ssl_mode=Modo SSL
-config.db_ssl_mode_helper=(sólo para "postgres")
-config.db_path=Ruta
-config.db_path_helper=(para "sqlite3" y "tidb")
-config.service_config=Configuración del servicio
-config.register_email_confirm=Solicitar Confirmación por Correo Electrónico
-config.disable_register=Deshabilitar el Registro
-config.show_registration_button=Mostrar Botón de Registro
-config.require_sign_in_view=Solicitar la Vista de Inicio de Sesión
-config.mail_notify=Notificación por Correo Electrónico
-config.disable_key_size_check=Deshabilitar la comprobación de Tamaño Mínimo de Clave
-config.enable_captcha=Activar Captcha
-config.active_code_lives=Habilitar Vida del Código
-config.reset_password_code_lives=Restablecer Contraseña de Vida del Código
-config.webhook_config=Configuración de Webhooks
-config.queue_length=Tamaño de Cola de Envío
-config.deliver_timeout=Timeout de Entrega
-config.skip_tls_verify=Omitir la Verificación TLS
-config.mailer_config=Configuración del servidor de correo
-config.mailer_enabled=Activado
-config.mailer_disable_helo=Desactivar HELO
-config.mailer_name=Nombre
-config.mailer_host=Host
-config.mailer_user=Usuario
-config.send_test_mail=Enviar email de prueba
-config.test_mail_failed=Fallo al enviar el email de prueba a '%s': %v
-config.test_mail_sent=El email de prueba ha sido enviado a '%s'.
-config.oauth_config=Configuración OAuth
-config.oauth_enabled=Activado
-config.cache_config=Configuración de la Caché
-config.cache_adapter=Adaptador de la Caché
-config.cache_interval=Intervalo de la Caché
-config.cache_conn=Conexión de la Caché
+config.db.type=Tipo
+config.db.host=Host
+config.db.name=Nombre
+config.db.schema=Esquema
+config.db.schema_helper=(sólo para "postgres")
+config.db.user=Usuario
+config.db.ssl_mode=SSL mode
+config.db.ssl_mode_helper=(sólo para "postgres")
+config.db.path=Ruta
+config.db.path_helper=(sólo para "sqlite3")
+config.db.max_open_conns=Número máximo de conexiones abiertas
+config.db.max_idle_conns=Número máximo de conexiones inactivas
+
+config.security_config=Security configuration
+config.security.login_remember_days=Login remember days
+config.security.cookie_remember_name=Remember cookie
+config.security.cookie_username=Username cookie
+config.security.cookie_secure=Enable secure cookie
+config.security.reverse_proxy_auth_user=Reverse proxy authentication header
+config.security.enable_login_status_cookie=Enable login status cookie
+config.security.login_status_cookie_name=Login status cookie
+config.security.local_network_allowlist=Local network allowlist
+
+config.email_config=Email configuration
+config.email.enabled=Enabled
+config.email.subject_prefix=Subject prefix
+config.email.host=Host
+config.email.from=From
+config.email.user=User
+config.email.disable_helo=Disable HELO
+config.email.helo_hostname=HELO hostname
+config.email.skip_verify=Skip certificate verify
+config.email.use_certificate=Use custom certificate
+config.email.cert_file=Certificate file
+config.email.key_file=Archivo de claves
+config.email.use_plain_text=Use plain text
+config.email.add_plain_text_alt=Add plain text alternative
+config.email.send_test_mail=Enviar correo de prueba
+config.email.test_mail_failed=Error al enviar correo electrónico de prueba a '%s': %v
+config.email.test_mail_sent=Test email has been sent to '%s'.
+
+config.auth_config=Authentication configuration
+config.auth_custom_logout_url=Custom logout URL
+config.auth.activate_code_lives=Activate code lives
+config.auth.reset_password_code_lives=Reset password code lives
+config.auth.require_email_confirm=Require email confirmation
+config.auth.require_sign_in_view=Require sign in view
+config.auth.disable_registration=Disable registration
+config.auth.enable_registration_captcha=Enable registration captcha
+config.auth.enable_reverse_proxy_authentication=Enable reverse proxy authentication
+config.auth.enable_reverse_proxy_auto_registration=Enable reverse proxy auto registration
+config.auth.reverse_proxy_authentication_header=Reverse proxy authentication header
+
+config.user_config=User configuration
+config.user.enable_email_notify=Enable email notification
+
 config.session_config=Configuración de la Sesión
-config.session_provider=Proveedor de la Sesión
-config.provider_config=Configuración del Proveedor
-config.cookie_name=Nombre de la Cookie
-config.enable_set_cookie=Activar Establecimiento de Cookie
-config.gc_interval_time=Intervalo de tiempo del GC
-config.session_life_time=Tiempo de Vida de la Sesión
-config.https_only=Sólo HTTPS
-config.cookie_life_time=Tiempo de Vida de la Cookie
+config.session.provider=Provider
+config.session.provider_config=Provider config
+config.session.cookie_name=Cookie
+config.session.https_only=HTTPS only
+config.session.gc_interval=GC interval
+config.session.max_life_time=Max life time
+config.session.csrf_cookie_name=CSRF cookie
+
+config.cache_config=Configuración de la Caché
+config.cache.adapter=Adapter
+config.cache.interval=GC interval
+config.cache.host=Host
+
+config.http_config=Configuración HTTP
+config.http.access_control_allow_origin=Access control allow origin
+
+config.attachment_config=Attachment configuration
+config.attachment.enabled=Enabled
+config.attachment.path=Path
+config.attachment.allowed_types=Allowed types
+config.attachment.max_size=Size limit
+config.attachment.max_files=Files limit
+
+config.release_config=Release configuration
+config.release.attachment.enabled=Attachment enabled
+config.release.attachment.allowed_types=Attachment allowed types
+config.release.attachment.max_size=Attachment size limit
+config.release.attachment.max_files=Attachment files limit
+
 config.picture_config=Configuración de Imagen
-config.picture_service=Servicio de Imágen
-config.disable_gravatar=Desactivar Gravatar
+config.picture.avatar_upload_path=User avatar upload path
+config.picture.repo_avatar_upload_path=Repository avatar upload path
+config.picture.gravatar_source=Gravatar source
+config.picture.disable_gravatar=Disable Gravatar
+config.picture.enable_federated_avatar=Enable federated avatars
+
+config.mirror_config=Mirror configuration
+config.mirror.default_interval=Intervalo por defecto
+
+config.webhook_config=Configuración de Webhooks
+config.webhook.types=Types
+config.webhook.deliver_timeout=Deliver timeout
+config.webhook.skip_tls_verify=Skip TLS verify
+
+config.git_config=Configuración de Git
+config.git.disable_diff_highlight=Disable diff syntax highlight
+config.git.max_diff_lines=Diff lines limit (for a single file)
+config.git.max_diff_line_characters=Diff characters limit (for a single line)
+config.git.max_diff_files=Diff files limit (for a single diff)
+config.git.gc_args=GC arguments
+config.git.migrate_timeout=Migration timeout
+config.git.mirror_timeout=Mirror fetch timeout
+config.git.clone_timeout=Clone timeout
+config.git.pull_timeout=Pull timeout
+config.git.gc_timeout=GC timeout
+
+config.lfs_config=LFS configuration
+config.lfs.storage=Storage
+config.lfs.objects_path=Objects path
+
 config.log_config=Configuración del Log
-config.log_mode=Modo del Log
+config.log_file_root_path=Ruta de los Ficheros de Log
+config.log_mode=Modo
+config.log_options=Opciones

 monitor.cron=Tareas de Cron
 monitor.name=Nombre
@@ -1074,17 +1385,24 @@ notices.delete_success=Las notificaciones del sistema han sido eliminadas satisf
 create_repo=creó el repositorio <a href="%s">%s</a>
 rename_repo=repositorio renombrado de <code>%[1]s</code> a <a href="%[2]s">%[3]s</a>
 commit_repo=hizo push a <a href="%[1]s/src/%[2]s">%[3]s</a> en <a href="%[1]s">%[4]s</a>
+compare_commits=Ver comparación de estos %d commits
+transfer_repo=transfirió el repositorio <code>%s</code> a <a href="%s">%s</a>
 create_issue=`incidencia abierta <a href="%s/issues/%s">%s#%[2]s</a>`
 close_issue=`cerró la incidencia <a href="%s/issues/%s">%s#%[2]s</a>`
 reopen_issue=`reabrió la incidencia <a href="%s/issues/%s">%s#%[2]s</a>`
+comment_issue=`comentó en la incidencia <a href="%s/issues/%s">%s#%[2]s</a>`
 create_pull_request=`creado pull request <a href="%s/pulls/%s">%s#%[2]s</a>`
 close_pull_request=`cerró el pull request <a href="%s/pulls/%s">%s#%[2]s</a>`
 reopen_pull_request=`reabrió el pull request <a href="%s/pulls/%s">%s#%[2]s</a>`
-comment_issue=`comentó en la incidencia <a href="%s/issues/%s">%s#%[2]s</a>`
-merge_pull_request=`fusionado pull request <a href="%s/pulls/%s">%s#%[2]s</a>`
-transfer_repo=transfirió el repositorio <code>%s</code> a <a href="%s">%s</a>
+merge_pull_request=`fusionó el pull request <a href="%s/pulls/%s">%s#%[2]s</a>`
+create_branch=nueva rama <a href="%[1]s/src/%[2]s">%[3]s</a> creada en <a href="%[1]s">%[4]s</a>
+delete_branch=borrada rama <code>%[2]s</code> at <a href="%[1]s">%[3]s</a>
 push_tag=hizo push del tag <a href="%s/src/%s">%[2]s</a> a <a href="%[1]s">%[3]s</a>
-compare_commits=Ver comparación de estos %d commits
+delete_tag=borrada etiqueta <code>%[2]s</code> en <a href="%[1]s">%[3]s</a>
+fork_repo=ha hecho un Fork en <a href="%s">%s</a>
+mirror_sync_push=sincronizados commits a <a href="%[1]s/src/%[2]s">%[3]s</a> en <a href="%[1]s">%[4]s</a> desde la réplica
+mirror_sync_create=sincronizada nueva referencia <a href="%s/src/%s">%[2]s</a> a <a href="%[1]s">%[3]s</a> desde la réplica
+mirror_sync_delete=sincronizada y eliminada referencia <code>%[2]s</code> en <a href="%[1]s">%[3]s</a> desde la réplica

 [tool]
 ago=hace
@@ -1103,9 +1421,10 @@ hours=%[2]s %[1]d horas
 days=%[2]s %[1]d días
 weeks=%[2]s %[1]d semanas
 months=%[2]s %[1]d meses
-years=%s %d años
+years=%[2]s %[1]d años
 raw_seconds=segundos
 raw_minutes=minutos
+raw_hours=hours

 [dropzone]
 default_message=Suéltelos aquí o pulse para cargar archivos.
@@ -6,10 +6,9 @@ explore=Izpētīt
 help=Palīdzība
 sign_in=Pierakstīties
 sign_out=Izrakstīties
-sign_up=Pieteikties
+sign_up=Reģistrēties
 register=Reģistrēties
 website=Mājas lapa
-version=Versija
 page=Lapa
 template=Sagatave
 language=Valoda
@@ -44,23 +43,27 @@ issues=Problēmas

 cancel=Atcelt

+[status]
+page_not_found=Page Not Found
+internal_server_error=Internal Server Error
+
 [install]
 install=Instalācija
 title=Instalācijas soļi pirmo reizi palaižot
 docker_helper=Ja Gogs tiek lietots zem Docker, izlasiet uzmanīgi <a target="_blank" href="%s">vadlīnijas</a>, pirms ko maināt šajā lapā!
-requite_db_desc=Gogs nepieciešams MySQL, PostgreSQL, SQLite3 vai TiDB.
+requite_db_desc=Gogs requires MySQL, PostgreSQL, SQLite3 or TiDB (via MySQL protocol).
 db_title=Datu bāzes iestatījumi
 db_type=Datu bāzes veids
 host=Resursdators
 user=Lietotājs
 password=Parole
 db_name=Datu bāzes nosaukums
+db_schema=Schema
 db_helper=Nepieciešams izmantot MySQL INNODB dzini ar rakstzīmju kopu utf8_general_ci.
 ssl_mode=SSL režīms
 path=Ceļš
-sqlite_helper=SQLite3 vai TiDB datu bāzēs faila ceļš.<br>Izmantojiet absolūto ceļu, startējot kā servisu.
-err_empty_db_path=Nepieciešams norādīt SQLite3 vai TiDB datu bāzes atrašanās vietu.
-err_invalid_tidb_name=TiDB datu bāzes nosaukums nevar saturēt simbolus "." un "-".
+sqlite_helper=Faila ceļs uz SQLite3 datu bāzi. <br>Norādiet absolūtu ceļu, kad laižat kā servisu.
+err_empty_db_path=SQLite3 datu bāzes ceļš nevar būt tukšs.
 no_admin_and_disable_registration=Reģistrāciju nevar atslēgt, kamēr nav izveidots administratora konts.
 err_empty_admin_password=Administratora kontam ir obligāti jānorāda parole.

@@ -75,12 +78,17 @@ domain=Domēns
 domain_helper=Tas ietekmē SSH klonēšanas URL.
 ssh_port=SSH ports
 ssh_port_helper=Porta numurs, kuru izmanto Jūsu SSH serveris, atstājiet tukšu, ja nevēlaties izmantot SSH.
+use_builtin_ssh_server=Izmantot iebūvēto SSH serveri
+use_builtin_ssh_server_popup=Startēt iebūvēto SSH serveri Git darbībām, lai atšķirtu no sistēmas SSH servisa.
 http_port=HTTP ports
 http_port_helper=Porta numurs pēc kura lietojumprogrammai būs iespējams pieslēgties.
 app_url=Lietotnes URL
 app_url_helper=Tas ietekmē HTTP/HTTPS klonēšanas URL un e-pasta saturā izsūtītās saites.
 log_root_path=Žurnalizēšanas direktorija
 log_root_path_helper=Direktorija, kurā tiks glabāti žurnāla faili.
+enable_console_mode=Iespējot konsoles režīmu
+enable_console_mode_popup=Papildus faila režīmam, papildus rakstīt žurnāla ierakstus konsolē.
+default_branch=Default Branch

 optional_title=Neobligātie iestatījumi
 email_title=E-pasta pakalpojuma iestatījumi
@@ -96,6 +104,8 @@ offline_mode=Iespējot bezsaistes režīmu
 offline_mode_popup=Atspējot CDN arī produkcijas režīmā, visi resursu faili tiks piegādāti no servera.
 disable_gravatar=Atspējot Gravatar pakalpojumu
 disable_gravatar_popup=Atspējot Gravatar un citus avotus, visus avatarus augšupielādēts lietotāji vai izmantos noklusēto attēlu.
+federated_avatar_lookup=Iespējot apvienoto profila bilžu meklētāju
+federated_avatar_lookup_popup=Iespējot apvienoto profila bilžu meklētāju, lai izmantotu atvērtā koda apvienoto servisu balstītu uz libravatar.
 disable_registration=Atspējot lietotāju reģistrāciju
 disable_registration_popup=Atspējot lietotāju reģistrāciju, tikai administrators varēs izveidot jaunus lietotāju kontus.
 enable_captcha=Iespējot drošības kodu
@@ -114,7 +124,10 @@ sqlite3_not_available=Jūsu versija neatbalsta SQLite3, lūdzu lejupielādējiet
 invalid_db_setting=Datu bāzes iestatījums nav pareizs: %v
 invalid_repo_path=Repozitorija atrašanās vieta ir nekorekta: %v
 run_user_not_match=Izpildes lietotājs nav pašreizējais lietotājs: %s -> %s
+smtp_host_missing_port=SMTP adresē nav norādīts ports.
+invalid_smtp_from=SMTP sūtītāja lauks ir nekorekts: %v
 save_config_failed=Neizdevās saglabāt konfigurāciju: %v
+init_failed=Failed to initialize application: %v
 invalid_admin_setting=Nekorekts admin konta iestatījums: %v
 install_success=Laipni lūdzam! Mēs priecājamies, ka Jūs izvēlaties Gogs, patīkamu lietošanu!
 invalid_log_root_path=Norādītā žurnalizēšanas direktorija ir kļūdaina: %v
@@ -135,6 +148,7 @@ issues.in_your_repos=Jūsu repozitorijos
 [explore]
 repos=Repozitoriji
 users=Lietotāji
+organizations=Organizācijas
 search=Meklēt

 [auth]
@@ -143,6 +157,8 @@ register_hepler_msg=Jau ir konts? Pieraksties tagad!
 social_register_hepler_msg=Jau ir konts? Sasaisti tagad!
 disable_register_prompt=Atvainojiet, reģistrācija ir atspējota. Lūdzu, sazinieties ar vietnes administratoru.
 disable_register_mail=Atvainojiet, reģistrācijas e-pasta apstiprināšana ir atspējota.
+auth_source=Autentificēšanas avots
+local=Local
 remember_me=Atcerēties mani
 forgot_password=Aizmirsu paroli
 forget_password=Aizmirsi paroli?
@@ -154,7 +170,6 @@ prohibit_login_desc=Ar Jūsu kontu nav atļauts pieteikties, sazinoties ar lapas
 resent_limit_prompt=Atvainojiet, Jūs sūtījāt aktivizācijas e-pastu pārāk bieži. Lūdzu, gaidiet 3 minūtes.
 has_unconfirmed_mail=Sveiki %s, Jums ir neapstiprināta e-pasta adrese (<b>%s</b>). Ja neesat saņēmis apstiprināšanas e-pastu vai Jums ir nepieciešams nosūtīt jaunu, lūdzu, nospiediet pogu, kas atrodas zemāk.
 resend_mail=Nospiediet šeit, lai vēlreiz nosūtītu aktivizācijas e-pastu
-email_not_associate=Šī e-pasta adrese nav saistīta ar Jūsu kontu.
 send_reset_mail=Spiediet šeit, lai nosūtītu paroles maiņas vēstuli uz Jūsu e-pastu
 reset_password=Atjaunot savu paroli
 invalid_code=Atvainojiet, Jūsu apstiprināšanas kodam ir beidzies derīguma termiņš vai arī tas ir nepareizs.
@@ -162,6 +177,14 @@ reset_password_helper=Nospiediet šeit, lai atjaunotu paroli
 password_too_short=Paroles garums nedrīkst būt mazāks par 6.
 non_local_account=Tikai lokālie konti var nomainīt savu paroli Gogs.

+login_two_factor=Divu faktoru autentifikācija
+login_two_factor_passcode=Autentifikācijas kods
+login_two_factor_enter_recovery_code=Ievadiet divu faktoru atjaunošanas kodu
+login_two_factor_recovery=Divu faktoru atjaunošana
+login_two_factor_recovery_code=Atjaunošanas kods
+login_two_factor_enter_passcode=Ievadiet divu faktoru kodu
+login_two_factor_invalid_recovery_code=Atjaunošanas kods jau ir izmantots vai nav pareizs.
+
 [mail]
 activate_account=Lūdzu, aktivizējiet savu kontu
 activate_email=Apstipriniet savu e-pasta adresi
@@ -187,9 +210,17 @@ TeamName=Komandas nosaukums
 AuthName=Autorizācijas nosaukums
 AdminEmail=Admin e-pasta adrese

+NewBranchName=Jauna atzara nosaukums
+CommitSummary=Revīzijas kopsavilkums
+CommitMessage=Revīzijas ziņojums
+CommitChoice=Revīzijas izvēle
+TreeName=Faila ceļš
+Content=Saturs
+
 require_error=` nedrīkst būt tukšs.`
 alpha_dash_error=` drīkst saturēt tikai latīņu alfabēta burtus, ciparus vai domuzīmes (-_).`
 alpha_dash_dot_error=` drīkst saturēt tikai latīņu alfabēta burtus, ciparus, domuzīmes (-_) vai punktu.`
+alpha_dash_dot_slash_error=` drīkst saturēt tikai latīņu alfabēta burtus, ciparus, domuzīmes (-_), slīpsvītru vai punktu.`
 size_error=` jābūt %s simbolus garam.`
 min_size_error=` jabūt vismaz %s simbolu garumā.`
 max_size_error=` jabūt ne mazāk kā %s simbolu garumā.`
@@ -206,6 +237,7 @@ org_name_been_taken=Organizācijas nosaukums ir jau aizņemts.
 team_name_been_taken=Komandas nosaukums ir jau aizņemts.
 email_been_used=E-pasta adrese jau tiek izmantota.
 username_password_incorrect=Lietotājvārds vai parole nav pareiza.
+auth_source_mismatch=Izvēlētais autentificēšanas avots nav saistīts ar lietotāju.
 enterred_invalid_repo_name=Lūdzu, pārliecinieties, vai ievadītā repozitorija nosaukums ir pareizs.
 enterred_invalid_owner_name=Lūdzu, pārliecinieties, vai ievadītā īpašnieka vārds ir pareizs.
 enterred_invalid_password=Lūdzu pārliecinieties, vai Jūsu ievadītā parole ir pareiza.
@@ -233,18 +265,18 @@ following=Seko
 follow=Sekot
 unfollow=Nesekot

-form.name_reserved=Lietotāja vārds '%s' jau ir aizņemts.
-form.name_pattern_not_allowed=Lietotāja vārds '%s' nav atļauts.
+form.name_not_allowed=User name or pattern %q is not allowed.

 [settings]
 profile=Profils
 password=Parole
+avatar=Profila attēls
 ssh_keys=SSH atslēgas
-social=Sociālie konti
-applications=Lietotnes
+security=Drošība
+repos=Repozitoriji
 orgs=Organizācijas
+applications=Lietotnes
 delete=Dzēst kontu
-uid=Lietotāja ID

 public_profile=Publiskais profils
 profile_desc=Jūsu e-pasta adrese ir publiska un tiks izmantota, lai nosūtītju Jums paziņojumus, kas saistīti ar Jūsu kontu vai darbībām veiktām caur šo mājas lapu.
@@ -259,6 +291,8 @@ change_username_prompt=Šī izmaiņa ietekmēs saites, kas norāda uz Jūsu kont
 continue=Turpināt
 cancel=Atcelt

+lookup_avatar_by_mail=Meklēt profila bildes pēc e-pasta
+federated_avatar_lookup=Apvienotais profila bilžu meklētājs
 enable_custom_avatar=Iespējot maināmu profila attēlu
 choose_new_avatar=Izvēlēties jaunu profila attēlu
 update_avatar=Saglabāt profila bildi
@@ -283,6 +317,7 @@ delete_email=Dzēst
 email_deletion=E-pasta dzēšana
 email_deletion_desc=Dzēšot šo e-pasta adresi, tiks dzēsta arī visa ar to saistītā informācija no Jūsu konta. Vai vēlaties turpināt?
 email_deletion_success=E-pasta adrese ir veiksmīgi izdzēsta!
+email_deletion_primary=Cannot delete primary email address.
 add_new_email=Pievienot jaunu e-pasta adresi
 add_email=Pievienot e-pastu
 add_email_confirmation_sent=Jauns apstiprinājuma e-pasts tika nosūtīts uz '%s', pārbaudiet savu e-pastu tuvāko %d stundu laikā, lai pabeigtu apstiprināšanas procesu.
@@ -308,14 +343,36 @@ no_activity=Nav nesenas aktivitātes
 key_state_desc=Šī atslēga tika izmantota pēdējo 7 dienu laikā
 token_state_desc=Šis talons tika izmantots pēdējo 7 dienu laikā

-manage_social=Pārvaldīt piesaistītos sociālos kontus
-social_desc=Šeit tiek attēloti visi sociālie konti, kas ir piesaistīti Jūsu kontam. Dzēsiet visus, kurus Jūs neatpazīstat.
-unbind=Atsaistīt
-unbind_success=Sociālais konts tika atsaistīts.
+two_factor=Divu faktoru autentifikācija
+two_factor_status=Statuss:
+two_factor_on=Ieslēgts
+two_factor_off=Izslēgts
+two_factor_enable=Iespējot
+two_factor_disable=Atspējot
+two_factor_view_recovery_codes=View and save <a href="%s%s">your recovery codes</a> in a safe place. You can use them as passcode if you lose access to your authentication application.
+two_factor_http=HTTP/HTTPS darbībām vairs nav iespējams izmantot tikai lietotāja vārdu un paroli. Izveidojiet un izmantojiet <a href="%[1]s%[2]s">Personīgo piekļuves talonu</a> kā pilnvaru, piemēram, <code>%[3]s</code>.
+two_factor_enable_title=Iespējot divu faktoru autentifikāciju
+two_factor_scan_qr=Please use your authentication application to scan the image:
+two_factor_or_enter_secret=Vai ievadiet noslēpumu:
+two_factor_then_enter_passcode=Pēc tam ievadiet kodu:
+two_factor_verify=Pārbaudīt
+two_factor_invalid_passcode=Ievadītais piekļuves kods nav derīgs. Lūdzu mēģiniet vēlreiz!
+two_factor_reused_passcode=Ievadītais piekļuves kods jau ir izmantots. Lūdzu mēģiniet citu!
+two_factor_enable_error=Divu faktoru autentifikācijas iespējošana neizdevās: %v
+two_factor_enable_success=Two-factor authentication has enabled for your account successfully!
+two_factor_recovery_codes_title=Two-factor Authentication Recovery Codes
+two_factor_recovery_codes_desc=Recovery codes are used when you temporarily lose access to your authentication application. Each recovery code can only be used once, <b>please keep these codes in a safe place</b>.
+two_factor_regenerate_recovery_codes=Regenerate Recovery Codes
+two_factor_regenerate_recovery_codes_error=Regenerate recovery codes failed: %v
+two_factor_regenerate_recovery_codes_success=New recovery codes has been generated successfully!
+two_factor_disable_title=Atspējot divu faktoru autentifikāciju
+two_factor_disable_desc=Your account security level will decrease after disabled two-factor authentication. Do you want to continue?
+two_factor_disable_success=Divu faktoru autentificēšana ir atspējota!

 manage_access_token=Pārvaldīt personīgos piekļuves talonus
 generate_new_token=Ģenerēt jaunu talonu
 tokens_desc=Taloni, kurus esat uzģenerējuši, kas var tikt izmantoti, lai piekļūtu Gogs API.
+access_token_tips=The personal access token may be used as either username or password. It is recommended to use the "x-access-token" as the username and the personal access token as the password for Git applications.
 new_token_desc=Pašlaik visiem taloniem ir pilna piekļuve Jūsu kontam.
 token_name=Talona nosaukums
 generate_token=Ģenerēt talonu
@@ -324,6 +381,16 @@ delete_token=Dzēst
 access_token_deletion=Personīgā piekļuves talona dzēšana
 access_token_deletion_desc=Dzēšot personīgo piekļuves talonu, tiks liegta piekļuve aplikācijām, kas to izmanto. Vai vēlaties turpināt?
 delete_token_success=Personīgās piekļuves talons veiksmīgi izdzēsts! Neaizmirstiet nomainīt uz citu aplikācijās, kas to izmantoja.
+token_name_exists=Token with same name already exists.
+
+orgs.none=Jūs neesat nevienas organizācijas dalībnieks.
+orgs.leave_title=Pamest organizāciju
+orgs.leave_desc=You will lose access to all repositories and teams after you left the organization. Do you want to continue?
+
+repos.leave=Pamest
+repos.leave_title=Pamest repozitoriju
+repos.leave_desc=Tiks zaudēta piekļuve repozitorijam, kad būsiet to pametis. Vai patiešām vēlaties turpināt?
+repos.leave_success=Repozitorijs '%s' veiksmīgi pamests!

 delete_account=Dzēst savu kontu
 delete_prompt=Šī darbība pilnībā izdzēsīs Jūsu kontu, kā arī tā ir <strong>NEATGRIEZENISKA</strong>!
@@ -336,7 +403,9 @@ owner=Īpašnieks
 repo_name=Repozitorija nosaukums
 repo_name_helper=Labi repzotoriju nosaukumi ir īsi, tādi kurus viegli atcerēties un <strong>unikāli</strong>.
 visibility=Redzamība
+unlisted=Unlisted
 visiblity_helper=Šis repozitorijs ir <span class="ui red text">privāts</span>
+unlisted_helper=This repository is <span class="ui red text">Unlisted</span>
 visiblity_helper_forced=Lapas administrators ir noteicis, ka visiem repozitorijiem ir jābūt <span class="ui red text">privātiem</span>
 visiblity_fork_helper=(Šīs vērtības maiņa ietekmēs arī visus atdalītos repozitorijus)
 clone_helper=Nepieciešama palīdzība kā veikt klonēšana? Apmeklējiet <a target="_blank" href="%s">Palīdzība</a> lapu!
@@ -345,40 +414,43 @@ fork_from=Atdalīt no
 fork_visiblity_helper=Atdalītam repozitorijam nav iespējams nomainīt tā redzamību
 repo_desc=Apraksts
 repo_lang=Valoda
-repo_lang_helper=Izvēlieties .gitignore failus
+repo_gitignore_helper=Izvēlieties .gitignore sagatavi
 license=Licence
 license_helper=Izvēlieties licences failu
 readme=LasiMani
 readme_helper=Izvēlieties faila LasiMani sagatavi
 auto_init=Inicializēt šo repozitoriju ar izvēlētajiem failiem un sagatavi
 create_repo=Izveidot repozitoriju
-default_branch=Noklusējuma atzars
+default_branch=Noklusētais atzars
 mirror_prune=Izmest
 mirror_prune_desc=Izdzēst visas ārējās atsauces, kas ārējā repozitorijā vairs neeksistē
 mirror_interval=Spoguļošanas intervāls (stundās)
 mirror_address=Spoguļa adrese
 mirror_address_desc=Lūdzu iekļaujiet adresē nepieciešamo lietotājvārdu/paroli.
+mirror_last_synced=Pēdējo reizi sinhronizēts
 watchers=Novērotāji
 stargazers=Zvaigžņdevēji
 forks=Atdalītie repozitoriji
+repo_description_helper=Repozitorija apraksts. Maksimālais garums 512 rakstzīmes.
+repo_description_length=Pieejamās rakstzīmes

 form.reach_limit_of_creation=Īpašnieks sasniedza maksimālu pieļaujamo (%d) izveidoto repozitoriju skaitu.
-form.name_reserved=Repozitorija nosaukums '%s' ir rezervēts.
-form.name_pattern_not_allowed=Repozitorija nosaukums '%s' nav atļauts.
+form.name_not_allowed=Repository name or pattern %q is not allowed.

 need_auth=Nepieciešama autorizācija
 migrate_type=Migrācijas veids
 migrate_type_helper=Šis repozitorijs būs <span class="text blue">spogulis</span>
 migrate_repo=Migrēt repozitoriju
 migrate.clone_address=Klonēšanas adrese
-migrate.clone_address_desc=Tas var būt HTTP/HTTPS/GIT URL vai ceļš uz lokālā servera.
+migrate.clone_address_desc=Tas var būt HTTP/HTTPS/GIT URL.
+migrate.clone_address_desc_import_local=You're also allowed to migrate a repository by local server path.
 migrate.permission_denied=Jums nav tiesību importēt lokālu repozitoriju.
 migrate.invalid_local_path=Nekorents lokālais ceļš, tas neeksistē vai nav direktorijs.
+migrate.clone_address_resolved_to_blocked_local_address=Clone address resolved to a local network address that is implicitly blocked.
 migrate.failed=Migrācija neizdevās: %v

 mirror_from=spogulis no
 forked_from=atdalīts no
-fork_from_self=Nav iespējams atdalīt repozitoriju, kuram esat īpašnieks!
 copy_link=Kopēt
 copy_link_success=Nokopēts!
 copy_link_error=Nospiediet ⌘-C vai Ctrl-C, lai nokopētu
@@ -394,9 +466,9 @@ quick_guide=Īsa pamācība
 clone_this_repo=Klonēt šo repozitoriju
 create_new_repo_command=Izveidot jaunu repozitoriju komandrindā
 push_exist_repo=Nosūtīt izmaiņas no komandrindas eksistējošam repozitorijam
-repo_is_empty=Šis repozitorijs ir tukšs, apskatiet atkal vēlāk!
+bare_message=This repository does not have any content yet.

-code=Kods
+files=Faili
 branch=Atzars
 tree=Koks
 filter_branch_and_tag=Filtrēt atzarus vai tagus
@@ -407,13 +479,65 @@ pulls=Izmaiņu pieprasījumi
 labels=Etiķetes
 milestones=Atskaites punkti
 commits=Revīzijas
+git_branches=Atzari
 releases=Laidieni
 file_raw=Neapstrādāts
 file_history=Vēsture
 file_view_raw=Rādīt neapstrādātu
 file_permalink=Patstāvīgā saite
 file_too_large=Šis fails ir par lielu, lai to parādītu
+video_not_supported_in_browser=Jūsu pārlūks neatbalsta HTML5 video.

+branches.overview=Pārskats
+branches.active_branches=Aktīvie atzari
+branches.stale_branches=Pamests atzars
+branches.all=Visi atzari
+branches.updated_by=%[2]s atjaunoja %[1]s
+branches.change_default_branch=Mainīt noklusēto atzaru
+branches.default_deletion_not_allowed=Cannot delete the default branch.
+branches.protected_deletion_not_allowed=Cannot delete a protected branch.
+
+editor.new_file=Jauns fails
+editor.upload_file=Augšupielādēt failu
+editor.edit_file=Labot failu
+editor.preview_changes=Priekšskatīt izmaiņas
+editor.cannot_edit_non_text_files=Nevar rediģēt failus, kas nav teksta faili
+editor.edit_this_file=Rediģēt šo failu
+editor.must_be_on_a_branch=Ir jābūt izvēlētam atzaram, lai varētu veikt vai piedāvāt izmaiņas šim failam
+editor.fork_before_edit=Lai varētu labot failu ir nepieciešams atdalīt repozitoriju
+editor.delete_this_file=Dzēst šo failu
+editor.must_have_write_access=Jums ir jābūt rakstīšanas tiesībām, lai varētu veikt vai piedāvāt izmaiņas šim failam
+editor.file_delete_success=Fails '%s' ir veiksmīgi izdzēsts!
+editor.name_your_file=Ievadiet faila nosaukumu...
+editor.filename_help=Lai pievienotu direktoriju, ierakstiet tās nosaukumu un nospiediet /. Lai noņemtu direktoriju, ielieciet kursoru pirms faila nosaukuma un nospiediet atpakaļatkāpes taustiņu.
+editor.or=vai
+editor.cancel_lower=atcelt
+editor.commit_changes=Pabeigt revīziju
+editor.add_tmpl=Pievienot '%s/<filename>'
+editor.add=Pievienot '%s'
+editor.update=Atjaunināt '%s'
+editor.delete=Dzēst '%s'
+editor.commit_message_desc=Pievienot neobligātu paplašinātu aprakstu...
+editor.commit_directly_to_this_branch=Apstiprināt revīzijas izmaiņas atzarā <strong class="branch-name">%s</strong>.
+editor.create_new_branch=Izveidot <strong>jaunu atzaru</strong> un izmaiņu pieprasījumu šai revīzijai.
+editor.new_branch_name_desc=Jaunā atzara nosaukums...
+editor.cancel=Atcelt
+editor.filename_cannot_be_empty=Nav ievadīts faila nosaukums.
+editor.branch_already_exists=Atzars '%s' šajā repozitorijā jau eksistē.
+editor.directory_is_a_file=Ieraksts '%s' vecāka ceļā ir fails nevis direktorija šajā repozitorijā.
+editor.file_is_a_symlink=Fails '%s" ir norāde, kuru nav iespējams labot no tīmekļa redaktora.
+editor.filename_is_a_directory=Faila nosaukums '%s' sakrīt ar direktorijas nosaukumu šajā repozitorijā.
+editor.file_editing_no_longer_exists=Fails '%s', ko labojat, vairs neeksistē repozitorijā.
+editor.file_changed_while_editing=Faila saturs ir mainījies kopš brīža, kad sākāt to labot. <a target="_blank" href="%s">Nospiediet šeit</a>, lai redzētu kas ir mainījies vai <strong>nospiediet atkārtoti pabeigt revīziju</strong>, lai pārrakstītu izmaiņas.
+editor.file_already_exists=Fails ar nosaukumu '%s' repozitorijā jau eksistē.
+editor.no_changes_to_show=Nav izmaiņu, ko rādīt.
+editor.fail_to_update_file=Neizdevās izmainīt/izveidot failu '%s', kļūda: %v
+editor.fail_to_delete_file=Neizdevās dzēst failu '%s', kļūda: %v
+editor.add_subdir=Pievienot apakšdirektoriju...
+editor.unable_to_upload_files=Neizdevās augšupielādēt failus uz direktoriju '%s', kļūda: %v
+editor.upload_files_to_dir=Augšupielādēt failus uz direktoriju '%s'
+
+commits.commit_history=Revīziju vēsture
 commits.commits=Revīzijas
 commits.search=Meklēt revīzijas
 commits.find=Meklēt
@@ -439,6 +563,11 @@ issues.create=Pieteikt problēmu
 issues.new_label=Jauna etiķete
 issues.new_label_placeholder=Etiķetes nosaukums...
 issues.create_label=Izveidot etiķeti
+issues.label_templates.title=Ielādēt sākotnēji noteikto etiķešu kopu
+issues.label_templates.info=Nav definēta neviena etiķete. Nospiediet pogu "Izveidot etiķeti", lai to izveidotu vai izmantojiet zemāk piedāvātās etiķetes.
+issues.label_templates.helper=Izvēlieties etiķešu kopu
+issues.label_templates.use=Izmantot šo etiķešu kopu
+issues.label_templates.fail_to_load_file=Neizdevās ielādēt etiķetes sagataves failu '%s': %v
 issues.open_tab=%d atvērti
 issues.close_tab=%d aizvērti
 issues.filter_label=Etiķete
@@ -480,8 +609,7 @@ issues.commit_ref_at=`pieminēja šo problēmu revīzijā <a id="%[1]s" href="#%
 issues.poster=Autors
 issues.collaborator=Līdzstrādnieks
 issues.owner=Īpašnieks
-issues.sign_up_for_free=Pievienojieties
-issues.sign_in_require_desc=, lai piedalītos diskusijā. Jau ir konts? <a href="%s">Pierakstieties, lai komentētu</a>
+issues.sign_in_require_desc=<a href="%s">Pierakstieties</a>, lai pievienotos šai sarunai.
 issues.edit=Labot
 issues.cancel=Atcelt
 issues.save=Saglabāt
@@ -496,6 +624,8 @@ issues.label_deletion=Etiķetes dzēšana
 issues.label_deletion_desc=Dzēšot šo etiķeti, tā tiks noņemta no visām saistītajām problēmām. Vai vēlaties turpināt?
 issues.label_deletion_success=Etiķete tika veiksmīgi izdzēsta!
 issues.num_participants=%d dalībnieki
+issues.attachment.open_tab=`Noklikšķiniet, lai apskatītos "%s" jaunā logā`
+issues.attachment.download=`Noklikšķiniet, lai lejupielādētu "%s"`

 pulls.new=Jauns izmaiņu pieprasījums
 pulls.compare_changes=Salīdzināt izmaiņas
@@ -505,6 +635,7 @@ pulls.compare_compare=salīdzināmais
 pulls.filter_branch=Filtrēt atzarus
 pulls.no_results=Nekas netika atrasts.
 pulls.nothing_to_compare=Nav ko salīdzināt, jo bāzes un salīdzināmie atzari ir vienādi.
+pulls.nothing_merge_base=There is nothing to compare because two branches have completely different history.
 pulls.has_pull_request=`Jau eksistē izmaiņu pieprasījums starp šiem diviem atzariem: <a href="%[1]s/pulls/%[3]d">%[2]s#%[3]d</a>`
 pulls.create=Izveidot izmaiņu pieprasījumu
 pulls.title_desc=vēlas sapludināt %[1]d revīzijas no <code>%[2]s</code> uz <code>%[3]s</code>
@@ -520,8 +651,13 @@ pulls.is_checking=Notiek konfliktu pārbaude, mirkli uzgaidiet un atjaunojiet la
 pulls.can_auto_merge_desc=Šo izmaiņu pieprasījumu var automātiski saplūdināt.
 pulls.cannot_auto_merge_desc=Šis izmaiņu pieprasījums nevar tikt automātiski saplūdināts konfliktu dēļ.
 pulls.cannot_auto_merge_helper=Lūdzu sapludiniet manuāli, lai atrisinātu konfliktus.
+pulls.create_merge_commit=Create a merge commit
+pulls.rebase_before_merging=Rebase before merging
+pulls.commit_description=Commit Description
 pulls.merge_pull_request=Izmaiņu pieprasījuma sapludināšana
 pulls.open_unmerged_pull_exists=`Jūs nevarat veikt atkārtotas atvēršanas darbību, jo jau eksistē izmaiņu pieprasījums (#%d) no šī repozitorija ar tādu pašu sapludināšanas informāciju un gaida sapludināšanu.`
+pulls.delete_branch=Dzēst atzaru
+pulls.delete_branch_has_new_commits=Branch cannot be deleted because it has new commits after mergence.

 milestones.new=Jauns atskaites punkts
 milestones.open_tab=%d atvērti
@@ -572,26 +708,61 @@ settings.collaboration.admin=Administrators
 settings.collaboration.write=Rakstīšanas
 settings.collaboration.read=Skatīšanās
 settings.collaboration.undefined=Nedefinētas
+settings.branches=Atzari
+settings.branches_bare=You cannot manage branches for bare repository. Please push some content first.
+settings.default_branch=Noklusētais atzars
+settings.default_branch_desc=Noklusētais atzars tiek uzskatīts par pamata atzaru koda revīzijām, izmaiņu pieprasījumiem un tiešsaistes rediģēšanai.
+settings.update=Atjaunot
+settings.update_default_branch_unsupported=Change default branch is not supported by the Git version on server.
+settings.update_default_branch_success=Default branch of this repository has been updated successfully!
+settings.protected_branches=Aizsargātie atzari
+settings.protected_branches_desc=Protect branches from force pushing, accidental deletion and whitelist code committers.
+settings.choose_a_branch=Izvēlēties atzarus...
+settings.branch_protection=Atzaru aizsargāšana
+settings.branch_protection_desc=Please choose protect options for branch <b>%s</b>.
+settings.protect_this_branch=Aizsargāt šo atzaru
+settings.protect_this_branch_desc=Disable force pushes and prevent from deletion.
+settings.protect_require_pull_request=Require pull request instead direct pushing
+settings.protect_require_pull_request_desc=Enable this option to disable direct pushing to this branch. Commits have to be pushed to another non-protected branch and merged to this branch through pull request.
+settings.protect_whitelist_committers=Whitelist who can push to this branch
+settings.protect_whitelist_committers_desc=Add people or teams to whitelist of direct push to this branch. Users in whitelist will bypass require pull request check.
+settings.protect_whitelist_users=Lietotāji, kas var nosūtīt izmaiņas uz šo atzaru
+settings.protect_whitelist_search_users=Meklēt lietotajus
+settings.protect_whitelist_teams=Teams for which members of them can push to this branch
+settings.protect_whitelist_search_teams=Meklēt komandas
+settings.update_protect_branch_success=Protect options for this branch has been updated successfully!
 settings.hooks=Tīmekļa āķi
 settings.githooks=Git āķi
 settings.basic_settings=Pamatiestatījumi
+settings.mirror_settings=Spoguļa iestatījumi
+settings.sync_mirror=Sinhronizēt tagad
+settings.mirror_sync_in_progress=Notiek spoguļa sinhronizācija, uzgaidiet aptuveni minūti un atjaunojiet lapu.
 settings.site=Oficiālā mājas lapa
 settings.update_settings=Mainīt iestatījumus
 settings.change_reponame_prompt=Šī izmaiņa ietekmēs saites, kas ir saistītas ar šo repozitoriju.
 settings.advanced_settings=Papildu iestatījumi
-settings.wiki_desc=Iespējot vikivietni, lai atļautu cilvēkiem rakstīt dokumentus
+settings.wiki_desc=Iespējot vikivietnes
+settings.use_internal_wiki=Izmantot iebūvēto vikivietni
+settings.allow_public_wiki_desc=Atļaut publisko piekļuvi vikivietnei, ja repozitorijs ir privāts
 settings.use_external_wiki=Izmantot ārējo vikivietni
 settings.external_wiki_url=Ārējās Vikivietnes adrese
 settings.external_wiki_url_desc=Apmeklētāji tiks novirzīti uz adresi, kad viņi uzklikšķinās uz cilnes.
-settings.issues_desc=Iespējot iebūvētu vieglu problēmu sekotāju
+settings.issues_desc=Iespējot problēmu sekotāju
+settings.use_internal_issue_tracker=Izmantot iebūvētu vieglu problēmu sekotāju
+settings.allow_public_issues_desc=Atļaut publisko piekļuvi problēmām, ja repozitorijs ir privāts
 settings.use_external_issue_tracker=Izmantot ārējo problēmu sekotāju
+settings.external_tracker_url=Ārējā problēmu sekotāja URL
+settings.external_tracker_url_desc=Visitors will be redirected to URL when they click on the tab.
 settings.tracker_url_format=Ārējā problēmu sekotāja adreses formāts
 settings.tracker_issue_style=Ārējā problēmu reģistra nosaukumu stils:
 settings.tracker_issue_style.numeric=Cipari
 settings.tracker_issue_style.alphanumeric=Burti un cipari
 settings.tracker_url_format_desc=Jūs varat izmantot <code>{user}{repo}{index}</code> lietotājvārdam, repozitorija nosaukumam un problēmas identifikātoram.
-settings.pulls_desc=Iespējot izmaiņu pieprasījumus lai saņemtu publiskus ieguldījumus
+settings.pulls_desc=Enable pull requests to accept contributions between repositories and branches
+settings.pulls.ignore_whitespace=Ignorēt atstarpju izmaiņas
+settings.pulls.allow_rebase_merge=Allow use rebase to merge commits
 settings.danger_zone=Bīstamā zona
+settings.cannot_fork_to_same_owner=You cannot fork a repository to its original owner.
 settings.new_owner_has_same_repo=Jaunajam īpašniekam jau ir repozitorijs ar šādu nosaukumu.
 settings.convert=Konvertēt uz parastu repozitoriju
 settings.convert_desc=Šo spoguli ir iespējams konvertēt par parastu repozitoriju. Šī ir neatgriezeniska darbība.
@@ -626,20 +797,25 @@ settings.collaborator_deletion_desc=Šim lietotājam pēc dzēšanas vairs nebū
 settings.remove_collaborator_success=Līdzstrādnieks tika noņemts.
 settings.search_user_placeholder=Meklēt lietotāju...
 settings.org_not_allowed_to_be_collaborator=Organizāciju nav atļauts pievienot kā līdzstrādnieku.
-settings.user_is_org_member=Lietotājs ir organizācijas biedrs, kas nevar tikt pievienots kā līdzstrādnieks.
-settings.add_webhook=Pievienot tīmekļa āķi
 settings.hooks_desc=Tīmekļa āķi ļauj paziņot ārējiem servisiem par noteiktiem notikomiem, kas notiek Git servisā. Kad iestāsies kāds notikums, katram ārējā servisa URL tiks nosūtīts POST pieprasījums. Lai uzzinātu sīkāk skatieties <a target="_blank" href="%s">Tīmekļa āķu rokasgrāmatā</a>.
+settings.webhooks.add_new=Add a new webhook:
+settings.webhooks.choose_a_type=Choose a type...
+settings.add_webhook=Pievienot tīmekļa āķi
 settings.webhook_deletion=Dzēst tīmekļa āķi
 settings.webhook_deletion_desc=Dzēšot tīmekļa āķi tiks dzēsta visa ar to saistītā informācija un izpildes vēsture. Vai vēlaties turpināt?
 settings.webhook_deletion_success=Tīmekļa āķis tika veiksmīgi izdzēsts!
 settings.webhook.test_delivery=Testa piegāde
 settings.webhook.test_delivery_desc=Veikt viltus push-notikuma piegādi lai notestētu Jūsu tīmekļa āķa iestatījumus
 settings.webhook.test_delivery_success=Testa web-āķis ir pievienots piegādes rindai. Var paiet dažas sekundes, kamēr tas parādīsies piegāžu vēsturē.
+settings.webhook.redelivery=Redelivery
+settings.webhook.redelivery_success=Hook task '%s' has been readded to delivery queue. It may take few seconds to update delivery status in history.
 settings.webhook.request=Pieprasījums
 settings.webhook.response=Atbilde
 settings.webhook.headers=Galvenes
 settings.webhook.payload=Derīgā krava
 settings.webhook.body=Saturs
+settings.webhook.err_cannot_parse_payload_url=Cannot parse payload URL: %v
+settings.webhook.url_resolved_to_blocked_local_address=Payload URL resolved to a local network address that is implicitly blocked.
 settings.githooks_desc=Git āķus apstrādā pats Git. Jūs varat labot atbalsīto āku failus sarakstā zemāk, lai veiktu pielāgotas darbības.
 settings.githook_edit_desc=Ja āķis nav aktīvs, tiks attēlots piemērs kā to izmantot. Atstājot āķa saturu tukšu, tas tiks atspējots.
 settings.githook_name=Āķa nosaukums
@@ -649,6 +825,7 @@ settings.add_webhook_desc=Uz norādīto URL tiks nosūtīts <code>POST</code> pi
 settings.payload_url=Vērtuma URL
 settings.content_type=Satura tips
 settings.secret=Noslēpums
+settings.secret_desc=Secret will be sent as SHA256 HMAC hex digest of payload via <code>X-Gogs-Signature</code> header.
 settings.slack_username=Lietotājvārds
 settings.slack_icon_url=Ikonas URL
 settings.slack_color=Krāsa
@@ -658,8 +835,20 @@ settings.event_send_everything=Vēlos saņemt <strong>visu</strong>.
 settings.event_choose=Atzīmēt, ko vēlos saņemt.
 settings.event_create=Izveidot
 settings.event_create_desc=Atzara vai taga izveidošana
+settings.event_delete=Dzēst
+settings.event_delete_desc=Atzars vai tags izdzēsts
+settings.event_fork=Atdalīts
+settings.event_fork_desc=Repozitorijs atdalīts
 settings.event_push=Izmaiņu nosūtīšana
 settings.event_push_desc=Git izmaiņu nosūtīšana uz repozitoriju
+settings.event_issues=Problēmas
+settings.event_issues_desc=Issue opened, closed, reopened, edited, assigned, unassigned, label updated, label cleared, milestoned, or demilestoned.
+settings.event_pull_request=Izmaiņu pieprasījums
+settings.event_pull_request_desc=Pull request opened, closed, reopened, edited, assigned, unassigned, label updated, label cleared, milestoned, demilestoned, or synchronized.
+settings.event_issue_comment=Problēmas komentārs
+settings.event_issue_comment_desc=Issue comment created, edited, or deleted.
+settings.event_release=Laidiens
+settings.event_release_desc=Laidiens publicēts repozitorijā.
 settings.active=Aktīvs
 settings.active_helper=Tiks nosūtīti notikuma dati, kad nostrādās šis āķis.
 settings.add_hook_success=Jauns tīmekļa āķis tika veiksmīgi pievienots.
@@ -669,10 +858,13 @@ settings.delete_webhook=Dzēst tīmekļa āķi
 settings.recent_deliveries=Pēdējās piegādes
 settings.hook_type=Āķa veids
 settings.add_slack_hook_desc=PIevienot <a href="%s">Slack</a> integrāciju Jūsu repozitorijā.
+settings.add_discord_hook_desc=Add <a href="%s">Discord</a> integration to your repository.
+settings.add_dingtalk_hook_desc=Add <a href="%s">Dingtalk</a> integration to your repository.
 settings.slack_token=Talons
 settings.slack_domain=Domēns
 settings.slack_channel=Kanāls
 settings.deploy_keys=Izvietot atslēgas
+settings.deploy_keys_helper=<b>Common Gotcha!</b> If you're looking for adding personal public keys, please add them in your <a href="%s%s">account settings</a>.
 settings.add_deploy_key=Pievienot izvietošanas atslēgu
 settings.deploy_key_desc=Izvietošanas atslēgai ir tikai lasīšanas piekļuve. Tā nav tā pati kā Jūsu personīgā konta SSH atslēga.
 settings.no_deploy_keys=Nav pievienota neviena izvietošanas atslēga.
@@ -684,6 +876,8 @@ settings.add_key_success=Izvietošanas atslēga '%s' tik veiksmīgi pievienota!
 settings.deploy_key_deletion=Dzēst izvietošanas atslēgu
 settings.deploy_key_deletion_desc=Dzēšot šo izvietošanas atslēgu tiks noņemta arī ar to saistītā piekļuve šim repozitorijam. Vai vēlaties turpināt?
 settings.deploy_key_deletion_success=Izvietošanas atslēga tika veiksmīgi izdzēsta!
+settings.description_desc=Description of repository. Maximum 512 characters length.
+settings.description_length=Available characters

 diff.browse_source=Pārlūkot izejas kodu
 diff.parent=vecāks
@@ -702,7 +896,6 @@ release.releases=Laidieni
 release.new_release=Jauns laidiens
 release.draft=Melnraksts
 release.prerelease=Pirmsizlaides versija
-release.stable=Stabila
 release.edit=labot
 release.ahead=<strong>%d</strong> revīzijas atzarā %s kopš šī laidiena
 release.source_code=Izejas kods
@@ -749,8 +942,8 @@ team_name_helper=Šo nosaukumu varēs izmantot, lai pieminētu komandu sarunās.
 team_desc_helper=Komandas apraksts
 team_permission_desc=Kādām tiesībām šai komandai būtu jābūt?

-form.name_reserved=Organizācijas nosaukums '%s' ir rezervēts.
-form.name_pattern_not_allowed=Organizācijas nosaukums '%s' nav atļauts.
+form.name_not_allowed=Organization name or pattern %q is not allowed.
+form.team_name_not_allowed=Team name or pattern %q is not allowed.

 settings=Iestatījumi
 settings.options=Opcijas
@@ -822,12 +1015,19 @@ first_page=Pirmā
 last_page=Pēdējā
 total=Kopā: %d

+dashboard.build_info=Build Information
+dashboard.app_ver=Application version
+dashboard.git_version=Git versija
+dashboard.go_version=Go versija
+dashboard.build_time=Build time
+dashboard.build_commit=Build commit
 dashboard.statistic=Statistika
 dashboard.operations=Darbības
 dashboard.system_status=Sistēmas uzraudzības statuss
 dashboard.statistic_info=Gogs datu bāze satur <b>%d</b> lietotājus, <b>%d</b> organizācijas, <b>%d</b> publiskās atslēgas, <b>%d</b> repozitorijus, <b>%d</b> vērošanas, <b>%d</b> atzīmētas zvaigznītes, <b>%d</b> darbības, <b>%d</b> piekļuves, <b>%d</b> problēmas, <b>%d</b> komentārus, <b>%d</b> sociālos kontus, <b>%d</b> sekošanas, <b>%d</b> spoguļošanas, <b>%d</b> izlaides, <b>%d</b> login sources, <b>%d</b> tīmekļa āķus, <b>%d</b> starpposmus, <b>%d</b> etiķetes, <b>%d</b> āķu uzdevumus, <b>%d</b> komandas, <b>%d</b> labotus uzdevumus, <b>%d</b> pielikumus.
 dashboard.operation_name=Darbības nosaukums
 dashboard.operation_switch=Pārslēgt
+dashboard.select_operation_to_run=Please select operation to run
 dashboard.operation_run=Palaist
 dashboard.clean_unbind_oauth=Notīrīt nesaistītās OAuth biļetes
 dashboard.clean_unbind_oauth_success=Visas nesaistītās OAuth biļetes tika veiksmīgi izdzēstas.
@@ -841,8 +1041,8 @@ dashboard.git_gc_repos=Veikt repozitoriju datu sakārtošānu (git gc)
 dashboard.git_gc_repos_success=Datu sakārtošana visiem repozitorijiem veiksmīgi pabeigta.
 dashboard.resync_all_sshkeys=Pārrakstīt '.ssh/authorized_keys' failu (brīdinājums: ne-Git atslēgas tiks pazaudētas)
 dashboard.resync_all_sshkeys_success=Visas publiskās atslēgas tika veiksmīgi pārrakstītas.
-dashboard.resync_all_update_hooks=Pārrakstīt visu repozitoriju izmaiņu āķus (nepieciešams, ja tiek mainīta konfigurācijas faila atrašanās vieta)
-dashboard.resync_all_update_hooks_success=Visu repozitoriju izmaiņu āķi tika veiksmīgi pārrakstīti.
+dashboard.resync_all_hooks=Resync pre-receive, update and post-receive hooks of all repositories
+dashboard.resync_all_hooks_success=All repositories' pre-receive, update and post-receive hooks have been resynced successfully.
 dashboard.reinit_missing_repos=Atkārtoti inicializēt visus repozitorija ierakstus, kam trūkst Git failu
 dashboard.reinit_missing_repos_success=Visi repozitorija ieraksti, kam trūkst Git faili, tika atkārtoti inicializēti.

@@ -917,12 +1117,14 @@ repos.private=Privāts
 repos.watches=Vērošana
 repos.stars=Atzīmētās zvaigznītes
 repos.issues=Problēmas
+repos.size=Izmērs

-auths.auth_manage_panel=Autentifikācijas pārvaldības panelis
+auths.auth_sources=Authentication Sources
 auths.new=Pievienot jaunu avotu
 auths.name=Nosaukums
 auths.type=Veids
 auths.enabled=Iespējota
+auths.default=Default
 auths.updated=Atjaunināta
 auths.auth_type=Autentifikācijas tips
 auths.auth_name=Autentifikācijas nosaukums
@@ -931,6 +1133,7 @@ auths.domain=Domēns
 auths.host=Resursdators
 auths.port=Ports
 auths.bind_dn=Saistīšanas DN
+auths.bind_dn_helper=You can use '%s' as placeholder for username, e.g. DOM\%s
 auths.bind_password=Saistīšanas parole
 auths.bind_password_helper=Brīdinājums: Šī parole tiks saglabāta nešifrētā veidā. Neizmantojiet kontu ar augstām privilēģijām.
 auths.user_base=Lietotāja pamatnosacījumi
@@ -940,6 +1143,11 @@ auths.attribute_username_placeholder=Atstājiet tukšu, lai izmantotu lietotājv
 auths.attribute_name=Vārda atribūts
 auths.attribute_surname=Uzvārda atribūts
 auths.attribute_mail=E-pasta atribūts
+auths.verify_group_membership=Pārbaudīt grupas piederību
+auths.group_search_base_dn=Grupas meklēšanas pamata DN
+auths.group_filter=Group Filter
+auths.group_attribute_contain_user_list=Group Attribute Containing List of Users
+auths.user_attribute_listed_in_group=User Attribute Listed in Group
 auths.attributes_in_bind=Nolasīt atribūtus no saistīšanas DN konteksta
 auths.filter=Lietotāju filts
 auths.admin_filter=Administratoru filtrs
@@ -953,9 +1161,9 @@ auths.enable_tls=Iespējot TLS šifrēšanu
 auths.skip_tls_verify=Izlaist TLS verifikāciju
 auths.pam_service_name=PAM servisa nosaukums
 auths.enable_auto_register=Iespējot automātisko reģistrāciju
-auths.tips=Padomi
 auths.edit=Labot autentifikācijas iestatījumus
 auths.activated=Autentifikācija ir aktivizēta
+auths.default_auth=This authentication is default login source
 auths.new_success=Jauna autentifikācija '%s' tika veiksmīgi pievienota.
 auths.update_success=Autentifikācijas iestatījumi tika veiksmīgi saglabāti.
 auths.update=Mainīt autentifikācijas iestatījumus
@@ -964,86 +1172,189 @@ auths.delete_auth_title=Autentifikācijas dzēšana
 auths.delete_auth_desc=Šī autentifikācija tiks dzēsta, vai vēlaties turpināt?
 auths.still_in_used=Daži lietotāji joprojām izmanto šo autentifikācijas veidu. Nepieciešams veikt šo lietotāju konvertāciju vai dzēšanu.
 auths.deletion_success=Autentifikācija tika veiksmīgi izdzēsta!
+auths.login_source_exist=Pieteikšanās avots '%s' jau eksistē.
+auths.github_api_endpoint=API Endpoint

+config.not_set=(nav noteikts)
 config.server_config=Servera konfigurācija
-config.app_name=Lietotnes nosaukums
-config.app_ver=Lietotnes versija
-config.app_url=Lietotnes URL
-config.domain=Domēns
-config.offline_mode=Bezsaistes režīms
-config.disable_router_log=Atspējot maršrutētāja žurnalizēšanu
+config.brand_name=Brand name
 config.run_user=Izpildes lietotājs
 config.run_mode=Izpildes režīms
-config.repo_root_path=Repozitoriju glabāšanas vieta
-config.static_file_root_path=Statisko failu atrašanās vieta
-config.log_file_root_path=Žurnalizēšanas failu glabāšanas vieta
-config.script_type=Skripta veids
-config.reverse_auth_user=Reversā lietotāja autentifikācija
+config.server.external_url=External URL
+config.server.domain=Domēns
+config.server.protocol=Protokols
+config.server.http_addr=HTTP adrese
+config.server.http_port=HTTP ports
+config.server.cert_file=Sertifikāta fails
+config.server.key_file=Privātais kriptogrāfijas atslēgas fails
+config.server.tls_min_version=Minimālā TLS versija
+config.server.unix_socket_permission=Unix socket permission
+config.server.local_root_url=Local root URL
+config.server.offline_mode=Offline mode
+config.server.disable_router_log=Disable router log
+config.server.enable_gzip=Iespējot Gzip
+config.server.app_data_path=Application data path
+config.server.load_assets_from_disk=Load assets from disk
+config.server.landing_url=Landing URL

 config.ssh_config=SSH konfigurācija
-config.ssh_enabled=Iespējots
-config.ssh_start_builtin_server=Startēt iebūvēto serveri
-config.ssh_domain=Domēns
-config.ssh_port=Ports
-config.ssh_listen_port=Klausīšanās ports
-config.ssh_root_path=Saknes ceļš
-config.ssh_key_test_path=Atslēgu pārbaudes ceļš
-config.ssh_keygen_path=Keygen ('ssh-keygen') ceļš
-config.ssh_minimum_key_size_check=Minimālā atslēgas lieluma pārbaude
-config.ssh_minimum_key_sizes=Minimālais atslēgas lielums
+config.ssh.enabled=Iespējots
+config.ssh.domain=Exposed domain
+config.ssh.port=Exposed port
+config.ssh.root_path=Root path
+config.ssh.keygen_path=Keygen path
+config.ssh.key_test_path=Key test path
+config.ssh.minimum_key_size_check=Minimum key size check
+config.ssh.minimum_key_sizes=Minimum key sizes
+config.ssh.rewrite_authorized_keys_at_start=Rewrite "authorized_keys" at start
+config.ssh.start_builtin_server=Start builtin server
+config.ssh.listen_host=Listen host
+config.ssh.listen_port=Listen port
+config.ssh.server_ciphers=Server ciphers
+config.ssh.server_macs=Server MACs
+config.ssh.server_algorithms=Server algorithms
+
+config.repo_config=Repozitorija konfigurācija
+config.repo.root_path=Root path
+config.repo.script_type=Script type
+config.repo.ansi_chatset=ANSI charset
+config.repo.force_private=Force private
+config.repo.max_creation_limit=Max creation limit
+config.repo.preferred_licenses=Preferred licenses
+config.repo.disable_http_git=Disable HTTP Git
+config.repo.enable_local_path_migration=Enable local path migration
+config.repo.enable_raw_file_render_mode=Enable raw file render mode
+config.repo.commits_fetch_concurrency=Commits fetch concurrency
+config.repo.editor.line_wrap_extensions=Editor line wrap extensions
+config.repo.editor.previewable_file_modes=Editor previewable file modes
+config.repo.upload.enabled=Upload enabled
+config.repo.upload.temp_path=Upload temporary path
+config.repo.upload.allowed_types=Upload allowed types
+config.repo.upload.file_max_size=Upload file size limit
+config.repo.upload.max_files=Upload files limit

 config.db_config=Datu bāzes konfigurācija
-config.db_type=Veids
-config.db_host=Resursdators
-config.db_name=Nosaukums
-config.db_user=Lietotājs
-config.db_ssl_mode=SSL režīms
-config.db_ssl_mode_helper=(tikai PostgreSQL datu bāzei)
-config.db_path=Ceļš
-config.db_path_helper=(priekš "sqlite3" and "tidb")
-config.service_config=Pakalpojuma konfigurācija
-config.register_email_confirm=Pieprasīt e-pasta apstiprināšanu
-config.disable_register=Atspējot jaunu lietotāju reģistrāciju
-config.show_registration_button=Rādīt reģistrēšanās pogu
-config.require_sign_in_view=Nepieciešama autorizācija
-config.mail_notify=Pasta paziņojumi
-config.disable_key_size_check=Atspējot atslēgas minimālā garuma pārbaudi
-config.enable_captcha=Iespējot drošības kodu
-config.active_code_lives=Aktīvā koda ilgums
-config.reset_password_code_lives=Paroles atiestatīšanas koda ilgums
-config.webhook_config=Tīkla āķu konfigurācija
-config.queue_length=Rindas garums
-config.deliver_timeout=Piegādes noildze
-config.skip_tls_verify=Izlaist TLS pārbaudi
-config.mailer_config=Sūtītāja konfigurācija
-config.mailer_enabled=Iespējots
-config.mailer_disable_helo=Atspējot HELO
-config.mailer_name=Nosaukums
-config.mailer_host=Resursdators
-config.mailer_user=Lietotājs
-config.send_test_mail=Nosūtīt pārbaudes e-pastu
-config.test_mail_failed=Neizdevās nosūtīt pārbaudes e-pasta vēstuli uz '%s': %v
-config.test_mail_sent=Pārbaudes e-pasta vēstule tika nosūtīta uz '%s'.
-config.oauth_config=OAuth konfigurācija
-config.oauth_enabled=Iespējota
-config.cache_config=Kešatmiņas konfigurācija
-config.cache_adapter=Kešatmiņas adapteris
-config.cache_interval=Kešatmiņas intervāls
-config.cache_conn=Kešatmiņas pieslēguma parametri
+config.db.type=Tips
+config.db.host=Host
+config.db.name=Datubāzes nosaukums
+config.db.schema=Schema
+config.db.schema_helper=(for "postgres" only)
+config.db.user=Datubāzes lietotājs
+config.db.ssl_mode=SSL mode
+config.db.ssl_mode_helper=(for "postgres" only)
+config.db.path=Path
+config.db.path_helper=(for "sqlite3"only)
+config.db.max_open_conns=Maximum open connections
+config.db.max_idle_conns=Maximum idle connections
+
+config.security_config=Security configuration
+config.security.login_remember_days=Login remember days
+config.security.cookie_remember_name=Remember cookie
+config.security.cookie_username=Username cookie
+config.security.cookie_secure=Enable secure cookie
+config.security.reverse_proxy_auth_user=Reverse proxy authentication header
+config.security.enable_login_status_cookie=Enable login status cookie
+config.security.login_status_cookie_name=Login status cookie
+config.security.local_network_allowlist=Local network allowlist
+
+config.email_config=E-pasta iestatījumi
+config.email.enabled=Iespējots
+config.email.subject_prefix=Subject prefix
+config.email.host=Host
+config.email.from=Sūtītājs
+config.email.user=Lietotājs
+config.email.disable_helo=Disable HELO
+config.email.helo_hostname=HELO hostname
+config.email.skip_verify=Skip certificate verify
+config.email.use_certificate=Use custom certificate
+config.email.cert_file=Certificate file
+config.email.key_file=Key file
+config.email.use_plain_text=Use plain text
+config.email.add_plain_text_alt=Add plain text alternative
+config.email.send_test_mail=Nosūtīt pārbaudes e-pastu
+config.email.test_mail_failed=Failed to send test email to '%s': %v
+config.email.test_mail_sent=Test email has been sent to '%s'.
+
+config.auth_config=Authentication configuration
+config.auth_custom_logout_url=Custom logout URL
+config.auth.activate_code_lives=Activate code lives
+config.auth.reset_password_code_lives=Reset password code lives
+config.auth.require_email_confirm=Require email confirmation
+config.auth.require_sign_in_view=Require sign in view
+config.auth.disable_registration=Disable registration
+config.auth.enable_registration_captcha=Enable registration captcha
+config.auth.enable_reverse_proxy_authentication=Enable reverse proxy authentication
+config.auth.enable_reverse_proxy_auto_registration=Enable reverse proxy auto registration
+config.auth.reverse_proxy_authentication_header=Reverse proxy authentication header
+
+config.user_config=User configuration
+config.user.enable_email_notify=Enable email notification
+
 config.session_config=Sesijas konfigurācja
-config.session_provider=Sesijas nodrošinātājs
-config.provider_config=Pakalpojumu sniedzēja konfigurācija
-config.cookie_name=Sīkdatnes nosaukums
-config.enable_set_cookie=Ļaut izmantot sīkdatnes
-config.gc_interval_time=GC laika intervāls
-config.session_life_time=Sesijas ilgums
-config.https_only=Tikai HTTPS
-config.cookie_life_time=Sīkdatņu glabāšanas ilgums
+config.session.provider=Provider
+config.session.provider_config=Provider config
+config.session.cookie_name=Cookie
+config.session.https_only=Tikai HTTPS
+config.session.gc_interval=GC interval
+config.session.max_life_time=Max life time
+config.session.csrf_cookie_name=CSRF cookie
+
+config.cache_config=Kešatmiņas konfigurācija
+config.cache.adapter=Adapter
+config.cache.interval=GC interval
+config.cache.host=Host
+
+config.http_config=HTTP konfigurācija
+config.http.access_control_allow_origin=Access control allow origin
+
+config.attachment_config=Attachment configuration
+config.attachment.enabled=Iespējots
+config.attachment.path=Path
+config.attachment.allowed_types=Atļautie tipi
+config.attachment.max_size=Maksimālais izmērs
+config.attachment.max_files=Maksimālais failu skaits
+
+config.release_config=Release configuration
+config.release.attachment.enabled=Pielikums iespējots
+config.release.attachment.allowed_types=Atļautie pielikuma tipi
+config.release.attachment.max_size=Pielikuma maksimālais izmērs
+config.release.attachment.max_files=Maksimālais pielikuma failu skaits
+
 config.picture_config=Attēlu konfigurācija
-config.picture_service=Lokāli attēli
-config.disable_gravatar=Atspējot Gravatar
+config.picture.avatar_upload_path=User avatar upload path
+config.picture.repo_avatar_upload_path=Repository avatar upload path
+config.picture.gravatar_source=Gravatar source
+config.picture.disable_gravatar=Disable Gravatar
+config.picture.enable_federated_avatar=Enable federated avatars
+
+config.mirror_config=Mirror configuration
+config.mirror.default_interval=Noklusētais intervāls
+
+config.webhook_config=Tīkla āķu konfigurācija
+config.webhook.types=Types
+config.webhook.deliver_timeout=Deliver timeout
+config.webhook.skip_tls_verify=Skip TLS verify
+
+config.git_config=Git konfigurācija
+config.git.disable_diff_highlight=Disable diff syntax highlight
+config.git.max_diff_lines=Diff lines limit (for a single file)
+config.git.max_diff_line_characters=Diff characters limit (for a single line)
+config.git.max_diff_files=Diff files limit (for a single diff)
+config.git.gc_args=GC arguments
+config.git.migrate_timeout=Migration timeout
+config.git.mirror_timeout=Mirror fetch timeout
+config.git.clone_timeout=Clone timeout
+config.git.pull_timeout=Pull timeout
+config.git.gc_timeout=GC timeout
+
+config.lfs_config=LFS configuration
+config.lfs.storage=Storage
+config.lfs.objects_path=Objects path
+
 config.log_config=Žurnalizēšanas konfigurācija
-config.log_mode=Žurnalizēšanas veids
+config.log_file_root_path=Žurnalizēšanas failu glabāšanas vieta
+config.log_mode=Režīms
+config.log_options=Opcijas

 monitor.cron=Cron uzdevumi
 monitor.name=Nosaukums
@@ -1074,17 +1385,24 @@ notices.delete_success=Sistēmas paziņojumi tika veiksmīgi izdzēstas.
 create_repo=izveidoja repozitoriju <a href="%s">%s</a>
 rename_repo=pārsauca repozitoriju no <code>%[1]s</code> uz <a href="%[2]s">%[3]s</a>
 commit_repo=veica izmaiņu nosūtīšanu atzaram <a href="%[1]s/src/%[2]s">%[3]s</a> repozitorijā <a href="%[1]s">%[4]s</a>
+compare_commits=Salīdzināt šīs %d revīzijas
+transfer_repo=mainīja repozitorija <code>%s</code> īpašnieku uz <a href="%s">%s</a>
 create_issue=`reģistrēja problēmu <a href="%s/issues/%s">%s#%[2]s</a>`
 close_issue=`slēdza problēmu <a href="%s/issues/%s">%s#%[2]s</a>`
 reopen_issue=`atkārtoti atvēra problēmu <a href="%s/issues/%s">%s#%[2]s</a>`
+comment_issue=`pievienoja komentāru problēmai <a href="%s/issues/%s">%s#%[2]s</a>`
 create_pull_request=`izveidoja izmaiņu pieprasījumu <a href="%s/pulls/%s">%s#%[2]s</a>`
 close_pull_request=`aizvēra izmaiņu pieprasījumu <a href="%s/pulls/%s">%s#%[2]s</a>`
 reopen_pull_request=`atkārtoti atvēra izmaiņu pieprasījumu <a href="%s/pulls/%s">%s#%[2]s</a>`
-comment_issue=`pievienoja komentāru problēmai <a href="%s/issues/%s">%s#%[2]s</a>`
 merge_pull_request=`sapludināja izmaiņu pieprasījumu <a href="%s/pulls/%s">%s#%[2]s</a>`
-transfer_repo=mainīja repozitorija <code>%s</code> īpašnieku uz <a href="%s">%s</a>
+create_branch=izveidoja jaunu atzaru <a href="%[1]s/src/%[2]s">%[3]s</a> repozitorijā <a href="%[1]s">%[4]s</a>
+delete_branch=izdzēsa atzaru <code>%[2]s</code> repozitorijā <a href="%[1]s">%[3]s</a>
 push_tag=pievienoja tagu <a href="%s/src/%s">%[2]s</a> repozitorijam <a href="%[1]s">%[3]s</a>
-compare_commits=Salīdzināt šīs %d revīzijas
+delete_tag=izdzēsa tagu <code>%[2]s</code> repozitorijā <a href="%[1]s">%[3]s</a>
+fork_repo=atdalīja repozitoriju uz <a href="%s">%s</a>
+mirror_sync_push=synced commits to <a href="%[1]s/src/%[2]s">%[3]s</a> at <a href="%[1]s">%[4]s</a> from mirror
+mirror_sync_create=synced new reference <a href="%s/src/%s">%[2]s</a> to <a href="%[1]s">%[3]s</a> from mirror
+mirror_sync_delete=synced and deleted reference <code>%[2]s</code> at <a href="%[1]s">%[3]s</a> from mirror

 [tool]
 ago=atpakaļ
@@ -1106,6 +1424,7 @@ months=%d mēneši %s
 years=%d gadi %s
 raw_seconds=sekundes
 raw_minutes=minūtes
+raw_hours=hours

 [dropzone]
 default_message=Ievelciet failus šeit vai noklikšķiniet, lai augšupielādētu.
--- a/Show More
+++ b/Show More