update changelog

Backport #20621

Some repositories do not have the PullRequest unit present in their configuration
and unfortunately the way that IsUserAllowedToUpdate currently works assumes
that this is an error instead of just returning false.

This PR simply swallows this error allowing the function to return false.

Fix #20621

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>

.changelog.yml

@@ -1,3 +1,6 @@
+# config for changelog tool
+# source: https://gitea.com/gitea/changelog
+
 # The full repository name
 repo: go-gitea/gitea
 
@@ -18,6 +21,10 @@ groups:
     name: SECURITY
     labels:
       - kind/security
+  -
+    name: FEDERATION
+    labels:
+      - theme/federation
   -
     name: FEATURES
     labels:

.eslintrc

@@ -13,19 +13,17 @@ plugins:
   - eslint-plugin-import
   - eslint-plugin-vue
   - eslint-plugin-html
+  - eslint-plugin-jquery
 
 extends:
   - plugin:vue/recommended
 
 env:
-  es2021: true
+  es2022: true
   node: true
 
 globals:
   __webpack_public_path__: true
-  CodeMirror: false
-  Dropzone: false
-  SimpleMDE: false
 
 settings:
   html/html-extensions: [".tmpl"]
@@ -34,7 +32,6 @@ overrides:
   - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
     env:
       browser: true
-      jquery: true
       node: false
   - files: ["templates/**/*.tmpl"]
     rules:
@@ -144,6 +141,55 @@ rules:
   import/unambiguous: [0]
   indent: [2, 2, {SwitchCase: 1}]
   init-declarations: [0]
+  jquery/no-ajax-events: [2]
+  jquery/no-ajax: [0]
+  jquery/no-animate: [2]
+  jquery/no-attr: [0]
+  jquery/no-bind: [2]
+  jquery/no-class: [0]
+  jquery/no-clone: [2]
+  jquery/no-closest: [0]
+  jquery/no-css: [0]
+  jquery/no-data: [0]
+  jquery/no-deferred: [2]
+  jquery/no-delegate: [2]
+  jquery/no-each: [0]
+  jquery/no-extend: [2]
+  jquery/no-fade: [0]
+  jquery/no-filter: [0]
+  jquery/no-find: [0]
+  jquery/no-global-eval: [2]
+  jquery/no-grep: [2]
+  jquery/no-has: [2]
+  jquery/no-hide: [0]
+  jquery/no-html: [0]
+  jquery/no-in-array: [2]
+  jquery/no-is-array: [2]
+  jquery/no-is-function: [2]
+  jquery/no-is: [0]
+  jquery/no-load: [2]
+  jquery/no-map: [0]
+  jquery/no-merge: [2]
+  jquery/no-param: [2]
+  jquery/no-parent: [0]
+  jquery/no-parents: [0]
+  jquery/no-parse-html: [2]
+  jquery/no-prop: [0]
+  jquery/no-proxy: [2]
+  jquery/no-ready: [0]
+  jquery/no-serialize: [2]
+  jquery/no-show: [0]
+  jquery/no-size: [2]
+  jquery/no-sizzle: [0]
+  jquery/no-slide: [0]
+  jquery/no-submit: [0]
+  jquery/no-text: [0]
+  jquery/no-toggle: [0]
+  jquery/no-trigger: [0]
+  jquery/no-trim: [2]
+  jquery/no-val: [0]
+  jquery/no-when: [2]
+  jquery/no-wrap: [2]
   key-spacing: [2]
   keyword-spacing: [2]
   line-comment-position: [0]
@@ -178,6 +224,7 @@ rules:
   no-confusing-arrow: [0]
   no-console: [1, {allow: [info, warn, error]}]
   no-const-assign: [2]
+  no-constant-binary-expression: [2]
   no-constant-condition: [0]
   no-constructor-return: [2]
   no-continue: [0]
@@ -284,7 +331,7 @@ rules:
   no-unused-expressions: [2]
   no-unused-labels: [2]
   no-unused-private-class-members: [2]
-  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, ignoreRestSiblings: false}]
+  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
   no-use-before-define: [2, nofunc]
   no-useless-backreference: [0]
   no-useless-call: [2]
@@ -388,12 +435,14 @@ rules:
   unicorn/no-thenable: [2]
   unicorn/no-this-assignment: [2]
   unicorn/no-unreadable-array-destructuring: [0]
+  unicorn/no-unreadable-iife: [2]
   unicorn/no-unsafe-regex: [0]
   unicorn/no-unused-properties: [2]
   unicorn/no-useless-fallback-in-spread: [2]
   unicorn/no-useless-length-check: [2]
   unicorn/no-useless-promise-resolve-reject: [2]
   unicorn/no-useless-spread: [2]
+  unicorn/no-useless-switch-case: [2]
   unicorn/no-useless-undefined: [0]
   unicorn/no-zero-fractions: [2]
   unicorn/number-literal-case: [0]
@@ -415,7 +464,9 @@ rules:
   unicorn/prefer-json-parse-buffer: [0]
   unicorn/prefer-math-trunc: [2]
   unicorn/prefer-modern-dom-apis: [0]
+  unicorn/prefer-modern-math-apis: [2]
   unicorn/prefer-module: [2]
+  unicorn/prefer-native-coercion-functions: [2]
   unicorn/prefer-negative-index: [2]
   unicorn/prefer-node-append: [0]
   unicorn/prefer-node-protocol: [0]
@@ -446,6 +497,7 @@ rules:
   unicorn/require-post-message-target-origin: [0]
   unicorn/string-content: [0]
   unicorn/template-indent: [2]
+  unicorn/text-encoding-identifier-case: [0]
   unicorn/throw-new-error: [2]
   use-isnan: [2]
   valid-typeof: [2, {requireStringLiterals: true}]

.gitattributes

@@ -1,8 +1,9 @@
 * text=auto eol=lf
-/vendor/** -text -eol linguist-vendored
-/public/vendor/** -text -eol linguist-vendored
-/templates/**/*.tmpl linguist-language=Handlebars
+*.tmpl linguist-language=Handlebars
 /.eslintrc linguist-language=YAML
 /.stylelintrc linguist-language=YAML
+/public/vendor/** -text -eol linguist-vendored
+/vendor/** -text -eol linguist-vendored
 /web_src/fomantic/build/** linguist-generated
+/web_src/js/vendor/** -text -eol linguist-vendored
 Dockerfile.* linguist-language=Dockerfile

.github/ISSUE_TEMPLATE/bug-report.yaml

@@ -1,5 +1,6 @@
 name: Bug Report
 description: Found something you weren't expecting? Report it here!
+labels: kind/bug
 body:
 - type: markdown
   attributes:
@@ -16,6 +17,16 @@ body:
       4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
       5. Please give all relevant information below for bug reports, because
          incomplete details will be handled as an invalid report.
+      6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
+         Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
+         In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
+- type: textarea
+  id: description
+  attributes:
+    label: Description
+    description: |
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
+      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
 - type: input
   id: gitea-ver
   attributes:
@@ -23,6 +34,34 @@ body:
     description: Gitea version (or commit reference) of your instance
   validations:
     required: true
+- type: dropdown
+  id: can-reproduce
+  attributes:
+    label: Can you reproduce the bug on the Gitea demo site?
+    description: |
+      If so, please provide a URL in the Description field
+      URL of Gitea demo: https://try.gitea.io
+    options:
+    - "Yes"
+    - "No"
+  validations:
+    required: true
+- type: markdown
+  attributes:
+    value: |
+      It's really important to provide pertinent logs
+      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
+      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
+- type: input
+  id: logs
+  attributes:
+    label: Log Gist
+    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: If this issue involves the Web Interface, please provide one or more screenshots
 - type: input
   id: git-ver
   attributes:
@@ -53,38 +92,3 @@ body:
     - MySQL
     - MSSQL
     - SQLite
-- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
-- type: markdown
-  attributes:
-    value: |
-      It's really important to provide pertinent logs
-      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
-- type: input
-  id: logs
-  attributes:
-    label: Log Gist
-    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
-- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
-      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
-- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If this issue involves the Web Interface, please provide one or more screenshots

.github/ISSUE_TEMPLATE/config.yml

@@ -1,10 +1,10 @@
-blank_issues_enabled: true
+blank_issues_enabled: false
 contact_links:
   - name: Security Concern
     url: https://tinyurl.com/security-gitea
     about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
   - name: Discord Server
-    url: https://discord.gg/gitea
+    url: https://discord.gg/Gitea
     about: Please ask questions and discuss configuration or deployment problems here.
   - name: Discourse Forum
     url: https://discourse.gitea.io

.github/ISSUE_TEMPLATE/feature-request.yaml

@@ -1,5 +1,6 @@
 name: Feature Request
 description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
+labels: ["kind/feature", "kind/proposal"]
 body:
 - type: markdown
   attributes:

.github/ISSUE_TEMPLATE/ui.bug-report.yaml

@@ -1,5 +1,6 @@
 name: Web Interface Bug Report
 description: Something doesn't look quite as it should?  Report it here!
+labels: ["kind/bug", "kind/ui"]
 body:
 - type: markdown
   attributes:
@@ -15,6 +16,23 @@ body:
       4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
       5. Please give all relevant information below for bug reports, because
          incomplete details will be handled as an invalid report.
+      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
+         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
+         DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
+- type: textarea
+  id: description
+  attributes:
+    label: Description
+    description: |
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
+      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: Please provide at least 1 screenshot showing the issue.
+  validations:
+    required: true
 - type: input
   id: gitea-ver
   attributes:
@@ -22,18 +40,6 @@ body:
     description: Gitea version (or commit reference) your instance is running
   validations:
     required: true
-- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to access Gitea
-- type: input
-  id: browser-ver
-  attributes:
-    label: Browser Version
-    description: The browser and version that you are using to access Gitea
-  validations:
-    required: true
 - type: dropdown
   id: can-reproduce
   attributes:
@@ -46,17 +52,15 @@ body:
     - "No"
   validations:
     required: true
-- type: textarea
-  id: description
+- type: input
+  id: os-ver
   attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
-      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
-- type: textarea
-  id: screenshots
+    label: Operating System
+    description: The operating system you are using to access Gitea
+- type: input
+  id: browser-ver
   attributes:
-    label: Screenshots
-    description: Please provide at least 1 screenshot showing the issue.
+    label: Browser Version
+    description: The browser and version that you are using to access Gitea
   validations:
     required: true

.golangci.yml

@@ -17,12 +17,15 @@ linters:
     - bidichk
     - ineffassign
     - revive
+    - gofumpt
+    - depguard
   enable-all: false
   disable-all: true
   fast: false
 
 run:
-  timeout: 3m
+  go: 1.18
+  timeout: 10m
   skip-dirs:
     - node_modules
     - public
@@ -61,6 +64,17 @@ linters-settings:
       - name: errorf
       - name: duplicated-imports
       - name: modifies-value-receiver
+  gofumpt:
+    extra-rules: true
+    lang-version: "1.18"
+  depguard:
+    # TODO: use depguard to replace import checks in gitea-vet
+    list-type: denylist
+    # Check the list against standard lib.
+    include-go-root: true
+    packages-with-error-message:
+      - encoding/json: "use gitea's modules/json instead of encoding/json"
+      - github.com/unknwon/com: "use gitea's util and replacements"
 
 issues:
   exclude-rules:

.stylelintrc

@@ -14,6 +14,7 @@ rules:
   declaration-block-no-redundant-longhand-properties: null
   declaration-block-single-line-max-declarations: null
   declaration-empty-line-before: null
+  function-no-unknown: null
   hue-degree-notation: null
   indentation: 2
   max-line-length: null

CONTRIBUTING.md

@@ -134,6 +134,15 @@ Some of the key points:
   if that is not related to your PR, please make *another* PR for that.
 * Split big pull requests into multiple small ones. An incremental change
   will be faster to review than a huge PR.
+* Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
+
+If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
+
+```
+## :warning: BREAKING :warning:
+```
+
+To explain how this could affect users and how to mitigate these changes.
 
 ## Styleguide
 
@@ -141,8 +150,8 @@ For imports you should use the following format (_without_ the comments)
 ```go
 import (
   // stdlib
-  "encoding/json"
   "fmt"
+  "math"
 
   // local packages
   "code.gitea.io/gitea/models"
@@ -203,13 +212,74 @@ In general, HTTP methods are chosen as follows:
  * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
  * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
 
-
 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
-
 ### Endpoints returning lists should
  * support pagination (`page` & `limit` options in query)
  * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
 
+## Large Character Comments
+
+Throughout the codebase there are large-text comments for sections of code, e.g.:
+
+```go
+// __________            .__               
+// \______   \ _______  _|__| ______  _  __
+//  |       _// __ \  \/ /  |/ __ \ \/ \/ /
+//  |    |   \  ___/\   /|  \  ___/\     / 
+//  |____|_  /\___  >\_/ |__|\___  >\/\_/  
+//         \/     \/             \/        
+```
+
+These were created using the `figlet` tool with the `graffiti` font.
+
+A simple way of creating these is to use the following:
+
+```bash
+figlet -f graffiti Review | sed  -e's+^+// +' - | xclip -sel clip -in
+```
+
+## Backports and Frontports
+
+Occasionally backports of PRs are required.
+
+The backported PR title should be:
+
+```
+Title of backported PR (#ORIGINAL_PR_NUMBER)
+```
+
+The first two lines of the summary of the backporting PR should be:
+
+```
+Backport #ORIGINAL_PR_NUMBER
+
+```
+
+with the rest of the summary matching the original PR. Similarly for frontports
+
+---
+
+The below is a script that may be helpful in creating backports. YMMV.
+
+```bash
+#!/bin/sh
+PR="$1"
+SHA="$2"
+VERSION="$3"
+
+if [ -z "$SHA" ]; then
+    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
+fi
+
+if [ -z "$VERSION" ]; then
+    VERSION="v1.16"
+fi
+
+echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
+git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
+git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
+
+```
 
 ## Developer Certificate of Origin (DCO)
 
@@ -351,15 +421,19 @@ be reviewed by two maintainers and must pass the automatic tests.
 * If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
 * Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
 * And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
-* If needed send PR for changelog on branch `main`.
+* If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
 * Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
+* Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
+  * bump the version of https://dl.gitea.io/gitea/version.json
+  * merge the blog post PR
+  * announce the release in discord `#announcements`
 
 ## Copyright
 
 Code that you contribute should use the standard copyright header:
 
 ```
-// Copyright 2020 The Gitea Authors. All rights reserved.
+// Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```

Dockerfile

@@ -1,7 +1,5 @@
-
-###################################
-#Build stage - temporarily using techknowlogick image until we upgrade to latest official alpine/go image
-FROM techknowlogick/go:1.17-alpine3.13 AS build-env
+#Build stage
+FROM golang:1.18-alpine3.16 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -25,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 
-FROM alpine:3.13
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"
 
 EXPOSE 22 3000

Dockerfile.rootless

@@ -1,7 +1,5 @@
-
-###################################
-#Build stage - temporarily using techknowlogick image until we upgrade to latest official alpine/go image
-FROM techknowlogick/go:1.17-alpine3.13 AS build-env
+#Build stage
+FROM golang:1.18-alpine3.16 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -25,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 
-FROM alpine:3.13
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"
 
 EXPOSE 2222 3000

MAINTAINERS

@@ -45,4 +45,5 @@ Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
 Leon Hofmeister <dev.lh@web.de> (@delvh) 
 Gusted <williamzijl7@hotmail.com) (@Gusted)
-singuliere <singuliere@autistici.org> (@singuliere)
+silentcode <silentcode@senga.org> (@silentcodeg)
+Wim <wim@42.be> (@42wim)

README.md

@@ -73,7 +73,7 @@ or if SQLite support is required:
 
 The `build` target is split into two sub-targets:
 
-- `make backend` which requires [Go 1.16](https://golang.org/dl/) or greater.
+- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
 - `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
 
 When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.

assets/favicon.svg

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
+	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
+<g>
+	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
+		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
+		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
+	<g>
+		<g>
+			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
+				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
+				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
+				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
+				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
+				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
+				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
+				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
+				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
+				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
+			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
+				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
+				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
+				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
+				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
+				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
+				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
+				C343.2,346.5,335,363.3,326.8,380.1z"/>
+		</g>
+	</g>
+</g>
+</svg>

build.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build vendor
-// +build vendor
 
 package main
 

build/code-batch-process.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ignore
-// +build ignore
 
 package main
 
@@ -40,7 +39,7 @@ func passThroughCmd(cmd string, args []string) error {
 	}
 	c := exec.Cmd{
 		Path:   foundCmd,
-		Args:   args,
+		Args:   append([]string{cmd}, args...),
 		Stdin:  os.Stdin,
 		Stdout: os.Stdout,
 		Stderr: os.Stderr,
@@ -136,7 +135,7 @@ func (fc *fileCollector) collectFiles() (res [][]string, err error) {
 }
 
 // substArgFiles expands the {file-list} to a real file list for commands
-func substArgFiles(args []string, files []string) []string {
+func substArgFiles(args, files []string) []string {
 	for i, s := range args {
 		if s == "{file-list}" {
 			newArgs := append(args[:i], files...)
@@ -229,9 +228,9 @@ func containsString(a []string, s string) bool {
 	return false
 }
 
-func giteaFormatGoImports(files []string) error {
+func giteaFormatGoImports(files []string, hasChangedFiles, doWriteFile bool) error {
 	for _, file := range files {
-		if err := codeformat.FormatGoImports(file); err != nil {
+		if err := codeformat.FormatGoImports(file, hasChangedFiles, doWriteFile); err != nil {
 			log.Printf("failed to format go imports: %s, err=%v", file, err)
 			return err
 		}
@@ -267,12 +266,13 @@ func main() {
 		logVerbose("batch cmd: %s %v", subCmd, substArgs)
 		switch subCmd {
 		case "gitea-fmt":
-			if containsString(subArgs, "-w") {
-				cmdErrors = append(cmdErrors, giteaFormatGoImports(files))
+			if containsString(subArgs, "-d") {
+				log.Print("the -d option is not supported by gitea-fmt")
 			}
-			cmdErrors = append(cmdErrors, passThroughCmd("gofmt", substArgs))
+			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", "1.17"}, substArgs...)))
 		case "misspell":
-			cmdErrors = append(cmdErrors, passThroughCmd("misspell", substArgs))
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("MISSPELL_PACKAGE")}, substArgs...)))
 		default:
 			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
 		}

build/codeformat/formatimports.go

@@ -7,6 +7,7 @@ package codeformat
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"io"
 	"os"
 	"sort"
@@ -20,8 +21,10 @@ var importPackageGroupOrders = map[string]int{
 
 var errInvalidCommentBetweenImports = errors.New("comments between imported packages are invalid, please move comments to the end of the package line")
 
-var importBlockBegin = []byte("\nimport (\n")
-var importBlockEnd = []byte("\n)")
+var (
+	importBlockBegin = []byte("\nimport (\n")
+	importBlockEnd   = []byte("\n)")
+)
 
 type importLineParsed struct {
 	group   string
@@ -59,8 +62,10 @@ func parseImportLine(line string) (*importLineParsed, error) {
 	return il, nil
 }
 
-type importLineGroup []*importLineParsed
-type importLineGroupMap map[string]importLineGroup
+type (
+	importLineGroup    []*importLineParsed
+	importLineGroupMap map[string]importLineGroup
+)
 
 func formatGoImports(contentBytes []byte) ([]byte, error) {
 	p1 := bytes.Index(contentBytes, importBlockBegin)
@@ -153,8 +158,8 @@ func formatGoImports(contentBytes []byte) ([]byte, error) {
 	return formattedBytes, nil
 }
 
-//FormatGoImports format the imports by our rules (see unit tests)
-func FormatGoImports(file string) error {
+// FormatGoImports format the imports by our rules (see unit tests)
+func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
 	f, err := os.Open(file)
 	if err != nil {
 		return err
@@ -177,11 +182,20 @@ func FormatGoImports(file string) error {
 	if bytes.Equal(contentBytes, formattedBytes) {
 		return nil
 	}
-	f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0644)
-	if err != nil {
+
+	if doChangedFiles {
+		fmt.Println(file)
+	}
+
+	if doWriteFile {
+		f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0o644)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+		_, err = f.Write(formattedBytes)
 		return err
 	}
-	defer f.Close()
-	_, err = f.Write(formattedBytes)
+
 	return err
 }

build/generate-bindata.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ignore
-// +build ignore
 
 package main
 
@@ -20,7 +19,7 @@ import (
 	"github.com/shurcooL/vfsgen"
 )
 
-func needsUpdate(dir string, filename string) (bool, []byte) {
+func needsUpdate(dir, filename string) (bool, []byte) {
 	needRegen := false
 	_, err := os.Stat(filename)
 	if err != nil {
@@ -50,7 +49,6 @@ func needsUpdate(dir string, filename string) (bool, []byte) {
 	newHash := hasher.Sum([]byte{})
 
 	if bytes.Compare(oldHash, newHash) != 0 {
-
 		return true, newHash
 	}
 
@@ -87,5 +85,5 @@ func main() {
 	if err != nil {
 		log.Fatalf("%v\n", err)
 	}
-	_ = os.WriteFile(filename+".hash", newHash, 0666)
+	_ = os.WriteFile(filename+".hash", newHash, 0o666)
 }

build/generate-emoji.go

@@ -4,7 +4,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ignore
-// +build ignore
 
 package main
 
@@ -30,9 +29,7 @@ const (
 	maxUnicodeVersion = 12
 )
 
-var (
-	flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
-)
+var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
 
 // Gemoji is a set of emoji data.
 type Gemoji []Emoji
@@ -68,7 +65,7 @@ func main() {
 	}
 
 	// write
-	err = os.WriteFile(*flagOut, buf, 0644)
+	err = os.WriteFile(*flagOut, buf, 0o644)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -109,7 +106,7 @@ func generate() ([]byte, error) {
 		return nil, err
 	}
 
-	var skinTones = make(map[string]string)
+	skinTones := make(map[string]string)
 
 	skinTones["\U0001f3fb"] = "Light Skin Tone"
 	skinTones["\U0001f3fc"] = "Medium-Light Skin Tone"
@@ -119,7 +116,7 @@ func generate() ([]byte, error) {
 
 	var tmp Gemoji
 
-	//filter out emoji that require greater than max unicode version
+	// filter out emoji that require greater than max unicode version
 	for i := range data {
 		val, _ := strconv.ParseFloat(data[i].UnicodeVersion, 64)
 		if int(val) <= maxUnicodeVersion {
@@ -158,7 +155,7 @@ func generate() ([]byte, error) {
 
 	// write a JSON file to use with tribute (write before adding skin tones since we can't support them there yet)
 	file, _ := json.Marshal(data)
-	_ = os.WriteFile("assets/emoji.json", file, 0644)
+	_ = os.WriteFile("assets/emoji.json", file, 0o644)
 
 	// Add skin tones to emoji that support it
 	var (

build/generate-gitignores.go

@@ -1,5 +1,4 @@
 //go:build ignore
-// +build ignore
 
 package main
 
@@ -34,7 +33,6 @@ func main() {
 	flag.Parse()
 
 	file, err := os.CreateTemp(os.TempDir(), prefix)
-
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
@@ -65,7 +63,6 @@ func main() {
 	}
 
 	gz, err := gzip.NewReader(file)
-
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
@@ -96,7 +93,6 @@ func main() {
 		}
 
 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")))
-
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
@@ -119,7 +115,7 @@ func main() {
 		}
 		// Write data to dst
 		dst = path.Join(destination, dst)
-		err = os.WriteFile(dst, data, 0644)
+		err = os.WriteFile(dst, data, 0o644)
 		if err != nil {
 			log.Fatalf("Failed to write new file. %s", err)
 		}

build/generate-images.js

@@ -1,13 +1,8 @@
+#!/usr/bin/env node
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize} from 'svgo';
 import {fabric} from 'fabric';
-import fs from 'fs';
-import {resolve, dirname} from 'path';
-import {fileURLToPath} from 'url';
-
-const {readFile, writeFile} = fs.promises;
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const logoFile = resolve(__dirname, '../assets/logo.svg');
+import {readFile, writeFile} from 'fs/promises';
 
 function exit(err) {
   if (err) console.error(err);
@@ -22,8 +17,10 @@ function loadSvg(svg) {
   });
 }
 
-async function generate(svg, outputFile, {size, bg}) {
-  if (outputFile.endsWith('.svg')) {
+async function generate(svg, path, {size, bg}) {
+  const outputFile = new URL(path, import.meta.url);
+
+  if (String(outputFile).endsWith('.svg')) {
     const {data} = optimize(svg, {
       plugins: [
         'preset-default',
@@ -68,17 +65,18 @@ async function generate(svg, outputFile, {size, bg}) {
 
 async function main() {
   const gitea = process.argv.slice(2).includes('gitea');
-  const svg = await readFile(logoFile, 'utf8');
+  const logoSvg = await readFile(new URL('../assets/logo.svg', import.meta.url), 'utf8');
+  const faviconSvg = await readFile(new URL('../assets/favicon.svg', import.meta.url), 'utf8');
 
   await Promise.all([
-    generate(svg, resolve(__dirname, '../public/img/logo.svg'), {size: 32}),
-    generate(svg, resolve(__dirname, '../public/img/logo.png'), {size: 512}),
-    generate(svg, resolve(__dirname, '../public/img/favicon.png'), {size: 180}),
-    generate(svg, resolve(__dirname, '../public/img/avatar_default.png'), {size: 200}),
-    generate(svg, resolve(__dirname, '../public/img/apple-touch-icon.png'), {size: 180, bg: true}),
-    gitea && generate(svg, resolve(__dirname, '../public/img/gitea.svg'), {size: 32}),
+    generate(logoSvg, '../public/img/logo.svg', {size: 32}),
+    generate(logoSvg, '../public/img/logo.png', {size: 512}),
+    generate(faviconSvg, '../public/img/favicon.svg', {size: 32}),
+    generate(faviconSvg, '../public/img/favicon.png', {size: 180}),
+    generate(logoSvg, '../public/img/avatar_default.png', {size: 200}),
+    generate(logoSvg, '../public/img/apple-touch-icon.png', {size: 180, bg: true}),
+    gitea && generate(logoSvg, '../public/img/gitea.svg', {size: 32}),
   ]);
 }
 
 main().then(exit).catch(exit);
-

build/generate-licenses.go

@@ -1,5 +1,4 @@
 //go:build ignore
-// +build ignore
 
 package main
 
@@ -34,7 +33,6 @@ func main() {
 	flag.Parse()
 
 	file, err := os.CreateTemp(os.TempDir(), prefix)
-
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
@@ -66,7 +64,6 @@ func main() {
 	}
 
 	gz, err := gzip.NewReader(file)
-
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
@@ -100,7 +97,6 @@ func main() {
 			continue
 		}
 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".txt")))
-
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}

build/generate-svg.js

@@ -1,13 +1,14 @@
+#!/usr/bin/env node
 import fastGlob from 'fast-glob';
 import {optimize} from 'svgo';
-import {resolve, parse, dirname} from 'path';
-import fs from 'fs';
+import {parse} from 'path';
+import {readFile, writeFile, mkdir} from 'fs/promises';
 import {fileURLToPath} from 'url';
 
-const {readFile, writeFile, mkdir} = fs.promises;
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
-const outputDir = resolve(__dirname, '../public/img/svg');
+const glob = (pattern) => fastGlob.sync(pattern, {
+  cwd: fileURLToPath(new URL('..', import.meta.url)),
+  absolute: true,
+});
 
 function exit(err) {
   if (err) console.error(err);
@@ -16,7 +17,6 @@ function exit(err) {
 
 async function processFile(file, {prefix, fullName} = {}) {
   let name;
-
   if (fullName) {
     name = fullName;
   } else {
@@ -35,7 +35,8 @@ async function processFile(file, {prefix, fullName} = {}) {
       {name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
     ],
   });
-  await writeFile(resolve(outputDir, `${name}.svg`), data);
+
+  await writeFile(fileURLToPath(new URL(`../public/img/svg/${name}.svg`, import.meta.url)), data);
 }
 
 function processFiles(pattern, opts) {
@@ -44,15 +45,14 @@ function processFiles(pattern, opts) {
 
 async function main() {
   try {
-    await mkdir(outputDir);
+    await mkdir(fileURLToPath(new URL('../public/img/svg', import.meta.url)), {recursive: true});
   } catch {}
 
   await Promise.all([
-    ...processFiles('../node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
-    ...processFiles('../web_src/svg/*.svg'),
-    ...processFiles('../public/img/gitea.svg', {fullName: 'gitea-gitea'}),
+    ...processFiles('node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
+    ...processFiles('web_src/svg/*.svg'),
+    ...processFiles('public/img/gitea.svg', {fullName: 'gitea-gitea'}),
   ]);
 }
 
 main().then(exit).catch(exit);
-

build/gitea-format-imports.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ignore
-// +build ignore
 
 package main
 

build/gocovmerge.go

@@ -7,7 +7,6 @@
 // merges them into one profile
 
 //go:build ignore
-// +build ignore
 
 package main
 
@@ -22,7 +21,7 @@ import (
 	"golang.org/x/tools/cover"
 )
 
-func mergeProfiles(p *cover.Profile, merge *cover.Profile) {
+func mergeProfiles(p, merge *cover.Profile) {
 	if p.Mode != merge.Mode {
 		log.Fatalf("cannot merge profiles with different modes")
 	}

cmd/admin.go

@@ -17,6 +17,7 @@ import (
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
@@ -25,6 +26,7 @@ import (
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
+	"code.gitea.io/gitea/modules/util"
 	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
 	"code.gitea.io/gitea/services/auth/source/smtp"
@@ -56,6 +58,7 @@ var (
 			microcmdUserList,
 			microcmdUserChangePassword,
 			microcmdUserDelete,
+			microcmdUserGenerateAccessToken,
 		},
 	}
 
@@ -113,6 +116,10 @@ var (
 				Name:  "access-token",
 				Usage: "Generate access token for the user",
 			},
+			cli.BoolFlag{
+				Name:  "restricted",
+				Usage: "Make a restricted user account",
+			},
 		},
 	}
 
@@ -154,6 +161,27 @@ var (
 		Action: runDeleteUser,
 	}
 
+	microcmdUserGenerateAccessToken = cli.Command{
+		Name:  "generate-access-token",
+		Usage: "Generate a access token for a specific user",
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "username,u",
+				Usage: "Username",
+			},
+			cli.StringFlag{
+				Name:  "token-name,t",
+				Usage: "Token name",
+				Value: "gitea-admin",
+			},
+			cli.BoolFlag{
+				Name:  "raw",
+				Usage: "Display only the token value",
+			},
+		},
+		Action: runGenerateAccessToken,
+	}
+
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@@ -463,7 +491,7 @@ func runChangePassword(c *cli.Context) error {
 		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
 	}
 	uname := c.String("username")
-	user, err := user_model.GetUserByName(uname)
+	user, err := user_model.GetUserByName(ctx, uname)
 	if err != nil {
 		return err
 	}
@@ -471,7 +499,7 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}
 
-	if err = user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}
 
@@ -525,11 +553,11 @@ func runCreateUser(c *cli.Context) error {
 	}
 
 	// always default to true
-	var changePassword = true
+	changePassword := true
 
 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(); n == 0 {
+	if n := user_model.CountUsers(nil); n == 0 {
 		changePassword = false
 	}
 
@@ -537,17 +565,26 @@ func runCreateUser(c *cli.Context) error {
 		changePassword = c.Bool("must-change-password")
 	}
 
+	restricted := util.OptionalBoolNone
+
+	if c.IsSet("restricted") {
+		restricted = util.OptionalBoolOf(c.Bool("restricted"))
+	}
+
 	u := &user_model.User{
 		Name:               username,
 		Email:              c.String("email"),
 		Passwd:             password,
-		IsActive:           true,
 		IsAdmin:            c.Bool("admin"),
 		MustChangePassword: changePassword,
-		Theme:              setting.UI.DefaultTheme,
 	}
 
-	if err := user_model.CreateUser(u); err != nil {
+	overwriteDefault := &user_model.CreateUserOverwriteOptions{
+		IsActive:     util.OptionalBoolTrue,
+		IsRestricted: restricted,
+	}
+
+	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
 		return fmt.Errorf("CreateUser: %v", err)
 	}
 
@@ -577,7 +614,6 @@ func runListUsers(c *cli.Context) error {
 	}
 
 	users, err := user_model.GetAllUsers()
-
 	if err != nil {
 		return err
 	}
@@ -601,7 +637,6 @@ func runListUsers(c *cli.Context) error {
 
 	w.Flush()
 	return nil
-
 }
 
 func runDeleteUser(c *cli.Context) error {
@@ -625,7 +660,7 @@ func runDeleteUser(c *cli.Context) error {
 	if c.IsSet("email") {
 		user, err = user_model.GetUserByEmail(c.String("email"))
 	} else if c.IsSet("username") {
-		user, err = user_model.GetUserByName(c.String("username"))
+		user, err = user_model.GetUserByName(ctx, c.String("username"))
 	} else {
 		user, err = user_model.GetUserByID(c.Int64("id"))
 	}
@@ -643,6 +678,41 @@ func runDeleteUser(c *cli.Context) error {
 	return user_service.DeleteUser(user)
 }
 
+func runGenerateAccessToken(c *cli.Context) error {
+	if !c.IsSet("username") {
+		return fmt.Errorf("You must provide the username to generate a token for them")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	user, err := user_model.GetUserByName(ctx, c.String("username"))
+	if err != nil {
+		return err
+	}
+
+	t := &models.AccessToken{
+		Name: c.String("token-name"),
+		UID:  user.ID,
+	}
+
+	if err := models.NewAccessToken(t); err != nil {
+		return err
+	}
+
+	if c.Bool("raw") {
+		fmt.Printf("%s\n", t.Token)
+	} else {
+		fmt.Printf("Access token was successfully created: %s\n", t.Token)
+	}
+
+	return nil
+}
+
 func runRepoSyncReleases(_ *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -653,9 +723,9 @@ func runRepoSyncReleases(_ *cli.Context) error {
 
 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
+		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
 			ListOptions: db.ListOptions{
-				PageSize: models.RepositoryListDefaultPageSize,
+				PageSize: repo_model.RepositoryListDefaultPageSize,
 				Page:     page,
 			},
 			Private: true,
@@ -669,7 +739,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 		log.Trace("Processing next %d repos of %d", len(repos), count)
 		for _, repo := range repos {
 			log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())
-			gitRepo, err := git.OpenRepository(repo.RepoPath())
+			gitRepo, err := git.OpenRepository(ctx, repo.RepoPath())
 			if err != nil {
 				log.Warn("OpenRepository: %v", err)
 				continue
@@ -826,7 +896,6 @@ func runUpdateOauth(c *cli.Context) error {
 
 	if c.IsSet("required-claim-name") {
 		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
-
 	}
 	if c.IsSet("required-claim-value") {
 		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
@@ -843,7 +912,7 @@ func runUpdateOauth(c *cli.Context) error {
 	}
 
 	// update custom URL mapping
-	var customURLMapping = &oauth2.CustomURLMapping{}
+	customURLMapping := &oauth2.CustomURLMapping{}
 
 	if oAuth2Config.CustomURLMapping != nil {
 		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
@@ -926,7 +995,7 @@ func runAddSMTP(c *cli.Context) error {
 	if !c.IsSet("port") {
 		return errors.New("port must be set")
 	}
-	var active = true
+	active := true
 	if c.IsSet("active") {
 		active = c.BoolT("active")
 	}
@@ -994,7 +1063,6 @@ func runListAuth(c *cli.Context) error {
 	}
 
 	authSources, err := auth.Sources()
-
 	if err != nil {
 		return err
 	}