chore: remove mssql x509negativeserial workaround (#37853 )

The following TLS handshake error is fixed by newer versions of mssql (refer to https://github.com/microsoft/mssql-docker/issues/895#issuecomment-2737646391) ``` TLS Handshake failed: tls: failed to parse certificate from server: x509: negative serial number ``` Based on https://github.com/microsoft/go-sqlcmd/issues/755#issuecomment-4491676993, newer versions of mssql don't have this problem. And there're changes going to mssql driver side to make this error more explicit https://github.com/microsoft/go-mssqldb/pull/356. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
[skip ci] Updated translations via Crowdin
2026-05-27 07:18:29 +00:00 · 2026-05-27 08:51:16 +02:00 · 2026-05-27 01:15:59 +00:00 · 2026-05-26 15:49:31 -07:00 · 2026-05-26 09:08:05 +00:00 · 2026-05-26 06:07:33 +00:00
2519 changed files with 15186 additions and 13675 deletions
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@@ -1,42 +0,0 @@
-<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
-
-<!--
-    1. Please speak English, this is the language all maintainers can speak and write.
-    2. Please ask questions or configuration/deploy problems on our Discord
-       server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
-    3. Please take a moment to check that your issue doesn't already exist.
-    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
-    5. Please give all relevant information below for bug reports, because
-       incomplete details will be handled as an invalid report.
-->
-
- Gitea version (or commit ref):
- Git version:
- Operating system:
-  <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package -->
-  <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. --->
-  <!-- If you are using a package or systemd tell us what distribution you are using -->
- Database (use `[x]`):
-  - [ ] PostgreSQL
-  - [ ] MySQL
-  - [ ] MSSQL
-  - [ ] SQLite
- Can you reproduce the bug at https://demo.gitea.com:
-  - [ ] Yes (provide example URL)
-  - [ ] No
- Log gist:
-<!-- It really is important to provide pertinent logs -->
-<!-- Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help -->
-<!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->
-
-## Description
-<!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please
-     disable the proxy/CDN fully and connect to gitea directly to confirm
-     the issue still persists without those services. -->
-
-...
-
-
-## Screenshots
-
-<!-- **If this issue involves the Web Interface, please include a screenshot** -->
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -1,91 +1,28 @@
 name: Bug Report
-description: Found something you weren't expecting? Report it here!
+description: Something isn't working as expected.
 labels: ["type/bug"]
 body:
  - type: markdown
    attributes:
      value: |
-        NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
-  - type: markdown
-    attributes:
-      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
-        3. Make sure you are using the latest release and
-           take a moment to check that your issue hasn't been reported before.
-        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
-        5. It's really important to provide pertinent details and logs (https://docs.gitea.com/help/support),
-           incomplete details will be handled as an invalid report.
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: |
-        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-        If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
+        - **Security issue?** Email security@gitea.io instead of opening a public issue.
+        - **Need help** with setup or configuration? Ask on [Discord](https://discord.gg/Gitea) or the [forum](https://forum.gitea.com).
+        - Search [existing issues](https://github.com/go-gitea/gitea/issues?q=is%3Aissue) first.
  - type: input
    id: gitea-ver
    attributes:
      label: Gitea Version
-      description: Gitea version (or commit reference) of your instance
    validations:
      required: true
-  - type: dropdown
-    id: can-reproduce
+  - type: textarea
+    id: description
    attributes:
-      label: Can you reproduce the bug on the Gitea demo site?
-      description: |
-        If so, please provide a URL in the Description field
-        URL of Gitea demo: https://demo.gitea.com
-      options:
-        - "Yes"
-        - "No"
+      label: What happened?
+      description: What you did, what you expected to happen, and what happened instead. Include logs if relevant.
    validations:
      required: true
-  - type: markdown
-    attributes:
-      value: |
-        It's really important to provide pertinent logs
-        Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help
-        In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
-  - type: input
-    id: logs
-    attributes:
-      label: Log Gist
-      description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      description: If this issue involves the Web Interface, please provide one or more screenshots
-  - type: input
-    id: git-ver
-    attributes:
-      label: Git Version
-      description: The version of git running on the server
-  - type: input
-    id: os-ver
-    attributes:
-      label: Operating System
-      description: The operating system you are using to run Gitea
-  - type: textarea
-    id: run-info
+    id: environment
    attributes:
      label: How are you running Gitea?
-      description: |
-        Please include information on whether you built Gitea yourself, used one of our downloads, are using https://demo.gitea.com or are using some other package
-        Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
-        If you are using a package or systemd tell us what distribution you are using
-    validations:
-      required: true
-  - type: dropdown
-    id: database
-    attributes:
-      label: Database
-      description: What database system are you running?
-      options:
-        - PostgreSQL
-        - MySQL/MariaDB
-        - MSSQL
-        - SQLite
+      description: Install method (binary, Docker, package), operating system, and database.
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -1,24 +1,20 @@
 name: Feature Request
-description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
+description: Suggest an idea for Gitea.
 labels: ["type/proposal"]
 body:
  - type: markdown
    attributes:
      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
-        3. Please take a moment to check that your feature hasn't already been suggested.
+        Search [existing issues](https://github.com/go-gitea/gitea/issues?q=is%3Aissue) first.
  - type: textarea
-    id: description
+    id: problem
    attributes:
-      label: Feature Description
-      placeholder: |
-        I think it would be great if Gitea had...
+      label: What problem would this solve?
    validations:
      required: true
  - type: textarea
-    id: screenshots
+    id: proposal
    attributes:
-      label: Screenshots
-      description: If you can, provide screenshots of an implementation on another site e.g. GitHub
+      label: What do you propose?
+    validations:
+      required: true
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -1,66 +0,0 @@
-name: Web Interface Bug Report
-description: Something doesn't look quite as it should?  Report it here!
-labels: ["type/bug", "topic/ui"]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
-  - type: markdown
-    attributes:
-      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://forum.gitea.com).
-        3. Please take a moment to check that your issue doesn't already exist.
-        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
-        5. Please give all relevant information below for bug reports, because
-           incomplete details will be handled as an invalid report.
-        6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
-           error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-           DEBUG level logs. (See https://docs.gitea.com/administration/logging-config#collecting-logs-for-help)
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: |
-        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-        If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      description: Please provide at least 1 screenshot showing the issue.
-    validations:
-      required: true
-  - type: input
-    id: gitea-ver
-    attributes:
-      label: Gitea Version
-      description: Gitea version (or commit reference) your instance is running
-    validations:
-      required: true
-  - type: dropdown
-    id: can-reproduce
-    attributes:
-      label: Can you reproduce the bug on the Gitea demo site?
-      description: |
-        If so, please provide a URL in the Description field
-        URL of Gitea demo: https://demo.gitea.com
-      options:
-        - "Yes"
-        - "No"
-    validations:
-      required: true
-  - type: input
-    id: os-ver
-    attributes:
-      label: Operating System
-      description: The operating system you are using to access Gitea
-  - type: input
-    id: browser-ver
-    attributes:
-      label: Browser Version
-      description: The browser and version that you are using to access Gitea
-    validations:
-      required: true
--- a/.github/actions/free-disk-space/action.yml
+++ b/.github/actions/free-disk-space/action.yml
@@ -0,0 +1,9 @@
+name: free-disk-space
+description: Free space on / before large cache restores
+
+# Delete preinstalled toolchains which gitea doesn't use
+runs:
+  using: composite
+  steps:
+    - shell: bash
+      run: sudo rm -rf /usr/local/lib/android /usr/local/.ghcup /opt/ghc /usr/share/dotnet
--- a/.github/actions/go-cache/action.yml
+++ b/.github/actions/go-cache/action.yml
@@ -1,47 +1,51 @@
 name: go-caches
-description: Restore and save go module, build, and golangci-lint caches
+description: Restore the go module, build, and golangci-lint caches. Save only on the cache-seeder workflow.
+
+# Only the cache-seeder workflow saves; rename requires updating cache-seeder.yml.
+# The lint job restores but does not save the gobuild cache, so only one writer
+# (the gobuild job) populates it and there is no contention on the cache key.

 inputs:
-  cache-name:
-    description: Short identifier used in the per-caller build cache key
-    required: true
-  build-cache:
-    description: Whether to include ~/.cache/go-build
-    default: "true"
-  build-cache-rotate:
-    description: Whether to rotate the build cache key per run so Go's test result cache can accumulate across runs
-    default: "false"
  lint-cache:
-    description: Whether to include ~/.cache/golangci-lint
+    description: Restore (and save in cache-seeder) ~/.cache/golangci-lint
    default: "false"

 runs:
  using: composite
  steps:
-    - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+    - if: ${{ github.workflow == 'cache-seeder' }}
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      with:
        path: ~/go/pkg/mod
        key: gomod-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
        restore-keys: gomod-${{ runner.os }}-${{ runner.arch }}
-    - if: ${{ inputs.build-cache == 'true' && inputs.build-cache-rotate == 'true' }}
-      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+    - if: ${{ github.workflow != 'cache-seeder' }}
+      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      with:
-        path: ~/.cache/go-build
-        key: gobuild-${{ runner.os }}-${{ runner.arch }}-${{ inputs.cache-name }}-${{ hashFiles('go.sum') }}-${{ github.run_id }}
-        restore-keys: |
-          gobuild-${{ runner.os }}-${{ runner.arch }}-${{ inputs.cache-name }}-${{ hashFiles('go.sum') }}
-          gobuild-${{ runner.os }}-${{ runner.arch }}-${{ inputs.cache-name }}
-          gobuild-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
-          gobuild-${{ runner.os }}-${{ runner.arch }}
-    - if: ${{ inputs.build-cache == 'true' && inputs.build-cache-rotate != 'true' }}
+        path: ~/go/pkg/mod
+        key: gomod-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
+        restore-keys: gomod-${{ runner.os }}-${{ runner.arch }}
+    - if: ${{ github.workflow == 'cache-seeder' && inputs.lint-cache != 'true' }}
      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      with:
        path: ~/.cache/go-build
        key: gobuild-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
        restore-keys: gobuild-${{ runner.os }}-${{ runner.arch }}
-    - if: ${{ inputs.lint-cache == 'true' }}
+    - if: ${{ github.workflow != 'cache-seeder' || inputs.lint-cache == 'true' }}
+      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      with:
+        path: ~/.cache/go-build
+        key: gobuild-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
+        restore-keys: gobuild-${{ runner.os }}-${{ runner.arch }}
+    - if: ${{ inputs.lint-cache == 'true' && github.workflow == 'cache-seeder' }}
      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      with:
        path: ~/.cache/golangci-lint
-        key: golangci-${{ runner.os }}-${{ runner.arch }}-${{ inputs.cache-name }}-${{ hashFiles('go.sum', '.golangci.yml') }}
-        restore-keys: golangci-${{ runner.os }}-${{ runner.arch }}-${{ inputs.cache-name }}
+        key: golint-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum', '.golangci.yml') }}
+        restore-keys: golint-${{ runner.os }}-${{ runner.arch }}
+    - if: ${{ inputs.lint-cache == 'true' && github.workflow != 'cache-seeder' }}
+      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      with:
+        path: ~/.cache/golangci-lint
+        key: golint-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum', '.golangci.yml') }}
+        restore-keys: golint-${{ runner.os }}-${{ runner.arch }}
--- a/.github/actions/go-setup/action.yml
+++ b/.github/actions/go-setup/action.yml
@@ -0,0 +1,24 @@
+name: go-setup
+description: Set up go and restore caches
+
+inputs:
+  cache:
+    description: Restore go caches
+    default: "true"
+  lint-cache:
+    description: Also restore the golangci-lint cache
+    default: "false"
+
+runs:
+  using: composite
+  steps:
+    - uses: ./.github/actions/free-disk-space
+    - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      with:
+        go-version-file: go.mod
+        check-latest: true
+        cache: false
+    - if: ${{ inputs.cache == 'true' }}
+      uses: ./.github/actions/go-cache
+      with:
+        lint-cache: ${{ inputs.lint-cache }}
--- a/.github/actions/node-setup/action.yml
+++ b/.github/actions/node-setup/action.yml
@@ -0,0 +1,22 @@
+name: node-setup
+description: Set up pnpm and node and restore caches
+
+inputs:
+  cache:
+    description: Cache pnpm downloads
+    default: "true"
+
+runs:
+  using: composite
+  steps:
+    - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
+    - if: ${{ inputs.cache == 'true' }}
+      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+      with:
+        node-version: 24
+        cache: pnpm
+        cache-dependency-path: pnpm-lock.yaml
+    - if: ${{ inputs.cache != 'true' }}
+      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+      with:
+        node-version: 24
--- a/.github/actions/pgsql-shard/action.yml
+++ b/.github/actions/pgsql-shard/action.yml
@@ -0,0 +1,40 @@
+name: pgsql-shard
+description: Run one pgsql integration test shard
+
+inputs:
+  shard:
+    description: Shard index
+    required: true
+  total-shards:
+    description: Total shard count
+    required: true
+  run-migration:
+    description: Also run migration tests
+    default: "false"
+
+runs:
+  using: composite
+  steps:
+    - name: Add hosts to /etc/hosts
+      shell: bash
+      run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 pgsql ldap minio" | sudo tee -a /etc/hosts'
+    - shell: bash
+      run: make deps-backend
+    - shell: bash
+      run: make backend
+      env:
+        TAGS: bindata
+    - name: run migration tests
+      if: ${{ inputs.run-migration == 'true' }}
+      shell: bash
+      run: GITEA_TEST_DATABASE=pgsql make test-migration
+    - name: run tests
+      shell: bash
+      run: GITEA_TEST_DATABASE=pgsql make test-integration
+      env:
+        # pgsql is chosen to be the unlucky one to run with the slow "race detector", it is about 60% slower.
+        GOTEST_FLAGS: -race -timeout=40m
+        TAGS: bindata gogit
+        TEST_LDAP: 1
+        TEST_SHARD: ${{ inputs.shard }}
+        TEST_TOTAL_SHARDS: ${{ inputs.total-shards }}
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,11 +1,9 @@
-<!-- start tips -->
-Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for backports.
-2. Use a Conventional Commits PR title, for example `fix(repo): handle empty branch names`.
-3. Make sure you have read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md .
-4. For documentations contribution, please go to https://gitea.com/gitea/docs
-5. Describe what your pull request does and which issue you're targeting (if any).
-6. It is recommended to enable "Allow edits by maintainers", so maintainers can help more easily.
-7. Your input here will be included in the commit message when this PR has been merged. If you don't want some content to be included, please separate them with a line like `---`.
-8. Delete all these tips before posting.
-<!-- end tips -->
+<!--
+Before submitting:
+- Target the `main` branch; release branches are for backports only.
+- Use a Conventional Commits title, e.g. `fix(repo): handle empty branch names`.
+- Read the contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
+- Documentation changes go to https://gitea.com/gitea/docs
+
+Describe your change below and link any issue it fixes.
+-->
--- a/.github/workflows/cache-seeder.yml
+++ b/.github/workflows/cache-seeder.yml
@@ -1,15 +1,9 @@
-# Populates the go module, build, and golangci-lint caches under the default
-# branch's cache scope so that PR runs have a warm fallback to restore from.
+# Populates main's cache scope so PR runs warm-start from it. Saves the go
+# module, go build (incl. test compile), and golangci-lint caches.
 #
-# GitHub Actions caches are scoped per ref: a PR run can only write to its own
-# branch's scope, but can read from the base branch's scope as a fallback.
-# PRs therefore cannot seed main's scope themselves. Running the same cache
-# steps on push-to-main is the only opportunity to populate that fallback
-# scope so fresh PR branches start with a useful cache on first run.
-
-# A PR job's exact key lives in its own PR-scope (empty on first run, filled
-# by later runs of the same PR); on miss, actions/cache's restore-keys fall
-# back to prefix matches against entries this seeder saves in main's scope.
+# Caches are ref-scoped: PR runs read their own scope then fall back to the
+# base branch. Per .github/actions/go-cache/action.yml, PRs are restore-only,
+# so push-to-main is the only opportunity to populate the fallback scope.

 name: cache-seeder

@@ -21,6 +15,7 @@ on:
      - "go.sum"
      - ".golangci.yml"
      - ".github/actions/go-cache/action.yml"
+      - ".github/actions/go-setup/action.yml"
      - ".github/workflows/cache-seeder.yml"

 concurrency:
@@ -35,17 +30,26 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: seed
-      - run: make deps-backend
+      - uses: ./.github/actions/go-setup
+      - run: make deps-backend deps-tools
      - run: TAGS="bindata" make backend
      - run: TAGS="bindata gogit" GOEXPERIMENT="" make backend
+      - name: warm test compile cache (bindata)
+        env:
+          TAGS: bindata
+          GOTEST_FLAGS: -race -list=^$$ -count=1
+        run: make test-backend
+      - name: warm test compile cache (bindata gogit)
+        env:
+          TAGS: bindata gogit
+          GOEXPERIMENT:
+          GOTEST_FLAGS: -race -list=^$$ -count=1
+        run: make test-backend
+      - name: warm integration compile cache
+        run: |
+          TAGS="bindata" make test-integration-compile
+          TAGS="bindata gogit" GOEXPERIMENT="" make test-integration-compile
+          TAGS="bindata gogit" GOTEST_FLAGS="-race" make test-integration-compile

  lint:
    runs-on: ubuntu-latest
@@ -53,19 +57,16 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - { job: lint-backend, tags: "bindata", target: "lint-backend" }
+          - { tags: "bindata", target: "lint-backend" }
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      - uses: ./.github/actions/go-setup
        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: ${{ matrix.job }}
          lint-cache: "true"
      - run: make deps-backend deps-tools
+      - run: make generate-go
+        env:
+          TAGS: ${{ matrix.tags }}
      - run: make ${{ matrix.target }}
        env:
          TAGS: ${{ matrix.tags }}
--- a/.github/workflows/files-changed.yml
+++ b/.github/workflows/files-changed.yml
@@ -25,6 +25,8 @@ on:
        value: ${{ jobs.detect.outputs.json }}
      e2e:
        value: ${{ jobs.detect.outputs.e2e }}
+      shell:
+        value: ${{ jobs.detect.outputs.shell }}

 permissions:
  contents: read
@@ -45,6 +47,7 @@ jobs:
      yaml: ${{ steps.changes.outputs.yaml }}
      json: ${{ steps.changes.outputs.json }}
      e2e: ${{ steps.changes.outputs.e2e }}
+      shell: ${{ steps.changes.outputs.shell }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
@@ -66,6 +69,8 @@ jobs:
              - "*.ts"
              - "web_src/**"
              - "tools/generate-svg.ts"
+              - "tools/generate-svg-vscode-extensions.json"
+              - "tsconfig.json"
              - "assets/emoji.json"
              - "package.json"
              - "pnpm-lock.yaml"
@@ -81,16 +86,18 @@ jobs:

            actions:
              - ".github/workflows/*"
+              - ".github/actions/**"
              - "Makefile"

            templates:
-              - "tools/lint-templates-*.js"
+              - "tools/lint-templates-*.ts"
              - "templates/**/*.tmpl"
              - "pyproject.toml"
              - "uv.lock"

            docker:
              - ".github/workflows/pull-docker-dryrun.yml"
+              - ".github/actions/docker-dryrun/**"
              - "Dockerfile"
              - "Dockerfile.rootless"
              - "docker/**"
@@ -118,8 +125,13 @@ jobs:
            json:
              - "**/*.json"
              - "**/*.json5"
+              - "eslint.json.config.ts"

            e2e:
              - "tests/e2e/**"
              - "tools/test-e2e.sh"
              - "playwright.config.ts"
+
+            shell:
+              - "**/*.sh"
+              - ".shellcheckrc"
--- a/.github/workflows/giteabot-backport.yml
+++ b/.github/workflows/giteabot-backport.yml
@@ -0,0 +1,26 @@
+name: giteabot backport
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
+jobs:
+  giteabot:
+    if: github.repository == 'go-gitea/gitea'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: go-gitea/giteabot@d4f19d5b4a88059d8c3ca78d660631506fc0c286 # add retry logic to giteabot
+        with:
+          github_token: ${{ secrets.GITEABOT_TOKEN }}
+          gitea_fork: giteabot/gitea
+          checks: backport
--- a/.github/workflows/giteabot.yml
+++ b/.github/workflows/giteabot.yml
@@ -1,9 +1,6 @@
 name: giteabot

 on:
-  push:
-    branches:
-      - main
  # pull_request_target gives this workflow access to GITEABOT_TOKEN on PRs from
  # forks, which the bot needs to write labels, statuses and comments. Safe here
  # because the job only runs a pinned action and never checks out PR HEAD.
@@ -24,9 +21,17 @@ on:
  schedule:
    - cron: "15 3 * * *"
  workflow_dispatch:
+    inputs:
+      checks:
+        description: Comma-separated list of non-backport checks to run
+        required: false
+        default: labels,merge_queue,lock,feedback,last_call,milestones,lgtm,translation_comment,pr_actions

 permissions:
  contents: read
+  issues: write
+  pull-requests: write
+  statuses: write

 concurrency:
  group: ${{ format('{0}-{1}', github.workflow, (github.event_name == 'pull_request_target' || github.event_name == 'pull_request_review') && format('pr-{0}', github.event.pull_request.number) || 'maintenance') }}
@@ -38,7 +43,9 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 30
    steps:
-      - uses: go-gitea/giteabot@8996d0b0e6c4ab066e3adcaf2c49b5d4cd15d7af # v1.0.1
+      # pull_request_review runs without repository secrets on fork PRs, so fall
+      # back to the workflow token for the non-backport checks handled here.
+      - uses: go-gitea/giteabot@d4f19d5b4a88059d8c3ca78d660631506fc0c286 # add retry logic to giteabot
        with:
-          github_token: ${{ secrets.GITEABOT_TOKEN }}
-          gitea_fork: giteabot/gitea
+          github_token: ${{ secrets.GITEABOT_TOKEN || github.token }}
+          checks: ${{ github.event.inputs.checks || 'labels,merge_queue,lock,feedback,last_call,milestones,lgtm,translation_comment,pr_actions' }}
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@@ -20,14 +20,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      - uses: ./.github/actions/go-setup
        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: lint-backend
          lint-cache: "true"
      - run: make deps-backend deps-tools
      - run: TAGS="bindata" make generate-go # lint-go also lints with "bindata" tags which requires "_bindata.go"
@@ -38,17 +32,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      - uses: ./.github/actions/go-setup
        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+          cache: "false"
+      - uses: ./.github/actions/node-setup
        with:
-          node-version: 24
-          cache: pnpm
-          cache-dependency-path: pnpm-lock.yaml
+          cache: "false"

      - run: make lint-spell

@@ -65,21 +54,16 @@ jobs:
      - if: needs.files-changed.outputs.actions == 'true'
        run: make lint-actions

+      - if: needs.files-changed.outputs.shell == 'true'
+        run: make lint-shell
+
  checks-backend:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: checks-backend
-          build-cache: "false"
+      - uses: ./.github/actions/go-setup
      - run: make deps-backend deps-tools
      - run: make --always-make checks-backend # ensure the "go-licenses" make target runs

@@ -89,12 +73,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-        with:
-          node-version: 24
-          cache: pnpm
-          cache-dependency-path: pnpm-lock.yaml
+      - uses: ./.github/actions/node-setup
      - run: make deps-frontend
      - run: make lint-frontend
      - run: make checks-frontend
@@ -107,14 +86,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: compliance-backend
+      - uses: ./.github/actions/go-setup
      - run: make deps-backend generate-go
      # no frontend build here as backend should be able to build, even without any frontend files
      # CGO is not used when cross-compile, so these steps also test if the code is compatible with CGO disabled
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@@ -14,10 +14,11 @@ jobs:
  files-changed:
    uses: ./.github/workflows/files-changed.yml

-  test-pgsql:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
+  test-pgsql-shard-1:
+    if: needs.files-changed.outputs.backend == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    timeout-minutes: 50
    services:
      pgsql:
        image: postgres:14
@@ -42,30 +43,47 @@ jobs:
          - "9000:9000"
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
+      - uses: ./.github/actions/go-setup
+      - uses: ./.github/actions/pgsql-shard
        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
+          shard: 1
+          total-shards: 2
+          run-migration: "true"
+
+  test-pgsql-shard-2:
+    if: needs.files-changed.outputs.backend == 'true'
+    needs: files-changed
+    runs-on: ubuntu-latest
+    timeout-minutes: 50
+    services:
+      pgsql:
+        image: postgres:14
+        env:
+          POSTGRES_DB: test
+          POSTGRES_PASSWORD: postgres
+        ports:
+          - "5432:5432"
+      ldap:
+        image: gitea/test-openldap:latest@sha256:4ac633b01d684e6b2a458cc0c8530c92f9b3702f6e040ce5f365607df34fbda0
+        ports:
+          - "389:389"
+          - "636:636"
+      minio:
+        # as github actions doesn't support "entrypoint", we need to use a non-official image
+        # that has a custom entrypoint set to "minio server /data"
+        image: bitnamilegacy/minio:2025.7.23
+        env:
+          MINIO_ROOT_USER: 123456
+          MINIO_ROOT_PASSWORD: 12345678
+        ports:
+          - "9000:9000"
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ./.github/actions/go-setup
+      - uses: ./.github/actions/pgsql-shard
        with:
-          cache-name: pgsql
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 pgsql ldap minio" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - name: run migration tests
-        run: GITEA_TEST_DATABASE=pgsql make test-migration
-      - name: run tests
-        run: GITEA_TEST_DATABASE=pgsql make test-integration
-        timeout-minutes: 50
-        env:
-          # pgsql is chosen to be the unlucky one to run with the slow "race detector", it is about 60% slower.
-          GOTEST_FLAGS: -race -timeout=40m
-          TAGS: bindata gogit
-          TEST_LDAP: 1
+          shard: 2
+          total-shards: 2

  test-sqlite:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
@@ -73,21 +91,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: sqlite
+      - uses: ./.github/actions/go-setup
      - run: make deps-backend
      - run: make backend
        env:
          TAGS: bindata gogit
          GOEXPERIMENT:
-      - name: run migration tests
-        run: GITEA_TEST_DATABASE=sqlite make test-migration
+      - run: GITEA_TEST_DATABASE=sqlite make test-migration
        env:
          TAGS: bindata gogit
      - name: run tests
@@ -100,7 +110,7 @@ jobs:
          GOEXPERIMENT:

  test-unit:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
+    if: needs.files-changed.outputs.backend == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    services:
@@ -109,6 +119,7 @@ jobs:
        env:
          discovery.type: single-node
          xpack.security.enabled: false
+          ES_JAVA_OPTS: "-Xms512m -Xmx512m" # reduce from ES default of 50%
        ports:
          - "9200:9200"
      meilisearch:
@@ -118,7 +129,7 @@ jobs:
        ports:
          - "7700:7700"
      redis:
-        image: redis:latest@sha256:94ea4f5ccdaa6b154df99a792986ecb3ffbb3fe7722a197220477f1f3e65f9fe
+        image: redis:latest@sha256:48e78eb9d1e1adcfb10184b2cc3c7fc5ed21e5a3be08875f239257d194bab8c9
        options: >- # wait until redis has started
          --health-cmd "redis-cli ping"
          --health-interval 5s
@@ -139,37 +150,31 @@ jobs:
          - 10000:10000
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: unit
-          build-cache-rotate: "true"
+      - uses: ./.github/actions/go-setup
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 minio devstoreaccount1.azurite.local mysql elasticsearch meilisearch smtpimap" | sudo tee -a /etc/hosts'
      - run: make deps-backend
-      - run: make backend
+      - run: make generate-go
        env:
          TAGS: bindata
      - name: unit-tests
-        run: make test-backend test-check
+        run: make test-backend
        env:
          GOTEST_FLAGS: -race -timeout=20m
          TAGS: bindata
          GITHUB_READ_TOKEN: ${{ secrets.GITHUB_READ_TOKEN }}
      - name: unit-tests-gogit
-        run: make test-backend test-check
+        run: make test-backend
        env:
          GOTEST_FLAGS: -race -timeout=20m
          TAGS: bindata gogit
          GOEXPERIMENT:
          GITHUB_READ_TOKEN: ${{ secrets.GITHUB_READ_TOKEN }}
+          GITEA_TEST_CI_SKIP_EXTERNAL: true
+      - run: make test-check

  test-mysql:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
+    if: needs.files-changed.outputs.backend == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    services:
@@ -188,6 +193,7 @@ jobs:
        env:
          discovery.type: single-node
          xpack.security.enabled: false
+          ES_JAVA_OPTS: "-Xms512m -Xmx512m" # reduce from ES default of 50%
        ports:
          - "9200:9200"
      smtpimap:
@@ -199,22 +205,14 @@ jobs:
          - "993:993"
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: mysql
+      - uses: ./.github/actions/go-setup
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch smtpimap" | sudo tee -a /etc/hosts'
      - run: make deps-backend
      - run: make backend
        env:
          TAGS: bindata
-      - name: run migration tests
-        run: GITEA_TEST_DATABASE=mysql make test-migration
+      - run: GITEA_TEST_DATABASE=mysql make test-migration
      - name: run tests
        run: GITEA_TEST_DATABASE=mysql make test-integration
        env:
@@ -222,7 +220,7 @@ jobs:
          TEST_INDEXER_CODE_ES_URL: "http://elastic:changeme@elasticsearch:9200"

  test-mssql:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
+    if: needs.files-changed.outputs.backend == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    services:
@@ -240,14 +238,7 @@ jobs:
          - 10000:10000
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: mssql
+      - uses: ./.github/actions/go-setup
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mssql devstoreaccount1.azurite.local" | sudo tee -a /etc/hosts'
      - run: make deps-backend
--- a/.github/workflows/pull-e2e-tests.yml
+++ b/.github/workflows/pull-e2e-tests.yml
@@ -20,21 +20,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-          cache: false
-      - uses: ./.github/actions/go-cache
-        with:
-          cache-name: e2e
-          build-cache: "false"
-      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-        with:
-          node-version: 24
-          cache: pnpm
-          cache-dependency-path: pnpm-lock.yaml
+      - uses: ./.github/actions/go-setup
+      - uses: ./.github/actions/node-setup
      - run: make deps-frontend
      - run: make frontend
      - run: make deps-backend
--- a/.github/workflows/pull-labeler.yml
+++ b/.github/workflows/pull-labeler.yml
@@ -1,8 +1,10 @@
 name: labeler

 on:
-  pull_request_target:
-    types: [opened, synchronize, reopened]
+  # pull_request_target is required to label PRs from forks; jobs only use pinned
+  # actions or base-branch checkout, never PR-head code.
+  pull_request_target: # zizmor: ignore[dangerous-triggers]
+    types: [opened, synchronize, reopened, edited, ready_for_review]

 concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -18,3 +20,28 @@ jobs:
      - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0
        with:
          sync-labels: true
+
+  pr-title:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      # Base-branch checkout only: pull_request_target runs with elevated token; never run PR-head code here.
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event.pull_request.base.sha }}
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+        with:
+          node-version: 24
+      # Labels are only synced after the title lints, so an invalid title never reaches the label diff.
+      - run: node ./tools/ci-tools.ts lint-pr-title
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+      - run: node ./tools/ci-tools.ts set-pr-labels
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          GITHUB_TOKEN: ${{ github.token }}
--- a/.github/workflows/pull-pr-title.yml
+++ b/.github/workflows/pull-pr-title.yml
@@ -1,31 +0,0 @@
-name: pr-title
-
-on:
-  pull_request:
-    types:
-      - opened
-      - edited
-      - reopened
-      - synchronize
-      - ready_for_review
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  lint-pr-title:
-    if: github.event.pull_request.draft == false
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-        with:
-          node-version: 24
-      - run: make lint-pr-title
-        env:
-          PR_TITLE: ${{ github.event.pull_request.title }}
--- a/.github/workflows/release-nightly-snapcraft.yml
+++ b/.github/workflows/release-nightly-snapcraft.yml
@@ -0,0 +1,41 @@
+name: release-nightly-snapcraft
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-latest
+
+    env:
+      SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Install snapcraft
+        run: sudo snap install snapcraft --classic
+
+      - name: Remote build
+        run: |
+          snapcraft remote-build \
+            --launchpad-accept-public-upload \
+            --build-for=amd64,arm64,armhf
+
+      - name: List built snaps
+        run: find . -maxdepth 1 -type f -name '*.snap' -print
+
+      - name: Upload and release snapcraft nightly build
+        run: |
+          set -euo pipefail
+
+          for snap in ./*.snap; do
+            echo "Uploading $snap to edge"
+            snapcraft upload --release="latest/edge" "$snap"
+          done
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -43,7 +43,7 @@ linters:
              desc: use os or io instead
            - pkg: golang.org/x/exp
              desc: it's experimental and unreliable
-            - pkg: code.gitea.io/gitea/modules/git/internal
+            - pkg: gitea.dev/modules/git/internal
              desc: do not use the internal package, use AddXxx function instead
            - pkg: gopkg.in/ini.v1
              desc: do not use the ini package, use gitea's config system instead
@@ -55,9 +55,9 @@ linters:
          files:
            - '**/models/migrations/**/*.go'
          deny:
-            - pkg: code.gitea.io/gitea/models$
+            - pkg: gitea.dev/models$
              desc: migrations must not depend on the models package
-            - pkg: code.gitea.io/gitea/modules/structs
+            - pkg: gitea.dev/modules/structs
              desc: migrations must not depend on modules/structs (API structures change over time)
    nolintlint:
      allow-unused: false
@@ -173,7 +173,7 @@ formatters:
      custom-order: true
      sections:
        - standard
-        - prefix(code.gitea.io/gitea)
+        - prefix(gitea.dev)
        - blank
        - default
    gofumpt:
--- a/.shellcheckrc
+++ b/.shellcheckrc
@@ -0,0 +1 @@
+disable=SC1091,SC2001,SC2002,SC2016,SC2028,SC2046,SC2124,SC2128,SC2129,SC2154,SC2155,SC2164,SC2181,SC2207
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -7,7 +7,7 @@
 - Run single playwright e2e test files with `GITEA_TEST_E2E_FLAGS='<filepath>' make test-e2e`
 - Add the current year into the copyright header of new `.go` files
 - Ensure no trailing whitespace in edited files
- Use Conventional Commits format for commit messages and PR titles (for example `type(scope): subject`; place `!` immediately before the colon when the change is breaking)
+- Use Conventional Commits for commit messages and PR titles, e.g. `type(scope): subject`; `!` before the colon if breaking. Use `test` type for test-only changes.
 - Never force-push, amend, or squash unless asked. Use new commits and normal push for pull request updates
 - Preserve existing code comments, do not remove or rewrite comments that are still relevant
 - Keep comments short, prefer same-line, explain why, never narrate code
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,68 @@ This changelog goes through the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).

+## [1.26.2](https://github.com/go-gitea/gitea/releases/tag/1.26.2) - 2026-05-20
+
+* SECURITY
+  * fix(permissions): Fix reading permission (#37769)
+  * fix(actions): make artifact signature payloads unambiguous (#37707)
+  * fix: Unify public-only token filtering in API queries and repo access checks (#37118)
+  * fix: Add missed token scope checking (#37735)
+  * fix(oauth): bind token exchanges to the original client request (#37704)
+  * fix(oauth): strengthen PKCE validation and refresh token replay protection (#37706)
+  * fix(web): enforce token scopes on raw, media, and attachment downloads (#37698)
+  * fix(security): enforce wiki git writes and LFS token access at request time (#37695)
+  * feat(api): encrypt AWS creds (#37679)
+  * fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test
+  * fix(packages): Add label for private and internal package and fix composor package source permission check (#37610)
+  * fix(git): Fix smart http request scope bug (#37583)
+  * Fix basic auth bug (#37503)
+  * Fix allow maintainer edit permission check (#37479) (#37484)
+  * Fix URL sanitization to handle schemeless credentials (#37440) (#37471)
+  * Fix attachment Content-Security-Policy (#37455) (#37464)
+  * chore(deps): bump go-git/go-git/v5 to 5.19.0 (#37608)
+
+* BUGFIXES
+  * fix(pull): handle empty pull request files view to allow reviews (#37783)
+  * fix(markup): make RenderString never fail (#37779)
+  * fix: add natural sort to sortTreeViewNodes (#37772)
+  * fix: package creation unique conflict (#37774)
+  * fix!: add DEFAULT_TITLE_SOURCE setting for pull request title default behavior (#37465)
+  * fix: Allow direct commits for unprotected files with push restrictions (#37657)
+  * fix(actions): wrong assumption that run id always >= job id (#37737)
+  * fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register (#37564) (#37588)
+  * fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState (#37692)
+  * fix(repo): /generate must sync the branch table for the new repo (#37693)
+  * build: Fix snap build (1.26)
+  * fix(actions): run TransferLogs on UpdateLog{Rows:[], NoMore:true} (#37631)
+  * fix show correct mergebase
+  * fix: make clone URL respect public URL detection setting (#37615)
+  * fix: "run as root" check (#37622)
+  * chore(deps): update dependency go to v1.26.3 (#37601)
+  * Compare dropdown fails when selecting branch with no common merge-base (#37470)
+  * fix: treat email addresses case-insensitively (#37600)
+  * fix(actions): fix blank lines after ::endgroup:: (#37597)
+  * fix(actions): report individual step status in workflow job API response (#37592)
+  * fix: Invalid UTF-8 commit messages in JSON API responses (#37542)
+  * fix: use consistent GetUser family functions (#37553)
+  * fix(api): return 409 message instead of empty JSON for wrong commit id (#37572)
+  * fix(actions): prevent panic when workflow contains null jobs (#37570)
+  * Make ServeSetHeaders default to download attachment if filename exists (#37552) (#37555)
+  * Fix(actions): validate workflow param to prevent 500 error (#37546) (#37554)
+  * Don't unblock run-level-concurrency-blocked runs in the resolver (#37461) (#37538)
+  * Fix(packages): use file names for generic web downloads (#37514) (#37520)
+  * Fix merge autodetect can't close other PRs but only the last one when multiple PRs are pushed at once (#37512) (#37516)
+  * Fix update branch protection order (#37508) (#37513)
+  * Fix mCaptcha broken after Vite migration (#37492) (#37509)
+  * Fix review submission from single-commit PR view (#37475) (#37485)
+  * Fix scheduled action panic with null event payload (#37459) (#37466)
+  * Make GetPossibleUserByID can handle deleted user (#37430) (#37431)
+  * Remove excessive quote from terraform instructions (#37424) (#37426)
+  * Fix color regressions, add `priority` color (#37417) (#37421)
+
+* MISC
+  * Add CurrentURL template variable back (#37444) (#37449)
+
 ## [1.26.1](https://github.com/go-gitea/gitea/releases/tag/v1.26.1) - 2026-04-21

 * BUGFIXES
--- a/6
+++ b/6
@@ -21,7 +21,7 @@ RUN apk --no-cache add \
    build-base \
    git

-WORKDIR ${GOPATH}/src/code.gitea.io/gitea
+WORKDIR ${GOPATH}/src/gitea.dev
 COPY go.mod go.sum ./
 RUN go mod download
 # Use COPY instead of bind mount as read-only one breaks makefile state tracking and read-write one needs binary to be moved as it's discarded.
@@ -42,7 +42,7 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
              /tmp/local/etc/s6/gitea/* \
              /tmp/local/etc/s6/openssh/* \
              /tmp/local/etc/s6/.s6-svscan/* \
-              /go/src/code.gitea.io/gitea/gitea
+              /go/src/gitea.dev/gitea

 FROM docker.io/library/alpine:3.23 AS gitea

@@ -74,7 +74,7 @@ RUN addgroup \
  echo "git:*" | chpasswd -e

 COPY --from=build-env /tmp/local /
-COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+COPY --from=build-env /go/src/gitea.dev/gitea /app/gitea/gitea

 ENV USER=git
 ENV GITEA_CUSTOM=/data/gitea
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -21,7 +21,7 @@ RUN apk --no-cache add \
    build-base \
    git

-WORKDIR ${GOPATH}/src/code.gitea.io/gitea
+WORKDIR ${GOPATH}/src/gitea.dev
 COPY go.mod go.sum ./
 RUN go mod download
 # See the comments in Dockerfile
@@ -37,7 +37,7 @@ COPY docker/rootless /tmp/local

 # Set permissions for builds that made under windows which strips the executable bit from file
 RUN chmod 755 /tmp/local/usr/local/bin/* \
-              /go/src/code.gitea.io/gitea/gitea
+              /go/src/gitea.dev/gitea

 FROM docker.io/library/alpine:3.23 AS gitea-rootless

@@ -68,7 +68,7 @@ RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea

 COPY --from=build-env /tmp/local /
-COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+COPY --from=build-env --chown=root:root /go/src/gitea.dev/gitea /app/gitea/gitea

 # git:git
 USER 1000:1000
--- a/37
+++ b/37
@@ -11,7 +11,7 @@ COMMA := ,

 XGO_VERSION := go-1.26.x

-AIR_PACKAGE ?= github.com/air-verse/air@v1.65.1 # renovate: datasource=go
+AIR_PACKAGE ?= github.com/air-verse/air@v1.65.2 # renovate: datasource=go
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.6.1 # renovate: datasource=go
 GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
@@ -20,6 +20,9 @@ SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.2 # renova
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@v1.9.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1.3.0 # renovate: datasource=go
 ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.7.12 # renovate: datasource=go
+SHELLCHECK_IMAGE ?= docker.io/koalaman/shellcheck:v0.11.0@sha256:61862eba1fcf09a484ebcc6feea46f1782532571a34ed51fedf90dd25f925a8d # renovate: datasource=docker
+
+CONTAINER_RUNTIME ?= $(shell hash docker >/dev/null 2>&1 && echo docker || echo podman)

 HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes)
 ifeq ($(HAS_GO), yes)
@@ -110,8 +113,8 @@ LDFLAGS := $(LDFLAGS) -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64,linux/riscv64

-GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration,$(shell $(GO) list ./... | grep -v /vendor/))
-MIGRATE_TEST_PACKAGES ?= $(shell $(GO) list code.gitea.io/gitea/models/migrations/...)
+GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list gitea.dev/models/migrations/...) gitea.dev/tests/integration/migration-test gitea.dev/tests gitea.dev/tests/integration,$(shell $(GO) list ./... | grep -v /vendor/))
+MIGRATE_TEST_PACKAGES ?= $(shell $(GO) list gitea.dev/models/migrations/...)

 FRONTEND_SOURCES := $(shell find web_src/js web_src/css -type f)
 FRONTEND_CONFIGS := vite.config.ts tailwind.config.ts
@@ -271,7 +274,7 @@ checks-frontend: lockfile-check svg-check ## check frontend files
 checks-backend: tidy-check swagger-check openapi3-check fmt-check swagger-validate security-check ## check backend files

 .PHONY: lint
-lint: lint-frontend lint-backend lint-templates lint-swagger lint-spell lint-md lint-actions lint-json lint-yaml ## lint everything
+lint: lint-frontend lint-backend lint-templates lint-swagger lint-spell lint-md lint-actions lint-json lint-yaml lint-shell ## lint everything

 .PHONY: lint-fix
 lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix ## lint everything and fix issues
@@ -318,10 +321,6 @@ lint-md: node_modules ## lint markdown files
 lint-md-fix: node_modules ## lint markdown files and fix issues
 	pnpm exec markdownlint --fix *.md

-.PHONY: lint-pr-title
-lint-pr-title: ## lint PR title against Conventional Commits (set PR_TITLE=...)
-	@node ./tools/lint-pr-title.ts
-
 .PHONY: lint-spell
 lint-spell: ## lint spelling
 	@git ls-files $(SPELLCHECK_FILES) | xargs go run $(MISSPELL_PACKAGE) -dict assets/misspellings.csv -error
@@ -348,6 +347,10 @@ lint-actions: .venv ## lint action workflow files
 	@$(GO) run $(ACTIONLINT_PACKAGE)
 	@uv run --frozen zizmor --quiet --min-confidence=medium .github

+.PHONY: lint-shell
+lint-shell: ## lint shell scripts
+	@SHELLCHECK_IMAGE=$(SHELLCHECK_IMAGE) CONTAINER_RUNTIME=$(CONTAINER_RUNTIME) ./tools/lint-shell.sh $$(git ls-files '*.sh')
+
 .PHONY: lint-templates
 lint-templates: .venv node_modules ## lint template files
 	@node tools/lint-templates-svg.ts
@@ -444,19 +447,23 @@ test-integration:
 	@# Use a compiled binary: testlogger forwards gitea logs to t.Log, so `go test -v`
 	@# would flood output per passing test. testcache can't help these tests anyway —
 	@# they mutate the work directory, so cache inputs change between runs.
-	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' -c code.gitea.io/gitea/tests/integration -o ./test-integration-$(GITEA_TEST_DATABASE).test
-	./test-integration-$(GITEA_TEST_DATABASE).test
+	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' -c gitea.dev/tests/integration -o ./test-integration-$(GITEA_TEST_DATABASE).test
+	./tools/test-integration.sh ./test-integration-$(GITEA_TEST_DATABASE).test
+
+.PHONY: test-integration-compile
+test-integration-compile:
+	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' -c -o /dev/null gitea.dev/tests/integration

 .PHONY: test-integration\#%
 test-integration\#%:
-	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' -run $(subst .,/,$*) code.gitea.io/gitea/tests/integration
+	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' -run $(subst .,/,$*) gitea.dev/tests/integration

 .PHONY: test-migration
 test-migration: migrations.integration.test migrations.individual.test

 .PHONY: migrations.integration.test
 migrations.integration.test:
-	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' code.gitea.io/gitea/tests/integration/migration-test
+	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' gitea.dev/tests/integration/migration-test

 .PHONY: migrations.individual.test
 migrations.individual.test:
@@ -465,15 +472,15 @@ migrations.individual.test:

 .PHONY: migrations.individual.test\#%
 migrations.individual.test\#%:
-	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' code.gitea.io/gitea/models/migrations/$*
+	$(GO) test $(GOTEST_FLAGS) -tags '$(TAGS)' gitea.dev/models/migrations/$*

 .PHONY: playwright
 playwright: deps-frontend
-	@./tools/test-e2e.sh install
+	@CONTAINER_RUNTIME=$(CONTAINER_RUNTIME) ./tools/test-e2e.sh install

 .PHONY: test-e2e
 test-e2e: playwright frontend backend
-	@EXECUTABLE=$(EXECUTABLE) ./tools/test-e2e.sh run $(GITEA_TEST_E2E_FLAGS)
+	@CONTAINER_RUNTIME=$(CONTAINER_RUNTIME) EXECUTABLE=$(EXECUTABLE) ./tools/test-e2e.sh run $(GITEA_TEST_E2E_FLAGS)

 .PHONY: build
 build: frontend backend ## build everything
--- a/README.md
+++ b/README.md
@@ -2,8 +2,8 @@

 [![](https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml/badge.svg?branch=main)](https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml?query=branch%3Amain "Release Nightly")
 [![](https://img.shields.io/discord/322538954119184384.svg?logo=discord&logoColor=white&label=Discord&color=5865F2)](https://discord.gg/Gitea "Join the Discord chat at https://discord.gg/Gitea")
-[![](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea "Go Report Card")
-[![](https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg)](https://pkg.go.dev/code.gitea.io/gitea "GoDoc")
+[![](https://goreportcard.com/badge/gitea.dev)](https://goreportcard.com/report/gitea.dev "Go Report Card")
+[![](https://pkg.go.dev/badge/gitea.dev?status.svg)](https://pkg.go.dev/gitea.dev "GoDoc")
 [![](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest "GitHub release")
 [![](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea "Help Contribute to Open Source")
 [![](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea "Become a backer/sponsor of gitea")
--- a/README.zh-cn.md
+++ b/README.zh-cn.md
@@ -2,8 +2,8 @@

 [![](https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml/badge.svg?branch=main)](https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml?query=branch%3Amain "Release Nightly")
 [![](https://img.shields.io/discord/322538954119184384.svg?logo=discord&logoColor=white&label=Discord&color=5865F2)](https://discord.gg/Gitea "Join the Discord chat at https://discord.gg/Gitea")
-[![](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea "Go Report Card")
-[![](https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg)](https://pkg.go.dev/code.gitea.io/gitea "GoDoc")
+[![](https://goreportcard.com/badge/gitea.dev)](https://goreportcard.com/report/gitea.dev "Go Report Card")
+[![](https://pkg.go.dev/badge/gitea.dev?status.svg)](https://pkg.go.dev/gitea.dev "GoDoc")
 [![](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest "GitHub release")
 [![](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea "Help Contribute to Open Source")
 [![](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea "Become a backer/sponsor of gitea")
--- a/README.zh-tw.md
+++ b/README.zh-tw.md
@@ -2,8 +2,8 @@

 [![](https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml/badge.svg?branch=main)](https://github.com/go-gitea/gitea/actions/workflows/release-nightly.yml?query=branch%3Amain "Release Nightly")
 [![](https://img.shields.io/discord/322538954119184384.svg?logo=discord&logoColor=white&label=Discord&color=5865F2)](https://discord.gg/Gitea "Join the Discord chat at https://discord.gg/Gitea")
-[![](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea "Go Report Card")
-[![](https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg)](https://pkg.go.dev/code.gitea.io/gitea "GoDoc")
+[![](https://goreportcard.com/badge/gitea.dev)](https://goreportcard.com/report/gitea.dev "Go Report Card")
+[![](https://pkg.go.dev/badge/gitea.dev?status.svg)](https://pkg.go.dev/gitea.dev "GoDoc")
 [![](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest "GitHub release")
 [![](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea "Help Contribute to Open Source")
 [![](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea "Become a backer/sponsor of gitea")
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@@ -9,7 +9,7 @@ import (
 	"fmt"
 	"os"

-	"code.gitea.io/gitea/modules/assetfs"
+	"gitea.dev/modules/assetfs"
 )

 func main() {
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -20,7 +20,7 @@ import (
 	"strings"
 	"unicode/utf8"

-	"code.gitea.io/gitea/modules/json"
+	"gitea.dev/modules/json"
 )

 const (
--- a/build/generate-gitignores.go
+++ b/build/generate-gitignores.go
@@ -18,7 +18,7 @@ import (
 	"path/filepath"
 	"strings"

-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/modules/util"
 )

 func main() {
--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@@ -29,8 +29,8 @@ var primaryLicenseRe = regexp.MustCompile(`^(?i)(LICEN[SC]E|COPYING)$`)

 // ignoredNames are LicenseEntry.Name values to exclude from the output.
 var ignoredNames = map[string]bool{
-	"code.gitea.io/gitea":                 true,
-	"code.gitea.io/gitea/options/license": true,
+	"gitea.dev":                 true,
+	"gitea.dev/options/license": true,
 }

 var excludedExt = map[string]bool{
--- a/build/generate-openapi.go
+++ b/build/generate-openapi.go
@@ -25,7 +25,7 @@ import (
 	"sort"
 	"strings"

-	"code.gitea.io/gitea/build/openapi3gen"
+	"gitea.dev/build/openapi3gen"

 	"github.com/getkin/kin-openapi/openapi3"
 )
--- a/build/openapi3gen/convert.go
+++ b/build/openapi3gen/convert.go
@@ -8,7 +8,7 @@ import (
 	"regexp"
 	"strings"

-	"code.gitea.io/gitea/modules/json"
+	"gitea.dev/modules/json"

 	"github.com/getkin/kin-openapi/openapi2"
 	"github.com/getkin/kin-openapi/openapi2conv"
--- a/cmd/actions.go
+++ b/cmd/actions.go
@@ -7,8 +7,8 @@ import (
 	"context"
 	"fmt"

-	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/modules/private"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -8,12 +8,12 @@ import (
 	"context"
 	"fmt"

-	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/gitrepo"
-	"code.gitea.io/gitea/modules/log"
-	repo_module "code.gitea.io/gitea/modules/repository"
+	"gitea.dev/models/db"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/gitrepo"
+	"gitea.dev/modules/log"
+	repo_module "gitea.dev/modules/repository"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_auth.go
+++ b/cmd/admin_auth.go
@@ -10,9 +10,9 @@ import (
 	"os"
 	"text/tabwriter"

-	auth_model "code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/models/db"
-	auth_service "code.gitea.io/gitea/services/auth"
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/models/db"
+	auth_service "gitea.dev/services/auth"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -8,9 +8,9 @@ import (
 	"fmt"
 	"strings"

-	"code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/services/auth/source/ldap"
+	"gitea.dev/models/auth"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/auth/source/ldap"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@@ -7,9 +7,9 @@ import (
 	"context"
 	"testing"

-	"code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/modules/test"
-	"code.gitea.io/gitea/services/auth/source/ldap"
+	"gitea.dev/models/auth"
+	"gitea.dev/modules/test"
+	"gitea.dev/services/auth/source/ldap"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@@ -9,9 +9,9 @@ import (
 	"fmt"
 	"net/url"

-	auth_model "code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/services/auth/source/oauth2"
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/auth/source/oauth2"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_auth_oauth_test.go
+++ b/cmd/admin_auth_oauth_test.go
@@ -7,8 +7,8 @@ import (
 	"context"
 	"testing"

-	auth_model "code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/services/auth/source/oauth2"
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/services/auth/source/oauth2"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
--- a/cmd/admin_auth_smtp.go
+++ b/cmd/admin_auth_smtp.go
@@ -8,9 +8,9 @@ import (
 	"errors"
 	"strings"

-	auth_model "code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/services/auth/source/smtp"
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/auth/source/smtp"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_auth_smtp_test.go
+++ b/cmd/admin_auth_smtp_test.go
@@ -7,8 +7,8 @@ import (
 	"context"
 	"testing"

-	auth_model "code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/services/auth/source/smtp"
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/services/auth/source/smtp"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
--- a/cmd/admin_regenerate.go
+++ b/cmd/admin_regenerate.go
@@ -6,9 +6,9 @@ package cmd
 import (
 	"context"

-	"code.gitea.io/gitea/modules/graceful"
-	asymkey_service "code.gitea.io/gitea/services/asymkey"
-	repo_service "code.gitea.io/gitea/services/repository"
+	"gitea.dev/modules/graceful"
+	asymkey_service "gitea.dev/services/asymkey"
+	repo_service "gitea.dev/services/repository"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@@ -8,11 +8,11 @@ import (
 	"errors"
 	"fmt"

-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/auth/password"
-	"code.gitea.io/gitea/modules/optional"
-	"code.gitea.io/gitea/modules/setting"
-	user_service "code.gitea.io/gitea/services/user"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/auth/password"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"
+	user_service "gitea.dev/services/user"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_user_change_password_test.go
+++ b/cmd/admin_user_change_password_test.go
@@ -7,9 +7,9 @@ import (
 	"io"
 	"testing"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
+	"gitea.dev/models/db"
+	"gitea.dev/models/unittest"
+	user_model "gitea.dev/models/user"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -9,12 +9,12 @@ import (
 	"fmt"
 	"strings"

-	auth_model "code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/models/db"
-	user_model "code.gitea.io/gitea/models/user"
-	pwd "code.gitea.io/gitea/modules/auth/password"
-	"code.gitea.io/gitea/modules/optional"
-	"code.gitea.io/gitea/modules/setting"
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/models/db"
+	user_model "gitea.dev/models/user"
+	pwd "gitea.dev/modules/auth/password"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_user_create_test.go
+++ b/cmd/admin_user_create_test.go
@@ -8,10 +8,10 @@ import (
 	"strings"
 	"testing"

-	auth_model "code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/models/db"
+	"gitea.dev/models/unittest"
+	user_model "gitea.dev/models/user"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@@ -9,10 +9,10 @@ import (
 	"fmt"
 	"strings"

-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-	user_service "code.gitea.io/gitea/services/user"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/storage"
+	user_service "gitea.dev/services/user"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_user_delete_test.go
+++ b/cmd/admin_user_delete_test.go
@@ -8,10 +8,10 @@ import (
 	"strings"
 	"testing"

-	auth_model "code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
+	auth_model "gitea.dev/models/auth"
+	"gitea.dev/models/db"
+	"gitea.dev/models/unittest"
+	user_model "gitea.dev/models/user"

 	"github.com/stretchr/testify/require"
 )
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -8,8 +8,8 @@ import (
 	"errors"
 	"fmt"

-	auth_model "code.gitea.io/gitea/models/auth"
-	user_model "code.gitea.io/gitea/models/user"
+	auth_model "gitea.dev/models/auth"
+	user_model "gitea.dev/models/user"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_user_list.go
+++ b/cmd/admin_user_list.go
@@ -9,7 +9,7 @@ import (
 	"os"
 	"text/tabwriter"

-	user_model "code.gitea.io/gitea/models/user"
+	user_model "gitea.dev/models/user"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_user_must_change_password.go
+++ b/cmd/admin_user_must_change_password.go
@@ -8,8 +8,8 @@ import (
 	"errors"
 	"fmt"

-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/setting"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/admin_user_must_change_password_test.go
+++ b/cmd/admin_user_must_change_password_test.go
@@ -6,9 +6,9 @@ package cmd
 import (
 	"testing"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
+	"gitea.dev/models/db"
+	"gitea.dev/models/unittest"
+	user_model "gitea.dev/models/user"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
--- a/cmd/cmdtest/cmd_test.go
+++ b/cmd/cmdtest/cmd_test.go
@@ -15,11 +15,11 @@ import (
 	"strings"
 	"testing"

-	"code.gitea.io/gitea/cmd"
-	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/test"
-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/cmd"
+	"gitea.dev/models/unittest"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/test"
+	"gitea.dev/modules/util"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -9,7 +9,7 @@ import (
 	"fmt"
 	"os"

-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -12,13 +12,13 @@ import (
 	"strings"
 	"text/tabwriter"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/migrations"
-	migrate_base "code.gitea.io/gitea/models/migrations/base"
-	"code.gitea.io/gitea/modules/container"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/services/doctor"
+	"gitea.dev/models/db"
+	"gitea.dev/models/migrations"
+	migrate_base "gitea.dev/models/migrations/base"
+	"gitea.dev/modules/container"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/services/doctor"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/doctor_convert.go
+++ b/cmd/doctor_convert.go
@@ -7,9 +7,9 @@ import (
 	"context"
 	"fmt"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/models/db"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/doctor_test.go
+++ b/cmd/doctor_test.go
@@ -7,8 +7,8 @@ import (
 	"context"
 	"testing"

-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/services/doctor"
+	"gitea.dev/modules/log"
+	"gitea.dev/services/doctor"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -11,13 +11,13 @@ import (
 	"path/filepath"
 	"strings"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/dump"
-	"code.gitea.io/gitea/modules/json"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/models/db"
+	"gitea.dev/modules/dump"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/storage"
+	"gitea.dev/modules/util"

 	"gitea.com/go-chi/session"
 	"github.com/urfave/cli/v3"
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -10,14 +10,14 @@ import (
 	"os"
 	"strings"

-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/log"
-	base "code.gitea.io/gitea/modules/migration"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/services/convert"
-	"code.gitea.io/gitea/services/migrations"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/log"
+	base "gitea.dev/modules/migration"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/structs"
+	"gitea.dev/modules/util"
+	"gitea.dev/services/convert"
+	"gitea.dev/services/migrations"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -11,14 +11,14 @@ import (
 	"path/filepath"
 	"strings"

-	"code.gitea.io/gitea/modules/assetfs"
-	"code.gitea.io/gitea/modules/glob"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/options"
-	"code.gitea.io/gitea/modules/public"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/templates"
-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/modules/assetfs"
+	"gitea.dev/modules/glob"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/options"
+	"gitea.dev/modules/public"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -9,7 +9,7 @@ import (
 	"fmt"
 	"os"

-	"code.gitea.io/gitea/modules/generate"
+	"gitea.dev/modules/generate"

 	"github.com/mattn/go-isatty"
 	"github.com/urfave/cli/v3"
--- a/cmd/helper.go
+++ b/cmd/helper.go
@@ -15,9 +15,9 @@ import (
 	"strings"
 	"syscall"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/models/db"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -14,12 +14,12 @@ import (
 	"strings"
 	"time"

-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/git/gitcmd"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/private"
-	repo_module "code.gitea.io/gitea/modules/repository"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/git/gitcmd"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/private"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -9,8 +9,8 @@ import (
 	"fmt"
 	"strings"

-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/private"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/private"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -7,8 +7,8 @@ import (
 	"context"
 	"fmt"

-	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/modules/private"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -10,8 +10,8 @@ import (
 	"os"
 	"strings"

-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -7,7 +7,7 @@ import (
 	"context"
 	"testing"

-	"code.gitea.io/gitea/models/unittest"
+	"gitea.dev/models/unittest"

 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v3"
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -8,7 +8,7 @@ import (
 	"os"
 	"time"

-	"code.gitea.io/gitea/modules/private"
+	"gitea.dev/modules/private"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@@ -9,8 +9,8 @@ import (
 	"fmt"
 	"os"

-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/private"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/private"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -6,10 +6,10 @@ package cmd
 import (
 	"context"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/services/versioned_migration"
+	"gitea.dev/models/db"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	"gitea.dev/services/versioned_migration"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -10,17 +10,17 @@ import (
 	"io/fs"
 	"strings"

-	actions_model "code.gitea.io/gitea/models/actions"
-	"code.gitea.io/gitea/models/db"
-	git_model "code.gitea.io/gitea/models/git"
-	packages_model "code.gitea.io/gitea/models/packages"
-	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/log"
-	packages_module "code.gitea.io/gitea/modules/packages"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-	"code.gitea.io/gitea/services/versioned_migration"
+	actions_model "gitea.dev/models/actions"
+	"gitea.dev/models/db"
+	git_model "gitea.dev/models/git"
+	packages_model "gitea.dev/models/packages"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/log"
+	packages_module "gitea.dev/modules/packages"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/storage"
+	"gitea.dev/services/versioned_migration"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@@ -8,13 +8,13 @@ import (
 	"strings"
 	"testing"

-	"code.gitea.io/gitea/models/packages"
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
-	packages_module "code.gitea.io/gitea/modules/packages"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-	packages_service "code.gitea.io/gitea/services/packages"
+	"gitea.dev/models/packages"
+	"gitea.dev/models/unittest"
+	user_model "gitea.dev/models/user"
+	packages_module "gitea.dev/modules/packages"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/storage"
+	packages_service "gitea.dev/services/packages"

 	"github.com/stretchr/testify/assert"
 )
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -7,8 +7,8 @@ import (
 	"context"
 	"strings"

-	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/modules/private"
+	"gitea.dev/modules/setting"

 	"github.com/urfave/cli/v3"
 )
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -15,21 +15,21 @@ import (
 	"strings"
 	"unicode"

-	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	git_model "code.gitea.io/gitea/models/git"
-	"code.gitea.io/gitea/models/perm"
-	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/git/gitcmd"
-	"code.gitea.io/gitea/modules/json"
-	"code.gitea.io/gitea/modules/lfstransfer"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/pprof"
-	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/process"
-	repo_module "code.gitea.io/gitea/modules/repository"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/services/lfs"
+	asymkey_model "gitea.dev/models/asymkey"
+	git_model "gitea.dev/models/git"
+	"gitea.dev/models/perm"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/git/gitcmd"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/lfstransfer"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/pprof"
+	"gitea.dev/modules/private"
+	"gitea.dev/modules/process"
+	repo_module "gitea.dev/modules/repository"
+	"gitea.dev/modules/setting"
+	"gitea.dev/services/lfs"

 	"github.com/kballard/go-shellquote"
 	"github.com/urfave/cli/v3"
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -15,17 +15,17 @@ import (
 	"strings"
 	"time"

-	"code.gitea.io/gitea/modules/container"
-	"code.gitea.io/gitea/modules/graceful"
-	"code.gitea.io/gitea/modules/gtprof"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/process"
-	"code.gitea.io/gitea/modules/public"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/templates"
-	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/routers"
-	"code.gitea.io/gitea/routers/install"
+	"gitea.dev/modules/container"
+	"gitea.dev/modules/graceful"
+	"gitea.dev/modules/gtprof"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/process"
+	"gitea.dev/modules/public"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/templates"
+	"gitea.dev/modules/util"
+	"gitea.dev/routers"
+	"gitea.dev/routers/install"

 	"github.com/felixge/fgprof"
 	"github.com/urfave/cli/v3"
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -13,11 +13,11 @@ import (
 	"strconv"
 	"strings"

-	"code.gitea.io/gitea/modules/graceful"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/process"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/modules/graceful"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/process"
+	"gitea.dev/modules/setting"
+	"gitea.dev/modules/util"

 	"github.com/caddyserver/certmagic"
 )
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -9,9 +9,9 @@ import (
 	"net/http/fcgi"
 	"strings"

-	"code.gitea.io/gitea/modules/graceful"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/modules/graceful"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
 )

 func runHTTP(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@@ -9,9 +9,9 @@ import (
 	"os"
 	"strings"

-	"code.gitea.io/gitea/modules/graceful"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/modules/graceful"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"

 	"github.com/klauspost/cpuid/v2"
 )
--- a/contrib/upgrade.sh
+++ b/contrib/upgrade.sh
@@ -126,6 +126,7 @@ giteacmd manager flush-queues
 echo "Stopping gitea at $(date)"
 $service_stop
 echo "Creating backup in $giteahome"
+# shellcheck disable=SC2086 # flag string
 giteacmd dump $backupopts
 echo "Updating binary at $giteabin"
 cp -f "$giteabin" "$giteabin.bak" && mv -f "$binname" "$giteabin"
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1172,7 +1172,7 @@ LEVEL = Info
 ;; Default source for the pull request title when opening a new PR.
 ;; "first-commit" uses the oldest commit's summary.
 ;; "auto" uses commit's summary if the PR only has one commit, normalizes the branch name if multiple commits.
-;DEFAULT_TITLE_SOURCE = first-commit
+;DEFAULT_TITLE_SOURCE = auto
 ;;
 ;; Delay mergeable check until page view or API access, for pull requests that have not been updated in the specified days when their base branches get updated.
 ;; Use "-1" to always check all pull requests (old behavior). Use "0" to always delay the checks.
--- a/docker/rootless/usr/local/bin/docker-entrypoint.sh
+++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh
@@ -13,5 +13,5 @@ fi
 if [ $# -gt 0 ]; then
    exec "$@"
 else
-    exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web
+    exec /usr/local/bin/gitea -c "${GITEA_APP_INI}" web
 fi
--- a/docker/rootless/usr/local/bin/docker-setup.sh
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@@ -1,23 +1,23 @@
 #!/bin/bash

 # Prepare git folder
-mkdir -p ${HOME} && chmod 0700 ${HOME}
-if [ ! -w ${HOME} ]; then echo "${HOME} is not writable"; exit 1; fi
+mkdir -p "${HOME}" && chmod 0700 "${HOME}"
+if [ ! -w "${HOME}" ]; then echo "${HOME} is not writable"; exit 1; fi

 # Prepare custom folder
-mkdir -p ${GITEA_CUSTOM} && chmod 0700 ${GITEA_CUSTOM}
+mkdir -p "${GITEA_CUSTOM}" && chmod 0700 "${GITEA_CUSTOM}"

 # Prepare temp folder
-mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
-if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi
+mkdir -p "${GITEA_TEMP}" && chmod 0700 "${GITEA_TEMP}"
+if [ ! -w "${GITEA_TEMP}" ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi

 #Prepare config file
-if [ ! -f ${GITEA_APP_INI} ]; then
+if [ ! -f "${GITEA_APP_INI}" ]; then

    #Prepare config file folder
-    GITEA_APP_INI_DIR=$(dirname ${GITEA_APP_INI})
-    mkdir -p ${GITEA_APP_INI_DIR} && chmod 0700 ${GITEA_APP_INI_DIR}
-    if [ ! -w ${GITEA_APP_INI_DIR} ]; then echo "${GITEA_APP_INI_DIR} is not writable"; exit 1; fi
+    GITEA_APP_INI_DIR=$(dirname "${GITEA_APP_INI}")
+    mkdir -p "${GITEA_APP_INI_DIR}" && chmod 0700 "${GITEA_APP_INI_DIR}"
+    if [ ! -w "${GITEA_APP_INI_DIR}" ]; then echo "${GITEA_APP_INI_DIR} is not writable"; exit 1; fi

    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
    # INSTALL_LOCK is empty
@@ -34,7 +34,7 @@ if [ ! -f ${GITEA_APP_INI} ]; then
    ROOT_URL=${ROOT_URL:-""} \
    DISABLE_SSH=${DISABLE_SSH:-"false"} \
    SSH_PORT=${SSH_PORT:-"2222"} \
-    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-$SSH_PORT} \
+    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-} \
    DB_TYPE=${DB_TYPE:-"sqlite3"} \
    DB_HOST=${DB_HOST:-"localhost:3306"} \
    DB_NAME=${DB_NAME:-"gitea"} \
@@ -44,8 +44,8 @@ if [ ! -f ${GITEA_APP_INI} ]; then
    DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
    REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
    SECRET_KEY=${SECRET_KEY:-""} \
-    envsubst < /etc/templates/app.ini > ${GITEA_APP_INI}
+    envsubst < /etc/templates/app.ini > "${GITEA_APP_INI}"
 fi

 # Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME
-environment-to-ini --config ${GITEA_APP_INI}
+environment-to-ini --config "${GITEA_APP_INI}"
--- a/docs/guideline-backend.md
+++ b/docs/guideline-backend.md
@@ -56,3 +56,8 @@ Endpoints returning lists must

 - support pagination (`page` & `limit` options in query)
 - set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
+
+### Knowledge
+
+- Partially database table migration must use `SyncWithOptions(IgnoreDrop...)`
+- Template variables with "camelCase" or "snake_case" are used for restoring the form values from a submitted form
--- a/go.mod
+++ b/go.mod
@@ -1,18 +1,13 @@
-module code.gitea.io/gitea
+module gitea.dev

 go 1.26.3

-// rfc5280 said: "The serial number is an integer assigned by the CA to each certificate."
-// But some CAs use negative serial number, just relax the check. related:
-// Default TLS cert uses negative serial number #895 https://github.com/microsoft/mssql-docker/issues/895
-godebug x509negativeserial=1
-
 require (
 	code.gitea.io/actions-proto-go v0.4.1
-	code.gitea.io/sdk/gitea v0.25.0
+	code.gitea.io/sdk/gitea v0.25.1
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
-	connectrpc.com/connect v1.19.2
-	gitea.com/gitea/runner v1.0.0
+	connectrpc.com/connect v1.20.0
+	gitea.com/gitea/runner v1.0.5
 	gitea.com/go-chi/binding v0.0.0-20260414111559-654cea7ac60a
 	gitea.com/go-chi/cache v0.2.1
 	gitea.com/go-chi/captcha v0.0.0-20240315150714-fb487f629098
@@ -24,9 +19,10 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.3
 	github.com/Azure/go-ntlmssp v0.1.1
+	github.com/Necoro/html2text v0.0.0-20250804200300-7bf1ce1c7347
 	github.com/ProtonMail/go-crypto v1.4.1
 	github.com/PuerkitoBio/goquery v1.12.0
-	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
+	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.3
 	github.com/alecthomas/chroma/v2 v2.24.1
 	github.com/aws/aws-sdk-go-v2/credentials v1.19.16
 	github.com/aws/aws-sdk-go-v2/service/codecommit v1.33.14
@@ -47,32 +43,31 @@ require (
 	github.com/ethantkoenig/rupture v1.0.1
 	github.com/felixge/fgprof v0.9.5
 	github.com/fsnotify/fsnotify v1.10.1
-	github.com/getkin/kin-openapi v0.137.0
+	github.com/getkin/kin-openapi v0.138.0
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-chi/chi/v5 v5.2.5
 	github.com/go-chi/cors v1.2.2
-	github.com/go-co-op/gocron/v2 v2.21.1
+	github.com/go-co-op/gocron/v2 v2.21.2
 	github.com/go-enry/go-enry/v2 v2.9.6
 	github.com/go-git/go-billy/v5 v5.9.0
-	github.com/go-git/go-git/v5 v5.19.0
+	github.com/go-git/go-git/v5 v5.19.1
 	github.com/go-ldap/ldap/v3 v3.4.13
 	github.com/go-redsync/redsync/v4 v4.16.0
 	github.com/go-sql-driver/mysql v1.10.0
-	github.com/go-webauthn/webauthn v0.17.2
+	github.com/go-webauthn/webauthn v0.17.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
 	github.com/golang-jwt/jwt/v5 v5.3.1
-	github.com/google/go-github/v86 v86.0.0
+	github.com/google/go-github/v87 v87.0.0
 	github.com/google/licenseclassifier/v2 v2.0.0
-	github.com/google/pprof v0.0.0-20260402051712-545e8a4df936
+	github.com/google/pprof v0.0.0-20260507013755-92041b743c96
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
 	github.com/gorilla/sessions v1.4.0
 	github.com/hashicorp/go-version v1.9.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/huandu/xstrings v1.5.0
-	github.com/jaytaylor/html2text v0.0.0-20260303211410-1a4bdc82ecec
-	github.com/jhillyerd/enmime/v2 v2.3.0
+	github.com/jhillyerd/enmime/v2 v2.4.0
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/klauspost/compress v1.18.6
 	github.com/klauspost/cpuid/v2 v2.3.0
@@ -103,25 +98,24 @@ require (
 	github.com/ulikunitz/xz v0.5.15
 	github.com/urfave/cli-docs/v3 v3.1.0
 	github.com/urfave/cli/v3 v3.6.1
-	github.com/wneessen/go-mail v0.7.2
-	github.com/xeipuuv/gojsonschema v1.2.0
+	github.com/wneessen/go-mail v0.7.3
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.8.2
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
-	gitlab.com/gitlab-org/api/client-go/v2 v2.24.1
+	gitlab.com/gitlab-org/api/client-go/v2 v2.30.0
 	go.yaml.in/yaml/v4 v4.0.0-rc.3
-	golang.org/x/crypto v0.50.0
-	golang.org/x/image v0.39.0
-	golang.org/x/net v0.53.0
+	golang.org/x/crypto v0.52.0
+	golang.org/x/image v0.40.0
+	golang.org/x/net v0.55.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
-	golang.org/x/sys v0.44.0
-	golang.org/x/text v0.36.0
-	google.golang.org/grpc v1.81.0
+	golang.org/x/sys v0.45.0
+	golang.org/x/text v0.37.0
+	google.golang.org/grpc v1.81.1
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/ini.v1 v1.67.2
 	gopkg.in/yaml.v3 v3.0.1
-	modernc.org/sqlite v1.50.0
+	modernc.org/sqlite v1.50.1
 	mvdan.cc/xurls/v2 v2.6.0
 	strk.kbt.io/projects/go/libravatar v0.0.0-20260301104140-add494e31dab
 	xorm.io/builder v0.3.13
@@ -186,7 +180,7 @@ require (
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/emersion/go-sasl v0.0.0-20241020182733-b788ff22d5a6 // indirect
 	github.com/fatih/color v1.19.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.9.1 // indirect
+	github.com/fxamacker/cbor/v2 v2.9.2 // indirect
 	github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
@@ -196,7 +190,7 @@ require (
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
-	github.com/go-webauthn/x v0.2.3 // indirect
+	github.com/go-webauthn/x v0.2.5 // indirect
 	github.com/goccy/go-json v0.10.6 // indirect
 	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
 	github.com/golang-sql/sqlexp v0.1.0 // indirect
@@ -225,7 +219,7 @@ require (
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/markbates/going v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
-	github.com/mattn/go-runewidth v0.0.21 // indirect
+	github.com/mattn/go-runewidth v0.0.23 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
 	github.com/mholt/acmez/v3 v3.1.6 // indirect
 	github.com/miekg/dns v1.1.72 // indirect
@@ -244,7 +238,7 @@ require (
 	github.com/oasdiff/yaml v0.0.9 // indirect
 	github.com/oasdiff/yaml3 v0.0.12 // indirect
 	github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect
-	github.com/olekukonko/errors v1.2.0 // indirect
+	github.com/olekukonko/errors v1.3.0 // indirect
 	github.com/olekukonko/ll v0.1.8 // indirect
 	github.com/olekukonko/tablewriter v1.1.4 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
@@ -272,8 +266,6 @@ require (
 	github.com/woodsbury/decimal128 v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
 	github.com/zeebo/xxh3 v1.1.0 // indirect
@@ -290,7 +282,7 @@ require (
 	golang.org/x/tools v0.44.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20260401020348-3a24fdc17823 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	modernc.org/libc v1.72.0 // indirect
+	modernc.org/libc v1.72.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 )
@@ -304,8 +296,6 @@ ignore (
 // But not all latest versions of dependencies are compatible with other packages or our codebase, so we need to pin some dependencies to specific versions
 // Need to regularly maintain this list to try to update them to latest versions, especially the TODO ones

-replace github.com/jaytaylor/html2text => github.com/Necoro/html2text v0.0.0-20250804200300-7bf1ce1c7347 // jaytaylor/html2text is unmaintained
-
 replace go.yaml.in/yaml/v4 => go.yaml.in/yaml/v4 v4.0.0-rc.3 // rc.4 changes block scalar serialization, wait for stable release

 replace github.com/Azure/azure-sdk-for-go/sdk/azcore => github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0 // v1.21.0+ uses API version unsupported by Azurite in CI
--- a/go.sum
+++ b/go.sum
@@ -2,20 +2,20 @@ cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdB
 cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
 code.gitea.io/actions-proto-go v0.4.1 h1:l0EYhjsgpUe/1VABo2eK7zcoNX2W44WOnb0MSLrKfls=
 code.gitea.io/actions-proto-go v0.4.1/go.mod h1:mn7Wkqz6JbnTOHQpot3yDeHx+O5C9EGhMEE+htvHBas=
-code.gitea.io/sdk/gitea v0.25.0 h1:wSJlL0Qv+ODY2OdF0L7fwt86wgf1C/0g3xIXZ6eC5zI=
-code.gitea.io/sdk/gitea v0.25.0/go.mod h1:uDFWYBU8dgZsgOHwe6C/6olxvf8FHguNB3wW1i83fgg=
+code.gitea.io/sdk/gitea v0.25.1 h1:yywxWwoV+SdjHtbC6unBiXojWdZOtoHuGhEazEXeWuE=
+code.gitea.io/sdk/gitea v0.25.1/go.mod h1:uDFWYBU8dgZsgOHwe6C/6olxvf8FHguNB3wW1i83fgg=
 code.pfad.fr/check v1.1.0 h1:GWvjdzhSEgHvEHe2uJujDcpmZoySKuHQNrZMfzfO0bE=
 code.pfad.fr/check v1.1.0/go.mod h1:NiUH13DtYsb7xp5wll0U4SXx7KhXQVCtRgdC96IPfoM=
 codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570 h1:TXbikPqa7YRtfU9vS6QJBg77pUvbEb6StRdZO8t1bEY=
 codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsijsd8q1isWX8MACefDEgTQslQ4stk2AeeTt3kM=
-connectrpc.com/connect v1.19.2 h1:McQ83FGdzL+t60peksi0gXC7MQ/iLKgLduAnThbM0mo=
-connectrpc.com/connect v1.19.2/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+connectrpc.com/connect v1.20.0 h1:6TNDAB+WeNd2uolWNlYczB5E0KNNaVMNUEx8JEUsPmQ=
+connectrpc.com/connect v1.20.0/go.mod h1:A2ygJrukXwWy32vkCAAHNVguZrqZ+jeZ9rGRnGR4dN4=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=
 filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=
-gitea.com/gitea/runner v1.0.0 h1:s3AS5u8r+B5W+Gy69sYYvCVTb0f23fRM6H+CbrFrobE=
-gitea.com/gitea/runner v1.0.0/go.mod h1:bn+8Qt3KyvdVQHD3OR2yRoKgEXs8dXqwBVtmfYVrNIE=
+gitea.com/gitea/runner v1.0.5 h1:9Idm8XXxXp4aHoLp0Ba0AEwv87YUblp9gk4qbih+DlE=
+gitea.com/gitea/runner v1.0.5/go.mod h1:ff8SKVat/6FywBGpN4dKi2x3AlHZUfLOA/vVWHf7+Cw=
 gitea.com/go-chi/binding v0.0.0-20260414111559-654cea7ac60a h1:JHoBrfuTSF9Ke9aNfSYj1XRPBHjKPgCApVprnt2Am0M=
 gitea.com/go-chi/binding v0.0.0-20260414111559-654cea7ac60a/go.mod h1:FOsLJIMdpiHzBp3Vby6Wfkdw2ppGscrjgU1IC7E4/zQ=
 gitea.com/go-chi/cache v0.2.1 h1:bfAPkvXlbcZxPCpcmDVCWoHgiBSBmZN/QosnZvEC0+g=
@@ -71,8 +71,8 @@ github.com/RoaringBitmap/roaring/v2 v2.16.0 h1:Kys1UNf49d5W8Tq3bpuAhIr/Z8/yPB+59
 github.com/RoaringBitmap/roaring/v2 v2.16.0/go.mod h1:eq4wdNXxtJIS/oikeCzdX1rBzek7ANzbth041hrU8Q4=
 github.com/STARRY-S/zip v0.2.3 h1:luE4dMvRPDOWQdeDdUxUoZkzUIpTccdKdhHHsQJ1fm4=
 github.com/STARRY-S/zip v0.2.3/go.mod h1:lqJ9JdeRipyOQJrYSOtpNAiaesFO6zVDsE8GIGFaoSk=
-github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0 h1:tgjwQrDH5m6jIYB7kac5IQZmfUzQNseac/e3H4VoCNE=
-github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0/go.mod h1:1HmmMEVsr+0R1QWahSeMJkjSkq6CYAZu1aIbYSpfJ4o=
+github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.3 h1:ikrUPushSxbpr9mmDhSgz1KyUTChjwkDrxY/jzv2OTQ=
+github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.3/go.mod h1:bnXbvnI9Mfqdj4L3Y9aCsB1A/ztuYLNRzgVKsJFgR/U=
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
@@ -273,10 +273,10 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.10.1 h1:b0/UzAf9yR5rhf3RPm9gf3ehBPpf0oZKIjtpKrx59Ho=
 github.com/fsnotify/fsnotify v1.10.1/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo=
-github.com/fxamacker/cbor/v2 v2.9.1 h1:2rWm8B193Ll4VdjsJY28jxs70IdDsHRWgQYAI80+rMQ=
-github.com/fxamacker/cbor/v2 v2.9.1/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
-github.com/getkin/kin-openapi v0.137.0 h1:Q3HhawNQV0GfvO2mIYMUBUSEFrDsVlzcYz4VydL9YEo=
-github.com/getkin/kin-openapi v0.137.0/go.mod h1:vUYWaKyMqj7PfTybelXtLuLN9tReS12vxnzMRK+z2GY=
+github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78=
+github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/getkin/kin-openapi v0.138.0 h1:ebfE0JAmF6AqHrNBy1KO3Fs68K9tPs48HalvLPo7Rv4=
+github.com/getkin/kin-openapi v0.138.0/go.mod h1:vUYWaKyMqj7PfTybelXtLuLN9tReS12vxnzMRK+z2GY=
 github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1 h1:mtDjlmloH7ytdblogrMz1/8Hqua1y8B4ID+bh3rvod0=
 github.com/git-lfs/pktline v0.0.0-20230103162542-ca444d533ef1/go.mod h1:fenKRzpXDjNpsIBhuhUzvjCKlDjKam0boRAenTE0Q6A=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
@@ -290,8 +290,8 @@ github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug=
 github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0=
 github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
 github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
-github.com/go-co-op/gocron/v2 v2.21.1 h1:QYOK6iOQVCut+jDcs4zRdWRTBHRxRCEeeFi1TnAmgbU=
-github.com/go-co-op/gocron/v2 v2.21.1/go.mod h1:5lEiCKk1oVJV39Zg7/YG10OnaVrDAV5GGR6O0663k6U=
+github.com/go-co-op/gocron/v2 v2.21.2 h1:bD8/YwkojYHgXFr3iEulL148KBdTbKVxUZzFKpXcdbY=
+github.com/go-co-op/gocron/v2 v2.21.2/go.mod h1:5lEiCKk1oVJV39Zg7/YG10OnaVrDAV5GGR6O0663k6U=
 github.com/go-enry/go-enry/v2 v2.9.6 h1:np63eOtMV56zfYDHnFVgpEVOk8fr2kmylcMnAZUDbSs=
 github.com/go-enry/go-enry/v2 v2.9.6/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
@@ -304,8 +304,8 @@ github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmm
 github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.19.0 h1:+WkVUQZSy/F1Gb13udrMKjIM2PrzsNfDKFSfo5tkMtc=
-github.com/go-git/go-git/v5 v5.19.0/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
+github.com/go-git/go-git/v5 v5.19.1 h1:nX27AnaU43/K5bKktKwgBmR9lawoYVe1Ckg0rgzzN00=
+github.com/go-git/go-git/v5 v5.19.1/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA=
@@ -331,10 +331,10 @@ github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=
 github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
-github.com/go-webauthn/webauthn v0.17.2 h1:e9YtSZTVnxnMWFezXi6JvnqOSxmH4Er8QDHK2a/mM40=
-github.com/go-webauthn/webauthn v0.17.2/go.mod h1:mQC6L0lZ5Kiu35G70zeB2WnrW4+vbHjR8Koq4HdVaMg=
-github.com/go-webauthn/x v0.2.3 h1:8oArS+Rc1SWFLXhE17KZNx258Z4kUSyaDgsSncCO5RA=
-github.com/go-webauthn/x v0.2.3/go.mod h1:tM04GF3V6VYq79AZMl7vbj4q6pz9r7L2criWRzbWhPk=
+github.com/go-webauthn/webauthn v0.17.3 h1:XHZ0TXV7k8vChcE4TFgPitOPJ5cb7h1dpAeFDS0cjCo=
+github.com/go-webauthn/webauthn v0.17.3/go.mod h1:PlkMgmuL9McCT7dvgBj/Sz/fgs3V6ZID6/KnFkEcPvQ=
+github.com/go-webauthn/x v0.2.5 h1:wEVTfU04XFyPTXGQbKOQwMKhcDWfDAkdsDDBsDaG9yY=
+github.com/go-webauthn/x v0.2.5/go.mod h1:Qna/yJz9rV6lRzwl5BfYbmTJpVGxcBIds3gJtw2tlGg=
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=
 github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
 github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY=
@@ -381,8 +381,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-github/v86 v86.0.0 h1:S/6aANJhwRm8EQmGKVML3j41yq0h2BsTP8FnDkO7kcA=
-github.com/google/go-github/v86 v86.0.0/go.mod h1:zKv1l4SwDXNFMGByi2FWkq71KwSXqj/eQRZuqtmcot8=
+github.com/google/go-github/v87 v87.0.0 h1:9Ck3dcOxWJyfsN8tzdah4YvmqB/7ZsstMglv/PkOsl0=
+github.com/google/go-github/v87 v87.0.0/go.mod h1:hGUoT5pwm/ck5uLL+wroSVQfg8mpe+buxllCcGV4VaM=
 github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0=
 github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU=
 github.com/google/go-tpm v0.9.8 h1:slArAR9Ft+1ybZu0lBwpSmpwhRXaa85hWtMinMyRAWo=
@@ -395,8 +395,8 @@ github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/licenseclassifier/v2 v2.0.0 h1:1Y57HHILNf4m0ABuMVb6xk4vAJYEUO0gDxNpog0pyeA=
 github.com/google/licenseclassifier/v2 v2.0.0/go.mod h1:cOjbdH0kyC9R22sdQbYsFkto4NGCAc+ZSwbeThazEtM=
 github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
-github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 h1:EwtI+Al+DeppwYX2oXJCETMO23COyaKGP6fHVpkpWpg=
-github.com/google/pprof v0.0.0-20260402051712-545e8a4df936/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
+github.com/google/pprof v0.0.0-20260507013755-92041b743c96 h1:YDDnaZ9afWajDboPMt9Vikqca/yWAX7KAxVzb4lJU1M=
+github.com/google/pprof v0.0.0-20260507013755-92041b743c96/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -461,8 +461,8 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/jhillyerd/enmime/v2 v2.3.0 h1:Y/pzQanyU8nkSgB2npXX8Dha5OItJE/QwbDJM4sf/kU=
-github.com/jhillyerd/enmime/v2 v2.3.0/go.mod h1:mGKXAP45l6pF6HZiaLhgSYsgteJskaSIYmEZXpw6ZpI=
+github.com/jhillyerd/enmime/v2 v2.4.0 h1:6bPyyg2OPXEK1fKsLT89DntZf05LqaL2cIx+cvkEXTo=
+github.com/jhillyerd/enmime/v2 v2.4.0/go.mod h1:TLpvqImPiumRecsJK5TYseRw2bPg3g0EtWc+SfU7cMs=
 github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
 github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -517,8 +517,8 @@ github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHP
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4=
 github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
-github.com/mattn/go-runewidth v0.0.21 h1:jJKAZiQH+2mIinzCJIaIG9Be1+0NR+5sz/lYEEjdM8w=
-github.com/mattn/go-runewidth v0.0.21/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
+github.com/mattn/go-runewidth v0.0.23 h1:7ykA0T0jkPpzSvMS5i9uoNn2Xy3R383f9HDx3RybWcw=
+github.com/mattn/go-runewidth v0.0.23/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.14.44 h1:3VSe+xafpbzsLbdr2AWlAZk9yRHiBhTBakioXaCKTF8=
@@ -578,8 +578,8 @@ github.com/oasdiff/yaml3 v0.0.12 h1:75urAtPeDg2/iDEWwzNrLOWxI9N/dCh81nTTJtokt2M=
 github.com/oasdiff/yaml3 v0.0.12/go.mod h1:y5+oSEHCPT/DGrS++Wc/479ERge0zTFxaF8PbGKcg2o=
 github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 h1:zrbMGy9YXpIeTnGj4EljqMiZsIcE09mmF8XsD5AYOJc=
 github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6/go.mod h1:rEKTHC9roVVicUIfZK7DYrdIoM0EOr8mK1Hj5s3JjH0=
-github.com/olekukonko/errors v1.2.0 h1:10Zcn4GeV59t/EGqJc8fUjtFT/FuUh5bTMzZ1XwmCRo=
-github.com/olekukonko/errors v1.2.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
+github.com/olekukonko/errors v1.3.0 h1:teJvgLGUEqMzBUms+Dj3/3szNqCG/Jdw9iDbum8fR6U=
+github.com/olekukonko/errors v1.3.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
 github.com/olekukonko/ll v0.1.8 h1:ysHCJRGHYKzmBSdz9w5AySztx7lG8SQY+naTGYUbsz8=
 github.com/olekukonko/ll v0.1.8/go.mod h1:RPRC6UcscfFZgjo1nulkfMH5IM0QAYim0LfnMvUuozw=
 github.com/olekukonko/tablewriter v1.1.4 h1:ORUMI3dXbMnRlRggJX3+q7OzQFDdvgbN9nVWj1drm6I=
@@ -723,21 +723,14 @@ github.com/urfave/cli-docs/v3 v3.1.0/go.mod h1:59d+5Hz1h6GSGJ10cvcEkbIe3j233t4XD
 github.com/urfave/cli/v3 v3.6.1 h1:j8Qq8NyUawj/7rTYdBGrxcH7A/j7/G8Q5LhWEW4G3Mo=
 github.com/urfave/cli/v3 v3.6.1/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/willf/bitset v1.1.10/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
-github.com/wneessen/go-mail v0.7.2 h1:xxPnhZ6IZLSgxShebmZ6DPKh1b6OJcoHfzy7UjOkzS8=
-github.com/wneessen/go-mail v0.7.2/go.mod h1:+TkW6QP3EVkgTEqHtVmnAE/1MRhmzb8Y9/W3pweuS+k=
+github.com/wneessen/go-mail v0.7.3 h1:g3DravXC5SMlVdboFrQA8Jx95A8sOzoBeS5F+vzNRK0=
+github.com/wneessen/go-mail v0.7.3/go.mod h1:QGhBX0yNbc1J+Mkjcu7z2rpj4B4l+BmDY8gYznPC9sk=
 github.com/woodsbury/decimal128 v1.3.0 h1:8pffMNWIlC0O5vbyHWFZAt5yWvWcrHA+3ovIIjVWss0=
 github.com/woodsbury/decimal128 v1.3.0/go.mod h1:C5UTmyTjW3JftjUFzOVhC20BEQa2a4ZKOB5I6Zjb+ds=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
@@ -760,8 +753,8 @@ github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
 github.com/zeebo/xxh3 v1.1.0 h1:s7DLGDK45Dyfg7++yxI0khrfwq9661w9EN78eP/UZVs=
 github.com/zeebo/xxh3 v1.1.0/go.mod h1:IisAie1LELR4xhVinxWS5+zf1lA4p0MW4T+w+W07F5s=
-gitlab.com/gitlab-org/api/client-go/v2 v2.24.1 h1:XuTWCNmVSnXzjb9ty8XPR60BOHsXbzqgOlujW3+5DTM=
-gitlab.com/gitlab-org/api/client-go/v2 v2.24.1/go.mod h1:OSJITkIrT0UuA3JCucEK9UEGcC1PWBkQg5WW6W4nWuo=
+gitlab.com/gitlab-org/api/client-go/v2 v2.30.0 h1:guXC+uOA325P1FIwUVesPoDcnogHnbPrhV8c+wMHZPE=
+gitlab.com/gitlab-org/api/client-go/v2 v2.30.0/go.mod h1:0upZTKi9YMMvhavTlKJ3YgQUZE/GJkcLmXT/+6knTXU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
 go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
@@ -797,12 +790,12 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
-golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
-golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
+golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988=
+golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc=
 golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f h1:W3F4c+6OLc6H2lb//N1q4WpJkhzJCK5J6kUi1NTVXfM=
 golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f/go.mod h1:J1xhfL/vlindoeF/aINzNzt2Bket5bjo9sdOYzOsU80=
-golang.org/x/image v0.39.0 h1:skVYidAEVKgn8lZ602XO75asgXBgLj9G/FE3RbuPFww=
-golang.org/x/image v0.39.0/go.mod h1:sIbmppfU+xFLPIG0FoVUTvyBMmgng1/XAMhQ2ft0hpA=
+golang.org/x/image v0.40.0 h1:Tw4GyDXMo+daZN1znreBRC3VayR1aLFUyUEOLUdW1a8=
+golang.org/x/image v0.40.0/go.mod h1:uIc348UZMSvS5Z65CVZ7iDPaNobNFEPeJ4kbqTOszmA=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -829,8 +822,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA=
-golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs=
+golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8=
+golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww=
 golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
 golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -877,8 +870,8 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
-golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY=
+golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -889,8 +882,8 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
-golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
-golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
+golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
+golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -901,8 +894,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
-golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
+golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
+golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
 golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
 golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -922,8 +915,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260401020348-3a24fdc17823 h1:YedBIttDguBl/zy2wJauEUm+DZZg4UXseWj0g/3N+yo=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260401020348-3a24fdc17823/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
-google.golang.org/grpc v1.81.0 h1:W3G9N3KQf3BU+YuCtGKJk0CmxQNbAISICD/9AORxLIw=
-google.golang.org/grpc v1.81.0/go.mod h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I=
+google.golang.org/grpc v1.81.1 h1:VnnIIZ88UzOOKLukQi+ImGz8O1Wdp8nAGGnvOfEIWQQ=
+google.golang.org/grpc v1.81.1/go.mod h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -952,10 +945,10 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-modernc.org/cc/v4 v4.27.3 h1:uNCgn37E5U09mTv1XgskEVUJ8ADKpmFMPxzGJ0TSo+U=
-modernc.org/cc/v4 v4.27.3/go.mod h1:3YjcbCqhoTTHPycJDRl2WZKKFj0nwcOIPBfEZK0Hdk8=
-modernc.org/ccgo/v4 v4.32.4 h1:L5OB8rpEX4ZsXEQwGozRfJyJSFHbbNVOoQ59DU9/KuU=
-modernc.org/ccgo/v4 v4.32.4/go.mod h1:lY7f+fiTDHfcv6YlRgSkxYfhs+UvOEEzj49jAn2TOx0=
+modernc.org/cc/v4 v4.28.2 h1:3tQ0lf2ADtoby2EtSP+J7IE2SHwEJdP8ioR59wx7XpY=
+modernc.org/cc/v4 v4.28.2/go.mod h1:OnovgIhbbMXMu1aISnJ0wvVD1KnW+cAUJkIrAWh+kVI=
+modernc.org/ccgo/v4 v4.34.0 h1:yRLPFZieg532OT4rp4JFNIVcquwalMX26G95WQDqwCQ=
+modernc.org/ccgo/v4 v4.34.0/go.mod h1:AS5WYMyBakQ+fhsHhtP8mWB82KTGPkNNJDGfGQCe0/A=
 modernc.org/fileutil v1.4.0 h1:j6ZzNTftVS054gi281TyLjHPp6CPHr2KCxEXjEbD6SM=
 modernc.org/fileutil v1.4.0/go.mod h1:EqdKFDxiByqxLk8ozOxObDSfcVOv/54xDs/DUHdvCUU=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
@@ -964,18 +957,18 @@ modernc.org/gc/v3 v3.1.2 h1:ZtDCnhonXSZexk/AYsegNRV1lJGgaNZJuKjJSWKyEqo=
 modernc.org/gc/v3 v3.1.2/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
-modernc.org/libc v1.72.0 h1:IEu559v9a0XWjw0DPoVKtXpO2qt5NVLAnFaBbjq+n8c=
-modernc.org/libc v1.72.0/go.mod h1:tTU8DL8A+XLVkEY3x5E/tO7s2Q/q42EtnNWda/L5QhQ=
+modernc.org/libc v1.72.3 h1:ZnDF4tXn4NBXFutMMQC4vtbTFSXhhKzR73fv0beZEAU=
+modernc.org/libc v1.72.3/go.mod h1:dn0dZNnnn1clLyvRxLxYExxiKRZIRENOfqQ8XEeg4Qs=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
-modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
-modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
+modernc.org/opt v0.2.0 h1:tGyef5ApycA7FSEOMraay9SaTk5zmbx7Tu+cJs4QKZg=
+modernc.org/opt v0.2.0/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.50.0 h1:eMowQSWLK0MeiQTdmz3lqoF5dqclujdlIKeJA11+7oM=
-modernc.org/sqlite v1.50.0/go.mod h1:m0w8xhwYUVY3H6pSDwc3gkJ/irZT/0YEXwBlhaxQEew=
+modernc.org/sqlite v1.50.1 h1:l+cQvn0sd0zJJtfygGHuQJ5AjlrwXmWPw4KP3ZMwr9w=
+modernc.org/sqlite v1.50.1/go.mod h1:tcNzv5p84E0skkmJn038y+hWJbLQXQqEnQfeh5r2JLM=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
--- a/main.go
+++ b/main.go
@@ -10,16 +10,16 @@ import (
 	"strings"
 	"time"

-	"code.gitea.io/gitea/cmd"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
+	"gitea.dev/cmd"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"

 	// register supported doc types
-	_ "code.gitea.io/gitea/modules/markup/asciicast"
-	_ "code.gitea.io/gitea/modules/markup/console"
-	_ "code.gitea.io/gitea/modules/markup/csv"
-	_ "code.gitea.io/gitea/modules/markup/markdown"
-	_ "code.gitea.io/gitea/modules/markup/orgmode"
+	_ "gitea.dev/modules/markup/asciicast"
+	_ "gitea.dev/modules/markup/console"
+	_ "gitea.dev/modules/markup/csv"
+	_ "gitea.dev/modules/markup/markdown"
+	_ "gitea.dev/modules/markup/orgmode"

 	"github.com/urfave/cli/v3"
 )
--- a/models/actions/artifact.go
+++ b/models/actions/artifact.go
@@ -11,10 +11,10 @@ import (
 	"errors"
 	"time"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/optional"
-	"code.gitea.io/gitea/modules/timeutil"
-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/models/db"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/timeutil"
+	"gitea.dev/modules/util"

 	"xorm.io/builder"
 )
--- a/models/actions/config.go
+++ b/models/actions/config.go
@@ -6,11 +6,11 @@ package actions
 import (
 	"context"

-	"code.gitea.io/gitea/models/perm"
-	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/json"
-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/models/perm"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/util"

 	"xorm.io/xorm/convert"
 )
--- a/models/actions/main_test.go
+++ b/models/actions/main_test.go
@@ -6,7 +6,7 @@ package actions
 import (
 	"testing"

-	"code.gitea.io/gitea/models/unittest"
+	"gitea.dev/models/unittest"
 )

 func TestMain(m *testing.M) {
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -10,17 +10,17 @@ import (
 	"strings"
 	"time"

-	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/json"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	api "code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/modules/timeutil"
-	"code.gitea.io/gitea/modules/util"
-	webhook_module "code.gitea.io/gitea/modules/webhook"
+	"gitea.dev/models/db"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/git"
+	"gitea.dev/modules/json"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/setting"
+	api "gitea.dev/modules/structs"
+	"gitea.dev/modules/timeutil"
+	"gitea.dev/modules/util"
+	webhook_module "gitea.dev/modules/webhook"

 	"xorm.io/builder"
 )
--- a/models/actions/run_attempt.go
+++ b/models/actions/run_attempt.go
@@ -9,11 +9,11 @@ import (
 	"slices"
 	"time"

-	"code.gitea.io/gitea/models/db"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/timeutil"
-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/models/db"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/log"
+	"gitea.dev/modules/timeutil"
+	"gitea.dev/modules/util"
 )

 // ActionRunAttempt represents a single execution attempt of an ActionRun.
--- a/models/actions/run_attempt_list.go
+++ b/models/actions/run_attempt_list.go
@@ -6,9 +6,9 @@ package actions
 import (
 	"context"

-	"code.gitea.io/gitea/models/db"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/container"
+	"gitea.dev/models/db"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/container"
 )

 type ActionRunAttemptList []*ActionRunAttempt
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -9,11 +9,11 @@ import (
 	"slices"
 	"time"

-	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/modules/actions/jobparser"
-	"code.gitea.io/gitea/modules/timeutil"
-	"code.gitea.io/gitea/modules/util"
+	"gitea.dev/models/db"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/modules/actions/jobparser"
+	"gitea.dev/modules/timeutil"
+	"gitea.dev/modules/util"

 	"xorm.io/builder"
 )
--- a/models/actions/run_job_list.go
+++ b/models/actions/run_job_list.go
@@ -7,12 +7,12 @@ import (
 	"context"
 	"slices"

-	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
-	"code.gitea.io/gitea/modules/base"
-	"code.gitea.io/gitea/modules/container"
-	"code.gitea.io/gitea/modules/optional"
-	"code.gitea.io/gitea/modules/timeutil"
+	"gitea.dev/models/db"
+	repo_model "gitea.dev/models/repo"
+	"gitea.dev/modules/base"
+	"gitea.dev/modules/container"
+	"gitea.dev/modules/optional"
+	"gitea.dev/modules/timeutil"

 	"xorm.io/builder"
 )
--- a/models/actions/run_list.go
+++ b/models/actions/run_list.go
@@ -6,12 +6,12 @@ package actions
 import (
 	"context"

-	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/container"
-	"code.gitea.io/gitea/modules/translation"
-	webhook_module "code.gitea.io/gitea/modules/webhook"
+	"gitea.dev/models/db"
+	repo_model "gitea.dev/models/repo"
+	user_model "gitea.dev/models/user"
+	"gitea.dev/modules/container"
+	"gitea.dev/modules/translation"
+	webhook_module "gitea.dev/modules/webhook"

 	"xorm.io/builder"
 )
@@ -132,6 +132,32 @@ func GetStatusInfoList(ctx context.Context, lang translation.Locale) []StatusInf
 	return statusInfoList
 }

+// GetRunBranches returns branch names for the run-list "Branch" filter.
+// Sourced from the `branch` table (indexed by repo_id) rather than DISTINCT-ing
+// `action_run.ref`, which is wildcard-matched and slow on large repos; as a side
+// effect the list reflects existing branches, not only ones that produced a run.
+func GetRunBranches(ctx context.Context, repoID int64) ([]string, error) {
+	branches := make([]string, 0, 10)
+	return branches, db.GetEngine(ctx).Table("branch").
+		Where("repo_id = ?", repoID).
+		And("is_deleted = ?", false).
+		Cols("name").
+		OrderBy("name ASC").
+		Find(&branches)
+}
+
+// GetRunWorkflowIDs returns all distinct WorkflowIDs that have at least
+// one ActionRun in the given repo.
+func GetRunWorkflowIDs(ctx context.Context, repoID int64) ([]string, error) {
+	ids := make([]string, 0, 10)
+	return ids, db.GetEngine(ctx).Table("action_run").
+		Where(builder.Eq{"repo_id": repoID}).
+		Distinct("workflow_id").
+		Cols("workflow_id").
+		Asc("workflow_id").
+		Find(&ids)
+}
+
 // GetActors returns a slice of Actors
 func GetActors(ctx context.Context, repoID int64) ([]*user_model.User, error) {
 	actors := make([]*user_model.User, 0, 10)
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`disable=SC1091,SC2001,SC2002,SC2016,SC2028,SC2046,SC2124,SC2128,SC2129,SC2154,SC2155,SC2164,SC2181,SC2207`