Merge pull request '[gitea] week 2024-18 cherry pick (gitea-github/main -> forgejo)' (#3513) from earl-warren/wcp/2024-18 into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3513 Reviewed-by: jean-daricade <jean-daricade@noreply.codeberg.org>
2024-04-30 06:42:26 +00:00 · 2024-04-30 06:42:26 +00:00 · 79ffb2de47
parent fb5c6d3837 ec6d46bc8f
commit 79ffb2de47
159 changed files with 1022 additions and 759 deletions
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@ -4,7 +4,6 @@ reportUnusedDisableDirectives: true
 ignorePatterns:
  - /web_src/js/vendor
  - /web_src/fomantic
  - /public/assets/js
 parserOptions:
  sourceType: module
@ -311,7 +310,7 @@ rules:
  jquery/no-merge: [2]
  jquery/no-param: [2]
  jquery/no-parent: [0]
-  jquery/no-parents: [0]
+  jquery/no-parents: [2]
  jquery/no-parse-html: [2]
  jquery/no-prop: [2]
  jquery/no-proxy: [2]
@ -320,8 +319,8 @@ rules:
  jquery/no-show: [2]
  jquery/no-size: [2]
  jquery/no-sizzle: [0]
-  jquery/no-slide: [0]
+  jquery/no-slide: [2]
-  jquery/no-submit: [0]
+  jquery/no-submit: [2]
  jquery/no-text: [0]
  jquery/no-toggle: [2]
  jquery/no-trigger: [0]
@ -459,7 +458,7 @@ rules:
  no-jquery/no-other-utils: [2]
  no-jquery/no-param: [2]
  no-jquery/no-parent: [0]
-  no-jquery/no-parents: [0]
+  no-jquery/no-parents: [2]
  no-jquery/no-parse-html-literal: [0]
  no-jquery/no-parse-html: [2]
  no-jquery/no-parse-json: [2]
--- a/.golangci.yml
+++ b/.golangci.yml
@ -1,13 +1,14 @@
 linters:
  enable-all: false
  disable-all: true
  fast: false
  enable:
    - bidichk
    # - deadcode # deprecated - https://github.com/golangci/golangci-lint/issues/1841
    - depguard
    - dupl
    - errcheck
    - forbidigo
    - gocritic
    # - gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
    - gofumpt
    - gosimple
@ -17,16 +18,11 @@ linters:
    - nolintlint
    - revive
    - staticcheck
    # - structcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
    - stylecheck
    - typecheck
    - unconvert
    - unused
    # - varcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
    - wastedassign
  enable-all: false
  disable-all: true
  fast: false
 run:
  timeout: 10m
@ -35,6 +31,9 @@ run:
    - public
    - web_src
 output:
  sort-results: true
 linters-settings:
  stylecheck:
    checks: ["all", "-ST1005", "-ST1003"]
@ -51,27 +50,37 @@ linters-settings:
    errorCode: 1
    warningCode: 1
    rules:
      - name: atomic
      - name: bare-return
      - name: blank-imports
      - name: constant-logical-expr
      - name: context-as-argument
      - name: context-keys-type
      - name: dot-imports
      - name: duplicated-imports
      - name: empty-lines
      - name: error-naming
      - name: error-return
      - name: error-strings
-      - name: error-naming
+      - name: errorf
      - name: exported
      - name: identical-branches
      - name: if-return
      - name: increment-decrement
-      - name: var-naming
+      - name: indent-error-flow
-      - name: var-declaration
+      - name: modifies-value-receiver
      - name: package-comments
      - name: range
      - name: receiver-naming
      - name: redefines-builtin-id
      - name: string-of-int
      - name: superfluous-else
      - name: time-naming
      - name: unconditional-recursion
      - name: unexported-return
-      - name: indent-error-flow
+      - name: unreachable-code
-      - name: errorf
+      - name: var-declaration
-      - name: duplicated-imports
+      - name: var-naming
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
  depguard:
@ -96,8 +105,12 @@ linters-settings:
 issues:
  max-issues-per-linter: 0
  max-same-issues: 0
  exclude-dirs: [node_modules, public, web_src]
  exclude-case-sensitive: true
  exclude-rules:
-    # Exclude some linters from running on tests files.
+    - path: models/db/sql_postgres_with_schema.go
      linters:
        - nolintlint
    - path: _test\.go
      linters:
        - gocyclo
@ -115,19 +128,19 @@ issues:
    - path: cmd
      linters:
        - forbidigo
-    - linters:
+    - text: "webhook"
      linters:
        - dupl
-      text: "webhook"
+    - text: "`ID' should not be capitalized"
-    - linters:
+      linters:
        - gocritic
-      text: "`ID' should not be capitalized"
+    - text: "swagger"
-    - linters:
+      linters:
        - unused
        - deadcode
-      text: "swagger"
+    - text: "argument x is overwritten before first use"
-    - linters:
+      linters:
        - staticcheck
      text: "argument x is overwritten before first use"
    - text: "commentFormatting: put a space between `//` and comment text"
      linters:
        - gocritic
--- a/5
+++ b/5
@ -913,8 +913,9 @@ webpack: $(WEBPACK_DEST)
 $(WEBPACK_DEST): $(WEBPACK_SOURCES) $(WEBPACK_CONFIGS) package-lock.json
 	@$(MAKE) -s node-check node_modules
-	rm -rf $(WEBPACK_DEST_ENTRIES)
+	@rm -rf $(WEBPACK_DEST_ENTRIES)
-	npx webpack
+	@echo "Running webpack..."
 	@BROWSERSLIST_IGNORE_OLD_DATA=true npx webpack
 	@touch $(WEBPACK_DEST)
 .PHONY: svg
--- a/cmd/admin_auth.go
+++ b/cmd/admin_auth.go
@ -4,6 +4,7 @@
 package cmd
 import (
 	"errors"
 	"fmt"
 	"os"
 	"text/tabwriter"
@ -91,7 +92,7 @@ func runListAuth(c *cli.Context) error {
 func runDeleteAuth(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return fmt.Errorf("--id flag is missing")
+		return errors.New("--id flag is missing")
 	}
 	ctx, cancel := installSignals()
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@ -4,6 +4,7 @@
 package cmd
 import (
 	"errors"
 	"fmt"
 	"net/url"
@ -193,7 +194,7 @@ func runAddOauth(c *cli.Context) error {
 func runUpdateOauth(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return fmt.Errorf("--id flag is missing")
+		return errors.New("--id flag is missing")
 	}
 	ctx, cancel := installSignals()
--- a/cmd/admin_auth_stmp.go
+++ b/cmd/admin_auth_stmp.go
@ -5,7 +5,6 @@ package cmd
 import (
 	"errors"
 	"fmt"
 	"strings"
 	auth_model "code.gitea.io/gitea/models/auth"
@ -166,7 +165,7 @@ func runAddSMTP(c *cli.Context) error {
 func runUpdateSMTP(c *cli.Context) error {
 	if !c.IsSet("id") {
-		return fmt.Errorf("--id flag is missing")
+		return errors.New("--id flag is missing")
 	}
 	ctx, cancel := installSignals()
--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@ -4,6 +4,7 @@
 package cmd
 import (
 	"errors"
 	"fmt"
 	"strings"
@ -42,7 +43,7 @@ var microcmdUserDelete = &cli.Command{
 func runDeleteUser(c *cli.Context) error {
 	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
-		return fmt.Errorf("You must provide the id, username or email of a user to delete")
+		return errors.New("You must provide the id, username or email of a user to delete")
 	}
 	ctx, cancel := installSignals()
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@ -4,6 +4,7 @@
 package cmd
 import (
 	"errors"
 	"fmt"
 	auth_model "code.gitea.io/gitea/models/auth"
@ -42,7 +43,7 @@ var microcmdUserGenerateAccessToken = &cli.Command{
 func runGenerateAccessToken(c *cli.Context) error {
 	if !c.IsSet("username") {
-		return fmt.Errorf("You must provide a username to generate a token for")
+		return errors.New("You must provide a username to generate a token for")
 	}
 	ctx, cancel := installSignals()
@ -68,7 +69,7 @@ func runGenerateAccessToken(c *cli.Context) error {
 		return err
 	}
 	if exist {
-		return fmt.Errorf("access token name has been used already")
+		return errors.New("access token name has been used already")
 	}
 	// make sure the scopes are valid
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@ -157,9 +157,9 @@ func runViewDo(c *cli.Context) error {
 	}
 	if len(matchedAssetFiles) == 0 {
-		return fmt.Errorf("no files matched the given pattern")
+		return errors.New("no files matched the given pattern")
 	} else if len(matchedAssetFiles) > 1 {
-		return fmt.Errorf("too many files matched the given pattern, try to be more specific")
+		return errors.New("too many files matched the given pattern, try to be more specific")
 	}
 	data, err := matchedAssetFiles[0].fs.ReadFile(matchedAssetFiles[0].name)
@ -180,7 +180,7 @@ func runExtractDo(c *cli.Context) error {
 	}
 	if c.NArg() == 0 {
-		return fmt.Errorf("a list of pattern of files to extract is mandatory (e.g. '**' for all)")
+		return errors.New("a list of pattern of files to extract is mandatory (e.g. '**' for all)")
 	}
 	destdir := "."
--- a/cmd/hook.go
+++ b/cmd/hook.go
@ -482,7 +482,7 @@ func hookPrintResults(results []private.HookPostReceiveBranchResult) {
 			fmt.Fprintf(os.Stderr, "  %s\n", res.URL)
 		}
 		fmt.Fprintln(os.Stderr, "")
-		os.Stderr.Sync()
+		_ = os.Stderr.Sync()
 	}
 }
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@ -4,6 +4,7 @@
 package cmd
 import (
 	"errors"
 	"fmt"
 	"os"
@ -249,7 +250,7 @@ func runAddFileLogger(c *cli.Context) error {
 	if c.IsSet("filename") {
 		vals["filename"] = c.String("filename")
 	} else {
-		return fmt.Errorf("filename must be set when creating a file logger")
+		return errors.New("filename must be set when creating a file logger")
 	}
 	if c.IsSet("rotate") {
 		vals["rotate"] = c.Bool("rotate")
--- a/go.mod
+++ b/go.mod
@ -15,6 +15,7 @@ require (
 	gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/ProtonMail/go-crypto v1.0.0
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/alecthomas/chroma/v2 v2.13.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
@ -129,7 +130,6 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/RoaringBitmap/roaring v1.7.0 // indirect
 	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
--- a/models/actions/run.go
+++ b/models/actions/run.go
@ -98,13 +98,10 @@ func (run *ActionRun) LoadAttributes(ctx context.Context) error {
 		return nil
 	}
-	if run.Repo == nil {
+	if err := run.LoadRepo(ctx); err != nil {
-		repo, err := repo_model.GetRepositoryByID(ctx, run.RepoID)
+		return err
 		if err != nil {
 			return err
 		}
 		run.Repo = repo
 	}
 	if err := run.Repo.LoadAttributes(ctx); err != nil {
 		return err
 	}
@ -120,6 +117,19 @@ func (run *ActionRun) LoadAttributes(ctx context.Context) error {
 	return nil
 }
 func (run *ActionRun) LoadRepo(ctx context.Context) error {
 	if run == nil || run.Repo != nil {
 		return nil
 	}
 	repo, err := repo_model.GetRepositoryByID(ctx, run.RepoID)
 	if err != nil {
 		return err
 	}
 	run.Repo = repo
 	return nil
 }
 func (run *ActionRun) Duration() time.Duration {
 	return calculateDuration(run.Started, run.Stopped, run.Status) + run.PreviousDuration
 }
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@ -270,7 +270,7 @@ func CountRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	// Only affect action runners were a owner ID is set, as actions runners
 	// could also be created on a repository.
 	return db.GetEngine(ctx).Table("action_runner").
-		Join("LEFT", "user", "`action_runner`.owner_id = `user`.id").
+		Join("LEFT", "`user`", "`action_runner`.owner_id = `user`.id").
 		Where("`action_runner`.owner_id != ?", 0).
 		And(builder.IsNull{"`user`.id"}).
 		Count(new(ActionRunner))
@ -279,7 +279,7 @@ func CountRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 func FixRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	subQuery := builder.Select("`action_runner`.id").
 		From("`action_runner`").
-		Join("LEFT", "user", "`action_runner`.owner_id = `user`.id").
+		Join("LEFT", "`user`", "`action_runner`.owner_id = `user`.id").
 		Where(builder.Neq{"`action_runner`.owner_id": 0}).
 		And(builder.IsNull{"`user`.id"})
 	b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
@ -289,3 +289,25 @@ func FixRunnersWithoutBelongingOwner(ctx context.Context) (int64, error) {
 	}
 	return res.RowsAffected()
 }
 func CountRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
 	return db.GetEngine(ctx).Table("action_runner").
 		Join("LEFT", "`repository`", "`action_runner`.repo_id = `repository`.id").
 		Where("`action_runner`.repo_id != ?", 0).
 		And(builder.IsNull{"`repository`.id"}).
 		Count(new(ActionRunner))
 }
 func FixRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
 	subQuery := builder.Select("`action_runner`.id").
 		From("`action_runner`").
 		Join("LEFT", "`repository`", "`action_runner`.repo_id = `repository`.id").
 		Where(builder.Neq{"`action_runner`.repo_id": 0}).
 		And(builder.IsNull{"`repository`.id"})
 	b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
 	res, err := db.GetEngine(ctx).Exec(b)
 	if err != nil {
 		return 0, err
 	}
 	return res.RowsAffected()
 }
--- a/models/actions/variable.go
+++ b/models/actions/variable.go
@ -92,6 +92,11 @@ func DeleteVariable(ctx context.Context, id int64) error {
 func GetVariablesOfRun(ctx context.Context, run *ActionRun) (map[string]string, error) {
 	variables := map[string]string{}
 	if err := run.LoadRepo(ctx); err != nil {
 		log.Error("LoadRepo: %v", err)
 		return nil, err
 	}
 	// Global
 	globalVariables, err := db.Find[ActionVariable](ctx, FindVariablesOpts{})
 	if err != nil {
--- a/models/asymkey/gpg_key_object_verification.go
+++ b/models/asymkey/gpg_key_object_verification.go
@ -94,7 +94,6 @@ func ParseObjectWithSignature(ctx context.Context, c *GitObject) *ObjectVerifica
 					Reason:         "gpg.error.no_committer_account",
 				}
 			}
 		}
 	}
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@ -8,6 +8,7 @@ import (
 	"crypto/sha256"
 	"encoding/base32"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"net"
 	"net/url"
@ -301,7 +302,7 @@ func UpdateOAuth2Application(ctx context.Context, opts UpdateOAuth2ApplicationOp
 		return nil, err
 	}
 	if app.UID != opts.UserID {
-		return nil, fmt.Errorf("UID mismatch")
+		return nil, errors.New("UID mismatch")
 	}
 	builtinApps := BuiltinApplications()
 	if _, builtin := builtinApps[app.ClientID]; builtin {
--- a/models/auth/oauth2_test.go
+++ b/models/auth/oauth2_test.go
@ -16,8 +16,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 //////////////////// Application
 func TestOAuth2Application_GenerateClientSecret(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})
--- a/models/db/engine.go
+++ b/models/db/engine.go
@ -236,7 +236,6 @@ func NamesToBean(names ...string) ([]any, error) {
 	// Need to map provided names to beans...
 	beanMap := make(map[string]any)
 	for _, bean := range tables {
 		beanMap[strings.ToLower(reflect.Indirect(reflect.ValueOf(bean)).Type().Name())] = bean
 		beanMap[strings.ToLower(x.TableName(bean))] = bean
 		beanMap[strings.ToLower(x.TableName(bean, true))] = bean
--- a/models/git/lfs_lock.go
+++ b/models/git/lfs_lock.go
@ -5,7 +5,7 @@ package git
 import (
 	"context"
-	"fmt"
+	"errors"
 	"strings"
 	"time"
@ -148,7 +148,7 @@ func DeleteLFSLockByID(ctx context.Context, id int64, repo *repo_model.Repositor
 	}
 	if !force && u.ID != lock.OwnerID {
-		return nil, fmt.Errorf("user doesn't own lock and force flag is not set")
+		return nil, errors.New("user doesn't own lock and force flag is not set")
 	}
 	if _, err := db.GetEngine(dbCtx).ID(id).Delete(new(LFSLock)); err != nil {
--- a/models/issues/review.go
+++ b/models/issues/review.go
@ -345,11 +345,9 @@ func CreateReview(ctx context.Context, opts CreateReviewOptions) (*Review, error
 				return nil, err
 			}
 		}
 	} else if opts.ReviewerTeam != nil {
 		review.Type = ReviewTypeRequest
 		review.ReviewerTeamID = opts.ReviewerTeam.ID
 	} else {
 		return nil, fmt.Errorf("provide either reviewer or reviewer team")
 	}
--- a/models/migrations/base/db.go
+++ b/models/migrations/base/db.go
@ -214,7 +214,6 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 				return err
 			}
 			sequenceMap[sequence] = sequenceData
 		}
 		// CASCADE causes postgres to drop all the constraints on the old table
@ -279,7 +278,6 @@ func RecreateTable(sess *xorm.Session, bean any) error {
 					return err
 				}
 			}
 		}
 	default:
--- a/models/migrations/fixtures/Test_AddConfidentialClientColumnToOAuth2ApplicationTable/o_auth2_application.yml
+++ b/models/migrations/fixtures/Test_AddConfidentialClientColumnToOAuth2ApplicationTable/o_auth2_application.yml
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@ -22,7 +22,6 @@ import (
 	"code.gitea.io/gitea/models/migrations/v1_20"
 	"code.gitea.io/gitea/models/migrations/v1_21"
 	"code.gitea.io/gitea/models/migrations/v1_22"
 	"code.gitea.io/gitea/models/migrations/v1_23"
 	"code.gitea.io/gitea/models/migrations/v1_6"
 	"code.gitea.io/gitea/models/migrations/v1_7"
 	"code.gitea.io/gitea/models/migrations/v1_8"
@ -576,14 +575,20 @@ var migrations = []Migration{
 	// v293 -> v294
 	NewMigration("Ensure every project has exactly one default column", v1_22.CheckProjectColumnsConsistency),
-	// Gitea 1.22.0 ends at 294
+	// Gitea 1.22.0-rc0 ends at 294
 	// v294 -> v295
-	NewMigration("Add unique index for project issue table", v1_23.AddUniqueIndexForProjectIssue),
+	NewMigration("Add unique index for project issue table", v1_22.AddUniqueIndexForProjectIssue),
 	// v295 -> v296
-	NewMigration("Add commit status summary table", v1_23.AddCommitStatusSummary),
+	NewMigration("Add commit status summary table", v1_22.AddCommitStatusSummary),
 	// v296 -> v297
-	NewMigration("Add missing field of commit status summary table", v1_23.AddCommitStatusSummary2),
+	NewMigration("Add missing field of commit status summary table", v1_22.AddCommitStatusSummary2),
 	// v297 -> v298
 	NewMigration("Add everyone_access_mode for repo_unit", noopMigration),
 	// v298 -> v299
 	NewMigration("Drop wrongly created table o_auth2_application", v1_22.DropWronglyCreatedTable),
 	// Gitea 1.22.0-rc1 ends at 299
 }
 // GetCurrentDBVersion returns the current db version
--- a/models/migrations/v1_11/v111.go
+++ b/models/migrations/v1_11/v111.go
@ -263,7 +263,6 @@ func AddBranchProtectionCanPushAndEnableWhitelist(x *xorm.Engine) error {
 		for _, u := range units {
 			var found bool
 			for _, team := range teams {
 				var teamU []*TeamUnit
 				var unitEnabled bool
 				err = sess.Where("team_id = ?", team.ID).Find(&teamU)
@ -332,7 +331,6 @@ func AddBranchProtectionCanPushAndEnableWhitelist(x *xorm.Engine) error {
 		}
 		if !protectedBranch.EnableApprovalsWhitelist {
 			perm, err := getUserRepoPermission(sess, baseRepo, reviewer)
 			if err != nil {
 				return false, err
--- a/models/migrations/v1_16/v210.go
+++ b/models/migrations/v1_16/v210.go
@ -68,11 +68,6 @@ func RemigrateU2FCredentials(x *xorm.Engine) error {
 		if err != nil {
 			return err
 		}
 	case schemas.ORACLE:
 		_, err := x.Exec("ALTER TABLE webauthn_credential MODIFY credential_id VARCHAR(410)")
 		if err != nil {
 			return err
 		}
 	case schemas.POSTGRES:
 		_, err := x.Exec("ALTER TABLE webauthn_credential ALTER COLUMN credential_id TYPE VARCHAR(410)")
 		if err != nil {
--- a/models/migrations/v1_18/v230.go
+++ b/models/migrations/v1_18/v230.go
@ -9,9 +9,9 @@ import (
 // AddConfidentialColumnToOAuth2ApplicationTable: add ConfidentialClient column, setting existing rows to true
 func AddConfidentialClientColumnToOAuth2ApplicationTable(x *xorm.Engine) error {
-	type OAuth2Application struct {
+	type oauth2Application struct {
 		ID                 int64
 		ConfidentialClient bool `xorm:"NOT NULL DEFAULT TRUE"`
 	}
-
+	return x.Sync(new(oauth2Application))
 	return x.Sync(new(OAuth2Application))
 }
--- a/models/migrations/v1_18/v230_test.go
+++ b/models/migrations/v1_18/v230_test.go
@ -13,12 +13,12 @@ import (
 func Test_AddConfidentialClientColumnToOAuth2ApplicationTable(t *testing.T) {
 	// premigration
-	type OAuth2Application struct {
+	type oauth2Application struct {
 		ID int64
 	}
 	// Prepare and load the testing database
-	x, deferable := base.PrepareTestEnv(t, 0, new(OAuth2Application))
+	x, deferable := base.PrepareTestEnv(t, 0, new(oauth2Application))
 	defer deferable()
 	if x == nil || t.Failed() {
 		return
@ -36,7 +36,7 @@ func Test_AddConfidentialClientColumnToOAuth2ApplicationTable(t *testing.T) {
 	}
 	got := []ExpectedOAuth2Application{}
-	if err := x.Table("o_auth2_application").Select("id, confidential_client").Find(&got); !assert.NoError(t, err) {
+	if err := x.Table("oauth2_application").Select("id, confidential_client").Find(&got); !assert.NoError(t, err) {
 		return
 	}
--- a/models/migrations/v1_20/v250.go
+++ b/models/migrations/v1_20/v250.go
@ -104,7 +104,7 @@ func ChangeContainerMetadataMultiArch(x *xorm.Engine) error {
 		// Convert to new metadata format
-		new := &MetadataNew{
+		newMetadata := &MetadataNew{
 			Type:             old.Type,
 			IsTagged:         old.IsTagged,
 			Platform:         old.Platform,
@ -119,7 +119,7 @@ func ChangeContainerMetadataMultiArch(x *xorm.Engine) error {
 			Manifests:        manifests,
 		}
-		metadataJSON, err := json.Marshal(new)
+		metadataJSON, err := json.Marshal(newMetadata)
 		if err != nil {
 			return err
 		}
--- a/models/migrations/v1_22/v294.go
+++ b/models/migrations/v1_22/v294.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
-package v1_23 //nolint
+package v1_22 //nolint
 import (
 	"xorm.io/xorm"
--- a/models/migrations/v1_22/v294_test.go
+++ b/models/migrations/v1_22/v294_test.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
-package v1_23 //nolint
+package v1_22 //nolint
 import (
 	"slices"
--- a/models/migrations/v1_22/v295.go
+++ b/models/migrations/v1_22/v295.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
-package v1_23 //nolint
+package v1_22 //nolint
 import "xorm.io/xorm"
--- a/models/migrations/v1_22/v296.go
+++ b/models/migrations/v1_22/v296.go
@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
-package v1_23 //nolint
+package v1_22 //nolint
 import "xorm.io/xorm"
--- a/models/migrations/v1_22/v298.go
+++ b/models/migrations/v1_22/v298.go
@ -0,0 +1,10 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package v1_22 //nolint
 import "xorm.io/xorm"
 func DropWronglyCreatedTable(x *xorm.Engine) error {
 	return x.DropTables("o_auth2_application")
 }
--- a/models/migrations/v1_6/v71.go
+++ b/models/migrations/v1_6/v71.go
@ -61,7 +61,6 @@ func AddScratchHash(x *xorm.Engine) error {
 			if _, err := sess.ID(tfa.ID).Cols("scratch_salt, scratch_hash").Update(tfa); err != nil {
 				return fmt.Errorf("couldn't add in scratch_hash and scratch_salt: %w", err)
 			}
 		}
 	}
--- a/models/migrations/v1_9/v85.go
+++ b/models/migrations/v1_9/v85.go
@ -81,7 +81,6 @@ func HashAppToken(x *xorm.Engine) error {
 			if _, err := sess.ID(token.ID).Cols("token_hash, token_salt, token_last_eight, sha1").Update(token); err != nil {
 				return fmt.Errorf("couldn't add in sha1, token_hash, token_salt and token_last_eight: %w", err)
 			}
 		}
 	}
--- a/models/organization/team.go
+++ b/models/organization/team.go
@ -222,9 +222,8 @@ func GetTeamIDsByNames(ctx context.Context, orgID int64, names []string, ignoreN
 		if err != nil {
 			if ignoreNonExistent {
 				continue
 			} else {
 				return nil, err
 			}
 			return nil, err
 		}
 		ids = append(ids, u.ID)
 	}
--- a/models/project/board.go
+++ b/models/project/board.go
@ -110,13 +110,11 @@ func createBoardsForProjectsType(ctx context.Context, project *Project) error {
 	var items []string
 	switch project.BoardType {
 	case BoardTypeBugTriage:
 		items = setting.Project.ProjectBoardBugTriageType
 	case BoardTypeBasicKanban:
 		items = setting.Project.ProjectBoardBasicKanbanType
 	case BoardTypeNone:
 		fallthrough
 	default:
--- a/models/repo/user_repo.go
+++ b/models/repo/user_repo.go
@ -135,7 +135,6 @@ func GetReviewers(ctx context.Context, repo *Repository, doerID, posterID int64)
 			// the owner of a private repo needs to be explicitly added.
 			cond = cond.Or(builder.Eq{"`user`.id": repo.Owner.ID})
 		}
 	} else {
 		// This is a "public" repository:
 		// Any user that has read access, is a watcher or organization member can be requested to review
--- a/models/repo_transfer.go
+++ b/models/repo_transfer.go
@ -5,6 +5,7 @@ package models
 import (
 	"context"
 	"errors"
 	"fmt"
 	"code.gitea.io/gitea/models/db"
@ -120,7 +121,7 @@ func DeleteRepositoryTransfer(ctx context.Context, repoID int64) error {
 func TestRepositoryReadyForTransfer(status repo_model.RepositoryStatus) error {
 	switch status {
 	case repo_model.RepositoryBeingMigrated:
-		return fmt.Errorf("repo is not ready, currently migrating")
+		return errors.New("repo is not ready, currently migrating")
 	case repo_model.RepositoryPendingTransfer:
 		return ErrRepoTransferInProgress{}
 	}
--- a/models/user/user.go
+++ b/models/user/user.go
@ -1007,9 +1007,8 @@ func GetUserIDsByNames(ctx context.Context, names []string, ignoreNonExistent bo
 		if err != nil {
 			if ignoreNonExistent {
 				continue
 			} else {
 				return nil, err
 			}
 			return nil, err
 		}
 		ids = append(ids, u.ID)
 	}
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@ -5,8 +5,8 @@ package user_test
 import (
 	"context"
 	"crypto/rand"
 	"fmt"
 	"math/rand"
 	"strings"
 	"testing"
 	"time"
--- a/modules/auth/password/password.go
+++ b/modules/auth/password/password.go
@ -63,16 +63,16 @@ func NewComplexity() {
 func setupComplexity(values []string) {
 	if len(values) != 1 || values[0] != "off" {
 		for _, val := range values {
-			if complex, ok := charComplexities[val]; ok {
+			if complexity, ok := charComplexities[val]; ok {
-				validChars += complex.ValidChars
+				validChars += complexity.ValidChars
-				requiredList = append(requiredList, complex)
+				requiredList = append(requiredList, complexity)
 			}
 		}
 		if len(requiredList) == 0 {
 			// No valid character classes found; use all classes as default
-			for _, complex := range charComplexities {
+			for _, complexity := range charComplexities {
-				validChars += complex.ValidChars
+				validChars += complexity.ValidChars
-				requiredList = append(requiredList, complex)
+				requiredList = append(requiredList, complexity)
 			}
 		}
 	}
--- a/modules/auth/password/pwn/pwn_test.go
+++ b/modules/auth/password/pwn/pwn_test.go
@ -4,9 +4,8 @@
 package pwn
 import (
-	"math/rand"
+	"math/rand/v2"
 	"net/http"
 	"os"
 	"strings"
 	"testing"
 	"time"
@ -18,11 +17,6 @@ var client = New(WithHTTP(&http.Client{
 	Timeout: time.Second * 2,
 }))
 func TestMain(m *testing.M) {
 	rand.Seed(time.Now().Unix())
 	os.Exit(m.Run())
 }
 func TestPassword(t *testing.T) {
 	// Check input error
 	_, err := client.CheckPassword("", false)
@ -81,24 +75,24 @@ func testPassword() string {
 	// Set special character
 	for i := 0; i < 5; i++ {
-		random := rand.Intn(len(specialCharSet))
+		random := rand.IntN(len(specialCharSet))
 		password.WriteString(string(specialCharSet[random]))
 	}
 	// Set numeric
 	for i := 0; i < 5; i++ {
-		random := rand.Intn(len(numberSet))
+		random := rand.IntN(len(numberSet))
 		password.WriteString(string(numberSet[random]))
 	}
 	// Set uppercase
 	for i := 0; i < 5; i++ {
-		random := rand.Intn(len(upperCharSet))
+		random := rand.IntN(len(upperCharSet))
 		password.WriteString(string(upperCharSet[random]))
 	}
 	for i := 0; i < 5; i++ {
-		random := rand.Intn(len(allCharSet))
+		random := rand.IntN(len(allCharSet))
 		password.WriteString(string(allCharSet[random]))
 	}
 	inRune := []rune(password.String())
--- a/modules/git/batch_reader.go
+++ b/modules/git/batch_reader.go
@ -307,10 +307,10 @@ func ParseTreeLine(objectFormat ObjectFormat, rd *bufio.Reader, modeBuf, fnameBu
 	// Deal with the binary hash
 	idx = 0
-	len := objectFormat.FullLength() / 2
+	length := objectFormat.FullLength() / 2
-	for idx < len {
+	for idx < length {
 		var read int
-		read, err = rd.Read(shaBuf[idx:len])
+		read, err = rd.Read(shaBuf[idx:length])
 		n += read
 		if err != nil {
 			return mode, fname, sha, n, err
--- a/modules/git/commit_reader.go
+++ b/modules/git/commit_reader.go
@ -49,9 +49,8 @@ readLoop:
 			if len(line) > 0 && line[0] == ' ' {
 				_, _ = signatureSB.Write(line[1:])
 				continue
 			} else {
 				pgpsig = false
 			}
 			pgpsig = false
 		}
 		if !message {
--- a/modules/git/pipeline/lfs_nogogit.go
+++ b/modules/git/pipeline/lfs_nogogit.go
@ -213,7 +213,6 @@ func FindLFSFile(repo *git.Repository, objectID git.ObjectID) ([]*LFSResult, err
 				errChan <- err
 				break
 			}
 		}
 	}()
--- a/modules/git/repo_commit.go
+++ b/modules/git/repo_commit.go
@ -251,18 +251,18 @@ func (repo *Repository) CommitsByFileAndRange(opts CommitsByFileAndRangeOptions)
 		return nil, err
 	}
-	len := objectFormat.FullLength()
+	length := objectFormat.FullLength()
 	commits := []*Commit{}
-	shaline := make([]byte, len+1)
+	shaline := make([]byte, length+1)
 	for {
 		n, err := io.ReadFull(stdoutReader, shaline)
-		if err != nil || n < len {
+		if err != nil || n < length {
 			if err == io.EOF {
 				err = nil
 			}
 			return commits, err
 		}
-		objectID, err := NewIDFromString(string(shaline[0:len]))
+		objectID, err := NewIDFromString(string(shaline[0:length]))
 		if err != nil {
 			return nil, err
 		}
--- a/modules/git/submodule.go
+++ b/modules/git/submodule.go
@ -64,7 +64,6 @@ func getRefURL(refURL, urlPrefix, repoFullName, sshDomain string) string {
 		// ex: git@try.gitea.io:go-gitea/gitea
 		match := scpSyntax.FindAllStringSubmatch(refURI, -1)
 		if len(match) > 0 {
 			m := match[0]
 			refHostname := m[2]
 			pth := m[3]
--- a/modules/indexer/code/bleve/bleve.go
+++ b/modules/indexer/code/bleve/bleve.go
@ -193,7 +193,6 @@ func (b *Indexer) addDelete(filename string, repo *repo_model.Repository, batch
 func (b *Indexer) Index(ctx context.Context, repo *repo_model.Repository, sha string, changes *internal.RepoChanges) error {
 	batch := inner_bleve.NewFlushingBatch(b.inner.Indexer, maxBatchSize)
 	if len(changes.Updates) > 0 {
 		// Now because of some insanity with git cat-file not immediately failing if not run in a valid git directory we need to run git rev-parse first!
 		if err := git.EnsureValidGitRepository(ctx, repo.RepoPath()); err != nil {
 			log.Error("Unable to open git repo: %s for %-v: %v", repo.RepoPath(), repo, err)
@ -337,7 +336,6 @@ func (b *Indexer) Search(ctx context.Context, opts *internal.SearchOptions) (int
 		if result, err = b.inner.Indexer.Search(facetRequest); err != nil {
 			return 0, nil, nil, err
 		}
 	}
 	languagesFacet := result.Facets["languages"]
 	for _, term := range languagesFacet.Terms.Terms() {
--- a/modules/indexer/issues/dboptions.go
+++ b/modules/indexer/issues/dboptions.go
@ -68,7 +68,7 @@ func ToSearchOptions(keyword string, opts *issues_model.IssuesOptions) *SearchOp
 	searchOpt.Paginator = opts.Paginator
 	switch opts.SortType {
-	case "":
+	case "", "latest":
 		searchOpt.SortBy = SortByCreatedDesc
 	case "oldest":
 		searchOpt.SortBy = SortByCreatedAsc
@ -86,7 +86,7 @@ func ToSearchOptions(keyword string, opts *issues_model.IssuesOptions) *SearchOp
 		searchOpt.SortBy = SortByDeadlineDesc
 	case "priority", "priorityrepo", "project-column-sorting":
 		// Unsupported sort type for search
-		searchOpt.SortBy = SortByUpdatedDesc
+		fallthrough
 	default:
 		searchOpt.SortBy = SortByUpdatedDesc
 	}
--- a/modules/indexer/issues/elasticsearch/elasticsearch.go
+++ b/modules/indexer/issues/elasticsearch/elasticsearch.go
@ -145,7 +145,6 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 	query := elastic.NewBoolQuery()
 	if options.Keyword != "" {
 		searchType := esMultiMatchTypePhrasePrefix
 		if options.IsFuzzyKeyword {
 			searchType = esMultiMatchTypeBestFields
--- a/modules/log/event_format.go
+++ b/modules/log/event_format.go
@ -125,7 +125,6 @@ func EventFormatTextMessage(mode *WriterMode, event *Event, msgFormat string, ms
 		if mode.Colorize {
 			buf = append(buf, resetBytes...)
 		}
 	}
 	if flags&(Lshortfile|Llongfile) != 0 {
 		if mode.Colorize {
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@ -460,7 +460,6 @@ func TestColorPreview(t *testing.T) {
 		res, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test.testcase)
 		assert.NoError(t, err, "Unexpected error in testcase: %q", test.testcase)
 		assert.Equal(t, template.HTML(test.expected), res, "Unexpected result in testcase %q", test.testcase)
 	}
 	negativeTests := []string{
@ -555,7 +554,6 @@ func TestMathBlock(t *testing.T) {
 		res, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, test.testcase)
 		assert.NoError(t, err, "Unexpected error in testcase: %q", test.testcase)
 		assert.Equal(t, template.HTML(test.expected), res, "Unexpected result in testcase %q", test.testcase)
 	}
 }
--- a/modules/markup/orgmode/orgmode.go
+++ b/modules/markup/orgmode/orgmode.go
@ -147,7 +147,6 @@ func (r *Writer) resolveLink(node org.Node) string {
 	}
 	if len(link) > 0 && !markup.IsLinkStr(link) &&
 		link[0] != '#' && !strings.HasPrefix(link, mailto) {
 		var base string
 		if r.Ctx.IsWiki {
 			base = r.Ctx.Links.WikiLink()
--- a/modules/packages/rubygems/marshal.go
+++ b/modules/packages/rubygems/marshal.go
@ -147,35 +147,35 @@ func (e *MarshalEncoder) marshalIntInternal(i int64) error {
 		return e.w.WriteByte(byte(i - 5))
 	}
-	var len int
+	var length int
 	if 122 < i && i <= 0xff {
-		len = 1
+		length = 1
 	} else if 0xff < i && i <= 0xffff {
-		len = 2
+		length = 2
 	} else if 0xffff < i && i <= 0xffffff {
-		len = 3
+		length = 3
 	} else if 0xffffff < i && i <= 0x3fffffff {
-		len = 4
+		length = 4
 	} else if -0x100 <= i && i < -123 {
-		len = -1
+		length = -1
 	} else if -0x10000 <= i && i < -0x100 {
-		len = -2
+		length = -2
 	} else if -0x1000000 <= i && i < -0x100000 {
-		len = -3
+		length = -3
 	} else if -0x40000000 <= i && i < -0x1000000 {
-		len = -4
+		length = -4
 	} else {
 		return ErrInvalidIntRange
 	}
-	if err := e.w.WriteByte(byte(len)); err != nil {
+	if err := e.w.WriteByte(byte(length)); err != nil {
 		return err
 	}
-	if len < 0 {
+	if length < 0 {
-		len = -len
+		length = -length
 	}
-	for c := 0; c < len; c++ {
+	for c := 0; c < length; c++ {
 		if err := e.w.WriteByte(byte(i >> uint(8*c) & 0xff)); err != nil {
 			return err
 		}
@ -244,13 +244,13 @@ func (e *MarshalEncoder) marshalArray(arr reflect.Value) error {
 		return err
 	}
-	len := arr.Len()
+	length := arr.Len()
-	if err := e.marshalIntInternal(int64(len)); err != nil {
+	if err := e.marshalIntInternal(int64(length)); err != nil {
 		return err
 	}
-	for i := 0; i < len; i++ {
+	for i := 0; i < length; i++ {
 		if err := e.marshal(arr.Index(i).Interface()); err != nil {
 			return err
 		}
--- a/modules/process/manager_stacktraces.go
+++ b/modules/process/manager_stacktraces.go
@ -339,7 +339,6 @@ func (pm *Manager) ProcessStacktraces(flat, noSystem bool) ([]*Process, int, int
 	}
 	sort.Slice(processes, after(processes))
 	if !flat {
 		var sortChildren func(process *Process)
 		sortChildren = func(process *Process) {
--- a/modules/repository/temp.go
+++ b/modules/repository/temp.go
@ -32,7 +32,6 @@ func CreateTemporaryPath(prefix string) (string, error) {
 	if err != nil {
 		log.Error("Unable to create temporary directory: %s-*.git (%v)", prefix, err)
 		return "", fmt.Errorf("Failed to create dir %s-*.git: %w", prefix, err)
 	}
 	return basePath, nil
 }
--- a/modules/setting/time.go
+++ b/modules/setting/time.go
@ -19,9 +19,8 @@ func loadTimeFrom(rootCfg ConfigProvider) {
 		DefaultUILocation, err = time.LoadLocation(zone)
 		if err != nil {
 			log.Fatal("Load time zone failed: %v", err)
 		} else {
 			log.Info("Default UI Location is %v", zone)
 		}
 		log.Info("Default UI Location is %v", zone)
 	}
 	if DefaultUILocation == nil {
 		DefaultUILocation = time.Local
--- a/modules/templates/htmlrenderer.go
+++ b/modules/templates/htmlrenderer.go
@ -138,10 +138,9 @@ func wrapTmplErrMsg(msg string) {
 	if setting.IsProd {
 		// in prod mode, Forgejo must have correct templates to run
 		log.Fatal("Forgejo can't run with template errors: %s", msg)
 	} else {
 		// in dev mode, do not need to really exit, because the template errors could be fixed by developer soon and the templates get reloaded
 		log.Error("There are template errors but Forgejo continues to run in dev mode: %s", msg)
 	}
 	// in dev mode, do not need to really exit, because the template errors could be fixed by developer soon and the templates get reloaded
 	log.Error("There are template errors but Forgejo continues to run in dev mode: %s", msg)
 }
 type templateErrorPrettier struct {
--- a/modules/templates/mailer.go
+++ b/modules/templates/mailer.go
@ -84,9 +84,8 @@ func Mailer(ctx context.Context) (*texttmpl.Template, *template.Template) {
 			if err = buildSubjectBodyTemplate(subjectTemplates, bodyTemplates, tmplName, content); err != nil {
 				if firstRun {
 					log.Fatal("Failed to parse mail template, err: %v", err)
 				} else {
 					log.Error("Failed to parse mail template, err: %v", err)
 				}
 				log.Error("Failed to parse mail template, err: %v", err)
 			}
 		}
 	}
--- a/modules/util/util_test.go
+++ b/modules/util/util_test.go
@ -121,9 +121,9 @@ func Test_NormalizeEOL(t *testing.T) {
 }
 func Test_RandomInt(t *testing.T) {
-	int, err := CryptoRandomInt(255)
+	randInt, err := CryptoRandomInt(255)
-	assert.True(t, int >= 0)
+	assert.True(t, randInt >= 0)
-	assert.True(t, int <= 255)
+	assert.True(t, randInt <= 255)
 	assert.NoError(t, err)
 }
--- a/options/license/HPND-UC-export-US
+++ b/options/license/HPND-UC-export-US
@ -0,0 +1,10 @@
 Copyright (C) 1985, 1990 Regents of the University of California.
 Permission to use, copy, modify, and distribute this
 software and its documentation for any purpose and without
 fee is hereby granted, provided that the above copyright
 notice appear in all copies.  The University of California
 makes no representations about the suitability of this
 software for any purpose.  It is provided "as is" without
 express or implied warranty.  Export of this software outside
 of the United States of America may require an export license.
--- a/options/license/NCL
+++ b/options/license/NCL
@ -0,0 +1,32 @@
 Copyright (c) 2004 the University Corporation for Atmospheric
 Research ("UCAR"). All rights reserved. Developed by NCAR's
 Computational and Information Systems Laboratory, UCAR,
 www.cisl.ucar.edu.
 Redistribution and use of the Software in source and binary forms,
 with or without modification, is permitted provided that the
 following conditions are met:
 - Neither the names of NCAR's Computational and Information Systems
 Laboratory, the University Corporation for Atmospheric Research,
 nor the names of its sponsors or contributors may be used to
 endorse or promote products derived from this Software without
 specific prior written permission.
 - Redistributions of source code must retain the above copyright
 notices, this list of conditions, and the disclaimer below.
 - Redistributions in binary form must reproduce the above copyright
 notice, this list of conditions, and the disclaimer below in the
 documentation and/or other materials provided with the
 distribution.
 THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT
 HOLDERS BE LIABLE FOR ANY CLAIM, INDIRECT, INCIDENTAL, SPECIAL,
 EXEMPLARY, OR CONSEQUENTIAL DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE
 SOFTWARE.
--- a/package-lock.json
+++ b/package-lock.json
@ -28,7 +28,7 @@
        "esbuild-loader": "4.1.0",
        "escape-goat": "4.0.0",
        "fast-glob": "3.3.2",
-        "htmx.org": "1.9.11",
+        "htmx.org": "1.9.12",
        "idiomorph": "0.3.0",
        "jquery": "3.7.1",
        "katex": "0.16.10",
@ -6924,9 +6924,9 @@
      }
    },
    "node_modules/htmx.org": {
-      "version": "1.9.11",
+      "version": "1.9.12",
-      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-1.9.11.tgz",
+      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-1.9.12.tgz",
-      "integrity": "sha512-WlVuICn8dfNOOgYmdYzYG8zSnP3++AdHkMHooQAzGZObWpVXYathpz/I37ycF4zikR6YduzfCvEcxk20JkIUsw=="
+      "integrity": "sha512-VZAohXyF7xPGS52IM8d1T1283y+X4D+Owf3qY1NZ9RuBypyu9l8cGsxUMAG5fEAb/DhT7rDoJ9Hpu5/HxFD3cw=="
    },
    "node_modules/human-signals": {
      "version": "5.0.0",
--- a/package.json
+++ b/package.json
@ -27,7 +27,7 @@
    "esbuild-loader": "4.1.0",
    "escape-goat": "4.0.0",
    "fast-glob": "3.3.2",
-    "htmx.org": "1.9.11",
+    "htmx.org": "1.9.12",
    "idiomorph": "0.3.0",
    "jquery": "3.7.1",
    "katex": "0.16.10",
--- a/routers/api/actions/artifacts.go
+++ b/routers/api/actions/artifacts.go
@ -144,7 +144,6 @@ func ArtifactContexter() func(next http.Handler) http.Handler {
 			var task *actions.ActionTask
 			if err == nil {
 				task, err = actions.GetTaskByID(req.Context(), tID)
 				if err != nil {
 					log.Error("Error runner api getting task by ID: %v", err)
@ -467,14 +466,15 @@ func (ar artifactRoutes) downloadArtifact(ctx *ArtifactContext) {
 		log.Error("Error getting artifact: %v", err)
 		ctx.Error(http.StatusInternalServerError, err.Error())
 		return
-	} else if !exist {
+	}
 	if !exist {
 		log.Error("artifact with ID %d does not exist", artifactID)
 		ctx.Error(http.StatusNotFound, fmt.Sprintf("artifact with ID %d does not exist", artifactID))
 		return
 	}
 	if artifact.RunID != runID {
-		log.Error("Error dismatch runID and artifactID, task: %v, artifact: %v", runID, artifactID)
+		log.Error("Error mismatch runID and artifactID, task: %v, artifact: %v", runID, artifactID)
-		ctx.Error(http.StatusBadRequest, err.Error())
+		ctx.Error(http.StatusBadRequest)
 		return
 	}
--- a/routers/api/packages/alpine/alpine.go
+++ b/routers/api/packages/alpine/alpine.go
@ -144,12 +144,12 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/packages/conan/conan.go
+++ b/routers/api/packages/conan/conan.go
@ -310,12 +310,12 @@ func uploadFile(ctx *context.Context, fileFilter container.Set[string], fileKey
 		return
 	}
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusBadRequest, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/packages/conda/conda.go
+++ b/routers/api/packages/conda/conda.go
@ -174,12 +174,12 @@ func EnumeratePackages(ctx *context.Context) {
 }
 func UploadPackageFile(ctx *context.Context) {
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@ -385,9 +385,9 @@ func EndUploadBlob(ctx *context.Context) {
 		}
 		return
 	}
-	close := true
+	doClose := true
 	defer func() {
-		if close {
+		if doClose {
 			uploader.Close()
 		}
 	}()
@ -427,7 +427,7 @@ func EndUploadBlob(ctx *context.Context) {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
-	close = false
+	doClose = false
 	if err := container_service.RemoveBlobUploadByID(ctx, uploader.ID); err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
--- a/routers/api/packages/cran/cran.go
+++ b/routers/api/packages/cran/cran.go
@ -151,12 +151,12 @@ func UploadBinaryPackageFile(ctx *context.Context) {
 }
 func uploadPackageFile(ctx *context.Context, compositeKey string, properties map[string]string) {
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusBadRequest, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/packages/debian/debian.go
+++ b/routers/api/packages/debian/debian.go
@ -127,12 +127,12 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/packages/generic/generic.go
+++ b/routers/api/packages/generic/generic.go
@ -90,12 +90,12 @@ func UploadPackage(ctx *context.Context) {
 		return
 	}
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/packages/goproxy/goproxy.go
+++ b/routers/api/packages/goproxy/goproxy.go
@ -154,12 +154,12 @@ func resolvePackage(ctx *context.Context, ownerID int64, name, version string) (
 }
 func UploadPackage(ctx *context.Context) {
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/packages/nuget/nuget.go
+++ b/routers/api/packages/nuget/nuget.go
@ -594,13 +594,13 @@ func UploadSymbolPackage(ctx *context.Context) {
 func processUploadedFile(ctx *context.Context, expectedType nuget_module.PackageType) (*nuget_module.Package, *packages_module.HashedBuffer, []io.Closer) {
 	closables := make([]io.Closer, 0, 2)
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusBadRequest, err)
 		return nil, nil, closables
 	}
-	if close {
+	if needToClose {
 		closables = append(closables, upload)
 	}
--- a/routers/api/packages/rpm/rpm.go
+++ b/routers/api/packages/rpm/rpm.go
@ -117,12 +117,12 @@ func GetRepositoryFile(ctx *context.Context) {
 }
 func UploadPackageFile(ctx *context.Context) {
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/packages/rubygems/rubygems.go
+++ b/routers/api/packages/rubygems/rubygems.go
@ -197,12 +197,12 @@ func DownloadPackageFile(ctx *context.Context) {
 // UploadPackageFile adds a file to the package. If the package does not exist, it gets created.
 func UploadPackageFile(ctx *context.Context) {
-	upload, close, err := ctx.UploadStream()
+	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
 		apiError(ctx, http.StatusBadRequest, err)
 		return
 	}
-	if close {
+	if needToClose {
 		defer upload.Close()
 	}
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -93,6 +93,7 @@ import (
 	"code.gitea.io/gitea/routers/api/v1/repo"
 	"code.gitea.io/gitea/routers/api/v1/settings"
 	"code.gitea.io/gitea/routers/api/v1/user"
 	"code.gitea.io/gitea/services/actions"
 	"code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/forms"
@ -753,6 +754,34 @@ func Routes() *web.Route {
 	m.Use(shared.Middlewares()...)
 	addActionsRoutes := func(
 		m *web.Route,
 		reqChecker func(ctx *context.APIContext),
 		act actions.API,
 	) {
 		m.Group("/actions", func() {
 			m.Group("/secrets", func() {
 				m.Get("", reqToken(), reqChecker, act.ListActionsSecrets)
 				m.Combo("/{secretname}").
 					Put(reqToken(), reqChecker, bind(api.CreateOrUpdateSecretOption{}), act.CreateOrUpdateSecret).
 					Delete(reqToken(), reqChecker, act.DeleteSecret)
 			})
 			m.Group("/variables", func() {
 				m.Get("", reqToken(), reqChecker, act.ListVariables)
 				m.Combo("/{variablename}").
 					Get(reqToken(), reqChecker, act.GetVariable).
 					Delete(reqToken(), reqChecker, act.DeleteVariable).
 					Post(reqToken(), reqChecker, bind(api.CreateVariableOption{}), act.CreateVariable).
 					Put(reqToken(), reqChecker, bind(api.UpdateVariableOption{}), act.UpdateVariable)
 			})
 			m.Group("/runners", func() {
 				m.Get("/registration-token", reqToken(), reqChecker, act.GetRegistrationToken)
 			})
 		})
 	}
 	m.Group("", func() {
 		// Miscellaneous (no scope required)
 		if setting.API.EnableSwagger {
@ -994,26 +1023,11 @@ func Routes() *web.Route {
 					m.Post("/accept", repo.AcceptTransfer)
 					m.Post("/reject", repo.RejectTransfer)
 				}, reqToken())
-				m.Group("/actions", func() {
+				addActionsRoutes(
-					m.Group("/secrets", func() {
+					m,
-						m.Combo("/{secretname}").
+					reqOwner(),
-							Put(reqToken(), reqOwner(), bind(api.CreateOrUpdateSecretOption{}), repo.CreateOrUpdateSecret).
+					repo.NewAction(),
-							Delete(reqToken(), reqOwner(), repo.DeleteSecret)
+				)
 					})
 					m.Group("/variables", func() {
 						m.Get("", reqToken(), reqOwner(), repo.ListVariables)
 						m.Combo("/{variablename}").
 							Get(reqToken(), reqOwner(), repo.GetVariable).
 							Delete(reqToken(), reqOwner(), repo.DeleteVariable).
 							Post(reqToken(), reqOwner(), bind(api.CreateVariableOption{}), repo.CreateVariable).
 							Put(reqToken(), reqOwner(), bind(api.UpdateVariableOption{}), repo.UpdateVariable)
 					})
 					m.Group("/runners", func() {
 						m.Get("/registration-token", reqToken(), reqOwner(), repo.GetRegistrationToken)
 					})
 				})
 				m.Group("/hooks/git", func() {
 					m.Combo("").Get(repo.ListGitHooks)
 					m.Group("/{id}", func() {
@ -1405,27 +1419,11 @@ func Routes() *web.Route {
 				m.Combo("/{username}").Get(reqToken(), org.IsMember).
 					Delete(reqToken(), reqOrgOwnership(), org.DeleteMember)
 			})
-			m.Group("/actions", func() {
+			addActionsRoutes(
-				m.Group("/secrets", func() {
+				m,
-					m.Get("", reqToken(), reqOrgOwnership(), org.ListActionsSecrets)
+				reqOrgOwnership(),
-					m.Combo("/{secretname}").
+				org.NewAction(),
-						Put(reqToken(), reqOrgOwnership(), bind(api.CreateOrUpdateSecretOption{}), org.CreateOrUpdateSecret).
+			)
 						Delete(reqToken(), reqOrgOwnership(), org.DeleteSecret)
 				})
 				m.Group("/variables", func() {
 					m.Get("", reqToken(), reqOrgOwnership(), org.ListVariables)
 					m.Combo("/{variablename}").
 						Get(reqToken(), reqOrgOwnership(), org.GetVariable).
 						Delete(reqToken(), reqOrgOwnership(), org.DeleteVariable).
 						Post(reqToken(), reqOrgOwnership(), bind(api.CreateVariableOption{}), org.CreateVariable).
 						Put(reqToken(), reqOrgOwnership(), bind(api.UpdateVariableOption{}), org.UpdateVariable)
 				})
 				m.Group("/runners", func() {
 					m.Get("/registration-token", reqToken(), reqOrgOwnership(), org.GetRegistrationToken)
 				})
 			})
 			m.Group("/public_members", func() {
 				m.Get("", org.ListPublicMembers)
 				m.Combo("/{username}").Get(org.IsPublicMember).
--- a/routers/api/v1/org/variables.go
+++ b/routers/api/v1/org/variables.go
@ -9,16 +9,188 @@ import (
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
 	secret_model "code.gitea.io/gitea/models/secret"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/shared"
 	"code.gitea.io/gitea/routers/api/v1/utils"
 	actions_service "code.gitea.io/gitea/services/actions"
 	"code.gitea.io/gitea/services/context"
 	secret_service "code.gitea.io/gitea/services/secrets"
 )
 // ListActionsSecrets list an organization's actions secrets
 func (Action) ListActionsSecrets(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/secrets organization orgListActionsSecrets
 	// ---
 	// summary: List an organization's actions secrets
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: org
 	//   in: path
 	//   description: name of the organization
 	//   type: string
 	//   required: true
 	// - name: page
 	//   in: query
 	//   description: page number of results to return (1-based)
 	//   type: integer
 	// - name: limit
 	//   in: query
 	//   description: page size of results
 	//   type: integer
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/SecretList"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	opts := &secret_model.FindSecretsOptions{
 		OwnerID:     ctx.Org.Organization.ID,
 		ListOptions: utils.GetListOptions(ctx),
 	}
 	secrets, count, err := db.FindAndCount[secret_model.Secret](ctx, opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
 	}
 	apiSecrets := make([]*api.Secret, len(secrets))
 	for k, v := range secrets {
 		apiSecrets[k] = &api.Secret{
 			Name:    v.Name,
 			Created: v.CreatedUnix.AsTime(),
 		}
 	}
 	ctx.SetTotalCountHeader(count)
 	ctx.JSON(http.StatusOK, apiSecrets)
 }
 // create or update one secret of the organization
 func (Action) CreateOrUpdateSecret(ctx *context.APIContext) {
 	// swagger:operation PUT /orgs/{org}/actions/secrets/{secretname} organization updateOrgSecret
 	// ---
 	// summary: Create or Update a secret value in an organization
 	// consumes:
 	// - application/json
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: org
 	//   in: path
 	//   description: name of organization
 	//   type: string
 	//   required: true
 	// - name: secretname
 	//   in: path
 	//   description: name of the secret
 	//   type: string
 	//   required: true
 	// - name: body
 	//   in: body
 	//   schema:
 	//     "$ref": "#/definitions/CreateOrUpdateSecretOption"
 	// responses:
 	//   "201":
 	//     description: response when creating a secret
 	//   "204":
 	//     description: response when updating a secret
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	opt := web.GetForm(ctx).(*api.CreateOrUpdateSecretOption)
 	_, created, err := secret_service.CreateOrUpdateSecret(ctx, ctx.Org.Organization.ID, 0, ctx.Params("secretname"), opt.Data)
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateOrUpdateSecret", err)
 		} else if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "CreateOrUpdateSecret", err)
 		} else {
 			ctx.Error(http.StatusInternalServerError, "CreateOrUpdateSecret", err)
 		}
 		return
 	}
 	if created {
 		ctx.Status(http.StatusCreated)
 	} else {
 		ctx.Status(http.StatusNoContent)
 	}
 }
 // DeleteSecret delete one secret of the organization
 func (Action) DeleteSecret(ctx *context.APIContext) {
 	// swagger:operation DELETE /orgs/{org}/actions/secrets/{secretname} organization deleteOrgSecret
 	// ---
 	// summary: Delete a secret in an organization
 	// consumes:
 	// - application/json
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: org
 	//   in: path
 	//   description: name of organization
 	//   type: string
 	//   required: true
 	// - name: secretname
 	//   in: path
 	//   description: name of the secret
 	//   type: string
 	//   required: true
 	// responses:
 	//   "204":
 	//     description: delete one secret of the organization
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	err := secret_service.DeleteSecretByName(ctx, ctx.Org.Organization.ID, 0, ctx.Params("secretname"))
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "DeleteSecret", err)
 		} else if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "DeleteSecret", err)
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteSecret", err)
 		}
 		return
 	}
 	ctx.Status(http.StatusNoContent)
 }
 // https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
 // GetRegistrationToken returns the token to register org runners
 func (Action) GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/runners/registration-token organization orgGetRunnerRegistrationToken
 	// ---
 	// summary: Get an organization's actions runner registration token
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: org
 	//   in: path
 	//   description: name of the organization
 	//   type: string
 	//   required: true
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/RegistrationToken"
 	shared.GetRegistrationToken(ctx, ctx.Org.Organization.ID, 0)
 }
 // ListVariables list org-level variables
-func ListVariables(ctx *context.APIContext) {
+func (Action) ListVariables(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/variables organization getOrgVariablesList
 	// ---
 	// summary: Get an org-level variables list
@ -70,7 +242,7 @@ func ListVariables(ctx *context.APIContext) {
 }
 // GetVariable get an org-level variable
-func GetVariable(ctx *context.APIContext) {
+func (Action) GetVariable(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/variables/{variablename} organization getOrgVariable
 	// ---
 	// summary: Get an org-level variable
@ -119,7 +291,7 @@ func GetVariable(ctx *context.APIContext) {
 }
 // DeleteVariable delete an org-level variable
-func DeleteVariable(ctx *context.APIContext) {
+func (Action) DeleteVariable(ctx *context.APIContext) {
 	// swagger:operation DELETE /orgs/{org}/actions/variables/{variablename} organization deleteOrgVariable
 	// ---
 	// summary: Delete an org-level variable
@ -163,7 +335,7 @@ func DeleteVariable(ctx *context.APIContext) {
 }
 // CreateVariable create an org-level variable
-func CreateVariable(ctx *context.APIContext) {
+func (Action) CreateVariable(ctx *context.APIContext) {
 	// swagger:operation POST /orgs/{org}/actions/variables/{variablename} organization createOrgVariable
 	// ---
 	// summary: Create an org-level variable
@ -227,7 +399,7 @@ func CreateVariable(ctx *context.APIContext) {
 }
 // UpdateVariable update an org-level variable
-func UpdateVariable(ctx *context.APIContext) {
+func (Action) UpdateVariable(ctx *context.APIContext) {
 	// swagger:operation PUT /orgs/{org}/actions/variables/{variablename} organization updateOrgVariable
 	// ---
 	// summary: Update an org-level variable
@ -289,3 +461,13 @@ func UpdateVariable(ctx *context.APIContext) {
 	ctx.Status(http.StatusNoContent)
 }
 var _ actions_service.API = new(Action)
 // Action implements actions_service.API
 type Action struct{}
 // NewAction creates a new Action service
 func NewAction() actions_service.API {
 	return Action{}
 }
--- a/routers/api/v1/org/runners.go
+++ b/routers/api/v1/org/runners.go
@ -1,31 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package org
 import (
 	"code.gitea.io/gitea/routers/api/v1/shared"
 	"code.gitea.io/gitea/services/context"
 )
 // https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
 // GetRegistrationToken returns the token to register org runners
 func GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/runners/registration-token organization orgGetRunnerRegistrationToken
 	// ---
 	// summary: Get an organization's actions runner registration token
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: org
 	//   in: path
 	//   description: name of the organization
 	//   type: string
 	//   required: true
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/RegistrationToken"
 	shared.GetRegistrationToken(ctx, ctx.Org.Organization.ID, 0)
 }
--- a/routers/api/v1/org/secrets.go
+++ b/routers/api/v1/org/secrets.go
@ -1,166 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package org
 import (
 	"errors"
 	"net/http"
 	"code.gitea.io/gitea/models/db"
 	secret_model "code.gitea.io/gitea/models/secret"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
 	"code.gitea.io/gitea/services/context"
 	secret_service "code.gitea.io/gitea/services/secrets"
 )
 // ListActionsSecrets list an organization's actions secrets
 func ListActionsSecrets(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/secrets organization orgListActionsSecrets
 	// ---
 	// summary: List an organization's actions secrets
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: org
 	//   in: path
 	//   description: name of the organization
 	//   type: string
 	//   required: true
 	// - name: page
 	//   in: query
 	//   description: page number of results to return (1-based)
 	//   type: integer
 	// - name: limit
 	//   in: query
 	//   description: page size of results
 	//   type: integer
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/SecretList"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	opts := &secret_model.FindSecretsOptions{
 		OwnerID:     ctx.Org.Organization.ID,
 		ListOptions: utils.GetListOptions(ctx),
 	}
 	secrets, count, err := db.FindAndCount[secret_model.Secret](ctx, opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
 	}
 	apiSecrets := make([]*api.Secret, len(secrets))
 	for k, v := range secrets {
 		apiSecrets[k] = &api.Secret{
 			Name:    v.Name,
 			Created: v.CreatedUnix.AsTime(),
 		}
 	}
 	ctx.SetTotalCountHeader(count)
 	ctx.JSON(http.StatusOK, apiSecrets)
 }
 // create or update one secret of the organization
 func CreateOrUpdateSecret(ctx *context.APIContext) {
 	// swagger:operation PUT /orgs/{org}/actions/secrets/{secretname} organization updateOrgSecret
 	// ---
 	// summary: Create or Update a secret value in an organization
 	// consumes:
 	// - application/json
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: org
 	//   in: path
 	//   description: name of organization
 	//   type: string
 	//   required: true
 	// - name: secretname
 	//   in: path
 	//   description: name of the secret
 	//   type: string
 	//   required: true
 	// - name: body
 	//   in: body
 	//   schema:
 	//     "$ref": "#/definitions/CreateOrUpdateSecretOption"
 	// responses:
 	//   "201":
 	//     description: response when creating a secret
 	//   "204":
 	//     description: response when updating a secret
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	opt := web.GetForm(ctx).(*api.CreateOrUpdateSecretOption)
 	_, created, err := secret_service.CreateOrUpdateSecret(ctx, ctx.Org.Organization.ID, 0, ctx.Params("secretname"), opt.Data)
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "CreateOrUpdateSecret", err)
 		} else if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "CreateOrUpdateSecret", err)
 		} else {
 			ctx.Error(http.StatusInternalServerError, "CreateOrUpdateSecret", err)
 		}
 		return
 	}
 	if created {
 		ctx.Status(http.StatusCreated)
 	} else {
 		ctx.Status(http.StatusNoContent)
 	}
 }
 // DeleteSecret delete one secret of the organization
 func DeleteSecret(ctx *context.APIContext) {
 	// swagger:operation DELETE /orgs/{org}/actions/secrets/{secretname} organization deleteOrgSecret
 	// ---
 	// summary: Delete a secret in an organization
 	// consumes:
 	// - application/json
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: org
 	//   in: path
 	//   description: name of organization
 	//   type: string
 	//   required: true
 	// - name: secretname
 	//   in: path
 	//   description: name of the secret
 	//   type: string
 	//   required: true
 	// responses:
 	//   "204":
 	//     description: delete one secret of the organization
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	err := secret_service.DeleteSecretByName(ctx, ctx.Org.Organization.ID, 0, ctx.Params("secretname"))
 	if err != nil {
 		if errors.Is(err, util.ErrInvalidArgument) {
 			ctx.Error(http.StatusBadRequest, "DeleteSecret", err)
 		} else if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "DeleteSecret", err)
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteSecret", err)
 		}
 		return
 	}
 	ctx.Status(http.StatusNoContent)
 }
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@ -9,17 +9,76 @@ import (
 	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
 	secret_model "code.gitea.io/gitea/models/secret"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/shared"
 	"code.gitea.io/gitea/routers/api/v1/utils"
 	actions_service "code.gitea.io/gitea/services/actions"
 	"code.gitea.io/gitea/services/context"
 	secret_service "code.gitea.io/gitea/services/secrets"
 )
 // ListActionsSecrets list an repo's actions secrets
 func (Action) ListActionsSecrets(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/secrets repository repoListActionsSecrets
 	// ---
 	// summary: List an repo's actions secrets
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: owner
 	//   in: path
 	//   description: owner of the repository
 	//   type: string
 	//   required: true
 	// - name: repo
 	//   in: path
 	//   description: name of the repository
 	//   type: string
 	//   required: true
 	// - name: page
 	//   in: query
 	//   description: page number of results to return (1-based)
 	//   type: integer
 	// - name: limit
 	//   in: query
 	//   description: page size of results
 	//   type: integer
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/SecretList"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	repo := ctx.Repo.Repository
 	opts := &secret_model.FindSecretsOptions{
 		RepoID:      repo.ID,
 		ListOptions: utils.GetListOptions(ctx),
 	}
 	secrets, count, err := db.FindAndCount[secret_model.Secret](ctx, opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
 	}
 	apiSecrets := make([]*api.Secret, len(secrets))
 	for k, v := range secrets {
 		apiSecrets[k] = &api.Secret{
 			Name:    v.Name,
 			Created: v.CreatedUnix.AsTime(),
 		}
 	}
 	ctx.SetTotalCountHeader(count)
 	ctx.JSON(http.StatusOK, apiSecrets)
 }
 // create or update one secret of the repository
-func CreateOrUpdateSecret(ctx *context.APIContext) {
+func (Action) CreateOrUpdateSecret(ctx *context.APIContext) {
 	// swagger:operation PUT /repos/{owner}/{repo}/actions/secrets/{secretname} repository updateRepoSecret
 	// ---
 	// summary: Create or Update a secret value in a repository
@ -82,7 +141,7 @@ func CreateOrUpdateSecret(ctx *context.APIContext) {
 }
 // DeleteSecret delete one secret of the repository
-func DeleteSecret(ctx *context.APIContext) {
+func (Action) DeleteSecret(ctx *context.APIContext) {
 	// swagger:operation DELETE /repos/{owner}/{repo}/actions/secrets/{secretname} repository deleteRepoSecret
 	// ---
 	// summary: Delete a secret in a repository
@ -133,7 +192,7 @@ func DeleteSecret(ctx *context.APIContext) {
 }
 // GetVariable get a repo-level variable
-func GetVariable(ctx *context.APIContext) {
+func (Action) GetVariable(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/variables/{variablename} repository getRepoVariable
 	// ---
 	// summary: Get a repo-level variable
@ -186,7 +245,7 @@ func GetVariable(ctx *context.APIContext) {
 }
 // DeleteVariable delete a repo-level variable
-func DeleteVariable(ctx *context.APIContext) {
+func (Action) DeleteVariable(ctx *context.APIContext) {
 	// swagger:operation DELETE /repos/{owner}/{repo}/actions/variables/{variablename} repository deleteRepoVariable
 	// ---
 	// summary: Delete a repo-level variable
@ -235,7 +294,7 @@ func DeleteVariable(ctx *context.APIContext) {
 }
 // CreateVariable create a repo-level variable
-func CreateVariable(ctx *context.APIContext) {
+func (Action) CreateVariable(ctx *context.APIContext) {
 	// swagger:operation POST /repos/{owner}/{repo}/actions/variables/{variablename} repository createRepoVariable
 	// ---
 	// summary: Create a repo-level variable
@ -302,7 +361,7 @@ func CreateVariable(ctx *context.APIContext) {
 }
 // UpdateVariable update a repo-level variable
-func UpdateVariable(ctx *context.APIContext) {
+func (Action) UpdateVariable(ctx *context.APIContext) {
 	// swagger:operation PUT /repos/{owner}/{repo}/actions/variables/{variablename} repository updateRepoVariable
 	// ---
 	// summary: Update a repo-level variable
@ -369,7 +428,7 @@ func UpdateVariable(ctx *context.APIContext) {
 }
 // ListVariables list repo-level variables
-func ListVariables(ctx *context.APIContext) {
+func (Action) ListVariables(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/variables repository getRepoVariablesList
 	// ---
 	// summary: Get repo-level variables list
@ -423,3 +482,38 @@ func ListVariables(ctx *context.APIContext) {
 	ctx.SetTotalCountHeader(count)
 	ctx.JSON(http.StatusOK, variables)
 }
 // GetRegistrationToken returns the token to register repo runners
 func (Action) GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/runners/registration-token repository repoGetRunnerRegistrationToken
 	// ---
 	// summary: Get a repository's actions runner registration token
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: owner
 	//   in: path
 	//   description: owner of the repo
 	//   type: string
 	//   required: true
 	// - name: repo
 	//   in: path
 	//   description: name of the repo
 	//   type: string
 	//   required: true
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/RegistrationToken"
 	shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
 }
 var _ actions_service.API = new(Action)
 // Action implements actions_service.API
 type Action struct{}
 // NewAction creates a new Action service
 func NewAction() actions_service.API {
 	return Action{}
 }
--- a/routers/api/v1/repo/compare.go
+++ b/routers/api/v1/repo/compare.go
@ -16,7 +16,7 @@ import (
 // CompareDiff compare two branches or commits
 func CompareDiff(ctx *context.APIContext) {
-	// swagger:operation GET /repos/{owner}/{repo}/compare/{basehead} Get commit comparison information
+	// swagger:operation GET /repos/{owner}/{repo}/compare/{basehead} repository repoCompareDiff
 	// ---
 	// summary: Get commit comparison information
 	// produces:
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@ -217,7 +217,6 @@ func SearchIssues(ctx *context.APIContext) {
 	var includedAnyLabels []int64
 	{
 		labels := ctx.FormTrim("labels")
 		var includedLabelNames []string
 		if len(labels) > 0 {
--- a/routers/api/v1/repo/mirror.go
+++ b/routers/api/v1/repo/mirror.go
@ -180,7 +180,6 @@ func ListPushMirrors(ctx *context.APIContext) {
 		if err == nil {
 			responsePushMirrors = append(responsePushMirrors, m)
 		}
 	}
 	ctx.SetLinkHeader(len(responsePushMirrors), utils.GetListOptions(ctx).PageSize)
 	ctx.SetTotalCountHeader(count)
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@ -1058,7 +1058,6 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
 		isSameRepo = true
 		headUser = ctx.Repo.Owner
 		headBranch = headInfos[0]
 	} else if len(headInfos) == 2 {
 		headUser, err = user_model.GetUserByName(ctx, headInfos[0])
 		if err != nil {
@ -1072,18 +1071,16 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
 		headBranch = headInfos[1]
 		// The head repository can also point to the same repo
 		isSameRepo = ctx.Repo.Owner.ID == headUser.ID
 	} else {
 		ctx.NotFound()
 		return nil, nil, nil, nil, "", ""
 	}
 	ctx.Repo.PullRequest.SameRepo = isSameRepo
-	log.Info("Base branch: %s", baseBranch)
+	log.Trace("Repo path: %q, base branch: %q, head branch: %q", ctx.Repo.GitRepo.Path, baseBranch, headBranch)
 	log.Info("Repo path: %s", ctx.Repo.GitRepo.Path)
 	// Check if base branch is valid.
-	if !ctx.Repo.GitRepo.IsBranchExist(baseBranch) {
+	if !ctx.Repo.GitRepo.IsBranchExist(baseBranch) && !ctx.Repo.GitRepo.IsTagExist(baseBranch) {
-		ctx.NotFound("IsBranchExist")
+		ctx.NotFound("BaseNotExist")
 		return nil, nil, nil, nil, "", ""
 	}
@ -1146,7 +1143,7 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
 	}
 	// Check if head branch is valid.
-	if !headGitRepo.IsBranchExist(headBranch) {
+	if !headGitRepo.IsBranchExist(headBranch) && !headGitRepo.IsTagExist(headBranch) {
 		headGitRepo.Close()
 		ctx.NotFound()
 		return nil, nil, nil, nil, "", ""
--- a/routers/api/v1/repo/pull_review.go
+++ b/routers/api/v1/repo/pull_review.go
@ -4,6 +4,7 @@
 package repo
 import (
 	"errors"
 	"fmt"
 	"net/http"
 	"strings"
@ -519,7 +520,11 @@ func CreatePullReview(ctx *context.APIContext) {
 	// create review and associate all pending review comments
 	review, _, err := pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, opts.CommitID, nil)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "SubmitReview", err)
+		if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) {
 			ctx.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			ctx.Error(http.StatusInternalServerError, "SubmitReview", err)
 		}
 		return
 	}
@ -607,7 +612,11 @@ func SubmitPullReview(ctx *context.APIContext) {
 	// create review and associate all pending review comments
 	review, _, err = pull_service.SubmitReview(ctx, ctx.Doer, ctx.Repo.GitRepo, pr.Issue, reviewType, opts.Body, headCommitID, nil)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "SubmitReview", err)
+		if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) {
 			ctx.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			ctx.Error(http.StatusInternalServerError, "SubmitReview", err)
 		}
 		return
 	}
@ -875,7 +884,6 @@ func apiReviewRequest(ctx *context.APIContext, opts api.PullReviewRequestOptions
 	}
 	if ctx.Repo.Repository.Owner.IsOrganization() && len(opts.TeamReviewers) > 0 {
 		teamReviewers := make([]*organization.Team, 0, len(opts.TeamReviewers))
 		for _, t := range opts.TeamReviewers {
 			var teamReviewer *organization.Team
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@ -1094,7 +1094,6 @@ func updateMirror(ctx *context.APIContext, opts api.EditRepoOption) error {
 	// update MirrorInterval
 	if opts.MirrorInterval != nil {
 		// MirrorInterval should be a duration
 		interval, err := time.ParseDuration(*opts.MirrorInterval)
 		if err != nil {
--- a/routers/api/v1/repo/runners.go
+++ b/routers/api/v1/repo/runners.go
@ -1,34 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package repo
 import (
 	"code.gitea.io/gitea/routers/api/v1/shared"
 	"code.gitea.io/gitea/services/context"
 )
 // GetRegistrationToken returns the token to register repo runners
 func GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/runners/registration-token repository repoGetRunnerRegistrationToken
 	// ---
 	// summary: Get a repository's actions runner registration token
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: owner
 	//   in: path
 	//   description: owner of the repo
 	//   type: string
 	//   required: true
 	// - name: repo
 	//   in: path
 	//   description: name of the repo
 	//   type: string
 	//   required: true
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/RegistrationToken"
 	shared.GetRegistrationToken(ctx, ctx.Repo.Repository.OwnerID, ctx.Repo.Repository.ID)
 }
--- a/routers/api/v1/repo/wiki.go
+++ b/routers/api/v1/repo/wiki.go
@ -478,7 +478,6 @@ func findEntryForFile(commit *git.Commit, target string) (*git.TreeEntry, error)
 func findWikiRepoCommit(ctx *context.APIContext) (*git.Repository, *git.Commit) {
 	wikiRepo, err := gitrepo.OpenWikiRepository(ctx, ctx.Repo.Repository)
 	if err != nil {
 		if git.IsErrNotExist(err) || err.Error() == "no such file or directory" {
 			ctx.NotFound(err)
 		} else {
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@ -259,7 +259,6 @@ func preReceiveBranch(ctx *preReceiveContext, oldCommitID, newCommitID string, r
 				UserMsg: fmt.Sprintf("branch %s is protected from force push", branchName),
 			})
 			return
 		}
 	}
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@ -552,7 +552,7 @@ func getRunJobs(ctx *context_module.Context, runIndex, jobIndex int64) (*actions
 		return nil, nil
 	}
 	if len(jobs) == 0 {
-		ctx.Error(http.StatusNotFound, err.Error())
+		ctx.Error(http.StatusNotFound)
 		return nil, nil
 	}
@ -689,7 +689,6 @@ func ArtifactsDownloadView(ctx *context_module.Context) {
 	writer := zip.NewWriter(ctx.Resp)
 	defer writer.Close()
 	for _, art := range artifacts {
 		f, err := storage.ActionsArtifacts.Open(art.StoragePath)
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, err.Error())
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@ -212,8 +212,6 @@ func SearchCommits(ctx *context.Context) {
 // FileHistory show a file's reversions
 func FileHistory(ctx *context.Context) {
 	ctx.Data["IsRepoToolbarCommits"] = true
 	fileName := ctx.Repo.TreePath
 	if len(fileName) == 0 {
 		Commits(ctx)
--- a/routers/web/repo/compare.go
+++ b/routers/web/repo/compare.go
@ -800,7 +800,6 @@ func CompareDiff(ctx *context.Context) {
 	}
 	ctx.Data["Title"] = "Comparing " + base.ShortSha(beforeCommitID) + separator + base.ShortSha(afterCommitID)
 	ctx.Data["IsRepoToolbarCommits"] = true
 	ctx.Data["IsDiffCompare"] = true
 	_, templateErrs := setTemplateIfExists(ctx, pullRequestTemplateKey, pullRequestTemplateCandidates)
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@ -927,7 +927,6 @@ func setTemplateIfExists(ctx *context.Context, ctxDataKey string, possibleFiles
 					}
 				}
 			}
 		}
 		if template.Ref != "" && !strings.HasPrefix(template.Ref, "refs/") { // Assume that the ref intended is always a branch - for tags users should use refs/tags/<ref>
@ -1680,7 +1679,6 @@ func ViewIssue(ctx *context.Context) {
 			if comment.ProjectID > 0 && comment.Project == nil {
 				comment.Project = ghostProject
 			}
 		} else if comment.Type == issues_model.CommentTypeAssignees || comment.Type == issues_model.CommentTypeReviewRequest {
 			if err = comment.LoadAssigneeUserAndTeam(ctx); err != nil {
 				ctx.ServerError("LoadAssigneeUserAndTeam", err)
@ -2605,7 +2603,6 @@ func SearchIssues(ctx *context.Context) {
 	var includedAnyLabels []int64
 	{
 		labels := ctx.FormTrim("labels")
 		var includedLabelNames []string
 		if len(labels) > 0 {
@ -2993,7 +2990,6 @@ func NewComment(ctx *context.Context) {
 		if (ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) || (ctx.IsSigned && issue.IsPoster(ctx.Doer.ID))) &&
 			(form.Status == "reopen" || form.Status == "close") &&
 			!(issue.IsPull && issue.PullRequest.HasMerged) {
 			// Duplication and conflict check should apply to reopen pull request.
 			var pr *issues_model.PullRequest
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@ -670,7 +670,6 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C
 	}
 	if pb != nil && pb.EnableStatusCheck {
 		var missingRequiredChecks []string
 		for _, requiredContext := range pb.StatusCheckContexts {
 			contextFound := false
@ -873,7 +872,6 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 	// Validate the given commit sha to show (if any passed)
 	if willShowSpecifiedCommit || willShowSpecifiedCommitRange {
 		foundStartCommit := len(specifiedStartCommit) == 0
 		foundEndCommit := len(specifiedEndCommit) == 0
@ -1185,7 +1183,6 @@ func UpdatePullRequest(ctx *context.Context) {
 			ctx.Flash.Error(flashError)
 			ctx.Redirect(issue.Link())
 			return
 		}
 		ctx.Flash.Error(err.Error())
 		ctx.Redirect(issue.Link())
@ -1439,7 +1436,6 @@ func CompareAndPullRequestPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("repo.pulls.compare_changes")
 	ctx.Data["PageIsComparePull"] = true
 	ctx.Data["IsDiffCompare"] = true
 	ctx.Data["IsRepoToolbarCommits"] = true
 	ctx.Data["PullRequestWorkInProgressPrefixes"] = setting.Repository.PullRequest.WorkInProgressPrefixes
 	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
 	upload.AddUploadContext(ctx, "comment")
--- a/routers/web/repo/pull_review.go
+++ b/routers/web/repo/pull_review.go
@ -248,6 +248,8 @@ func SubmitReview(ctx *context.Context) {
 		if issues_model.IsContentEmptyErr(err) {
 			ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty"))
 			ctx.JSONRedirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
 		} else if errors.Is(err, pull_service.ErrSubmitReviewOnClosedPR) {
 			ctx.Status(http.StatusUnprocessableEntity)
 		} else {
 			ctx.ServerError("SubmitReview", err)
 		}
@ -302,7 +304,6 @@ func UpdateViewedFiles(ctx *context.Context) {
 	updatedFiles := make(map[string]pull_model.ViewedState, len(data.Files))
 	for file, viewed := range data.Files {
 		// Only unviewed and viewed are possible, has-changed can not be set from the outside
 		state := pull_model.Unviewed
 		if viewed {
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@ -352,7 +352,6 @@ func loadLatestCommitData(ctx *context.Context, latestCommit *git.Commit) bool {
 	// or of directory if not in root directory.
 	ctx.Data["LatestCommit"] = latestCommit
 	if latestCommit != nil {
 		verification := asymkey_model.ParseCommitWithSignature(ctx, latestCommit)
 		if err := asymkey_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
--- a/routers/web/webfinger.go
+++ b/routers/web/webfinger.go
@ -102,23 +102,11 @@ func WebfingerQuery(ctx *context.Context) {
 			default:
 				ctx.Error(http.StatusNotFound)
 				return
 			}
 		case 4:
 			//nolint:gocritic
 			if parts[3] == "teams" {
 				ctx.Error(http.StatusNotFound)
 				return
 			} else {
 				ctx.Error(http.StatusNotFound)
 				return
 			}
 		default:
 			ctx.Error(http.StatusNotFound)
 			return
 		}
 	default:
--- a/Show more
+++ b/Show more